• RHEL Satellite access

    Today I am going to talk about (remote) access with satellite.

    Apparently, there are a few things that you must know in order to get stuff working correctly.

    First of all: Red Hat Identity Manager <-> Satellite coupling for user accounts.
    When you create the coupling as an external LDAP source in satellite, by default users get put in the anonymous group with very little rights within satellite. Luckily you can also provide a “group” DN for Identity servers which can then be used to assign groups in satellite.


     

    So create a user group (for instance : Admins) in the satellite user interface. Then in the third (external group) tab , assign a coupling between a redhat identity manager (IDM) group and the local admin group. The source however, must be set to “External” instead of your identity server, I am not sure if this is a bug or works as designed. Now, when users login who have the correct LDAP group, will automaticly be added to the new Admins group on satellite. Now you can assign rights (or even check the full admin checkbox) to the Admin usergroup and the remote access is done.


    Now a short paragraph about local webinterface access as the default admin account:

    When satellite needs reconfiguring, or reinstalling, Red Hat notes that the admin password gets reset to a default password and you will simply have to change it again. This is not entirely true. You can put the password of the default admin user in /etc/katello-installer/answers.katello-installer.yaml, but doing so is a security risk according to some people. I am noting that if you have root-access , the security risk of this file is negligant, because you can simply run katello-installer without any arguments and it will printout the admin password on the console after a succesful completion.

    – Mark.

     


  • Firewall rules incomplete when using Autodiscovery with RHEL Satellite 6.1

    There are some things not yet in the RedHat manual concerning implementing discovered hosts provisioning through use of the discovery image in Red Hat Satellite Server.

    First of all, the FDI is also running a very limited foreman-proxy server, so to get full functionality you also need to open port 8443 on the subnet where clients are provisioned in the firewalls. Failure to do so will prevent a discovered client to reboot as instructed by satellite and you will have to push the button by hand.

    So if your server runs on 10.0.0.1 and is provisioning for clients on subnet 10.2.0.0/24 with a firewall in between, you need to “allow” traffic from 10.0.0.1 any port , to 10.2.0.0/24 destination port 8443/TCP , as well.

    Also not widely documented yet, you can enable SSH login on the discovery image with 2 kernel-boot options , add them as usual in the satellite global PXEboot file.

    fdi.ssh=1 and fdi.rootpw=welcome  , which enables ssh and sets the root password to welcome.

    – Mark.


  • Highlight function with grep

    It’s been a while since I have been blogging, so I will have to start fresh.

    I recently came across this gem which defines a bash function named “highlight” which will highlight the first argument in all subsequent files. if only 1 argument is given, it expects console input for highlighting.

    /usr/local/bin/highlight

    #!/bin/bash
    
    highlight()
    {
      if [ 1 -eq $# ];
      then
        grep --color -E "$1|$"
      else
        grep --color -E "$1|$" "${@:1}"
      fi
    }
    
    highlight $@

    Realworld examples:

    tail -f /var/log/messages|highlight sshd
    tail -f /var/log/audit/audit.log|grep avc||highlight denied
    highlight “failed” /var/log/secure

     


  • Easily Find the optimal alignment of VM disks

    Since most System Administrators do not want to do the formulae by hand, there are 2 easy methods.

    First: If you want only 1 partition spanning the whole disk, the easiest will be to use % in parted:

    (parted) mkpart primary ext4 0% 100%.

    The second method is using this awk script from a bash shell:

    awk -v x=$(cat /sys/block/sdb/queue/optimal_io_size) -v y=$(cat /sys/block/sdb/alignment_offset) -v z=$(cat /sys/block/sdb/queue/physical_block_size) ‘BEGIN { print ( x + y ) / z }

  • Default LANG and Locale on a Redhat Enterprise Linux (RHEL) host.

    I had a strange configuration on RHEL causing screen/cygwin/dialog/ncurses to interact badly with eachother.

    My situation:

    I have cygwin on my laptop installed. I am using it to connect to a RHEL 5 host , there I start screen and then use an ncurses application like dialog or midnight commander.

    What happens: The system is completely unreadable and unusable.

    The solution is so easy:

    Redhat screwed up.


    $ echo ${LANG}
    LANG=en_US.UTF-8
    $ locale -a|grep en_US
    en_US
    en_US.iso88591
    en_US.iso885915
    en_US.utf8

    woops, my locale is NOT THERE!

    Default $LANG on RHEL-5 = en_US.UTF-8

    However, locale -a displays en_US.utf8

    Luckily, the fix is easy.

    in /etc/sysconfig.d/i18n , you can change the default locale and make it the existing en_US.utf8.

    My terminal now works exactly as predicted and I am happily using mc/dialog and other ncurses apps again.. WHEW!

    If someone can test this on a RHEL-6 host, then I know if i can file a bug report with RedHat! …

    So, if you have “erratic” behaviour on ncurses apps, try checking your locale settings….


  • Datacenter Oliekoets

    Just a quick update, to let you all knowing that the private datacenter is now redundant IaaS. The only thing it does not offer (yet) is a redundant network.

    The main cluster filesystem is spread over 4 hosts on 2 locations, which should improve reliability. Its also reliable to assume, that when you mirror hardware completely, you no longer need a raid-X but only a striping raid, since the whole FS is backed up on multiple hardware hosts.


  • Quickly convert flac audio to mp3 audio with Linux

    First off, you need to have these 3 packages installed:

    – FFMPEG (optional)
    – FLAC
    – LAME

    FFMPEG is by far, the simpelest method. If you use it, it will automaticly convert the tags as well. Be sure that your installed version supports flac/mp3.

    With FFMPEG SCRIPT:

    #!/bin/bash


    for f in *.flac; do
    ffmpeg -i "$f" -qscale:a 0 "${f[@]/%flac/mp3}"
    done

    Without FFMPEG (Script author is on the ):

    #!/bin/bash

    for a in *.flac; do
    # give output correct extension
    OUTF="${a[@]/%flac/mp3}"

    # get the tags
    ARTIST=$(metaflac "$a" --show-tag=ARTIST | sed s/.*=//g)
    TITLE=$(metaflac "$a" --show-tag=TITLE | sed s/.*=//g)
    ALBUM=$(metaflac "$a" --show-tag=ALBUM | sed s/.*=//g)
    GENRE=$(metaflac "$a" --show-tag=GENRE | sed s/.*=//g)
    TRACKNUMBER=$(metaflac "$a" --show-tag=TRACKNUMBER | sed s/.*=//g)
    DATE=$(metaflac "$a" --show-tag=DATE | sed s/.*=//g)

    # stream flac into the lame encoder
    flac -c -d "$a" | lame -V0 --add-id3v2 --pad-id3v2 --ignore-tag-errors \
    --ta "$ARTIST" --tt "$TITLE" --tl "$ALBUM" --tg "${GENRE:-12}" \
    --tn "${TRACKNUMBER:-0}" --ty "$DATE" - "$OUTF"
    done


  • Saturdaynight Ubuntu puzzle

    For the Unix saturday night puzzle entry:


    #!/bin/bash

    cat $1|while read EMPID FIRST INIT LAST JOB SEX DATEX SAL EXT1 EXT2
    do
    if [[ ${SAL} == "" && FIRST != "" ]];
    then
    SAL=${DATEX}
    DATEX=${SEX}
    SEX=${JOB}
    JOB=${LAST}
    LAST=${INIT}
    INIT="";
    fi
    let DATEPOCH=`date -d "$DATEX" +%s 2>/dev/null` 2>/dev/null

    let DATEPOCH=${DATEPOCH}-1
    DATEX=`date --date @${DATEPOCH} +"%Y-%m-%d"`
    if [[ ${EXT1} != "" ]];
    then
    printf "Emp ID firstNme Init lastName job sex DOJ salary\n";
    else
    printf "%6s %-9s %3s %-9s %-8s %1s %10s %s\n" "$EMPID" "$FIRST" "$INIT" "$LAST" "$JOB" "$SEX" "$DATEX" "$SAL";
    fi
    done