Topics: Red Hat, Security

Discovering and joining identity domains on RHEL

The "realm discover" command returns complete domain configuration and a list of packages that must be installed for the system to enrolled in the domain.

The "realm join" command then sets up the local machine for use with a specified domain by configuring both the local system services and the entries in the identity domain. the process run by "realm join" follows these steps:

  • Running a discovery scan for the specified domain.
  • Automatic installation of the packages required to join the system to the domain.
    This includes SSSD and the PAM home directory job packages. Note that the automatic installation of packages requires the PackageKit suite to be running. If PackageKit is disabled, the system prompts you for the missing packages, and you will be required to install them manually using the "yum" utility.
  • Joining the domain by creating an account entry for the system in the directory.
  • Creating the /etc/krb5.keytab host keytab file.
  • Configuring the domain in SSSD and restarting the service.
  • Enabling domain users for the system services in PAM configuration and the /etc/nsswicht.conf file.
To install the software manually, run:
# yum install realmd oddjob oddjob-mkhomedir sssd 
# yum install adcli krb5-workstation samba-common-tools
When run without any options, the "realm discover" command displays information about the default DNS domain. It is also possible to run a discovery for a specific domain, such as:
# realm discover mydomain.local
Before this works, make sure the system can access the domain controllers, such as the AD servers. You may have to add those to /etc/resolv.conf, as realmd will use DNS SRV lookups to find the domain controllers in the domain automatically.

To join the domain use the "realm join" command, for example:
# realm join -v - U user mydomain.local
By default, the join is performed as the domain administrator. For AD, the administrator is called "Administrator"; for IdM, it is called "admin". To connect as a different user, use the -U option, as was shown in the example above. When prompted for a password, type it in.

Once the join has been completed, use a separate user account to login to the system, to ensure that domain accounts work.

If you run into issue, make sure that the following ports are opened in the firewall, if present: 53, 389, 636, 88, 464, 3268, 3269 and 123.

For more details on joining a RHEL system to a domain, see: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/realmd-domain.

Topics: Red Hat, Security

Resetting the Root Password of RHEL-7

In case you've ever forgotten the root password of a RHEL 7 system, here's a good description of how to change it:

https://access.redhat.com/solutions/918283

Topics: Red Hat, Storage

RHEL: Recovering a corrupt file system in emergency mode

If you have a RHEL system that boots in emergency mode due to a corrupt file system, here are some steps to perform to resolve the issue.

Once booted in emergency mode, connect to the system on the console. Try running:

# journalctl -xe
To help determine why the system booted in emergency mode. For example, you may discover that the /var file system has an issue.

Once you do, shut down the system, and boot it from the boot ISO or DVD (depending if the system is a virtual or a physical system).

When using VMware, you'll have to edit the settings of the VM, and enable the "Force BIOS setup" setting, and mount/connect the boot ISO image. Then start it up, and open the console. Once in the BIOS, make sure CDROM is high in the boot order.

Once the system is booting RHEL, select "Troubleshooting", and "Rescue a Red Hat Enterprise Linux system". The system will boot up. Select "Continue" when prompted.

Run "df -h" to list the mounted directories. Since /var is the file system having the issue, unmount it:
# unmount /mnt/sysimage/var
Once /var is unmounted, run fsck to fix any issues:
# fsck /mnt/sysimage/var
Once completed, you can reboot the system. If you connected an ISO image earlier, make sure to disconnect the ISO image.

Topics: LVM, Red Hat

Removing a LVM based file system

If you need to remove a non-root LVM based file system, it can be removed using the following steps. If the file system contains any data, then please make sure to take a backup of that data before proceeding with the following steps.

In this example, we will be deleting "u01lv" from volume group "oracle". The logical volume is mounted on mount point /u01.

# df /u01 | grep u01
/dev/ampper/oracle/u01lv   209612800  80946812  128665988  39%  /u01
# lvs | grep u01
  u01lv oracle -wi-ao---- 200.00g
As you can see, mount point /u01 is define don logical volume u01lv, and is 200 GB.

Start off, by deleting the corresponding entry in /etc/fstab.
# grep u01 /etc/fstab 
/dev/oracle/u01lv    /u01    xfs  defaults,noatime 0 0
Then unmount the file system:
# umount /u01
Disable the logical volume:
# lvchange -an /dev/oracle/u01lv
Delete the logical volume:
# lvremove /dev/oracle/u01lv
At this point, depending if this logical volume is defined on a disk within a volume group, you can, if the disk is now empty after removing the logical volume, also remove the disk from the volume group. First run the "pvs" command and check for an empty disk, such as:
# pvs
  PV         VG       Fmt   Attr  PSize   PFree
  /dev/sdb   oracle   lvm2  a--   <5.00t  <5.00t
If the disk is empty, as seen as disk /dev/sdb in the example above, you can then remove it from the volume group:
# vgreduce oracle /dev/sdb
Or, if the logical volume removed from the volume group was the very last logical volume to remove, and the volume group is empty, you can also remove the volume group. Do so by disabling the volume group and removing it:
# vgchange -an oracle
# vgremove oracle
And then finally remove any physical volumes used, such as /dev/sdb:
# pvremove /dev/sdb

Topics: Red Hat, System Admin

XRDP

XRDP is an Open Source Remote Desktop Protocol server, very similar to what is used on Windows Server systems, but XRDP is meant for Linux. Once installed on Linux, you can set up a RDP (or Remote Desktop Connection) session from a Windows system directly to a Linux system.

Here's how you install and configure it on RHEL or CentOS 7:

First of all, we need to install the EPEL repository and XRDP server:

# yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# yum -y install xrdp
Next, we need to start and enable the service:
# systemctl start xrdp.service 
# systemctl enable xrdp.service
To check if its running, run:
# netstat -an | grep 3389 
tcp   0    0 0.0.0.0:3389   0.0.0.0:*   LISTEN
That's all. Now you can connect to your server from any Windows machine using RDP.

Topics: Red Hat

Preventing Gnome's initial setup

The first time a user logs into the default desktop (Gnome) for Red Hat version 7 based systems, they're prompted to set a language, add online accounts, and dropped into a help menu right from the start. While this might be nice for brand new users, it's certainly not ideal for everyone.

There is a very simple way to prevent this annoyance, by simple removing package gnome-initial-setup:

# yum -y erase gnome-inital-setup

Topics: Red Hat, Scripting

Bash scripting: SSH breaks out of while-loop

If you use a bash shell script that does an ssh command within a while-loop, you may encounter that the ssh command will break out of the while-loop, and that the script doesn't complete all the intended ssh commands. An example of a script is below:

# cat hostsfile
server1
server2
# cat script
cat hostsfile | while read server ; do
        echo $server
        ssh $server uptime
done
# ./script
server1
 16:19:22 up 11 days, 22:30,  0 users,  load average: 0.00, 0.01, 0.05
As you can see in the example above; the script should run a ssh command for all files in the file "hostsfile". Instead, it stops after the first one.

This can be very easily resolved, by adding the "-n" option for the ssh command, as follows:
# cat script
cat hostsfile | while read server ; do
        echo $server
        ssh -n $server uptime
done
# ./script
server1
 16:19:22 up 11 days, 22:30,  0 users,  load average: 0.00, 0.01, 0.05
server2
 15:20:56 up 11 days, 22:32,  0 users,  load average: 0.00, 0.00, 0.00

Topics: Red Hat, Storage

Using tmp.mount

If you've ever looked at the /tmp file system on a RHEL system, you may have noticed that it is, by default, simply a folder in the root directory.

For example:

# df -h /tmp
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root  100G  4.6G   96G   5% /
The risk of having this is, that anyone can fill up the root file system, by writing temporary data to the /tmp folder, which is risky for system stability.

Red Hat Enterprise Linux 7 offers the ability to use /tmp as a mount point for a temporary file storage system (tmpfs), but unfortunately, it is not enabled by default.

When enabled, this temporary storage appears as a mounted file system, but stores its content in volatile memory instead of on a persistent storage device. And when using this, no files in /tmp are stored on the hard drive except when memory is low, in which case swap space is used. This also means that the contents of /tmp are not persisted across a reboot.

To enable this feature, execute the following commands:
# systemctl enable tmp.mount
# systemctl start tmp.mount
RHEL uses a default size of half the memory size for the in-memory /tmp file system. For example on a system with 16 GB of memory, an 8 GB /tmp file system is set up after enabling the tmp.mount feature:
# df -h /tmp
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root  100G   53G   48G  53% /
# systemctl enable tmp.mount
# systemctl start tmp.mount
# df -h /tmp
Filesystem      Size  Used Avail Use% Mounted on
tmpfs           7.8G     0  7.8G   0% /tmp
By having this in place, it's no longer possible to fill up the root file system, when writing files and/or data to the /tmp file system. The downside, however, is that this uses memory, and when filling up the memory, may be using the swap space. As such, having a dedicated file system on disk for the /tmp folder is still the better solution.

Topics: Red Hat

Convert Red Hat Enterprise Linux to Oracle Linux

Why would you convert an existing Red Hat or CentOS system to Oracle Linux?

Well, there aren't huge advantages, but a few:

  • If you would like to use Oracle Linux technical support. Oracle Linux licensing is supposedly cheaper than that of Red Hat, but please do verify first, it that's the case for your organization as well.
  • Oracle Linux updates are more frequent than CentOS, but actually slower than Red Hat.
If you want the Oracle sales pitch, check here.

Oracle Linux is binary compatible with RHEL and with CentOS, so using your organization's existing applications should not be a problem on Oracle Linux.

When you've decided it's time to convert, then here's how to do it:

First, create a backup of your system and make sure the backup is successful. Don't skip this step.

Configure the Oracle Linux Yum repository (see: http://public-yum.oracle.com/getting-started.html), for example for Red Hat version 7:
# cd /etc/yum.repos.d
# wget https://yum.oracle.com/public-yum-ol7.repo
Configure the Oracle Linux GPG Key (see: http://public-yum.oracle.com/faq.html#a10), for example for Red Hat version 7:
# wget https://yum.oracle.com/RPM-GPG-KEY-oracle-ol7 \
-O /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
# gpg --quiet --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
Configure the Oracle pre-install package:
# yum install oracle-rdbms-server-12cR1-preinstall -y
Run a full update:
# yum update -y
Reboot:
# reboot
If you wish to convert a CentOS system to Oracle Linux, that can be done too, as follows:
# curl -O https://linux.oracle.com/switch/centos2ol.sh
# sh centos2ol.sh
Make sure all of the packages are synced up with the Oracle Linux repository:
# yum distro-sync
No need to reboot afterwards, however, it is recommended to do so, to make sure the system comes back up normally after a reboot.

Topics: Red Hat

Disable NUMA on RHEL version 7

This article is based on: https://access.redhat.com/solutions/23216 and describes how to disable NUMA on a Red Hat version 7 based system.

Edit file /etc/default/grub, and add "numa=off" to the GRUB_CMDLINE_LINUX, for example:

GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb
quiet transparent_hugepage=never numa=off"
Rebuild the grub config:
# grub2-mkconfig -o /etc/grub2.cfg
Then reboot:
# reboot

Number of results found for topic Red Hat: 91.
Displaying results: 1 - 10.