Archive for the ‘Uncategorized’ Category

« Older Entries

Identity Management with RHEL 6.2 Part II – Kerberized NFS service

Sunday, December 25th, 2011

In part one I was writing how to set up an IPA server for basic user authentication.

One reason NFSv4 is not that widespreaded yet, is it needs Kerberos for proper operation. Of course this is now much easier thanks to IPA.

Goal for the part of the guide

  • Configure IPA to serve the NFS principle
  • Configure NFS to use IPA
  • Configure some IPA clients to use Kerberos for the NFS service

Requirements

  • A runing IPA service like discussed in Part I of this guide.
  • A NFS server based on RHEL6.2
  • One or more IPA-Client

Lets doit
First you need to add the NFS server and its service principal to the IPA server. On ipa1.example.com run:

[root@ipa1 ~]# ipa host-add nfs.example.com
[root@ipa1 ~]# ipa service-add nfs/nfs.example.com

Next, log on to you NFS server, lets call it nfs.example.com and install the needed additional software packages:

[root@nfs ~]# yum -y install ipa-client nfs-utils

You need to enroll you NFS-server on the IPA domain. Run the following on nfs.example.com:

[root@nfs ~]# ipa-client-install -p admin

The next step is to get a Kerberos ticket and fetch the entries needed to be added in the krb5.keytab 

[root@nfs ~]# kinit admin
[root@nfs ~]# ipa-getkeytab -s ipa1.example.com -p nfs/nfs.example.com -k /etc/krb5.keytab

Before you proceed to your clients, you need to enable secure NFS, create an export and restart NFS:

[root@nfs ~]# perl -npe 's/#SECURE_NFS="yes"/SECURE_NFS="yes"/g' -i /etc/sysconfig/nfs
[root@nfs ~]# echo "/home  *(rw,sec=sys:krb5:krb5i:krb5p)" >> /etc/exports
[root@nfs ~]# mkdir /home/tester1 && cp /etc/skel/.bash* /home/tester && chmod 700 /home/tester1 && chown -R tester1:ipausers /home/tester1
[root@nfs ~]# service nfs restart

Assuming you already have set up one or more IPA-client(s), it is stright forward to enable kerberized NFS on your systems. Log in to a client and run the following:

[root@ipaclient1 ~]# yum -y install nfs-utils
[root@ipaclient1 ~]# perl -npe 's/#SECURE_NFS="yes"/SECURE_NFS="yes"/g' -i /etc/sysconfig/nfs
[root@ipaclient1 ~]#

Lets have a look if you have been successful. First look up the users UID.

[root@ipaclient1 ~]# getent passwd tester1
tester1:*:1037700500:1037700500:Hans Tester:/home/tester1:/bin/bash
[root@ipaclient1 ~]#

Lets mount that users home directory manually on a client:

mount -t nfs4 nfs.exmaple.com:/home/tester1 /home/tester1

To check if is working as expected, issue 

[root@ipaclient1 ~]# su - tester1

Fire ls -lan and see if the UID matches the UID you got from getent. If you see UID 4294967294, then something went wrong, this is the UID for the user “nobody” when using NFSv4 on 64 bit machines.

Whats next?
You will figure out when I post part III of this guide :-)

Have fun!

Tags: , , , , ,
Posted in Infrastructure, Linux, Uncategorized | 2 Comments »

I got employed by Red Hat

Thursday, April 21st, 2011

This is pretty cool: End of March I signed a contract with Red Hat as a senior Linux consultant. It is not just “another new job”. It is cool for (at least) two reasons: First reason is that Red Hat is not “just another company”, it is Red Hat which is not very comparable to other employers, it is THE Linux and open source company, for me as a open source guy, this is perfect. The second reason is: I’m moving from Zurich in Switzerland to Berlin in Germany.

So, two major changes in my life at the same time. I’m looking forward to the challenges that are waiting for me.

I’ll continue to work at Siemens IT Solutions and Services AG until approx. mid of June and start working at Red Hat at 1st of July.

From May, 09 to May 15. I’ll be the first time in Berlin to have a look at the city and its different suburbs. I’ll also be there to organize some stuff required to settle in Berlin. In the same time, Europe’s biggest Linux conference will be held in Berlin, the “Linux Tag”. I guess I’ll have a lot of fun, and maybe meet some of my future workmates.

It is hard for me to leave my country, I have a lot of friends here. On the other hand, Berlin is just about 1.5h away by plane. As a consultant, I’m travelling a lot. Because of that, it would not be that easy to build up a social network (I mean real-life-stuff, not Facebook) in Berlin.

It also is not easy for me to leave Siemens, I’m involved in a very cool project with the Swiss government (all Systems will be RHEL6) and I also have friends and nice workmates at work which I’m going to leave.

I already know quite some people at Red Hat, they are all nice and I guess some of them will get good friends over the time.

Having fun?

Absolutely guaranteed!

Tags: , ,
Posted in Linux, Personal, Red Hat, Uncategorized | 9 Comments »

I voted for beefy miracle

Thursday, April 7th, 2011

Beefy miracle

 

There is a open poll on voting for a name for Fedora 16. I gave my vote to Beefy Miracle. Why I voted for Beefy Miracle? Because it is cool, geeky, freaky, I’m loving hot dogs and it is something new.

The Fedora distribution is geeky, freaky and open to new stuff.

Having fun? Of course!

Tags:
Posted in Red Hat, Uncategorized | Comments Off

Pulp, what is it about it?

Thursday, December 2nd, 2010

Thanks to Máirín’s posting I got aware of the Pulp project.

What is it? I had a brief look at it, it is a Red Hat sponsored project with a similar functionality like Spacewalk and RHN Satellite.

This brings me to the question: Is Pulp is intended to be a replacement of Spacewalk? It can make sense, it is written in Python as Cobbler is. Cobbler and Spacewalk are not really playing nice together. Spacewalk used Java, Perl and Python.

Anyway, Pulp seems to be in its early childhood, but it seems to be a really interesting project. What are the plans for the future? And what are the plans for Spacewalk and thus RHN Satellite?

Having fun? As soon as I get the time to install it and give Pulp a closer look….

Tags: , , ,
Posted in Infrastructure, Linux, Red Hat, Uncategorized | 2 Comments »

Experiences with RHEL6 Beta 2.1

Friday, July 23rd, 2010

Like promised I’ll keep you updated on the RHEL6b2.1. The “official name” is not Beta2.1, it is “Beta 2 refresh”. Why not calling it Beta3? Anyway: The good news first: In contrary to the first release of Beta 2, it works fine again! The first release of Beta2 was quite crappy, it was not installable as a KVM guest. This was obviously due to severe bugs in some virtio drivers.

So, what are the news?

1. The bugs in the virtio drivers have been fixed, you can deploy RHEL6 in KVM environments again.
2. The vmware_ballooning driver has been backported.
3. A lot of minor bugs have been fixed, see the announcement.

Especially point two is cool, running RHEL6 in a VMware ESX environment does not necessarily need the vmware-tools installed anymore. RHEL6 now provides all three important vm-ware related drivers: The vmxnet3, vmware_ballooning and pvscsi. At the end of the day, this means one can dismiss the always-hated vmware-tools. A test of the behavior w/o vmware-tools by a ESX specialist is pending.

The alternative of vmware-tools are the open-vm-tools. This would add the benefit of controlled shutdown of the ESX guest with the vCenter tools. Since VMware does not provide (yet) RHEL 6 packages of the open-vm-tools I was unable to test it.

I made the same brief tests as I reported here. It seems that Red Hat is back on track, RHEL6b2.1 is reliable and not far away from being ready for production.

When can we expect a Beta3? Will there even be a next beta, or is Red Hat release a RC1 soon? There is still no published release schedule, all we know is “later this year”.

Anyway: Download Beta2.1 and test it, its a pretty cool release. If you find bugs, report them.

Have fun!

Tags: , , , , ,
Posted in Linux, Red Hat, Uncategorized, Virtualization | 2 Comments »

Red Hat annouces RHEL6 beta 2.1

Wednesday, July 21st, 2010

Red Hat today announced the availability of a “refreshed” RHEL6 beta2. Is seems that the problems that I have reported before was hitting not only me, but a lot of users too.

You can download the beta, lets call it 2.1 at ftp://ftp.redhat.com/pub/redhat/rhel/beta/5.90Server/x86_64/iso/RHEL6.0-20100715.2-Server-x86_64-DVD1.iso

I’ll keep you posted about the news….

Have fun!

Posted in Uncategorized | Comments Off

RHEL6 Beta2 – experiences so far

Saturday, July 3rd, 2010

In short: It was a non-experience because the RHEL 6 Beta 2 distribution is not installable…

[Update]It is not a anaconda bug, but a bug in a paravirt driver. On ESX installation runs smooth, expect a more detailed report in the next few days[/update]

While downloading the ISO, I was very curious about it and my nerves were all on edge, like a little boy waiting for Christmas.

Afterwards I tried to install it as a KVM guest on my Systems, on OpenSUSE 11.2 and Fedora 13. On both the installation failed. Depending on the size of the RAM is was failing before the actual installation begun (1GB), or it was hanging while the packages are being installed (2GB RAM).

Connected bugs: #610510, #610261, #610255

Because of the non-installation, I only have seen one progress since beta 1: The critical security hole in anaconda have been closed. In beta 1, during the installation there was a sshd running and everyone was able to login as root without authentication.

I hope Red Hat will release a corrected ISO in the next few days to allow us testing the beta2.

Tags: ,
Posted in Linux, Red Hat, Uncategorized | 5 Comments »

Red Hat released RHEL6 Beta 2!

Wednesday, June 30th, 2010

As announced on the mailing list rhelv5-announce@redhat.com, Red Hat released beta2 of it upcoming RHEL6 enterprise product.

I’m actually disappointed by Red Hat, I was thinking that RHEL6 will be released GA on the summit a few days ago. It was not released. And instead of communicating a date, even a approximate date, the only message was “later this year”.

I do not understand Red Hat. Beta 1 is a rock solid Linux Distribution, with very few grave bugs detected. Of course, I do not like “banana products” where customers are the beta testers, but on this case, Red Hat behaves the other extreme way: GA of RHEL6 needs to be perfect.

I’m currently downloading RHEL6b2, and I’ll test it. Please wait a few hours for my test and its report.

Have fun!

Cheers,

Luc

Tags:
Posted in Linux, Red Hat, Uncategorized | Comments Off

Fedora 13 is released!

Wednesday, May 26th, 2010

I had my doubts that Fedora 13 get released. I was wrong, and that good!

I did not had the time yet to upgrade my F12 systems, according to a lot twitter users it is a smooth process.

Read the Release Notes. I’ll be happy to hear your feedback :-)

Have fun!

Luc

Posted in Uncategorized | Comments Off

Will Fedora13 really be released on 2010-05-25?

Monday, May 24th, 2010

After being postponed twice, it seems that this time it can be postponed again due to some show stoppers.

As of today, three bugs are of status new. From my point of, none of them is a real show stopper. The gravest one is possibly #587627 which is of status ON_QA.

So there is still a chance to get F13 released tomorrow.

Have fun!

Posted in Uncategorized | Comments Off

« Older Entries