Posts Tagged ‘Red Hat’

Experiences with RHEL6 Beta 2.1

Friday, July 23rd, 2010

Like promised I’ll keep you updated on the RHEL6b2.1. The “official name” is not Beta2.1, it is “Beta 2 refresh”. Why not calling it Beta3? Anyway: The good news first: In contrary to the first release of Beta 2, it works fine again! The first release of Beta2 was quite crappy, it was not installable as a KVM guest. This was obviously due to severe bugs in some virtio drivers.

So, what are the news?

1. The bugs in the virtio drivers have been fixed, you can deploy RHEL6 in KVM environments again.
2. The vmware_ballooning driver has been backported.
3. A lot of minor bugs have been fixed, see the announcement.

Especially point two is cool, running RHEL6 in a VMware ESX environment does not necessarily need the vmware-tools installed anymore. RHEL6 now provides all three important vm-ware related drivers: The vmxnet3, vmware_ballooning and pvscsi. At the end of the day, this means one can dismiss the always-hated vmware-tools. A test of the behavior w/o vmware-tools by a ESX specialist is pending.

The alternative of vmware-tools are the open-vm-tools. This would add the benefit of controlled shutdown of the ESX guest with the vCenter tools. Since VMware does not provide (yet) RHEL 6 packages of the open-vm-tools I was unable to test it.

I made the same brief tests as I reported here. It seems that Red Hat is back on track, RHEL6b2.1 is reliable and not far away from being ready for production.

When can we expect a Beta3? Will there even be a next beta, or is Red Hat release a RC1 soon? There is still no published release schedule, all we know is “later this year”.

Anyway: Download Beta2.1 and test it, its a pretty cool release. If you find bugs, report them.

Have fun!

Share and Enjoy:
  • Twitter
  • Facebook
  • Slashdot
  • del.icio.us
  • Technorati
  • Digg
  • Google Bookmarks
  • Add to favorites
  • MisterWong
  • Reddit
  • Yahoo! Buzz
  • BlinkList
  • Mixx

Tags: , , , , ,
Posted in Linux, Red Hat, Uncategorized, Virtualization | 2 Comments »

RHEL6 Beta2 – experiences so far

Saturday, July 3rd, 2010

In short: It was a non-experience because the RHEL 6 Beta 2 distribution is not installable…

[Update]It is not a anaconda bug, but a bug in a paravirt driver. On ESX installation runs smooth, expect a more detailed report in the next few days[/update]

While downloading the ISO, I was very curious about it and my nerves were all on edge, like a little boy waiting for Christmas.

Afterwards I tried to install it as a KVM guest on my Systems, on OpenSUSE 11.2 and Fedora 13. On both the installation failed. Depending on the size of the RAM is was failing before the actual installation begun (1GB), or it was hanging while the packages are being installed (2GB RAM).

Connected bugs: #610510, #610261, #610255

Because of the non-installation, I only have seen one progress since beta 1: The critical security hole in anaconda have been closed. In beta 1, during the installation there was a sshd running and everyone was able to login as root without authentication.

I hope Red Hat will release a corrected ISO in the next few days to allow us testing the beta2.

Share and Enjoy:
  • Twitter
  • Facebook
  • Slashdot
  • del.icio.us
  • Technorati
  • Digg
  • Google Bookmarks
  • Add to favorites
  • MisterWong
  • Reddit
  • Yahoo! Buzz
  • BlinkList
  • Mixx

Tags: ,
Posted in Linux, Red Hat, Uncategorized | 5 Comments »

Red Hat’s virtualization strategy has redundancy – Quo vadis?

Thursday, May 27th, 2010

A couple of days there have been some reports that Red Hat will release a commercialized version of deltacloud, an abstraction layer for different kinds of virtualization technologies and clouds such as VMware, RHEV, Amazon EC2 etc.

Red Hat puts a lot of resources on virtualization, they maintain and/or sponsor multiple projects in parallel. The most important from my point of view is libvirt which is as well an abstraction layer for different virtulization technologies such as VMware, KVM, Xen and others. Libvirt and deltacloud are partially redundant.

It is not the only redundancy created by Red Hat. There is also O-virt “competing” with RHEV. Both are not tightly bound to RHN satellite or Spacewalk.

RHEV works with system templates similar to those at VMware. On the other hand: Koan, together with cobbler is a deployment software for virtual hosts and was recently bundled with RHN satellite.

Not all of those Red Hat virtualization projects are working well together. So the question arises: What is the strategy of having such redundancies of projects? Why not integrating all of this projects and glue them together?

Lots of questions…

Have fun!

Share and Enjoy:
  • Twitter
  • Facebook
  • Slashdot
  • del.icio.us
  • Technorati
  • Digg
  • Google Bookmarks
  • Add to favorites
  • MisterWong
  • Reddit
  • Yahoo! Buzz
  • BlinkList
  • Mixx

Tags: , , , , ,
Posted in Linux, Red Hat, Virtualization | 2 Comments »

Roadmaps on the Red Hat Summit 2010 in Boston

Monday, March 15th, 2010

Finally Red Hat disclosed the agenda of its summit in 2010. For more informations see http://www.redhat.com/promo/summit/2010/agenda/.

RHEL6?

Tim Burke of Red Hat will talk about the new features of RHEL6. It sounds like the present, not the future. Does this mean I’m right with my guess that RHEL6 will be released end of June like I wrote in earlier blog article?

Roadmaps

Count how many times the word “Roadmap” appears in the agenda. It seems to get even more interesting what Red Hat plans to do. But it is still unsure what kind of new features we can expect in RHEL6. Red Hat just disclosed some snippets of RHEL6 again, this is called Salami-Tactic.

Where is the commitment?

We (the RHEL community) are still missing a clear commitment to us as customers. Only little is known about RHEL 6

Love or hate?

Should the RHEL community love or hate Red Hat? At the end of the day I like Red Hat, they do a lot for the progress of Linux in general and Linux in enterprises in particular. Anyway: Not providing a roadmap makes me and possibly others too very angry. Such a roadmap does not need to necessarily be in detail.

Have fun! Really? Soon we will have!

Share and Enjoy:
  • Twitter
  • Facebook
  • Slashdot
  • del.icio.us
  • Technorati
  • Digg
  • Google Bookmarks
  • Add to favorites
  • MisterWong
  • Reddit
  • Yahoo! Buzz
  • BlinkList
  • Mixx

Tags: , , ,
Posted in Linux, Red Hat, Virtualization | No Comments »

Where the heck is RHEL6?

Sunday, February 28th, 2010

Release cycle slowed down

In the past Red Hat has released a new version of its Red Hat Enterprise Linux (RHEL) roughly every two years. RHEL5 was released on march 2007. Compared to the past release cycle, RHEL6 is overdue since one year.

Official information

There is only little known about the upcoming features of RHEL6. On the Red Hat Summit 2009, there was a presentation held by Tim Burke which gives just some hints that RHEL6 is actually approaching, see http://www.redhat.com/f/pdf/summit/tburke_1050_rhel_roadmap.pdf. Quoting a note on the slide about RHEL6: Note: this information is high level planning projection and does not constitute formal product commitment.

My conclusion is that Red Hat seems to be unsure about the features planned for its upcoming Enterprise Product.

Another interesting quote from the same presentation is: RHEL6 feature previews – appearing in Fedora 11 & 12. Meanwhile, almost a half year later, Fedora 13 is approaching and still no sign of RHEL6, no schedule, no official feature list. Looking at the feature list if Fedora 13 https://fedoraproject.org/wiki/Releases/13/FeatureList, nothing special so far. It seems that the pace of development has been slowed down a bit to put more energy into stabilizing F11/F12 to RHEL6.

Inofficial information

When carefully watching git commit logs and bugzilla entries, there are some small traces of RHEL6.

There is almost no information leaking for the topic. The only valuable unofficial information is from bug #562766 which was reported by a Red Hat employee on 2010-02-08.  This bug states RHEL6 Alpha3!  Quoting a comment from the same employee: Upgrading rhel6.0 kernel to 2.6.32-14.el6 fixes the issue.

this brings me to a wild guess for a release schedule:

  • February 2010: Alpha3
  • March 2010: Beta1
  • April 2010: Beta2
  • May or June 2010: GA [Update: End of June/Early July seems to be more likely, since the Red Hat Summit will be held June 22-25 2010]

My wish list for RHEL6

  • Kernel based on version 2.6.33 instead of 2.6.32 as in Alpha3, since there are a lot of improvements when using RHEL as a VMware ESX guest.
  • Default installation with a smaller footprint
  • Cleanup of insane package dependencies
  • BusLogic drivers included as the vanilla Kernel ships it since years

The question remains

Where the heck is RHEL6? One reason could be that the focus on RHEL6 seems to be virtualization and system management. Since approximately two years, in this domain the pace of the development had increased a lot, maybe too much. Think about KVM, libvirt, virt-manager, o-virt. All of those projects are sponsored by Red Hat and included in F12. So one of the reason of the late release of RHEL6 can be problems in stabilizing those virtualization products to be enterprise-ready.

Why Red Hat makes its customers angry with late releases and no roadmap

First of all, RHEL products have a life-cycle of seven years. RHEL5 was released on march 2007. Assuming RHEL6 will be GA on May 2010. Add a few months before it is supported by ISVs such as SAP, Oracle etc. Customers can begin with deploying RHEL6 on lets say August 2010. Until then, RHEL5 has almost reached half of its life-cycle: 3 1/2 years. Means: A SAP system deployed on July 2010 is out of support some 3 years and nine months later. For an enterprise product this not acceptable! Red Hat should think about a life-cycle like “Next-Release plus five years“, this would make system deployment and company-internal life-cycle management easier.

Keeping its customers in the dark with no official roadmap at all is just bad behavior and indeed not customer friendly.

Share and Enjoy:
  • Twitter
  • Facebook
  • Slashdot
  • del.icio.us
  • Technorati
  • Digg
  • Google Bookmarks
  • Add to favorites
  • MisterWong
  • Reddit
  • Yahoo! Buzz
  • BlinkList
  • Mixx

Tags: , , , ,
Posted in Linux, Red Hat, Virtualization | No Comments »

Set up a Red Hat Directory Server and Kerberos Part I

Thursday, November 5th, 2009

Kerberos and LDAP are today’s way of single sign on. It is platform independent and supported by a wide range of applications.

Together with the Red Hat Directory Server (also available as CentOS Directory Server and 389 Directory Server from Fedora) you can build a neat identity management infrastructure.

Setting up the Directory Server
However there are some pitfalls when installing such a integrated solution. Installing redhat-ds is quite easy, just ensure you define your planned LDAP Namespace and default LDAP Suffix before running setup-ds-admin.pl. If you plan to setup a replica, run the script with the -k parameter: setup-ds-admin.pl -k. The servers configuration will be saved as /tmp/setup*.inf and can be used to setup the replica after changing the FullMachineName and ServerIdentifier.

In my example I used the DN “cn=Directory Manager. As base I used dc=ldap,dc=example,dc=com. This is the Internet Domain Suffix style of naming an LDAP space. The older X500 style should not be used anymore.

Have a look to man openldap.conf to see how to shorten your CLI entries such as ldapsearch -x.

Setting up Kerberos
After setting the right configurations in your /etc/krb5.conf (the sample content is self-explanatory) and its distribution, you need to initialize your key store database. This is to be done with kdb_util as follows:

[root@server]# kdb5_util create -r EXAMPLE.COM -s
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'EXAMPLE.COM',
master key name 'K/M@EXAMPLE.COM'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
[root@server]#

Keep in mind! Kerberos Realms are all uppercase to distinguish them from DNS names!

In the config file for the Key Distribution Center /var/kerberos/krb5kd/kdc.conf add the following in Realm Stanza: default_principal_flags =+ preauth. This will enhance security or your Kerberos Infrastructure. Also change the example Realm to what you are going to plan to use. In /var/kerberos/krb5kd/ kadm5.acl you can define the ACLs for e.g. admins or service desk employees etc. Also check the correctness of the Realm.

Feed the keystore

Now it is time to feed the database with the first principal: root. We also can create our first host principal at the same time.
Fire up kadmin.local. The kadmin.local app accesses directly the DB files on the server. Its should only be used on initial setup. Later on you will have kadmin which also works on the net, of course with Kerberos authentication.

[root@server ~]# kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:  addprinc root/admin
WARNING: no policy specified for root/admin@EXAMPLE.COM; defaulting to no policy
Enter password for principal "root/admin@EXAMPLE.COM":
Re-enter password for principal "root/admin@EXAMPLE.COM":
Principal "root/admin@EXAMPLE.COM" created.
kadmin.local:  addprinc -randkey host/server1.example.com
WARNING: no policy specified for host/server1.example.com@EXAMPLE.COM; defaulting to no policy
Principal "host/server1.example.com@EXAMPLE.COM" created.
kadmin.local:  q
[root@server ~]#

After starting the kadmin and kdc services you can access the admin server with the normal kamin tool.

service kadmin start
chkconfig kadmin on
service krb5kdc start
chkconfig krb5kdc on

Now we need to create a host principal for each to be kerberized host and store it in its keytab.

End of Part I

What comes in Part II?

  • LDAP Service Principal
  • Getting Kerberos and LDAP working together
  • Migrating users from /etc/passwd to LDAP
  • Playing with PAM

Have fun!

Share and Enjoy:
  • Twitter
  • Facebook
  • Slashdot
  • del.icio.us
  • Technorati
  • Digg
  • Google Bookmarks
  • Add to favorites
  • MisterWong
  • Reddit
  • Yahoo! Buzz
  • BlinkList
  • Mixx

Tags: , , , ,
Posted in Linux, Red Hat | No Comments »

Directory services and Linux

Thursday, October 29th, 2009

LDAP is interesting, but not that easy to set up, at least not the server part.

I made different approaches to install OpenLDAP without success, the problem was always the schemas and initial data load.

With Red Hat Directory Server and its open source pendant CentOS Directory Server I was able to successfully install and maintain a LDAP directory.

Red Hat Directory Server is the successor of the Netscape Directory Server which has been purchased by Red Hat some time ago and has been open-sourced to comply with Red Hats product policy.

Is the Red Hat directory server a replacement for OpenLDAP? Yes and no. Yes because it is a open source product, available for free, and NO because there is only a small community around it.

To have a fully supported environment you need to buy a subscription from Red Hat. The starter is List-Priced @ 5000 USD/year for 500 entries. I think price tag is completely insane.

In contrary the open source variant CentOS directory server is for free. Decide by your self whats the right solution for you, OpenLDAP is definitively not ready for enterprise authentication.

Another approach is authenticating against a Microsoft Active Directory. This causes other problems which will be discussed in a future blog

Have fun!.

Share and Enjoy:
  • Twitter
  • Facebook
  • Slashdot
  • del.icio.us
  • Technorati
  • Digg
  • Google Bookmarks
  • Add to favorites
  • MisterWong
  • Reddit
  • Yahoo! Buzz
  • BlinkList
  • Mixx

Tags: , , ,
Posted in Red Hat | No Comments »