Redhat released version 5.6 of the Redhat Satellite. Time to have a closer look to it and how to upgrade from version 5.5. New features Finally PostgreSQL support is mature enough for Enterprise usage. No need of a closed source data base anymore. This also brings a lot of new capabilities such as online backups which before was only available using an external Oracle Database which needs the availability of a DBA. PostgreSQL also brings some performance benefits over the ….Read More
Category: Fedora
Centrally manage sudoers rules with IPA Part I – Preparation
One of the features of IPA is its facility to centrally manage sudoers rules. This rules can be based on user, group memberships etc. and be constrained to one or more servers. One of the benefits you get is: You are able to define stricter sudoers rules without annoying the users. At the end your systems are more secure and more convenient for the users. Lets start. Preparation Unfortunately, sudoers via LDAP does not just work out of the box, ….Read More
Why journalctl is cool and syslog will survive for another decade
There was a recent discussion going on if Fedora 20 should drop rsyslog and just using systemd journal. A lot of people are afraid of systemd and its journal, this a pity. Well, there are pros and cons about this kind of logging. For System administrators daily use, journalctl is a powerful tool simplifying the hunt for log file entries. On the other hand, there are AFAIK no monitoring tools (yet) that can work with journalctl. Those first need to ….Read More
Creating and managing iSCSI targets
If you want to create and manage iSCSI targets with Fedora or RHEL, you stumble upon tgtd and tgtadm. This tools are easy to use but have some obstacles to take care of. This is a quick guide on how to use tgtd and tgtadm. iSCSI terminology In the iSCSI world, we not taking about server and client, but iSCSI-Targets, which is the server and iSCSI-Initiators which are the clients Install the tool set It is just one package to ….Read More
Creating a PHP application on Openshift
What is OpenShift? It is a cloud, it is from Red Hat. More precisely: A PaaS (Platform As A Service). It is available since quite some time now and I finally found some time to test it. Conclusion: It is very simple to use. This will guide you how to create a PHP application which just prints “this is a test”. More to come in future postings. The following steps are needed: Create an account Installing the CLI and setting ….Read More
Host based access control with IPA
Host based access control is easy with IPA/FreeIPA, very easy. Lets assume you want to have a host group called rhel-prod, a usergroup called prod-admins and you want to let them access the servers in the rhel-prod group by ssh from any host that can reach the servers. Lets call the HBAC rule prod-admins. You can either user the web GUI or use the command line interface. Lets create the user group: [root@ipa1 ~]# ipa group-add prod-admins –desc=”Production System Admins” ….Read More
Automated disk partitioning on virtual machines with Cobbler
The default Cobbler Snippets just do simple auto partitioning. For a more sophisticated partition layout you need to know what kind of VM you are going to install. KVMs and RHEVs device name is /dev/vda, Xen uses /dev/xvda and ESX /dev/sda. Luckily this can be figured out automatically, those different virtualization vendors are using its own MAC prefixes. So we can add two nice small Cobbler snippets to do the job. In this example, I call them hw-detect and partitioning. ….Read More
How to recover from a lost Kerberos password for admin
Ever lost your password for the admin principle on your Linux Kerberos server? It is quite easy to recover by just setting a new one. You just need to log in to your KDC and proceed as follows: [root@ipa1 ~]# kadmin.local Authenticating as principal admin/admin@EXAMPLE.COM with password. kadmin.local: change_password admin@EXAMPLE.COM Enter password for principal “admin@EXAMPLE.COM”: Re-enter password for principal “admin@EXAMPLE.COM”: Password for “admin@EXAMPLE.COM” changed. kadmin.local: q [root@ipa1 ~]# Now enter kinit to get a Kerberos ticket. Have fun 🙂