More and more companies are using intercepting proxies to scan for malware. Those malware scanners can be problematic due to added latency. If you using spacewalk-repo-sync to synchronize external yum repositories to your custom software channels and experience the famous message [Errno 256] No more mirrors to try in your log files, then you need to configure spacewalk-repo-sync. Unfortunately the documentation for that is a bit hidden in the man page. You need to create a directory and create a ….Read More
Category: Red Hat
Centrally manage sudoers rules with IPA Part I – Preparation
One of the features of IPA is its facility to centrally manage sudoers rules. This rules can be based on user, group memberships etc. and be constrained to one or more servers. One of the benefits you get is: You are able to define stricter sudoers rules without annoying the users. At the end your systems are more secure and more convenient for the users. Lets start. Preparation Unfortunately, sudoers via LDAP does not just work out of the box, ….Read More
Why journalctl is cool and syslog will survive for another decade
There was a recent discussion going on if Fedora 20 should drop rsyslog and just using systemd journal. A lot of people are afraid of systemd and its journal, this a pity. Well, there are pros and cons about this kind of logging. For System administrators daily use, journalctl is a powerful tool simplifying the hunt for log file entries. On the other hand, there are AFAIK no monitoring tools (yet) that can work with journalctl. Those first need to ….Read More
Creating and managing iSCSI targets
If you want to create and manage iSCSI targets with Fedora or RHEL, you stumble upon tgtd and tgtadm. This tools are easy to use but have some obstacles to take care of. This is a quick guide on how to use tgtd and tgtadm. iSCSI terminology In the iSCSI world, we not taking about server and client, but iSCSI-Targets, which is the server and iSCSI-Initiators which are the clients Install the tool set It is just one package to ….Read More
Creating a PHP application on Openshift
What is OpenShift? It is a cloud, it is from Red Hat. More precisely: A PaaS (Platform As A Service). It is available since quite some time now and I finally found some time to test it. Conclusion: It is very simple to use. This will guide you how to create a PHP application which just prints “this is a test”. More to come in future postings. The following steps are needed: Create an account Installing the CLI and setting ….Read More
Host based access control with IPA
Host based access control is easy with IPA/FreeIPA, very easy. Lets assume you want to have a host group called rhel-prod, a usergroup called prod-admins and you want to let them access the servers in the rhel-prod group by ssh from any host that can reach the servers. Lets call the HBAC rule prod-admins. You can either user the web GUI or use the command line interface. Lets create the user group: [root@ipa1 ~]# ipa group-add prod-admins –desc=”Production System Admins” ….Read More
Automated disk partitioning on virtual machines with Cobbler
The default Cobbler Snippets just do simple auto partitioning. For a more sophisticated partition layout you need to know what kind of VM you are going to install. KVMs and RHEVs device name is /dev/vda, Xen uses /dev/xvda and ESX /dev/sda. Luckily this can be figured out automatically, those different virtualization vendors are using its own MAC prefixes. So we can add two nice small Cobbler snippets to do the job. In this example, I call them hw-detect and partitioning. ….Read More
RHEV 3.1 – an overview about the new features
Recently Red Hat announced the public availability of RHEV 3.1. Finally, no more Windows needed for the whole software stack 🙂 In 3.0, the new webadmin interface was already inncluded, as a tech preview and had its problems. Now with 3.1 its working great and looks neat. In contrary to 3.0, it is now listening on the standard ports 80 and 443. This will probably help users in organizations with strict proxy policies and setting. So what else is new? ….Read More