Host based access control with IPA

Host based access control is easy with IPA/FreeIPA, very easy. Lets assume you want to have a host group called rhel-prod, a usergroup called prod-admins and you want to let them access the servers in the rhel-prod group by ssh from any host that can reach the servers. Lets call the HBAC rule prod-admins. You can either user the web GUI or use the command line interface. Lets create the user group: [root@ipa1 ~]# ipa group-add prod-admins –desc=”Production System Admins” ….Read More

One year in Berlin, one year at Red Hat

In March 2011, I signed my contract with Red Hat and moved from Zurich to Berlin, as posted here in April 2011. After one year it is time for a review of my “new life”. At once, a lot of things changed in my life: New Country, new City, new Appartment, new Job. Quite a lot of stuff. At my former job, I had a notice period of three months which gaves me some time for the planing of the ….Read More

Identity Management with IPA Part I

Red Hat released RHEL 6.2 on December 6th. From my point of view, the greatest news in the release is that IPA (or now called Identity Management) is now fully supported and available in the RHEL 6 base channel without additional subscription costs. Upstream project is freeIPA and is available trough the default Fedora repos. About central Identity Management IPA stands for Identification, Auditing, Policy. The focus in this article is on identification of users. In the past, there have ….Read More

I got employed by Red Hat

This is pretty cool: End of March I signed a contract with Red Hat as a senior Linux consultant. It is not just “another new job”. It is cool for (at least) two reasons: First reason is that Red Hat is not “just another company”, it is Red Hat which is not very comparable to other employers, it is THE Linux and open source company, for me as a open source guy, this is perfect. The second reason is: I’m ….Read More

A review of RHEV

In the past few weeks I had the chance to have a closer look at the current release 2.2. The reason is that I’m working on a project using RHEL6 clients as virtual Desktops. For a proof-of-concept I’ve set up a test environment in the lab. Due to the lack of time I was not able to test every single feature. After reading some docs, it was amazingly easily and quickly installed. Test environment The tests have been made on ….Read More

Spice and RHEV, a RHCE goes MCSE

I’m currently working in a project which includes some virtual Linux desktops. The desktop of choice is RHEL6. How to bring a Linux desktop via WAN to a thin client? VNC -> are you nuts? Remote X11 over SSH -> WAN = no go. NX -> another vendor involved. SPICE -> Spicy! But: Spice over WAN? To be tested… SPICE is the protocol used by RHEV (Red Hat Enterprise Virtualization). Some time ago I had the chance to test this ….Read More

Important RHN Satellite 5.4 bugs has been fixed

Red Hat recently released some bugfixes for the RHN-Satellite version 5.4. They needed approx. one month to develop a fix for those serious bugs. If you upgraded to sat540 before those bugsfixes have been released you will have a crippled database. The errata provides a way how to fix it. It needs some time, but it works perfectly. For “my” satellites it was taking about 48h for both satellites, about 12h for the master and 36h for the slave satellite. ….Read More

Spacewalk 1.2 released -> PostgreSQL Support quite ready -> First analysis

Today, Spacewalk – the upstream project of the RHN satellite – released version 1.2. One of the promises the developers made was better support of PostgreSQL. It seems that lot of stuff is now working. As I promised, I’m going to examine whats working and whats not. I’ll file every single bug I’ll find, please do the same in a polite manner. First impression Installation and first sync of yum channels works like PostgreSQL support was there from the first ….Read More