System management with Foreman/Katello – Part 1: Introduction and installation

The last couple of years I spent a lot of time in managing Linux systems with Spacewalk and Red Hat Satellite 5. Because the application was superseded by the vendor, I investigated on migrations to the successor. Back in 2008, Spacewalk was published as upstream project to Red Hat Network Satellite. Since then, a lot of development happened thanks to the numerous
Continue reading...

Report VMware vSphere RHEL guests to RHSM using Red Hat Satellite 6.2

If you’re utilizing Red Hat Satellite 6 for managing virtual Red Hat Enterprise Linux instances, you will need to leverage Red Hat Subscription Management (RHSM) for maintaining licenses. In comparison with the former Red Hat Network Classic licensing, signed manifest certificates are used. For bigger system landscapes it is easier to list required and needed licenses as RHSM can integrate seamlessly into
Continue reading...

Short tip: Removing orphaned SAN multipath devices under Enterprise Linux

Recently, I had to remove a SAN LUN on a physical Enterprise Linux system. The first step was to alter the multipath service configuration file (/etc/multipath.conf) and make the daemon reload its configuration: # vi /etc/multipath.conf … ESC ZZ # service multipathd reload Afterwards, the device was removed from the multipath topology: # multipath -l
Continue reading...

CentOS 7 and the incorrect dist RPM macro

When creating RPM packages recently, I had the effect that package names on CentOS 7 were set incorrectly. For example, a package had the name pinkepank-0.6-1.el7.centos.x86_64.rpm but should have set pinkepank-0.6-1.el7.x86_64.rpm instead. As Enterprise Linux derivates (CentOS, Scientific Linux,…) offer binary compatibility to Red Hat Enterprise Linux, I prefer omitting distribution-specific tags in package names. In the RPM spec
Continue reading...

Short tip: disable automatic NetworkManager connections after user logins

During a fresh CentOS installation recently I had the problem that a system’s network connection was not working reliably. Sometimes pings were possible, sometimes not. After it was possible to elimiate the firewall as commonly root cause, it turned out that the network connectivity was only working if the console is used. The mysterious cause
Continue reading...

Short tip: remove Katello completely

If you’re testing the nightly builds of Katello, you might come into a situation where it is advisable to re-install the software completely. As the particular installation steps are automated using Puppet, there is also a dedicated utility which automates uninstalling the software in a clean way: katello-remove. This utility removes all required packages, stored
Continue reading...

Integrate source code patches into RPM packages

Rcently I packaged the software scponly for Enteprise Linux using rpmbuild and stumbled upon an error message: $ cd ~/rpmbuild/SPECS $ rpmbuild -ba scponly.spec checking for libgiertz… … /usr/bin/install -c -o 0 -g 0 scponly /home/cstan/rpmbuild/BUILDROOT/scponly-4.8-1.el7.centos.x86_64/usr/bin/scponly /usr/bin/install: cannot change ownership of ‘/home/cstan/rpmbuild/BUILDROOT/scponly-4.8-1.el7.centos.x86_64/usr/bin/scponly’: Operation not permitted make: *** [install] Error 1 error: Bad exit status from
Continue reading...

Short tip: Enterprise Linux 7 and annoying prompts in GNU Screen titles

If you want to combine multiple terminal sessions on one window, multiplexers such as tmux or GNU Screen are useful tools. I have been using screen for 10 years with the following configuration: $ cat ~/.screenrc #F7+F8 for tab switching bindkey -k k7 prev bindkey -k k8 next #disable welcome startup_message off #screen line with
Continue reading...

Create SELinux module for NRPE and check_fail2ban

If you need to protect a Linux host against unauthorized access, fail2ban is a very handy service. The application scans log files of various services, automatically detects failed logins and blocks attacker’s IP addresses. Especially on public hosts, it is essential to implement a protection like this on prominent services like SSH. For monitoring bans, the
Continue reading...

PHP 5.6 under Enterprise Linux 7 using Software Collections

By default, Enterprise Linux 7 is shipped with Apache 2.4.6 and PHP 5.4. For some current web applications this is way too old as development of PHP 5.4 stalled in fall 2015. During the product life cycle,  Red Hat offers 10 to 13 years (Extended Support) maintenance for all packages being part of the distribution
Continue reading...