Home of Sysadmin Diaries

Cloud computing is now an integral part of IT at many organisations. Amazon Web Services (AWS) is currently the leading provider of public cloud services. Knowledge of cloud services is becoming an essential skill for many IT professionals. It’s also fun to play with! In this article, we aim to give you the information required…

Welcome to part 3 of our Red Hat Satellite provisioning series. In part 1 we covered the steps required to get provisioning set up in Satellite. Part 2 covered  provisioning a VM in VMWare. In this article we cover provisioning a Docker container, an AWS EC2 instance and a couple of other useful things to…

Just a further note from my entry on day 47, gPXE boot, after the VM built, it wouldn’t boot properly. Although it said it was booting from disk, it just got stuck and never booted. I had to interrupt the boot by pressing esc and select the hard drive as the boot device. Then it booted fine.

The way around this is to create a gPXE ROM from the rom-o-matic site , upload this to your VM file contents and update the .vmx file to use this ROM. The procedure is documented here . Once you do that, the VM boots fine.

All this is only necessary if your having problems PXE booting via tftp though, so if all is good, ignore all this!!

Quick tip - Problems with slow PXE boots? Often this caused by tftp which tends to be very slow on busy networks. This is presumably in part due to tftp using UDP. You can instead switch to gPXE which uses HTTP. Here’s how to switch if your using Sateliite:

copy /usr/share/syslinux/gpxelinuxk.0 to /var/lib/tftpboot

change your DHCP settings so the bootfile is gpxelinuxk.0

In Satellite, clone the Kickstart default PXELinux and create a gPXELinux template

Change all occurrences of  @initrd > @host.url_for_boot(:initrd)

Change all occurrences of @kernel > @host.url_for_boot(:kernel)

During the working day you can end up with quite a few terminal sessions open. It’s easy to end up typing commands in the wrong window which could be bad news depending on the command! Folks have different ways to tell them apart. Here’s how I do it.

We use a jump host to access all our hosts. All the servers have ssh keys for root from the jump host so we can just ssh as root from the jump host. This does make it slightly awkward for customising the screen settings. After all, we’re all using root from the jump host and the other guys may not like my customisations. I also can’t edit putty sessions as there’s only really one, to the jump host.

The way I do it is to execute a shell script on log in.

ssh -t prodhost01p "/root/set.sh"

The -t option on the ssh command is required to ensure a terminal session open. Here is the set.sh script.

#!/bin/bash export PROMPT_COMMAND='printf "\033]0;%s@%s - %s\007" "`whoami`" "`hostname`"' TYPE=`hostname | awk 'BEGIN { FS = "." } {print substr($1,length($1))}'` case $TYPE in p) export PS1="\e[0;31m \h:\u \w # \e[m " ;; s) export PS1="\e[0;33m \h:\u \w # \e[m " ;; u) export PS1="\e[0;36m \h:\u \w # \e[m " ;; t) export PS1="\e[0;32m \h:\u \w # \e[m " ;; d) export PS1="\e[0;32m \h:\u \w # \e[m " ;; *) export PS1="\e[0;31m \h:\u \w # \e[m " ;; esac /bin/bash --rcfile /root/.bashrc_td

The first line sets what is shown in the top of the putty window, i.e.

The case statement sets the colour of the PS1 prompt depending on the suffix of the hostname. So if the hostname ends in a p (indicating production) the PS1 prompt will be red:

Finally, a custom .bashrc file is called when the bash shell is opened. This conatains the following:

# User specific aliases and functions alias rm='rm -i' alias cp='cp -i' alias mv='mv -i' if [ -f /etc/bashrc ]; then        . /etc/bashrc fi unalias ls

Essentially all this does above the standard bashrc is unalias ls, the colour listings always get on my tits (personal preference and all that)

If you want to know more about what the escape sequences mean, check out this site which has a great article on the subject.

When I was a young up and coming sysadmin, the language to learn was perl. Now, kids at school are learning python and perl seems to have been left behind. Better keep up with the times, I thought, so I got myself a learn python book.

I’m not going to name the book as different study methods suit different people. I’ve got to say though that I found learning from this book so frustrating that I started to think sod learning python. I didn’t like the way the book started with a discussion of objects and methods. Did I pick up a learn java book by mistake? Progress through the book was slow as each aspect was discussed in great detail before moving onto the next topic. The habit the author had of using maths examples was also annoying. I mean, I haven’t sat in a maths lesson for xx (read a very long time) years so the I couldn’t even remember what the examples meant!

Back in the days when computers had to be beige, HP 9000 C class, the first UNIX server I worked on....seemed fantastic at the time

For some reason the at command is one of those commands that I always need to remind myself how to use. I’m not sure why because it is very simple. Maybe it’s just because of the infrequent use. However, it can be really useful to execute a one off command, particularly if it needs running in the middle of the night. To remind myself, here’s how it’s used:

# at 22:30 at> /bin/mount -a at> <EOT> job 1 at 2017-02-21 22:30

To translate, at 22:30 the command /bin/mount -a will be run. To terminate the interactive input, enter CTRL+D. You will then see the EOT message.

To list the at commands scheduled:

# at -l 1           2017-02-21 22:30 a root

An entry is created in /var/spool/at

# ls -l total 8 -rwx------. 1 root   root   2794 Feb 21 10:13 a00001017a5886

You can take a look inside this file to see what will get run.

Or course there’s loads of options for the time, explore man at for more options

I was reading am article form hubspot today, 18 SEO myths, Yes, I know, interesting topic :( One thing it did say, in a kind of backward way, is that using https helps your Google ranking. Great, I was thinking, I can boost my personal web site from page 16 in the search to page 12.

Of course, the problem in the past is that to use SSL, you need a proper certificate from a CA and in the past, they’ve been quite expensive for the amateur. However, I remembered something someone sent me a while ago about a place that didn’t charge for certificates. That place was letsencrypt. I checked and it’s still there and still offers free certificates.

Don’t you hate it when you’ve done something before and then when you come to do it again, some time later, you can’t remember what you did and you’re back to square one. That’s why I make a habit of recording what I did. However, for some reason, I didn’t. Annoying,

What had i forgotten about? SSH agent forwarding, If you haven’t come across it before, it’s a way of forwarding ssh keys. This sounds confusing I agree. Here’s why I was using it.

I wanted to connect to an AWS EC2 instance that was in a private subnet, To do that I use a jump host in a DMZ AWS subnet, In case you’re not familiar with the way EC2 connectivity works, when you launch an AWS EC2 instance, you specify an SSH key pair to use. The public key part of this key pair is injected into the EC2 instance when it launches, You download the private key, However, it’s not a good idea from a security perspective storing the private key in a DMZ instance. SSH agent forwarding presents a way around this, Here’s what you do.

You need to have the ssh-agent process running. If it’s not, start it. Find out the PID of the ssh-agent process :

:~$  eval `ssh-agent -s` Agent pid 26208 :~$ export SSH_AGENT_PID=26208

Clear anything already stored already

:~$ ssh-add -D

All identities removed. Add the key for the private instance/server (BastionKeyPair.pem in my case)

:~/.ssh$ ssh-add BastionKeyPair.pem Identity added: BastionKeyPair.pem (BastionKeyPair.pem) :~/.ssh$ ssh-add -L ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCe93dBIgsmZO9BYweIkF64cKM/7zbXNxe1Z/…….etc

Now ssh to the jump host using it’s key (tony-aws.pem)

ssh -i tony-aws.pem -A [email protected] :~/.ssh$ ssh -i tony-aws.pem -A [email protected] Last login: Wed Feb 15 11:11:05 2017 from cpc90752-finc18-2-0-cust890.4-2.someplace.net       __|  __|_  )       _|  (     /   Amazon Linux AMI      ___|\___|___| https://aws.amazon.com/amazon-linux-ami/2016.03-release-notes/ 38 package(s) needed for security, out of 96 available Run "sudo yum update" to apply all updates. Amazon Linux version 2016.09 is available.

Now you can ssh to the private instance/server and the BastionKeyPair.pem will be used for access

[ec2-user@ip-10-50-0-31 ~]$ ssh 10.50.1.94

[ec2-user@ip-10-50-1-94

You’re there.

Just a quick post today, What with it being Valentines day, I’ve been wining and dining Mrs Daengkhao, so no time for a comprehensive film analysis like yesterday ;). I noticed  this article on The Register which reminded me what a great resource DigitalOcean is. I have no idea about their cloud services but they have a boat load of useful tutorials. It’s well worth signing up for their newsletter.

I discovered on Saturday that Werner Herzog’s film, Lo and Behold, Reveries of a Connected World is now on Netflix. I’d been looking forward to seeing this since I heard him interviewed in the Speaking in Tech podcast around a year ago. Herzog sounds like a cross between a lovable eccentric and a wise elder. But his film sounded compelling. I therefore stuck it straight on.

In part 1 we discussed the prerequisites required to get Redhat Satellite 6.2 ready as a provisioning platform. Although there were quite a few tasks, as previously mentioned, in the main these are a one off activity and once set up, make provisioning hosts a quick and easy operation. I had some great feedback from…

Today I wanted to check the OS versions on a list of servers. Here's the command I ran:

#cat hosts.txt | while read SERVER do ssh -n $SERVER cat /etc/redhat-release done

But I got the following output

: No address associated with hostnamesrvapp01 : No address associated with hostnamesrvapp02 : No address associated with hostnamesrvapp01 : No address associated with hostnamesrvapp01 ...etc

Strange because my command looks OK. Time for some debugging with bash -x

+ read SERVER ' echo 'Checking mysrvapp01 Checking mysrvapp01 + /usr/bin/ssh -l root -n $'mysrvapp01\r' cat /etc/redhat-release : Name or service not knownname mysrvapp01

So there's a dodgy carriage return, \r. Oh yes, I got the list out of an excel spreadsheet, so that explains why.

Let's get rid of the dodgy character:

#tr -d '\r' < hosts.txt > updated-hosts.txt

Try again:

#cat updated-hosts.txt | while read SERVER; do ssh -n $SERVER cat /etc/redhat-release; done Red Hat Enterprise Linux Server release 5.11 (Tikanga) Red Hat Enterprise Linux Server release 6.8 (Santiago) Red Hat Enterprise Linux Server release 6.8 (Santiago)

As promised some weeks back, I have published an article on Provisioning Using Red Hat Satellite 6.2 at my good friends site, JustSomeStuff. You can find it here http://justsomestuff.co.uk/theblog/2017/02/08/provisioning-with-redhat-satellite-6-2-part-1/ . Part 2 to follow soon. This whole effort has left me exhausted so that’s it for today.

Oh yes, and I started copying over some of the quick tips to the JustSomeStuff wiki, http://www.justsomestuff.co.uk/wiki/doku.php/linux/linux_index so they can be easily found for future reference,