Vill du veta mer?

 

Magnus K Karlsson
Senior System Developer
+46 (0)70-218 00 84
magnus.k.karlsson@msc.se magnus-k-karlsson.blogspot.com

Magnus är en erfaren systemutvecklare.
 
Magnus K Karlsson

Våra medarbetares bloggar

2014-04-14 2av Magnus K Karlsson

How To Configure KVM Virtual Machine Network


Background

Here I will configure a KVM host with virtual machines to be accessible from a local network.

This can be achieved in two ways by configure on KVM host machine:

  • A network bridge
  • Configure iptables as a router, which will forward traffic to virtual machines.

The easiest way is to use a network bridge, since then both desktop and virtual machines will be on the same subnet.

Prerequisite

Here we will configure the KVM host machine network configuration, manually, so we start by disable the NetworkManager

KVM Host Network Bridge Configuration

/etc/sysconfig/network-scripts/ifcfg-eth0

Above we have disabled NetworkManager (NM_CONTROLLED=no) and is using a Bridge.

/etc/sysconfig/network-scripts/ifcfg-br0

Above have we configured a static IP (BOOTPROTO=none) and assigned IP, Gateway and DNS.

KVM Host iptables

Since we are not using the second alternative with routing, the KVM host machines iptables configuration is the same as default.

After editing/creating files you might need to restore SELinux security contexts.

And finally restart network on KVM host

Virtual Macines Network Configuration

The last part is to configure the virtual machine network. This is easiest achieved with the virt-manager.

For an existing virtual machine.

And for a new.

Inside the Virtual Machine

Inside the virtual machine you can configure either a static IP or a dynamic one. The easiest way is to use the tool system-config-network-tui.

Test

And finally test to ping the virtual machine (virtual1) from the desktop.

Reference


2014-03-27 2av Magnus K Karlsson

Fedora 20 Better Theme


The default theme (Adwaita) that Fedora 20 is shipped is not the best. And beside it has a large window border at the top of each window. A better theme that exists in default rpm repo is greybird. To install

and to change use gnome-tweak-tool (rpm package gnome-tweak-tool)


2014-03-26 2av Magnus K Karlsson

Fedora 20 Install MySQL Server 5.5 and Workbench 6


MySQL Server 5.5

The MySQL packages has been renamed. The now official open source version of MySQL is MariaDB. To install the same version of MySQL on Fedora as in Enterprise Linux, such as RHEL, install these packages.

To start the mysqld.

Set MySQL root password to 'root'.

Finally login and test password.

MySQL Workbench 6

The workbench rpm is orphan, so you need to download and install it manually. http://dev.mysql.com/downloads/tools/workbench/

Little bit of searching for installing dependeny packages, with 'yum provides', e.g.

And finally ending up with all required packages.

Then run install of workbench again and start workbench and connect to you localhost.


2014-03-26 2av Magnus K Karlsson

Fedora 20 How to Install Eclipse


Before Eclipse started with bundling Eclipse into EE, C++, etc bundles. There were pain to install Eclipse and to get all it's plugins right. Then the bundles came. You download a zip file and unzipped and off you go.

But a better way is to have RPM packages of everything. And that is done with Fedora. (That is also done in Ubuntu, but they don't have any modern version of Eclipse available.)

To install Eclipse 4.3.1 (Kepler)

Now you can search and install Eclipse plugin


2014-03-26 2av Magnus K Karlsson

Fedora 20 Disable Gnome Alt+Tab from Grouping Windows


Most modern Linux distros (and including Windows) now days group window from the same application. I found this not effective and lowers mine productivity.

To disable grouping when Alt-Tab switching, install gnome extension https://extensions.gnome.org/extension/15/alternatetab/


2014-03-20 2av Magnus K Karlsson

Install and Configure KVM on Fedora 20


Install

To manage the KVM daemon - libvirtd.

Imported directories.

  • Data - /var/lib/libvirt/
  • Configuration - /etc/libvirt/

Graphical manager, to install new virtual machines and control them.

Or the command line way.

And to control the virtual machines, via command line.


2014-03-16 2av Magnus K Karlsson

HTTP Configure LDAP-Based Authentication


In my previous blog I showed you how to set up basic authentication via access file for a private directory. To do the same thing for LDAP, use this configuration instead.

Reference

http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html
2014-03-16 2av Magnus K Karlsson

HTTP Configure Private Directories


Create Private Directory

Here we will make things a little more difficult, we are going to create our new directory outside the apache default document root, which means, we will need to manually handle SELinux policy. We will get into detail how to do that soon, but first lets create our new private directory.

Set file permissions.

Ok, here is where things get a little more complicated. Lets first have a look of the SELinux file context of the default document root.

Ok, now we knew how things should look like. Now lets look how things currently look in our new directory.

The thing you always should try first, is to try to restore default SELinux policy. Lets do that.

Ok, so the last part that is missing is the file context. We can set that with semanage (policycoreutils-python package).

And to verify.

Now we only need to restorecon on our new private directory.

Configure Private Directory

Now lets begin to add our new private directory as public and test.

Restart apache and test our new private directory. If things are not working go back and fix it.

Now we are going to add user authentication, but before that you might want to install apache manual.

We will here configure a basic authentication with file containing our user credential.

To create the user credential

And now finally restart and test your new private directory.

Reference

http://httpd.apache.org/docs/2.2/mod/mod_authn_file.html
2014-03-15 2av Magnus K Karlsson

HTTP Deploy a Basic CGI Application


Prerequisite

You have successfully installed apache web server with default configuration.

Deploy

Copy our CGI script to default directory.

Set file permission

Set SELinux

Test

Open http://<your-host>/cgi-bin/hello.cgi


2014-03-15 2av Magnus K Karlsson

HTTP Configure a Virtual Host


Introduction

Virtual hosts are good when you want to server multiple web sites from the same web server.

Prerequisite

Install Apache Web Server.

Since I do not have a reliable DNS, we need to hardcode the host name in /etc/hosts on the client.

Initial Configuration

Configure Listen and ServerName, to be able to start the server clean without warnings.

Also verify that firewall (iptables) is configured or stop it 'service iptables stop'.

Now check our installation by restarting apache web server and open url 'jbossas1.magnuskkarlsson.com' from client machine. You should be able to see Apache Welcome Page. If not go back and fix.

Configure Name-Based Virtual Hosting

Now create two virtual host, one for the default host 'jbossas1.magnuskkarlsson.com' and one new 'virtualhost1.magnuskkarlsson.com'.

Now create the new document root for 'virtualhost1.magnuskkarlsson.com'.

Set file permissions.

Create test web page.

Set SELinux for our new virtual host.

Test

Restart apache web server and test your new virtual host by accessing:

  1. http://virtualhost1.magnuskkarlsson.com/ (you should see default apache web server welcome page)
  2. http://jbossas1.magnuskkarlsson.com/ (you should see your 'Hello World' page)

2014-03-15 2av Magnus K Karlsson

Configure a System to Log to a Remote System.


Example forward all info message to remote host 192.168.122.10.

Restart rsyslog to let changes take effects.

And to test it use logger tool from client.

Open /var/log/messages on server and verify.

Reference

/usr/share/doc/rsyslog-*/rsyslog_conf.html


2014-03-15 2av Magnus K Karlsson

Configure a System to Accept Logging from a Remote System


UDP

Edit /etc/rsyslog.conf and enable module imudp.

Restart rsyslog to let changes take effects.

TCP

Edit /etc/rsyslog.conf and enable module imtcp.

Restart rsyslog to let changes take effects.


2014-03-15 2av Magnus K Karlsson

Produce and Deliver Reports on System Utilization (Processor, Memory, Disk, and Network).


Processor

System Activity Reporter, SAR. To display 5 samples with 2 seconds apart.


-u Report CPU utilization.

Memory

vmstat - Report virtual memory statistics. To display 5 samples with 2 seconds apart.

Disk

Report file system disk space usage.


-h, --human-readable Print sizes in human readable format (e.g., 1K 234M 2G)

Statistics for input/output statistics for devices, partitions and network filesystems (NFS). To display 5 samples with 2 seconds apart.


-d Display the device utilization report.
-N Display the registered device mapper names for any device mapper devices.
Useful for viewing LVM2 statistics.
-k Display statistics in kilobytes per second instead of blocks per second.
Data displayed are valid only with kernels 2.4 and later.

network


2014-03-15 2av Magnus K Karlsson

Configure a System to Authenticate Using Kerberos


You can either do this graphically (system-config-authentication) or via command line (authconfig).

When doing it with the command line, it can be hard to remember all the parameter, but with help of '--help' it is easier.

The LDAP parameters

The Kerberos parameter.

And finally SSSD (System Security Services Daemon), which enable cached authentication, which in turn means enabled off-line authentication. Which both can be good and bad. An unstable network connection does not stop you for logging in. But you also need to remember that authentication data might be stale.

Lets put all this together and add --update at the end to update authentication configuration.


2014-03-14 2av Magnus K Karlsson

SSH Port Forwarding


We have 3 machines.

  1. Client (192.168.1.12)
  2. JBoss (192.168.122.20)
  3. Apache (192.168.122.10)

SSH Port Forwardning from localhost:5555 to 192.168.122.20:8080.

Now test your tunnel by opening a web browser from client and enter http://localhost:5555/. The tunnel is:

localhost:5555 -> 192.168.122.20:8080

Now lets tunnel through apache server (192.168.122.10:22) to jboss server (192.168.122.20:8080).

The tunnel is now:

localhost:5555 -> 192.168.122.10:22 -> 192.168.122.20:8080

So every tunneling begins at the client, that opens the tunnel.


2014-03-14 2av Magnus K Karlsson

Adding a Static Route to the Route Table


Prerequisite

Install the kernel documentation package, if you have not.

The package contains several documentation and you can list them all with 'rpm -ql kernel-doc'.

Display Current Routing

Enabling Kernel Routing

To enable kernel paremeter ip_forward needs to be on.

And the corresponding documentation.

If you are not sure how to add search the system documentation.

Or you can add via CLI, but this will not be permanent.


2014-03-14 2av Magnus K Karlsson

Disable Ping Request (ICMP Echo) in Linux Kernel


Prerequisite

Install the kernel documentation package, if you have not.

The package contains several documentation and you can list them all with 'rpm -ql kernel-doc'.

Test Before

Ok. The machine is responding to ping.

Set Kernel Parameter to Ignore Ping (ICMP echo) Request

Now use kernel configuration tool, sysctl, to first list all parameter that contain ICMP.

To find out what each parameter do read the kernel network ip sysctl documentation.

And to set kernel parameter.

Now test again to ping server and you should not get any respond.

To make the changes permanent.


2014-03-14 2av Magnus K Karlsson

Network Bonding in RHEL 6


Introduction

To bind multiple network interfaces together into a single channel is called bonding.

The reason for this is to achieve:

  1. Round robin around network interfaces.
  2. Master - slave for redundancy.
  3. Throughput. Use all at the same time.

Reference

RHEL 6 Deployment Guide
2014-03-14 2av Magnus K Karlsson

IP Aliases in RHEL 6


Introduction

Assigning multiple IP addresses to a single interface is called IP aliasing. This can be handy if you want a single web server to serve multiple sites.

Prerequisite

It is advised to disable NetworkManager.

Configuration

Show current configuration for eth0.

Add IP alias.

Show new configuration for eth0

To make it persistent edit the following

Now restart network service.

Test

Ping from another machine

Reference

/usr/share/doc/initscripts-*/sysconfig.txt
2014-03-13 2av Magnus K Karlsson

Build a Simple RPM Package


Prerequisite

Install package that contain the rpmbuild tool that create the rpm package.

Install also a convenient development tool for setting up environment.

When building rpm package you should do that with a noon root user. To create a new user.

Setup

Change to rpm user and from it's home directory run:

This will create a new empty catalogue structure for your rpm package development.

Creating the Program

We can test run to see that it actually runs.

Creating the RPM Spec File

Now with help of wim, that will create a template spec file, we will create a rpm spec file for our hello rpm package.

Build the RPM

Test the RPM

Query (q) the local package (p) for all it's files (l).

Now switch to root and install the package.

And test it.

And to uninstall it.


2014-03-13 2av Magnus K Karlsson

Yum Plugins


There are numerous yum plugins. You can search for which are available.

What does yum-plugin-verify do?

"This plugin adds the commands verify, verify-all and verify-rpm. There are also a couple of options. This command works like rpm -V, to verify your installation." [yum info yum-plugin-verify]

For more information about each commands, run 'yum --help'

What does yum-plugin-versionlock do?

"This plugin takes a set of name/versions for packages and excludes all other versions of those packages (including optionally following obsoletes). This allows you to protect packages from being updated by newer versions, for example." [yum info yum-plugin-versionlock]

The yum-plugin-versionlock uses the /etc/yum/pluginconf.d/versionlock.list to lock down specific packages.

The following format is used for locking down. See /usr/share/doc/yum-plugin-versionlock-*/README.

EPOCH:NAME-VERSION-RELEASE.ARCH


2014-03-13 2av Magnus K Karlsson

Encrypting Files with GnuPG


Generate private key.

List all public keys.

Export a public key.

Import a public key from "Pelle Petterson".

Encrypt a file for recipient "Pelle Petterson", with public key from "Pelle Petterson".

Decrypt a file, encrypted with your public key.


2014-03-13 2av Magnus K Karlsson

Using OpenLDAP as Authentication Directory Service in RHEL 6


Installing OpenLDAP

Configure OpenLDAP

Modify domain (olcSuffix) and the LDAP super username (olcRootDN).

Set password for the LDAP super user. To create password use slappasswd.

And add password to configuration file.

Create OpenLDAP Schema

Creat an empty text file /root/example.com.ldif, with

Configure OpenLDAP

Add this.

Verify add with search.

Add User and Group OpenLDAP

Configure Client Authentication through LDAP

You can configure this graphically

or you can do it via command line tool authconfig.

Test

Reference


2014-03-12 2av Magnus K Karlsson

Blogspot Blogger set Dynamic Width


It is quite silly with fix width layout for HTML pages, which indirectly means a web page will only use a small part of modern laptop or monitors screen. Why not make it dynamic? Let people self decide their size, by simply resizing theirs browser window. Static width does not make sense for me. So this is how I changed this blog. Simple and safe http://thewebthought.blogspot.com/2011/09/blogger-make-your-blog-fluid-fit-any.html.


2014-03-12 2av Magnus K Karlsson

How to Disable System Beep in Fedora 20


The default setup of Fedora 20 have a quite annoying feature and that is the system beep. The beep sounds when using auto completion in terminal window, but also in firefox when searching in page and not results are found.

To disable Terminal beep.

To disable Firefox beep, when no search result are found in page.


2013-10-01 2av MSC Blogg

Som Red Hat Ready Partner besöker MSC Redhat EMEA Partner Conference i Madrid!


Jag besöker just nu Redhat EMEA Partner Conference i Madrid.
Heta ämnen är Open Hybrid Cloud, Red Hat Openstack, Red Hat Openshift och JBOSS Middleware.
/Magnus Eriksson



https://twitter.com/RHTPartnersEMEA