Author: admin

How to configure a bonding device in a Linux server

Multiple bonding modes in a Linux operating system are given below:

  • balance-alb (fault tolerance and load balancing)
  • balance-tlb (fault tolerance and load balancing)
  • active-backup (fault tolerance)
  • broadcast (fault tolerance)
  • balance-rr (fault tolerance and load balancing)
  • 802.3ad (fault tolerance and load balancing)
  • balance-xor (fault tolerance and load balancing)

We will use Network Manager CLI to add a bonding device to a Linux server.

  • Run the nmcli command as root on SHELL nmcli con add type bond ifname mode active-backup
  • Assign IP address with nmcli connection modify ipv4.addresses
  • Make static IP address nmcli connection modify ipv4.method manual
  • Add bond slave to bonding device with nmcli con add type bond-slave ifname master
  • Add the second slave with nmcli con add type bond-slave ifname master
  • check bonding configuration with nmcli connection show
  • Restart server network with systemctl restart network

YUM error: Peer cert cannot be verified or peer cert invalid” or ‘certificate verify failed`

The error produced during the yum update

Error: failed to retrieve repodata/-primary.xml.gz
error was [Errno 14] Peer cert cannot be verified or peer cert invalid

Perform the following steps to resolve the yum error:

  • check and correct the date and time of the server.
  • Disable SSL verification by adding sslverify=false in /etc/yum.conf
  • Delete all repos and create a new yum repository.
  • Check /etc/hosts file for any false DNS resolutions of servers.

Kickstart fails to form boot partition [Not enough space in filesystems for the current software selection]

The kickstart automatic installation of the Linux operating system fails but the normal install is successful. To resolve this issue follow the steps given below:

  • Add clearpart --all --drives=${devname} --initlabel in kickstart disk section. This will delete partition table of disk.
  • If the above option does not resolve the issue add zerombr option above clearpart command. The zerombr option will initialize and destroy all invalid partition tables.
  • If above both steps does not work than boot into rescue mode of Linux OS and use dmraid or wipefs as follows:

dmraid -r -E /dev/sda
wipefs -fa /dev/sda

How to enable audit for file on nfs server?

  • Add -w /NFS-MOUNT/ -p wa -k NFS-MOUNT line at the end of file /etc/audit/audit.rules

[root@COMPUTE ~]# cat /etc/audit/audit.rules
## This file is automatically generated from /etc/audit/rules.d
-D
-b 8192
-f 1
-w /NFS-MOUNT/ -p wa -k NFS-MOUNT

  • Execute the following command to restart auditd service

service auditd restart

SELinux prevents /usr/lib/cups/daemon/cups-lpd from read access on the sock_file cups.sock in Linux server

In spite of /usr/lib/cups/daemon/cups-lpd denial to read access sock_file cups.sock, cups-lpd will successfully migrate print jobs received via LPD to the local CUPS server. You can either ignore this issue or create a custom SELinux policy module. The steps to create a custom SELinux policy module are listed below:

  • yum -y install setools-console yum-utils policycoreutils-devel rpm-build make
  • Create a file named local_cupslpd-read-cupssock.te in vi with the following contents.

module local_cupslpd-read-cupssock 1.0;

require {
type cupsd_var_run_t;
type cupsd_lpd_t;
class sock_file read;
}

#============= cupsd_lpd_t ==============
allow cupsd_lpd_t cupsd_var_run_t:sock_file read;

  • Compile the SELinux policy module with make -f /usr/share/selinux/devel/Makefile local_cupslpd-read-cupssock.pp
  • Install the policy module with semodule -i local_cupslpd-read-cupssock.pp

IPv6 communication do not occur while interface is in firewalld drop zone

IPv6 requires ICMPv6 neighbour solicitation and neighbour advertisement packets to create IPv6 connectivity. These packets are used to resolve IPv6 addresses to link-layer (ethernet).

  • Add new icmptypes for neighbour solicitation and neighbour advertisement

firewall-cmd --permanent --new-icmptype=neighbour-solicitation

firewall-cmd --permanent --new-icmptype=neighbour-advertisement

  • Remove destination IPv4

firewall-cmd --permanent --icmptype=neighbour-solicitation --remove-destination=ipv4

firewall-cmd --permanent --icmptype=neighbour-advertisement --remove-destination=ipv4

  • Attach icmptypes to the –zone=drop list of –add-icmp-block

firewall-cmd --permanent --zone=drop --add-icmp-block=neighbour-solicitation

firewall-cmd --permanent --zone=drop --add-icmp-block=neighbour-advertisement

  • Invert the icmptype block.

firewall-cmd --permanent --zone=drop --add-icmp-block-inversion

Confirm icmp-block-inversion from output of following command.

firewall-cmd --permanent --list-all --zone=drop

How to copy an instance between two Openstack environments

  • Turn off the instance, and then using the nova image-create command, create a snapshot of the nova instance.

openstack server list
openstack server image create server2 --name server2-snapshot

  • After the snapshot is created, it will be visible at a glance.
  • Confirm snapshot in a glance with;

openstack image list

  • Download snapshot image

openstack image save --file server2-snapshot-image2.qcow2 jkhuyt67-y6ry-jjhj-t65f-mmmjngy78657

  • Copy snapshot image to the new environment using SCP.
  • Upload the image

openstack image create server2-snapshot-image2-glanceimage2 --container-format bare --disk-format qcow2 --file server2-snapshot-image2.qcow2

How to clear ceilometer in OpenStack

To clean up old ceilometer data in OpenStack, perform the following steps:

  • First of all, stop the Telemetry service.

systemctl stop openstack-ceilometer-collector openstack-ceilometer-notification openstack-gnocchi-metricd openstack-gnocchi-statsd openstack-aodh-evaluator openstack-aodh-listener openstack-aodh-notifier openstack-ceilometer-central

  • Stop MongoDB service by entering the following on shell prompt.

systemctl stop mongod

  • Delete all files in /var/lib/mongodb and then restart MongoDB.

cd /var/lib/mongodb

rm -r *

  • Restart MongoDB.

systemctl start mongodb

  • Create a MongoDB master node.

mongo --host MONGOHOST --eval 'rs.initiate()'

  • Fing listener IP by entering the following command.

ss -tlnp|grep mongo

  • Add resulting IP to MongoDB replication file.

mongo --host MONGOHOST --eval 'rs.add("controler1_mongodb_IP:PORT"); rs.add("controler2_mongodb_IP:PORT"); '

  • Create a ceilometer database.

mongo --host MONGOHOST --eval 'db.getSiblingDB("ceilometer").addUser({user: "ceilometer", pwd: "MONGOPASS", roles: [ "readWrite", "dbAdmin" ]})'

  • Start Telemetry service using systemctl.

systemctl start openstack-ceilometer-collector openstack-ceilometer-notification openstack-gnocchi-metricd openstack-gnocchi-statsd openstack-aodh-evaluator openstack-aodh-listener openstack-aodh-notifier openstack-ceilometer-central

How to install NVIDIA driver (proprietary) and uninstall Nouveau driver (open source) in Linux server

  • Start your Linux server in text mode. GUI mode will give an error while uninstalling the Nouveau driver or installing the NVIDIA driver.
  • Remove Nouveau driver: Open /etc/default/grub in text editor [vi] and add the following option to GRUB_CMDLINE_LINUX

modprobe.blacklist=nouveau

  • On root shell, execute the following command to build the /boot/grub2/grub.cfg as follows:

grub2-mkconfig -o /boot/grub2/grub.cfg [BIOS servers]
grub2-mkconfig -o /boot/efi/EFI/seimaxim/grub.cfg [UEFI servers]

  • Reboot Linux server.
  • Install NVIDIA driver: Download NVIDIA driver from the NVIDIA website. Use YUM to install the following dependencies.

yum install gcc make kernel-headers kernel-devel acpid libglvnd-devel pkgconfig libglvnd-glx libglvnd-opengl

  • Build initramfs: Backup current initramfs.

mv /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r)-nouveau.img

  • Install new initramfs.

dracut /boot/initramfs-$(uname -r).img $(uname -r)

At this point, a server reboot is required. After the server comes up, check if the NVIDIA driver module is loaded.

Change hostname and IP address of Linux server without rebooting server

You can change option in third line in /etc/hosts file on Linux server without rebooting;

/etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.1 server.seimaxim.com seimaxim

You can change all of the following options in /etc/sysconfig/network without reboot.

/etc/sysconfig/network

NETWORKING=yes
HOSTNAME=server.seimaxim.com
GATEWAY=192.168.0.1

Similarly options in /etc/sysconfig/network-scripts/ifcfg-eth0 can also be changed.

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.1
NETMASK=255.255.255.0

Hostname of server can be changed with;

hostname server.seimaxim.com

Restart network with;

systemctl restart network

Error while configuring IP in ifcfg-eth0 on Linux Server “RTNETLINK answers: network is unreachable”

  • This error may arise if the IP address and Gateway subnets are different. Make sure both IP address and Gateway have the same subnets. For reference, the ifcfg-eth0 configuration file is given below.

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
UUID="3d9bd3c7-310c-4e46-a57c-5b3a99819f78"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="37.48.96.245"
PREFIX="27"
GATEWAY="37.48.96.254"
DNS1="8.8.8.8"
IPV6_PRIVACY="no"

  • Remove route entry from etc/sysconfig/network-scripts/route file.

Rebuild initial ramdisk image in Linux server – How-To

You may need to rebuild initial ramdisk image after adding new hardware or software to server.

  • Create backup as shown below;

cp /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).bak.$(date +%m-%d-%H%M%S).img

  • Use following command to rebuild initramfs

dracut -f -v

  • Make sure /boot/grub2/grub.cfg and /etc/grub2.cfg includes the menu to the new custom initramfs
  • Rebuild grub.cfg;

grub2-mkconfig -o /boot/efi/EFI/seimaxim/grub.cfg

Adding disk space from non-root-LVM to root-LVM

  • All users should be logged out of server except root.
  • Fsck the filesystem.
  • Reduce the non-root LVM by entering following command on root shell;

lvresize --resizefs --size

lvresize --resizefs --size -200G /dev/VolGroup00/LogVoL-USER

  • After non-root LVM filesystem is reduced, increase the root-LVM filesystem using;

lvresize --resizefs --size +500M /dev/VolGroup00/LogVol-ROOT

  • Mount the filesystem.

Disable Transparent Huge Pages [THP] in CentOS 8

On CentOS 8, In file editor open /etc/default/grub file, and add “transparent_hugepage=never” kernel parameter on the GRUB_CMDLINE_LINUX in options as shown below;

GRUB_CMDLINE_LINUX="options transparent_hugepage=never"

On command line execute grub2-mkconfig to build /boot/grub2/grub.cfg

grub2-mkconfig -o /boot/grub2/grub.cfg [System with BIOS]
grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg [System with UEFI]

Reboot Server to apply changes. If THP is still not disabled, stop tuned with

tuned-adm off

Add “transparent_hugepage=never” kernel parameter in /etc/default/grub file and reboot server.

How to configure a SSH tunnel?

On the client machine perform the following step:

[root@host]# ssh -N -L :: user@remote-machine-ip

From a new console/terminal execute the telnet command as follows:

[root@host]# telnet localhost

This kb is relevant to the following;

  • Encrypt the traffic by SSH tunneling the connection to remote host.
  • Encrypt unencrypted network traffic