Unix Revolution

Work in Progress: Plex and LetsEncrypt So... I'm not entirely sure where to begin with all this. And this write-up is a mess (right now). I was not certain this was going to work and therefore I was not keeping absolute notes. Apache webserver allowing 80/443 through my firewall. - www.linuxrevolution.com - plex.linuxrevolution.com Plex Media Server currently running on OSX Mac Mini at port 32400 (standard port) I own a domain "linuxrevolution.com" and I also have a Plex Media Server running on any particular system (Mac Mini/OSX, Nvidia Shield TV, Linux). On my webserver, I am using CertBot - create a webroot (vhost) on your Apache Server. wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto ./certbot-auto certonly -d plex.linuxrevolution.com --webroot openssl pkcs12 -export -out ~/plex_linuxrevolution_com.pfx \ -inkey /etc/letsencrypt/archive/plex.linuxrevolution.com/privkey1.pem \ -in /etc/letsencrypt/archive/plex...

Preface: I have certainly not exhaustively tested this process.  I had a specific need and found a specific solution that worked. Situation:  I was issued a shiny new laptop running Red Hat Enterprise Linux 7 (with Corp VPN, certs, Authentication configuration, etc...)  The image was great, but I needed more flexibility on my bare metal.  So, my goal was to P2V the corporate image so I could just run it as a VM. * Remove corporate drive and install new SSD * install corp drive in external USB-3 case * Install RHEL 7 on new SSD * dd old drive to a disk-image file in a temp location which will be an image which is the same size as your actual drive (unless you have enough space in your destination to contain a temp and converted image) * convert the raw disk-image to a qcow file while pushing it to the final location - this step should reduce the disk size - however, I believe it will only reduce/collapse zero-byte blocks (not just free space - i.e. if you de...

I have a few physical nodes which I ran KVM guests on.  Occasionally I need to rebuild the host, so I want to copy the VM from one physical node to another.  I use RAW (sparse) disk images and standard scp would copy the image in it's entirety.  Until... I found rsync -S ;-) rsync -Surpolvv * usgtst92:/var/lib/libvirt/images/ *** SOURCE *** usgtst91 images]# for IMG in `find . -name "*.img"`; do qemu-img info $IMG; done image: ./DVGLLVUSGTST82/DVGLLVUSGTST82.img file format: raw virtual size: 44G (47244640256 bytes) disk size: 12G image: ./DVGLLVUSGTST81/DVGLLVUSGTST81.img file format: raw virtual size: 44G (47244640256 bytes) disk size: 4.0G image: ./DVGLLVUSGTST83/DVGLLVUSGTST83.img file format: raw virtual size: 44G (47244640256 bytes) disk size: 3.8G *** DESTINATION *** usgtst92 images]# for IMG in `find . -name "*.img"`; do qemu-img info $IMG; done image: ./DVGLLVUSGTST83/DVGLLVUSGTST83.img file format: raw virtual size: 44G (4724464...

Linux doesn't *need* Antivirus... blah.. blah... whatever...  I wear seatbelts not because I *will* be in an accident today... I wear them as I *might* be in an accident.  I don't actually run AV on my Linux systems... My Windows 8.1 host was p0wned when I attempted to download/install a Matrix Screensaver from CNET.  I thought that site was safe.. but there is definitely many reasons why I don't generally run Windows.  Stupid stuff like this... ranks pretty high on that list. Anyhow - since the host in question is a dual-boot system with Windows and either Fedora or RHEL - I figured I should clean-up the Malware on my Windows partition while running it from Linux. This is the procedure for Linux: ### Install ClamAV and mount Windows partition yum -y install clamav clamav-data  clamav-filesystem clamav-lib clamav-lib clamav-scanner-systemd clamav-server-sysvinit clamav-update clamav-unofficial-sigs mkdir -p /windows/C mount /dev/sda4 /windows/C ##...

I have a host at home with 2 x 1TB SATA disks.  I don't necessarily need the redundancy on this box, but I thought since I was bothering to get my PXE and kickstart working at home I may as well figure this out as well... -- excerpt from kicksart profile -- # Clear the Master Boot Record zerombr # Remove ALL partitions clearpart --all --initlabel --drives=sda,sdb # Install the bootloader in the MBR bootloader --location=mbr --driveorder=sda,sdb part /boot/efi --fstype=efi --size=500 --ondisk=sda part /boot/efi-dummy --fstype=ext4 --size=500 --ondisk=sdb # You cannot define a specific partition ('onpart') if you use 'clearpart' part raid.sda2 --asprimary --fstype="raid" --ondisk=sda --size=512 part raid.sdb2 --asprimary --fstype="raid" --ondisk=sdb --size=512 part raid.sda3 --asprimary --fstype="raid" --ondisk=sda --size=51200 --grow part raid.sdb3 --asprimary --fstype="raid" --ondisk=sdb --size=51200 --grow...

#!/bin/bash #ypcat passwd > /tmp/passwd cp /etc/passwd /tmp/passwd while IFS=: read -r user pass uid gid gecos home shell do   echo "ipa-moduser -a -s \"$shell\" -c \"$gecos\" -d \"$home\" $user" done < /tmp/passwd exit 0 Another approach... #!/bin/sh # 1 is the nis domain, 2 is the nis master server ypcat -d $1 -h $2 group > /dev/shm/nis-map.group 2>&1 IFS=$'\n' for line in $(cat /dev/shm/nis-map.group); do   IFS=' '   groupname=$(echo $line|cut -f1 -d:)   # Not collecting encrypted password because we need cleartext password to create kerberos key   gid=$(echo $line|cut -f3 -d:)   members=$(echo $line|cut -f4 -d:)   # Now create this entry   ipa group-add $groupname --desc=NIS_GROUP_$groupname --gid=$gid   if [ -n "$members" ]; then     ipa group-add-member $groupname --users=$members   fi   ipa group-show $groupname done

I have recently built a Red Hat Network Satellite system on Red Hat Enterprise Linux 6.1 x86_64 and Satellite 5.4.1 with the embedded database (Oracle DB - not sure which version). Also noteworthy is the fact that this Virtual Machine is running on VMware vSphere 4.1.0 using the LSI Logic Parallel SCSI controller.  Anyhow - I have built this type of system numerous times previously and this particular one is running rather poorly.  At the time I am writing this, I am still unsure what is causing the issues(s). 1.)  processes are taking more time that I am accustomed to (I sound like a typical user now?) 2.)  I/O wait on this host seems to be relatively high most of the time Now - while I am attempting to troubleshoot, I am running a satellite-sync of one of my RHN channels.  The software has all been downloaded, and at this point I believe it is simply being catalogued and inserted into the Satellite DB. I have plenty of memory dedicated to this system,...

Summary:  An overview of my experience with a Lenovo T520.  This machine is no joke.  It's seriously fast/powerfull, everything seems to work between Windows 7 Pro x64 and Fedora 16 x64.  I have not booted into Windows very much, but that seems to perform flawlessly. My system: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz Integrated Intel VGA, secondary Nvidia VGA (optimus) 750 GB Scorpio Black 7200 RPM, 16MB http://browse.geekbench.ca/geekbench2/516398  - GeekBench of 13338  Why: I'm having a bit of a career focus shift. My primary goal/focus is to become as proficient as I once was with Solaris, or even more so. This will provide credibility and experience to leverage with my customers. I felt it doesn't represent my undying devotion to Linux, if I walk in and plop a MacBook Pro on the table. I needed a laptop to run a reasonably new Red Hat (read: fedora) release. I talked to a friend who works for Red Hat to see what his experience. ...

I had originally planned on this being a lengthy post, detailing my experience with building a 2-node Veritas Cluster Server environment using VMware vSphere 4.1 hosting Red Hat 5.7 and VCS 5.1 SP1GA. Once I had the cluster up and running, it seemed to be somewhat flaky and I decided to focus on more important things.  I might get back to this someday. I guess my greatest surprise is that fencing appears to be working (even though the "hardware test" failed -- Output : Preempt and abort key KeyA using key KeyB on node vcs02 ................ Failed An even greater surprise is why fencing does not work in more environments... Regardless, here it is... [root@vcs01 rhel5_x86_64]# hastatus -sum -- SYSTEM STATE -- System State Frozen A vcs01 RUNNING 0 A vcs02 RUNNING 0 -- GROUP STATE -- Group System ...

The Emulex proprietary drivers and included utilities are extremely helpful. (the only oddity is where they are installed /usr/sbin/lpfc - but, whatever...). I happen to be at a shop that uses the OS multipath and Emulex fiber channel drivers. There is a bunch of good information to be found... # lspci | grep -i emulex 0b:00.0 Fibre Channel: Emulex Corporation Saturn-X: LightPulse Fibre Channel Host Adapter (rev 03) 11:00.0 Fibre Channel: Emulex Corporation Saturn-X: LightPulse Fibre Channel Host Adapter (rev 03) # cat /sys/class/scsi_host/host[2-3]/fwrev 2.00A3 (U3D2.00A3), sli-3 2.00A3 (U3D2.00A3), sli-3 # cat /sys/class/scsi_host/host[2-3]/lpfc_drvr_version Emulex LightPulse Fibre Channel SCSI driver 8.2.0.87.1p Emulex LightPulse Fibre Channel SCSI driver 8.2.0.87.1p # hbacmd listhbas | grep "Port WWN" | awk '{print $4}' | xargs -n 1 hbacmd HbaAttributes HBA Attributes for 10:00:00:00:c9:a6:91:35 Host Name : dbslp0066...

Issue : Removing a device, or replacing a device with a different SAN LUN can be a bit challenging. HISTORY : Take this completely hypothetical situation, which may or may not happen to me quite frequently... your customer asked for 3 x 64 and 1 x 16 Gig LUNs... and for some reason the SAN admin assigns 4 x 64 Gig LUNs. You don't know this until you scan the bus and see them from the OS. At which point you have to tell the SAN admin that you need to replace 1 of the 64 Gig LUNs with a 16 Gig. And you also ask the admin to let you know when he/she removes the incorrect LUN so you can do your procedure to then remove the device from the OS view, and then he/she can proceed with adding the 16 Gig. Well, inevitably you will end up with syslog complaining about a SAN device no longer being available and the fun begins (this is because the admin removed the 64 and added the 16 probably in the same keystroke, or click of a button and this will not give you an opportuntiy to str...