Weblog

General posts from the webinterface

Red Hat renames certificates

0

Effective since december 1, 2017, Red Hat will rename all Certificate of Expertise certifications to Red Hat Certified Specialist. Some titles will be renames to. For instance: Red Hat Certificate of Expertise in Platform-as-a-Service will be Red Hat Certified Specialist in OpenShift Administration and ed Hat Certificate of Expertise in Hybrid Cloud Storage will become Red Hat Certified Specialist in Gluster Storage Administration. Red Hat announce it will come with a seperate certification for CEPH soon.

More information can be read on the Red Hat website.

Native SSH in Windows 10

0

With the latest updates installed on the 2nd Tuesday of December, Microsoft silently brings SSH support to Windows. You can install both ssh client and ssh server as optional feature. Does this mean farewell to PuTTY? No, it probably does not since, as a professional, you’re using ssh-keys instead of passwords. Microsoft only supports ed25519 keys. Not the default RSA ones. But since native ssh on Windows is still beta, let’s see what 2018 brings us.

Cheapest way to VMware VCP

0

The cheapest route to become a VMware Certified Professional (VCP) would be to attend a mandatory 5-day classroom training with a VMware Authorized Training Center. Classroom trainings will cost you about 3000 euro/dollar and if none is close by, travel and hotel expenses. Some VATC’s offer online classrooms but you still pay the same amount of money to attend a training to hear stuff from a professional trainer (read; an ex sysadmin who lost contact with the real world out there for over 10 years) telling you stuff you already knew. It’s not worth the 3000. And, as a freelance professional, it would be even more since you’d rather bill the customer let’s say 40 hours * 75 euro is another 3000 euro’s. Yes. Classroom trainings are expensive.

There is a cheaper alternative: follow a self-paced, online class at Stanly Community College. This does meet VMware’s requirements and will cost you only $185. Courses are made to attend after working hours and spread out in 6 weeks. And, as a bonus, you’ll get a discounted exam price paying only $70 for the Pearson VUE exam. One catch: there is a waiting list. So you have to wait some weeks / months till there is a free spot. But this is the ideal route to become a VMware Certified Professional for people who are paying for the training and certification themselves. Have a look here for information and reserve your spot on the waiting list over here.

Install VMware VAAI support for Synology

0

In my home lab I’m using Mac Mini’s as ESXi-server and a Synology NAS for storage (besides the SSD’s in de Mac Mini’s itself). The more expensive Synology models support VAAI for VMware. VAAI stands for vStorage APIs for Array Integration and with this support you can offload particular tasks from ESXi to the storage.

To install VMware VAAI support for Synology:

  1. Download the required package
  2. Enable SSH support on the ESXi node
  3. Put the ESXi node into maintenance mode
  4. (Win)SCP transfer the vib to the ESXi hosts /tmp
  5. SSH to the ESXi node, and type in the command:

    esxcli software vib install -v /tmp/esx-nfsplugin.vib –no-sig-check

  6. Reboot the ESXi host

Congratulations. Your ESXi node now has VAAI support.

New Microsoft Linux exam

0

Microsoft announced a new Linux exam related to Azure, which will be available in March 2018. The exam is given number 70-539 and titled Managing Linux workloads on Azure. The content is yet unknown. This exam can be used to upgrade your MCSA on Linux to MCSE Cloud Platform and Infrastructure. As Azure continues to gain mind and market share, related certifications are becoming increasingly valuable for IT pros.

Cron.weekly issue #100

0

I have to admit that I’m not the guy who subscribed to newsletters. There are actually a few subscriptions and one of them if the cron.weekly newsletter. It features new Open Source projects, guides & tutorials, news and handy little CLI one-liners. cron.weekly is here for both junior as well as seasoned Linux users. The focus of the newsletter is on technical content. This Sunday, issue #100 was received in my mailbox. I’d like to thank Matthias for all his efforts.

Have a look yourself at cronweekly.com.

Updates to CentOS7

0

Last week I’ve updated my private web server to CentOS7. The long awaited OpenSSL update was there to implement HTTP/2. My server is used by some friends and running DirectAdmin for administration, so they could manage their e-mail adressen without my intervention. Also noticeable is the switch from SpamAssassin to the newer and faster Rspamd filtering system written in C. PHP is switched from mod_ruid2 to php-fpm (FastCGI) which should also bring some speed improvements. And for most domains, HSTS is mandatory. Big improvements. Todo is implement IPv6 on user (site) level.

Error connecting to the Tower server

0

If you’re using Ansible Tower on Red Hat 7 or CentOS 7 you might see the yellow-mark on the top right page saying: “Live events: error connecting to the Tower server” or get errors when using the API (And the web-interface is one big graphical API) when adding groups, giving a ‘500’ error. This is a known issue, and you can do the following to step back python’s ssl handling package:

rpm -Uvh --oldpackage http://bo.mirror.garr.it/1/slc/centos/7.1.1503/updates/x86_64/Packages/python-2.7.5-18.el7_1.1.x86_64.rpm \
http://bo.mirror.garr.it/1/slc/centos/7.1.1503/updates/x86_64/Packages/python-devel-2.7.5-18.el7_1.1.x86_64.rpm \
http://bo.mirror.garr.it/1/slc/centos/7.1.1503/updates/x86_64/Packages/python-libs-2.7.5-18.el7_1.1.x86_64.rpm

# Once you do that, restart the tower services:

ansible-tower-service restart

Update ESXi to 6.5 update 1

4

I’m using a standalone Mac Mini with VMware vSphere (ESXi) on it. So for that reason I’m not able to use the update manager to upgrade the host. Last week I’ve upgraded version 6.5 to v6.5 update 1. See this blog for details about how to do that. The one-liner to use via SSH is:

esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.5.0-20170702001-standard

After a reboot you should be able to run vSphere 6.5 update 1 (with an upgraded new web=interface on https://<ip>/ui).

In my case I had an error with updating. There seemed to be to less space on the USB stick I’m booting from. The error message wasn’t clear about this. After rebooting the ESX-host and trying again, it gave me this error.

 [InstallationError]
 [Errno 28] No space left on device
       vibs = VMware_locker_tools-light_6.5.0-0.23.5969300
 Please refer to the log file for more details.

The solution was to change the default swap location via the web-interface (Host > Manage > System > Swap from ‘Datastore: none’ to ‘Datastore: LocalSSD’ (LocalSSD is just my name. It can differ in your set-up.

Installing Ansible Tower

0

When installing Ansible tower on CentOS 7 in my lab environment I noticed some problems during the install. When downloading and running the installer you’ll see these notices:

TASK [preflight : Preflight check - Read in tower version] *****************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "file not found: /var/lib/awx/.tower_version"}

...ignoring

(...)

TASK [preflight : Preflight check - Passwords must be defined for a fresh install]
*****************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Please configure passwords in the inventory file before running setup"}

 to retry, use: --limit @/home/ansible/ansible-tower-setup-3.1.4/install.retry

The fix is easy. Provide passwords in the ‘inventory’ file and restart the installer. It will now configure Ansible for you with all requirements such as Postgres, Supervisord, RabbitMQ and Nginx for you with the provides passwords.

[tower]
localhost ansible_connection=local

[database]

[all:vars]
admin_password='redhat'

pg_host=''
pg_port=''
pg_database='awx'
pg_username='awx'
pg_password='redhat'

rabbitmq_port=5672
rabbitmq_vhost=tower
rabbitmq_username=tower
rabbitmq_password='redhat'
rabbitmq_cookie=cookiemonster

# Needs to be true for fqdns and ip addresses
rabbitmq_use_long_name=false

After the installation, browse to http://hostname, in my case http://ansible1 and you’ll be headed towards the Red Hat Ansible website to request a license. A 10-node license is free and will for your needs for training purposes towards Red Hat Certificate of Expertise in Ansible Automation exam (EX407).

RHEL 7.4 released

0

Yesterday Red Hat released Red Hat Enterprise Linux (RHEL) 7.4. Amongst others, these are important changes:

  • Docker overlay graph driver with SELinux in enforcing mode is now supported;
  • OpenSSL update (1.0.2k) brings support for ALPN & native HTTP/2;
  • System Security Services Daemon (SSSD) in a container is now fully supported;
  • Identity Management (IdM) server container is available as a Technology Preview;
  • OpenLDAP & Btrfs are deprecated and will be removed in future RHEL major versions.

CentOS builds will be available soon. Time to test and migrate the CentOS 6 DirectAdmin servers to EL7.4 since HTTP/2 is now natively supported in OpenSSL.

Update: CentOS blog about CentOS 7.4.

Ansible slow on CentOS servers

0

If you’re getting started with Ansible you’ll notice it can be slow on servers running CentOS (or Red Hat). The reason for this is that CentOS systems have Kerberos authentication for SSH enabled by default. If you set GSSAPIAuthentication to no in /etc/ssh/sshd_config then things will speed up. And since you’re editing the configuration file, also set the UseDNS value to nu to save another DNS-lookup. You shot notice Ansible isn’t as slow as before.

You can also set this configuration for the Ansible user in the ~/.ssh/config file of the ansible user in case you are using an IPA server and/or Kerberos authentication in your environment.

[ansible@ansible-server ~]$ cat ~/.ssh/config 
Host * 
    GSSAPIAuthentication no

 

 

Go to Top