Quantcast
Channel: linuxadmin: Expanding Linux SysAdmin knowledge
Viewing all 17871 articles
Browse latest View live

[Rocks 6.1] New R430 1U servers Not installing on Rocks cluster

November 8, 2016, 8:58 am
$
0
0

Hi all, I was recently put in charge of system administration of the Rocks cluster (Running Rocks 6.1). I am not trained in system administration and my boss knows this, I am merely a graduate student that was given extra responsibility for learning purposes.

The issue I am having:

We recently got 8 Dell R430 1U servers and I was tasked with installing them. I hooked one up to the ethernet switch on the network and the frontend successfully identified it and assigned it a MAC address via DHCP. I then inputted the command into the front end to perform an install on the new node.

The node is then booted up and receives the PXE command from the front end and starts the installation. The installation then fails and gives the following error:

http://imgur.com/gallery/yDJ2E

and It then goes on to saw no disk detected. I did some searching and learned that this is due to the kernel not supporting the newer chipset. So I used 'YUM' to download and install the current mainline kernel and set up pxe so that it would push the new kernel and it's initramfs to the new nodes.

Now I get the nodes going through pxe, loading the kernel and the ram file system, then a whole bunch of fast text which I cannot read because it flashes far to quickly. I then get a kernel panic:

http://imgur.com/gallery/UWoGD

I know that the servers can run Linux with the kernel being applied (version 4.8) and I've successfully installed CentOS7.2 on one of the nodes just to test that there aren't any other issues. Any help would be greatly appreciated, I've posted on Rocks discussion boards and have received to replies.

Thanks in advance!

PS - I am XPosting this to several subreddits because I am unsure where the best place for it would be.

TLDR: Got new 1U servers and I am having a lot of difficulty installing rocks 6.1 on them via pxeboot.

submitted by /u/Rookie_Admin
[link] [comments]
Search

Repository of GRUB_INIT_TUNES

November 8, 2016, 9:26 am

WWW server with network share and multiple projects/users

November 8, 2016, 6:11 am
$
0
0

Hello,

I am planning infrastructure for WWW application redundancy. So i am heading for network share, so:

Setup: NFS or glusterfs Apache 2.4 with php-fpm

The main problem for now is how to handle multiple projects and usernames assigned as project username, when i want use php-fpm pools - 1 user per 1 project for security? There will be only one connect to network share tree. I am expecting LDAP/freeipa/config management for same users on all WWW servers, but how to handle multiple accounts for fileshare permissions? For example, fuse maps share as single user, so using php-fpm pools is no-go without multiple fuse maps (==nonsense).

Thanks for ideas.

submitted by /u/czechsys
[link] [comments]

Logs to Graylog over SSL?

November 8, 2016, 9:25 am
$
0
0

I have a hard requirement to have all network traffic encrypted and I'm having a really hard time finding a logging solution that will work and is free (another hard requirement).

We're in AWS GovCloud and I've tried CloudWatch but that doesn't work due to ITAR data. I've tried Elk stack but that doesn't work because X-Pack isn't free. I'm now on graylog and I thought this would work but I'm having a really hard time getting data to logstash from my central rsyslog server.

I'm currently only sending syslog and I output all logs to syslog. These first go to a central rsyslog server (over SSL) that logs everything but I'm having trouble getting logs to graylog from the central rsyslog server. When I then try to forward syslog from my hosts straight to graylog I'm not having any luck either.

This is getting really frustrating and I'm just wondering if it's been done. Is anyone sending logs to Graylog over SSL?

submitted by /u/kaydub88
[link] [comments]

Linux as a classroom environment

November 8, 2016, 11:30 am
$
0
0

Anyone ever deploy/manage linux as a lab environment for students? We turn over students fairly regularly and deploy new course materials with the new classes. I've looked at things like DebianEdu, but I wanted to get other opinions on the matter.

submitted by /u/mercsniper
[link] [comments]

Raspberry Pi gets its own version of SUSE Linux Enterprise Server

November 8, 2016, 9:00 am

Scheduled and recurring email postfix or squirrelmail?

November 8, 2016, 7:07 pm
$
0
0

Hi, I was wondering if someone has accomplish Scheduling and a recurring mail on postfix or squirrelmail. What im trying to accomplish is to send all the users of the domain a weekly reminder

Thank you

submitted by /u/killmasta93
[link] [comments]

Using Proxmox with multiple interfaces

November 8, 2016, 4:06 pm
$
0
0

I'm just starting to use Proxmox to consolidate a number of ageing tower servers but I'm struggling to figure out the best way to do what I want. The existing servers are mixed between the DMZ and private LAN. The new server has multiple network ports so I'm attempting to virtualize all the servers in Proxmox and utilize Open vSwitch.

The issue is I would like to have two isolated networks on this server and not sure if I should be using Flows or iptables to manage the isolation and how I would achieve it. It seems no matter what I do on the iptables side, the VM's from both networks have access to each other which is what I don't want. I don't have enough experience yet with OVS.. just enough to be dangerous but there's a lot of stuff to read up on.

eth0 should be for DMZ eth1 shouldbe for internal LAN eth2 was going to be for Proxmox management interface

All ports are managed by an upstream firewall. Each VM has its gateway defined.

The /etc/network/interfaces currently looks like this: auto lo iface lo inet loopback

allow-vmbr0 eth0 iface eth0 inet manual ovs_type OVSPort ovs_bridge vmbr0 allow-vmbr1 eth1 iface eth1 inet manual ovs_type OVSPort ovs_bridge vmbr1 auto eth2 iface eth2 inet static address 192.168.121.12 netmask 255.255.255.0 gateway 192.168.121.1 auto vmbr1 iface vmbr1 inet manual ovs_type OVSBridge ovs_ports eth1 auto vmbr0 iface vmbr0 inet manual ovs_type OVSBridge ovs_ports eth0

So... what am I missing here? Anyone have any pointers or solutions?

Thanks

submitted by /u/Original_DoLoMiKe
[link] [comments]
Search

That's it for IPv4, go all IPv6: Internet Architecture Board. Pool of original internet protocol addresses exhausted.

November 9, 2016, 5:49 am

FreeIPA with winsync not working even though it says all OK

November 9, 2016, 2:57 am
$
0
0

Hi everyone!

I'm trying to set up FreeIPA 4.2 on CentOS 7 with winsync agreement against a AD with 2003 forest level.

I tried this in a dev environment with forest level 2008 and it worked perfectly without any issues.

However, the production has a forest level of 2003 which cannot be raised for different reasons.

I manage to set up the replication agreement without any bigger issues, but the users are never synced. It says "update ok" when adding and also using re-initialize command.

The log file doesn't show anything good from my point of view, even with log level 8192 enabled, and I've spent the last couple of days digging on Google trying to find anything.

Anyone that have experienced the same problems? Logs can be provided if need, not sure which to include.

Many thanks!

submitted by /u/smygflik
[link] [comments]

Do's and Don'ts for new admin?

November 9, 2016, 5:03 pm
$
0
0

Hi all!

If you've remembered me from days past I've been on my Linux journey since March of this year, actually I was able to get a number of certifications including LFCS, LPIC-1 and the "real" certification RHCE this year! I tallied up all my *nix experience recently and would say I have about 9 years of "hobbyist" experience and about 3 years of real professional experience in smaller environments.

Recently I've been tasked to handle the monitoring systems at work which are all Linux based, and because our systems all need plenty of agents on remote hosts, I got root access at work for the first role in a large enterprise!

Just wondering, what would you recommend like some do’s and don’ts for a new admin in the enterprise world?

We have some approval processes in place if I want to actually use my new access, but I feel very humbled and don’t want to mess anything up but still get my years of experience in an enterprise in!

Thanks everybody!

submitted by /u/danifunker
[link] [comments]

Question about multipath / MD3400 PowerVault

November 10, 2016, 1:20 am
$
0
0

Hi guys, Maybe I'm not grasping the concept well, but I'm looking at an MD3400 powervault and trying to use it across two servers, server A and B. I was trying to do is to connect both servers to the storage and I've managed it. I mount it on /storage on both servers, but when I write something to it it does not show on the other, as if it's writing on diferent disk areas. Two questions: - Is this the intended behaviour? - If it's not (what I hope), what do I have to do to guaranteed that if I touch /storage/test in server A it's going to show in server B?

Thanks.

I'm using CentOS 7 and the official Dell drivers / rescan_dm_devs.

submitted by /u/throwaway23456134
[link] [comments]

autofs create home dir then mount dir.

November 9, 2016, 9:26 pm
$
0
0

So in my home.auto I have the following: * -fstype=nfs,rw,nosuid,soft fileserver:/data/home/&

My problem right now is when I create a new user, I have to create the directory in fileserver:/data/home/<$user> how can I make it so that it will check whether fileserver:/data/home/<$user> exist, and if not create the directory and mount it?

Auth mech: sssd <-> ad/dc

submitted by /u/juniorsysadmin1
[link] [comments]

Need help with OpenSSL and Apple IOS S/MIME

November 9, 2016, 11:57 pm
$
0
0

I have been having a headache for a long time trying to get this to work. My goal is to create a self signed CA that I can use to create some x509 certs so I can install them on a few apple ios devices. I want the devices to be able to use S/MIME to digitally sign/encrypted emails below is the commands that I have been trying. I'm new to openssl and I would need a bit of explaining. Any help will be most welcome. I can install the profiles the CA profile comes up and says that it is verified however something is wrong with the other profile. It comes up and says that it's signed by my CA, but it's not saying that the profile is verified. In the email settings section I can select the cert to encrypt but it will not work. When I look up my contact I have a red ? That says unable to find encryption certificate for XXXX@gmail.com even though it's installed.

Here is the commands that I have been using; below that is the pastebin of my CA and email cert configs.

openssl req -x509 -config openssl-ca.cnf -newkey rsa:4096 -days 4000 -sha512 -nodes -out cacert.pem -outform PEM openssl req -config openssl-server.cnf -newkey rsa:4096 -sha512 -nodes -out servercert.csr -outform PEM echo '01' > serial.txt openssl ca -config openssl-ca.cnf -policy signing_policy -extensions signing_req -out servercert.pem -infiles servercert.csr openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out CA.p12 -name "mykey" openssl pkcs12 -export -in servercert.pem -inkey serverkey.pem -out email4.p12 -name "email"

Pastbin of configs pastebin to configs

pastebin of the configs

submitted by /u/RadarG
[link] [comments]

Central authentication

November 10, 2016, 8:45 am
$
0
0

I'm in a big Windows shop with very few linux machines. I'm guessing around 20 for now but it seems we are starting to ramp up more linux servers. Managing users is starting to be a pain. We use Centos/Redhat. Any recommendations to tie into M$ AD? I've used FreeIPA before with separate linux accounts but never linked AD together. What do you guys use for central authentication?

Edit: Wow what a great subreddit! Thanks for the information everyone!

submitted by /u/chessehead23
[link] [comments]
Search

Pushing CUPS print configuration without central management or control of DHCP

November 10, 2016, 7:11 pm
$
0
0

I'm in a situation where I have about ten clients (mixed common Ubuntu / personal Windows 7/8) in my department with five various printers, and I really want to find a printer driver solution, but I don't have an auth solution, control of DHCP, or anything that would normally help me out here. Is there a way to just point my mixed bag of clients to a print server and have all the printers there exposed for printing, without manually installing. Our printers change regularly, and I really can't figure out how to push configuration.

Help?

submitted by /u/bodangren2
[link] [comments]

Remove full disk encryption for EL6

November 11, 2016, 5:08 am
$
0
0

Someone installed a vm with full disk encryption and I can't get it to boot in the new host.

I've already decrypted the LVM and moved it to a PV sda2 but when initramfs boots it looks for /dev/centos-root not /dev/sda2 and says crypto LUKS UUID not found.

It looks like the same UUID but its not encrypted anymore.

I've tried booting to a live cd, chroot sda2 and 'grub2-mkconfig -o /boot/grub2/grub.cfg' but nothing appears to be working.

submitted by /u/lottapoppa
[link] [comments]

New Linux Hardware subreddit

November 11, 2016, 6:34 am
$
0
0

Hey everyone,

My name is /u/twistedLucidity and during a brief moment on insanity I went ahead and created /r/linuxhardware in the hope that it could become a great place to deal with all those pesky "Where do I buy a laptop?" type questions (answers to that are in our sidebar), along with the deeper technical ones.

Shortly after, /u/squad_of_squirrels took leave of their senses and asked to be a mod. Asked! They've no idea what they've let themselves in for having to deal with me. We are also joined by /u/RatherNott, our orbiting custodian.

We hope you'll come and join over on /r/linuxhardware and help make it a good addition to /r/linuxadmin and the other great, Linux-related subreddits.

submitted by /u/twistedLucidity
[link] [comments]

curl trouble

November 11, 2016, 2:58 pm
$
0
0

Have debian 8 host that was recently upgraded from squeeze. Upgrade was to wheezy and then jessie. Everything seems to work except curl running some specific php code (php5-curl). It worked on squeeze and now after upgrade to jessie it returns only 403 forbidden response. Since im more of a sysadmin than a dev, I currently dont have php code causing trouble at hand. But I know that other examples with curl work, and dev says when testing on his dev machine this code works, so its related to source, not destination server. And yes, source ip is NATed so its not related to ip address being blacklisted or something like it. We have tried everything I could think of:

turning curl debug adding user agent to curl telling curl to ignore errors

Only difference is that dev uses xammp on windows and has php 5.6.8 with curl 7.40 and debian host has php 5.6.27 with curl 7.38.

I was unable to catch any php errors, as if nothing is wrong.

I read about people having similar issues, curl working on some hosts and returning 403 error on other, so I reckon it is a known issue?

I was wondering has anyone experienced this and what can I do to solve it other than reinstall (its dev machine only).

Even tried purging and reinstalling curl and php-curl packets and still nothing.

submitted by /u/lordgraylord
[link] [comments]

Installing Linux on a workstation for scientific computing. Thoughts?

November 11, 2016, 10:48 pm
Viewing all 17871 articles
Browse latest View live
Search