Category Archives: RHEL

HOWTO: Create an Active/Passive TEAM device in RHEL7

Let’s say you have a few spare NICs and want to put them together in a/n (active/passive) bond.  What do you do?

This write-up is VERY similar to HOWTO: Create a BOND with RHEL7 – but it’s for teaming.

This is also is pretty straight-forward.

First, connect via SSH to an IP on a NIC that WILL NOT be part of the bond.

Using ‘nmcli’ – remove references to the NICs you want IN the bond and reload nmcli:

[root@rhce ~]# nmcli con del ens224 ens256
Connection 'ens224' (92d6456d-16bd-4eae-9ecb-386cb4ce4d29) successfully deleted.
Connection 'ens256' (e52eca2f-8c84-428d-8959-93e85f4b03f3) successfully deleted.
[root@rhce ~]# nmcli con reload

Next, with nmcli, create the bond:

[root@rhce ~]# nmcli con add type team con-name team0 ifname team0 config '{"runner": {"name": "activebackup"}}'
Connection 'team0' (01567cc6-b2da-42ac-adf8-b9085c3f4309) successfully added.

Time to add the two NICs (ens224 & ens256) in:

[root@rhce ~]# nmcli con add con-name team0-ens224 ifname ens224 type team-slave master team0
[root@rhce ~]# nmcli con add con-name team0-ens256 ifname ens256 type team-slave master team0

Optional (I think, but I still do it), modify the team’d device to have an IP and DNS:

[root@rhce ~]# nmcli connection modify team0 ipv4.address "192.168.1.50/24"
[root@rhce ~]# nmcli connection modify team0 ipv4.dns "192.168.1.1,8.8.8.8"

 

Check the state of the team & see which NIC is active:

# teamdctl team0 state
setup:
  runner: activebackup
ports:
  ens224
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
  ens256
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
runner:
  active port: ens224

Looks like ens224 (first NIC) is active; let’s pull the cable, start a PING test, & see what happens:

[root@rhce ~]# ping 192.168.1.50
PING 192.168.1.50 (192.168.1.50) 56(84) bytes of data.
64 bytes from 192.168.1.50: icmp_seq=1 ttl=64 time=0.140 ms
64 bytes from 192.168.1.50: icmp_seq=2 ttl=64 time=0.167 ms
64 bytes from 192.168.1.50: icmp_seq=3 ttl=64 time=0.167 ms
64 bytes from 192.168.1.50: icmp_seq=4 ttl=64 time=0.172 ms
64 bytes from 192.168.1.50: icmp_seq=5 ttl=64 time=0.166 ms
64 bytes from 192.168.1.50: icmp_seq=6 ttl=64 time=0.171 ms
64 bytes from 192.168.1.50: icmp_seq=7 ttl=64 time=0.153 ms
64 bytes from 192.168.1.50: icmp_seq=8 ttl=64 time=0.181 ms
64 bytes from 192.168.1.50: icmp_seq=9 ttl=64 time=0.172 ms
64 bytes from 192.168.1.50: icmp_seq=10 ttl=64 time=0.194 ms
64 bytes from 192.168.1.50: icmp_seq=11 ttl=64 time=0.172 ms
64 bytes from 192.168.1.50: icmp_seq=12 ttl=64 time=0.172 ms
64 bytes from 192.168.1.50: icmp_seq=13 ttl=64 time=0.172 ms
64 bytes from 192.168.1.50: icmp_seq=14 ttl=64 time=0.191 ms
64 bytes from 192.168.1.50: icmp_seq=15 ttl=64 time=0.165 ms
64 bytes from 192.168.1.50: icmp_seq=16 ttl=64 time=0.155 ms

Nothing strange there … what about the team?

[ root@rhce ~]# teamdctl team0 state
setup:
  runner: activebackup
ports:
  ens256
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
  ens224
    link watches:
      link summary: down
      instance[link_watch_0]:
        name: ethtool
        link: down
        down count: 1
runner:
  active port: ens256

It switched to ens256 & didn’t drop a ping.

Looks like you got an active/passive team working successfully!

HOWTO: Add a new NIC into RHEL7 and configure it for use via ‘nmcli’

So, I have a VM and just added another NIC.  When I run ‘ip a’ – I see it, but there is no info:

[root@rhce-prep-1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno16780032: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP qlen 1000
    link/ether 00:0c:29:0d:22:d0 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.199/24 brd 10.1.1.255 scope global dynamic eno16780032
       valid_lft 86236sec preferred_lft 86236sec
    inet6 2601:191:8380:f23d:20c:29ff:fe0d:22d0/64 scope global noprefixroute dynamic 
       valid_lft 189151sec preferred_lft 189151sec
    inet6 fe80::20c:29ff:fe0d:22d0/64 scope link 
       valid_lft forever preferred_lft forever
3: eno33559296: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:0c:29:0d:22:da brd ff:ff:ff:ff:ff:ff

‘nmcli con show’ – leaves me hanging as well:

[root@rhce-prep-1 ~]# nmcli con show
NAME         UUID                                  TYPE            DEVICE      
eno16780032  41003ce7-fd00-41e4-8524-67e1e9418179  802-3-ethernet  eno16780032

Querying the device status, I get some more info:

[root@rhce-prep-1 ~]# nmcli device status
DEVICE       TYPE      STATE         CONNECTION  
eno16780032  ethernet  connected     eno16780032 
eno33559296  ethernet  disconnected  --          
lo           loopback  unmanaged     --

A little finagling with nmcli –help & man nmcli, gets me this syntax and a positive result:

[root@rhce-prep-1 NetworkManager]# nmcli con add type ethernet ifname eno33559296 con-name eno33559296
Connection 'eno33559296' (b3e327b9-538e-4b95-b729-4daaa4b56ddc) successfully added.

Re-running ‘nmcli con show’ gives me the new interface & ‘nmcli device status’ show’s ‘connected’ now:

[root@rhce-prep-1 NetworkManager]# nmcli con show
NAME         UUID                                  TYPE            DEVICE      
eno33559296  b3e327b9-538e-4b95-b729-4daaa4b56ddc  802-3-ethernet  eno33559296 
eno16780032  41003ce7-fd00-41e4-8524-67e1e9418179  802-3-ethernet  eno16780032 

[root@rhce-prep-1 NetworkManager]# nmcli device status
DEVICE       TYPE      STATE      CONNECTION  
eno16780032  ethernet  connected  eno16780032 
eno33559296  ethernet  connected  eno33559296

‘ip a’ registers a new DHCP address:

[root@rhce-prep-1 NetworkManager]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno16780032: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP qlen 1000
    link/ether 00:0c:29:0d:22:d0 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.199/24 brd 10.1.1.255 scope global dynamic eno16780032
       valid_lft 85265sec preferred_lft 85265sec
    inet6 2601:191:8380:f23d:20c:29ff:fe0d:22d0/64 scope global noprefixroute dynamic 
       valid_lft 188178sec preferred_lft 188178sec
    inet6 fe80::20c:29ff:fe0d:22d0/64 scope link 
       valid_lft forever preferred_lft forever
3: eno33559296: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:0c:29:0d:22:da brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.209/24 brd 10.1.1.255 scope global dynamic eno33559296
       valid_lft 86098sec preferred_lft 86098sec
    inet6 2601:191:8380:f23d:20c:29ff:fe0d:22da/64 scope global noprefixroute dynamic 
       valid_lft 188178sec preferred_lft 188178sec
    inet6 fe80::20c:29ff:fe0d:22da/64 scope link 
       valid_lft forever preferred_lft forever

 

HOWTO: Configure SELinux to use non-standard ports

First, you need to be able to tune the parameters, so you need some packages:

[root@rhce ~]# yum -y install setroubleshoot-server selinux-policy-devel

Wait, I want to use a port other than 80 for apache/http – how do I know what to use?

[root@rhce ~]# semanage port -l | grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989

OK.  80 is “http_port_t”

Now, I need to choose the port I want to use (25000) & see if it’s in use:

[root@rhce ~]# sepolicy network -p 25000
25000: tcp unreserved_port_t 1024-32767
25000: udp unreserved_port_t 1024-32767

NICE!  It’s not in use.  Now, I need to allow apache/httpd to use it:

[root@rhce ~]# semanage port -a -t http_port_t -p tcp 25000

If you want to remove the port, substitute -a for -d & run again.

Check to see that it’s been applied appropriately:

[root@rhce ~]# sepolicy network -p 25000
25000: tcp http_port_t 25000
25000: tcp unreserved_port_t 1024-32767
25000: udp unreserved_port_t 1024-32767

NICE!

Next, open the firewall to allow the port & then make it permanent:

[root@rhce ~]# firewall-cmd --add-port 25000/tcp
success
[root@rhce ~]# firewall-cmd --add-port 25000/tcp --permanent
success

Make your httpd.conf / vhosts.conf changes, restart apache & you’re IN with the new port:

 

HOWTO: Add Virtual Hosts in Apache on RHEL7

This isn’t terrible.  Install httpd & open up the firewall:

[root@rhce ~]# yum -y install httpd
[root@rhce ~]# firewall-cmd --add-service http
success
[root@rhce ~]# apachectl start

Test that the webpage responds (use the bond you just set up!) and when it does, enable the service and make the firewall permanent:

[root@rhce ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@rhce ~]# firewall-cmd --add-service http --permanent
success

Now, make some directories in /var/www/html and echo some content into an index.html file:

[root@rhce html]# mkdir tom base blog
[root@rhce html]# ll
total 0
drwxr-xr-x. 2 root root 23 Sep 15 22:45 base
drwxr-xr-x. 2 root root 23 Sep 15 22:43 blog
drwxr-xr-x. 2 root root 23 Sep 15 22:43 tom

[root@rhce html]# for i in $(ls); do echo "you are at $(pwd)/$i" >> $i/index.html; done

Fix the SELinux contexts for this location as so:

[root@rhce html]# restorecon -R *

Now, create & edit the /etc/httpd/conf.d/vhosts.conf file.  You want to make the directories above the “DocumentRoot” and the URLs to be the ServerName directives:

<virtualhost *:80>
ServerName tom.rhce.com
DocumentRoot /var/www/html/tom
</virtualhost>
<virtualhost *:80>
ServerName blog.rhce.com
DocumentRoot /var/www/html/blog
</virtualhost>
<virtualhost *:80>
ServerName rhce.com
DocumentRoot /var/www/html/base
</virtualhost>

Once saved, restart httpd:

[root@rhce html]# systemctl restart httpd

- or - 

[root@rhce html]# apachectl restart

And browse to your site & test.  You can see that the loop above inserted the “you are at …” text into the index.html file, which is shown when you browse the site:

 

HOWTO: Create a BOND with RHEL7

Let’s say you have a few spare NICs and want to put them together in a (active/passive) bond.  What do you do?

Well, this is pretty straight-forward.

First, connect via SSH to an IP on a NIC that WILL NOT be part of the bond.

Using ‘nmcli’ – remove references to the NICs you want IN the bond and reload nmcli:

[root@rhce ~]# nmcli con del p4p1 p4p2
Connection 'p4p1' (92d6456d-16bd-4eae-9ecb-386cb4ce4d29) successfully deleted.
Connection 'p4p2' (e52eca2f-8c84-428d-8959-93e85f4b03f3) successfully deleted.
[root@rhce ~]# nmcli con reload

Next, with nmcli, create the bond:

[root@rhce ~]# nmcli con add type bond ifname bond0 con-name bond0 mode active-backup miimon 100 ip4 192.168.1.50/24
Connection 'bond0' (5886c4c3-6ed7-4785-be41-7ef4c6f29373) successfully added.

Now, the bond is just an IP at this point in time; there are no NICs associated with it.  Time to add the two NICs (p4p1 & p4p2) in:

[root@rhce ~]# nmcli connection add type bond-slave ifname p4p1 con-name p4p1 master bond0
Connection 'p4p1' (ef7fd007-af66-43f2-a769-a8916dbf09c9) successfully added.
[root@rhce ~]# nmcli connection add type bond-slave ifname p4p2 con-name p4p2 master bond0
Connection 'p4p2' (d40213dd-4fd7-4a62-ac4c-1cc2d7480284) successfully added.

Optional (I think, but I still do it), modify the bond to have DNS:

[root@rhce ~]# nmcli connection modify bond0 ipv4.dns "192.168.1.1,8.8.8.8"

Now, ‘up’ the bond:

[root@rhce ~]# nmcli con bond0 up

It’ll take about 30 seconds to configure behind the scenes, so set up a continuous ping and wait for it to reply.

The last part of this is testing the functionality.  Start a PING test, pull a cable & see what happens:

$ ping 192.168.1.50
PING 192.168.1.50 (192.168.1.50): 56 data bytes
64 bytes from 192.168.1.50: icmp_seq=52 ttl=64 time=0.357 ms
64 bytes from 192.168.1.50: icmp_seq=53 ttl=64 time=0.301 ms
64 bytes from 192.168.1.50: icmp_seq=54 ttl=64 time=0.359 ms
64 bytes from 192.168.1.50: icmp_seq=55 ttl=64 time=0.339 ms
Pull active cable
Request timeout for icmp_seq 6
<10-45 more times>
Request timeout for icmp_seq 51
64 bytes from 192.168.1.50: icmp_seq=82 ttl=64 time=0.607 ms
64 bytes from 192.168.1.50: icmp_seq=83 ttl=64 time=0.339 ms
64 bytes from 192.168.1.50: icmp_seq=84 ttl=64 time=0.361 ms
64 bytes from 192.168.1.50: icmp_seq=85 ttl=64 time=0.276 ms
64 bytes from 192.168.1.50: icmp_seq=86 ttl=64 time=0.306 ms

Looks like you got an active/backup bond working successfully!

HOWTO: Set up an iSCSI target on RHEL7

Install targetcli:

[root@rhce ~]# yum install targetcli -y

I used a USB drive as the soon-to-be-block device, so I had to prep it:

[root@rhce ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
Partition number (1-4, default 1): 
First sector (2048-31285247, default 2048): 
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-31285247, default 31285247): 
Using default value 31285247
Partition 1 of type Linux and of size 14.9 GiB is set

Command (m for help): p

Disk /dev/sdb: 16.0 GB, 16018046976 bytes, 31285248 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048    31285247    15641600   83  Linux

Command (m for help): w
The partition table has been altered!

Start & enable (start on boot) target  (not targetd or targetcli):

[root@rhce ~]# systemctl start target
[root@rhce ~]# systemctl enable target

Enter targetcli and go to the backstores/block directory:

[root@rhce ~]# targetcli
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.fb41
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/> cd /backstores/block 

Now, we create a LUN from the newly carved out USB drive:

/backstores/block> create lun0 /dev/sdb1 
Created block storage object lun0 using /dev/sdb1.

Now,  go to the /iscsi directory & create an official target name:

/backstores/block> cd /iscsi
/iscsi> create
Created target iqn.2003-01.org.linux-iscsi.rhce.x8664:sn.dd8b652b6367.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.

Now, ‘cd’ into the iqn and target name (seen as TPG 1 above):

/iscsi> cd iqn.2003-01.org.linux-iscsi.rhce.x8664:sn.dd8b652b6367/

/iscsi/iqn.20....dd8b652b6367> cd tpg1

Add your ACL; it could be an IP or IQN of another machine.  I elected to use the Microsoft Initiator, mainly because I had a Windoze VM running at the time:

/iscsi/iqn.20...652b6367/tpg1> cd acls
/iscsi/iqn.20...367/tpg1/acls> create iqn.1991-05.com.microsoft:whoosiewhatsit
Created Node ACL for iqn.1991-05.com.microsoft:whoosiewhatsit

Without a TargetIP, you can’t get here … so, let’s set a listener:

/iscsi/iqn.20...367/tpg1/acls> cd ../portals
/iscsi/iqn.20.../tpg1/portals> create
Using default IP port 3260
Binding to INADDR_ANY (0.0.0.0)
This NetworkPortal already exists in configFS

Now, we have to map the LUN created earlier, into this portal.  You’ll see that it carries across and maps the ACL.

/iscsi/iqn.20.../tpg1/portals> cd ../luns 
/iscsi/iqn.20...367/tpg1/luns> create /backstores/block/lun0 
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.1991-05.com.microsoft:whoosiewhatsit

‘cd’ back to the beginning & save the config:

/iscsi/iqn.20...367/tpg1/luns> cd /
/> saveconfig

The (second to) last thing you need to do, is open up the firewall to allow iSCSI port 3260:

[root@rhce ~]# firewall-cmd --add-port 3260/tcp
success

Now, test the iSCSI initiator, using the IP of the system and see if your SEND_TARGETS request comes back with your new “target”:

 

SUCCESS!  Now, you must make your firewall change permanent:

[root@rhce ~]# firewall-cmd --add-port 3260/tcp --permanent
success

You’re now free to connect, initialize, assign a drive letter & sector-align that bad-boy.

Enjoy!

 

Repos and Subscriptions needed to install RHEV 3.5

After some fighting, here’s what you have to to ..

Install a RHEL 6 VM

First:
# subscription-manager register
Registering to: subscription.rhn.redhat.com:443/subscription
Username: your new shiny name
Password:
The system has been registered with ID: XXXXXXXX

Then:
# subscription-manager attach
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Server
Status: Subscribed

(Does the above look familiar?)

 

Once that’s done, go to your RHN account & click on the VM you just ‘attached’ and pick ‘Attach a subscription’ and select your Virtualization Entitlement.

Once that’s done, issue:

subscription-manager repos –enable rhel-6-server-rhevm-3.5-rpms ; sleep 1 ; subscription-manager repos –enable jb-eap-5-for-rhel-6-server-rpms ; sleep 1 ; subscription-manager repos –enable rhel-6-server-supplementary-rpms  ; sleep 1 ; subscription-manager repos –enable jb-eap-6-for-rhel-6-server-rpms; sleep 1 ; subscription-manager repos –enable rhel-6-server-rhevh-rpms

THEN, you can install RHEV & the hypervisor (to get the ISOs):

yum -y install rhevm “rhev-hypervisor*”

Enjoy!

HOWTO: MOSH – when you need to SSH and there’s intermittent connectivity problems

Read about is here: https://mosh.mit.edu/

I loaded it up on RHEL 7.2, and here’s the process that I went through …

Add pre-requisite packages:
yum -y install git protobuf-c autoconf automake wget bzip2 gcc-c++ zlib-devel libutempter ncurses-devel openssl-devel net-tools

Run all of these commands:

PREFIX=$HOME
wget http://protobuf.googlecode.com/files/protobuf-2.4.1.tar.bz2
tar -xf protobuf-2.4.1.tar.bz2
cd protobuf-2.4.1
./configure --prefix=$PREFIX
make
make install

export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/root/lib/pkgconfig

$ git clone https://github.com/mobile-shell/mosh
$ cd mosh
$ ./autogen.sh
$ ./configure
$ make
# make install

echo "export LD_LIBRARY_PATH=/root/lib" >> ~/.bashrc ; source ~/.bashrc

firewall-cmd –add-port=60000-61000/udp