Tag Archives: rhcsa

HOWTO: Add a new NIC into RHEL7 and configure it for use via ‘nmcli’

So, I have a VM and just added another NIC.  When I run ‘ip a’ – I see it, but there is no info:

[root@rhce-prep-1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno16780032: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP qlen 1000
    link/ether 00:0c:29:0d:22:d0 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.199/24 brd 10.1.1.255 scope global dynamic eno16780032
       valid_lft 86236sec preferred_lft 86236sec
    inet6 2601:191:8380:f23d:20c:29ff:fe0d:22d0/64 scope global noprefixroute dynamic 
       valid_lft 189151sec preferred_lft 189151sec
    inet6 fe80::20c:29ff:fe0d:22d0/64 scope link 
       valid_lft forever preferred_lft forever
3: eno33559296: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:0c:29:0d:22:da brd ff:ff:ff:ff:ff:ff

‘nmcli con show’ – leaves me hanging as well:

[root@rhce-prep-1 ~]# nmcli con show
NAME         UUID                                  TYPE            DEVICE      
eno16780032  41003ce7-fd00-41e4-8524-67e1e9418179  802-3-ethernet  eno16780032

Querying the device status, I get some more info:

[root@rhce-prep-1 ~]# nmcli device status
DEVICE       TYPE      STATE         CONNECTION  
eno16780032  ethernet  connected     eno16780032 
eno33559296  ethernet  disconnected  --          
lo           loopback  unmanaged     --

A little finagling with nmcli –help & man nmcli, gets me this syntax and a positive result:

[root@rhce-prep-1 NetworkManager]# nmcli con add type ethernet ifname eno33559296 con-name eno33559296
Connection 'eno33559296' (b3e327b9-538e-4b95-b729-4daaa4b56ddc) successfully added.

Re-running ‘nmcli con show’ gives me the new interface & ‘nmcli device status’ show’s ‘connected’ now:

[root@rhce-prep-1 NetworkManager]# nmcli con show
NAME         UUID                                  TYPE            DEVICE      
eno33559296  b3e327b9-538e-4b95-b729-4daaa4b56ddc  802-3-ethernet  eno33559296 
eno16780032  41003ce7-fd00-41e4-8524-67e1e9418179  802-3-ethernet  eno16780032 

[root@rhce-prep-1 NetworkManager]# nmcli device status
DEVICE       TYPE      STATE      CONNECTION  
eno16780032  ethernet  connected  eno16780032 
eno33559296  ethernet  connected  eno33559296

‘ip a’ registers a new DHCP address:

[root@rhce-prep-1 NetworkManager]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno16780032: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP qlen 1000
    link/ether 00:0c:29:0d:22:d0 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.199/24 brd 10.1.1.255 scope global dynamic eno16780032
       valid_lft 85265sec preferred_lft 85265sec
    inet6 2601:191:8380:f23d:20c:29ff:fe0d:22d0/64 scope global noprefixroute dynamic 
       valid_lft 188178sec preferred_lft 188178sec
    inet6 fe80::20c:29ff:fe0d:22d0/64 scope link 
       valid_lft forever preferred_lft forever
3: eno33559296: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:0c:29:0d:22:da brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.209/24 brd 10.1.1.255 scope global dynamic eno33559296
       valid_lft 86098sec preferred_lft 86098sec
    inet6 2601:191:8380:f23d:20c:29ff:fe0d:22da/64 scope global noprefixroute dynamic 
       valid_lft 188178sec preferred_lft 188178sec
    inet6 fe80::20c:29ff:fe0d:22da/64 scope link 
       valid_lft forever preferred_lft forever

 

HOWTO: Configure SELinux to use non-standard ports

First, you need to be able to tune the parameters, so you need some packages:

[root@rhce ~]# yum -y install setroubleshoot-server selinux-policy-devel

Wait, I want to use a port other than 80 for apache/http – how do I know what to use?

[root@rhce ~]# semanage port -l | grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989

OK.  80 is “http_port_t”

Now, I need to choose the port I want to use (25000) & see if it’s in use:

[root@rhce ~]# sepolicy network -p 25000
25000: tcp unreserved_port_t 1024-32767
25000: udp unreserved_port_t 1024-32767

NICE!  It’s not in use.  Now, I need to allow apache/httpd to use it:

[root@rhce ~]# semanage port -a -t http_port_t -p tcp 25000

If you want to remove the port, substitute -a for -d & run again.

Check to see that it’s been applied appropriately:

[root@rhce ~]# sepolicy network -p 25000
25000: tcp http_port_t 25000
25000: tcp unreserved_port_t 1024-32767
25000: udp unreserved_port_t 1024-32767

NICE!

Next, open the firewall to allow the port & then make it permanent:

[root@rhce ~]# firewall-cmd --add-port 25000/tcp
success
[root@rhce ~]# firewall-cmd --add-port 25000/tcp --permanent
success

Make your httpd.conf / vhosts.conf changes, restart apache & you’re IN with the new port:

 

HOWTO: Add Virtual Hosts in Apache on RHEL7

This isn’t terrible.  Install httpd & open up the firewall:

[root@rhce ~]# yum -y install httpd
[root@rhce ~]# firewall-cmd --add-service http
success
[root@rhce ~]# apachectl start

Test that the webpage responds (use the bond you just set up!) and when it does, enable the service and make the firewall permanent:

[root@rhce ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@rhce ~]# firewall-cmd --add-service http --permanent
success

Now, make some directories in /var/www/html and echo some content into an index.html file:

[root@rhce html]# mkdir tom base blog
[root@rhce html]# ll
total 0
drwxr-xr-x. 2 root root 23 Sep 15 22:45 base
drwxr-xr-x. 2 root root 23 Sep 15 22:43 blog
drwxr-xr-x. 2 root root 23 Sep 15 22:43 tom

[root@rhce html]# for i in $(ls); do echo "you are at $(pwd)/$i" >> $i/index.html; done

Fix the SELinux contexts for this location as so:

[root@rhce html]# restorecon -R *

Now, create & edit the /etc/httpd/conf.d/vhosts.conf file.  You want to make the directories above the “DocumentRoot” and the URLs to be the ServerName directives:

<virtualhost *:80>
ServerName tom.rhce.com
DocumentRoot /var/www/html/tom
</virtualhost>
<virtualhost *:80>
ServerName blog.rhce.com
DocumentRoot /var/www/html/blog
</virtualhost>
<virtualhost *:80>
ServerName rhce.com
DocumentRoot /var/www/html/base
</virtualhost>

Once saved, restart httpd:

[root@rhce html]# systemctl restart httpd

- or - 

[root@rhce html]# apachectl restart

And browse to your site & test.  You can see that the loop above inserted the “you are at …” text into the index.html file, which is shown when you browse the site:

 

HOWTO: Create a BOND with RHEL7

Let’s say you have a few spare NICs and want to put them together in a (active/passive) bond.  What do you do?

Well, this is pretty straight-forward.

First, connect via SSH to an IP on a NIC that WILL NOT be part of the bond.

Using ‘nmcli’ – remove references to the NICs you want IN the bond and reload nmcli:

[root@rhce ~]# nmcli con del p4p1 p4p2
Connection 'p4p1' (92d6456d-16bd-4eae-9ecb-386cb4ce4d29) successfully deleted.
Connection 'p4p2' (e52eca2f-8c84-428d-8959-93e85f4b03f3) successfully deleted.
[root@rhce ~]# nmcli con reload

Next, with nmcli, create the bond:

[root@rhce ~]# nmcli con add type bond ifname bond0 con-name bond0 mode active-backup miimon 100 ip4 192.168.1.50/24
Connection 'bond0' (5886c4c3-6ed7-4785-be41-7ef4c6f29373) successfully added.

Now, the bond is just an IP at this point in time; there are no NICs associated with it.  Time to add the two NICs (p4p1 & p4p2) in:

[root@rhce ~]# nmcli connection add type bond-slave ifname p4p1 con-name p4p1 master bond0
Connection 'p4p1' (ef7fd007-af66-43f2-a769-a8916dbf09c9) successfully added.
[root@rhce ~]# nmcli connection add type bond-slave ifname p4p2 con-name p4p2 master bond0
Connection 'p4p2' (d40213dd-4fd7-4a62-ac4c-1cc2d7480284) successfully added.

Optional (I think, but I still do it), modify the bond to have DNS:

[root@rhce ~]# nmcli connection modify bond0 ipv4.dns "192.168.1.1,8.8.8.8"

Now, ‘up’ the bond:

[root@rhce ~]# nmcli con bond0 up

It’ll take about 30 seconds to configure behind the scenes, so set up a continuous ping and wait for it to reply.

The last part of this is testing the functionality.  Start a PING test, pull a cable & see what happens:

$ ping 192.168.1.50
PING 192.168.1.50 (192.168.1.50): 56 data bytes
64 bytes from 192.168.1.50: icmp_seq=52 ttl=64 time=0.357 ms
64 bytes from 192.168.1.50: icmp_seq=53 ttl=64 time=0.301 ms
64 bytes from 192.168.1.50: icmp_seq=54 ttl=64 time=0.359 ms
64 bytes from 192.168.1.50: icmp_seq=55 ttl=64 time=0.339 ms
Pull active cable
Request timeout for icmp_seq 6
<10-45 more times>
Request timeout for icmp_seq 51
64 bytes from 192.168.1.50: icmp_seq=82 ttl=64 time=0.607 ms
64 bytes from 192.168.1.50: icmp_seq=83 ttl=64 time=0.339 ms
64 bytes from 192.168.1.50: icmp_seq=84 ttl=64 time=0.361 ms
64 bytes from 192.168.1.50: icmp_seq=85 ttl=64 time=0.276 ms
64 bytes from 192.168.1.50: icmp_seq=86 ttl=64 time=0.306 ms

Looks like you got an active/backup bond working successfully!