Email Address Password
Remember Me

Or Create a (Free) Account.
2004JanFebMarAprMayJunJul Aug Sep Oct Nov Dec
2005 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2006 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Oct Oct
2007JanFebMarAprMayJunJulAugSepOctNovDec2007
2008JanFebMarAprMayJunJulAugSepOctNovDec2008
2009JanFebMarAprMayJunJulAugSepOctNovDec2009
2010JanFebMarAprMayJunJulAugSepOctNovDec2010
2011JanFebMarAprMayJunJulAugSepOctNovDec2011
2012JanFebMarAprMayJunJulAugSepOctNovDec2012
2013JanFebMarAprMayJunJulAugSepOctNovDec2013
2014JanFebMarAprMayJunJulAugSepOctNovDec2014
2015JanFebMarAprMayJunJulAugSepOctNovDec2015

No articles posted for 08/2015; five most recent entries shown.

Wed 29th Apr 2015 @ 03:56 2015: @server-policy in Red Hat RHEL6

So Red Hat recommend (eg, in https://access.redhat.com/sites/default/files/attachments/red_hat_satellite-6.0-core-soe-en-us_0.pdf) to install the @server-policy group by default on a Red Hat Enterprise Linux 6 installation. Looking at this package group, it seems a bit odd, and I couldn't find any explanation on the internet when I searched for it, so here, for anybody else curious about it, is what I found out.


[root@rhel6 ~]# yum groupinfo server-policy
Loaded plugins: package_upload, product-id, security, subscription-manager
Setting up Group Process

Group: Server Policy
Description: Policy packages for the Server variant.
Conditional Packages:
gdm-policy-server


So it contains only one package, and even that is conditional. Looking in comps.xml Stripping out the multi-language items from comps.xml leaves us with this basic definition:

<group>
<id>server-policy</id>
<uservisible>false</uservisible>
<display_order>1024</display_order>
<langonly />
<name>Server Policy</name>
<description>Policy packages for the Server variant.</description>
<packagelist>
<packagereq requires="gdm" type="conditional">gdm-policy-server</packagereq>
</packagelist>
</group>


So - if you have gdm installed, then it will also drag in gdm-policy-server. I can't find any sign of gdm-policy-server on my Satellite server, nor at http://mirror.centos.org/centos-6/6/os/x86_64/Packages/. So maybe @server-policy is just a completely useless package group?!

Post a Comment               

Wed 25th Mar 2015 @ 09:23 2015: Ancient OpenSSL on Solaris

So I was trying to get a custom-built Puppet agent on Solaris 10 to talk to a Red Hat 6 Puppetmaster (all Puppet 3.6.2) and getting the error message:

"Error: Could not request certificate: Unsupported digest algorithm (SHA256)."

https://groups.google.com/forum/#!msg/puppet-dev/_jkdY1Hmq6U/f1IWKZxBHn4J confirms that the problem is that the ancient OpenSSL (0.9.7d) from /usr/sfw doesn't support SHA256.

The answer seems to be to rebuild with a newer OpenSSL, with shared support, and with Ruby using it:
1) OpenSSL
export CFLAGS="-m64 -O2 -fPIC"
export CC=gcc
export AS=gas
export LD=gld


AGENT_DIR=/opt/my-puppet-agent
./Configure solaris64-sparcv9-gcc --prefix=/${AGENT_DIR} --openssldir=${AGENT_DIR}/openssl shared
make
make test
make install
export LDFLAGS="$CFLAGS -R${AGENT_DIR}/lib -L${AGENT_DIR}/lib"
export CFLAGS="$CFLAGS -I${AGENT_DIR}/include"

2) Ruby
For Ruby, the ext/Setup file contains "#openssl" which seems to be to tell it to stub out its own OpenSSL. My pkgconfig is too old for the URL: field, too, so I remove that.

sed s/"^#openssl"/"openssl"/g ext/Setup > /tmp/ext_setup.$$ && mv /tmp/ext_setup.$$ ext/Setup
grep -v "^URL:" template/ruby.pc.in > /tmp/ruby.pc.template && mv /tmp/ruby.pc.template template/ruby.pc.in
./configure --prefix=${AGENT_DIR} --enable-shared --with-opt-dir=${AGENT_DIR} --disable-install-doc --enable-rpath

gmake && gmake install

Post a Comment               

Wed 5th Nov 2014 @ 16:54 2014: Linux Kernel Semaphores

Semaphores are a tunable in the Linux kernel, but they're a bit more awkward than some, just because it's a single tunable which contains 4 different variables, and I for one can never remember which is which.

The Red Hat 5 documentation has a great article about kernel semaphores which explains it all very clearly, including the names. I'll just add the comment about what they are all for.


$ cat /proc/sys/kernel/sem
250 32000 32 128

These are SEMMSL, SEMMNS, SEMOPM and SEMMNI respectively. As the article states, "ipcs -ls" gives you these, with a description:


# ipcs -ls
------ Semaphore Limits --------
max number of arrays = 128
max semaphores per array = 250
max semaphores system wide = 32000
max ops per semop call = 32
semaphore max value = 32767


Which gives us this handy table - where "Index" is the order in which they appear in the kernel.sem variable:




VariableIndexDescription
SEMMSL1Max Semaphores Per Array
SEMMNS2Max Semaphores System Wide
SEMOPM3Max Ops Per Semop Call
SEMMNI4Max Number of Arrays


To change any variable, you have to update all four. For example:


# sysctl -w kernel.sem="250 32000 100 128"
... or
# echo "250 32000 100 128" > /proc/sys/kernel/sem
... or
# echo "kernel.sem = 250 32000 100 128" >> /etc/sysctl.conf
# sysctl -p

Post a Comment               

Wed 24th Jul 2013 @ 17:58 2013: HP iLO - getting full admin rights

Hewlett Packard (HP) ILOs can have multiple login IDs; yours may have some rights, but not others.
Assuming the host runs Linux, you can install the hponcfg package, which uses the BMC to talk to the ILO. Here, I've got access to an account called "stupid", which has no admin rights. I can use that (and the root access on the OS) to give myself full rights via this handy XML file:


[root@host ~]# hponcfg -f fulladmin.xml
HP Lights-Out Online Configuration utility
Version 4.1.0 Date 1/3/2013 (c) Hewlett-Packard Company, 2013
Firmware Revision = 1.13 Device type = iLO 4 Driver name = hpilo
Script succeeded
[root@host ~]#

The "stupid" user now has full rights.

Post a Comment               

Fri 29th Mar 2013 @ 21:41 2013: Shell Scripting Tutorial on Kindle

Shell Scripting TutorialNow available on Kindle

For USA, click here: Amazon.com
For the UK, click here: Amazon.co.uk

Similarly, you can search for “B00C2EGNSA” on any Amazon site, or just go to http://www.amazon.COUNTRY/dp/B00C2EGNSA (where “COUNTRY” is .fr, .de, etc) for your local equivalent.

http://www.amazon.com/Shell-Scripting-Tutorial-ebook/dp/B00C2EGNSA

http://www.amazon.co.uk/Shell-Scripting-Tutorial-ebook/dp/B00C2EGNSA

Post a Comment               

Steve's urandom blog
Share on Twitter Share on Facebook Share on LinkedIn Share on Identi.ca Share on StumbleUpon
My Shell Scripting Book:
    Shell Scripting, Expert Recipes for Linux, Bash and more
is available online and from all good booksellers:


DefectiveByDesign.org