Skip to main content

Posts

Showing posts from October, 2019

Kerberos debugging, save yourself some time

Last week I had quite a lot of 'fun' debugging Kerberos mostly in an 'AD Trust - RedHat IDM' Environment. The problem was that user logins were denied even though kinit and id requests worked as expected and showed the correct results. So I ended up troubleshooting the usual suspects, DNS and time (NTP) and there it was ... the timezone was not set up correct on the Windows AD side. Problem number two, kerberized NFS. Kerberized NFS to a client after daylight savings time changed stopped working. I currently live in a country where daylight savings time is a thing. After daylight savings time changed (set back 1 hour), one client was not able to mount the NFS share with an "access denied by server" message. So naturally, I check the usual suspects, DNS and NTP and everything seems to work fine. The Time was correct and DNS SRV records were present. The error was still the time though and here's why: Checking the client with ' timedatectl '...
Post a Comment
Read more

Getting started with Ansible

First of all, what is ansible? Ansible is a simple-to-learn and very powerful configuration management tool. Ansible is not using a client deployed on clients like puppet or salt do, but instead it utilizes SSH Connections to run tasks on the destination hosts. What I'm going to describe here is how to install ansible on a CentOS 7 Host, create the directory structure, write a role and reference to it Alright now, let's get to install ansible. I'll use a CentOS 7 Host for this: [archy@ansible ~]$ sudo yum -y install ansible This will install ansible with all dependencies on your system. So far so good, let's create the directory structure where you'll most of the time be working in and the first host inventory which will be in /srv/ansible/inventories/production/hosts. [archy@ansible ~]$ sudo mkdir -p /srv/ansible/playbooks/{roles,inventories} [archy@ansible ~]$ sudo mkdir /srv/ansible/playbooks/inventories/production [archy@ansible ~]$ sudo vim ...
Post a Comment
Read more

Foreman - Sync Content while behind a HTTP Proxy

If you are setting up a Foreman / Red Hat Satellite server in an enterprise environment, you're most likely facing a problem with access to the internet only being allowed using an HTTP Proxy.  Normally, this can be fixed by setting the 'http_proxy' and 'https_proxy' environment variables in your .bashrc / .zshrc, /etc/environment or just by running these commands: Without authentication: [archy@katello ~]$ export http_proxy='http://proxy.archyslife.lan:3128' [archy@katello ~]$ export https_proxy='http://proxy.archyslife.lan:3128' With authentication: [archy@katello ~]$ export http_proxy='http://user:password@proxy.archyslife.lan:3128' [archy@katello ~]$ export https_proxy='http://user:password@proxy.archyslife.lan:3128' Now, the syncing with pulp won't utilize these variables, neither the http_proxy setting that can be done in the foreman GUI. What I've found to be the most useful is editing the katello....
Post a Comment
Read more