Archy's Blog

 With a recent announcement from the kubernetes project, docker will no longer be supported as of kubernetes version 1.22 (end of 2021). What this means in practice is that you'll have to move to some other container engine such as CRI-O or containerd.io. Since containerd (containerd.io rpm) is already included with the docker repos, I'll use these since I've already have them synced in katello. First up, this is a very simple 3-node setup, I will not cover high availability with etcd or shared storage. Here's the nodes I will use: kube-master01.archyslife.lan - role: master - ip: 172.31.10.123 - vcpus: 2 - ram: 4g kube-worker01.archyslife.lan - worker - role: worker - ip: 172.31.10.125 - vcpus: 2 - ram: 4g kube-worker02.archyslife.lan - worker - role: worker - ip: 172.31.10.126 - vcpus: 2 - ram: 4g Each of them will be running CentOS 7 ( reason  and I also have not yet migrated to 8-stream since I want to wait on the announcements from Red Hat and releases of Rocky Lin...

Encrypting your drives is becoming more and more mandatory especially for mobile devices and storage media such as USB-Sticks. Cryptsetup is 'an easy to use'-tool in Linux which can take care of encrypting storage devices. First of all, initialize the partition using cryptsetup: # cryptsetup luksFormat /dev/sda1 WARNING! ======== This will overwrite data on /dev/sda1 irrevocably. Are you sure? (Type 'yes' in capital letters): YES Enter passphrase for /dev/sda1: Verify passphrase: Now that the partition has been initialized, open if with an assigned device-mapper name 'tempusb': # cryptsetup open /dev/sda1 tempusb Enter passphrase for /dev/sda1: Now that the partition is opened, you can create a filesystem on the partition: # mkfs.xfs /dev/mapper/tempusb Now that the filesystem is created, you can mount it and write to it. For the sake of an example, I'll copy the /home/ directory. # mount /dev/mapper/tempusb /mnt # rsync -vrlp...

I've found this error to be hard to pin point what exactly is going wrong here since it just says 'unable to retrieve unused IP'. If you are on a roblox dhcp, there's solutions available in the foreman community but since in this setup I was using dhcpd (isc-dhcp), they were not applicable. Here's the complete error message from the logs: 2020-12-04T11:27:31 [W|app|83514b3e] Failed to fetch a free IP from proxy katello.archyslife.lan (https://katello.archyslife.lan:9090): ERF12-8202 [ProxyAPI::ProxyException]: Unable to retrieve unused IP ([RestClient::NotFound]: 404 Not Found) for Capsule https://katello.archyslife.lan:9090/dhcp TL;DR, here's the solution that worked for me: [archy@dhcpd ~]$ sudo chmod 755 /etc/dhcp [archy@katello ~]$ sudo foreman-maintain service restart The cause was most likely an update and since my environment is on CentOS which in turn means rpm packages.  When updating .rpm packages, they can trigger a script which probably c...

By default, the freeipa-server installer will configure bind automatically into a working state. From time to time, it might be necessary to adjust some dynamic values such as tracing for debugging purposes.  Bind ships with a convenient tool called 'rndc' to control bind dynamically. However, this is not enabled by default so there's some work to do. In order to activate the remote control, you'll have to first create a rndc-key: [archy@ipa01 ~]$ sudo rndc-confgen -a -b 512 -c /etc/control-key -k control-key [archy@ipa01 ~]$ sudo chmod 644 /etc/control-key [archy@ipa01 ~]$ sudo restorecon -Rv /etc/control-key With the key created, create a control section in the named.conf to allow the key to control the named service. Open the named.conf file with an editor of your choice and add these lines: [archy@ipa01 ~]$ sudo vim /etc/named.conf include "/etc/control-key"; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "c...

After updating to RHEL 8.3, I've noticed that DNS-Queries return nothing when using the integrated named with FreeIPA. [archy@web01 ~]$ dig +short a katello.archyslife.lan @172.31.10.5 [archy@web01 ~]$ The clients are being denied as can be seen by checking the logs in /var/named/data/named.run: 30-Nov-2020 06:36:49.508 client @0x7f0ca41539f0 172.31.10.111#46891 (web01.archyslife.lan): query (cache) 'web01.archyslife.lan/A/IN' denied This can be resolved by adding a query-policy to the end of the file /etc/named/ipa-options-ext.conf. [archy@ipa01 ~]$ sudo vim /etc/named/ipa-options-ext.conf allow-query { any; }; Check your config with named-checkconf to make sure there are no syntax errors. [archy@ipa01 ~]$ sudo named-checkconf; if [ $? -eq 0 ]; then echo 'all good'; else echo 'mistakes have been made'; fi If everything is okay, go ahead and restart the services. [archy@ipa01 ~]$ sudo ipactl restart Let's try again to check if it...