Skip to main content

Posts

Showing posts from February, 2024

Oracle Linux - Replace uekr with default rhel kernel

By default, Oracle Enterprise Linux (OEL) will use the 'Unbreakable Enterprise Kernel (UEK)' instead of the usual kernel shipped with rhel. Some workloads however require running the rhel kernel due to compatibility. Replacing the kernel is actually fairly simple but it requires a reboot, so downtime is expected. I'll be demonstrating this using oel8 but the steps should be similar for oel7 or oel9. First, edit the default kernel sysconfig-file: [root@oel8 ~]# sed -e 's/DEFAULTKERNEL=kernel-uek/DEFAULTKERNEL=kernel/g' -i /etc/sysconfig/kernel Next, install the 'kernel-core' package: [root@oel8 ~]# dnf -4y --refresh install kernel-core List all available kernel images using grubby: [root@oel8 ~]# grubby --info ALL | grep -iE '^kernel' Now set the rhel kernel to boot on next reboot: [root@oel8 ~]# grubby --set-default /boot/vmlinuz-4.18.0-513.18.1.el8_9.x86_64 A reboot is now required in order to remove the kernel-uek packages: [root@oel8 ...

Rundeck - Migrate the H2 DB from v2 to v3

  When updating Rundeck from version 4.17 to 5.0, the database has to be migrated from v2 to v3. So here's  a quick how-to: First, stop the rundeck service and create a backup: [root@rundeck ~]# systemctl stop rundeckd.service [root@rundeck ~]# mkdir -p /var/backup/rundeck [root@rundeck ~]# tar -cvpf /var/backup/rundeck/rundeck-db-v2-$(date +%F).tar /var/lib/rundeck/data There's a script that can be utilized to migrate the db from v2 to v3 so let's clone that: [root@rundeck ~]# git clone https://github.com/rundeck-plugins/h2-v2-migration.git Now run the migration script against the current database. Ensure that you have a backup so you can rollback if things go haywire: [root@rundeck ~]# cd h2-v2-migration [root@rundeck ~]# sh migration.sh -f /var/lib/rundeck/data/rundeckdb -u 'sa' -p '' -s v2 -d v3 Once that migration is done, the script will create an './output' directory where the db files are stored. You can go ahead and copy th...

Foreman - freeipa_register will only create rsa keys

So this is a weird one that apparently existed for quite some time now. I've only noticed after the latest Upgrade to Foreman 3.9 and Katello 4.11 that the 'freeipa_register' snippet only creates RSA keys for sshd by default. However, I prefer to have all three key types generated: ed25519 ecdsa rsa However, in order to accomplish that, we'll have to modify the 'freeipa_register' privisioning snippet and add the other keys: Before: <% elsif os_major > 7 %> /usr/libexec/openssh/sshd-keygen rsa <% end -%> After: <% elsif os_major > 7 %> /usr/libexec/openssh/sshd-keygen ed25519 /usr/libexec/openssh/sshd-keygen ecdsa /usr/libexec/openssh/sshd-keygen rsa <% end -%> Now the hosts automatically installed by katello will have all three key-types present in the ipa configuration. There's another article that might be of use for regenerating sshfp records for hosts:  FreeIPA - Regenerate sshfp records ....