Zabbix error: [Z3001] connection to database ‘zabbix’ failed: [2003] Can't connect to MySQL server on 'mysql-01.abc.xyz.123' (13) related to: audit.log:type=AVC msg=audit(1549949080.977:11328): avc:  denied  { name_connect } for  pid=9115 comm="zabbix_server" dest=3306 scontext=system_u:system_r:zabbix_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket is solved by: # grep AVC /var/log/audit/audit.log | audit2allow -M systemd-allow; semodule -i systemd-allow.pp Cheers, TK

Zabbix error:  10272:20190212:003104.073 cannot start preprocessing service: Cannot bind socket to "/var/run/zabbix/zabbix_server_preprocessing.sock": [98] Address already in use.  10239:20190212:003104.078 One child process died (PID:10272,exitcode/signal:1). Exiting … related to: # cat ../audit/audit.log|grep -Ei denied|tail type=AVC msg=audit(1549949530.062:12551): avc:  denied  { unlink } for  pid=10521 comm="zabbix_server" name="zabbix_server_preprocessing.sock" dev="tmpfs" ino=3998803 scontext=system_u:system_r:zabbix_t:s0 tcontext=system_u:object_r:zabbix_var_run_t:s0 tclass=sock_file is solved by: # grep AVC /var/log/audit/audit.log* […]

Zabbix error:  10587:20190212:003514.676 using configuration file: /etc/zabbix/zabbix_server.conf  10587:20190212:003514.676 cannot set resource limit: [13] Permission denied relates to: [root@host01 zabbix]# cat ../audit/audit.log|grep -Ei denied|tail type=AVC msg=audit(1549949714.675:12570): avc:  denied  { setrlimit } for  pid=10587 comm="zabbix_server" scontext=system_u:system_r:zabbix_t:s0 tcontext=system_u:system_r:zabbix_t:s0 tclass=process [root@host01 zabbix]# and is solved by: [root@host01 zabbix]# grep AVC /var/log/audit/audit.log* | audit2allow -M systemd-allow; semodule -i systemd-allow.pp Cheers, […]

AWX / Ansible High Availability Configuration on CENTOS 7 . So we want a highly available and scalable AWX and Ansible cluster solution.  Here's how we'll plan things out: NAME ADDRESS HOSTNAME SERVICES awx01 192.168.0.142 awx01.nix.mds.xyz AWX, Gluster, Keepalived, HAProxy awx02 192.168.0.143 awx02.nix.mds.xyz AWX, Gluster, Keepalived, HAProxy awx03 192.168.0.117 awx03.nix.mds.xyz AWX, Gluster, Keepalived, HAProxy awx-c01 […]

This is how to get detailed TCP dumps of your network traffic while avoiding your own PuTTY traffic in the output: tcpdump -w trace.dat -s 0 port not 22 tcpdump -r trace.dat -nnvvveXXS > trace.dat.txt Cheers, TK

You're getting this message: [root@mysql01 /]# mount -v nfs03:/n /m mount.nfs: timeout set for Thu Nov  8 23:37:04 2018 mount.nfs: trying text-based options 'vers=4.1,addr=192.168.0.125,clientaddr=192.168.0.126' mount.nfs: mount(2): No such file or directory mount.nfs: trying text-based options 'addr=192.168.0.125' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: trying 192.168.0.125 prog 100003 vers 3 prot TCP port 2049 mount.nfs: prog […]

We will be keeping the Postgres SQL HA Cluster configuration / setup very very brief using only the bare essentials to get it up and running. Before we begin, we need to plan things out on our CentOS 7.X servers.  First, fill in this table of what your cluster is supposed to look like when […]

So you get the following message when installing and configuring your HTTPD server?  Despite the right configuration you still receive the following: Forbidden You don't have permission to access /repos/ on this server.

When seeing this: krb5_child.log:(Tue May 22 02:06:15 2018) [[sssd[krb5_child[1605]]]] [map_krb5_error] (0x0020): 1657: [-1765328228][Cannot contact any KDC for realm ‘MDS.XYZ’] Access denied Using keyboard-interactive authentication. Password: reverse the order of your DNS hosts in /etc/resolv.conf to this: [root@cm-r01dn07 sssd]# cat /etc/resolv.conf search mds.xyz nix.mds.xyz nameserver 192.168.0.224 nameserver 192.168.0.44 nameserver 192.168.0.45 [root@cm-r01dn07 sssd]# from this: [root@cm-r01dn07 sssd]# […]

When you get this message: May 21 00:13:31 nfs03.nix.mds.xyz [sssd[krb5_child[1822]]][1822]: Key table entry not found followed by: [[sssd[krb5_child[1752]]]] [k5c_setup_fast] (0x0020): 2628: [-1765328203][Key table entry not found] or similar, dig into the logs further to see this: (Mon May 21 00:13:33 2018) [[sssd[krb5_child[1824]]]] [find_principal_in_keytab] (0x0400): No principal matching host/nfs02.nix.mds.xyz@NIX.MDS.XYZ found in keytab. (Mon May 21 00:13:33 […]