Header Shadow Image


Archive for the 'NIX Posts' Category

OpenVpn: Can’t browse web when connected and VPN is active.

Configured your OpenVPN, however now you can't browse the web when connected?  Turns out the following NAT rule was missing from the F/W configuration on the OpenVPN router: iptables -t nat -I POSTROUTING -s 10.1.1.0/24 -j SNAT –to $(nvram get wan_ipaddr) Our VPN subnet is 10.1.1.0/24 but no rule existed to route traffic to the […]

OpenShift w/ Kubernetes Setup: Installing using the UPI Method

Building an OpenShift Kubernetes Cluster. Method used here will be the UPI installation method.  Start off by loading the official page from RedHat: Before you begin, ensure the following files are downloaded off the RedHat OpenShift pages (see links in the above document): /root/openshift # ls -altri total 439680 201572861 -rw-r–r–.  1 root     […]

Firewalld. Add VLAN’s to allowed trusted / public zone rules.

Short list of commands for adding VLAN's to trusted zones: firewall-cmd –zone=trusted –add-source=192.168.0.0/24 firewall-cmd –zone=trusted –add-source=10.0.0.0/24 firewall-cmd –zone=trusted –add-source=10.1.0.0/24 firewall-cmd –zone=trusted –add-source=10.2.0.0/24 firewall-cmd –zone=trusted –add-source=10.3.0.0/24 cat /etc/firewalld/zones/public.xml firewall-cmd –runtime-to-permanent cat /etc/firewalld/zones/public.xml Result of this is: cat /etc/firewalld/zones/trusted.xml <?xml version="1.0" encoding="utf-8"?> <zone target="ACCEPT">   <short>Trusted</short>   <description>All network connections are accepted.</description>   <source address="192.168.0.0/24"/>   <source […]

ImportError: cannot import name ‘setup’

Getting this? [root@rmq01 ~]# pip3 install –user git+https://github.com/powerline/powerline.git@master WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install –user` instead. Collecting git+https://github.com/powerline/powerline.git@master   Cloning https://github.com/powerline/powerline.git (to master) to /tmp/pip-i_onc12r-build     Complete output from command python setup.py egg_info:     Traceback (most recent call last):       File […]

User is not allowed to run sudo on server.  This incident will be reported.

Receiving the following when using FreeIPA to manage sudo rules? -sh-4.2$ sudo su – [sudo] password for tom@mds.xyz:  tom@mds.xyz is not allowed to run sudo on idmipa04.  This incident will be reported. -sh-4.2$ On a working node: # ipa-compat-manage status Directory Manager password:  Plugin Enabled and on a non-working node: # ipa-compat-manage status Directory Manager […]

CalledProcessError: Command ‘/usr/bin/kinit -n -c /var/run/ipa/ccaches/armor_12728 -X X509_anchors=FILE:/var/kerberos/krb5kdc/kdc.crt -X X509_anchors=FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem’ returned non-zero exit status 1

Getting one of these messages in the HTTPD error_log of a FreeIPA server?  [Thu Jan 28 23:32:39.440152 2021] [:error] [pid 12728] ipa: DEBUG: WSGI wsgi_dispatch.__call__: [Thu Jan 28 23:32:39.440345 2021] [:error] [pid 12728] ipa: DEBUG: WSGI login_password.__call__: [Thu Jan 28 23:32:39.442215 2021] [:error] [pid 12728] ipa: DEBUG: Obtaining armor in ccache /var/run/ipa/ccaches/armor_12728 [Thu Jan 28 […]

Low volume on Asus ROG Laptop

Low volume on your laptop?  Even when set to the maximum it's still very low?  Ensure the Loudness Equalization is checked off in Realtek HD Audio Manager.    

Decomission or Recomission a host using Cloudera 6.X API Calls: /api/v3/cm/commands/hostsOfflineOrDecommission

Need to decomission a host?  Just call this: curl -u admin:pAsS –insecure -X POST –header 'Content-Type: application/json' –header 'Accept: application/json' -d '{"items":[“cm-r01wn02.mws.mds.xyz”]}'    'https://cm-c01.mws.mds.xyz:7183/api/v3/cm/commands/hostsOfflineOrDecommission' {   "id" : 17256,   "name" : "HostsDecommission",   "startTime" : "2021-01-05T02:49:37.220Z",   "active" : true,   "children" : {     "items" : [ ]   } Need to […]

WrongHost: Peer certificate subjectAltName does not match host, expected 1.2.3.4, got DNS: host1.domain, DNS: host2.domain, DNS: host3.domain

Another form of this error is when the certificate validation produced an IP instead of a host, such as this: WrongHost: Peer certificate subjectAltName does not match host, expected 1.2.3.4, got DNS:srv-c01.earth.water.fire, DNS:cm-r01nn01.earth.water.fire, DNS:cm-r01nn02.earth.water.fire [02/Jan/2021 03:15:59 +0000] 32309 Thread-13 downloader   ERROR    Failed fetching torrent: Peer certificate subjectAltName does not match host, expected 1.2.3.4, […]

Fixing FreeIPA Replication Issues

Case example of an HBAC service ID that is not consistent across the master-master FreeIPA implementation: # ./cipa -d mws.mds.xyz -W "<PASS>" +——————–+————+————+——-+ | FreeIPA servers:   | idmipa04   | idmipa03   | STATE | +——————–+————+————+——-+ | Active Users       | 3          | 3          | […]


     
  Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License