Author Archives: rpaco

How to create a local repository in RHEL 8 from DVD ISO

mkdir /media/rhel8/

mount -o loop rhel-8.2-x86_64-dvd.iso /media/rhel8/

cp /media/rhel8/media.repo /etc/yum.repos.d/

chmod 644 /etc/yum.repos.d/media.repo

vi /etc/yum.repos.d/media.repo

[InstallMedia]
name=Red Hat Enterprise Linux 8.2.0
mediaid=None
metadata_expire=-1
gpgcheck=0
cost=500
baseurl=file:///media/rhel8/BaseOS/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[InstallMedia-AppStream]
name=Red Hat Enterprise Linux 8 – AppStream
metadata_expire=-1
gpgcheck=1
enabled=1
baseurl=file:///media/rhel8/BaseOS/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

NTP offset monitoring bash script

#!/bin/bash
# Created by Rodel
# 27/08/2020
MAIL=`which mail`
THIS_SERVER=`hostname -s`
RCPTS="rodel@test.com"
check_ntp_return_value () {
        ntpq_count=$(ntpq  -p |grep  -e '*'|awk  '{print $9}' | wc -l)
#       ntpq_count="0"
        if [ "$ntpq_count" -ne "0" ];
                then
                        check_ntp_offset;
                else
                        message=$(echo "No NTP master ip address assign <example: *192.168.0.x>. Please login to the server and check. Thank you.")
                        send_email "$message";
        fi
}
check_ntp_offset () {
        ntpq_p=$(ntpq  -p |grep  -e '*'|awk  '{print $9}')
        ntpq_p=${ntpq_p%.*}
#       ntpq_p="6001"
        ntpq_server=$(ntpq  -pn |grep  -e '*'|awk  '{print $1}' | sed 's/*//g')
        if [ "$ntpq_p" -gt "6000" ];
                then
                        message1=$(echo "Critical - `hostname` Offset value is $ntpq_p greater than 6000 milliseconds")
                        message2=$(ntp_sync)
                                                send_email "$message1 \n\n Executing ntpdate...\n$message2";
                else
                        exit 0
        fi
}

ntp_sync () {
#       ntpdate -q $ntpq_server >> /dev/null 2>&1
        ntpdate -q $ntpq_server
}
send_email () {
        STR2="${1}"
        echo -e "${STR2}" | ${MAIL} -s "[${THIS_SERVER}] NTP Synchronization Alert" "${RCPTS}"
}
check_ntp_return_value

Extend LVM partition with same device

Existing Partition Table

[root@server ~]# fdisk -l
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 1026047 512000 83 Linux
/dev/sda2 1026048 41861119 20417536 8e Linux LVM

Example: I want to add /dev/sda3

#fdisk /dev/sda
Command (m for help): m
Command (m for help): n
Command (m for help): t
Command (m for help): 8e
Command (m for help): w

#reboot

Create Physical Volume
pvcreate /dev/sda3

Extend existing Volume Group

[root@server ~]# vgs
VG #PV #LV #SN Attr VSize VFree
rhel 1 2 0 wz–n- <19.47g 0

for the vgs output we will extend rhel volume group
#vgextend rhel /dev/sda3

Extend existing Logical Volume

#lvextend /dev/rhel/root /dev/sda3

In this example I will expand the mount points for root partition
[root@server ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 16G 0 16G 0% /dev
tmpfs 16G 0 16G 0% /dev/shm
tmpfs 16G 12M 16G 1% /run
tmpfs 16G 0 16G 0% /sys/fs/cgroup
/dev/mapper/rhel-root 18G 3.3G 15G 19% /
/dev/sda1 497M 172M 325M 35% /boot
tmpfs 3.2G 0 3.2G 0% /run/user/0

#xfs_growfs /dev/mapper/rhel-root

#reboot

Setup BIND9 DNS server RHEL7/CENTOS 7

Setup BIND9 DNS server RHEL7/CENTOS 7

SERVER
IP ADDRESS: 10.68.33.61

1) Assign a hostname of your server

hostnamectl set-hostname dnsserver

2) Install bind and bind-utils

yum -y install bind bind-utils

3) Configure the DNS(BIND)
Disable IPv6 by commeting the line in name.conf. In this tutorial I will be using IPv4.

vi /etc/named.conf

// listen-on-v6 port 53 { ::1; };

4) Add ACL or this is optional.

vi /etc/named.conf

acl “trusted” {
10.68.33.61;
10.68.33.62;
10.68.33.63;
10.68.33.64;
10.68.33.65;
10.68.33.66;
172.19.19.88;
172.19.19.94;
172.19.19.95;
};

5) Add the IPs or subnet that you will allow to query to this DNS server

vi /etc/named.conf

allow-query { trusted; 10.68.33.61; 10.68.33.62; 10.68.33.63; 10.68.33.64; 10.68.33.65; 10.68.33.66; 172.19.19.88; 172.19.19.94; 172.19.19.95;};

6) Create forward zones. The following zone is the forward zone entry for the mydomain.com domain

vi /etc/named.conf

zone “mydomain.com” IN {
type master;
file “fwd.mydomain.com.db”;
allow-update { none; };
};

7) Create reverse zone. The following zones are the reverse zone entry.
I have created two zones as I have two subnet 10.68.33.x and 172.19.19.x

vi /etc/named.conf

zone “33.68.10.in-addr.arpa” IN {
type master;
file “33.68.10.db”;
allow-update { none; };
};

zone “19.19.172.in-addr.arpa” IN {
type master;
file “19.19.172.db”;
allow-update { none; };
};

Below is the complete configuration of my named.conf

# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator’s Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

acl “trusted” {
10.68.33.61;
10.68.33.62;
10.68.33.63;
10.68.33.64;
10.68.33.65;
10.68.33.66;
172.19.19.88;
172.19.19.94;
172.19.19.95;
};

options {
listen-on port 53 { 127.0.0.1; 10.68.33.61; };
// listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
recursing-file “/var/named/data/named.recursing”;
secroots-file “/var/named/data/named.secroots”;
allow-query { trusted; 10.68.33.61; 10.68.33.62; 10.68.33.63; 10.68.33.64; 10.68.33.65; 10.68.33.66; 172.19.19.88; 172.19.19.94; 172.19.19.95;};

    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.root.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “mydomain.com” IN {
type master;
file “fwd.mydomain.com.db”;
allow-update { none; };
};

zone “33.68.10.in-addr.arpa” IN {
type master;
file “33.68.10.db”;
allow-update { none; };
};

zone “19.19.172.in-addr.arpa” IN {
type master;
file “19.19.172.db”;
allow-update { none; };
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;

8) Create zone files.

There are some special keywords for Zone Files

A – A record
NS – Name Server
MX – Mail for Exchange
CNAME – Canonical Name

touch /var/named/fwd.mydomain.com.db

vi /var/named/fwd.mydomain.com.db

#

$TTL 604800
@ IN SOA dnsserver.mydomain.com. root.mydomain.com. (
2019121213 ;Serial Sample 2019 Nov 12 format
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)

;Name Server Information
@ IN NS dnsserver.mydomain.com.

;IP address of Name Server
dnsserver IN A 10.68.33.61

;A – Record HostName To IP Address
api.openshift4 IN A 10.68.33.62
api-int.openshift4 IN A 10.68.33.62
apps.openshift4 IN A 10.68.33.62
master1.openshift4 IN A 10.68.33.63
master2.openshift4 IN A 10.68.33.67
master3.openshift4 IN A 10.68.33.68
etcd-0.openshift4 IN A 10.68.33.63
etcd-1.openshift4 IN A 10.68.33.67
etcd-2.openshift4 IN A 10.68.33.68
worker1.openshift4 IN A 10.68.33.64
worker2.openshift4 IN A 10.68.33.65
bootstrap.openshift4 IN A 10.68.33.66
*.apps.openshift4 IN A 10.68.33.62
test.openshift4 IN A 172.19.19.88

;_service._proto.name. TTL class SRV priority weight port target.
_etcd-server-ssl._tcp.openshift4 86400 IN SRV 0 10 2380 etcd-0.openshift4.mydomain.com.
_etcd-server-ssl._tcp.openshift4 86400 IN SRV 0 10 2380 etcd-1.openshift4.mydomain.com.
_etcd-server-ssl._tcp.openshift4 86400 IN SRV 0 10 2380 etcd-2.openshift4.mydomain.com.

#

9) Create a zone file called 33.68.10.db and 19.19.172.db for the reverse zone under /var/named directory.
I have two subnets so I have created two zone files.

PTR – Pointer
SOA – Start of Authority

vi /var/named/33.68.10.db
;######################################################################################

@ IN SOA dnsserver.mydomain.com. root.mydomain.com. (
2019121213 ;Serial Sample 2019 Nov 12 format
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)

;Name Server Information
@ IN NS dnsserver.mydomain.com.
;Reverse lookup for Name Server
61 IN PTR dnsserver.mydomain.com.

;PTR Record IP address to HostName
62 IN PTR api.openshift4.mydomain.com.
62 IN PTR api-int.openshift4.mydomain.com.
62 IN PTR apps.openshift4.mydomain.com.
63 IN PTR master1.openshift4.mydomain.com.
67 IN PTR master2.openshift4.mydomain.com.
68 IN PTR master3.openshift4.mydomain.com.
63 IN PTR etcd-0.openshift4.mydomain.com.
67 IN PTR etcd-1.openshift4.mydomain.com.
68 IN PTR etcd-2.openshift4.mydomain.com.
64 IN PTR worker1.openshift4.mydomain.com.
65 IN PTR worker2.openshift4.mydomain.com.
66 IN PTR bootstrap.openshift4.mydomain.com.

;######################################################################################

vi /var/named/19.19.172.db
;######################################################################################

@ IN SOA dnsserver.mydomain.com. root.mydomain.com. (
2019121204 ;Serial Sample 2019 Nov 12 format
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)

;Name Server Information
@ IN NS dnsserver.mydomain.com.
;Reverse lookup for Name Server
61 IN PTR dnsserver.mydomain.com.

;PTR Record IP address to HostName
88 IN PTR test.openshift4.mydomain.com.

;######################################################################################

10) Firewall
Add a allow rule in firewall to let clients can connect to DNS server for name resolution

firewall-cmd –permanent –add-port=53/udp
firewall-cmd –reload

11) Add the DNS server IP ADDRESS in DNS1 to the client machines and as well as this bind dns server.

/etc/sysconfig/network-scripts/ifcfg-eXX

DNS1=10.68.33.61

12)Restart network service.

systemctl restart NetworkManager

13)Use the following command to verify the forward lookup.

dig dnsserver.mydomain.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> dnsserver.mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63873
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dnsserver.mydomain.com. IN A

;; ANSWER SECTION:
dnsserver.mydomain.com. 604800 IN A 10.68.33.61

;; AUTHORITY SECTION:
mydomain.com. 604800 IN NS dnsserver.mydomain.com.

;; Query time: 0 msec
;; SERVER: 10.68.33.61#53(10.68.33.61)
;; WHEN: Thu Dec 12 22:39:57 EST 2019
;; MSG SIZE rcvd: 79

Windows Pre migration checklist script

@echo off
echo. > %computername%.txt
echo. >> %computername%.txt
echo ======IP Configuration============================================================== >> %computername%.txt
ipconfig /all >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
echo ======Net Start===================================================================== >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
net start >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
echo =====Netstat Output================================================================= >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
netstat -anob >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
echo ======Route Print=================================================================== >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
route print >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
echo ======System Information============================================================ >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
systeminfo >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
echo ======Services Query================================================================ >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
sc query state= all >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
echo ======Check Disk==================================================================== >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
chkdsk >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
echo ======Disk Volumes================================================================== >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
diskpart /s list.txt >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
echo =====Serial Number================================================================== >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
wmic /append:%computername%.txt bios get serialnumber/Format:List
echo. >> %computername%.txt
echo. >> %computername%.txt
echo =====services List and Status======================================================= >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
wmic /append:%computername%.txt Service Get Name, DisplayName, ServiceType, Started, StartMode, Status/Format:List
echo. >> %computername%.txt
echo. >> %computername%.txt
echo =====CPU INFO======================================================================= >> %computername%.txt
echo. >> %computername%.txt
echo. >> %computername%.txt
wmic /append:%computername%.txt cpu get deviceid, CpuStatus, NumberofCores, NumberofLogicalProcessors/Format:List
echo. >> %computername%.txt
echo. >> %computername%.txt