A chronological documentation test project, nothing serious, really!

12 Jan 2018 Exclude certain packages from yum-cron (but not from yum)

This is a solution for how you can exclude certain packages being updated when using yum-cron.
Docker and kernel are packages I would like to exclude from yum-cron.

The solution to this is to modify the /etc/yum/yum-cron.conf file adding this to the [base] section


exclude = kernel* docker*

On RHEL6/Centos6 you can use the YUM_PARAMETER to do the same thing

YUM_PARAMETER=kernel* docker*

If you would like to exclude certain packages from yum alltogether you need to modify the affected yum repository.
Example to permanently exclude certain packages like Docker from being updated using the yum command/CLI

Modify /etc/yum.repos.d/redhat.repo

Add the following line under [rhel-7-server-extras-rpms]
exclude = docker*

Before adding a exclude command verify that you add the exclude line under the right repository.

# yum info docker

From repo : rhel-7-server-extras-rpms

Tags: , , , ,

Posted by

24 Jun 2015 Mount Samba share using gvfs-mount as normal user

This is just a shot note on how to mount a Samba or Windows CIFS share as a normal linux user using the gvfs-mount command in Centos 7 or RedHat 7.

Mounting a mountpoint share using the username user and password
[user@host] gvfs-mount smb://username@

If the command finishes without any errors you can now access your smb mount on the following path

[user@host] ls -l /run/user/1000/gvfs/smb-share\:server\=\,share\=shared-folder\,user\=username/

1000 corresponds to your users id and can be determined by the id command

[user@host] id
uid=1000(username) gid=1000(username) groups=1000(username)

I compared the performance between connecting directly to a Samba share using UNC path and using gvfs-mount and saw that there is a noticeable speed decrease using gvfs-mount.
But if you have old software that does not support UNC path, then gvfs-mount is a good alternative to no access.

Tags: ,

Posted by

26 May 2015 Installing Open vSwitch on CentOS 7

This post describes how to install the most recent version of Open vSwitch (ovs) on CentOS 7 and might be the base for future posts about using KVM as virtualization platform.

openvswitch-diagramOpen vSwitch is a production quality open source software switch designed to be used as a vswitch in virtualized server environments. A vswitch forwards traffic between different VMs on the same physical host and also forwards traffic between VMs and the physical network.

Install the needed packages (as root user)

# yum -y install wget openssl-devel kernel-devel

Install development tools

# yum groupinstall "Development Tools"

Add a ovswitch user

# adduser ovswitch

Download and unpack the openvswitch source code (as ovswitch user)

$ su - ovswitch
$ mkdir -p ~/rpmbuild/SOURCES
$ cd ~/rpmbuild/SOURCES
$ wget
$ tar xfz openvswitch-2.3.1.tar.gz

We will modify the openvswitch spec-file and use the kernel module CentOS provides instead of creating a new one.

$ sed 's/openvswitch-kmod, //g' openvswitch-2.3.1/rhel/openvswitch.spec > openvswitch-2.3.1/rhel/openvswitch_no_kmod.spec

Create a RPM-file to ease future package operations like upgrade

$ rpmbuild -bb --nocheck ~/openvswitch-2.3.1/rhel/openvswitch_no_kmod.spec
$ exit

Now is the time to install the RPM-package (as root)

# yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/openvswitch-2.3.1-1.x86_64.rpm

If you have not disabled SElinux then you will see the following SELinux issues when you try to start the openvswitch service

install: cannot change owner and permissions of ‘/etc/openvswitch': No such file or directory and Creating empty database /etc/openvswitch/conf.db ovsdb-tool: I/O error: /etc/openvswitch/conf.db: failed to lock lockfile (No such file or directory)

This is one way to fix this issue

# mkdir /etc/openvswitch
# semanage fcontext -a -t openvswitch_rw_t "/etc/openvswitch(/.*)?"
# restorecon -Rv /etc/openvswitch

We are now ready to start the openvswitch service

# service openvswitch start
# chkconfig openvswitch on

Verify that we have installed openvswitch and that it is available

# virsh version
Compiled against library: libvirt 1.2.8
Using library: libvirt 1.2.8
Using API: QEMU 1.2.8
Running hypervisor: QEMU 1.5.3
# lsmod |grep openvswitch
openvswitch            70611  0 
gre                    13796  1 openvswitch
vxlan                  37409  1 openvswitch
libcrc32c              12644  2 xfs,openvswitch
# ovs-vsctl show
    Bridge "ovsbr1"
        Port "ovsbr1"
            Interface "ovsbr1"
                type: internal
    Bridge "ovsbr0"
        Port "enp0s25"
            Interface "enp0s25"
        Port "ovsbr0"
            Interface "ovsbr0"
                type: internal
    ovs_version: "2.3.1"

We are now ready to create a network bridge, but that will (maybe) be described in a future post of mine.

Tags: , , , , , ,

Posted by

25 May 2015 Generate a GRUB configuration file

It is sometimes needed to create a new, modify og recreate the grub configuration file.
One easy tool to regenerate the config file is the command grub2-mkconfig.
This command has helped me add a grub Windows startup option after installing CentOS 7.

Write the output of the command to console

# grub2-mkconfig

Write a new grub config file, overwriting the existing file

# grub2-mkconfig -o /boot/grub2/grub.cfg

This has been tested on CentOS 7 / RHEL 7.

Tags: , , ,

Posted by

12 Nov 2014 Replace firewalld with iptables in CentOS 7

This is a short HOWTO replace or disable firewalld with iptables in CentOS 7.

Install iptables service
# yum -y install iptables-services

If you would like to save the firewall rules you need to run the following command
# iptables-save > iptables-rules.txt

These rules can be added to /etc/sysconfig/iptables but I usually use the rules that come with iptables package and add my rules to better suit my needs.

# systemctl enable iptables
# systemctl enable ip6tables

Stop firewalld
# systemctl stop firewalld

Disable firewalld
# systemctl disable firewalld

Start iptables service
# systemctl start iptables
# systemctl start ip6tables

And thats it.

Always make sure that you are not locking yourself out of your server when starting the iptables firewall.

Tags: , ,

Posted by