Tag: rhel7

Puppet gotchas when using SSSD-module and network Team with NetworkManager

On By Hans-Henry JakobsenIn LinuxLeave a comment

I have been using Puppet on some of my servers to keep my SSSD configuration in the state I want it to be. There is one thing I have learned this summer and later on found the Redhat bug 1414573, and that is that the Puppet SSSD module I have been using triggers a service refresh when the sssd.conf file changes. It currently restarts messagebus, sssd and oddjobd. On RHEL7 this results on two issues:

  1. SSH connections become really, really slow
  2. NetworkManager start spewing errors.

A side effect of issue number 2, NetworkManager is that if you have configured your network nics as members of a network Team, the team will stop working and will be shut down. The team nic-members will not become members of the network Team again until you restart the NetworkManager daemon.

“Restarting “messagebus” means to restart dbus. In general, many components don’t handle restart of dbus properly, so if you try to restart the dbus daemon, you effectively would have to restart a range of service — which amounts to a reboot. NetworkManager doesn’t support restarting dbus. Afterwards it will not reconnect to the message-bus and is effectively unreachable.”

Source: Bug 1414573 -‘systemctl restart messagebus sssd oddjobd’ results in slow logins and NetworkManager errors

Configure VLAN on top of network team using nmcli / NetworkManager

On By Hans-Henry JakobsenIn Linux, NetworkLeave a comment

This post is almost similar as the previous where I created a team with two network nics as members using NetworkManager nmcli from a console. This time I have added a VLAN on top of my LACP network team with two member nics.

First we need to install the teamd package if it is not already installed.

# yum install teamd

Using the console command nmcli and NetworkManager and a json-config file with the default config for the team, filename team-master-conf.json:

{
        "runner":       {
                "active": true,
                "fast_rate": true,
                "name": "lacp",
                "tx_hash": [ "eth", "ipv4" ]
        },
        "tx_balancer":  { "name": "basic" },
        "link_watch":   { "name": "ethtool" }
}
# nmcli con add type team con-name team0 ifname team0 config team-master-conf.json
# nmcli con add type team-slave con-name team0-em1 ifname em1 master team0
# nmcli con add type team-slave con-name team0-em2 ifname em2 master team0

I have not added an IP-address to the new team since I will add that on the VLAN interface.

Check the status of the team

# nmcli con status
NAME               UUID                                  TYPE            DEVICE
team0              7f0c0038-b8c1-45bb-a286-501d02304700  team            team0
team0-em1          0394e2ae-6610-4997-92db-775876866d0d  802-3-ethernet  em1
team0-em2          7050d641-83bb-497a-ae23-6af029386117  802-3-ethernet  em2

Check the state of the team

# teamdctl team0 state
setup:
  runner: lacp
ports:
  em1
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 1
    runner:
      aggregator ID: 12, Selected
      selected: yes
      state: current
  em2
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
    runner:
      aggregator ID: 12, Selected
      selected: yes
      state: current
runner:
  active: yes
  fast rate: yes

Add a VLAN to the network team

# nmcli con add type vlan con-name team0-vlan12 dev team0 id 12 ip4 10.1.0.20/24 gw4 10.1.0.1

The new config looks like this

# nmcli con s | grep team
team0              7f0c0038-b8c1-45bb-a286-501d02304700  team            team0
team0-vlan12       d5de0d83-d490-4535-915c-4cbdcf39830b  vlan            team0.12
team0-em1          0394e2ae-6610-4997-92db-775876866d0d  802-3-ethernet  em1
team0-em2          7050d641-83bb-497a-ae23-6af029386117  802-3-ethernet  em2

This config is confirmed working on RHEL 7.4 and Centos.
I assume the switch is configured as needed before starting this config on the server.

Configure network team using nmcli / NetworkManager

On By Hans-Henry JakobsenIn Linux, NetworkLeave a comment

This is a short post on how to create a LACP network team with two member nics using NetworkManager and nmcli. Configuring av network team is very similar to creating a bond.

First we need to install the teamd package if it is not already installed.

# yum install teamd

I have also included a json-config file with the default config for the team, filename team-master-conf.json:

{
        "runner":       {
                "active": true,
                "fast_rate": true,
                "name": "lacp",
                "tx_hash": [ "eth", "ipv4" ]
        },
        "tx_balancer":  { "name": "basic" },
        "link_watch":   { "name": "ethtool" }
}
# nmcli con add type team con-name team0 ifname team0 config team-master-conf.json ip4 10.0.0.10/24 gw4 10.0.0.1
# nmcli con add type team-slave con-name team0-em1 ifname em1 master team0
# nmcli con add type team-slave con-name team0-em2 ifname em2 master team0

Check the status of the team

# nmcli con status
NAME               UUID                                  TYPE            DEVICE
team0              7f0c0038-b8c1-45bb-a286-501d02304700  team            team0
team0-em1          0394e2ae-6610-4997-92db-775876866d0d  802-3-ethernet  em1
team0-em2          7050d641-83bb-497a-ae23-6af029386117  802-3-ethernet  em2

Check the state of the team

# teamdctl team0 state
setup:
  runner: lacp
ports:
  em1
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 1
    runner:
      aggregator ID: 12, Selected
      selected: yes
      state: current
  em2
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
    runner:
      aggregator ID: 12, Selected
      selected: yes
      state: current
runner:
  active: yes
  fast rate: yes

Some NetworkManager basics

Take down a network interface

# nmcli con down em1

Take up a network interface

# nmcli con up em1

Delete a network interface

# nmcli con delete em1

Add a new network device

# nmcli con add em1

This config is confirmed working on RHEL 7.4 and Centos.

I assume the switch is configured as needed before starting this config on the server.

Exclude certain packages from yum-cron (but not from yum)

On By Hans-Henry JakobsenIn LinuxLeave a comment

This is a solution for how you can exclude certain packages being updated when using yum-cron.
Docker and kernel are packages I would like to exclude from yum-cron.

The solution to this is to modify the /etc/yum/yum-cron.conf file adding this to the [base] section

RHEL7/Centos7

[base]
...
exclude = kernel* docker*

On RHEL6/Centos6 you can use the YUM_PARAMETER to do the same thing

YUM_PARAMETER=kernel* docker*

If you would like to exclude certain packages from yum alltogether you need to modify the affected yum repository.
Example to permanently exclude certain packages like Docker from being updated using the yum command/CLI

RHEL7
Modify /etc/yum.repos.d/redhat.repo

Add the following line under [rhel-7-server-extras-rpms]
exclude = docker*

Before adding a exclude command verify that you add the exclude line under the right repository.
Example

# yum info docker

From repo : rhel-7-server-extras-rpms

Generate a GRUB configuration file

On By Hans-Henry JakobsenIn Linux

It is sometimes needed to create a new, modify og recreate the grub configuration file.
One easy tool to regenerate the config file is the command grub2-mkconfig.
This command has helped me add a grub Windows startup option after installing CentOS 7.

Write the output of the command to console

# grub2-mkconfig

Write a new grub config file, overwriting the existing file

# grub2-mkconfig -o /boot/grub2/grub.cfg

This has been tested on CentOS 7 / RHEL 7.