Sep.21

Dec.03

Ansible: Creating multiple user, Generating Password(sha512), expiring password(force user to change)

  tasks:
  - name: multiple
    user:
      name: "{{ item.name }}"
      shell: /bin/bash
      createhome: yes
      password: "{{ item.password | password_hash('sha512') }}"
      comment: "{{ item.comment }}"
      state: present
      update_password: on_create
    register: changes
    with_items:
     - { name: testuser1, password: testuser1@123, comment: "test user1" }
     - { name: testuser2, password: testuser2@123, comment: "test user2" }

  - name: Expire password
    shell: chage -d 0 {{ item.name }}
    with_items: "{{ changes.results }}"
    when: "{{ item.changed == true }}"

 



Nov.27

Ansible: Creating user, adding to group,Generating Password(sha512), expiring password(force user to change)

As the subject says, here is the yml

tasks:
- name: Creating crm group
  group:
    name: crm
    state: present

- name: Add user testuser
  user:
    name: testuser
    comment: crm test user
    shell: /bin/bash
    home: /home/testuser
    state: present
    createhome: yes
    groups: crm
    password: "{{ 'crm@123' | password_hash('sha512') }}"
    update_password: on_create
  register: testuser

- name: Force testuser change password
  shell: chage -d 0 testuser
  when: testuser.changed

 

Sep.10

Fix rpmdb: Thread died in Berkeley DB library – Error: rpmdb open failed

If you see rpmdb errors during package management (during yum/rpm operations), like this:

error: rpmdb: BDB0113 Thread/process 24360/139705672034368 failed: BDB1507 Thread died in Berkeley DB library
error: db5 error(-30973) from dbenv->failchk: BDB0087 DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages index using db5 – (-30973)
error: cannot open Packages database in /var/lib/rpm
CRITICAL:yum.main:Error: rpmdb open failed

Solution:

Please follow these steps to backup and rebuild rpmdb database:

mkdir /var/lib/rpm/backup
cp -a /var/lib/rpm/__db* /var/lib/rpm/backup/
rm -f /var/lib/rpm/__db.[0-9][0-9]*
rpm –quiet -qa
rpm –rebuilddb
yum clean all

Nov.21

[Satellite 6] Candlepin and pulp are not starting

Issue

  • Satellite is not starting – candlepin and pulp end in FAIL status
candlepin   FAIL    404 Resource Not Found
candlepin_auth  FAIL    Katello::Resources::Candlepin::CandlepinPing: 404 Resource Not Found (GET /candlepin/status)
foreman_tasks   OK  
pulp    FAIL    500 Internal Server Error
pulp_auth   FAIL    Skipped pulp_auth check after failed pulp check

Resolution

  • Re-run the update based on the documentation with the “–scenario satellite”
# katello-service stop
# satellite-installer --scenario satellite --upgrade

Root Cause

  • Satellite server was updated to latest version with wrong option. Instead of –scenario satellite, –scenario capsule was used.
  • Satellite was updated using yum update, but upgrade script with option –scenario satellite –upgrade was not executed after running yum.

Nov.21

Error when running pulp-manage-db: “This must not be run as root”

Issue

  • Unable to run pulp-manage-db command.

It results in the following error:

pulp-manage-db This must not be run as root, but as the same user apache runs as.

Resolution

The command needs to be executed in the following manner:

# sudo -u apache pulp-manage-db

Important: run that command ONLY when pulp services are stopped. In particular, run:

for i in pulp_resource_manager pulp_workers pulp_celerybeat pulp_streamer; do service $i stop; done

before the pulp-manage-db and start the services after the command completes.

Nov.08

Docker Pull behind Proxy : Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on server misbehaving

HTTP/HTTPS proxy

The Docker daemon uses the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environmental variables in its start-up environment to configure HTTP or HTTPS proxy behavior. You cannot configure these environment variables using the daemon.json file.

This example overrides the default docker.service file.

If you are behind an HTTP or HTTPS proxy server, for example in corporate settings, you need to add this configuration in the Docker systemd service file.

Create a systemd drop-in directory for the docker service:

 

$ sudo mkdir -p /etc/systemd/system/docker.service.d

Create a file called /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable:

[Service] Environment=”HTTP_PROXY=http://proxy.example.com:80/”

Or, if you are behind an HTTPS proxy server, create a file called /etc/systemd/system/docker.service.d/https-proxy.conf that adds the HTTPS_PROXY environment variable:

[Service]Environment=”HTTPS_PROXY=https://proxy.example.com:443/”

Flush changes:

sudo systemctl daemon-reload

Restart Docker:

$ sudo systemctl restart docker

Verify that the configuration has been loaded:

$ systemctl show –property=Environment docker
Environment=HTTP_PROXY=http://proxy.example.com:80/

Or, if you are behind an HTTPS proxy server:

$ systemctl show –property=Environment docker
Environment=HTTPS_PROXY=https://proxy.example.com:443/

 

OUTPUT:

[root@zkwansible01 installer]# docker pull hello-world

Using default tag: latest

Trying to pull repository registry.access.redhat.com/hello-world …

Trying to pull repository docker.io/library/hello-world …

latest: Pulling from docker.io/library/hello-world

d1725b59e92d: Pull complete

Digest: sha256:0add3ace90ecb4adbf7777e9aacf18357296e799f81cabc9fde470971e499788

Status: Downloaded newer image for docker.io/hello-world:latest