Tip: Importing multiple CentOS Linux DVDs into Cobbler

Linux distributions are getting larger and larger; CentOS 6.0 64-bit won’t fit on a single DVD anymore. A Cobbler-based provisioning server will normally import only one DVD. So, how do you get around this?

  1. Import the first DVD as usual
  2. Manually add content from the second DVD

Import the first DVD (ISO image):

  mkdir /mnt/dvd1; mount -o ro,loop /tmp/CentOS-6.0-x86_64-bin-DVD1.iso /mnt/dvd1

  DISTRO=centos60-x86_64
  cobbler import --name=${DISTRO} --path=/mnt/dvd1

Watch the output from Cobbler closely – it will basically tell show you the commands you need to import the second DVD ;-)

Import the second DVD (ISO image):

  mkdir /mnt/dvd2; mount -o ro,loop /tmp/CentOS-6.0-x86_64-bin-DVD2.iso /mnt/dvd2

  rsync -a  '/mnt/dvd2/' /var/www/cobbler/ks_mirror/${DISTRO} --exclude-from=/etc/cobbler/rsync.exclude --progress
  COMPSXML=$(ls /var/www/cobbler/ks_mirror/${DISTRO}/repodata/*comps*.xml)
  createrepo -c cache -s sha --update --groupfile ${COMPSXML} /var/www/cobbler/ks_mirror/${DISTRO}

Done! You have now added the contents of the second DVD to your existing “ks_mirror” directory and updated the Yum repodata.

Update 2011.08

  • FIXED: Forgot the trailing / on the DVD2 mount point '/mnt/dvd2/'. Otherwise, the rsync command will create a 'dvd2' subdirectory.

Tip: Fedora 14 and Dropbox

The current version of Dropbox does not behave nicely on Fedora 14 – the Dropbox update daemon attempts to execute code from stack. This is prohibited by SELinux (and rightly so).

There is a workaround (taken from the Dropbox Support forum):

  /usr/bin/execstack -c ~/.dropbox-dist/_ctypes.so

Let’s hope that Dropbox releases a proper fix for this problem soon.

Tip: Configuring network aliases with NetworkManager on Fedora 14

Linux supports the concept of “network aliases”; a NIC with more than one IP-address.

Previously, with networking managed by /etc/init.d/network, you would create a configuration file (/etc/sysconfig/network-scripts/ifcfg-eth0:0) holding the IP-address information for alias “0” of network interface “eth0“.

With NetworkManager, things become more complicated for non-trivial network configurations. The primary interface settings are in /etc/sysconfig/network-scripts/ifcfg-eth0 as usual:

  DEVICE="eth0"
  NM_CONTROLLED="yes"
  ONBOOT=yes
  HWADDR=00:04:23:C0:FF:EE
  TYPE=Ethernet
  BOOTPROTO=dhcp
  DEFROUTE=yes
  PEERDNS=yes
  PEERROUTES=yes
  IPV4_FAILURE_FATAL=yes
  IPV6INIT=no
  NAME="System eth0"
  UUID=5fb06bd0-0bb0-7ffb-45f1-deadbeefc0ffee

Based on a comment by Cristiano, I added a script to NetworkManager that would take care of configuring any network aliases that might be defined:

  $ cat /etc/NetworkManager/dispatcher.d/00-aliases
  #!/bin/bash
  # Based on comment by Cristiano, http://mihai.ibanescu.net/networkmanager-and-virtual-interfaces
  
  iface="$1"
  shift
  action="$1"
  shift
  
  if [ "$action" = "up" ]; then
    for ALIAS in /etc/sysconfig/network-scripts/ifcfg-$iface:*; do
      ALIAS=`echo $ALIAS | cut -d: -f 2`
      /sbin/ifup $iface:$ALIAS
    done
  fi
  # EOF

Note: This script needs to be executable.

The alias settings are configured in /etc/sysconfig/network-scripts/ifcfg-eth0:0

  DEVICE="eth0:0"
  NM_CONTROLLED="no"
  BOOTPROTO=static
  IPADDR=172.16.0.1
  NETMASK=255.255.0.0

The essential ingredient here is “NM_CONTROLLED=no” (thanks to IRC @so_solid_moo, #fedora). Without that setting, NetworkManager will treat your alias as a real device and mess up your network accordingly ;-)

Tip: Encrypted passwords, just add salt

You can generate encrypted password strings (hashes) using the openssl utility.

You need to supply both a “salt” string and the password you wish to encrypt:

  # openssl passwd -1 -salt MoreSalt ThePassword
  $1$MoreSalt$Cvu.5MdMq1BjAsFp1oc.f/

The following command line generates a random 8-character salt string:

  # openssl rand -base64 6

Combine these into a single command line that uses a different random salt on each invocation:

  # openssl passwd -1 -salt $(openssl rand -base64 6) ThePassword
  $1$XpOpurgQ$41bulzoCV8viFy37EX6jk.

Read on for a comparison between old crypt()-style passwords and the current md5-style shadow passwords. Continue reading “Tip: Encrypted passwords, just add salt”

Configure Wake-on-LAN on Red Hat Enterprise Linux

Wake-on-LAN is a useful feature on most network cards that allows you to remotely boot up a computer.

The ethtool utility (found in the ethtool RPM) can tell you if your network card supports Wake-on-LAN:

[root@example]# ethtool eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: umbg
Wake-on: d
Current message level: 0x00000007 (7)
Link detected: yes

Look for the “Supports Wake-on” line. It should list one or more letters, including “g” (WoL using Magic Packet). In the example above, Wake-on-LAN is currently disabled (“d”).

The Wake-on-LAN setting does not persist. It needs to be configured every time the machine boots. On RHEL, this is usually done from /etc/init.d. Create a script called /etc/init.d/wol with the following content:

#!/bin/bash
#
# wol Wake-on-LAN configuration script
#
# chkconfig: - 99 01
# description: Wake-on-LAN allows a machine to be started using a WoL network packet.\
# This script configured WoL on interfaces listed in $NIC.
# processname: -
# config: -
# pidfile: -

# Source function library.
. /etc/rc.d/init.d/functions

# List of NICs to configure for WoL.
# Note: on Xen hosts, use peth0 instead of eth0.
NIC=”eth0″

if [ “$1” != “start” ]; then
exit 0
fi

echo -n “Enabling Wake-on-LAN for:”
for nic in ${NIC};
do
echo -n ” ${nic}”
[ -x /sbin/ethtool ] && /sbin/ethtool -s ${nic} wol g >/dev/null 2>&1
done

# Note: no error checking – ethtool does not return a useful exit code
success
echo

# EOF

Add the script to the startup sequence:

chkconfig --add wol
chkconfig wol on

The script will now be run on every reboot. You can check the result using ethtool eth0; it should now display “Wake-on: g“.

You should now be able to shutdown your computer, and wake it by sending a “WoL Magic Packet” from another computer. On Linux, use ether-wake (from the net-tools RPM) or wol (from the wol RPM) to send the Magic Packet:

/sbin/ether-wake -i eth0 00:04:23:C0:FF:EE

Voila!