How to add mount option nodev for /var/lib/nfs/rpc_pipefs partition on RHEL 7

Recently latest vulnerability found on Red Hat Enterprise Linux 7 system during audit by security team. According to audit team, 'nodev' need to be an added mount for /var/lib/nfs/rpc_pipefs partition. 

To resolve this vulnerability please perform the below steps as suggested by Red Hat.

1. We need to create Drop-In directory for var-lib-nfs-rpc_pipefs.mount

[root@redhat001:~]# mkdir -p /etc/systemd/system/var-lib-nfs-rpc_pipefs.mount.d/

2. Now we need to create configuration file adding this mount point

[root@redhat001:~]# printf '[Mount]\nOptions=nodev\n' > /etc/systemd/system/var-lib-nfs-rpc_pipefs.mount.d/99-nodev.conf

3. Please take a reload of daemon service

[root@redhat001:~]# systemctl daemon-reload

now please take a restart of mount services.

[root@redhat001:~]# systemctl restart var-lib-nfs-rpc_pipefs.mount

Using above steps we can add mount option nodev for /var/lib/nfs/rpc_pipefs parition on rhel7. To verify the mount point you can run the below command

[root@redhat001:~]#grep rpc /proc/self/mounts

sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw,nodev,relatime 0 0

If you see above output, nodev option has been successfully mount. This is straight steps need to follow to resolve such vulnerability. 

Can not remove Logical Volume, message "Logical volume contains a filesystem in use"

In my local machine, I have multiple logical volume. When I try to remove below logical volume, getting below error.

[root@redhat001:~]# lvremove /dev/mapper/system-lv_redhat

Logical volume /dev/mapper/system-lv_redhat contains a filesystem in use.

To remove this logical volume in redhat linux system, please follow the below methods. 

1. Please check if any logical volume mounted on your system. To check this you can simply use "mount" command with grep option.

[root@redhat001:~]# mount | grep /dev/mapper/system-lv_redhat

Above command will provide you information if logical system is mount or not.  If you found, file system is mount, then please umount it first, remove entry from /etc/fstab then try to remove logical volume.

2. In case no logical volume mounted but still you are not able to remove logical volume then you need to check this method if any file is open or any active process using by this logical volume. To check this please run the below command. 

[root@redhat001:~]# lsof | grep /dev/mapper/system-lv_redhat

or 

[root@redhat001:~]#ps -ef | grep /dev/mapper/system-lv_redhat

Using first command you can find if any file is open at system end and it is use by this logical volume, so please check this and close files.

Second command use when you get any process using by this logical volume. please kill the particular process. If process use by root file system, I would suggest instead of killing the process, please stop any application if running and reboot the server, so it would automatically kill your process.

3. You can deactivate logical volume and remove it

[root@redhat001:~]# lvchange -an /dev/mapper/system-lv_redhat

[root@redhat001:~]#lvs

[root@redhat001:~]#lvremove -f  /dev/mapper/system-lv_redhat

Please deactivate logical volume using lvchange command and run lvs to verify that logical volume deactivate or not. 

Hope using above three methods you can resolve this error. In case of any query, please drop a comment on this article. 

mount: wrong fs type, bad option, bad superblock on /dev/mapper/system-lv_redhat error and solution

When we mount any file system or disk on redhat linux server, we have received below error message some times. 

[root@redhat001:~]# mount /redhat

mount: wrong fs type, bad option, bad superblock on /dev/mapper/system-lv_redhat

In above, /redhat is mount point and /dev/mapper/system-lv_redhat is device mapper name for this file system. 

system is volume group and lv_redhat is logical volume.

To resolve this issue, you need to check below points and performed action.

1. Check /etc/fstab entry, file system type (eg. xfs, ext4 etc.) should be correct. 

2. Check data integrity or the filesystem type using below command:

[root@redhat001:~]# file -sL /dev/mapper/system-lv_redhat

/dev/mapper/system-lv_redhat: SGI XFS filesystem data (blksz 4096, inosz 512, v2 dirs)

The output of the above command shows that filesystem type is XFS

3. Check filesystem type mentioned in /etc/fstab:

[root@redhat001:~]#cat /etc/fstab

/dev/mapper/system-lv_redhat /redhat xfs defaults 1 2

4. If bad superblock found on the server, we need to repair file system. 

To check bad superblock you can run "e2fsck" and "tune2fs"  for ext formatted file system and "xfs_repair" for xfs file system. 

For above example, file system is xfs type , so please run the below command to repair file system.

Before doing this, please ensure, you have backup of this file system in tape library or any other backup solution. 

[root@redhat001:~]# xfs_repair  /dev/mapper/system-lv_redhat

It will take time to repair file system, also depend upon file system size. If file system size bigger, the repairing process will take long time. 

How to fix Host key verification failed error on linux servers

When you connect to a server for the first time, the server prompts you to confirm that you are connected to the correct system. 

The following example uses the ssh command to connect to a remote host named redhat007:

[root@redhat001:~]# ssh user02@redhat007

The authenticity of host 'redhat007 (192.168.1.24)' can’t be

established. ECDSA key fingerprint is ...

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'redhat007,192.168.1.24' (ECDSA) to the list of known hosts.

The command checks to make sure that you are connecting to the host that you think you are connecting to. 

When you enter yes, the client appends the server’s public host key to the user’s ~/.ssh/known_hosts file and creating the ~/.ssh directory if necessary.

Next time when you connect to the remote server, the client compares this key to the one the server supplies. If the keys match, you are not asked if you want to continue connecting.

If someone tries to trick you into logging in to their machine so that they can sniff your SSH session, you will receive a warning similar to the following:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that the RSA host key has just been changed.

The fingerprint for the RSA key sent by the remote host is

22:cf:23:31:7a:5d:93:13:1s:99:23:c2:5k:19:2a:1c.

Please contact your system administrator.

Add correct host key in /home/readhat001/.ssh/known_hosts to get rid of this message.

Offending key in /home/redhat001/.ssh/known_hosts:7

RSA host key for redhat007 has changed and you have requested strict checking.

Host key verification failed.

To resolve above error, we have two different method.

1. Remove old key manually:

Normally key is stored ~/.ssh/known_hosts file

If root wants to ssh to the server, just removing entry in the /root/.ssh/known_hosts file is all right.

If user01 wants to ssh to the server, then remove the entry in the file /home/user01/.ssh/known_hosts.

I will remove the the key  for the destination server redhat007 from the file /home/user02/.ssh/known_hosts.

# vi /home/user02/.ssh/known_hosts

redhat003 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLrY91bQOihgFZQ2Ay9KiBG0rg51/YxJAK7dvAIopRaWzFEEis3fQJiYZNLzLgQtlz6pIe2tj9m/Za33W6WirN8=

redhat005 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCrY/m16MdFt/Ym51Cc7kxZW3R2pcHV1jlOclv6sXix1UhMuPdtoboj+b7+NLlTcjfrUccL+1bkg8EblYucymeU=

redhat007 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCrY/m16MdFt/Ym51Cc7kxZW3R2pcHV1jlOclv6sXix1UhMuPdtoboj+b7+NLlTcjfrUccL+1bkg8EblYucymeU=

2. Removing old key using the ssh-keygen command

[root@redhat001:~]# ssh-keygen -R [hostname|IP address]

[root@redhat001:~]# ssh-keygen -R redhat007

Now once you remove the entry, please login again

[root@redhat001:~]# ssh user02@redhat007

[root@redhat001:~]# ssh user02@redhat007

The authenticity of host 'redhat007 (redhat007)' can't be established.

ECDSA key fingerprint is SHA256:V+iGp3gwSlnpbtYv4Niq6tcMMSZivSnYWQIaJnUvHb4.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'redhat007' (ECDSA) to the list of known hosts.

How to clear cache on Linux

In this article, we will guide you how to clear the memory cache on Linux system by clearing PageCache, dentries, and inodes from the command line.

In linux system basically we have a three different type of caches that need to be clear from linux system.

PageCache is cached files. Files that were recently accessed are stored here so they will not need to be queried from the hard disk again, unless that file changes or the cache is cleared to make room for other data

Dentry, inode cache is directory and file attributes. This information goes hand in hand with PageCache, although it doesn't contain the actual contents of any files.

Please find the below commands to clear the cache from linux device

To clear PageCache only, use this command:-

[root@localhost:~]#sysctl vm.drop_caches=1

To clear dentries and inodes, use this command:-

[root@localhost:~]#sysctl vm.drop_caches=2

To clear PageCache, plus dentries and inodes, use this command:-

[root@localhost:~]#sysctl vm.drop_caches=3

Please use free command or top to check your system's RAM usage and verify that the cache has been cleared.

Also you can use the following commands to accomplish the same thing as the respective systemctl commands:

Clear PageCache:-

[root@localhost:~]# echo 1 > /proc/sys/vm/drop_caches 

Clear dentries and inodes:-

[root@localhost:~]# echo 2 > /proc/sys/vm/drop_caches 

Clear PageCache, dentries and inodes:-

[root@localhost:~]# echo 3 > /proc/sys/vm/drop_caches

Using above commands you can clear the cache from linux system. In case you have any query please comment on this post. Thanks!!

Puppet agent: Exiting; no certificate found and waitforcert is disabled

Puppet agent: Exiting; no certificate found and waitforcert is disabled - 

Such type of error coming when puppet agent connecting to a Puppet master server for a first time will generate a certificate and give it to a Puppet master server to sign.

Basically its depend upon your puppet configuration, a default behavior is that the certificate must by signed manually and thus puppet agent exits with an error.

[root@puppet-client:~]#puppet agent -t

Exiting; no certificate found and waitforcert is disabled

To resolve this issue login to the Puppet master server and run the below command to list all certificates awaiting a signature.

[root@puppet-master ~]# puppet cert list

"puppet-client"      (SHA256)

B3:67:17:66:8E:78:1F:69:4E:11:8E:34:BA:86:A0:E7:07:84:BF:E9:8A:94:A9:41:DD:6C:9D:1B:07:D2:72:6A

From the above output we can see that certificate from a single host puppet-client is waiting for its certificate to be signed. 

Note: Your output may be different and contain multiple certificates awaiting for a signature.

Now we have two options on how to sign the above certificate. 

Option 1: We can sign each certificate individually.

Option 2: We can sign all awaiting certificates at once.

For option 1 , please run the below command 

[root@puppet-master ~]# puppet cert sign puppet-client

For Option 2, please run the below command

[root@puppet-master ~]# puppet cert sign --all

Using above option you can remove such errors. Now login on the puppet-client machine and run the puppet agent again.

[root@puppet-client:~]#puppet agent -t

Now you will not receive certificate error. In case you have any query on above article, please comment on this post. Thanks!!

SSH or SFTP Authentication issue in linux

We normally getting a below error while accessing the destination server via SSH or SFTP protocols.

Error:

root@localhost> sftp  root@XYZ.com

warning: Authentication failed.

FATAL: ssh2 client failed to authenticate. (or you have too old ssh2 installed, check with ssh2 "-V")

To resolve this error first we need to understand what is an issue. In such type of above error, issue is mostly from destination server end which you want to connect from your system. 

In /etc/ssh/sshd_config file, a parameter "MaxAuth Tries" value is very less due to this when we are attempting to access the destination server using SSH or SFTP protocol then we will get such issue if your account will not authenticate in first two attempts. 

So to resolve such issue , you need to increase the value of "MaxAuth Tries" from default value.

edit the /etc/ssh/sshd_config file

search this parameter

increase the value "MaxAuth Tries" to "5" and take a restart of ssh service

systemctl restart sshd

login on source server again and try to access the server, if you are facing this issue again then increase the value again and set to 20.

How to reset HP iLO password from command line in Linux

If you have lost or forgotten the iLO password than please find the below steps to reset ilo password from command line.

To reset / set the password of the iLO from within the linux operating system on an HP server, the hponcfg utility needs to be installed

Here is some information about hponcfg - 

The hponcfg utility is an online configuration tool used to set up and reconfigure the local iLO without requiring a reboot of the server operating system. It can be used to retrieve and change the iLO configuration of the local server from the linux command line.

Please login on the linux machine and create a new xml file

[root@localhost]#vim ilo_password.xml

<RIBCL VERSION="2.0">

  <LOGIN USER_LOGIN="x" PASSWORD="x">

  <USER_INFO MODE="write">

    <MOD_USER USER_LOGIN="Administrator">

      <PASSWORD value="XXXXXXXX*"/>

    </MOD_USER>

  </USER_INFO>

  </LOGIN>

</RIBCL>

save the ilo_password.xml file

In above xml file, you just need to set PASSWORD value - XXXXXXX. Please put your new ILO password here. 

To load this xml file in ILO, please use hponcfg command 

[root@localhost]# hponcfg -w ilo_password.xml

Your iLO password will be reset, now please login in HPE iLO via new password XXXXXXX.

Please let me know in case of any query about this post. Thanks. 

Failed to start lsb bring up/down networking in rhel 7

Such type of error we have received after operating system upgradation from redhat linux operating system from version 7.x to version 7.y.

The root cause for error is network manager upgradation during operating system patching.

To troubleshoot this error, please restart the network service and check the status 

[root@localhost network-scripts]# systemctl restart network

Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.

[root@localhost network-scripts]# systemctl status network

You can see " Failed to start lsb bring up/down networking" error message

Solution: To resolve such type of network issue, please perform the below steps.

Go to /etc/sysconfig/network-scripts/ directory and list the files.

[root@localhost]# cd /etc/sysconfig/network-scripts/

You can see the ifcfg-lo filename file which you need to removed it.

after remove this file please take a restart of service. Your network service will restart properly without any issue. Also if you have any other duplicate or backup ifcfg file please remove it.

[root@localhost network-scripts]# rm -rf ifcfg-lo

[root@localhost network-scripts]# systemctl restart network

Now try to access the redhat machine via ssh. Please post your comment if you have any query regarding this post. 

NFS Stale File Handle error and solution

In linux machine we have NFS mounted directories sometimes contain stale file handles. If you run command such as ls or vi you will see an error

# ls

.: Stale File Handle

Before moving to fix this issue first we need to understand the concept of Stale File Handle.

A filehandle becomes stale whenever the file or directory referenced by the handle is removed by another host.

while your client still holds an active reference to the object. A typical example occurs when the current directory of a process, running on your client, is removed on the server (either by a process running on the server or on another client).

So this can occur if the directory is modified on the NFS server, but the directories modification time is not updated.

To fixed this issue, the best solution is to remount directory from the NFS client using mount command.

# umount -f /test

# mount -t nfs nfsserver:/path/to/share /test

How can I mount a read-only filesystem as read-write in redhat linux

This post is related to the below issue which you have faced in Red Hat Linux 5/6 operating system.

Issue :
 

➤ One of my partition has been mounted as read-only. How can I make it read-write without rebooting?

➤ How can I remount the root filesystem as read-write after it goes read-only?

➤ My filesystem went read-only, can I remount without rebooting? / filesystem suddenly became read only, unable to write to files.

➤ Also if you are trying to create any file or directory inside the file system you would get the message- "Read only file system"

 [root@localhost]# touch test
touch: cannot touch `test': Read-only file system

 [root@localhost]# cat /proc/mounts
rootfs / rootfs rw 0 0
/dev/root / ext3 ro,data=ordered 0 0

Solution:

Mount an already mounted file system in read-write option, Please run the below command.

 [root@localhost]# mount -o remount,rw <filesystem_path>

Remounting as read-write may work, however, if the file system remounts as read-only again, a filesystem check and reboot of the system will be required.

How to configure Network Bonding on RHEL 7

Step by Step method to configure the network bonding on RHEL 7:

 

➤ Please log on to linux server and run the "ip a" command to check the available interfaces.

    [root@localhost]# ip a
    lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever

    eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:50:56:bd:c7:f9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever

➤ Load the bonding driver called “bonding” in the kernel with the modprobe command if it is not already loaded, and verify with the modinfo command:

[root@localhost]# modprobe bonding
[root@localhost]# modinfo bonding
 

➤ In this step you need to generate UUIDs for interfaces using the below command.

[root@localhost]# uuidgen <interface-name>
 

➤ Now create a file called ifcfg-bond0 in the /etc/sysconfig/network-scripts directory for bond0 with the following settings. Please use vi editor to edit this file.

[root@localhost]# cd /etc/sysconfig/network-scripts
[root@localhost]# vi ifcfg-bond0

DEVICE=bond0
Name=bond0
TYPE=bond0
BONDING_MASTER=yes
BONDING_OPTS="mode=balance-rr"
ONBOOT=yes
IPADDR=192.168.1.23
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
 

➤ Now create ifcfg-eth2 and ifcfg-eth3 files in the /etc/sysconfig/network-scripts directory for eth2 and eth3 interfaces with the following settings. Set the MASTER directive to bond0. Both interfaces will act as slaves with no IP addresses assigned to them.

[root@localhost]# vi ifcfg-eth1

DEVICE=eth1
TYPE=Ethernet
NAME=eth1
UUID=23a32d65-343d-48a2-8rf7-d2jh2388f666
ONBOOT=yes
MASTER=bond0
SLAVE=yes

[root@localhost]# vi ifcfg-eth2

DEVICE=eth2
TYPE=Ethernet
NAME=eth2
UUID=22a32d65-443d-48d2-8rf7-d2jh222f666
ONBOOT=yes
MASTER=bond0
SLAVE=yes
 

➤ Now deactivate and reactivate bond0 with the ifdown and ifup commands:

[root@localhost]# ifdown bond0; ifup bond0
 

➤ Check the status of bond0 and the slaves with the ip command. It should also show the assigned IP.

[root@localhost]# ip addr
 

➤ Restart the system to ensure the configuration survives system reboots
[root@localhost]# reboot

How to install and configure samba server in RHEL 7 or redhat linux 7

Login on Samaba server
Check samba rpm installed or not, if not installed please install it,

[root@localhost ~]# rpm -qa | grep samba
[root@localhost ~]# yum install samba*

Create a directory in root file system which is shared with client.

[root@localhost ~]#mkdir -p /home/testuser/test

Add a new group or can use existing group

To provide access on shared directory,Here we are adding new group called samba

[root@localhost ~]#groupadd samba

Change the group and permission of sharing folder

[root@localhost ~]#chgrp -R samba /home/testuser/test
[root@localhost ~]#chmod -R 777 /home/testuser/test

create user, add into group and set samba password

[root@localhost ~]#useradd testuser
[root@localhost ~]#usermod -G samba testuser
[root@localhost ~]#smbpasswd -a testuser

Now Edit /etc/samba/smb.conf file

Note: Please take a backup of origianl file.

[root@localhost ~]#cd /etc/samba/
[root@localhost ~]#cp -p smb.conf smb.conf.orig

And add the below given contents in last line of /etc/samba/smb.conf file.

vi /etc/samba/smb.conf

[test]
comment = shared-directory
path = /home/testuser/test
public = no
valid users = testuser, @samba
writable = yes
browseable = yes
create mask = 0774
directory mask = 4774

##Edit these lines in /etc/samba/smb.conf . To allow network to reach samba server

interfaces = lo ens32 192.168.1.0/24
hosts allow = 127. 192.168.1.

security = user
passdb backend = tdbsam
netbios name = localhost
server string = Samba Server localhost
workgroup = MYGROUP
log file = /var/log/samba/samba.log
max log size = 50
security = server

Add services in /etc/services files

vi /etc/services
 
netbios-ns    137/tcp    # netbios name service
netbios-ns    137/udp    # netbios name service
netbios-dgm    138/tcp    # netbios datagram service
netbios-dgm    138/udp    # netbios datagram service
netbios-ssn    139/tcp    # netbios session service
netbios-ssn    139/udp    # netbios session service

Note: Please check these above ports are open from this samba server to client machine

Now start the smb and nmb services.

systemctl start smb.service
systemctl start nmb.service

Enable smb and nmb service at booting of system

systemctl enable smb.service
systemctl enable nmb.service

Note 1: firewalld service not enable on this server so no need to add any rule.
Note 2: selinux is in permissive state so no need to change the selinux security context.

Now login on window machine

and mount this samba share on the server.

\\localhost.redhat.com\test

Job for smb.service failed because the control process exited with error code. Redhat 7 or RHEL 7

Job for smb.service failed because the control process exited with error code.

I just recently installed the samba server on my Red Hat Linux 7 / RHEL 7 operating system server. After configuration when I have taken restart of samba service, I have got the above error. Due to this samba service not running on my linux machine.

[root@localhost~]# systemctl restart smb.service

I will reveive below error

Job for smb.service failed because the control process exited with error code.
See "systemctl status smb.service" and "journalctl -xe" for details.

So in such case, first I have checked the my samba configuration is ok or not, to do this, please run the below command.

#smbstatus

the above command gives me the below output.

"WARNING: Ignoring invalid value 'share' for parameter 'security'
Can't load /etc/samba/smb.conf - run testparm to debug it"

That's means something wrong in my samba configuration.

So open the /etc/samba/smb.conf file and commented the below line which starts with security.

#security = server

now again run the smbstatus command which gives the new output.

[root@localhost~]# smbstatus

Samba version 4.2.10
PID     Username      Group         Machine            Protocol Version
------------------------------------------------------------------------------

Service      pid     machine       Connected at
-------------------------------------------------------

If you are getting such output that means now your configuration is ok, now please restart the samba service again.

[root@localhost~]# systemctl restart smb.service

[root@localhost~]# systemctl status smb.service
● smb.service - Samba SMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-04-26 16:19:34 BST; 12h ago
 Main PID: 4719 (smbd)
   Status: "smbd: ready to serve connections..."
   CGroup: /system.slice/smb.service
           ├─4719 /usr/sbin/smbd
           ├─4720 /usr/sbin/smbd
           ├─4721 /usr/sbin/smbd
           └─4722 /usr/sbin/smbd

Apr 26 16:19:33 localhost.redhat.com systemd[1]: Starting Samba SMB Daemon...
Apr 26 16:19:33 localhost.redhat.com systemd[1]: smb.service: Supervising process 4719 which is not our child. We'll most likely not notice when it exits.
Apr 26 16:19:34 localhost.redhat.com smbd[4719]: [2018/04/26 16:19:34.173413,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Apr 26 16:19:34 localhost.redhat.com systemd[1]: Started Samba SMB Daemon.
Apr 26 16:19:34 localhost.redhat.com smbd[4719]:   STATUS=daemon 'smbd' finished starting up and ready to serve connections

How to update and upgrade ESXi host

Please find the below steps and command to update and upgrade the ESX host.

You need to understand first, the update and upgrade both are different thing in case of ESX.

Update means you have update the VMware release build.

Upgrade means you have upgrade the VMware version like 5.0 to 6.0 

Please find the below command to update the VMware release build:

# esxcli software vib update -d /vmfs/volumes/updates/VMware-ESXi-5.1.0-Update3-2323236-HPE-510.9.5.0.30-Apr2016-depot.zip

It is asking for reboot please press true and reboot the esx host gracefully, once the host reboot successfully check the new release build. 

Please find the below steps to upgrade the ESX host:

Now we need to upgrade the ESX host from 5.1.0 to 5.5.0 , to perform this task please follow the below steps

Take a remote console of this ESX host from ILO.

Copy the VMware-ESXi-5.5U1-Rollup_2ISO.iso

attached the iso with remote console

boot the ESX host with attached iso VMware-ESXi-5.5U1-Rollup_2ISO.iso

When esx boot this iso during upgrade process it is asking for you 3 option, please select the below option.

Upgrade the ESX host with keeping existing datastore.

Once the upgrade will be successfully, please login on the esx host and check the latest version and all service will working fine.

Please let me know if you have any question regarding this upgrade issue.

How to add linux host in Active Directory (AD) domain

Before performed such work, please collect the below information:-

Host: Server name which need to be add in AD
DA account: .da account which used to add server to domain
Domain name

Please find the below process step by step to add a server in to AD:-

[root@localhost ~]# hostname localhost.redhat.com

[root@localhost ~]# adinfo

Not joined to any domain
Licensed Features: Enabled

[root@localhost ~]#  adjoin -u xyz.da --name localhost -a localhost.redhat.com -w redhat.com

xyz.da@REDHAT.COM's password:
Using domain controller: redhat01.redhat.com writable=true
Join to domain:redhat.com, zone:Auto Zone successful
Centrify DirectControl started.
Loading domains and trusts information
........................

Note: .da account required to add server in domain

How to install or upgrade VMware Tools on linux server

You need to login on the server where you need to install or upgrade the vmware tool.

Check the status of vmtools from vcenter GUI & Servers.

/etc/vmware-tools/services.sh status

Please follow the below steps to install or upgrade the VMware Tools:-

1.    From vsphere select the virtual machine on which vmtools need to be installed and then Choose VM > Install VMware Tools.

2. As root mount the VMware Tools virtual CD-ROM image to /mnt

mount /dev/cdrom /mnt

3. go to /tmp and untar the installation file.

cd /tmp
tar zxf /mnt/VMwareTools-x.0.0-<xxxx>.tar.gz

4. Run the VMware Tools installer:

cd /tmp/vmware-tools-distrib

./vmware-install.pl -d
 

Unmount of the VMware Tools virtual CD-ROM image is done automatically.

Login to server as root and run below command to start the services:

/etc/vmware-tools/services.sh start


Run below command to check the status of vmtools:

/etc/vmware-tools/services.sh status

Uninstall the vmtools by running below command:

/usr/bin/vmware-uninstall-tools.pl

How to start/stop and enable/disable Firewall on Redhat 7 Linux system

In RHEL7, to stop/start and enable/disable the firewall is quite different from RHEL6. In Red hat 7 "firewalld" named service we used for local firewall. Please find the below example step by step to check the firewall status.

How to check status of RHEL7 firewall:

[root@localhost ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)

Active: active (running) since Thu 2018-02-05 12:37:47 IST; 0 months 1 days ago

Main PID: 332 (firewalld)

CGroup: /system.slice/firewalld.service
           └─332 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Feb 05 12:37:47 localhost systemd[1]: Starting firewalld - dynamic firewall daemon...
Feb 05 12:37:49 localhost systemd[1]: Started firewalld - dynamic firewall daemon.

In the above status firewall is by default enable on the linux system. It is enable automatically when system restart or on.

How to Stop and Start RHEL7 firewall:

 

Please use the below commands to start stop the firewall on redhat linux 7 operating system. 

[root@localhost ~]# service firewalld stop
Redirecting to /bin/systemctl stop  firewalld.service
Stopped firewall will start again after system's reboot.

[root@localhost ~]# service firewalld start
Redirecting to /bin/systemctl start  firewalld.service

How to Disable and Enable RHEL7 firewall:

If you want to disable permanently firewall so that after reboot it is not enable again, please use the below command.

[root@localhost ~]# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'

If you want to enable the firewall again run please use the below command.

[root@localhost ~]# systemctl enable firewalld
ln -s '/usr/lib/systemd/system/firewalld.service' '/etc/systemd/system/basic.target.wants/firewalld.se

How to Flush Memory Cache and Buffer Cache on Linux Server

When you run the "free -m" command and get the below output, then you observe free memory section will be low value but comparatively buffers+cache value would be higher.

Now this is not a bad thing actually since your OS has reserved this memory to speed up your most used process by keeping them in the cache. But in case any new process is executed and your system is low on memory then these cache would be automatically released to make space for memory reservation of new processes.

[root@localhost]# free -m
             total       used       free     shared    buffers     cached
Mem:          2345       1234        1145          0         24        400
-/+ buffers/cache:        664        345
Swap:         4032          0       4032

if you want to clear or free cache/buffer memory then you need to run the below command.

[root@localhost]# echo 3 > /proc/sys/vm/drop_caches

These are the different values which you can use with the above command

echo 1 is clearing only page cache

[root@localhost]# echo 1 > /proc/sys/vm/drop_caches

echo 2 is to clear free dentries and inodes

[root@localhost]# echo 2 > /proc/sys/vm/drop_caches

echo 3 is clearing page cache, dentries and inodes

[root@localhost]# echo 3 > /proc/sys/vm/drop_caches

SSH login without password in linux

If you want to connect one Linux host to other Linux host through SSH with password-less connection then you need to perform below steps.

Lets suppose you need password-less login from host "server01" / user "redhat" to host "server02" / user "centos".

1. First login in on "server01"as user "redhat" and generate a pair of authentication keys.

[redhat@server01]# ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/redhat/.ssh/id_rsa):
Created directory '/home/redhat/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/redhat/.ssh/id_rsa.
Your public key has been saved in /home/redhat/.ssh/id_rsa.pub.
The key fingerprint is:
1e:4f:05:79:3a:9f:96:7c:2b:ad:e9:58:37:sc:37:e4 redhat@server01

Note: Do not enter a passphrase.

2. Now you use ssh to create a directory ~/.ssh as user "centos" on server02.

Note: If directory already exist, you do not create it again.

[redhat@server01]# ssh centos@server02 mkdir -p .ssh

centos@server02's password:

Finally append redhat's new public key to centos@server02:.ssh/authorized_keys and enter centos's password one last time:

3. Now copy the rsa key to server 02 ssh authorized_keys file

[redhat@server01]# cat .ssh/id_rsa.pub | ssh centos@server02 'cat >> .ssh/authorized_keys'

centos@server02's password:

Now you can log into server02 as "centos" from server01 as "redhat"a without password.

4. Now you can test the password less connection.

[redhat@server01]# ssh centos@server02

You are successfully login on the server02 without any password.

Note:  In case of any permission issue you need to set "700" permission on .ssh folder on server02.