RedHat 6

Using redhat-support-tool in 10 space

Posted on by

OK, Private IP space, but you should know that 10 space means private IP space.

The command redhat-support-tool is useful when working with a Red Hat support ticket. Once a ticket is opened with Red Hat your next step should be to create and attach an sosreport to the ticket. If you don’t then you will waste valuable time as their first response will be, you guessed it, please attach an sosreport. Even attaching one is no guarantee they won’t still ask as they follow the script pretty closely.

The 90% use case for using the command redhat-support-tool is adding attachments, like this:

redhat-support-tool addattachment -c CASE_NUMBER /tmp/sosreport.tar.xz

If you have not configured /root/redhat-support-tool/redhat-support-tool.conf you will be prompted for your RHN user name and password.  Since I mentioned it please note that /root/redhat-support-tool contains your configuration file and a log file.  Please note: that if you configure global setting (more on that below) those settings are stored in /etc/redhat-support-tool.conf

Back to Private IP space use.  Supposedly you can configure this using the redhat-support-tool -> config option for example:

# redhat-support-tool
Command (? for help): config proxy_url proxy.your-url.domain

OR

# redhat-support-tool
Command (? for help): config proxy_url http://proxy.your-url.domain

OR setting it globally (sets it to /etc/redhat-support-tool.conf)

# redhat-support-tool
Command (? for help): config -g proxy_url http://proxy.your-url.domain

This however doesn’t always work, here is why with an explanation, thanks to my colleague Doug B:

I figured out the redhat-support-tool issue.

– It’s always connecting to proxy via https, so you have to use “http://proxy.url.edu:80” in order to force it.
– It may conflict with an http_proxy environment variable.

Even unsetting the variable within the tool (with –unset proxy_url) didn’t seem to clear out an incorrect entry – even though nothing was in the config file!

In the end it’s easiest to just to export http_proxy=http://proxy.url.edu:80 and not modify anything within the support tool itself.

As you can see a frustrating problem, yes we could have just transferred the file and uploaded it using the webUI or from another system but what would we have learned from that?!

Again, thanks to Doug B. for working with me on this.

Here is a link (account required) to more details about the redhat-support-tool: https://access.redhat.com/articles/445443

 

Kerberizing RHEL Server

Posted on by

Notes from Plone…

yum install krb5-workstation pam_krb5 -y
# if krb5.conf is present we should get a fresh copy
mv /etc/krb5.conf /etc/krb5.conf.bak
yum reinstall krb5-libs -y
sed -ie 's/example.com/uconn.edu/g' /etc/krb5.conf
sed -ie 's/EXAMPLE.COM/UCONN.EDU/g' /etc/krb5.conf
fqdn=`hostname --fqdn`;
echo "
ank -randkey host/$fqdn@UCONN.EDU
ktadd -k /etc/krb5.keytab host/$fqdn@UCONN.EDU
";

--- OR ---

kadmin netid/admin@UCONN.EDU
addprinc -randkey host/$fqdn
ktadd -k /etc/krb5.keytab host/$fqdn
modprinc -requires_preauth host/$fqdn

kadmin -p netid/admin@UCONN.EDU
exit
authconfig --enablekrb5 --updateall
echo "netid/admin@UCONN.EDU" >> ~/.k5login
restorecon ~/.k5login
chmod 600 .k5login
service sshd restart