System Administration

Issues with Tomcat7 on RHEL7

On RHEL7, up until tomcat v7.0.59 Redhat maintained backwards compatibility with RHEL6 structures.  Once you upgrade to tomcat 7.0.70-x all that changes.  Two things specifically:

One big change is the use of $CATALINA_OPTS, if you have multiple lines defining various $CATALINA_OPT properties your installation will break.  Once you upgrade you must specify all of your $CATALINA_OPTS on a single line.  This has to do with the use of systemd, regardless all on one line or it won’t work.

Ensure tomcat7 is logging to /var/log/tomcat7/catalina.out

Create a new file /etc/rsyslog.d/tomcat.conf containing the next two lines:

programname,contains,"server" /var/log/tomcat/catalina.out
programname,contains,"server" ~

Afterwards, restart the rsyslog daemon:

service rsyslog restart

Those are the only issues I have found yet, I’ll update if more surface.



Copying a file to multiple locations

I thought this was cool enough to share.  I have not had to use it however so I doubt it is all that useful 😉

xargs -n 1 cp -v foo.txt<<<"/tmp1/ /tmp2/ /tmp3/"

Here we are copying one file named foo.txt to multiple directories called /tmp/1/, /tmp/2/, and /tmp/3 using xargs.  The xargs command construct argument list(s) and execute utility such as cp.

If you find a use for this let me know.  Backup copies seems useful but other than that…?


Disable All User Login Access

There are occasions when you want to make sure users can not log into a system.  This can be due to a maintenance period or I have used it as part of the process for retiring a system.  It is simple enough but I thought it worth documenting for prosperity.

# cd /{root of user home directory}
# ls -al | awk '{print $3}' | grep -v -e '^$' | grep -v {account exceptions} |while read a;do usermod -s /sbin/nologin $a;done;

To break down possibly the non-obvious part down:

grep -v -e '^$'

This removes any blank lines from the output.  The rest should be self-explanatory, if it isn’t ask in the comments section.

Don’t forget to add your account to the exception list, and it is always a good idea to test the output first.  To reverse the process change /sbin/nologin to /bin/bash.




Yum Rollbacks

Very occasionally installing a package or updates with yum can have unexpected results.  Fortunately yum provides the ability to roll back anything it installs.  Here is an example of what these commands look like:

# yum history
Loaded plugins: package_upload, product-id, search-disabled-repos, security, subscription-manager
ID | Login user | Date and time | Action(s) | Altered
 11 | root <root> | 2016-12-16 13:20 | Install | 8 
 10 | root <root> | 2016-12-16 10:38 | Install | 1 
 9 | root <root> | 2016-12-16 08:05 | Install | 1 
 8 | root <root> | 2016-12-15 15:37 | Install | 1 
 7 | root <root> | 2016-12-15 13:29 | Install | 10 
 6 | root <root> | 2016-12-15 12:55 | Install | 5 <
 5 | root <root> | 2016-12-08 14:51 | I, O, U | 381 >E
 4 | root <root> | 2016-12-08 14:45 | Install | 4 
 3 | root <root> | 2016-12-08 14:12 | I, U | 32 EE
 2 | root <root> | 2016-12-08 14:11 | Install | 1 
 1 | System <unset> | 2016-12-08 13:50 | Install | 644

To reverse any of these yum actions simply issue the command:

# yum history undo "#"

Where the trailing “#” is the ID number from the yum history output.

Good luck.

Subnet Cheat Sheet

Subnet Mask Cheat Sheet

Posted here because 95% of the networks are the same and when I encounter a different one I have to think about it…not any more!

See RFC 1878 for more details & information.

Addresses Hosts Netmask Amount of a Class C
/30 4 2 1/64
/29 8 6 1/32
/28 16 14 1/16
/27 32 30 1/8
/26 64 62 1/4
/25 128 126 1/2
/24 256 254 1
/23 512 510 2
/22 1024 1022 4
/21 2048 2046 8
/20 4096 4094 16
/19 8192 8190 32
/18 16384 16382 64
/17 32768 32766 128
/16 65536 65534 256

Network Interface Name in rhel7

Anyone who has installed rhel7 knows how annoying it is to check you network and not see eth0.  Perhaps it is just me then…  Regardless here are instructions on how to change it:

First you need to know the name of the network adapter in use, you can look in /etc/sysconfig/network-scripts/ifcfg-eno##### or run this command:

# ip addr show
Now you need to do the following:
vim /etc/sysconfig/grub
add “net.ifnames=0 biosdevname=0″ to the end of the line beginning with: GRUB_CMDLINE_LINUX, for example:
GRUB_CMDLINE_LINUX="crashkernel=auto rhgb quiet net.ifnames=0 biosdevname=0"
Now you need to regenerate the GRUB configuration with the updated kernel parameters:
# grub2-mkconfig -o /boot/grub2/grub.cfg
Now you need to change the ‘eno##” named network scripts you identified above:
# cp -p /etc/sysconfig/network-scripts/ifcfg-eno16780032 /etc/sysconfig/network-scripts/ifcfg-eth0

Next edit the newly copied network script to change any reference to the eno### to eth0, for example:

sed -i -e 's/eno16780032/eth0/g' /etc/sysconfig/network-scripts/ifcfg-eth0

Now reboot:

# shutdown -r now

After system reboot your network interface shall be called eth0 and all will be right in the world again…

Hat tip to Angelo for most of the leg work.

yum Invalid System Credential error

I ran across the following yum error after migrating a system from being a client of Satellite 5.6 to Satellite 6.1.  First here is the error:

# yum update
Loaded plugins: package_upload, priorities, rhnplugin, search-disabled-repos, security, subscription-manager
There was an error communicating with RHN.
RHN Satellite or RHN Classic support will be disabled.

Error Message:
    Please run rhn_register as root on this client
Error Class Code: 9
Error Class Info: Invalid System Credentials.
     An error has occurred while processing your request. If this problem
     persists please enter a bug report at
     If you choose to submit the bug report, please be sure to include
     details of what you were trying to do when this error occurred and
     details on how to reproduce this problem.

Setting up Update Process
rhel-6-server-rpms                                                                                                                                                            | 2.0 kB     00:00     
rhel-6-server-satellite-tools-6.1-rpms                                                                                                                                        | 2.1 kB     00:00     
No Packages marked for Update
This left me scratching my head for a few and a quick search didn’t produce much so I thought I should document this for prosperity.
The problem was with the contents of the file /etc/yum/pluginconf.d/rhnplugin.conf
Part of my transition is running this command:
sed -i -e 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/rhnplugin.conf
The problem was unlike all of my other systems, this file must have been edited because instead of containing “enabled=1” it contained “enabled = 1”
To correct that I modified my sed command to ignore white space:
sed -i -e 's/enabled\s*=\s*1/enabled=0/g' /etc/yum/pluginconf.d/rhnplugin.conf

More details can be found using the yum.conf man page.

Hope that is helpful.


Working with Repositories

Pulling packages from multiple sources can lead to problems.  If you are running rhel and have epel enabled an update could inadvertently pull down a newer version from the wrong repository.  This doesn’t always cause a problem, but it can.  If you need to tfind all the epel packages on your system, here is how you: List all packages installed from repo “X”

yum list installed | grep @epel



systemd commands, hints and cheatsheet

List all running services

# systemctl

Start/stop or enable/disable services

Activates a service immediately:

# systemctl start foo.service

Deactivates a service immediately:

# systemctl stop foo.service

Restarts a service:

# systemctl restart foo.service

Shows status of a service including whether it is running or not:

# systemctl status foo.service

Enables a service to be started on bootup:

# systemctl enable foo.service

Disables a service to not start during bootup:

# systemctl disable foo.service

Check whether a service is already enabled or not:

# systemctl is-enabled foo.service; echo $?

0 indicates that it is enabled. 1 indicates that it is disabled

How do I change the runlevel?

systemd has the concept of targets which is a more flexible replacement for runlevels in sysvinit.

Run level 3 is emulated by Run level 5 is emulated by is a symbolic link to and is a symbolic link to

You can switch to ‘runlevel 3′ by running

# systemctl isolate (or) systemctl isolate

You can switch to ‘runlevel 5′ by running

# systemctl isolate (or) systemctl isolate

How do I change the default runlevel?

systemd uses symlinks to point to the default runlevel. You have to delete the existing symlink first before creating a new one

# rm /etc/systemd/system/

Switch to runlevel 3 by default

# ln -sf /lib/systemd/system/ /etc/systemd/system/

Switch to runlevel 5 by default

# ln -sf /lib/systemd/system/ /etc/systemd/system/

systemd does not use /etc/inittab file.

List the current run level

runlevel command still works with systemd. You can continue using that however runlevels is a legacy concept in systemd and is emulated via ‘targets’ and multiple targets can be active at the same time. So the equivalent in systemd terms is

# systemctl list-units --type=target

Powering off the machine

You can use

# poweroff

Some more possibilities are: halt -p, init 0, shutdown -P now

Note that halt used to work the same as poweroff in previous Fedora releases, but systemd distinguishes between the two, so halt without parameters now does exactly what it says – it merely stops the system without turning it off.


Service vs. systemd

# service NetworkManager stop


# systemctl stop NetworkManager.service

Chkconfig vs. systemd

# chkconfig NetworkManager off


# systemctl disable NetworkManager.service


systemd has a built-in readahead implementation is not enabled on upgrades. It should improve bootup speed but your mileage may vary depending on your hardware. To enable readahead:

# systemctl enable systemd-readahead-collect.service
# systemctl enable systemd-readahead-replay.service

SystemD cheatsheet

service foobar start systemctl start foobar.service Used to start a service (not reboot persistent)
service foobar stop systemctl stop foobar.service Used to stop a service (not reboot persistent)
service foobar restart systemctl restart foobar.service Used to stop and then start a service
service foobar reload systemctl reload foobar.service When supported, reloads the config file without interrupting pending operations.
service foobar condrestart systemctl condrestart foobar.service Restarts if the service is already running.
service foobar status systemctl status foobar.service Tells whether a service is currently running.
ls /etc/rc.d/init.d/ ls /lib/systemd/system/*.service /etc/systemd/system/*.service Used to list the services that can be started or stopped
chkconfig foobar on systemctl enable foobar.service Turn the service on, for start at next boot, or other trigger.
chkconfig foobar off systemctl disable foobar.service Turn the service off for the next reboot, or any other trigger.
chkconfig foobar systemctl is-enabled foobar.service Used to check whether a service is configured to start or not in the current environment.
chkconfig foobar –list ls /etc/systemd/system/*.wants/foobar.service Used to list what levels this service is configured on or off
chkconfig foobar –add Not needed, no equivalent.

Linux readahead: less tricks for more

Timestamping your bash_history

I use this all the time and occasionally find a server that isn’t configured to timestamp the bash_history. It seemed like something I should preserve here for future reference.

Adding a timestamp is really simple, just execute the following:

echo ‘export HISTTIMEFORMAT=”%d/%m/%y %T “‘ >> ~/.bash_profile ; source ~/.bash_profile

That’s it, now the history command is more useful.