How to install Ansible on RHEL7/ CentOS7

We are going to see how to install Ansible on RHEL7/ CentOS7 in this post.

Control node needs to install Python 2.6 or latest version and windows doesn’t support for control node.

Since the ansible agentless tool, on Managed hosts no need to install any specific agent/client. And need to install python 2.4 or latest version on managed hosts.

How to install Ansible on RHEL7/ CentOS7

Installing Ansible on RHEL7/ CentOS7:

To install the Ansible we should have Enabled EPEL repository on our server already

Once enable EPEL Repo, then we can start installing Ansible using yum.

[[email protected] ~]# yum install ansible -y

Post installation of ansible will check the version of Ansible by using below command

[[email protected] ~]# ansible --version
ansible 2.7.9
 config file = /etc/ansible/ansible.cfg
 configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
 ansible python module location = /usr/lib/python2.7/site-packages/ansible
 executable location = /usr/bin/ansible
 python version = 2.7.5 (default, Aug 2 2016, 04:20:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]
[[email protected] ~]#

Finally, we installed ansible over our machine which we are going to take it as a control node.

Hereafter if we want to deploy or manage any remote hosts(Managed Host) from the control node, SSH authentication is mandatory. So, We should copy and paste the SSH keys to the remote hosts to make the communication available between the control and managed node.

 

Reference: Ansible documented site

 

 

How to enable EPEL Repository on RHEL7/CentOS7

In this post, we are going to see How to enable EPEL Repository on RHEL7/CentOS7

How to enable EPEL Repository on RHEL7/CentOS7

Need to install EPEL rpm by using below command:

[[email protected] ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Out will be like below

Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
warning: /var/tmp/rpm-tmp.CmU1nG: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
 1:epel-release-7-11 ################################# [100%]
[[email protected] ~]#

Now we installed the Repo and need to check by listing the installed repo using below command:

[[email protected] ~]# yum repolist

List the available packages from EPEL Repository using below command:

[[email protected] ~]# yum --disablerepo=* --enablerepo=epel list

Now we Enabled EPEL Repository successfully on our server and we can use yum to install the packages.

 

Thanks for the reading this post.

Reference: ITZgeek

Architecture of Ansible

we are going to see the Architecture of Ansible in this post.

Communication:

Architecture of Ansible

Communication established between control node(Server) and Managed hosts(Client machines) using SSH Protocol.

A normal user will be sufficient for communication between Control and Managed hosts.

A normal user can able to perform a few tasks but for other tasks, we need administrators user or other users who have sudo access to perfom that tasks.

complete Architecture detail of Ansible:

Architecture of Ansible

 

This will explain how the ansible working and what are all the things contains as architecture.

As we can see the above diagram ansible automation engine will interact directly with the person who writes playbooks to do tasks.

It also interacts with the cloud(public/private) directly. Basically its CMDB(Configuration Management Data Base).

Also, it contains the below components:

  1. Inventory
  2. Modules
  3. API
  4. Plugins

 

Inventory:

Inventory will contain the List of Host or IP Address of Host/ Wildcards where we are going to do automation tasks using ansible.

default ansible inventory path: /etc/ansible/hosts

We can specify the different inventory path using -i option.

Modules:

Ansible has more 1000 readymade playbooks in it and we should use those modules in paybooks to do automation tasks. Modules will be copied from Control node to managed hosts while executing the tasks and it will run the program based on playbook and Module then will give back us the output.

Also, the user can create custom playbooks based on their needs.

We should mention the modules in playbooks and modules will be directly executed in remote hosts through playbooks and will get the output.

API:

Ansible uses API as transport  for Cloud services.

Plugins:

Plugins will enhance the features ansible.

Plugins will allow executing the task on build stat. Its a piece of code.

Using ansible we can automate the tasks on different types of network.

 

 

 

 

Introduction of Ansible automation tool

We are going to see Introduction of Ansible automation tool in this post. By reading the future post you can learn full ansible automation and it’s purely based on RedHat Linux.

Ansible is written by Micheal DeHaan

What is Ansible?

It’s a simple IT automation and powerful configuration management tool which is written in python.

It’s an open source configuration management tool.

We can standardize our environment configuration from one server to all other remote servers using ansible by creating the playbooks to complete that task.

Mainly it’s agentless automation tool. Work is pushed to the remote host when the ansible executed.

What we can do:

  • Configuration of Servers
  • Application Deployments
  • Continuous testing of existing application
  • Provisioning
  • Orchestration
  • Automating our administration tasks

 

What we cannot do:

  • We cannot install the initial minimum installation of the system.
  • We cannot monitor the servers
  • It will not track what changes are made over the files on the system.

How the Ansible work:

 

Introduction of Ansible automation tool

Ansible Syntax (or) ansible adhoc command:

Ex:

#Ansible -m command -a "uptime" Test

 

Ansible:- Keyword

m:- Module

command:- Module Name

uptime:-  OSCommand

Test:- Target server Group

 

Ansible Features:

  • Easy to learn
  • Written in python
  • Agentless
  • YAML based playbooks
  • Ansible Galaxy

Ansible Modules:

It’s having 1375 modules. For each and every operation we need to use modules to run the commands.

So we should understand the modules to do automation.

 

How to clear UDID mismatch in VCS Cluster(online thinrclm udid_mismatch)?

In this post, we are going to see How to clear UDID mismatch in VCS Cluster(online thinrclm udid_mismatch)?

We are doing this activity in VCS 3 node cluster with Linux environment.

In VCS Cluster udid_mismtach might lead to disk failures.

Error:
#vxdisk -l alldgs list | grep udid
emc4_184a auto:cdsdisk   -   (vxfendg)   online thinrclm udid_mismatch
emc4_184b auto:cdsdisk   -   (vxfendg)   online thinrclm udid_mismatch
emc4_184c auto:cdsdisk   -   (vxfendg)   online thinrclm udid_mismatch
Resolution:

Verify the fencing disks using “vxdisk -l alldgs list | grep udid” command to know whether it’s having udid_mismatch or not. Using that command we came to know all the three fencing disks has udid_mismatch.

#vxdisk -l alldgs list | grep udid
emc4_184a auto:cdsdisk   -   (vxfendg)   online thinrclm udid_mismatch
emc4_184b auto:cdsdisk   -   (vxfendg)   online thinrclm udid_mismatch
emc4_184c auto:cdsdisk   -   (vxfendg)   online thinrclm udid_mismatch

Verify the all 3 disks udid and udid_asl values are different or not.

Using below command we found that, udid & udid_mismatch values are different.

#vxdisk -v list emc4_184a | grep -i udid 
flags:   online  ready  private autoconfig udid_mismatch coordinator thinrclm 
udid:   EMC%5FSYMMETRIX%5FF000197500111%5F110184A008 
tag:     udid_asl=EMC%5FSYNNETRIX%5F000195702690%5F9002F64000

How to clear UDID mismatch in VCS Cluster(online thinrclm udid_mismatch)?

 

Like the above use the same command to check udid & udid_mismatch values for another two disks(emc4_184b, emc4_184c)

Then check whether the fencing keys on the coordinator disks are fine using below command

#vxfenadm -s /dev/vx/rdmp/emc4_184a

All the fencing keys are looking good on the coordinator disks.

How to clear UDID mismatch in VCS Cluster(online thinrclm udid_mismatch)?

Finally, command to clear the udid_mismatch flag from all 3 fencing disks.

#vxdisk updateudid emc4_184a

#vxdisk updateudid emc4_184b

#vxdisk updateudid emc4_184c

Confirm udid_mismatch has been cleared or not using the below command.

#vxdisk -o alldgs list | grep -i udid

How to install Docker EE in RHEL7

How to install Docker EE in RHEL7

Will see How to install Docker EE in RHEL7 in this post. We have other steps as well on our blog to install the Docker in Linux.

It’s a container virtualization technology and more efficient in the deploy an application.

We have two option to install the Docker EE in RedHat Linux.

  1. Yum Repository: Create/ Enable YUM Repository and install using that. this is the recommended one to install/ upgrade a package in Linux.
  2. RPM: We have to download and install manually. This will be useful to install when the system doesn’t have internet access.

Requirement:

RHEL 7.1 or Higher Operating System.

overlay2 or device-mapper storage driver(direct-lvm mode for production environment)

Yum repository.

Disable SELinux in IBM Power Systems before install/ Upgrade

Enabling YUM Repository for Docker EE Installation:

Browse “https://store.docker.com/my-content” and login. You should at least registered for the trail.

Once logged in, Click “Setup” to get the URL to enable the repository.

Copy the URL from “Copy and paste this URL to download your Edition:” and save it for later use.

You will use this URL to create the variable called “DOCKERURL“.

Use the below command to remove existing docker repo.

[[email protected] ~]# rm /etc/yum.repos.d/docker*.repo

Save the copied URL in the environmental variable(DOCKERURL). Replace with URL where “<DOCKER-URL>” is mentioned in below command.

#export DOCKERURL="<DOCKER-EE-URL>"

Than now store the variable(DOCKERURL) in yum variable /etc/yum/vars

[[email protected] ~]# sudo -E sh -c 'echo "$DOCKERURL/rhel" > /etc/yum/vars/dockerurl'

Now store the OS version in /etc/yum/vars/dockerosversion:

[[email protected] ~]# sh -c 'echo "7.3" > /etc/yum/vars/dockerosversion'

Then install the required packages yum-utils, device-mapper-persistent-data and lvm2

[[email protected] ~]# yum -y install yum-utils device-mapper-persistent-data lvm2

Now will enable extras RHEL repository and This will ensure the access to container-selinux which is package required by “Docker-EE” and the below command will be used in all Architecture except IBM Power Systems.

[[email protected] ~]# yum-config-manager --enable rhel-7-server-extras-rpms
Loaded plugins: product-id

For IBM Power System use the below command:

#yum-config-manager --enable extras
#subscription-manager repos --enable=rhel-7-for-power-le-extras-rpms
#yum makecache fast
#yum -y install container-selinux

Add the Docker EE repository using below command.

[[email protected] ~]# yum-config-manager --add-repo "$DOCKERURL/rhel/docker-ee.repo"

Installing Docker EE in RedHat Linux:

Now using the docker repository will install the Docker-EE by executing below command.

[[email protected] ~]# yum install docker-ee

Note: If the above command failed for “container-selinux” dependency. Then we should install the container-selinux and below two are dependency packages for container-selinux

policycoreutils.2.5-11.el7 Click here to download

policycoreutils-python (This will be available in your OS packages list)

Now again try to install the docker-ee using yum.

Start the docker using systemctl.

[[email protected] ~]# systemctl start docker

Now we completed docker-ee installation.

To verify Docker-EE installed correctly, use the hello-world image. This will download a test image and run it in a container. Will give you the information.

[[email protected] ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
9bb5a5d4561a: Pull complete
Digest: sha256:f5233545e43561214ca4891fd1157e1c3c563316ed8e237750d59bde73361e77
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/

For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/

 

So, Finally we completed the Docker installation.

Refernce: docs.docker.com

List of tools in Kali Linux

List of tools in Kali Linux

We have more than 500 List of tools in Kali Linux and below are the categories of available tools with numbers.

List of tools in Kali Linux:
  1. Exploitation tools (21)
  2. Forensics (23)
  3. Hardware hacking (6)
  4. Information Gathering (69)
  5. Maintaining Access (18)
  6. Password Attacks (41)
  7. Reporting Tools (10)
  8. Reverse Engineering (11)
  9. Sniffing/ Spoofing (32)
  10. Stress testing (14)
  11. Uncategorized (10)
  12. Vulnerability Analysis (29)
  13. Web Applications (44)
  14. Wireless Attacks (53)

Will see briefly in future posts about these categorized tools.

Thanks for your support. Comments are always welcome to provide you the better experience on learning technologies.

Reference: Kali Docs

What is Kali Linux

What is Kali Linux

What is Kali Linux?

Will see what is Kali Linux in this post. Nowadays Linux is everywhere in use in the form of Smartphones, Cars, Supercomputers, Robots and Home appliances, etc…

This belongs to Debian distribution and its developed towards Penetration testing, Security auditing, Forensics and reverse engineering.

It’s funded, developed and maintained by Offensive Security(leading information security company).

Features of Kali:
  1. Free Operating system
  2. Open source Git tree
  3. More than 600 penetration tools
  4. FHS Compliant
  5. Wide range wireless support
  6. Developed in a secure environment
  7. Custom kernel, patched for injection
  8. Customizable
  9. GPG Signed packages and repositories
  10. ARMEL and ARMHF Support
  11. Multi-language support

 

Reference:  Kali Docs

VNC installation in rhel7

VNC installation in rhel7

Will see how to install VNC installation in rhel7 in this post.

VNC will help us to share the desktop with GUI and for that in both server VNC Server/client should be installed.

Before installing VNC, we should install GNOME in RHEL7.

Installing VNC Server:

Use yum to install the VNC Server. Before that yum should be configured on your server.

[[email protected] ~]# yum -y install vnc*

Configuring VNC Server in RHEL7:

To configure the port and user, need to copy [email protected] from /lib/systemd/system/ to /etc/systemd/system/.

5900 is default listening port.

[[email protected] ~]# cp /lib/systemd/system/[email protected] /etc/systemd/system/

Now open the /etc/systemd/system/[email protected] file using vi editor and locate <USER> replace with your respective username which you are going to use for remote access.

[[email protected] ~]# vi /etc/systemd/system/vncserver\@.service

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
PIDFile=/home/<USER>/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

Updated:

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l root -c "/usr/bin/vncserver %i"
PIDFile=/home/root/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

Now enable the port over the firewall to allow VNC access using firewalld.

[[email protected] ~]# firewall-cmd --permanent --add-port=5900/tcp
success
[[email protected] ~]# firewall-cmd --reload
success

Than start VNC server

[[email protected] ~]# vncserver

Now it will prompt to set the password to access the desktop.

You will require a password to access your desktops.
Password:
Verify:
xauth: file /root/.Xauthority does not exist

New 'localhost.localdomain:1 (root)' desktop is localhost.localdomain:1

Creating default startup script /root/.vnc/xstartup
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/localhost.localdomain:1.log

Now reload the systemctl daemon

[[email protected] ~]# systemctl daemon-reload

 

And start and enable the service in this run level permanently using below command.

[[email protected] ~]# systemctl start [email protected]

[[email protected] ~]# systemctl enable [email protected]

Finally, we completed all the configuration on Linux Machine and to check this open VNC on a windows machine and try to access using our Linux machine IP Address and port number

192.168.1.104:5900

and it will prompt for the password, provide de password to access the Linux machine.

Reference: itzgeek

About Ubuntu 18.04

About Ubuntu 18.04

We are going to see about Ubuntu 18.04 Operating system, which is going to release on 26th April 2018.

Features of Ubuntu 18.04:

GNOME 3.28 Desktop

Ubuntu 18.04 going to give us a new experience.

Kernel 4.15

Ubuntu has scheduled to come up with new kernel version for every 6 months. Now Kernel 14.5 going to give more power to Ubuntu.

Xorg

Xorg is the default one for Ubuntu and from next release, TLS will come with both traditional Xorg graphics and Way-land based stack. It will give better performance to software like Skype, hangout and it will recover better from the shell crashes.

Minimal installation method

From ubuntu 18.04 we have an option to install with minimal packages and it will give us a desktop environment.Note: This is not a replacement for existing Ubuntu minimal ISO.

Ubuntu will collect data

As per Ubuntu announcement, canonical will collect some user data like system configuration and installed packages and this option will be available in the installer.

New installer

Subiquity will be the default one in an upcoming release and this will give new look to server installation.

Color emojis

Its important in messaging and communication. It will display colorful emojis in all the apps.

Faster boot time

Using systemd it will speed up the booting time.

zstd compression algorithm

Using facebook’s zstd compression algorithm it speeds up the Ubuntu installation process.

refrence: Ubuntu wiki