Friday, April 16, 2021

Cent OS 8 is not booting with the latest Kernel

 CentOS 8 is not booting with the latest kernel


I have installed Centos 8 operating system and it has updated with the installation. There were three kernels listed in the /boot folder 4.8.1, 4.8.10 and 4.8.22. After completing all the installation I have rebooted the server to boot with latest kernel version. Yet, it was found that the server was booted with 4.8.10 kernel not with the latest. Even grub does not show the 4.8.22 kernel to select and boot. 

To ensure the what is the default kernel which shows by the OS, run the several commands and ensure the default kernel set to the latest.

# rpm -qa | grep kernel | sort

# grubby --info=ALL | grep ^kernel

# grubby --grub2 --default-title ( It shows that default booting kernel is 4.8.22 even though it has not booted)

# grubby --default-kernel

Above commands set confirm that default kernel is set to the latest (4.8.22). Unfortunately, there were no any error logs related to the issue. I have searched through the google to find out a solution, but most of the google results did not provide a correct solution. 

Fortunately while going through deep search I was able find one clue stating that there was a issue with 4.8.22 kernel for several servers. It was a simple solution to address this issue which is reinstall the grub again. As this is test server without having second thought I have reinstalled the grub with the below command.

dnf reinstall grub*

The reboot solve everything after that. 

Further reading:     https://forums.centos.org/viewtopic.php?t=77412&p=325535     

                               https://www.golinuxcloud.com/change-default-kernel-version-rhel-centos-8/

Thursday, April 15, 2021

Arch Linux Sound Drive not detected

 Arch Linux Sound Drive not detected

 

I have bought a Dell Vostro 3000 series laptop. It was designed for the business use. Even though I have installed the Arch Linux for many different hardware platform, this is the first time I have encountered a problem with sound driver. Usually arch linux does not have issues with hardware drivers. It all configured properly with the installation. 

 I have tried several ways to rectify the sound driver issue. Even i have installed the alsa software as well. But the real solution was to disable the  dmic since it was issues with the Linux kernel version 5.5 and above. Earlier version of Linux kernel explicitly disable the dmic. 

 

Add new file in the modprobe to disable the kernel version.

/etc/modprobe.d/disable_dmic.conf 

options snd_hda_intel dmic_detect=0 

 Then reboot the Arch Linux machine. Below are the supporting links. 

https://bbs.archlinux.org/viewtopic.php?pid=1887925#p1887925

https://bbs.archlinux.org/viewtopic.php?pid=1888046#p1888046


If you need further reading about Arch Linux sound driver behavior below is a good reading.

https://wiki.archlinux.org/index.php/Advanced_Linux_Sound_Architecture/Troubleshooting#No_output

Sunday, August 2, 2020

File system extend on LUKS encrypted file system

File system extend on LUKS

encrypted file system


Scenario: I have run CentOS 7 server with the LVM and LUKS encrypted partitions. Java based application runs on the server with tomcat and mariadb as back end applications. Alerting system has been notified 0% disk space left in the /var directory.

It has used separate partition for /var, /home, /root, /var/log mount points. Thus the mission is to increase the /var file system while maintaining the same key for LUKS encryption.

Most important to understand is that you do not need consider about LUKS encryption as a separate domain since when you decrypt the LUKS encrypted partition it act like a normal file systems. When ever you extend the LVM partition it will automatically consider extended portion into the LUKS encryption. Yet, it is recommended to take backup of the data before do any changes to the file system or LVM.

Steps you need to follow in order to extend the file system are as follows.


  • If you does not mount the file system first it is required to mount the file system by giving the LUKS encrypted password. Optionally it is possible to use below commands to mount the file system. In our case since /var is mandate file system to run the OS it has already mounted.
         cryptsetup luksOpen /dev/centos/var var
  • To start the extending process of the file system first you required to add new physical volume.

         pvcreate /dev/sdb1

  • Then extend the Volume Group (vg)

    vgextend centos /dev/sdb1
  • Finally increase the Logical Volume (lv)
    
      lvextend -L +30G /dev/centos/var
      
  • Now you have completed the capacity extend on LVM, to complete the work it is required to resize the file system. Since /var directory is busy while the server in use, it is not possible to resize the /var file system on the fly. Thus it is required to boot the CentOS machine to “rescue target”. Otherwise no other ways which you can resize the file system in use. Once you boot the machine to rescue target run the below mention command.

         resize2fs -p /dev/centos/var ( For ext4 file system )

         xfs_growfs /dev/centos/var ( Foe xfs file system )

Now reboot the machine to boot to normal target.

Sunday, March 29, 2020

Migrate LDAP server from CentOS 6 to CentOS 7


Migrate LDAP server from CentOS 6 to CentOS 7



First It should need to install the openldap services. Run the below command to install it.
# yum -y install openldap openldap-clients openldap-servers openldap-devel


Start and enable the LDAP daemon from the boot.
# systemctl start slapd.service
# systemctl enable slapd.service


Then take the backup from the existing LDAP server. It is required to take configuration file backup (slapd.conf) and ldif database backup.
To take the ldif backup it is possible to use slapcat tool. Below command depicts the example of taking backup.
slapcat -n 1 -l /<dir_location>/Latest_2020.ldif
You must take the backup of slapd.conf file, but there might be changes need to do when you migrating it to the CentOS 7 operating systems. The major change I have done there is database type, changed from “bdb” to “mdb”. If you are using TLS for communication either you need to create new TLS certificate or you can take the old server key and related certificate from the locations. Rest of the configuration file can be placed as it is.
Then it should required to restore the ldif database. For that it should required to follow the given steps.
  • Stop the LDAP service. : systemctl stop slapd.service
  • Remove the existing databases in /var/lib/ldap directory : rm -rf /var/lib/ldap/*
  • The configuration file contain slapd.d directory, since this is not going to use in the live environment and we have already restore the slapd.conf file remove the slapd.d directory : rm -rf /etc/openldap/slapd.d
  • Then before restoring the ldif database start the slapd service : systemctl start slapd.service
  • Then try to restore with the ldapadd tool : ldapadd -x -D "cn=admin,dc=testdomain,dc=com" -f Latest-2020.ldif -W
It will prompt for the LDAP admin user password. Sometime due to old strings restore might not success. Error will produce the exact string which are not compatible with the latest openldap server. If it is the case remove the incompatible strings from the ldif file. Below command can be used for remove the incompatible strings.
sed '/structuralObjectClass/d' Latest-2020.ldif > mod.ldif
Then again it can run the restore command again. Once you successfully restore the LDAP database restart the slapd service.
systemctl restart slapd.service

Configure Chroot Jail SFTP Server


Configure Chroot Jail SFTP Server

Problem Statement: By using one of the article publish in the internet I have configured the SFTP server with the chrooted environment. The SFTP server is catering to several customers to upload their content and user’s home directories are shared.
When ever the users logged in, it will direct to their home folder but still the users can browse entire directory architecture. Even the users can change the directory location to /var directory and access the content there since it can be readable by any user.
Below depicts the sshd_config file configuration for SFTP server.

Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Solutions: I have referred several sites to find out proper solution to configure SFTP in a chroot jail environment. Below are the links which I used.


By referencing I have configured the sshd_config file in the below way.


Subsystem sftp /usr/libexec/openssh/sftp-server
Match user dave
ChrootDirectory /home/dave
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Match user anne
ChrootDirectory /home/anne
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Match user sam
ChrootDirectory /home/sam
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

But once I configured it there was issue with the login. When I checked the /var/log/secure there was an error stating the bad permission.
“fatal: bad ownership or modes for chroot directory "/home/dave" [postauth]

Since it was configured to used with the chroot, the folder should be owned by the root and it should have the 755 permission on it. Therefore I have run the below commands to set it.
chown root:root /home/dave
chmod 755 /home/dave
These permissions should not be change at any cost. If there is minor change in the permission it would again give you the bad permission error.
It has arised another issue that since the folder is not owned by the user who is going to do SFTP, the user can not perform any upload to folder location. I have tried with adding ACL, but then again bad permission error occurred. The only workaround which remain is to create a folder inside the shared folder and set the relevant permissions.
mkdir /home/dave/dave
chown dave:dave /home/dave/dave

with that everything has resolved and now users who are logged in through SFTP is restricted to their own home directory.

Tuesday, June 12, 2018

[warn] _default_ VirtualHost overlap on port 443 & port 80, the first has precedence





Virtual hosts overlap on 443/80, the first has precedence


Apache2 LogoToday I got strange error on my AWS production server when I tried to enable SSL on two domains. I'm using Apache/2.2.34 (Unix) version. This has happened in AWS cutomized OS and it has not affect the RHEL or CentOS template on AWS.
The root cuase for the above warning message, it has not enabel the virtual host parameter in both httpd.conf and ssl.conf. Perform the following changes in order to resolve the issue. 
If you look at /etc/httpd/conf/httpd.conf  file, you will see:
Update /etc/httpd/conf.d/ssl.conf as follows to make it work:
Make sure to restart Apache and it will work fine.

Thursday, April 12, 2018

Arch Linux - Warning: /lib/modules/4.10.8-1-ARCH/modules.devname not found - ignoring - Root file system not found

Once I run the update on my Arch linux system it failed to boot up the machine. Below type of similar error I have received.

  Warning: /lib/modules/4.10.8-1-ARCH/modules.devname not found - ignoring
  starting version 232
  Waiting 10 seconds for device /dev/sda11 ...
  ERROR: device '/dev/sda11' not found. Skipping fsck.
  mount: you must specify the filesystem type
  You are now being dropped into an emergency shell. 

I have searched through the internet for solution and best article found to resolve issue. Please refer the below link for resolution.

https://www.soimort.org/notes/170407/