OS

by

White Paper on Mellanox seamless integration with OpenStack

Mellanox’s Ethernet solutions enable cloud data centers to achieve the highest efficiency through a high-performance, low latency cloud network with rich network offload with acceleration and automation features.
Check out the attached Whitepaper from Mellanox and see how we can help you get it there!

See Mellanox Seamlessly Integrates with OpenStack, Increasing Efficiency and Reducing Operational Costs

 

by

rpcbind.socket systemd unit fails to start when IPv6 is disabled

I encountered this error when I used this command

echo “net.ipv6.conf.all.disable_ipv6 = 1” >> /etc/sysctl.d/ipv6.conf

When I rebooted the server, my NFS Services were dysfunctional. The rpcbind.socket systemd unit fails to load. I managed to find information on Red Hat Bugzilla – Bug 1402961 rpcbind.socket systemd unit fails to start when IPv6 is disabled. 

The Solution is simply remove echo “net.ipv6.conf.all.disable_ipv6 = 0” >> /etc/sysctl.d/ipv6.conf

by

Using firewall-cmd in CentOS 7

Note: Do note that the default zone is “public”

Section 1: Checking Zones and Prerequisites

Option 1: Check State of Firewalld

# firewall-cmd --state
Running

Option 2: Check Default Zone

# firewall-cmd --get-default-zone
public

Option 3: Check Active Zones

# firewall-cmd --get-active-zones
public: etho eth1

Option 4: Get Zones

# firewall-cmd --get-zones
block dmz drop external home internal public trusted work

Section 2: Selecting Zones for your Interfaces

Option 1: Change Interfaces

# firewall-cmd --permanent --zone=trusted --change-interface=eth0 
success
# firewall-cmd --reload

Option 2: Verify the Zone has been changed

firewall-cmd --get-active-zones
trusted
interfaces: eth0
public
interfaces: eth1

Section 3: Editing Firewall-CMD Rules

Option 1: Opening Ports (Single)

# firewall-cmd --permanent --zone=public --add-port=80/tcp
success
# firewall-cmd --reload

Option 2: Opening Ports (Range)

# firewall-cmd --permanent --zone=public --add-port=80-90/tcp
success
# firewall-cmd --reload

Option 3: List Ports

#  firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp6s0f0 eno2 ib1
  sources:
  services: ssh dhcpv6-client
  ports: 22/tcp 5053/tcp 57889/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

Option 4: Remove Port

# firewall-cmd --permanent --zone=public --remove-port=80/tcp
success
# firewall-cmd --reload

Option 5: Adding Service

Checking Services

# firewall-cmd --get-services

Finally, add service – ssh

# firewall-cmd --permanent --zone=public --add-service=ssh
success
# firewall-cmd --reload

Source-Based Filtering with zones and IP Addresses

Add the Source IP Addresses to the Zone (Assume you are limiting IP Addresses on the trusted zone)

firewall-cmd --zone=trusted --add-source=192.168.1.0/24 --permanent
success
firewall-cmd --reload

Make sure the Ethernet is in the trusted zone. To move the ethernet into the trusted zone, see Section2 in the same blog

If you are outside the allowed IP Address, you should see something like (Assume your trusted target server is 192.168.1.1 and your external untrusted client is 192.168.2.0), you might see something like this

ssh user1@192.168.1.1
Password:
Internal errors

References:

  1. How To Set Up a Firewall Using FirewallD on CentOS 7
by

Nvidia Drivers Issues – Unable to find the kernel source tree

Step 1: Check current kernel version

# uname -r
3.10.0-862.14.4.el7.x86_64

Step 2: Check installed kernel version

# yum info kernel
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.0x.sg
* elrepo: elrepo.mirror.angkasa.id
* epel: sg.fedora.ipserverone.com
* extras: mirror.0x.sg
* updates: mirror.0x.sg
Installed Packages
Name : kernel
Arch : x86_64
Version : 3.10.0
Release : 693.el7
Size : 59 M
Repo : installed
From repo : anaconda
Summary : The Linux kernel
URL : http://www.kernel.org/
License : GPLv2
Description : The kernel package contains the Linux kernel (vmlinuz), the core of any
: Linux operating system. The kernel handles the basic functions
: of the operating system: memory allocation, process allocation, device
: input and output, etc.

Name : kernel
Arch : x86_64
Version : 3.10.0
Release : 862.14.4.el7
Size : 62 M
Repo : installed
From repo : updates
Summary : The Linux kernel
URL : http://www.kernel.org/
License : GPLv2
Description : The kernel package contains the Linux kernel (vmlinuz), the core of any
: Linux operating system. The kernel handles the basic functions
: of the operating system: memory allocation, process allocation, device
: input and output, etc.

Step 3: Install Kernel-Devel and Kernel-Headers

# yum install kernel-devel kernel-headers -y
# yum info kernel-devel kernel-headers

Step 4: Check Kernel-Devel. Make sure the version is in-sync

# yum info kernel-devel
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.0x.sg
* elrepo: elrepo.mirror.angkasa.id
* epel: sg.fedora.ipserverone.com
* extras: mirror.0x.sg
* updates: mirror.0x.sg
Installed Packages
Name : kernel-devel
Arch : x86_64
Version : 3.10.0
Release : 862.14.4.el7
Size : 37 M
Repo : installed
From repo : updates
Summary : Development package for building kernel modules to match the kernel
URL : http://www.kernel.org/
License : GPLv2
Description : This package provides kernel headers and makefiles sufficient to build modules
: against the kernel package.

Step 5: Check Kernel-Headers. Make sure the version is in-sync

# yum info kernel-headers
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.0x.sg
* elrepo: elrepo.mirror.angkasa.id
* epel: sg.fedora.ipserverone.com
* extras: mirror.0x.sg
* updates: mirror.0x.sg
Installed Packages
Name : kernel-headers
Arch : x86_64
Version : 3.10.0
Release : 862.14.4.el7
Size : 3.6 M
Repo : installed
From repo : updates
Summary : Header files for the Linux kernel for use by glibc
URL : http://www.kernel.org/
License : GPLv2
Description : Kernel-headers includes the C header files that specify the interface
: between the Linux kernel and userspace libraries and programs. The
: header files define structures and constants that are needed for
: building most standard programs and are also needed for rebuilding the
: glibc package.
by

“The command gnome-session existed with signal 15” on CentOS 7 for FastX2

If you have an error message when you launched FastX2 client, you will see this error “The command gnome-session existed with signal 15” on CentOS 7 for FastX2.

Step 1: This error is caused by selinux on CentOS 7. Do the following /etc/selinux

SELINUX=disabled

Trying to use the command “setenforce 0” does not seems to be able to fix the issue.

Step 2: Remember to install GNOME Desktop

# yum groupinstall "GNOME Desktop" "Graphical Administration Tools"

Step 3: Uninstall the StarNetFastX2 and reinstall

# rpm -e StarNetFastX2
# rpm -Uvh --force StarNetFastX2-2.4.7.rhel6.x86_64.rpm
by

Disable FirewallD Services on CentOS 7

Do note that firewall on CentOS 7 system is enabled by default.

Step 1: To check the status of CentOS 7 FirewallD

# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

The above shows that the firewalld is disabled.

Step 2: To stop the FirewallD

# systemctl stop firewalld.service

Step 3: To completely disable the firewalld service

# systemctl disable firewalld.service
by

Resolving “lsb_release not found” on CentOS 7

I was installing ABAQUS 2017 on CentOS 7 when I encountered an error. lsb_release is the print distribution specific information. Strangely, this issue is found on CentOS 7 distribution.

[root@node-h001 1]# ./StartGUI.sh
CurrentMediaDir initial="."
CurrentMediaDir="/root/abaqus2017/AM_SIM_Abaqus_Extend.AllOS/1"
Current operating system: "Linux"
./StartGUI.sh[21]: .[31]: .: line 3: lsb_release: not found
DSY_OS_Release=""
Unknown linux release ""
exit 8

Resolving Issues

# yum install redhat-lsb-core

Verification

[root@node-h001 1]# lsb_release
LSB Version: :core-4.1-amd64:core-4.1-noarch
by

Setting up NTP in CentOS 7

Prerequisites Step 1: Endure you are in the correct time zone

# timedatectl
      Local time: Wed 2018-09-12 13:48:31 +08
  Universal time: Wed 2018-09-12 05:48:31 UTC
        RTC time: Wed 2018-09-12 05:48:31
       Time zone: Asia/Singapore (+08, +0800)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a

Prerequisites Step 2: List Time Zone

# timedatectl list-timezones
.....
Asia/Singapore
.....

Prerequisites Step 3: Set Time Zone

# timedatectl set-timezone Asia/Singapore

 

Step 1: Yum Install

NTP can be installed from the CentOS repositories with yum

# yum install ntp

Step 2: Edit the Public Time Servers

Once you have installed ntp package, go to official NTP Public Pool Time Servers . For Singapore, you can use this specific pool zone, add the following to your ntp.conf file:

server 0.sg.pool.ntp.org iburst
server 1.sg.pool.ntp.org iburst
server 2.sg.pool.ntp.org iburst
server 3.sg.pool.ntp.org iburst

Step 3: Allow the clients from the network to sync with this server

Restrict which clients from which network is allowed to query and sync time

restrict 192.168.5.0 netmask 255.255.224.0 nomodify notrap

Step 4: Record all NTP server issues into one dedicated log file. Edit /etc/ntp.conf

logfile /var/log/ntp.log

Step 5: Add Firewall Rule and Start Services

# firewall-cmd --add-service=ntp --permanent
# firewall-cmd --reload
# systemctl start ntpd
# systemctl enable ntpd
# systemctl status ntpd

Step 6: Verify Time Sync

# ntpq -p
# date -R

Or query or synchronize against a selected pool of time servers

# ntpdate -q 0.sg.pool.ntp.org

References:

  1. Setting Up “NTP (Network Time Protocol) Server” in RHEL/CentOS 7 (by Tecmint.com)