To turn off highlighting until the next search inside VIM application:
:noh To turn off hightlight completely inside VIM application
:set nohlsearchSSL connection error For Delinea MFA with DirectControl
Muco of the Troubleshooting comes from the Knowledgebase Article is derived from KB-8958: MFA with DirectControl fails with SSL connection error and Preparing a Linux Client Server for Centrify and 2FA for CentOS-7
Problem :
When attempting to log in with a user that requires MFA the following error is presented:
$ ssh user@192.168.0.1
SSL Connection ErrorCause:
The error is likely due to a certificate problem. A required certificate may be missing or the permission may not be set correctly
How to check:
# /usr/share/centrifydc/bin/adcdiagVERSION : Verify that DirectControl version supports MFA : Pass
JOINSTATE : Verify that DirectControl is in connected mode : Pass
ZONECHK : Verify that MFA is supported in the zone : Pass
SSHDCFG : Verify that SSHD enables ChallengeResponseAuthentication : Warning
: Cannot read sshd configuration file. Probably you are not
: using Delinea openssh. SSH login for MFA users will fail if
: option ChallengeResponseAuthentication is not set to yes.
: Please check and ensure ChallengeResponseAuthentication is
: set to yes in sshd configuration file.
CDCCFG : Verify that MFA options in centrifydc.conf are correct : Pass
PROXYCFG : Verify that HTTP proxy configuration is set properly : Pass
CLDINST : Verify that trusted Identity Platform instance is specified : Pass
: Successfully connected to Identity Platform and certificate
: has been verified OK.
CNTRCFG : Verify that Connectors are configured correctly : Pass
CURCNTR : Verify that DirectControl has selected a workable Connector : Pass
CLOUDROLE : Verify that this machine has permissions to perform Identity
: Platform authentication : Pass
......
......
......Check the Logs at /var/centrify/tmp…. You may notice some errors like
.....
.....
ERROR:
Not a trusted connector or no valid connector certificate installed locally.
SUGGESTIONS:
1. Verify that the IWA root CA certificate is installed in the system. Please refer to KB-7393 on how to configure the root CA certificate in the system.
2. Please collect connector log if you need Delinea support.
.....
.....Resolution:
Check whether the Certificates have been added at
- /etc/pki/ca-trust/source/anchors/
- /var/centrify/net/certs
Check the SSH Settings at
# vim /etc/ssh/sshd_config# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication yesRestart the SSHD Services
# systemctl restart sshd.serviceRestart the Centrifydc services
# /usr/share/centrifydc/bin/centrifydc restartActive Directory Flush and Reload
# adflush -f
# adreloadHow to prevent NetworkManager from updating /etc/resolv.conf for Rocky Linux 8
If you are using NetworkManager, it can override your /etc/resolv.conf customised settings. To prevent Network Manager from doing that, you can do the following
# vim /etc/NetworkManager/NetworkManager.confAt the [main] section, add the following line
dns=none
rc-manager=unmanagedThat is all.
Troubleshooting Intel VMD Driver Boot Issue on Supermicro Server with Rocky Linux 8.7
I was installing Rocky Linux 8.7 on a Supermicro Server with Intel VirtualRAID. I could not boot to Rocky Linux 8.7, the Install Screen could not be presented. Instead, there are repeated errors like the one below on the screen.
“DMAR: [INTR-REMAP] Request device [bc:00.5] fault index 0x8000 [fault reason 0x25] Blocked a compatibility format interrupt request”
The Issue was explained in the Article from Intel “Unable to Boot RHEL* 8.7/9.0 if Intel® VMD Is Enabled for Intel® Virtual RAID on CPU (Intel® VROC) RAID Management”
Resolution
A problem with the inbox Intel®️ VMD driver included in RHEL 8.7 and 9.0 was identified, and it is necessary to add the boot parameter intremap=off to the kernel command line while installing the operating system. This will prevent the operating system from encountering any problems.
This particular issue has been fixed via a kernel update and has been implemented in RHEL 9.1.
it is necessary to add the boot parameter intremap=off to the kernel command line while installing the operating system
I tried Rocky Linux 8.9 and the issue was fixed.
Optimizing Ansible Performance: Serial Execution
By default, Ansible parallelises tasks on multiple hosts simultaneously and speeds up automation in large inventories. But sometimes, this is not ideal in a load-balanced environment, where upgrading the servers simultaneously may cause the loss of services. How do we use Ansible to run the updates at different times? I use the keyword “serial” before executing the roles universal package.
- hosts: standalone_nodes
become: yes
serial: 1
roles:
- linux_workstationAlternatively, you can use percentages to indicate how many will upgrade at one time.
- hosts: standalone_nodes
become: yes
serial: 25%
roles:
- linux_workstationReferences:
Optimizing Ansible Performance: Implementing Parallelism with Forks
Ansible’s parallel processes are known as forks, and the default number of forks is five. In other words, Ansible attempts to run automation jobs on 5 hosts simultaneously. The more forks you set, the more resources are used on the Ansible control node.
How do you implement? Just edit the ansible.cfg file. Look for the “forks” parameters. You can use the command “ansible-config view” to view ansible.cfg output.
[defaults]
inventory = inventory
private_key_file = ~/.ssh/xxxxxx
become = true
become_user = root
timeout = 30
forks = 10
log_path = /var/log/ansible.log
display_skipped_hosts=yes
display_ok_hosts=yes
display_failed_stderr=yes
show_custom_stats=yes
verbosity = 0
References and Other Useful Information:
Ansible Delayed Error Handling with Rescue Blocks: Chrony Setup Example
A recap there are 2 main use of Blocks in Ansible. The first write-up can be found at Grouping Tasks with Block in Ansible
- Apply conditional logic to all the tasks within the block. In such a way, the logic only need to be declared once
- Apply Error handling especially when recovering from an error condition.
Today, we will deal with Point 2 in this blog entry
According to Ansible Documentation found at https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_blocks.html
Rescue blocks specify tasks to run when an earlier task in a block fails. This approach is similar to exception handling in many programming languages. Ansible only runs rescue blocks after a task returns a ‘failed’ state. Bad task definitions and unreachable hosts will not trigger the rescue block.
Here is my simple example for implementation
- name: Check current Timezone
command: timedatectl show --property=Timezone --value
register: timezone_output
changed_when: false
- name: Configure Timezone to Asia/Singapore
command: timedatectl set-timezone Asia/Singapore
when: timezone_output.stdout != "Asia/Singapore"
- name: Install and Configure Chrony Service Block
block:
- name: Install Chrony package
dnf:
name: chrony
state: present
- name: Configure Chrony servers
lineinfile:
path: /etc/chrony.conf
line: "server sg.pool.ntp.org iburst"
insertafter: '^#.*server 3.centos.pool.ntp.org iburst'
state: present
- name: Enable Chrony service
service:
name: chronyd
state: started
enabled: yes
rescue:
- name: Print when Errors
debug:
msg: 'Something failed at Chrony Setup'
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "8"
Efficient Task Grouping with Ansible: Timezone Configuration Example
Ansible allows us to logically group a set of tasks together together, and…..
- Apply conditional logic to all the tasks within the block. In such a way, the logic only need to be declared once
- Apply Error handling especially when recovering from an error condition.
We will deal with Point 1 in this blog entry.
Point 1: Conditional Logic
- name: Check current Timezone
command: timedatectl show --property=Timezone --value
register: timezone_output
changed_when: false
- name: Configure Timezone to Asia/Singapore
command: timedatectl set-timezone Asia/Singapore
when: timezone_output.stdout != "Asia/Singapore"
- name: Install and Configure Chrony Service Block
block:
- name: Install Chrony package
dnf:
name: chrony
state: present
- name: Configure Chrony servers
lineinfile:
path: /etc/chrony.conf
line: "server sg.pool.ntp.org iburst"
insertafter: '^#.*server 3.centos.pool.ntp.org iburst'
state: present
- name: Enable Chrony service
service:
name: chronyd
state: started
enabled: yes
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "8"
Reference:
How to Install Rustup for All Linux Users in a Cluster or Shared Environment
Rustup is an installer for System Programming Language Rust. If you are running the installer script for yourself, you can take a look at https://github.com/vi/rustup
# curl -sf https://static.rust-lang.org/rustup.sh | sudo shBut what if you have to install for all users in a Cluster or Shared Environment, how do we do it? Fortunately, we have good information that is found at Installing rustup for all linux users . I took some snipplets from that site
In that article, the author recommends to define RUSTUP_HOME and CARGO_HOME
# export RUSTUP_HOME=/usr/local/rust
# export CARGO_HOME=/usr/local/rust
# curl https://sh.rustup.rs -sSf | sh -s -- -y --no-modify-pathThe directory should be installed at /usr/local/rust/toolchains/stable-x86_64-unknown-linux-gnu
# ls -l /usr/local/rust/toolchains/stable-x86_64-unknown-linux-gnu
drwxr-xr-x. 2 root root 0 May 6 13:43 bin
drwxr-xr-x. 3 root root 0 May 6 13:42 etc
drwxr-xr-x. 3 root root 0 May 6 13:43 lib
drwxr-xr-x. 2 root root 0 May 6 13:43 libexec
drwxr-xr-x. 5 root root 0 May 6 13:42 share
Configuring ABAQUS Linux Client for New License Server | Step-by-Step
If you have migrated to a new ABAQUS License Server and is planning to point your ABAQUS Linux Client to the new License Server. Here are the simple steps you will need to do
Step 1: Find the custom_v6.env files to edit.
Depending on how you install, for me I like to put everything in /usr/local so my abaqus will be placed there.
# cd /usr/local/abaqus-2023/SIMULIA/EstProducts/2023/linux_a64/SMA/site/
# vim custom_v6.envStep 2: Edit the custom_v6.env file
Add the abaquslm_license_file = “27398@XXX.XXX.XXX.XXX”
# Installation of Established Products 2023
# Wed Oct 11 13:30:54 2023
plugin_central_dir="/usr/local/abaqus-2023/DassaultSystemes/SIMULIA/CAE/plugins/2023"
# retrieve licensing configuration from EstablishedProductsConfig.ini
importEnv('licensing.env')
abaquslm_license_file = "27398@XXX.XXX.XXX.XXX"References:
The Linux Cluster 