Friday, August 4, 2017

Docker Install

                       Steps to install Docker RHEL 7.2 Minimum
                      
First you must install RHEL 7.2 minimum version from the following site.
You must register to have access to ISO's on this site.  Follow the instructions
to register.
https://ftp3.linux.ibm.com/

Once you have RHEL 7.2 minimum installed you will need to add repositories in order to have access to Docker
Below are the instructions to do so.

STEP 1:

First you need to register your version of RHEL.  
Copy paste the following section at the bottom of this step between hashs (Register start) & (Register End)
    Into a script on your RHEL server.
    Run the script. 
    Make sure the script you paste the following text into is exectuable.
    Make sure the correct path to bash is set on the first line of the script
    User your credentials you created to register for the software when prompted. 
    The user password isn't your w3 user id & password unless thats what you set it to.
    This password will not change when you change your w3 password every 3 months
   
#############################################################################################################################################################################################
#########################Register Start#######################################################################################################################################################
#!/bin/bash
############################################################################
#
#               ------------------------------------------
#               THIS SCRIPT PROVIDED AS IS WITHOUT SUPPORT
#               ------------------------------------------
#
# Author: Vinicius Silva <vesoares@br.ibm.com>
# Version: 0.5
# Description: Wrapper script for subscription-manager to register RHEL 6
#              and RHEL 7 systems with the internal Red Hat Satellite using
#              FTP3 credentials.
#
# The following environment variables can be used:
#
#   FTP3USER=user@cc.ibm.com        FTP3 Account
#   FTP3PASS=mypasswd               FTP3 Password
#
# You must be root to run this script. The user id and password will be
# prompted for if the environment variables are not set.
#
# example uses might be:
#
#  1.  ./ibm-rhsm.sh
#  2.  FTP3USER=user@cc.ibm.com ./ibm-rhsm.sh
#
# The first example is a good way to test this script. The second example
# shows how to set the FTP3USER environment variable on the command line.
#
# NOTE: Some parts of this script were extracted
#       from the good old ibm-yum.sh script.
#
############################################################################


## default host
if [ -z "$FTP3HOST" ] ; then
    FTP3HOST="ftp3.linux.ibm.com"
fi

## other vars that most likely should not change
API_URL="https://ftp3.linux.ibm.com/rpc/index.php"
KATELLO_CERT_RPM="katello-ca-consumer-rhs.linux.ibm.com"
IBM_RHSM_REG_LOG=ibm-rhsm.log

## these are detected automatically
ARCH=
VERSION=
RELEASE=

## registration successfull
SUCCESS=

## system already registered check
PROCEED=

## Functions

# 0 = green; 1 = red; 2 = yellow
formatted_echo() {
    case $2 in
        0   ) echo -e "\r\t\t\t\t\t\t\t\e[32m$1\e[0m";;
        1   ) echo -e "\r\t\t\t\t\t\t\t\e[31m$1\e[0m";;
        2   ) echo -e "\r\t\t\t\t\t\t\t\e[33m$1\e[0m";;
        *   ) echo $1;;
    esac
}

run_curl() {
    user=$1
    pass=$2

    curl -ks $API_URL  -H "Content-Type: text/xml" -d "<?xml version='1.0' encoding='UTF-8'?><methodCall><methodName>user.create_activation_key</methodName> <params><param><value>$user</value></param> <param><value>$pass</value></param></params> </methodCall>" | grep -oPm1 "(?<=<string>)[^<]+"

    if [ $? != 0 ]; then
        echo
        echo "An error has occurred while trying to create the activation key."
        echo "Aborting..."
        echo
        exit 1
    fi
}

## this is called on exit
clean_up() {
    if [ -z "$SUCCESS" ]; then
        rpm -q --quiet $KATELLO_CERT_RPM
        if [ $? -eq 0 ]; then
            echo "Cleaning up..."
            rpm -e $KATELLO_CERT_RPM
        fi
        exit 1
    fi
    exit 0
}

## clean up proper if something goes bad
trap clean_up EXIT HUP INT QUIT TERM;


## must be root to run this
if [ `whoami` != "root" ] ; then
    echo "You must run this script as root. Goodbye."
    echo ""
    exit 1
fi

## initialize the log file
cat /dev/null > $IBM_RHSM_REG_LOG
echo `date` >> $IBM_RHSM_REG_LOG
echo "Starting the registration process..." >> $IBM_RHSM_REG_LOG

## system is already registered?
REGSTATUS=`subscription-manager status | grep Overall | cut -f2 -d':' | tr -d ' '`
if [ "$REGSTATUS" == "Current" ]; then
    echo "This system is already registered."
    echo -n "Would like to proceed? (y/n): "
    read PROCEED

    if [ "$PROCEED" != "y" -a "$PROCEED" != "Y" ]; then
        echo "Aborting..."
        exit 1
    fi
fi

## get the userid
if [ -z "$FTP3USER" ] ; then
    echo -n "User ID: "
    read FTP3USER

    if [ -z "$FTP3USER" ] ; then
        echo ""
        echo "Missing userid. Either set the environment variable"
        echo "FTP3USER to your user id or enter a user id when prompted."
        echo "Goodbye."
        echo ""
        exit 1
    fi
fi

## get the password
if [ -z "$FTP3PASS" ] ; then
    echo -n "Password for $FTP3USER: "
    stty -echo
    read -r FTP3PASS
    stty echo
    echo ""
    echo ""

    if [ -z "$FTP3PASS" ] ; then
        echo "Missing password. Either set the environment variable"
        echo "FTP3PASS to your user password or enter a password when"
        echo "prompted. Goodbye."
        echo ""
        exit 1
    fi
fi

echo -n "* Performing initial checks... "

## get the version and release, most likely only works on RHEL
VERREL=`rpm -qf --qf "%{NAME}-%{VERSION}\n" /etc/redhat-release`
if [ $? != 0 ] ; then
    formatted_echo "FAIL" 1
    echo "Failed to find system version and release with the"
    echo "command \"rpm -q redhat-release\". Is this system"
    echo "running Red Hat Enterprise Linux?"
    echo ""
    exit 1
fi

## split something like "redhat-release-server-7.1" into "7" and "server"
RELEASE=`echo $VERREL | cut -f4 -d"-" | cut -b1`
VERSION=`echo $VERREL | cut -f3 -d"-"`

## verify support for this release
case $RELEASE in
    7   ) : ;;
    6   ) : ;;
    *   ) RELEASE= ;;
esac

## verify support for this version
case $VERSION in
    server      ) : ;;
    workstation ) : ;;
    *           ) VERSION= ;;
esac

if [ -z "$VERSION" ] || [ -z "$RELEASE" ] ; then
    formatted_echo "FAIL" 1
    echo "Unknown or unsupported system version and release: $VERREL"
    echo "Try reporting this to ftpadmin@linux.ibm.com with the"
    echo "full output of uname -a and the contents of /etc/redhat-release"
    echo ""
    exit 1
fi

## get the system arch
# TODO: Refactor this by declaring and reusing the $ARCH variable
case `uname -m` in
    x86_64      ) ARCH="x86_64"
                  LABEL="$VERSION"
                  ;;
    ppc64le     ) ARCH="ppc64le"
                  LABEL="for-power-le"
                  ;;
    ppc64       ) ARCH="ppc64"
                  LABEL="for-power"
                  ;;
    s390x       ) ARCH="s390x"
                  LABEL="for-system-z"
                  ;;
    *           ) ARCH=;;
esac

## check if we got a good arch
if [ -z "$ARCH" ] ; then
    # TODO: Move the following lines inside the default case (*) statement
    formatted_echo "FAIL" 1
    echo "Unsupported system architecture: `uname -m`"
    echo "If you have any questions, please open a support request at:"
    echo -e "http://ltc.linux.ibm.com/support/ltctools.php.\n"
    exit 1
fi

formatted_echo "OK" 0
echo "Detected a RHEL $RELEASE $VERSION..." >> $IBM_RHSM_REG_LOG

## system is registered to the old RHN Satellite?
REGSTATUS=`rpm -q rhn-org-trusted-ssl-cert-1.0-10`
if [ $? -eq 0 ]; then
    echo "This system is registered to the old RHN Satellite. "
    echo -n "Would like to proceed and remove current associations? (y/n): "
    read PROCEED

    if [ "$PROCEED" != "y" -a "$PROCEED" != "Y" ]; then
        echo "Aborting..."
        exit 1
    fi
    yum remove rhn-org-trusted-ssl-cert-1.0-10 -y &>> $IBM_RHSM_REG_LOG
    sed -i 's/enabled\ =\ 1/enabled\ =\ 0/g' /etc/yum/pluginconf.d/rhnplugin.conf
fi

# Encode the username for use in URLs
FTP3USERENC=`echo $FTP3USER | sed s/@/%40/g`

# Encode user password for use in URLs
FTP3PASSENC=`echo -n $FTP3PASS | od -tx1 -An | tr -d '\n' | sed 's/ /%/g'`

echo -n "* Check the server certificate... "
rpm -qa | grep -s katello-ca-consumer > /dev/null
if [ $? -ne 0 ]; then
    formatted_echo "WARN" 2
    echo "The server certificate is not installed." >> $IBM_RHSM_REG_LOG

    echo -n "* -> Installing server certificate... " | tee -a $IBM_RHSM_REG_LOG
    echo >> $IBM_RHSM_REG_LOG
    rpm -Uvh http://rhs.linux.ibm.com/pub/katello-ca-consumer-latest.noarch.rpm &>> $IBM_RHSM_REG_LOG
    if [ $? -ne 0 ]; then
        formatted_echo "FAIL" 1
        echo "An error has occurred while trying to install the server certificate." >> $IBM_RHSM_REG_LOG
        echo "Aborting..."
        echo
        exit 1
    else
        formatted_echo "OK" 0
    fi
else
    formatted_echo "OK" 0
    echo "Server certificate is already installed." >> $IBM_RHSM_REG_LOG
fi

## Get activation key
# in case an existing key is not found, a new one will be created.
echo -n "* Searching for an activation key... "

ACTIVATION_KEY=`run_curl $FTP3USERENC $FTP3PASSENC`

if [ -z "$ACTIVATION_KEY" ]; then
    formatted_echo "FAIL" 1
    echo
    echo -n "An error has ocurred: "
    echo "No activation key."
    echo "There was a problem while creating your activation key."
    echo "Please, make sure you are connected to the IBM network and using a valid FTP3 account."
    echo "Aborting."
    echo
    exit 1
elif [ "$ACTIVATION_KEY" == "Account not found" -o "$ACTIVATION_KEY" == "Wrong username or password" ]; then
    formatted_echo "FAIL" 1
    echo
    echo "An error has ocurred: $ACTIVATION_KEY"
    echo "Please, make sure you're using the correct FTP3 username and password."
    echo "Aborting."
    echo
    exit 1
elif [ "$ACTIVATION_KEY" == "The account $FTP3USER does not have access to Red Hat content" ]; then
    formatted_echo "FAIL" 1
    echo
    echo "An error has ocurred: $ACTIVATION_KEY"
    echo -n "You may request access on the \"My Account\" page: "
    echo "https://ftp3.linux.ibm.com/myaccount/access.php."
    echo "Aborting."
    echo
    exit 1
fi
formatted_echo "OK" 0
echo "Activation key: $ACTIVATION_KEY" >> $IBM_RHSM_REG_LOG
echo "(You may copy this activation key for future use)" >> $IBM_RHSM_REG_LOG

## system registration
echo -n "* Registering the system... "
REGSTATUS=`subscription-manager register --org Default_Organization --activationkey="$ACTIVATION_KEY"`

if [ `echo $REGSTATUS | grep -c "The system has been registered"` -ne 1 ]; then
    formatted_echo "FAIL" 1
    echo "An error has occurred while trying to register the system."
    echo "You may try to register it later using the following command:"
    echo "subscription-manager register --org Default_Organization --activationkey=\"$ACTIVATION_KEY\""
    echo
    exit 1
else
    echo "System successfully registered!" >> $IBM_RHSM_REG_LOG
    formatted_echo "OK" 0
fi

## Disable all repositories
echo -n "* Disable all repositories... " | tee -a $IBM_RHSM_REG_LOG
echo >> $IBM_RHSM_REG_LOG

subscription-manager repos --disable=* >> $IBM_RHSM_REG_LOG
if [ $? -ne 0 ]; then
    formatted_echo "FAIL" 1
    #echo "An error has occurred while disabling all the repositories." >> $IBM_RHSM_REG_LOG
else
    formatted_echo "OK" 0
fi

## Enable RHEL 7 repositories
echo -n "* Enable RHEL $RELEASE repositories... " | tee -a $IBM_RHSM_REG_LOG
echo >> $IBM_RHSM_REG_LOG

arr=("-supplementary-" "-optional-" "-")
for REPO in "${arr[@]}"; do
    subscription-manager repos --enable=rhel-$RELEASE-${LABEL}${REPO}rpms >> $IBM_RHSM_REG_LOG
    if [ $? -ne 0 ]; then
        ENABLE_REPOS=0
    fi
done

if [ -z $ENABLE_REPOS ]; then
    formatted_echo "OK" 0
else
    formatted_echo "FAIL" 1
fi

SUCCESS=0

echo
echo "Registration completed!" | tee -a $IBM_RHSM_REG_LOG

exit 0
#############################################################################################################################################################################################
#########################Register Finished###################################################################################################################################################

* Performing initial checks...              OK
* Check the server certificate...               WARN
* -> Installing server certificate...           OK
* Searching for an activation key...            OK
* Registering the system... This system is already registered. Use --force to override
                            FAIL
An error has occurred while trying to register the system.
You may try to register it later using the following command:
subscription-manager register --org Default_Organization --activationkey="dgosseli@us.ibm.com_2017-08-04_12_01_11"

Cleaning up...



Step 2: Run the following command

# subscription-manager attach --auto
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Server
Status:       Subscribed

Step 3: Run the following command
# subscription-manager repos --enable=rhel-7-server-extras-rpms
Repo 'rhel-7-server-extras-rpms' is enabled for this system.

Step 4: Run the following command
# subscription-manager repos --enable=rhel-7-server-optional-rpms
Repo 'rhel-7-server-optional-rpms' is enabled for this system.

Step 5fd: Install docker

yum install docker
Posted by at No comments:

RedHat Subscription Manager






  1. Download the registration script from FTP3.
  2. Run the script and provide your FTP3 credentials when prompted 
    [root@rhel-7 ~]# ./ibm-rhsm.sh
User ID:
Password for <username>@<cc>.ibm.com:
  3. It will perform some intial checks and install the local certificate 
    * Performing initial checks...                  OK
* Check the server certificate...               WARN
* -> Installing server certificate...           OK
  4. The script will try to generate an activation key and use it to register the system 
    * Searching for an activation key...            OK
* Registering the system...                     OK
  5. After the activation key is generated, the system is registered and the main repositories enabled 
    * Disable all repositories...                   OK
* Enable RHEL 7 repositories...                 OK

Registration completed!
We're done! You may now use YUM to update your RHEL systems and install packages. =)
Tip: Having trouble with the yum command? Check out the yum man pages for more information. Also, try using yum clean all before trying again. It cleans out the packages' cache information, headers, metadata and etc.



* Check the server certificate... WARN
* -> Installing server certificate... OK
* Searching for an activation key... OK
* Registering the system... OK
* Disable all repositories... OK
* Enable RHEL 7 repositories... OK

Registration completed!
[root@dishwasher tmp]# subscription-manager repos --enable=rhel-7-server-optional-rpms
Repository 'rhel-7-server-optional-rpms' is enabled for this system.
 		9:32:01 AM 

#!/bin/bash
############################################################################
#
#               ------------------------------------------
#               THIS SCRIPT PROVIDED AS IS WITHOUT SUPPORT
#               ------------------------------------------
#
# Author: Vinicius Silva <vesoares@br.ibm.com>
# Version: 0.5
# Description: Wrapper script for subscription-manager to register RHEL 6
#              and RHEL 7 systems with the internal Red Hat Satellite using
#              FTP3 credentials.
#
# The following environment variables can be used:
#
#   FTP3USER=user@cc.ibm.com        FTP3 Account
#   FTP3PASS=mypasswd               FTP3 Password
#
# You must be root to run this script. The user id and password will be
# prompted for if the environment variables are not set.
#
# example uses might be:
#
#  1.  ./ibm-rhsm.sh
#  2.  FTP3USER=user@cc.ibm.com ./ibm-rhsm.sh
#
# The first example is a good way to test this script. The second example
# shows how to set the FTP3USER environment variable on the command line.
#
# NOTE: Some parts of this script were extracted
#       from the good old ibm-yum.sh script.
#
############################################################################


## default host
if [ -z "$FTP3HOST" ] ; then
    FTP3HOST="ftp3.linux.ibm.com"
fi

## other vars that most likely should not change
API_URL="https://ftp3.linux.ibm.com/rpc/index.php"
KATELLO_CERT_RPM="katello-ca-consumer-rhs.linux.ibm.com"
IBM_RHSM_REG_LOG=ibm-rhsm.log

## these are detected automatically
ARCH=
VERSION=
RELEASE=

## registration successfull
SUCCESS=

## system already registered check
PROCEED=

## Functions

# 0 = green; 1 = red; 2 = yellow
formatted_echo() {
    case $2 in
        0   ) echo -e "\r\t\t\t\t\t\t\t\e[32m$1\e[0m";;
        1   ) echo -e "\r\t\t\t\t\t\t\t\e[31m$1\e[0m";;
        2   ) echo -e "\r\t\t\t\t\t\t\t\e[33m$1\e[0m";;
        *   ) echo $1;;
    esac
}

run_curl() {
    user=$1
    pass=$2

    curl -ks $API_URL  -H "Content-Type: text/xml" -d "<?xml version='1.0' encoding='UTF-8'?><methodCall><methodName>user.create_activation_key</methodName> <params><param><value>$user</value></param> <param><value>$pass</value></param></params> </methodCall>" | grep -oPm1 "(?<=<string>)[^<]+"

    if [ $? != 0 ]; then
        echo
        echo "An error has occurred while trying to create the activation key."
        echo "Aborting..."
        echo
        exit 1
    fi
}

## this is called on exit
clean_up() {
    if [ -z "$SUCCESS" ]; then
        rpm -q --quiet $KATELLO_CERT_RPM
        if [ $? -eq 0 ]; then
            echo "Cleaning up..."
            rpm -e $KATELLO_CERT_RPM
        fi
        exit 1
    fi
    exit 0
}

## clean up proper if something goes bad
trap clean_up EXIT HUP INT QUIT TERM;


## must be root to run this
if [ `whoami` != "root" ] ; then
    echo "You must run this script as root. Goodbye."
    echo ""
    exit 1
fi

## initialize the log file
cat /dev/null > $IBM_RHSM_REG_LOG
echo `date` >> $IBM_RHSM_REG_LOG
echo "Starting the registration process..." >> $IBM_RHSM_REG_LOG

## system is already registered?
REGSTATUS=`subscription-manager status | grep Overall | cut -f2 -d':' | tr -d ' '`
if [ "$REGSTATUS" == "Current" ]; then
    echo "This system is already registered."
    echo -n "Would like to proceed? (y/n): "
    read PROCEED

    if [ "$PROCEED" != "y" -a "$PROCEED" != "Y" ]; then
        echo "Aborting..."
        exit 1
    fi
fi

## get the userid
if [ -z "$FTP3USER" ] ; then
    echo -n "User ID: "
    read FTP3USER

    if [ -z "$FTP3USER" ] ; then
        echo ""
        echo "Missing userid. Either set the environment variable"
        echo "FTP3USER to your user id or enter a user id when prompted."
        echo "Goodbye."
        echo ""
        exit 1
    fi
fi

## get the password
if [ -z "$FTP3PASS" ] ; then
    echo -n "Password for $FTP3USER: "
    stty -echo
    read -r FTP3PASS
    stty echo
    echo ""
    echo ""

    if [ -z "$FTP3PASS" ] ; then
        echo "Missing password. Either set the environment variable"
        echo "FTP3PASS to your user password or enter a password when"
        echo "prompted. Goodbye."
        echo ""
        exit 1
    fi
fi

echo -n "* Performing initial checks... "

## get the version and release, most likely only works on RHEL
VERREL=`rpm -qf --qf "%{NAME}-%{VERSION}\n" /etc/redhat-release`
if [ $? != 0 ] ; then
    formatted_echo "FAIL" 1
    echo "Failed to find system version and release with the"
    echo "command \"rpm -q redhat-release\". Is this system"
    echo "running Red Hat Enterprise Linux?"
    echo ""
    exit 1
fi

## split something like "redhat-release-server-7.1" into "7" and "server"
RELEASE=`echo $VERREL | cut -f4 -d"-" | cut -b1`
VERSION=`echo $VERREL | cut -f3 -d"-"`

## verify support for this release
case $RELEASE in
    7   ) : ;;
    6   ) : ;;
    *   ) RELEASE= ;;
esac

## verify support for this version
case $VERSION in
    server      ) : ;;
    workstation ) : ;;
    *           ) VERSION= ;;
esac

if [ -z "$VERSION" ] || [ -z "$RELEASE" ] ; then
    formatted_echo "FAIL" 1
    echo "Unknown or unsupported system version and release: $VERREL"
    echo "Try reporting this to ftpadmin@linux.ibm.com with the"
    echo "full output of uname -a and the contents of /etc/redhat-release"
    echo ""
    exit 1
fi

## get the system arch
# TODO: Refactor this by declaring and reusing the $ARCH variable
case `uname -m` in
    x86_64      ) ARCH="x86_64"
                  LABEL="$VERSION"
                  ;;
    ppc64le     ) ARCH="ppc64le"
                  LABEL="for-power-le"
                  ;;
    ppc64       ) ARCH="ppc64"
                  LABEL="for-power"
                  ;;
    s390x       ) ARCH="s390x"
                  LABEL="for-system-z"
                  ;;
    *           ) ARCH=;;
esac

## check if we got a good arch
if [ -z "$ARCH" ] ; then
    # TODO: Move the following lines inside the default case (*) statement
    formatted_echo "FAIL" 1
    echo "Unsupported system architecture: `uname -m`"
    echo "If you have any questions, please open a support request at:"
    echo -e "http://ltc.linux.ibm.com/support/ltctools.php.\n"
    exit 1
fi

formatted_echo "OK" 0
echo "Detected a RHEL $RELEASE $VERSION..." >> $IBM_RHSM_REG_LOG

## system is registered to the old RHN Satellite?
REGSTATUS=`rpm -q rhn-org-trusted-ssl-cert-1.0-10`
if [ $? -eq 0 ]; then
    echo "This system is registered to the old RHN Satellite. "
    echo -n "Would like to proceed and remove current associations? (y/n): "
    read PROCEED

    if [ "$PROCEED" != "y" -a "$PROCEED" != "Y" ]; then
        echo "Aborting..."
        exit 1
    fi
    yum remove rhn-org-trusted-ssl-cert-1.0-10 -y &>> $IBM_RHSM_REG_LOG
    sed -i 's/enabled\ =\ 1/enabled\ =\ 0/g' /etc/yum/pluginconf.d/rhnplugin.conf
fi

# Encode the username for use in URLs
FTP3USERENC=`echo $FTP3USER | sed s/@/%40/g`

# Encode user password for use in URLs
FTP3PASSENC=`echo -n $FTP3PASS | od -tx1 -An | tr -d '\n' | sed 's/ /%/g'`

echo -n "* Check the server certificate... "
rpm -qa | grep -s katello-ca-consumer > /dev/null
if [ $? -ne 0 ]; then
    formatted_echo "WARN" 2
    echo "The server certificate is not installed." >> $IBM_RHSM_REG_LOG

    echo -n "* -> Installing server certificate... " | tee -a $IBM_RHSM_REG_LOG
    echo >> $IBM_RHSM_REG_LOG
    rpm -Uvh http://rhs.linux.ibm.com/pub/katello-ca-consumer-latest.noarch.rpm &>> $IBM_RHSM_REG_LOG
    if [ $? -ne 0 ]; then
        formatted_echo "FAIL" 1
        echo "An error has occurred while trying to install the server certificate." >> $IBM_RHSM_REG_LOG
        echo "Aborting..."
        echo
        exit 1
    else
        formatted_echo "OK" 0
    fi
else
    formatted_echo "OK" 0
    echo "Server certificate is already installed." >> $IBM_RHSM_REG_LOG
fi

## Get activation key
# in case an existing key is not found, a new one will be created.
echo -n "* Searching for an activation key... "

ACTIVATION_KEY=`run_curl $FTP3USERENC $FTP3PASSENC`

if [ -z "$ACTIVATION_KEY" ]; then
    formatted_echo "FAIL" 1
    echo
    echo -n "An error has ocurred: "
    echo "No activation key."
    echo "There was a problem while creating your activation key."
    echo "Please, make sure you are connected to the IBM network and using a valid FTP3 account."
    echo "Aborting."
    echo
    exit 1
elif [ "$ACTIVATION_KEY" == "Account not found" -o "$ACTIVATION_KEY" == "Wrong username or password" ]; then
    formatted_echo "FAIL" 1
    echo
    echo "An error has ocurred: $ACTIVATION_KEY"
    echo "Please, make sure you're using the correct FTP3 username and password."
    echo "Aborting."
    echo
    exit 1
elif [ "$ACTIVATION_KEY" == "The account $FTP3USER does not have access to Red Hat content" ]; then
    formatted_echo "FAIL" 1
    echo
    echo "An error has ocurred: $ACTIVATION_KEY"
    echo -n "You may request access on the \"My Account\" page: "
    echo "https://ftp3.linux.ibm.com/myaccount/access.php."
    echo "Aborting."
    echo
    exit 1
fi
formatted_echo "OK" 0
echo "Activation key: $ACTIVATION_KEY" >> $IBM_RHSM_REG_LOG
echo "(You may copy this activation key for future use)" >> $IBM_RHSM_REG_LOG

## system registration
echo -n "* Registering the system... "
REGSTATUS=`subscription-manager register --org Default_Organization --activationkey="$ACTIVATION_KEY"`

if [ `echo $REGSTATUS | grep -c "The system has been registered"` -ne 1 ]; then
    formatted_echo "FAIL" 1
    echo "An error has occurred while trying to register the system."
    echo "You may try to register it later using the following command:"
    echo "subscription-manager register --org Default_Organization --activationkey=\"$ACTIVATION_KEY\""
    echo
    exit 1
else
    echo "System successfully registered!" >> $IBM_RHSM_REG_LOG
    formatted_echo "OK" 0
fi

## Disable all repositories
echo -n "* Disable all repositories... " | tee -a $IBM_RHSM_REG_LOG
echo >> $IBM_RHSM_REG_LOG

subscription-manager repos --disable=* >> $IBM_RHSM_REG_LOG
if [ $? -ne 0 ]; then
    formatted_echo "FAIL" 1
    #echo "An error has occurred while disabling all the repositories." >> $IBM_RHSM_REG_LOG
else
    formatted_echo "OK" 0
fi

## Enable RHEL 7 repositories
echo -n "* Enable RHEL $RELEASE repositories... " | tee -a $IBM_RHSM_REG_LOG
echo >> $IBM_RHSM_REG_LOG

arr=("-supplementary-" "-optional-" "-")
for REPO in "${arr[@]}"; do
    subscription-manager repos --enable=rhel-$RELEASE-${LABEL}${REPO}rpms >> $IBM_RHSM_REG_LOG
    if [ $? -ne 0 ]; then
        ENABLE_REPOS=0
    fi
done

if [ -z $ENABLE_REPOS ]; then
    formatted_echo "OK" 0
else
    formatted_echo "FAIL" 1
fi

SUCCESS=0

echo
echo "Registration completed!" | tee -a $IBM_RHSM_REG_LOG

exit 0
Posted by at No comments:

Tuesday, July 25, 2017

AWS Host Name Change

http://www.joshwieder.net/2016/01/setting-hostname-amazon-aws-ec2-rhel-centos.html

Setting a hostname for your Amazon AWS EC2 server running RHEL or CentOS 7

So it turns out that setting your AWS EC2 server's hostname to be persistent across reboots is a surprising pain in the ass, at least with my usual OS of choice - RedHat/CentOS Linux.

If you're like me, setting a hostname is the sort of trivial non-task that at this point you really feel like you dont need to RTFM to figure out. You know about `hostnamectl set-hostname`. You've tried `nmcli general hostname`. You've manually set /etc/hostname. None of its persists past a reboot. Which can make life very difficult for those planning to use EC2 for email or dozens of other tasks.

Here's how to do it the right way, the first time. I'll also describe some circumstances that setting your own hostname will break things, and why its such a hassle to get this done in AWS in the first place.

Amazon relies on cloud-init to manage a variety of initialization tasks for its cloud servers; cloud-init was originally built to support Ubuntu images, but it is now used for a variety of different Amazon distros, including RHEL, CentOS and "Amazon linux". cloud-init is manged through a series of configuration files and modules; you can use them to add SSH keys, setup chef & puppet recipes, install SSL certificates, and all sorts of stuff. Think of it as a very fancy kickstart script.

By default, Amazon resets your server's hostname to the Public DNS entry for the IP address assigned to your server. These default hosts look something like this: ec2-111-222-333-444.compute-1.amazonaws.com for an IP address 111.222.333.444. If you have an Elastic IP Address, this hostname can be viewed through your EC2 Console by navigating to Network & Security -> Elastic IPs. The hostname is viewable in the "Public DNS" column. Because of this behavior, all of the default methods for assigning a hostname to your server are over-ridden on reboot. There is no way to change the hostname through the EC2 Console after your server has been built.

Here's the part of the walk through where I describe some circumstances where messing with your hostname can break stuff. If you have not assigned at least one Elastic IP Address (EIP) to your server, I strongly advise against messing with your server's hostname. Without an EIP, Amazon changes your server's public IP, private IP and hostname to whatever is available at the moment in your region. I haven't tried it, but I strongly suspect that making the changes in this walkthrough without an EIP will either just not work or will break something. There may be circumstances where you would want to accomplish this; hacks probably exist but this walkthrough ain't it.

Here's what to do:


Update the /etc/hostname file with your new hostname:
    [centos@... ~]$ sudo vi /etc/hostname
Initially, this file will contain the hostname assigned by Amazon. Delete this value and replace it with your preferred hostname. With vi, you must enter "INSERT MODE" to make changes to a document by pressing the i key.
NOTE: the official Amazon walkthrough tells you to add your hostname like this: HOSTNAME=persistent_host_name - that is incorrect. The correct way is to just put your hostname in there; if you want your hostname to be www.example.com than the contents of /etc/hostname should be www.example.com. The official walkthrough also tells readers to use vim using the syntax #vim <filename>. Although installed by default with RHEL 7 & CentOS 7, vim has to be launched using #vi <filename>. 
Save and exit the vi editor. After you've made you're changes, press ESCAPE to exit INSERT MODE, then press SHIFT and : [colon] simultaneously to issue a command to the vi editor. Type wq, and then press Enter to save changes and exit back to the command prompt.

Update the /etc/hosts file with the new hostname.
    [centos@... ~]$ sudo vi /etc/hosts
Change the entry beginning with 127.0.0.1 to read as follows:
127.0.0.1 www.example.com localhost.localdomain localhost
Save and exit the vi editor.

Update the /etc/sysconfig/network file.
    [centos@... ~]$ sudo vi /etc/sysconfig/network
Update the /etc/sysconfig/network file with the following values:
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=www.example.com
Save and exit the vi editor.
Change your server's primary cloud-init configuration file
    [centos@... ~]$ sudo vi /etc/cloud/cloud.cfg
Add the following string at the bottom of the file to ensure that the hostname change stays after a reboot.
    preserve_hostname: true
NOTE: At the bottom of /etc/cloud/cloud.cfg, you may find a line that appears to be commented out, like this: # vim:syntax=yaml - the preserve_hostname line must go at the very bottom of the file, even beneath the commented out line, or else it won't work.
Save and exit the vi editor.
Run the following command to reboot the instance to pick up the new hostname:
    [centos@... ~]$ sudo reboot 
After you reboot your server, execute the hostname command to check that your changes have stayed put.
    [centos@... ~]$ hostname
The command should return the new hostname:
    [centos@... ~]$ hostname
    www.example.com

And that's about it, sports fans. I ripped off most of this from an Amazon KB article on the topic, with a few updates where the KB had some mistakes. This has been an issue with AWS for a while, and there appears to be a lot of confusion on the internet on how to get this accomplished, so I hope that by making this available more people will be able to get this resolved without wasting time.
Posted by at No comments:

Monday, July 10, 2017

tcpdump. tcprewrite


## Get TCP DUMP Capture for traps on port 162 using

 tcpdump -s8192 -w <file name-1 > udp port 162



## Run rewrite script against this dump file to change the MAC and IP Address

rewrite.sh <file name> <New file name>

you need to install a module called tcpreply from tcpreply.org



========================

## rewrite.sh

#!/bin/bash

tcprewrite --pnat 216.83.186.66/32:216.203.1.131/32 --dmac 08:00:20:d2:19:93  -i$1 -o$2

here ## I am changing the production trap server IP to 216.203.1.131 lab server ip and adding lb servers MAC ADDR.

$1 is captured file name and $2 is new capture file with lab servers IP and MAC address.

tvprewrite --pnat=<OLDIP>/32:<NEWIP>/32 --enet-dmac <NEW-MAC> -i <old-PCAP-File> -o <new-PCAP-File>



=======================


## read this new file to confirm if headers have changed

tcpdump -r <New file name> -vv ( TWO Vs)

tcpdump -r <pcap-File> -vv > readable.out

cat readable.out | awk '{print $3}' | sort | uniq  (this is to check what source ip sending data)

## Replay this file to genrate the traps

tcpreply -i etho -o <New file name>

This will send the traps to mttrapd probe running on port 162 on Lab server.

tcpdump -nvvv dst port 162



- I have seen mttrapd probe didn't process these alarms because the firewalld was running and blocking the traffic

systemctl stop firewalld
Posted by at No comments:
Subscribe to: Posts (Atom)