Arvin's Howtos

Intro:

Redhat and most major Linux distros such as Suse have adapted new Linux Kernel 3. Since release of Red Hat Enterprise Linux 7, Redhat replaces Linux Kernel 3 with the legacy kernel 2.6 in RHEL 6.7 and prior versions. Kernel 3 has improved handling of system services and runlevels. Kernel 2.6 System V "init" script for managing runlevels and "service", "chkconfig" commands for managing services have been replaced with "systemd" in Kernel 3.


Essential Commands:

I have collected a list of useful new commands to manage services, startup processes and runlevels for Linux Kernel 3.

Starting a service

Previously in RHEL 6 and prior:

# /etc/init.d/auditd start
Starting auditd:                                           [  OK  ]

Now in RHEL 7:

# systemctl start vsftpd.service


Stopping a service

Previously in RHEL 6 and prior:

# /etc/init.d/vsftpd stop
Stopping vsftpd:                                           [  OK  ]

Now in RHEL 7:

# systemctl stop vsftpd.…

I've installed FreeIPA for central user management in Linux RHEL 6.5, other servers were connected to it as clients and doing user authentication and authorization correctly.

For some reasons, I decided to uninstall the server and reinstall it back.

However, this time after server reinstallation, I couldn't add other servers as client to FreeIPA and it fails with following error:

# ipa-client-install --domain=example.eu --server=vm1.example.eu --realm=EXAMPLE.EU -p admin  --password=123 --mkhomedir --hostname=vm1.example.eu

LDAP Error: Connect error: TLS error -8054:You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
LDAP Error: Connect error: TLS error -8054:You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
Failed to verify that ipaserver.example.eu is an IPA Server.
This may mean that the remote server is not up or is not reachable due to network or fi…

I have some servers in  my test environment which they have same hostanme.
It is kind of contradict to add them to puppet master as agents send certificate to be signed to master based on their hostnames. So if 2 servers have same hostname, they generate same certificate name and send to puppet master which obviously there is no way for master to differentiate them.

Solution:
We can define the certificate name for agent in its puppet config file, so we can give different certname than the hostname, and master can see those agents as though they have different hostnames.


1. Delete current agent certificates:

# rm -rf /var/lib/puppet/ssl/*


2. Define the certificate name in agent puppet config. If agent's hostname is client.example.com then:

# echo "certname=clientX.example.com" >> /etc/puppet/puppet.conf 


3. Restart puppet service in agent node:

# /etc/init.d/puppet restart


4. You should see new certificate ready to be signed in master with the "clientX" certif…