IP alias on CentOS6:"SIOCADDRT: No such process"

I just added an ip alias in my CentOS box by creating ifcfg-eth0:0 file with following content:

DEVICE=eth0:0

IPADDR=192.168.111.77

NETMASK=255.255.255.0

NETWORK=192.168.111.0

ONBOOT=yes

But after restarting network service I got following output:

Shutting down interface eth0:                [ OK ]

Shutting down loopback interface:            [ OK ]

Bringing up loobback interface:               [ OK ]

Bringing up interface eth0:  SIOCADDRT: No such process

                                             [ OK ]

The root cause is that the ifup procedure would like to add the default route to this alias, but the gatewa address is missing.
To get rid of this mistic message just give the gateway address to config by addiing following line in the alias interface config file:

GATEWAY="192.168.111.254"

Or of you do not need/have default gateway simply add:

GATEWAY=""

If you have a lot of aliases on a parent interface then you can add following line in parent interface config (ifcfg-eth0 in my case)

NO_ALIASROUTING=yes

After that the network restarted without the strange message.
Hope this helps somebody.

Create local CentOS repository

If you have to install a lot if machines with CentOS or you just play with kickstart script you should create a local repository to speed the process up. All you need as prerequisite is a configured web server and a script which copies the changes only from the public repository.
This script handles the CentOS and EPEL repository as well.

Here comes the script:

# cat > /usr/local/bin/repo-sync.sh
#!/bin/bash

rsync=/usr/bin/rsync
rsyncopts='--progress -avHSP --bwlimit=512 --delete'
rsyncexcl='--exclude=openoffice*.rpm --exclude=fonts-chinese*.rpm 
--exclude=fonts-japanese*.rpm --exclude=fonts-korean*.rpm 
--exclude=libreoffice*.rpm --exclude=firefox*.rpm 
--exclude=thunderbird*.rpm --exclude=ImageMagick*.rpm --exclude=/SRPMS/ 
--exclude=/headers/ --exclude=*.src.rpm --exclude=*.drpm 
--exclude=*-debuginfo-*.rpm --exclude=/debug/ --exclude=/repoview/'

if [ -f /var/lock/subsys/repo-sync ]; then
    echo "Updates via rsync already running."
    exit 0
fi

mirror=ftp.fsn.hu::linux/centos
verlist="6 5"
archlist="i386 x86_64"
baselist="updates os"
local=/var/www/html/mirror/centos/

for ver in $verlist; do
  for arch in $archlist; do
    for base in $baselist; do
      echo "==================================="
      echo "===== CentOS $ver/$base/$arch ====="
      echo "==================================="
      lrepo=$local/$ver/$base/$arch
      /bin/mkdir $lrepo 2> /dev/null
      /bin/touch /var/lock/subsys/rsync_sync
      remote=$mirror/$ver/$base/$arch/
      $rsync $rsyncopts $rsyncexcl $remote $lrepo
      newpkgs=`/usr/bin/find $lrepo -ctime -1 | wc -l`
      if [ $newpkgs -gt 0 ]; then
       /usr/bin/createrepo $lrepo #>> /dev/null
      fi
    done
  done
done

mirror=ftp.linux.cz::pub/linux/fedora/epel
verlist="6 5"
archlist="i386 x86_64"
baselist="."
local=/var/www/html/mirror/epel/

for ver in $verlist; do
  for arch in $archlist; do
    for base in $baselist; do
      echo "==================================="
      echo "===== EPEL $ver/$base/$arch ====="
      echo "==================================="
      lrepo=$local/$ver/$base/$arch
      /bin/mkdir $lrepo 2> /dev/null
      /bin/touch /var/lock/subsys/rsync_sync
      remote=$mirror/$ver/$base/$arch/
      $rsync $rsyncopts $rsyncexcl $remote $lrepo
      newpkgs=`/usr/bin/find $lrepo -ctime -1 | wc -l`
      if [ $newpkgs -gt 0 ]; then
       /usr/bin/createrepo $lrepo #>> /dev/null
      fi
    done
  done
done

Ctrl-D

Some explanation:
- there are some exclusions at the beginning of the script because I do not need any graphical programs for servers
- you should replace mirror hosts and path with one which is closer to you
- be sure that you choose a mirror which supports rsync protocol. http and/or ftp is not necessary for this script. - you can select which version (verlist) and which architecture (archlist) to sync

Amazon ec2 dynamic ip updater

How to setup ddclient on Centos machine running in Amazon EC2 to update it's public ip address to dyndns-like services.

1. Install ddclient from EPEL repository
$ sudo yum install ddclient
2. modify/add following lines in /etc/ddclient.conf:

use=cmd, cmd='curl http://169.254.169.254/2007-08-29//meta-data/public-ipv4'
server=no-ip.org
login=noipuser
password=noippassword
yourhostname=no-ip.org

Some explanation on "use" line: this is the recommended way to get the public ip address of the running machine.

3. Start ddclient service:

$ sudo /etc/init.d/ddclient start

4. Do not forget to set ddclient's default runlevels to start after reboot

$ sudo chkconfig ddclient on

That's all.

UPDATE:
It seems that dynupdate.no-ip.com does not accept SSL traffic other than TLSv1.
T workaround this put following line to /usr/sbin/ddclient after 1864th line:
            SSL_version => 'TLSv1',

The diff between orig and new file will lokk like this:

# diff -u ddclient.orig ddclient
--- ddclient.orig       2012-10-27 10:06:10.000000000 +0200
+++ ddclient    2012-10-27 09:49:56.000000000 +0200
@@ -1861,6 +1861,7 @@
             Proto => 'tcp',
             MultiHomed => 1,
             Timeout => opt('timeout'),
+            SSL_version => 'TLSv1',
         );
            defined $sd or warning("cannot connect to $peer:$port socket: $@ " . IO::Socket::SSL::errstr());
     } else {

Thanks to https://bugs.archlinux.org/task/30280

Do not forget to re-apply this patch after updating ddclient!

Leap seconds on CentOS6/RHEL6 masterclock

Setting up handling leap seconds on Centos6/RHEL6

1. Download actual leapseconds file
# cd /etc/ntp
# wget ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.*
2. Make a symlink to the downloaded file
# ln -s leap-seconds.3535142400 ntpkey_leap
3. Generate host keys for ntpd
# ntp-keygen -H -p password
Using OpenSSL version 10000003
Generating RSA keys (512 bits)...
RSA 0 0 2       1 11 24 3 1 2
Generating new host file and link
ntpkey_host_ntptest->ntpkey_RSAkey_ntptest.3550552917
Using host key as sign key
Generating certificate RSA-MD5
X509v3 Basic Constraints: critical,CA:TRUE
X509v3 Key Usage: digitalSignature,keyCertSign
Generating new cert file and link
ntpkey_cert_ntptest->ntpkey_RSA-MD5cert_ntptest.3550552917
4. Add following lines to the ntpd.conf:
# echo >>/etc/ntpd.conf
keysdir /etc/ntp
crypto pw password
5. Restart ntpd
# /etc/init.d/ntpd restart
6. Check results
# ntpq -c "rv 0 leap,tai,leapsec,expire,update"
assID=0 status=4944 leap_add_sec, sync_telephone, 4 events, event_peer/strat_chg, leap=01, update=201206302154, leapsec=201201100000, tai=34, expire=201207061434


# ntpq -c "rv 0" | egrep "(update|leapsec|expire)"
assID=0 status=4944 leap_add_sec, sync_telephone, 4 events, event_peer/strat_chg, leap=01, update=201206302154, leapsec=201201100000, tai=34, expire=201307061434 
Note that there can be a bug because two different commands give two different values for expire.


After leap second event ntpq output looks like this. Main differences to previous state are shown in green.
assID=0 status=0944 leap_none, sync_telephone, 4 events, event_peer/strat_chg, leap=00, update=201206302154, leapsec=201201100000, tai=35, expire=201307061434 

Kernel log reports leap second insertion as follows:
Jul  1 01:59:59 ntptest kernel: Clock: inserting leap second 23:59:60 UTC
Note that the leap second insertion is at UTC midnight.

Updating leapseconds file.

Last but not least: DO NOT FORGET to check newly published leap seconds file regularly!
Here is the latest announcement about leap second insertion.
If it refers to a newer leap second than your configured leapsecond file you sholud repeat 1-2 steps above.
ntpd doesn not need to be restarted because it will re-read the ntp_leap file on daily basis.

Jumpstart on CentOS

Jumpstart on CentOS5 howto

We have an old Sun Netra machine and we would like to install Solaris 10 on it. Unfortunately this machine is built with cdrom and we was'nt able to find any Soalris 10 cdrom ISO. I tried to change the drive to a dvd drive from an Sun Fire V490 but it was not not detected: probe-ide-all did not show any drive.
There is no chance to avoid building JumpStart server but we do not have another Sun hw to do this.
Let's try Linux. My first though was CentOS6 but it lacks of old rarpd, bootparamsd. I did some research to find out that CentOS5 contains these daemons as well.
In the following example there are two machines:
JumpStart server hostname: jumpstart, ip address: 192.168.10.100
JumpStart client hostname: netra, ip address: 192.168.10.200

Prerequisites

1. Install CentOS5 minimum environment: I have kickstarted: %packages --nobase and @core group
2. Install necessary services:
# yum install gdb nfs-utils rarpd tftp-server bootparamd tcpdump
# for services in "nfs portmap rarpd bootparamd tftp"
do 
  chkconfig $ service on
done
3. Disable unnecessary services:
# for services in "iscsi iscsid kudzu rawdevices restorecond mcstrans lvm2-monitor"
do 
  chkconfig $ service off
done

Setup JumpStart Server

1. Add server entry to hosts file
# echo '192.168.10.100 jumpstart' >> /etc/hosts
2. To successfully run setup_install_server script make some soft links and create mach "utility":
# ln -s /bin/tar /bin/bar
# ln -s /bin/sed /usr/bin/sed
# ln -s /usr/bin/gdb /usr/bin/adb
# echo '#!/bin/bash' > /bin/mach
# echo 'uname -p' >>/bin/mach
# chmod 755 /bin/mach
3. Copy install files to install directory
# mkdir /media/cdrom
# mount /dev/cdrom /media/cdrom
# cd /media/cdrom/Solaris_10/Tools
# mkdir -p /var/js/install
# ./setup_install_server /var/js/install
4. Configure and start NFS service
Disable NFSv4
# sed -i 's/#RPCNFSDARGS=\"-N 4\″/RPCNFSDARGS=\"-N 4\″/' /etc/sysconfig/nfs
Export /var/js/install
# echo '/var/js/install 192.168.10.0/24(ro,no_root_squash,async,no_subtree_check)' >> /etc/exports
Start NFS service
# service portmap start
# service nfs start
Test NFS service
# mount jumpstart:/var/js/install /mnt
You shoud see the mount point in the 'df -h' output.
5. Enable tftpd in xinetd
# sed -i 's/disable\t\t\t= yes/disable\t\t\t= no/' /etc/xinetd.d/tftp
# service xinetd restart
6. Copy inetboot images to tftpd's directory
# cp /var/js/install/Solaris_10/Tools/Boot/platform/sun4u/inetboot /tftpboot/inetboot.sun4u
# cp /var/js/install/Solaris_10/Tools/Boot/platform/sun4us/inetboot /tftpboot/inetboot.sun4us
# cp /var/js/install/Solaris_10/Tools/Boot/platform/sun4v/inetboot /tftpboot/inetboot.sun4v

Add client related config

1. Add an entry to hosts file
# echo '192.168.10.200 netra' >> /etc/hosts
2. Add an entry to rarpd's config file /etc/ethers
# echo '8:0:20:aa:bb:cc netra' >> /etc/ethers
Make sure that you modify the MAC address according to your machine's address
3. Configure bootparamd
# echo 'netra root=jumpstart:/var/js/install/Solaris_10/Tools/Boot \
install=jumpstart:/var/js/install boottype=:in' >> /etc/bootparams
4. Configure TFTP service
Calculate client's ip address in hex format:
# printf %02x 192 168 10 200|tr a-z A-Z
C0A810C8
# cd /tftpboot
# ln -s inetboot.sun4u C0A810C8
Make the link to the appropriate inetboot platform file (sun4u in this example)

Boot the client

ok boot net -v - install

Troubleshooting

If you get something like following, you should disable NFSv4 in nfs config:
root directory: /var/js/install/Solaris_10/Tools/Boot

boot failed
Enter filename [boot_archive]:

Thanks to following sites:

http://linax.wordpress.com/2009/06/09/linux-as-a-solaris-jumpstart-server/
http://hintshop.ludvig.co.nz/show/solaris-jumpstart-linux-server/