IGM IT

https://github.com/containers/libpod/blob/master/docs/source/markdown/podman-run.1.md

This link has the current podman run commands and switches. It’s ever evolving, but this is a solid link for seeing how to construct your command line.

Anything that doesn’t warrant a War & Peace explanation goes in here…

The command and a brief what it does and why would you want to.

First up querying what a package brings to the party – excess baggage that may require further exploration…

repoquery

repoquery --requires --resolve

Good for rpmfusion or other repo’s that may add in things that change base packages. It does require that the repo is in the yum configuration for it to query. The yum settings can be switched on and off so that future yum updates wont check that particular repo and install things without your knowledge. This requires that yum-utils is installed.

yum-config-manager

The –enablerepo option overides the permanent option set in the .repo file for only the current command. –disablerepo does the opposite for enabled repos.

If you install (or have installed) the yum-utils package then you can use yum-config-manager to permanently enable/disable repos without editing the file:

yum-config-manager --enable remi

will permanently enable the remi repo.

yum repolist all

will list all the repo id which you use with the –enable or –disable option.

one-off install from disabled repositories

By default yum installs only from the enabled repositories. For some reason if you like to install a package from a disabled repositories, use –enablerepo option in the ‘yum install’ as shown below.

yum --enablerepo=fedora-source install vim-X11.x86_64

RedHat Centos 7 firewall quickies

firewall-cmd --get-active-zones - Shows which zones you have and which interfaces

firewall-cmd --zone=public --add-port=2049/tcp --permanent - Adds nfs4 port 2049 to the firewall permanently

firewall-cmd --reload - Reload the firewall for the changes to take effect

firewall-cmd --zone=public --list-all - shows all the current rules, interfaces, ports etc

firewall-cmd --permanent --zone=public --add-port=80/tcp - add a port permanently web and tcp in this instance

firewall-cmd --zone=public --remove-port=80/tcp - remove a port 'The firewall giveth and the firewall taketh away!'

firewall-cmd --panic-on - exactly as advertised, shuts up shop

firewall-cmd --query-panic - what state is panic in? on or off

firewall-cmd --panic-off - open for business again

RedHat Centos 7 services quickies

systemctl start name.service - Starts a service
systemctl stop name.service - Stops a service
systemctl restart name.service - Restarts a service
systemctl reload name.service - Reloads configuration
systemctl status name.service - Checks if a service is running
systemctl is-active name.service - Checks if a service is running
systemctl list-units --type service --all - Displays the status of all services

systemctl enable name.service - Enables a service.
systemctl disable name.service - Disables a service.
systemctl status name.service - Checks if a service is enabled.
systemctl is-enabled name.service - Checks if a service is enabled.
systemctl list-unit-files --type service - Lists all services and checks if they are enabled.
systemctl list-dependencies --after - Lists services that are ordered to start before the specified unit.
chkconfig --list systemctl list-dependencies --before - Lists services that are ordered to start after

RedHat Centos 7 xrdp

yum install epel-release
yum install xrdp
systemctl enable xrdp.service
systemctl start xrdp.service
firewall-cmd --zone=public --add-port=3389/tcp --permanent
firewall-cmd --reload
restorecon -v /usr/sbin/xrdp
restorecon -v /usr/sbin/xrdp-sesman
reboot

Screen command

Delete a rogue screen session
screen -ls
screen -S <pid> -p 0 -X quit

rpm install by date query

rpm -qa --queryformat '%{installtime} (%{installtime:date}) %{name}\n' | sort -n | tail -5


miss off the tail to get a complete list 🙂

samba firewall

firewall-cmd –permanent –add-port=137/tcp
firewall-cmd –permanent –add-port=138/tcp
firewall-cmd –permanent –add-port=139/tcp
firewall-cmd –permanent –add-port=445/tcp
firewall-cmd –permanent –add-port=901/tcp

firewall-cmd –reload

Man page to nicely formatted PDF

For when you absolutely have to have a nicely printed Man page to scribble all over at the machine in question..

man -t <man page you want in here> | ps2pdf - man-page-name.pdf

List disk usage/folder sizes in order

du -xh * | sort -rn | head -20

fsck check

The dreaded ‘non shall pass’ when a system hasn’t been shutdown correctly or a drive is failing.

Run fsck without -a or -P

Look at the file system it is complaining about – probably one that is in device-mapper and write down the path. Then: –

fsck /dev/mapper/device/in/the/warning/message

and follow the prompts as they come up on the screen to repair the affected system.

run process as other user to see ‘their’ issues

as root: –
su <uid>

ls and see different date format

ls -l –time-style=full-iso

Find your external I.P address

curl ifconfig.me

eMedLab VPN Access via Cisco AnyConnect VPN Client and Centos 6.8

This document is meant as a guideline for connecting a remote Centos 6.8 Desktop machine through eMedlabs Cisco VPN and connect to the Ubuntu terminal to gain access to the eMedLab HPC Cluster.

Where input is required from the end user to type into a terminal it is shown as boxed out Preformatted text.

Preformatted text example

Installation of Centos 6.8 Graphical Desktop with updates and repositories

Install Centos 6.8 x86_64 – http://isoredirect.centos.org/centos/6/isos/x86_64/

Select the Desktop option when prompted and the installation will proceed until you are prompted to create a User Account, add or amend the  NTP service for time synchronization and finally prompting for a restart.

Restart the machine and log in as root.

From the Desktop Menu select Applications > System Tools > Terminal

At the command prompt type in: –

yum update

The machine will come back with any packages that need updating to which respond ‘Y’ to install. After that has completed type in: –

yum install epel-release

Respond ‘Y’ to install the epel repository (Extra Packages for Enterprise Linux)

Creation of Public and Private ssh keys

Log out from your root session and log in as the user account you created earlier. To create the ssh passwordless login you need to create a public and private key pair to send to eMedLab along with your request for a login account on the Cisco VPN Gateway.

From the Desktop Menu select Applications > System Tools > Terminal

At the command prompt type in: –

ssh-keygen -t rsa -f ~/.ssh/id_rsa.eMedLab

This creates two files in your /home directory in a hidden subdirectory .ssh

.ssh/id_rsa.eMedLab
.ssh/id_rsa.eMedLab.pub

The first one is your private key which you keep to yourself, the second one with the .pub extension is your public key and is the one to email to eMedLab. This key pair can be copied between multiple Linux machines and is named as eMedLab so that you can keep a handle of which key belongs to which service should you ever have a future need for a key pair for a different server at a different facility.

Installation of the Cisco AnyConnect VPN Client

Log in as root and from the Desktop Menu click the Firefox Icon .

browse to https://vpn.emedlab.ac.uk

From the drop down menu select your Group and enter the Username and Password provided by eMedLab for the Cisco VPN gateway: –

Click the Login button.

You should then see the following menu: –

Click the AnyConnect button in the lefthand menu..

Click the Start AnyConnect button.

The java automatic connection will try and connect and fail and give you the option to manually download the software as above. Click the AnyConnectVPN link to download to your machine. The default download location is /root/Downloads – we need to know this location for installation as it needs to be modified.

From the Desktop Menu select Applications > System Tools > Terminal

At the command prompt type in the following: –

cd /root/Downloads
chmod +x vpnsetup.sh
./vpnsetup.sh

The script will run to completion ending with a Done! as below, there is no user interaction required.

**Centos 7 installation requires package pangox-compat to be installed for the graphical user interface**

There will now be a new icon for the VPN in Applications > Internet > Cisco AnyConnect Mobility Client > Cisco AnyConnect Mobility Client as below: –

Follow the menu path and click on Cisco AnyConnect Mobility Client as above. You will be presented with the following Window: –

Fill the Connect to: details in as vpn.emedlab.ac.uk
Click the two yellow cog button at the end of the Connect to: Dialog Box and adjust as per the second picture.

Click Connect

You will then be prompted for your Cisco AnyConnect Group, Username and Password as before, fill those details in and click Connect.

The vpn will come up and say connected as below: –

At this point you can then connect to the Ubuntu server at eMedLab with the second Username you have been given by eMedLab. You shouldn’t have to use a password to connect, it should use your keyless pair that we created.

From the Desktop Menu select Applications > System Tools > Terminal

shh username@10.2.213.130

The picture below shows all the connections up with a session into the Ubuntu machine

The connection can also be brought up as an ordinary user, but there is only one person allowed at a time as far as I have found so far. This means that each user who can access the machine must bring down the vpn after use if someone else requires access.

Once the link has been established once, it also appears to skip a stage and go directly to the Group setting and fail to connect. This can be overridden by stipulating vpn.emedlab.ac.uk in the Connect to: dialog box where it will prompt you for the vpn gateway Username and Password. You may be prompted that it is an insecure connection in which case click the Connect Anyway button