For some reason, Red Hat’s CDN will throttle Beta ISO downloads to a crawling 1.6Mbps, and if you are downloading a big ISO this will take several hours.

The solution I found was to use the Aria2 download manager with multiple connections.

The download speed increases to something more acceptable (5-10Mbps).

All, Sorry if this is a dumb question but if a server is running redhat on the backend and the service it is running has a gui interface, the accounts would still be stored in the /etc/passed file right?

Attending and i don't want to pay full price. please pm.

I am trying to download the latest RHEL 9.4 beta DVD ISO, as I use a 500Mbps fiber connection, this should be really fast…

And initially it is… the download reaches up to 65MB/s (650Mbps)…

However, by the time the download reaches the 1 minute 47 sec remaining mark… the download speed is abruptly cut off to about 913kbps-1.3Mbps… and stays there.

Is there a way to avoid this speed drop?

So I downloaded ansible navigator by following this guide : https://ansible.readthedocs.io/projects/navigator/installation/

I have podman installed already. Anyways after I finished the steps, it works. But when I try to do sudo ansible-navigator, it says that the command is not found.

Even worse, when I reload/refresh the terminal, I got the same error where command is not found (on the normal user which previously worked)

Anyone encountered this before? Im lost on how to solve this :(

https://youtube.com/live/oSTsn-QhM-0?feature=share

We're tackling a crucial topic in the world of Red Hat Enterprise Linux: SELinux. We’ll discuss the purpose of SELinux and why disabling it isn’t the best answer!

From understanding its role in enhancing system security to debunking common misconceptions, this episode is your guide to harnessing the power of SELinux for a robust and resilient Linux environment.

Whether you're a sysadmin, developer, or Linux enthusiast, don't miss out on this insightful discussion that could transform the way you approach system security.

Join us Friday, April 5th at Noon Eastern for our 102nd episode of Into the Terminal to learn more!

I am responsible for performing patch management validation per a regulatory requirement.

Every month, a listing of packages is generated, and I have to check, then sign-off, on each...and...every...one package. To date, there are an estimated 1500 packages (varies from month to month - some less, some more) that must be checked - MANUALLY.

Red Hat has a website: https://access.redhat.com/security/security-updates/security-advisories

I'd like to generate a TEXT-ONLY listing of ALL patches released by Red Hat for THAT specific package (patch name 'RHSA-', date of release, etc.) so I can compare it against the massive listing of packages identified for THAT MONTH.

The company that I work for have roughly 160+ servers using practically ONE version (there are 2 other versions that are deployed), so validating the patches against the packages on these servers is important.

We *do* have a valid Red Hat account; however, our IT department are idiots, and trying to explain something like this to them, which should be something simple for patch management, escapes them. To them, they just automatically apply the patches once every month...WITHOUT documenting anything.

HOWEVER, our regulator requires us that WE MUST go through each...and...every...one of them, sort them, document them, and have a record that we've processed them for each...and...every month.

I know that there's an API to do this - or partially some of this.

Does anyone have any idea how I can streamline this process?

Currently, it takes me 3-4 DAYS to go through each...and...every...one of those packages - 100% MANUALLY. I'd like to get this down to 1/2 of a day.

Thoughts?

​

Mucho appreciato. TIA.

-rad

I currently have Red Hat Enterprise Linux 7 installed on a laptop that’s not connected to the internet. Is it possible to install sftp using the “yum install openssh-server” command? Or would I need an internet connection for this to work? Thanks.

Wondering if anyone has seen this error message or knows of a way to fix and/or around it.

This is with RHEL8 EC2 w/podman 4.6.1. Trying to log into a remote registry Iron Bank with the following url: registry1.dso.mil . Keep getting the following error message:

Error: authenticating creds for "registry1.dso.mil": pinging container registry registry1.dso.mil: Get "http://registry1.dso.mil/v2: dial tcp 15.xxx.xx.xx:443: i/o timeout

​

I can curl against the url successfully.

curl -lv https://registry1.dso.mil

<!DOCTYPE html>

<html>

<head>

<meta charset="utf-8"/>

<title>Harbor</title>

<base href="/"/>

<meta name="viewport" content="width=device-width, initial-scale=1"/>

<link rel="icon" type="image/x-icon" href="favicon.ico?v=2"/>

<link rel="stylesheet" href="styles.75cb4562f0127450.css"></head>

<body>

<harbor-app>

<div class="spinner spinner-lg app-loading app-loading-fixed">

Loading...

</div>

</harbor-app>

<script src="runtime.c91c300a097cc84a.js" type="module"></script><script src="polyfills.67cfd31b2752cc11.js" type="module"></script><script src="scripts.3846d86d42cdb753.js" defer></script><script src="main.f7a544fe4e538860.js" type="module"></script></body>

</html>

​

If using the --log-level=debug doesn't really provide any more detailed info (only showing the errors):

DEBU[0015] Looking for TLS certificates and private keys in /etc/docker/certs.d/registry1.dso.mil

DEBU[0015] GET https://registry1.dso.mil/v2/

{{DEBU[0045] Ping https://registry1.dso.mil/v2/ err Get "https://registry1.dso.mil/v2/": dial tcp 15.XXX.XXX.XXX:443: i/o timeout (&url.Error

​

{Op:"Get", URL:"https://registry1.dso.mil/v2/", Err:(*net.OpError)(0xc0001bc960)}

)}}

DEBU[0045] GET https://registry1.dso.mil/v1/_ping

{{DEBU[0075] Ping https://registry1.dso.mil/v1/_ping err Get "https://registry1.dso.mil/v1/_ping": dial tcp 15.XXX.XXX.XXX:443: i/o timeout (&url.Error

​

{Op:"Get", URL:"https://registry1.dso.mil/v1/_ping", Err:(*net.OpError)(0xc0007c9130)}

)}}

Error: authenticating creds for "registry1.dso.mil": pinging container registry registry1.dso.mil: Get "https://registry1.dso.mil/v2/": dial tcp 15.XXX.XXX.XXX:443: i/o timeout

DEBU[0075] Shutting down engines

​

Red Hat has just released this security alert for the upstream Fedora project.

https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

The link above contains this verbiage:

Yesterday, Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access. Specifically, this code is present in versions 5.6.0 and 5.6.1 of the libraries. Fedora Linux 40 users may have received version 5.6.0, depending on the timing of system updates. Fedora Rawhide users may have received version 5.6.0 or 5.6.1. This vulnerability was assigned CVE-2024-3094.

​

ITT 101

https://youtube.com/live/MkJH-Uat_S4?feature=share

In our recent workloads arc, we have been discussing how to deploy different workloads on top of RHEL. This week, we wrap up that discussion by walking through the deployment of an open-source WordPress website. From setup to deployment, we'll walk you through the process step-by-step, showcasing how RHEL provides the perfect foundation for your WordPress projects.

Whether you're a seasoned developer or just starting out, this episode is your guide to leveraging the open-source ecosystem with RHEL for seamless WordPress deployments.

#IntoTheTerminal #RHEL #WordPress #OpenSource

- - - - -

Critical Administration Skills for Red Hat Enterprise Linux: Whether you are new to Linux or new to RHEL, join our hosts for a hands-on look into the commands and processes, ask questions, and grow your knowledge.

Get Started with Red Hat Enterprise Linux: https://developers.redhat.com/register

Try it for yourself: https://redhat.com/interactive-labs

Continue the conversation: https://www.reddit.com/redhat

Nate Lager: https://twitter.com/gangrif

Scott McBrien: https://twitter.com/Stabby_Mc

Commands used:

podman, dnf, systemctl, wget, mysqladmin, mysql, vim, chown

Chapters

00:00 Stream start

00:15 Introduction

00:59 Installing WordPress in 5 Minutes

07:13 Welcome

09:38 Installing WordPress

17:11 Configuring WordPress

21:33 Filesystem Permissions

27:39 Securing WordPress

31:28 Wrap up

Recently we have been looking into migrating out of ESXI for our edge sites. One of the biggest contenders for us is running KVM on RHEL. We are big fans of immutable operating systems for security reasons. So we started looking into RHEL for edge, I have been diving into the documentation of RHEL for edge but I don't find any information on if it is possible to run KVM on RHEL for edge.

Is there anyone who knows this or is there anyone who can provide me a list of the limitations of RHEL for edge?

I am going to start an internship with redhat soon. I would like to know how is the work environment looks like? Any strategies to work on to convert into full time job? Thank you

Using collection redhat.satellite module: host_info.

I think its weird but apparently this fact: ['host']['facts']['ansible_all_ipv4_addresses'] coming from redhat.satellite.host_info collection/module in Ansible. I did ask this question to the Ansible group also.
Of course i could go fishing for another fact which also has the ipv4 address but my concern is that it will move again.

Seems weird to me that that really happened but my script did not change so ...

Hi.

Yesterday I tried a leapp upgrade from 7.9 -> 8.9 - it went well.. However I noticed a few missing packages, like pacemaker, corosync, etc - this is no major issues as I can install rhel8 versions.

My question is how can i see a list of all packages that were removed - i've tried looking in /var/log/leapp but cannot see an obvious list - can anyone help ?

Also can i see a list of packages to be removed in the preupgrade report ?

Thanks

edit : This is resolved - thanks

A bit new to redhat and I'm tryjng to upgrade unbound-libs from 1.16 to 1.19. I run rpm -q unbound-libs and I see the package there. I try to run rpm -U unbound libs and I get an error stating No such file or directory. What am I missing? Tried installing pip but it does not know the package

Does anyone know if it is possible to install edr software on RHEL Satellite servers? I was told that you need a special RPM package but that doesn't make sense. ie. Crowdstrike, SentinelOne

Hi guys,

just downloaded redhat enterprise linux for x86_64 9.3 Full instalation image and after i finished the installation I saw that it’s a Desktop version.

Didn’t see a server edition for rhel9, its not available ? comes just with desktop version? If i select Server edition only older versions appear till 7.9 which i currently use …

Thanks in advance

Has anyone encountered this error?

https://preview.redd.it/ajrjw98m9vqc1.png?width=634&format=png&auto=webp&s=f92e2ada0cc8c5838fd1b527a52bed51ae1c5c9b

[SOLVED]

Hi all,

we're currently trying to upgrade a rhel7 server to rhel8 using leapp following the official documentation from redhat. The upgrade process itself works, but it keeps removing third party software packages what basically makes the server useless after the upgrade.

Is there a way to prevent leapp from removing those packages?

(little more information if helpful: this server was a CentOS 7 system which we converted using convert2rhel. After conversion the server and software were working fine. But after the upgrade to rhel8 the software we had installed under CentOS was gone.)

Any help is appreciated!

Edit:

SOLVED

Thanks for your answers!

SOLVED: from u/unilir - "Satellite currently only supports RHEL 9 clients. The Satellite server has to be running RHEL 8." - Thank you!

Good Morning RedHatters,

Forgive my ignorance, I am still new to the RH world and learning all the time. I have been tasked with setting up a new RHEL9 environment. However, I am currently running into a roadblock.

I am currently following this RedHat Satellite installation guide - but, upon reaching section 3.4 ("Configuring Repositories") I get stopped because of two things.

The guide references the highest version being RHEL8, so I changed the 8 to a 9 in the following commands trying to account for a possibly outdated guide:

subscription-manager repos --enable=satellite-6.14-for-rhel-9-x86_64-rpms

subscription-manager repos --enable=satellite-maintenance-6.14-for-rhel-9-x86_64-rpms

When running subscription-manager repos --list | grep satellite I get the following output:

[root@satellite ~]# subscription-manager repos --list | grep satellite
Repo ID:   satellite-client-6-for-rhel-9-x86_64-source-rpms
Repo ID:   satellite-client-6-for-rhel-9-x86_64-eus-rpms
Repo ID:   satellite-client-6-for-rhel-9-x86_64-rpms
Repo ID:   satellite-client-6-for-rhel-9-x86_64-debug-rpms
Repo ID:   satellite-client-6-for-rhel-9-x86_64-eus-debug-rpms
Repo ID:   satellite-client-6-for-rhel-9-x86_64-eus-source-rpms

However, the repositories it references in the guide don't appear to exist in the current Satellite Infrastructure subscription for RHEL9? I am unsure if the repository names were re-named in RHEL9. As well dnf module enable satellite:el9 doesn't appear to be a thing.

So, dumb question: is Satellite 6.14.2 supported on RHEL 9(.3)?

Cheers for any help!

Looking for some possible troubleshooting advice on getting a RHEL8.9 VM to communicate with the rest of my network on ESXI6.7u2.

Here are the facts: I have multiple rhel7 machines running and currently communicating fine. I built the new one and have mirrored the network settings to the others. It is using e1000 as the adapter type, auto generates the mac, and shows its connected. I also used the other machines VMX files and compared to the new one to make sure everything matches (except device specific things, such as mac address) I have also tried using vmxnet3 and e1000e as the adapter types and still no dice. Inside of the RHEL8.9vm I have used different MTU settings to no avail as well. I noticed when looking at the network options in the RHEL 7 machines, it shows VMware Ethernet above the profile. Note this is not the name given to the profile, but like the machine knows it is VMware ethernet. RHEL 8.9 just shows the profile name.

When I look at my VM network using either vSphere client I can see the device is showing its sitting on that network, along with the others.

The networking team has verified there end on physical devices to make sure there are no rules blocking the connection etc.

VMware Tools has been installed on the new machine as well.

VM compatibility guide states 6.7u2 is compatible with RHEL8. Before anyone says anything, I know this is outdated as hell, but upgrading is out of my hands.

Hi all,

I am new to Linux Systems and recently I got some errors that look something like this.

Problem 1: module perl-App-cpanminus:1.7044:8010020190322100642:7ba85dc7.x86_64 from rhel-8-for-x86_64-appstream-rpms requires module(perl:5.32), but none of the providers can be installed

• module perl:5.32:8060020211122091432:e82d91b1.x86_64 from rhel-8-for-x86_64-appstream-rpms conflicts with module(perl:5.26) provided by perl:5.26:820181219174508:9edba152.x86_64 from rhel-8-for-x86_64-appstream-rpms

• module perl:5.26:820181219174508:9edba152.x86_64 from rhel-8-for-x86_64-appstream-rpms conflicts with module(perl:5.32) provided by perl:5.32:8060020211122091432:e82d91b1.x86_64 from rhel-8-for-x86_64-appstream-rpms

• conflicting requests

Problem 2: module perl:5.32:8060020211122091432:e82d91b1.x86_64 from rhel-8-for-x86_64-appstream-rpms conflicts with module(perl:5.26) provided by perl:5.26:820181219174508:9edba152.x86_64 from rhel-8-for-x86_64-appstream-rpms

• module perl:5.26:820181219174508:9edba152.x86_64 from rhel-8-for-x86_64-appstream-rpms conflicts with module(perl:5.32) provided by perl:5.32:8060020211122091432:e82d91b1.x86_64 from rhel-8-for-x86_64-appstream-rpms

• module perl-App-cpanminus:1.7044:8060020211122110049:7ba85dc7.x86_64 from rhel-8-for-x86_64-appstream-rpms requires module(perl:5.32), but none of the providers can be installed

• module freeradius:3.0:820190131191847:fbe42456.x86_64 from rhel-8-for-x86_64-appstream-rpms requires module(perl:5.26), but none of the providers can be installed

• conflicting requests

I tried to search a lot for solutions online but nothing worked. I would appreciate any thoughts on how to fix this.

Thank you in advance.

I am working on first identity management server for learning and am new to PKI, IDM, and authentication protocols. I have a few questions. Sorry, English is not my first language.

I setup RHEL 9 IdM server and also installed FreeRADIUS. I want to configure things like my NAS storage to authenticate using LDAPS to the IdM server, and learn to setup switch port security and Wifi security using RADIUS. I have am been reading articles, but I am having problems understanding some things.

1. I want to use LDAPS instead of LDAP. I installed CA on IdM server, so I use those certificates. This means that IdM is ready to accept LDAPS queries? For LDAPS authentication on services like my NAS, do I have to copy over certificates from IdM server to NAS, or does NAS make certificate request and automatically get certificates? Should I disable regular LDAP on IdM for security or is ok if NAS is only doing LDAPS queries?
2. I want to use RADSEC instead of RADIUS for wifi authentication. FreeRADIUS website says that I need to use Proxy like HAProxy to do this. Is there a way to do this without Proxy? FreeRADIUS is on same IdM machine. I used wireshark and got RADIUS packet and saw hash of user password and RADIUS secret. Does not seem secure.

I'm at my wits end. I'm new to servers , as well as, Redhat but, in the past 2 days - I've learned alot. I'm so close I can see the light at the end of the tunnel. Basically have a kickstart file and I was able to make the kickstart img. Finally got it to the installation summary but, I have a problem with the installation source. The server auto-detected Sr0 and when I click verify, it passes the check. But, when I click done, it gets hung up and then fails "setting up installation source." I have no idea what's going on.

Some important information to note -

-Trying to use RHEL 9.2 Enterprise iso

I'm running redhat on a virtual box (on my laptop) that has my image and kickstart file on it. The laptop is directly connected to a Dell server and I'm using the gui to virtual media boot RedHat and the kickstart.

= CD/DVD - Redhat

= Floppy - Kickstart

- The server has no internet connection

- When it comes to anything in the kickstart about repositories, this is the only line of data I have =

"repo --name="AppStream" --baseurl=file:///run/install/sources/mount-0000-cdrom/AppStream"

If someone could give me some guidance, it would be much appreciated. If you require any additional info, I may be able to provide information.

​

Hi guys, I need some help in a little thing.
I am currently setting up a Kubernetes Cluster version 1.28.8 with Calico and Metallb configured.

So far everything is working fine except the external MetalLB Traffic gets rejected because it comes from another node i guess.

Log from 172.29.11.92 when trying to access my Ingress Resource:

filter_IN_public_REJECT: IN=ens192 OUT= MAC=00:50:56:a6:5a:5a:00:50:56:a6:8f:5e:08:00 SRC=172.29.11.90 DST=172.29.11.92 LEN=80 TOS=0x00 PREC=0x00 TTL=62 ID=22948 DF PROTO=4

Some notes:

All worker nodes are having two interfaces: ens192 for local traffic and ens224 for external traffic.
All nodes are running RHEL 9.
The Calico pod networking is working fine, it is working in bgp mode.
Metallb is configured with a IPAddressPool and a L2Advertisement.
The Calico Ippool is also configured.

When I disable firewalld, everything is working as expected. So I think it's just an nftable or firewalld thing which needs to be fixed.

Has anybody an idea what I am missing?

Thanks.

Hi,

I'm confused about some of the documentation regarding grub config updates, maybe you can help me.

In RHEL9, more specifically 9.3, after changing /etc/default/grub, is it required to update both regular and efi locations in /boot for grub.cfg, or just one of them depending if the boot is UEFI based or not?

I've read documentation that somehow suggests that with 9.3 we only need to update /boot/grub2/grub.cfg, and that should be enough also for EFI boots?

Thanks in advance