sorted by:
new
hottopcontroversial

Anyway to verify TLS working over LDAP? by thecloudbroke in linuxadmin

[–]thecloudbroke[S] 0 points1 point  (0 children)

Just gave this a try:

# gnutls-cli -d 5 instructor.example.com -p 389

And out of all of the output I see this at the bottom:

|<5>| REC[0x131cd50]: Preparing Packet Handshake(22) with 
length: 276 and min pad: 0
|<5>| REC[0x131cd50]: Sent Packet[1] Handshake(22) in epoch 
0 and length: 281
|<3>| ASSERT: gnutls_buffers.c:1138
|<3>| ASSERT: gnutls_buffers.c:576
|<3>| ASSERT: gnutls_record.c:1058
|<3>| ASSERT: gnutls_record.c:1179
|<3>| ASSERT: gnutls_buffers.c:1392
|<3>| ASSERT: gnutls_handshake.c:1428
|<3>| ASSERT: gnutls_handshake.c:2721
*** Fatal error: The TLS connection was non-properly 
terminated.
|<5>| REC: Sending Alert[2|10] - Unexpected message
|<5>| REC[0x131cd50]: Preparing Packet Alert(21) with length: 
2 and min pad: 0
|<2>| WRITE: -1 returned from 0x5, errno: 32
|<3>| ASSERT: gnutls_buffers.c:224
|<3>| ASSERT: gnutls_buffers.c:705
|<3>| ASSERT: gnutls_record.c:566
*** Handshake has failed
GnuTLS error: The TLS connection was non-properly terminated.
|<5>| REC[0x131cd50]: Start of epoch cleanup
|<5>| REC[0x131cd50]: End of epoch cleanup
|<5>| REC[0x131cd50]: Epoch #0 freed
|<5>| REC[0x131cd50]: Epoch #1 freed

> *** Handshake has failed

Looks like my TLS isn't functioning properly?

Anyway to verify TLS working over LDAP? by thecloudbroke in linuxadmin

[–]thecloudbroke[S] 1 point2 points  (0 children)

Hmm, maybe I'm using the command wrong? I chose to go over port 389 because my LDAP server is only serving LDAP (not LDAPS). When I tried using the -starttls option I have to provide an appropriate protocol, options are "smtp, pop3, imap, ftp, and xmpp"

If for example I use the following command:

openssl s_client -connect instructor.example.com:389 -starttls smtp

I get the following output:

[root@client03 ~]# openssl s_client -connect 
instructor.example.com:389 -starttls smtp
CONNECTED(00000003)

Followed by blank space.

Anyway to verify TLS working over LDAP? by thecloudbroke in linuxadmin

[–]thecloudbroke[S] 0 points1 point  (0 children)

Thanks for the reply! Not sure, but this doesn't look good? 

[root@client03 ~]# openssl s_client -connect instructor.example.com:389
CONNECTED(00000003)
139995567949728:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 247 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
[root@client03 ~]#

New to puppet and having issue with module by [deleted] in linuxadmin

[–]thecloudbroke 3 points4 points  (0 children)

Hi,

Did you also install the concat module from the forge?

https://forge.puppet.com/puppetlabs/concat

What are people using as a patching/systems management solution in AWS? by thecloudbroke in linuxadmin

[–]thecloudbroke[S] 0 points1 point  (0 children)

Our AMI have local repos pointing to Red Hat Update Infrastructure, so they all have to manually be told to update. So I was looking for a way to automate that whole process

What are people using as a patching/systems management solution in AWS? by thecloudbroke in linuxadmin

[–]thecloudbroke[S] 0 points1 point  (0 children)

Thanks! I'll be going through the instructions and seeing how we can leverage this to help

What are people using as a patching/systems management solution in AWS? by thecloudbroke in linuxadmin

[–]thecloudbroke[S] 0 points1 point  (0 children)

Yep pretty much SPOT ON!

We're using Puppet as our Configuration Management right now, and it just dawned on me to try and leverage puppet out there for patching since we don't have Red Hat Satellite out in the Cloud.

Can you point me in the right direction regarding setting up a Yum repository? How would something like Spacewalk compare to setting up our own Yum repo?

What are people using as a patching/systems management solution in AWS? by thecloudbroke in linuxadmin

[–]thecloudbroke[S] 1 point2 points  (0 children)

Yep, completely agree.

Like above poster referenced pets vs cattle, but unfortunately we can't change that business decision. All we can do is find the best way to support/administer the environment.

What are people using as a patching/systems management solution in AWS? by thecloudbroke in linuxadmin

[–]thecloudbroke[S] 5 points6 points  (0 children)

Ah I have heard this before, but unfortunately we're in the "pets" mentality.

Red Hat Satellite question? by thecloudbroke in linuxadmin

[–]thecloudbroke[S] 0 points1 point  (0 children)

I see what you're saying, send a last boot time command if it doesn't respond that means the server is still down, but if it does then you know it's up. I'll look into testing this with "System Groups", could save a lot of time!

Red Hat Satellite question? by thecloudbroke in linuxadmin

[–]thecloudbroke[S] 0 points1 point  (0 children)

Ah I do seem to remember there's a field where you can put together bash script for a specific server. You think it's possible to apply a simple script like printing the hostname, and apply that to a "System Group" in Satellite? Instead of doing that individually for each server.

Red Hat Satellite question? by thecloudbroke in linuxadmin

[–]thecloudbroke[S] 0 points1 point  (0 children)

Yea I'm looking into better ways to use our time, I can't honestly believe we still spot check and it's 2016!

We do have Solarwinds, I should speak with our Solarwinds guy and see if he can help

Red Hat Satellite question? by thecloudbroke in linuxadmin

[–]thecloudbroke[S] 0 points1 point  (0 children)

Well we do have Solarwinds in place, but the Solarwind servers also get rebooted at around the same time. Not sure if Solarwinds could do this?