If a servers that was already on Satellite has a certificate change this will break Satellites ability to send remote execution jobs from foreman.The fix is to manually remove the know_hosts key for the problem server from the foreman-proxy’s know_hosts file.
vim /usr/share/foreman-proxy/.ssh/know_hosts /servername #search for the server
dd #To delete the server info from the file
This document describes the configuration needed to clean up a RHEL 7 virtual machine before turning it into a template for cloning.Process for Cloning Redhat servers.
1. Using Vi or Nano, replace the old server name with the new one in the following files:Look for hostname= (I use the name of the template)/root/./anaconda-ks.cfg/root/./initial-setup-ks.cfg
2. Shut down the following services:service rsyslog stopservice auditd stop
3. Delete uneeded temp files:rm –rf /tmp/*rm –rf /var/tmp/*
4. If it exists remove the persistent-net rules file.rm -f /etc/udev/rules.d/70-persistent-net.rules
5. Remove the HWADDR and Static IP lines from /etc/sysconfig/network-scripts/ifcfg-eth[x]It is a good Idea to remove the UUID
6. Remove the ssh configuration files. These will be automatically recreated.rm -rf /etc/ssh/ssh_host_*
7. Force SElinux to relabel and not reject changestouch /.autorelabel
8. Clear the machine IDtruncate -s0 /etc/machine-id
9. If using puppet- On clientsystemctl stop puppetfind /etc/puppetlabs/puppet/ssl -name servername.domainname.com.pem -delete
– On puppet serverpuppet cert clean servername.domainname.com
10. If using katellomv /etc/rhsm/facts/katello.facts /tmp
11. Configure the initial graphical setup for nameing and IPing the server.echo “RUN_FIRSTBOOT=YES” > /etc/sysconfig/firstbootsystemctl enable initial-setup
12. Clear history:history -c
13. Shutdown system:shutdown -h now
Fedora by default gives the home directory too much space and you may run out of space on your root partition. In this example we will shrink home and give the space to root.
Start sizesvolume 465 GBhome = 407 GBroot = 50 GBswap = 8 GB
Boot computer using an external boot OSsudo su -fdisk -l
find the LUKS volume. It is likely /dev/sda3
cryptsetup luksOpen /dev/sda3 cryptdiskenter your password:
pvdisplayvgdisplaylvdisplay
scan the volume you are wanting to shrinke2fsck -f /dev/vgroupname/home
Make home 350 GBlvresize –resizefs –size 350G /dev/vgroupname/home
Make root 100GBlvresize -l +100%FREE /dev/vgroupname/root
Check File Systemse2fsck -f /dev/vgroupname/homee2fsck -f /dev/vgroupname/root
Final sizesvolume 465 GBhome = 350 GBroot = 100 GBswap = 8 GB
Find the md device assingmentdf -l
Query what disks are being usedmdadm –detail /dev/md0
shutdown the arraymdadm –stop /dev/md0
***note – if you prematurely stop the md array you can use the folling command to restart it. mdadm –assemble –scan
zero out the superblock for each drivemdadm –zero-superblock /dev/sdc(…)
Unmount the deviceumount /dev/md
1. Determining the underlying deviceRun the following command to determine the underlying device for the LUKS device:
cryptsetup status cryptvol/dev/mapper/cryptvol is active. type: LUKS1 cipher: aes-cbc-essiv:sha256 keysize: 256 bits device: /dev/mapper/datavg-lv_cryptvol offset: 4096 sectors size: 4190208 sectors mode: read/write
2. Delete existing key on the deviceTo remove an existing key from LUKS device, use cryptsetup luksRemoveKey command on the device from above command:
cryptsetup luksRemoveKey /dev/mapper/datavg-lv_cryptvol If using md0 – cryptsetup luksRemoveKey /dev/md0Enter LUKS passphrase to be deleted:
WARNING!========This is the last keyslot. Device will become unusable after purging this key.
Are you sure? (Type uppercase yes): YES
3. Delete the LUKS deviceOnce you have deleted the keys from device, you can delete the device using cryptsetup remove command.
cryptsetup remove /dev/mapper/cryptvol
4. Remove the LVM volumeIn this case, the logical volume device can also be removed so that the space is freed for other logical volumes within the volume group to utilize.
lvremove /dev/mapper/datavg-lv_cryptvol
Note: If the name of the LUKS device is unknown use the blkid command to determine the corresponding devices.
blkid /dev/mapper/datavg-lv_cryptvol: UUID=”c33892eb-c89e-435e-80cc-e0fb1c64838e” TYPE=”crypto_LUKS” /dev/mapper/cryptvol: UUID=”0b3cf4e6-14b4-4e93-a24b-98bd3b9e71ce” TYPE=”ext4″