Techpository

Purpose
    Connect to the company Citrix environment through Citrix Receiver on Fedora/RHEL/Centos
Process

(1) Download the latest rpm receiver web package from Citrix: https://www.citrix.com/downloads/citrix-receiver/linux/receiver-for-linux-latest.html
(2) Open a terminal windows and goto your Downloads directory: ~/Downloads
(3) Type example: sudo rpm -ivh ICAClientWeb-rhel-13.10.0.20-0.x86_64.rpm

Since our certificate comes from GoDaddy citrix receiver is not aware of our companies certificate 

(4) Type the following: sudo vi /opt/Citrix/ICAClient/keystore/cacerts/\ Trust_Go\ Daddy\ Root\ Certificate\ Authority\ -\ G2
(5) Enter your password if needed
(6) Press i - in vi
(7) Copy and paste the following:
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE
AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD
E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH
/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy
DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh
GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR
tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA
AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX
WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu
9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr
gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo
2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI
4uJEvlz36hz1
-----END CERTIFICATE-----
(8) Select: ESC
(9) Type: :wq - Press Enhttps://www.citrix.com/downloads/citrix-receiver/linux/receiver-for-linux-latest.htmlter
(10) In a web browser goto https://citrix.companyname.com
(11) Login
(12) Select your application option - You should be prompted to open the ica file. Open with "Citrix Receiver Engine"
(13) If you do not want to be continually prompted select - "Do this automatically for files like this from now on."
(14) Click OK
(15) If you were already in the browser you are using you may have to close out and restart it.

When setting up Fedora 28 for enterprise login on installation there is a bug goes not allow root access for your enterprise user. As a result there is no way to sudo or su with out doing the following fix:

Open a shell in initrd, mount /sysroot as read-write and edit /sysroot/etc/group

Steps:
1. Reboot
2. In grub press "e" to edit the menu entry
3. Search for a line that starts either with linux16 or linuxefi and append the string " rd.break"
4. Press ctrl+x
5. Mount the /sysroot as read-write: mount -oremount,rw /sysroot
6. Open /sysroot/etc/group in a text editor
7. search for the line "wheel:x:10:" and append your user
8. You may run into selinux issues, so either set it to permissive (edit /sysroot/etc/selinux/config) or touch /sysroot/.autorelabel
9. reboot again
10. If in step 8 you set selinux to permissive, restorecon /etc/group and reset selinux back to enforcing and reboot again.

How to recover when /boot/grub2/grub.cfg and or the grub directories are missing.

RHEL 7

1. Re-install grub2:

grub2-install /dev/<disk name>


2. Create grub.cfg file:

grub2-mkconfig -o /boot/grub2/grub.cfg

3. Create device.map file if missing:

vi /boot/grub2/device.map

(hd0)   /dev/<disk name>


4. Reboot

== Process ==
===Adding a new ESXI host into satellite.===
 
 1. In VCENTER make certain that the new ESXi host has all of the appropriate setting configure:
 2. Select the server name
 3. Click on the configure tab
 4. Scroll down to Networking - TCP/IP Configuration
 5. On the right windows select the Defalt TCP/IP stack
 6. Click edit
 7. Fill out all parameters.  The most import field for it to show up in Satellite is the Domain.  It must have the full domain name here (eg. domainname.com)
 
===Purchase the needed Red Hat licenses===

===Assign license entitlements on the Red Hat Web Site===
 
 1. Log into the Red Hat Customer portal, Select Subscription Allocations
 2. Select the Satellite server name: atlantis.domainname.com
 3. Click on the Subscriptions tab
 4. Goto the Subscription Name of the product that the entitlement needs to be added
 5. Under Entitlements - Set the number of entitlemes you want to assign for that Subscription Name
 
===Download the new manifest into the Satellite server===
 
 1. In satellite goto click the Content tab then click Red Hat Subscriptions
 2. Click the Manage Manifest button  (Top Right)
 3. Click the Refesh Manifest button
 
===Configure virt-who===
 
 1. On the terminal of the Satellite server execute: nano /etc/virt-who.d/one.conf
 2. Under filter_hosts add the additional server(s) FQDN
 3. Save your changes
 4. Run the following commands:
        systemctl stop virt-who
        virt-who --one-shot
        systemctl start virt-who
 
===Attach licenses to hosts===
 
 1. Sometimes this will work automatically, but this is a good section to know in case you have to change any licensing also.
 2. In satellite goto click the Hosts tab
 3. Find the ESXi server name that was discovered by virt-who (eg. virt-who-vmdev.domainname.com)
 4. Click on the server name
 5. Click the Content button
 6. Click the Subscriptions tab and select Subscriptions
 7. If the Service Level is empty click Add
 8. Put a check mark next to the subscription you want to apply and click the Add Selected button
 9. Now under the List/Remove tab your subscription should show as applied to this server
 
===Enable notifications for hosts===

 1. In satellite goto click the Hosts tab
 2. Place a check mark next the the servers that need enabled
 3. Click the Select Action tab 
 4. Select Enable Notifications

./prd-b-scheduler 
#!/bin/bash

# request dates
echo
echo
echo -e "\033[5m*** PRD B Patching ***\033[0m"
echo
echo Welcome to the DEV server patching scheduler
echo Please be aware that these scripts setup the needed jobs for each environment.
echo Refer to wiki article https://itwiki.domainname.com/index.php/Satellite_Hosts_Updating_Process#Configuration_with_running_count
echo for detail times.
echo
echo -e "\033[1mPatch Date\033[0m"
echo What date are you running the patch?
echo Format: yyyy-mm-dd
        read patchdate
echo
echo -e "\033[1mPatch Time\033[0m"
echo Note: Add 4 hours to the time you want to run the job to convert from EST to UTC.
echo Your time must be between 00:00 and 23:59 UTC.
echo The suggested time in UTC would be 08:00.  All additional jobs for this environment will be scheduled before or after the main autoreboot job as needed.
echo -e What time in UTC would you like to run the main patch?
echo format hh:mm
        read patchtime

# Auto Reboot pull
file1="servers/prd-b-servers-main-autoreboot"
while IFS= read -r list1
do
        # display $line or do somthing with $line
	printf '%s\n' "$list1"
hammer job-invocation create --description-format "Prd-b server patching - auto reboot" --job-template "Patching: Full update - Auto reboot"  --search-query "$list1" --start-at "$patchdate $patchtime"
done <"$file1"

# UM and APIG Autoreboot time split 1
patchtime2=$(date -d "$patchtime today - 180 minutes" +'%H:%M')
echo "$patchtime2"

file2="servers/prd-b-servers-um-apig2-autoreboot"
while IFS= read -r list2
do
        # display $line or do somthing with $line
        printf '%s\n' "$list2"
hammer job-invocation create --description-format "Prd-b um-apig2 patching: full update - auto reboot" --job-template "Patching: Full update - Auto reboot"  --search-query "$list2" --start-at "$patchdate $patchtime2"
done <"$file2"


# UM and APIG Autoreboot time split 2
patchtime3=$(date -d "$patchtime today - 120 minutes" +'%H:%M')
echo "$patchtime3"

file3="servers/prd-b-servers-um-apig3-autoreboot"
while IFS= read -r list3
do
  	# display $line or do somthing with $line
        printf '%s\n' "$list3"
hammer job-invocation create --description-format "Prd-b um-apig3 patching: full update - auto reboot" --job-template "Patching: Full update - Auto reboot"  --search-query "$list3" --start-at "$patchdate $patchtime3"
done <"$file3"

# BAM server shutdown
patchtime4=$(date -d "$patchtime today - 45 minutes" +'%H:%M')
echo "$patchtime4"

file4="servers/prd-b-servers-bam-autoreboot"
while IFS= read -r list4
do
  	# display $line or do somthing with $line
        printf '%s\n' "$list4"
hammer job-invocation create --description-format "Prd-b patching: bam server (prd-b) application shutdown/update/reboot" --job-template "Patching: Bam server (QA/UAT/PRD) application shutdown/update/reboot"  --search-query "$list4" --start-at "$patchdate $patchtime4"
done <"$file4"

# BAM server startup
patchtime5=$(date -d "$patchtime today - 15 minutes" +'%H:%M')
echo "$patchtime5"

file5="servers/prd-b-servers-bam-autoreboot"
while IFS= read -r list5
do
  	# display $line or do somthing with $line
        printf '%s\n' "$list5"
hammer job-invocation create --description-format "Prd-b patching: bam server (prd-b) application startup - done after reboot" --job-template "Patching: Bam server (QA/UAT/PRD) application startup - Done after reboot"  --search-query "$list5" --start-at "$patchdate $patchtime5"
done <"$file5"