How RPC works?

What is it?
Ans : A means of communication between two tasks running on separate machines linked by a LAN. One machine can request a service, typically computation, from the other, by executing a high level request known as a language procedure call.

I have attached pictures one by one to get an idea....

Read More

How to configure NFSv4 with kerberos on linux?

Guys,

Please refer the following steps to do the same :

Used Environment :

kerberos(i.e NFSv4) server : RHEL 5.5, 64 bit arch
NFS client : RHEL 4, 64bit arch

Versions of the used packages :

krb5-workstation-1.6.1-55.el5
pam_krb5-2.2.14-18.el5
krb5-libs-1.6.1-55.el5
krb5-server-1.6.1-55.el5
krb5-libs-1.6.1-55.el5
pam_krb5-2.2.14-18.el5
cyrus-sasl-gssapi-2.1.22-5.el5_4.3
krb5-server-1.6.1-55.el5

Prerequisites :

Let hostname of the server machine is : vm12.gsslab.pnq.example.com
and
hostname of the client machine is : vm217.gsslab.pnq.example.com

---------
1. Time Synchronization: All machines that will participate in kerberos authentication must have a reliable, synchronized time source. Most large orgainization offer their own time sources. You can use the RHEL configuration tool system-config-time to set this up. So, time of both the server and clients will be same.

2. Hostnames : All hosts must have their hostname set to the fully qualified hostname as reported by DNS. Both forward and reverse mapping must work properly. Like :

[root@vm12 data]# hostname
vm12.gsslab.pnq.example.com
[root@vm12 data]# host vm12.gsslab.pnq.example.com
vm12.gsslab.pnq.example.com has address 10.65.211.12
[root@vm12 data]#

The host may be referenced by a CNAME, but the official host name (as reported by hostname) must be an ‘A’ record. This is important; if you don’t have this setup properly then some things will work, while other things will fail mysteriously. If the host name does not match the reverse DNS lookup, Kerberos authentication will fail.

3. Packages :

On client machine : Make it sure that following packages are installed on the client machines.

-------
krb5-libs
krb5-workstation
pam_krb5
cyrus-sasl-gssapi
-------

You can execute the following command to install the packages :

#up2date krb5-libs krb5-workstation pam_krb5 cyrus-sasl-gssapi

On server machine : Make it sure that following package is installed :

--------
krb5-server
--------

You can execute the following command to install it.

#yum -y install krb5-server


4. You should have all of your machines registered in DNS under one (or more) domains. In our case, our machines are in the "gsslab.pnq.example.com" domain. We also authenticate our supercomputers which are in the "vm12.gsslab.pnq.example.com" domain.

You need to choose a kerberos realm. A kerberos realm is completely different from a DNS domain, but in most cases you will want to use the same name. By convention, kerberos realms are all upper case. The kerberos realm is "GSSLAB.PNQ.EXAMPLE.COM". This realm serves both the gsslab.pnq.example.com and the vm12.gsslab.pnq.example.com DNS domains.

Server setup :--

5. Configuring Kerberos on the Server :

A) There are a number of files that have to be manually edited on the server :

Edit /etc/krb5.conf

The stock version of this file will have EXAMPLE.COM or example.com everywhere you want to put your own realm or domain name. The two sections in question are libdefaults and domain_realm. The other sections do not need to be changed. In libdefaults, enter your own kerberos realm name. You may want to set the clock skew to a lower value (provided you are synchronizing time with ntp). The file will look like :

---------
[root@vm12 ~]#cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = GSSLAB.PNQ.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
GSSLAB.PNQ.EXAMPLE.COM = {
kdc = vm12.gsslab.pnq.example.com:88
admin_server = vm12.gsslab.pnq.example.com:749
default_domain = gsslab.pnq.example.com
}

[domain_realm]
.gsslab.pnq.example.com= GSSLAB.PNQ.EXAMPLE.COM
gsslab.pnq.example.com = GSSLAB.PNQ.EXAMPLE.COM

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[root@vm12 ~]#
---------

B) Edit /var/kerberos/krb5kdc/kdc.conf

In this file, only the realms section needs to be modified. It is important to change the key types as well. I can confirm that the setting below work perfectly in our environment. You may want to decide on appropriate values for the maximum life of each ticket, and for how long each ticket can be renewed. Reasonable values are 1 day and 1 week but your needs will vary. The values here are the absolute maximum that the KDC will issue. Each principal has its own maximum as well. File will look like :

------
[root@vm12 ~]# cat /var/kerberos/krb5kdc/kdc.conf
[kdcdefaults]
v4_mode = nopreauth
kdc_tcp_ports = 88

[realms]
GSSLAB.PNQ.EXAMPLE.COM = {
#master_key_type = des3-hmac-sha1
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
[root@vm12 ~]#
------

C) Edit /var/kerberos/krb5kdc/kadm5.acl :

This file determines who can modify the kerberos database. You need to change the realm. File will look like :

-------
[root@vm12 ~]# cat /var/kerberos/krb5kdc/kadm5.acl
*/admin@GSSLAB.PNQ.EXAMPLE.COM *
[root@vm12 ~]#
-------

D) Make sure /etc/gssapi_mech.conf looks like :

-----
[root@vm12 ~]# cat /etc/gssapi_mech.conf
# library initialization function
# ================================ ==========================
# The MIT K5 gssapi library, use special function for initialization.
libgssapi_krb5.so.2 mechglue_internal_krb5_init
#
[root@vm12 ~]#
-----

E) Create the Kerberos database :

Execute the following command :

------
[root@vm12 ~]# kdb5_util -r GSSLAB.PNQ.EXAMPLE.COM create -s
------

This will prompt you for a password. You will only have to enter this password when you initially configure a slave KDC, so choose something large and random and store it in a secure place. Really, you may only have to enter this once more, so make it secure.

F) Add the first Administrative User :

I do administration as root, so the first user I add is root/admin. The default realm is appended automatically, so the command to use is as follows :

------
[root@vm12 ~]# kadmin.local -q "addprinc root/admin"
------

Enter a password when prompted. You will need this password every time you administer the database.

G) At this point it is necessary to enable and start the kerberos services :

-----
[root@vm12 ~]#chkconfig kadmin on
[root@vm12 ~]#service kadmin start
[root@vm12 ~]#chkconfig krb5kdc on
[root@vm12 ~]#service krb5kdc start
-----

To test if everything is working, execute "kadmin" or "kadmin.local". By default, the current user appended with ‘/admin’ is used as the principle.

[root@vm12 ~]# kadmin
Authenticating as principal root/admin@GSSLAB.PNQ.EXAMPLE.COM with password.
Password for root/admin@GSSLAB.PNQ.EXAMPLE.COM: //Please enter admin password
kadmin: listprincs
K/M@GSSLAB.PNQ.EXAMPLE.COM
host/vm12.gsslab.pnq.example.com@GSSLAB.PNQ.EXAMPLE.COM
host/vm217.gsslab.pnq.example.com@GSSLAB.PNQ.EXAMPLE.COM
kadmin/admin@GSSLAB.PNQ.EXAMPLE.COM
kadmin/changepw@GSSLAB.PNQ.EXAMPLE.COM
kadmin/history@GSSLAB.PNQ.EXAMPLE.COM
kadmin/vm12.gsslab.pnq.example.com@GSSLAB.PNQ.EXAMPLE.COM
kmaiti@GSSLAB.PNQ.EXAMPLE.COM
krbtgt/GSSLAB.PNQ.EXAMPLE.COM@GSSLAB.PNQ.EXAMPLE.COM
nc@GSSLAB.PNQ.EXAMPLE.COM
nfs/vm12.gsslab.pnq.example.com@GSSLAB.PNQ.EXAMPLE.COM
nfs/vm217.gsslab.pnq.example.com@GSSLAB.PNQ.EXAMPLE.COM
root/admin@GSSLAB.PNQ.EXAMPLE.COM
kadmin:

The additional principles have been created by the tool. They are required so leave them be.

H) Create a Host Principal for the KDC :

Now you will want to create a host principal for the KDC. This is required for replication (see below). You also need to add this principal to the local key table.

-----
[root@vm12 ~]# kadmin
Authenticating as principal root/admin@GSSLAB.PNQ.EXAMPLE.COM with password.
Password for root/admin@GSSLAB.PNQ.EXAMPLE.COM:
kadmin: addprinc -randkey host/vm12.gsslab.pnq.example.com //Execute this command. Don't forget to replace the hostname.
kadmin: ktadd host/vm12.gsslab.pnq.example.com // Adding key for the host.
-----

I) Setup the default Policy :

-----
[root@vm12 ~]# kadmin
Authenticating as principal root/admin@GSSLAB.PNQ.EXAMPLE.COM with password.
Password for root/admin@GSSLAB.PNQ.EXAMPLE.COM:
kadmin: add_policy -maxlife 180days -minlife 2days -minlength 8 -minclasses 3 -history 10 default //Execute this line.
-----

You can also add other policies and apply different policies to different principals. You can also change the Maximum Renewal Time.

K) Creating Kerberos Principals for client :

Run kadmin on the server and create the following principals. Replace vm217.gsslab.pnq.example.com with the fully qualified name of the client machine.

-----
[root@vm12 ~]# kadmin
Authenticating as principal root/admin@GSSLAB.PNQ.EXAMPLE.COM with password.
Password for root/admin@GSSLAB.PNQ.EXAMPLE.COM:
kadmin: addprinc -randkey nfs/vm217.gsslab.pnq.example.com
-----


L) Generate key in the keytab file for the admin and this will be saved in /var/kerberos/krb5kdc/kadm5.keytab since this has been mentioned in /var/kerberos/krb5kdc/kdc.conf. Use following commands :

-----
[root@vm217 ~]# mv /etc/krb5.keytab /etc/krb5.keytab.bk
[root@vm217 ~]# kadmin
Authenticating as principal root/admin@GSSLAB.PNQ.EXAMPLE.COM with password.
Password for root/admin@GSSLAB.PNQ.EXAMPLE.COM:
kadmin: ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/kadmin //Execute these commands
kadmin: ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/changepw
-----

M) Make it sure that ports 88 and 749 has opened at the firewall. Restart the firewall, kadmin and krb5kdc services.


Client Setup :--

a). Copy Files :

Copy the file /etc/krb5.conf from server(Kerberos server) to client machine.

b). Make it sure that ports 88 and 749 has opened at the firewall. Restart the firewall.
c). Create Kerberos Principals :

Execute "kadmin" command on the client konsole. Add the principal to the keytab file as follows for NFS.

-----
[root@vm217 ~]# kadmin
Authenticating as principal root/admin@GSSLAB.PNQ.EXAMPLE.COM with password.
Password for root/admin@GSSLAB.PNQ.EXAMPLE.COM:
kadmin: ktadd -e des-cbc-crc:normal nfs/vm217.gsslab.pnq.example.com
-----

6) Configuring kerberos for NFSv4(Assuming that NFSv4 has been installed on the server ) :-

On the kerberos(i.e NFSv4) server :-

A). Create the necessary entries in /etc/exports. First, create an NFSv4 mount point. I would suggest /export. Next bind the real path to the NFSv4 mount point. In this example, we want to export the /data directory. We create /export/data for NFSv4 and mount /data there.

-----
[root@vm12 /]#mkdir -m 1777 /export
[root@vm12 /]#mkdir /export/data
[root@vm12 /]#mount -n --bind /data /export/data
-----

B) Add the following lines in the /etc/exports file :

-----
/export gss/krb5(sync,rw,fsid=0,insecure,no_subtree_check,anonuid=65534,anongid=65534)
/export/data gss/krb5(sync,rw,nohide,insecure,no_subtree_check,anonuid=65534,anongid=65534)
-----

B) Modify /etc/idmapd.conf and it'll look like :

-----
[root@vm12 /]# cat /etc/idmapd.conf
[General]

Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = gsslab.pnq.example.com

[Mapping]

Nobody-User = nfsnobody
Nobody-Group = nfsnobody

[Translation]
Method = nsswitch
[root@vm12 /]#
-----

C) Make the value of SECURE_NFS to yes in /etc/sysconfig/nfs :

To enable secure NFS, you must add the following line to /etc/sysconfig/nfs

-----
SECURE_NFS=yes
-----

That's it.

Testing :

On client machine issue the following command to mount the exporting directory of the server :

------
#mount -t nfs4 -o sec=krb5 vm12.gsslab.pnq.example.com:/ /mnt
------

Now create the files inside the /data directory on the server and view the files inside /mnt directory on the client machine.

Note : NFS daemons looks like on the server :

------
[root@vm12 /]# service nfs status
rpc.svcgssd (pid 8974) is running...
rpc.mountd (pid 8994) is running...
nfsd (pid 8991 8990 8989 8988 8987 8986 8985 8984) is running...
rpc.rquotad (pid 8979) is running...
[root@vm12 /]
------


Try :)

Read More

How to install and configure NIS server, client and NIS slave machine?

How to install and configure NIS server, client and NIS slave machine?

Lets first configure NFS server and client :-

NFS server installation and configuration(For NFSv2 and 3) :

Environment : RHEL 5

--------
1. #yum install nfs-utils
--------
The nfs-utils package provide a daemon for the kernel NFS server and related tools. The daemons are "portmap", "nfslock" and "nfs". Once installation is complete, please do the following :

2. Service start :
--------
#service portmap start
#service nfslock start
#service nfs start
#chkconfig portmap on
#chkconfig nfslock on
#chkconfig nfs on
--------

3. modify /etc/exports file, add following lines into it. Note that /home will be exported to all from the server.

-------
/home *(rw,sync,all_squash)
-------

4. Execute the following command to export without restarting the service :

------
#exportfs -va
------

5. Check whether it has exported or not :

------
#showmount -e
------

6. Check status and daemons :

-------
#nfsstat
#rpcinfo -p localhost
-------

NFS client setup and configuration :

1. Install nfs-utils on client like :

----
#yum install nfs-utils
----

Here necessary daemons are portmap and nfslock.

2. Start them and make chkconfig:

-----
#service portmap start
#service nfslock start
#chkconfig portmap on
#chkconfig nfslock on
-----

3. Check NFS server from the client :

------
#showmount -e nfs_server_IP
------

4. mount -t nfs nfs_server_IP:/home /home

Note that last /home is a directory on the client machine and forst :/home on the NFS server and that has been mounted.

Thats't it. Now create any file inside the /home on NFS server and check the /home on client. It will be created.

======================

Note : autofs has been introduced to make automount the NFS shared directory. This is basically a daemon which calls the binary automount to automatically mount the remote drive. If you configure this daemon additionally you don't need to manualy mount the directory. Here are the steps to configure that daemon :

On client machine :
------
1. #yum install autofs
------

2. vi /etc/auto.master and add the following line (This is an example on my m/c)

------
/home /etc/auto.home --timeout 600
------

3. vi /etc/auto.home //Note that naming will be like that (starting with auto.somthing)

-----
* -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp IP_of_NFS_server:/home/&
-----

here "*" is subdirectory or key value that will be mounted to /home/& (ie auto temorary created user home). As an example mapping will be like :

NFS_server_IP:/home/user_on_nfs_server to /home/user_on_nfs_client with the above options.

4. That's it. Save the file and restart and chkconfig the autofs like :

-----
#service autofs restart
#chkconfig autofs on
-----

That's it.

=======================
For NFSv4 : You need to install following packages on the NFS server :

On server continuing...
1.
----
nfs-utils
portmap
nfs4-acl-tools
----

Install them using yum like

----
#yum install nfs-utils nfs4-acl-tools portmap
----

2. Use the option fsid=0 in the /etx/exports file. Export a directory over NFS v4. NFSv4 has a concept of a root of the overall exported filesystem. The export point exported with fsid=0 will be used as this root.For example, if you got /sales/mumbai, /sales/pune subdir, then client would see them as /mumbai and /pune directory. Please note that this can only export one directory with the fsid=0 option.

Start NFS service as above.

On NFSv4 Client Configuration :

1. mount the remote directory using file type : -t nfs4 like > mount -t nfs4 servername:/home /home

These are the difference with NFSv3 and 4.

And NFSv4 has following advantages :

1. Performance improvements
2. Mandates security and ACL
3. NFS v4 by default works over TCP s
4. Easy to setup firewall option

======================

Installing and configuring NIS server :

1. Install following packages on NIS server like :

----
#yum -y install ypserv ypbind portmap yp-tools
----

2. Edit /etc/sysconfig/network File

----
NISDOMAIN="vm156.gsslab.pnq.example.com"
----

3. Edit /etc/yp.conf File

----
ypserver 127.0.0.1
----

4. Start The Key NIS Server Related Daemons :

-----
#for i in portmap yppasswdd ypserv ; do service $i start; chkconfig $i on; done
-----

5. Check the daemons :

-----
#rpcinfo -p localhost
-----

6. Initialize NIS Domain :

-----
#updatedb; locate ypinit
#/usr/lib64/yp/ypinit -m
-----

Press Ctrl+D and press "y".

7. Start The ypbind(For making bind with the client) and ypxfrd(For making mapping more faster) Daemons :

------
#service ypbind start
#service ypxfrd start
#chkconfig ypbind on
#chkconfig ypxfrd on
------

8. Check the daemons whether they are running : #rpcinfo -p localhost
9. Adding New NIS Users on NIS server :

------
#useradd -g mynisgroup mynisuser
#passwd mynisuser
#cd /var/yp; make
------

here make will update the authentication files of the NIS.

10. Check to see if the user's authentication information has been updated by using the ypmatch command like : ypmatch mynisuser passwd; getent passwd mynisuser

-------------------------

Configuring The NIS Client :

1. Install following packages on the client machine.

----
ypbind
yp-tools
----

2. execute the command :

----
#authconfig-tui
----

Go to NIS authentication and press TAB key to select it. Then press NEXT. Now it'll ask for NISDOMAIN and IP of th NIS server. Provide these here and press OK.

3. Make sure following files has been updated like :
/etc/yp.conf , /etc/sysconfig/network and /etc/nsswitch.conf

Example on my system :

------
[root@vm91 yp]# cat /etc/yp.conf |grep domain
domain vm156.gsslab.pnq.example.com server 10.65.211.156
[root@vm91 yp]#
------
[root@vm91 yp]#cat /etc/sysconfig/network
NISDOMAIN=vm156.gsslab.pnq.example.com
[root@vm91 yp]#

[root@vm91 yp]# cat /etc/nsswitch.conf|egrep "group|passwd|shadow"
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files nis
shadow: files nis
group: files nis
netgroup: files nis
[root@vm91 yp]#

4. Start The NIS Client Related Daemons :

------
#service portmap start
#service ypbind start
#chkconfig ypbind on
#chkconfig portmap on
------

5. Verify Name Resolution of the hostname :
vi /etc/hosts
------
IP_of_NIS_server hostname_name_of_NIS_server
IP_of_NIS_client hostname_name_of_NIS_client
------

6. Testing NIS server from NIS client : Execute follwoign command which will give correct o/p :

-----
#ypcat passwd
-----

Like :

[root@vm91 yp]# ypcat passwd
mynisuser:$1$R5H0B1OS$iunkOZOibH097ohZlOOsT0:500:100::/home/mynisuser:/bin/bash
[root@vm91 yp]#

7. Finally access the account from NIS client :

Logging In Via SSH
-----
#ssh -l mynisuser IP_of_NIS_client //client will access nis server and mount the home directory of the user.
-----

You'll see home directory has been mounted to the client machine.

That's it.

================================

NIS slave configuration :

1. Install follwoing packages on slave machine :

-----
ypserv
ypbind
portmap
yp-tools
-----

2. On NIS master : vi /etc/hosts and add NIS slave IP and name

-----
slave_IP slave_host_name
-----

3. On NIS slave : vi /etc/hosts and add NIS master IP and name

------
NIS_master_IP master_name
------

4. On both master and slave following file content will be same :

cat /etc/yp.conf
-----
ypserver 127.0.0.1
-----
cat /etc/sysconfig/network

----
NISDOMAIN="nis_domain_name"
----

5. Run following daemon like :

-----
#for i in portmap ypbind ypxfrd ; do service $i start; chkconfig $i on; done
-----

6. Test database query from slave to master like :

------
#ypwhich -m
------

You'll get like :

-----
[root@vm91 yp]# ypwhich -m
mail.aliases vm156.gsslab.pnq.example.com
ypservers vm156.gsslab.pnq.example.com
hosts.byaddr vm156.gsslab.pnq.example.com
group.byname vm156.gsslab.pnq.example.com
netid.byname vm156.gsslab.pnq.example.com
rpc.byname vm156.gsslab.pnq.example.com
group.bygid vm156.gsslab.pnq.example.com
passwd.byname vm156.gsslab.pnq.example.com
protocols.bynumber vm156.gsslab.pnq.example.com
passwd.byuid vm156.gsslab.pnq.example.com
rpc.bynumber vm156.gsslab.pnq.example.com
services.byservicename vm156.gsslab.pnq.example.com
protocols.byname vm156.gsslab.pnq.example.com
hosts.byname vm156.gsslab.pnq.example.com
services.byname vm156.gsslab.pnq.example.com
[root@vm91 yp]#
-----

7. Download initial db from master :

----
#/usr/lib64/yp/ypinit -s IP_nis_master
----

8. Now that the data has been successfully downloaded, it's time to make the slave server serve NIS clients with ypserv.

-----
#service ypserv start
-----

9. Go to nis master and vi /var/yp/ypservers. add the slave name or ip like :

-----
[root@vm156 mynisuser]# cat /var/yp/ypservers
vm156.gsslab.pnq.example.com
vm91.gsslab.pnq.example.com
[root@vm156 nisuser]#
-----

10 Do followings on master :

-----
#cd /var/yp
#cp Makefile Makefile.old
#vi /var/vp/Makefile and set following :
NOPUSH=false
#make
-----

Here make command automatically pushes database updates to the servers listed in the /var/yp/servers file.

11. set cron to sync the slave with master like :

-----
vi /etc/cron.d/nis_sync

20 * * * * /usr/lib64/yp/ypxfr_1perhour
40 6 * * * /usr/lib64/yp/ypxfr_1perday
55 6,18 * * * /usr/lib64/yp/ypxfr_2perday
-----

12 Atlast configure all the clients with the slave as well as master:

like :

----
Edit the /etc/yp.conf file on all the clients to include nisslave, and restart ypbind.

domain nis_domain_name server nis_master_ip
domain nis_domain_name server nis_slave_ip
-----

#service ypbind restart.

that's all.....

Client can change their password using the command : yppasswd


try :)

Read More

How to exclude packages in yum.conf ?

Guys,

vi /etc/yum.conf and append following line :

----
exclude=pkgname*
----

Then save it and execute : #yum update

Example :

----
exclude=php* kernel*
----
exclude=gdm grub
----

Try :)

Read More

/usr/bin/ld: cannot open output file mplayer: Is a directory

Guys,

I got the same error message when I was compiling mplayer. I traced the system call but didn't get any clue at the first attempt. It was same o/p as it is at the subject like :

-----
wait4(-1, /usr/bin/ld: cannot open output file mplayer: Is a directory
-----

"ld" binary is basically makes link with various object file and at the end of the compilation it usually does it. It was linking other object files with mplayer binary but there was a mplayer directory inside the current directory. That's made this error. I have renamed the directory and copied the mplayer binary from the renamed directory to the current directory. Then successfully recompiled and installed the mplayer.

Try :)

Read More

Fatal Python error: pycurl: libcurl link-time version is older than compile-time version

Guys,

I got the same error messages when I was installing another packages using yum. However to sort it out this error it took around 4 hours. As per the error message I know that old libcurl is being used rather than compiled libcurl. The reason is that I had to installed curl using source and I knew that curl already existed. My intention was to install updated curl on my WS. However, this made the problem to use the pycurl. Yum uses python-pycurl and curl depends on libcurl. This is the basic scenario. I sated this so that you can also sort it out this type issues by yourself using basic concept.

Here are the steps that I followed.

Issue :

#yum update

Fatal Python error: pycurl: libcurl link-time version is older than compile-time version
Aborted

Environment :

Affected m/c : RHEL 6 workstation, 64 bits,
libcurl.so.4.1.1 copied from RHEL 6 server, 64 bits
used Pkg : libcurl-7.19.7-16.el6.x86_64


1.
------------
# locate libcurl
------------

2. Then removed/renamed all the libraries of libcurl.

3.

------------
#cd /usr/lib64/
#ln -s libcurl.so.4 libcurl.so.4.1.1
------------

4. Copied libcurl.so.4.1.1 from remote RHEL 6 server :

------------
#cd /usr/lib64/
#scp -r root@remote_RHEL6_server_ip:/usr/lib64/libcurl.so.4.1.1 ./
------------

5. Checked md5sum of the files on both machine(You'll get a md5 ID and both will be same. This is to make it sure that data has not been lost. If both IDs are different then data has corrupted or lost. Need to copy in another way) :

------------
#md5sum libcurl.so.4.1.1
------------

6.

-----
#cd /usr/local/src/
-----

Download libcurl-7.19.7-16.el6.x86_64 from the internet inside the above directory like :

-------
#wget url_of_the_above_package
-------

7.

-------
#rpm -Uvh libcurl-7.19.7-16.el6.x86_64.rpm
-------

8.

-------
#updatedb
#ldconfig
-------

9. Now, you need to register your machine(if RHEL) with the RHN repo. Just execute following command and provide your RHN login details and proceed.

-------
#rhn_register
-------

10. Once you re-register the system execute the following command :

-------
#yum clean all
#yum -y upgrade yum yum-rhn-plugin;
#yum update
-------

11. Now you can install your desired package.

===========

That's it. Try :)

Read More

How to chroot(change root) for all user on linux?

Env :
SSH : 4.3p2
Linux : RHEL 5.5
Kernel : 2.6.18-194.32.1.el5
Arch : 64 bit

BE VERY CAREFUL BEFORE DOING THIS :
Here is what I did :

On SSH server :

1. Add the following in /etc/ssh/sshd_config

ChrootDirectory /test

2.

# mkdir /test
# cd /test; mkdir bin lib64 [ on 32 bit server create 'lib' instead of lib64 ]
# cp /bin/bash /test/bin

# ldd /bin/bash
libtermcap.so.2 => /lib64/libtermcap.so.2 (0x000000387f800000)
libdl.so.2 => /lib64/libdl.so.2 (0x000000387fc00000)
libc.so.6 => /lib64/libc.so.6 (0x000000387f400000)
/lib64/ld-linux-x86-64.so.2 (0x000000387f000000)

Then copy all libraries under /lib64 to /test/lib64/ [ for example # cp /lib64/libtermcap.so.2 /test/lib64/ ]

3. If customer want to use 'ls' command in chrooted environment, repeat the same steps for ls too.

4. Restart sshd server like : /etc/init.d/sshd restart

Try :)

Read More