Operating System

Fixing the oc and Red Hat OpenShift install “not downloaded” error on macOS

Fixing the oc and Red Hat OpenShift install “not downloaded” error on macOS

donschenck
By Don Schenck

I recently decided to use my macOS machine to create a Red Hat OpenShift cluster. After downloading the openshift-install command-line tool and running it, however, I received the following error:

(Yes, I know the above error is related to the oc command, but it also threw the error and, after I fixed the openshift-install command, I was unable to “unfix” it.)

Continue reading “Fixing the oc and Red Hat OpenShift install “not downloaded” error on macOS”

Share
Managing JBoss EAP/Wildfly using Jcliff

Managing JBoss EAP/Wildfly using Jcliff

ablockrpelisse
By Andrew Block and Romain Pelisse

Systems management can be a difficult task. Not only does one need to determine what the end state should be but, more importantly, how to ensure systems attain and remain at this state. Doing so in an automated fashion is just as critical, because there may be a large number of target instances. In regard to enterprise Java middleware application servers, these instances are typically configured using a set of XML based files. Although these files may be manually configured, most application servers have a command-line based tool or set of tools that abstracts the end user from having to worry about the underlying configuration. WebSphere Liberty includes a variety of tools to manage these resources, whereas JBoss contains the jboss-cli tool.

Although each tool accomplishes its utilitarian use case as it allows for proper server management, it does fail to adhere to one of the principles of automation and configuration management: idempotence. Ensuring the desired state does not equate to executing the same action with every iteration. Additional intelligence must be introduced. Along with idempotence, another core principle of configuration management is that values be expressed declaratively and stored in a version control system.

Jcliff is a Java-based utility that is built on top of the JBoss command-line interface and allows for the desired intent for the server configuration to be expressed declaratively, which in turn can be stored in a version control system. We’ll provide an overview of the Jcliff utility including inherent benefits, installation options, and several examples showcasing the use.

Continue reading “Managing JBoss EAP/Wildfly using Jcliff”

Share
Verifying signatures of Red Hat container images

Verifying signatures of Red Hat container images

flozano
By Fernando Lozano

Security-conscious organizations are accustomed to using digital signatures to validate application content from the Internet. A common example is RPM package signing. Red Hat Enterprise Linux (RHEL) validates signatures of RPM packages by default.

In the container world, a similar paradigm should be adhered to. In fact, all container images from Red Hat have been digitally signed and have been for several years. Many users are not aware of this because early container tooling was not designed to support digital signatures.

In this article, I’ll demonstrate how to configure a container engine to validate signatures of container images from the Red Hat registries for increased security of your containerized applications.

Continue reading “Verifying signatures of Red Hat container images”

Share
Introducing debuginfod, the elfutils debuginfo server

Introducing debuginfod, the elfutils debuginfo server

amerey
By Aaron Merey

Because bugs are inevitable, developers need quick and easy access to the artifacts that debugging tools like Systemtap and GDB depend on, which are typically DWARF (Debugging With Attributed Record Formats) debuginfo or source files. Accessing these resources should not be an issue when debugging your own local build tree, but all too often they are not readily available.

For example, your distro might package debuginfo and source files separately from the executable you’re trying to debug and you may lack the permissions to install these packages. Or, perhaps you’re debugging within a container that was not built with these resources, or maybe you simply don’t want these files taking up space on your machine.

Debuginfo files are notorious for taking up large amounts of space, and it is not unusual for their size to be five to fifteen times that of the corresponding executable. debuginfod aims to resolve these problems.

Continue reading “Introducing debuginfod, the elfutils debuginfo server”

Share
Changes to CentOS: What CentOS Stream means for developers

Changes to CentOS: What CentOS Stream means for developers

bdavis
By Bob Davis

Today Chris Wright, vice president and CTO at Red Hat, published a post describing how CentOS is changing and the opportunities it opens for developers in the Red Hat Enterprise Linux (RHEL) ecosystem. The net effect of this change is that, in addition to CentOS Linux 8, there is a new version of CentOS—CentOS Stream—which will provide a “rolling preview” of future Red Hat Enterprise Linux kernels and features. This is being announced in addition to the release of the traditional CentOS Linux 8, which is a downstream rebuild of the current RHEL release.

Continue reading Changes to CentOS: What CentOS Stream means for developers

Share
Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7

Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7

jorton42
By Joe Orton

Getting an SSL certificate for your web server has traditionally been a something of an effort.  You need to correctly generate a weird thing called a certificate signing request (CSR), submit it to the web page of your chosen Certificate Authority (CA), wait for them to sign and generate a certificate, work out where to put the certificate to configure it for your web server—making sure you also configure any required intermediate CA certificates—and then restart the web server.  If you got all that right, you then need to enter a calendar entry so you’ll remember to go through the process again in (say) a year’s time. Even some of the biggest names in IT can mess up this process.

With new CAs like Let’s Encrypt, along with some supporting software, the rigmarole around SSL certificates becomes a thing of the past.  The technology behind this revolution is Automatic Certificate Management Environment (ACME), a new IETF standard (RFC 8555) client/server protocol which allows TLS certificates to be automatically obtained, deployed, and renewed. In this protocol, an “agent” running on the server that needs an SSL certificate will talk to to the CA’s ACME server over HTTP.

A popular method for using ACME on your Red Hat Enterprise Linux 7 server is certbot. Certbot is a standalone ACME agent that is configured out-of-the-box to work with Let’s Encrypt and can work with Apache httpd, Nginx, and a wide variety of other web (and non-web!) servers.  The certbot authors have an excellent guide describing how to set up certbot with httpd on RHEL7.

In this tutorial, I’ll show an alternative method—the mod_md module—which is an ACME agent implemented as a module for Apache httpd, tightly integrated with mod_ssl, and is supported today in Red Hat Enterprise Linux 7.  The mod_md module was implemented by Stefan Eissing—a prolific developer who also added HTTP/2 support to httpd—and contributed to the Apache Software Foundation, becoming a standard part of any new installation since httpd version 2.4.30.

Continue reading “Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7”

Share