Roderick Derks

Issue: No DNS lookups for external domains anymore, resolving internal domains works correctly
Error: "(network unreachable) resolving 'dlv.isc.org/DNSKEY/IN"
Solution: check the current date and time on the server and adjust it.

Issue: DNS requests for FQDN's outside of my LAN are not resolved anymore.
Error:
Jun 16 18:41:11 alpedhuez named[13832]: validating @0x7f32c43d00a0: . NS: got insecure response; parent indicates it should be secure
Jun 16 18:41:11 alpedhuez named[13832]: error (insecurity proof failed) resolving './NS/IN': 10.0.1.254#53
Jun 16 18:41:11 alpedhuez named[13832]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for 'dlv.isc.org': success
Jun 16 18:41:11 alpedhuez named[13832]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success
Jun 16 18:41:11 alpedhuez named[13832]: /var/named/dynamic/managed-keys.bind.jnl: create: file not found
Jun 16 18:41:11 alpedhuez named[13832]: managed-keys-zone ./IN: keyfetch_done:dns_journal_open -> unexpected error
Jun 16 18:41:11 alpedhuez named[13832]: validating @0x7f32c43cd070: . NS: no valid signature found
Jun 16 18:41:11 alpedhuez named[13832]: error (no valid RRSIG) resolving './NS/IN': 192.58.128.30#53
Jun 16 18:41:11 alpedhuez named[13832]: validating @0x7f32c43cd070: . NS: no valid signature found
Jun 16 18:41:13 alpedhuez named[13832]: error (no valid RRSIG) resolving './NS/IN': 192.203.230.10#53
Jun 16 18:41:14 alpedhuez named[13832]: error (network unreachable) resolving './NS/IN': 2001:dc3::35#53
…
Jun 16 18:41:13 alpedhuez named[13832]: validating @0x7f32c43cd070: . NS: no valid signature found
Jun 16 18:41:13 alpedhuez named[13832]: error (no valid RRSIG) resolving './NS/IN': 192.203.230.10#53
Jun 16 18:41:14 alpedhuez named[13832]: error (network unreachable) resolving './NS/IN': 2001:dc3::35#53
Jun 16 18:41:14 alpedhuez named[13832]: error (network unreachable) resolving './NS/IN': 2001:7fd::1#53

Solution:
I don't konw the solution, but I do know it is related to dnssec. I disabled dnssec in my named.conf as a workaround:
dnssec-validation no;

Maybe someone else can explain this to me?

Just now I got this error when trying to enable HA on a cluster with two ESXi4 hosts:"Cannot complete the configuration of the HA agent on the host. Other HA configuration error."

When experiencing HA configuration issues there are a couple of steps I usually take to try to fix the experienced issues:

• Click “reconfigure for VMware HA” and see if the issue is still there, if so:
  • Is DNS configured and does it actually work? If not, fix and reconfigure for HA.
  • Is the gateway reachable? If not, fix and reconfigure for HA.

This usually solves 75% of the issues. If it hasn’t been fixed the next step I usually take is unloading the agent and restarting the management services. Although it is pretty rigurous it is the fastest way of fixing HA issues.  In my case I am using ESXi and this is what I needed to do to clean up the host:

• Disable HA on the cluster
• /opt/vmware/aam/VMware-aam-ha-uninstall.sh
• /sbin/services.sh restart
• Enable HA on the cluster

This solved the issue I had with HA,

CMAKE
———-

yum install gcc-c++ libX11-devel libXext-devel libXtst-devel libXinerama-devel wget http://www.cmake.org/files/v2.8/cmake-2.8.4.tar.gz tar xfvz cmake-2.8.4.tar.gz ./configure gmake gmake install 

Centreon Engine —————

yum install gcc-c++ qt4-devel cmake make

useradd -m centreon groupadd centreon usermod -a -G centreon centreon

cd /tmp wget http://www.centreon.com/downloads/centreon-engine.tar.gz tar xzf centreon-engine.tar.gz cd centreon-engine cd build

cmake -DWITH_USER=centreon -DWITH_PREFIX=/usr/local/centengine -DWITH_TEMP_DIR=/usr/local/centengine/tmp -DWITH_GROUP=centreon -DWITH_CHECK_RESULT_DIR=/usr/local/centengine/var gmake gmake install

– Installeer nu de plugins

-service installeren

	chkconfig --add centengine  	chkconfig centengine 345 on

	service centengine start

# Kickstart file generated by Roderick Derks.
# Centos 5.6

#version=DEVEL
install
url –url http://freenas02.r71.nl:8080/Centos_5.6/cd1/
lang en_US.UTF-8
keyboard us
timezone –utc Europe/Amsterdam
rootpw  –iscrypted $6$AFQ9hKwPBKDUZwXd$E9nM0G2GBa4h2wDoG3D4mbK/fhpg.ER0RovPd4c5zKLHXjv7APZ7/rDAcDSvpFa2CBqq9rEdyZHYw/eY13EON.
selinux –disabled
authconfig –enableshadow –passalgo=sha512 –enablefingerprint
firewall –enabled –ssh –http

#ask for network config during installation
#network –device=eth0 –bootproto=query

reboot

bootloader –location=mbr –driveorder=sda –append="acpi=off"
clearpart –linux –drives=sda
part /boot –fstype ext3 –size=100 –ondisk=sda
part pv.6 –size=0 –grow –ondisk=sda
volgroup VolGroup00 –pesize=32768 pv.6
logvol swap –fstype swap –name=LogVol01 –vgname=VolGroup00 –size=500 –grow –maxsize=2016
logvol / –fstype ext3 –name=LogVol00 –vgname=VolGroup00 –size=1500 –grow

#%packages
#@core
%packages –nobase
kernel-PAE
bzip2
crontabs
dhclient
logrotate
openssh
openssh-clients
openssh-server
pam_passwdqc
sudo
tcpdump
telnet
wget
which
yum
– -audit-libs-python
– -checkpolicy
– -dhcpv6-client
– -ecryptfs-utils
– -ed
– -file
– -gnu-efi
– -gpm
– -hdparm
– -kbd
– -libhugetlbfs
– -libselinux-python
– -libsemanage
– -nspr
– -nss
– -policycoreutils
– -prelink
– -selinux-policy
– -selinux-policy-targeted
– -setools
– -setserial
– -sysfsutils
– -tcl
– -udftools
– -vim-enhanced

#PRE
#%pre
#sleep 1

# POST
%post –log=/root/kickstart-post-log

rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
yum -y remove kernel iptables slang usermode wireless-tools
yum -y remove cryptsetup-luks dbus dmidecode hwdata libgpg-error libusb
yum -y remove libvolume_id libxml2-python pciutils
#yum -y remove cyrus-sasl-lib logrotate

cat >> /root/rict_install01.sh <<_POST01

# rpm-forge
cd /tmp
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm
rpm –import http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm -i /tmp/rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm

# update Centos
yum -y check-update
yum -y update

# install apache
yum -y install httpd
service httpd start

_POST01

# backup originele rc.local maken
cp /etc/rc.d/rc.local /etc/rc.d/rc.local.backup
# test:
cp /etc/rc.d/rc.local /etc/rc.d/rc.local.backup2

# executable rechten geven aan het  script
chmod +x /root/rict_install01.sh

#info toevoegen aan rc.local
cat >> /etc/rc.d/rc.local <<_POST03
    # eenmalig uitvoeren  scripts
    echo —- UITVOEREN SCRIPT /root/rict_install01.sh
    /root/rict_install01.sh
    # Terugplaatsen rc.local.backup naar rc.local (restoren van origineel)
    # waardoor eenmalige uitvoer  script is gegarandeerd
    cp /etc/rc.d/rc.local /root/rc.local
    mv -f /etc/rc.d/rc.local.backup /etc/rc.d/rc.local

_POST03

* yum install tftp-server

* vi /etc/xinetd.d/tftp and change disable to 'no' and check root path for tftp server

disable = no server_args = -s /tftpboot

* restart xinetd

service xinetd restart

* Install syslinux

yum install syslinux

* Copy needed files from syslinux to the tftpboot directory

cp /usr/share/syslinux/pxelinux.0 /tftpboot cp /usr/share/syslinux/menu.c32 /tftpboot cp /usr/share/syslinux/memdisk /tftpboot cp /usr/share/syslinux/mboot.c32 /tftpboot cp /usr/share/syslinux/chain.c32 /tftpboot

* Create the directory for your PXE menus

mkdir /tftpboot/pxelinux.cfg

* Create a base directory for images. Create directories for each CentOS release you are supporting.

mkdir -p /tftpboot/images/centos/x86_64/5.0 mkdir -p /tftpboot/images/centos/x86_64/5.1 mkdir -p /tftpboot/images/vsphere/esxi5

* For each "Release" and "ARCH" Copy vmlinuz and initrd.img from /images/pxeboot/ directory on "disc 1" of that $Release/$ARCH to /tftpboot/images/centos/$ARCH/$RELEASE

* Add this to your existing or new /etc/dhcpd.conf.

Note: xxx.xxx.xxx.xxx is the IP address of your PXE server

allow booting; allow bootp; option option-128 code 128 = string; option option-129 code 129 = text; next-server xxx.xxx.xxx.xxx; filename "/pxelinux.0";

* Restart DHCP server

service dhcpd restart

* vi /tftpboot/pxelinux.cfg/default

default menu.c32 #default CentOS 5.6 x86 prompt 0 timeout 100 ONTIMEOUT local MENU TITLE RICT Consultancy PXE Menu LABEL CentOS 5.6 x86 MENU LABEL CentOS 5.6 x86 KickStart KERNEL images/centos/i386/5.6/vmlinuz APPEND initrd=images/centos/i386/5.6/initrd.img ramdisk_size=300000 ks=http://10.0.2.14:8080/Centos_5.6/cd1/ks.cfg ksdevice=eth0 LABEL CentOS 5.6 x86 Manual eth0 MENU LABEL CentOS 5.6 x86 Manual eth0 KERNEL images/centos/i386/5.6/vmlinuz APPEND initrd=images/centos/i386/5.6/initrd.img ramdisk_size=300000 napic acpi=off ksdevice=eth0 LABEL ESXi 4.1 KickStart menu label ESXi 4.1 KickStart kernel mboot.c32 append images/vmware/esxi/4.1/vmkboot.gz ks=http://10.0.2.14:8080/vSphere/ESXi_4.1/ks.cfg --- images/vmware/esxi/4.1/vmkernel.gz --- images/vmware/esxi/4.1/sys.vgz --- images/vmware/esxi/4.1/cim.vgz --- images/vmware/esxi/4.1/ienviron.vgz --- images/vmware/esxi/4.1/install.vgz label ESXi 4.0u1 KickStart menu label ESXi 4.0u1 KickStart kernel mboot.c32 append images/vmware/esxi/4.0u1/vmkboot.gz ks=http://10.0.2.14:8080/vSphere/ESXi_4.0u1/ks.cfg --- images/vmware/esxi/4.0u1/vmkernel.gz --- images/vmware/esxi/4.0u1/sys.vgz --- images/vmware/esxi/4.0u1/cim.vgz --- images/vmware/esxi/4.0u1/ienviron.tgz --- images/vmware/esxi/4.0u1/install.tgz

* Copy files from the first linux CD and the ESX 4.1 ISO to a webserver

* For ESXi copy the following files to your TFTP directory, in this case for 4.1 /tftproot/images/vmware/esxi/4.1 :
cim.vgz  ienviron.vgz  install.vgz  sys.vgz  vmkboot.gz  vmkernel.gz