RHEL 8 AppStream

RHEL 8 AppStream contains two types of content. 

1. Module
2. RPM packages

A module bundles a set of packages together. The module can contain one or more streams to have multiple versions of applications. Each stream can receive updates independently.

To list out all the available modules. Below is the list of mariadb module  

myserver#yum module list  | grep mariadb

Name                 Stream          Profiles                                 Summary

mariadb              10.3 [d][e]     client, galera, server [d]               MariaDB Module                                                                                                                  

mariadb              10.5            client, galera, server [d]               MariaDB Module        

In the above output there are two streams for mariadb 10.3 and 10.5 where 10.3 is the default as marked as "d"

To enable 10.5 stream

myserver# yum module enable mariadb:10.5/server   

To install specific version

myserver#yum module install mariadb:10.5/server

Other commands worth to try

# yum module info mariadb

# yum module list mariadb 

# yum module remove -y mariadb 

                                                                                                     

Removing a storage device from OS layer

Before removing access to storage device certain precaution needs to be taken. 

1. Check if the system is under memory pressure as I/O flush will add to the load

2. Free memory should not be less than 5 %

3. Swapping should not be active - (check si and so in vmstat output)

4. Close all applications using the file systems.

5. Unmount the file systems

6. Remove the device from volume groups (follow the volume manager software specific procedure)

7. Flush any outstanding I/O if device is used as raw device(blockdev --flushbufs device)

8. Remove any reference of disk based path /dev/dsk or /dev/dsk/by-path or major:minor from application and script

9. Remove each path from SCSI subsystem. 

10. echo 1 > /sys/block/device-name/device/delete

If the device is under multipath control and need to remove few paths. 

take the path offline echo offline > /sys/block/sda/device/state - This would ensure that subsequent I/O is sent to another alternate path.

then remove the device. 

echo 1 > /sys/block/device-name/device/delete

Setting VSFTP with Chroot option.

Today I  have got a requirement to setup a sftp user and restricting its access to a specific directory. My current running OS version Oracle Linux 5.11 which has latest openssh version openssh-4.3p2-82.el5. Now, initial plan to setup chroot to home directory using the below configuration which is quit straightforward.

1. Create a group called sftponly

        #groupadd sftponly
2.  Update /etc/ssh/sshd_config file with the below entries

AllowGroups root sftponly
Match Group sftponly
        ChrootDirectory /home/newuser
        ForceCommand    internal-sftp
        AllowTcpForwarding      no

While restarting sshd,

Starting sshd: /etc/ssh/sshd_config: line 123: Bad configuration option: Match
/etc/ssh/sshd_config: terminating, 1 bad configuration options [FAILED]

After googling for a while found that this feature is supported only with openssh 5 or above so not possible in my case

For an immediate workaround, I have decided to go for vsftp with chroot option. Here is what i have followed to set it up.

1. Install package vsftpd (#yum install vsftp*)

2. Change  anonymous_enable=NO

3. Add the below line

 chroot_local_user=YES

4. Add a user as below and set shell to /bin/false to restrict user not to login via shell

testuser:x:54332:54335::/home/testuser:/bin/false


NOTE: Ensure /bin/false is listed in the /etc/shells file