Skip to content

Administering Linux systems

The following sections include Linux system administration procedures that can be useful for Control Center administrators.

Cleaning up logs on RHEL/CentOS systems

Control Center (serviced) uses the systemd journal facility to store its log messages. If the logs are cluttered with old messages, it can be time-consuming to get to the latest messages.

The following command removes all but the last 24 hours worth of log messages:

journalctl --vacuum-time=1d

Note that the preceding command removes log messages for all applications that use the systemd journal facility, not just serviced messages.

For more information, refer to the journalctl man page on your host.

Creating a self-signed security certificate

If your organization does not have its own security certificate or if you cannot gain access to a copy of it, use this procedure to generate a self-signed security certificate.

Follow these steps:

  1. Log in to the Control Center master host as root or as a user with superuser privileges.

  2. Create a temporary directory for the new certificates and change to it.

    mkdir /tmp/certUpdate && cd /tmp/certUpdate

  3. Create a variable for the domain name of the Control Center master host. Replace <FQDN> with the fully-qualified domain name of the host:

    CERT_FQDN="<FQDN>"

  4. Create additional variables for the location and name of your organization. Replace the items in angle brackets with appropriate values:

    CERT_COUNTRY="<Country>"
CERT_STATE="<StateOrProvince>"
CERT_LOCATION="<City>"
CERT_ORG="<OrganizationName>"

  5. Create a variable for the number of days until the certificate expires. Replace <Days> with a numeric value; for example, 1825 (5 years):

    CERT_EXP="<Days>"

  6. Create a certificate configuration file. Use your pointer to copy the following text, and then paste it into your terminal session.

    cat <<EOF > cert.cnf
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
C = $CERT_COUNTRY
ST = $CERT_STATE
L = $CERT_LOCATION
O = $CERT_ORG
CN = $CERT_FQDN

[v3_req]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:TRUE
subjectAltName = @alt_names

[alt_names]
DNS.1 = $CERT_FQDN
DNS.2 = *.$CERT_FQDN
## add DNS.? entries as desired here
EOF

  7. Create a certificate.

    openssl req -x509 -newkey rsa:4096 -nodes -config ./cert.cnf -keyout $CERT_FQDN.key -out $CERT_FQDN.crt -days $CERT_EXP

  8. Verify the certificate.

    openssl x509 -in ./$CERT_FQDN.crt -text -noout

  9. Install the certificate for Control Center use. For more information, see Optional: Installing a security certificate.