Skip to content

Administering Linux systems

The following sections include Linux system administration procedures that can be useful for Control Center administrators.

Cleaning up logs on RHEL/CentOS systems

Control Center (serviced) uses the systemd journal facility to store its log messages. If the logs are cluttered with old messages, it can be time-consuming to get to the latest messages.

The following command removes all but the last 24 hours worth of log messages:

journalctl --vacuum-time=1d

Note that the preceding command removes log messages for all applications that use the systemd journal facility, not just serviced messages.

For more information, refer to the journalctl man page on your host.

Creating a self-signed security certificate

If your organization does not have its own security certificate or if you cannot gain access to a copy of it, use this procedure to generate a self-signed security certificate.

Follow these steps:

  1. Log in to the Control Center master host as root or as a user with superuser privileges.

  2. Create a temporary directory for the new certificates and change to it.

    mkdir /tmp/certUpdate && cd /tmp/certUpdate
  3. Create a variable for the domain name of the Control Center master host. Replace <FQDN> with the fully-qualified domain name of the host:

  4. Create additional variables for the location and name of your organization. Replace the items in angle brackets with appropriate values:

  5. Create a variable for the number of days until the certificate expires. Replace <Days> with a numeric value; for example, 1825 (5 years):

  6. Create a certificate configuration file. Use your pointer to copy the following text, and then paste it into your terminal session.

    cat <<EOF > cert.cnf
    distinguished_name = req_distinguished_name
    x509_extensions = v3_req
    prompt = no
    O = $CERT_ORG
    subjectKeyIdentifier = hash
    authorityKeyIdentifier = keyid,issuer
    basicConstraints = CA:TRUE
    subjectAltName = @alt_names
    DNS.1 = $CERT_FQDN
    DNS.2 = *.$CERT_FQDN
    ## add DNS.? entries as desired here
  7. Create a certificate.

    openssl req -x509 -newkey rsa:4096 -nodes -config ./cert.cnf -keyout $CERT_FQDN.key -out $CERT_FQDN.crt -days $CERT_EXP
  8. Verify the certificate.

    openssl x509 -in ./$CERT_FQDN.crt -text -noout
  9. Install the certificate for Control Center use. For more information, see Optional: Installing a security certificate.