Okay for anyone still around, I was able to get this sorted, it appears that the initial file I was using was either corrupted or maybe a patch for an existing installation.

I've documented the process, copied below for reference. I won't be sharing IBMs RPM's on this post. You should be able to get these directly from IBM's website free of charge, but your mileage may vary.

Installing IBM Datapower on CentOS 8/9 or Rocky Linux 8/9 to your Hypervisor/Cloud Provider

Minimum System Requirements
• 4 vCPU
• 16 GiB RAM
• 80 GiB Disk Space
• 4 Network Interfaces – with DHCP or Statically Assigned IPs
• 2 Available Loop devices – Documented Below
• Default Partitioning will work, can be configured to meet any security requirements (separate LV for VAR for example)
• Installation without a GUI recommended with these below features
◦ “Server Installation” Option
▪ Guest Agents (Drivers for Hypervisor/Cloud recommended)
▪ Remote Management for Linux recommended – SSH and or Cockpit
• Root only account – User accounts are unnecessary
• Security Policy to adhere to any State/Fed requirements (may effect Installation Destination configuration – not documented here).

Configure Timezone and any other settings as required – no specific documentation needed

Sample User: root
Password: your-password

Upon installation check for updates and install a few required repositories.

sudo dnf update -y sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm sudo dnf update -y sudo dnf search schroot sudo dnf install schroot ipvsadm kmod telnet -y

Post installation of dependencies we need to confirm our loop devices are configured.

Confirm what loop devices exist (likely there is only 1) so we’ll need to create some with the below.

List your loop devices:

ls -l /dev/loop* brw-r----- 1 rootls disk 7, 0 Jul 24 17:49 /dev/loop-control

We only have the loop-control device, so create two more loop devices with the below.

mknod -m660 /dev/loop1 b 7 8 mknod -m660 /dev/loop2 b 7 8

Confirm the devices are listed.

ls -l /dev/loop* brw-rw----. 1 root root 7, 8 Nov 27 08:10 /dev/loop1 brw-rw----. 1 root root 7, 8 Nov 27 08:10 /dev/loop2 crw-rw----. 1 root disk 10, 237 Nov 27 07:51 /dev/loop-control

Now transfer or download the Datapower and LibgCrypt RPMs to this system using something line wget or WinSCP depending on access. You can find libgcrypt here (https://rpmfind.net)

Once transferred, you may have to decompress the installation files.

tar -xf idg_lx10540.cd.ASL.prod.tar

Now we can install the program

sudo yum install idg_lx.10540.image.x86_64.rpm idg_lx10540.common.x86_64.rpm

Once installed, you’ll connect to the system via telnet on the system’s loopback address

telnet 127.0.0.1 2200 Initial login is: admin Initial Password is: admin

Confirm to all prompts with Y and then run/create and confirm a new password

You must restart the DataPower Gateway to make the Common Criteria policies effective.

idg# configure terminal;web-mgmt;admin-state enabled;local-address 0 9090;exit Global mode Modify Web management service configuration

Now you can go to the web console via your computer and using the primary IP address. In our example
https://ip-address:9090

You’ll use the login password you created while connected via SSH. You’ll have to create yet another new password.

Once the password is updated, you’ll be able to login and complete the setup by accepting the license agreement.

After accepting the licensing agreement the system will need to reboot. After logging in via SSH you’ll need to restart the web interface.

telnet 127.0.0.1 2200 admin <password> idg<config> idg <config> configure terminal;web-mgmt;admin-state enabled;local-address 0 9090;exit

That's the complete installation process from start to finish. The last step would be to setup initialization of the datapower service upon restart. I'll be working on this sometime this week probably so that the environment is fault tolerant.

@scottalanmiller said in Bind Linux Process to Well Known Web Ports When Not Root:

If you have ever tried to run a user space program on Linux with a port below 1024 you know that this is a security problem and you are not allowed to do so. There is a simple fix for this, but it is not well known.

Once you know the binary that you will be using to open the low number (well known) port you can use this command to grant it permission to use these ports without otherwise compromising security.

setcap cap_net_bind_service+ep /my/binary/file

Now you can run your application. This is most commonly used for user space web applications that want to use port 80 or 443 without requiring that you run a reverse proxy in front of them.

Good to know!

I found this as an example of how to use it and also commands to remove the permission:
https://cwiki.apache.org/confluence/display/HTTPD/NonRootPortBinding

The setcap utility seems to be available in the libcap2-bin package on debian distros.

I haven't checked if it's installed by default.

In the end I tried RHEL and OEL for the project.

RHEL uses EPEL.

OEL has their own EPEL repo.

@scottalanmiller said in New to Linux Administration: RHEL-Based or Debian-Based OS:

I agree, both is the obvious choice. But to truly answer the question, I'd focus on Ubuntu (not Debian) and then RHEL. Debian is great, but it is Ubuntu specifically that has the market.

Yes, almost the same is never the same as exactly the same.

@gotwf said in SAMIT: IBM Is Killing Off CentOS:

@scottalanmiller Yes. This I know. But this isn't bare metal but rather SmartOS hypervisor in a Triton datacenter. So I presume all is atop ZFS. I never delved deeper so honestly do not know.

Hopefully not, as ZFS isn't all that fast. But you need XFS touching WiredTiger... what's lower in the stack isn't what it is concerned with. You still control your own filesystem regardless of what the datacenter may or may not use elsewhere.

Booted straight to the CentOS 4 ISO, went into linux rescue, updated the initrd img and bam. working system from the current (as of 4 days ago) manual disk images I made.
88b47d5c-c3dc-4635-ab9c-1ec25e69ab95-image.png

Next project to re-learn how they restore data files. Have not done that in almost 10 years. Having no virtual infrastructure to play with, prior to this, made that harder.

@Pete-S said in How to use firewall-cmd to verify that tcp 80 & 443 is open?:

One thing that would be nice to have, something that I've used on hardware firewalls, is a command that will simulate packets through the firewall rules to see if they will pass or not.
I've not seen something like that for iptables/netfilter.

Not sure about simulating, but you can always send packets at it and use iptables -v to see the counters.

@Pete-S said in How do I install gparted on RHEL 7.7 with GUI?:

@JaredBusch said in How do I install gparted on RHEL 7.7 with GUI?:

@Pete-S yum install epel-release absolutely should work.

If I understand correctly yum install epel-release only works on CentOS, not real RHEL.

It was a fresh install too from rhel-server-7.7-x86_64-dvd.iso

Ah, you are correct. I skimmed the RHEL bit. Totally my bad.

@wirestyle22 said in Breakdown of what is installed and running in RHEL:

@DustinB3403 Appreciated

You're welcome.

@Pete-S said in What PHP version does RHEL 7.7 come with?:

@scottalanmiller said in What PHP version does RHEL 7.7 come with?:

@Pete-S said in What PHP version does RHEL 7.7 come with?:

If Red Hat had more resources they could have released a major version each year and then supported it for ten years. Then you'd never have anything older than one year on a new inst

Yes, you would. If you use RHEL 7 and even if RHEL 8 came out th enext day, and RHEL 9 a week later... if you stay on RHEL 7 your code would not change.

I said "New install" Scott. You are saying the exact same thing as I did.

Oh I see what you are saying. No one does that, though, they have STS for that. Fedora, Ubuntu Current, Normal Windows 2019. They all do STS. LTS makes no sense in the real world if you are willing to use what is new at install time.

Variation for Debian 10 + Dovecot 2.3.4.1:

cat /var/log/dovecot/dovecot.log | grep imap-login:\ Info:\ Login | sed -e 's/.*Login: user=<\(.*\)>, m ethod=.*/\1/g' | sort | uniq | wc -l

@Pete-S said in RHEL 8 is out!:

If you missed it Red Hat Enterprise Linux 8 was released a couple of days ago.

https://www.redhat.com/en/enterprise-linux-8

Hopefully CentOS 8 will be soon to follow. They have a timeline on their site.

@FATeknollogee said in oVirt Host Choices for Production:

@EddieJennings I would start by using oVirt Node (it's based on CentOS), it's the simplest, least hassled way of setting up.

Yeah, they have their own Node deployer, I'd generally just use that.

@Emad-R said in Installing MS SQL Server Express on CentOS:

Et me guess it is much faster on Linux than on Windows server

No idea, but it is one less Windows Server license needed.

Also MS SQL Server Express works well for many tasks.

@StorageNinja said in Why I Feel KVM Is the Easiest HyperVisor to Learn the Basics On:

@Dashrender said in Why I Feel KVM Is the Easiest HyperVisor to Learn the Basics On:

The question is - why is the quality so bad? Isn't the process supposed to catch bad quality?

Their process is consider the windows insider group (extreme power users) to be a good enough replacement for proper QE teams, and writing automated build tests.

Right, the new process isn't to catch bad things, it's actually to see bad things as "not all that bad." Presumably because a shift from viewing their products as being for business to being for entertainment. Remember when Windows 95 was a key tool for businesses, but by Windows 98 they had made sure to put a "for entertainment purposes only" label on the product to make sure no one confused it with something that was intended for business use?

I feel like that's where they are now. At least internally, no one is really thinking of this as a business tool.

Good to know, I use Ubuntu/Debian so I will check for that.

@black3dynamite said in Red Hat Discontinuing KDE in RHEL and CentOS:

@travisdh1 said in Red Hat Discontinuing KDE in RHEL and CentOS:

@scottalanmiller said in Red Hat Discontinuing KDE in RHEL and CentOS:

@travisdh1 said in Red Hat Discontinuing KDE in RHEL and CentOS:

@black3dynamite Aha! They both did it! Yes, I have a thing about an entire desktop worth of space getting forced down into one little bar, and the menu being at least 2 clicks deeper than it was.

Why is the menu deeper? I don't prefer this setup either, but it's no deeper. It's still a button on the desktop for me.

Because as the admin/geek, everything I want/need to use is a submenu of the all programs menu. Granted I mostly just favorite a terminal emulator and be done with it, but it is much farther to move around and menus for me to get through. Give me Cinnamon with a hotkey set for the menu any day.

As long as the search function works, I usually find what I need by searching for it.

^ this