Saturday 9 August 2014

HP CloudSystem 8.1

 
Well, I thought I'd get around to doing a more detailed CloudSystem 8.1 installation Post. I've a homelab luckily with 32GB of Ram. I need to run a few management VMs (Firewall, DC, SQL, vCenter) before I even get started so 32GB sounds like a lot but it's a squeeze, believe me! 
 
Download the zip files from the following site:
 
The documentation is available here:
 
Now you should have 4 files (For ESX version):
HP_CloudSystem_Foundation_ESX_8.1_Jul_2014_Z7550-01484.zip
HP_CloudSystem_Enterprise_ESX_8.1_Jul_2014_Z7550-01488.zip
HP_CloudSystem_Tools_8.1_Jul_2014_Z7550-01492.zip
HP_CloudSystem_OO_Studio_8.1_Jul_2014_Z7550-01494.zip
 
Extract these so they are ready to go. We need to import 4 OVFs via the C# Client into vCenter and edit the memory of the base appliance from 32GB Ram to 8Gb Ram. While importing them change the default name to the ones shown below. I used Thin Provisioning to save space but the screenshot gives you an idea of what the footprint is like:

Note: after editing the Ram on the Base appliance to your satisfaction convert the VMs to Templates. Don't power any up!
 
The next step is to open a command prompt as administrator and change to the extracted Tools Directory. Extract the file "csstart-windows.zip" and in the command prompt change into this folder.
Run the command "csstart create-config" to generate a sample deployer.conf file. Edit the file deployer.conf and update the line under the heading [Appliance Setup] so it now reads "security-checking = disabled". This is only if you're using self signed vCenter Certificates in a Lab. See Pages 33 & 86 in installation guide for details on the error you'll get otherwise!
Now launch the setup wizard with the following command "csstartgui --start-browser --insecure"
 

 You local browser will be launched and you can now start going through the wizard to setup your environment. Depending on your network setup I recommend disabling any DHCP services to prevent issues later on. If you're using vLANs etc to separate things out you'll be fine.
 
The Welcome page is as follows:
Click Next
Click Next
Click Next. Fill in the required information:
Click Next. I filled in the desired network configuration. I've a Windows Host file defining the following servers to allow the wizard to work:
192.168.10.70   ca1.lab.local           ca1
192.168.10.71   cse1.lab.local          cse1
192.168.10.72 ca1.dept.lab.local
192.168.10.73 cse1.dept.lab.local
This ensures the wizard will find what it needs. My Lab Domain Controller is on 192.168.10.10 and the Firewall / Internet Gateway is 192.168.10.200.
Click Next.
I've a fairly flat network so I'm using the same subnet for my Lab, will see how this gets on later!
Enter your vCenter Details Next (ensure you use a resolvable FQDN or you'll have to Dick around with the vCenter self signed certificate error like I did for 1/2 day!)
Now your cluster name, my single physical Host has to be in this cluster for this to work.
 
Then enter your Port Groups

Now you need to have a load of Port Group ready for this bit. Mine are all attached to the same default vSwitch0 where my 2 Nics are. This is purely for Lab testing purposes.

 

I Disabled support access as this is a Lab. Hopefully HP won't be involved! On the Next Page I've to click "I Agree" to the CloudSystem Software License Terms. After that you might get a local Firewall warning as csstart does it's thing. It lists all the settings and you've a nice "Install" button. I forgot to make my VMs Templates and the names were wrong, I've updated the screenshot at the top so if you match that you'll be sorted! I also got two errors as follows:
Warning: The Enterprise appliance hostname is not valid.  If you are upgrading an Enterprise appliance this must be fixed.
Warning: The Enterprise appliance IP is not valid. If you are upgrading an Enterprise appliance this must be fixed.
There's nothing about this in the release notes, we're installing the Base Appliance and the Enterprise one is done separately later so I'd ignore for now. The Install button is available so what the hell, let's fire it up and see what happens! The CS Base Appliance Template is cloned and you can view the activity in vCenter, in the csstartgui command window or the Web Page Wizard when it updates from time to time.
Now make some coffee.....you can also check out the console of the "ca1" VM if you're bored:
When it finishes it invites you to log in and provides the SSL Certificate for your convenience:
 
Warning: The Enterprise appliance hostname is not valid.  If you are upgrading an Enterprise appliance this must be fixed.
Warning: The Enterprise appliance IP is not valid. If you are upgrading an Enterprise appliance this must be fixed.
Warning: The Enterprise appliance hostname is not valid.  If you are upgrading an Enterprise appliance this must be fixed.
Warning: The Enterprise appliance IP is not valid. If you are upgrading an Enterprise appliance this must be fixed.
Config file - passed basic tests, moving to advanced tests.
Config file - passed advanced tests.
Creating new base appliance.
Warning: Found 4 cores on the hypvervisor. Decreasing core request from 8 for appliance.
Appliance (ca1) successfully reconfigured
Booting the appliance.
This step could take between 5 and 20 minutes to complete.
The CloudSystem controller is being started.
This step could take between 10 and 20 minutes to complete.
Waiting for the CloudSystem services to finish starting.
This step could take between 5 and 15 minutes to complete.
Configured appliance EULA and support access.
 Error: Failed to change HP-OO administrator password within max time allotted. You need to change it manually after logging in to the Admin Console.
Applying the first time setup network selections.
Using ssl cert:
-----BEGIN CERTIFICATE-----
<Edited out>
-----END CERTIFICATE-----
VM started successfully.
Open browser to https://192.168.10.70/
 
Now you can get started. Note the supported browsers are:

You log in with the credentials you specified earlier for the user "administrator" and you can see in vCenter there's only 1 VM running currently, the Base Appliance. The real work starts from here!
In the Help Section on the Right click Edit Cloud Networking.
Click OK. At this stage I got an error as my vCenter certificate is self-signed. The 8.1 installation guide suggests you can turn off security checking but I've no credentials to edit the base appliance and manually editing the deployer.conf doesn't make a damn bit of difference. See pages 33 & 86 in the installation guide for the error & workaround, good luck to you!
 
I had to go back and redeploy the appliance several times. Check your DNS server for stale entries also that might hinder deployment. I reuse some IPs over time and the may still be there. 3 Deployments later and I arrived back where I started! It finally worked by changing from using the vCenter IP to the FQDN.
 
Note: The deployer.conf file contains the password typed in earlier so secure this file once you've finished in a Production environment or change later!
 
Now the next step is to log in via the url listed, in my case http://192.168.10.70
Next on the right Click "Edit Cloud Networking" and enter the Cloud Management Subnet. I used 10.0.0.0/24
Upon clicking Ok it deployed a number of VMs so now my list looks like the following:
 
The Network Nodes are clustered and very important to route traffic around so I would look at anti-affinity rules in a Production environment for these. The others could be spread out but it depends if you're going to use the same cluster to run the management components as the tenant VMs or not. I would suggest not to keep things clean and ensure Management has it's own dedicated environment. They recommend 128GB Ram for the HP CloudSystem 8 VM Host so watch out you size the Servers appropriately! 256GB Ram would be necessary I think to accommodate vCenter and other management plugins etc.
 
Well, that's the Foundation Deployed. I'll skip straight to the Enterprise install next. The GUI takes a bit of getting used to. Persevere and you'll eventually find the menu options you are looking for.
Click the Top Left Menu "CloudSystem Console" and then drift to the far right and Click "Enterprise". Then Click Install CloudSystem Enterprise.
 

More Menus to fill in (!) so to begin Click Next to get past the welcome screen
Enter in your Cloud Enterprise Details
Now enter the credentials use in the csstart setup wizard earlier and Click Install
At this stage we run into our problem with the HP-OO account password not being set. From the main menu you can click Integrated Tools and launch the logon page under Integrated UIs "HP Operations Orchestration Central" to test you're bogged out! This is new in 8.1 so we need a way to fix the HP-OO password error encountered before we can deploy the Enteprise Appliance. Oh Joy!
 
Well, that's as far as I can take things today. I'll reach out for a fix to the HP-OO account issue and see what I find. Good luck in setting up your labs and if you see where I've gone wrong let me know!!!
 
Note: Currently all the VMs combined are using the following memory resources for reference in my Lab:
 Error encountered as follows:
 Update 15/08/14:
Well, I tried a different password, then tried increasing the Base Appliance Memory from 8GB to 16GB, then 32GB but to no avail! About to give up I had been blocked before from using the cloudadmin account to check the appliance cli itself so this time I managed to get it. You need to use the csadmin.exe from the tools to do this step and once in you can change the hp_oo password and hopefully get onto the next stage!
 
Fire up admin command prompt and change to directory where csadmin.exe exists and run the command below to set the cloudadmin password:
 
csadmin console-users set-password --vm-name ca1 --os-username administrator --os-password <type your administrator password here> --os-auth-url https://192.168.10.70/ --insecure --password <type what you want to change your cloudadmin password to here>
 
Then use VMware Console to access CTRL+ALT+F1 and log in using the cloudadmin account. Then issue the following command:
sudo passwd hp_oo
and set the hp_oo password accordingly.
 
BUT......this doesn't appear to make any difference, I still can't log into OO !! I'll keep trying but I just need a simple procedure to fix this problem however I've not found anything in csadmin.exe or psql that's helping so far...!
 

 
 
 
 
 
 
 


Wednesday 6 August 2014

News and Musings

Well, I've heard HP CloudSystem 8.1 has been released. Not played with it yet but plan to once time permits and try my hand at a fresh install although there is an upgrade path to take also....I did get a chance to do some labs with an install done by the experts and think there's as much learning to this product as any I've encountered. Trying to understand the networking alone is interesting plus I've many questions about how to deliver one in Production that will need to be addressed if I get the chance to. At least they permit VMFS Glance repositories now!
 
 
Next up - I took my RHCSA exam last week, took me this long to calm down before I post. Got the grand old score of 0. Must say I've a few tips without breaching NDA that might assist those of you intending to take the Exam:
 
  • The Exam is based on RHEL 7, don't practice on anything else, especially RHEL 6.5!
  • I've asked RedHat to clarify what THEY mean by "Shipping Documentation" from the blueprint as I've sat VMware's VCAP5-DCA and they have a different view. I'll let you know when they respond how they describe it.
  • I'm not a Linux guru, I don't use the console in my day to day job but I'm trying to get a base qualification that some may laugh at because it's so simple. That said I need all the help I can get. I plan to rework my notes once more but in a manner that makes it easier to pick out key commands and all the pointers (man pages and any in the box stuff I can retrieve) to help me around next time. I can get to grips with basic stuff but configuring LUKS encrypted volumes from memory, fair play to you if you can do that off the top of your head, I can't!
The pass rate is 210 out of 300 so I hope I can give a better account of myself next time (209 or so!). Why did I get zero you may ask....NDA says I can't tell. I can understand why but I've been doing Cisco, Microsoft, Citrix and VMware exams for 15+ years and was slightly shocked to say the least. However, if you know what's on the blue print you'll be fine. I'm just starting out on this Linux track so I "crashed and burned" so to speak.
 
Anyway, it's just an exam. I plan to have another crack in October and leave it at that. There's too much else to do, Blade systems, HP Cloud, Openstack etc to get worried about it. Best of luck if you take it in the meantime.  

RHCSA 7 Exam Notes #7: Manage Security


Word version available here:
https://drive.google.com/file/d/0B9WPh0iDN4KwTUJzWUpid0d1WlU/edit?usp=sharing

Configure firewall settings using system-config-firewall or iptables
GUI: Applications, Sundry, Firewall  or firewall-config for same GUI from cli

Default Zone in bold, can be changed via Options menu and also tie interfaces to particular zones. My VMs interface is connected to the public Zone. Services know what ports they need so rules can target services rather than just ports. Services can be further locked down via IP Address if required.

firewall-cmd               (command line equivalent)
firewall-cmd --panic-on          (or panic-off, all packets dropped inbound and outbound)
firewall-cmd --reload
firewall-cmd --zone=public --list-ports
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --zone=public --add-service=smtp --permanent
(or use --remove-port  --remove-service to get rid of settings and reload afterwards)

/etc/sysconfig/iptables           (This file is not used anymore but is present)
You can switch back to using IP Tables but as they refer to an invalid command in the requirements of this section I doubt they will ask for this, but just in case:

systemctl disable firewalld
systemctl stop firewalld
yum -y install iptables-services
systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables

Configure key-based authentication for SSH
/etc/ssh/sshd_config               (This is the main file to manipulate ssh authentication)
Remove # in front of PubkeyAuthentication and it should be set to yes
Set PasswordAuthentication to no to ensure ssh keys used only
ssh-keygen      (this generates two files in ~/.ssh directory, prompted for passphrase )
ssh-copy-id -i root@server1.example.com    (copies public key to remote server you are going to log into)
ssh ‘root@10.0.0.128’             (Prompts for passphrase and logs you in, if you left the passphrase blank logs you straight in!)

Set enforcing and permissive modes for SELinux
getenforce                  (Checks current SELinux activation mode)
setenforce {enforcing/permissive}     (Sets activation mode to Enforcing or Permissive)

List and identify SELinux file and process context
sestatus -v                   (Checks current SELinux Status and File/Process contexts)
ll -Z /root/anaconda-ks.cfg     (Determine current SELinux context on file)

Restore default file contexts
restorecon -F /root
restorecon -F /root/anaconda-ks.cfg

Use boolean settings to modify system SELinux settings
semanage boolean -l              (run as root)
getsebool cvs_read_shadow   (lists status of cvs_read_shadow boolean)
setsebool -P httpd_can_network_connect_db on      (turns it on permanently)

Diagnose and address routine SELinux policy violations
yum -y install setroubleshoot setroubleshoot-server
getsebool -a | grep ftp           (Check booleans are on)
semanage port -l | grep http
semanage port -a -t http_port_t -p tcp 9876 (Permits non-standard port to be used)
chown apache:apache /var/www/html/index.html   (if file was owned by root)
semodule -DB             (Temporarily allow all denials to be logged)
semodule -B                (Revert)

ausearch -m avc -c httpd {-ts today/-ts recent}         (list all httpd denials, today’s, last 10 minutes, can leave out -c httpd to show all)
aureport -a                  (Summary of audit system logs)
sealaert -b                   (SELinux Alert Browser)
audit2allow -w -a        (Shows why access was denied)
audit2allow -a -M myrulefix   (gives command to install myrulefix.pp from current working directory and resolve issue)

grep certwatch /var/log/audit/audit.log | audit2allow -R -M myrulefix2  (targets issue with certwatch in logs and only put fix for this in myrulefix2.pp file for later installing)

 

 

RHCSA 7 Exam Notes #6: Manage users and groups


Word version available here:
https://drive.google.com/file/d/0B9WPh0iDN4KwNkRBYUg3ZDh3NWM/edit?usp=sharing

Create, delete, and modify local user accounts
/etc/passwd                (Primary file with user login data)
/etc/shadow                (Stores user passwords separately)
/etc/group                   (Primary file with group data)           
/etc/gshadow              (Stores group passwords separately)
pwck   grpck                (Check consistency of files)

yum -y install system-config-users     (Installs GUI to manage Users & Groups)
system-config-users                            (Open User Manager GUI)
useradd,usermod,userdel                   (Command line equivalents)

chage                                                  (set password aging on account)
vi /etc/sudoers                                    (Set sudo for user)

bob      ALL=(ALL)        ALL
terry    ALL=(ALL)        NOPASSWD: ALL

Change passwords and adjust password aging for local user accounts

passwd <username>               (Changes usernames password)
passwd -n 1 -x 90 -w 7 bob     (Password can be changed after 1 Day, be max 90 days old and you get 7 days warning to change)

Create, delete, and modify local groups and group memberships

groupadd,groupmod,groupdel           (Command line equivalents)
gpasswd          (Adds or deletes group members, assigns or revokes group password)
gpasswd -A bob,terry sales     (Add two users to sales group)

Configure a system to use an existing LDAP directory service for user and group information
yum -y install openldap-clients nss-pam-ldapd
authconfig-tui             (Text graphical utility - choose the following: Cache Information, Use LDAP, Use MD5 Passwords, Use Shadow Passwords, Use LDAP Authentication, Local authorization is sufficient)
getent passwd student            (tests, should get extract of /etc/passwd file for this user)
/etc/pam_ldap.conf                (edit this file with ip/hostname & BaseDN of Ldap server)
/etc/openldap/ldap.conf         (edit this file with

Configure a system to use an existing authentication service for user and group information
yum -y install sssd
authconfig --enableldap --enableldapauth --ldapserver="10.0.0.20" --ldapbasedn="dc=example,dc=com" --update
authconfig --enableldaptls --update               (Drop cert in /etc/openldap/cacerts first)

RHCSA 7 Exam Notes #5: Deploy, configure, and maintain systems


Word version available here:
https://drive.google.com/file/d/0B9WPh0iDN4KwMS0wTzhlbS1yYlE/edit?usp=sharing

Configure networking and hostname resolution statically or dynamically
With the GUI you can click on the Network icon beside the top right hand day/clock. Look for the tiny settings button in the bottom right of the Settings/Network window that opens. There you can set static/automatic IP & Name resolution. You can learn the command line equivalents but seriously, which is going to be quicker? As long as they give you a GUI that is?!!

Schedule tasks using at and cron
So, “at” is used for one time, one off, never to be repeated task scheduling. Examples of use are as follows:
at 10am    at 21:30   at 15:00 tomorrow   at now + 10 minutes  at 03:00 8/14/14

When you execute this you will prompted to enter the command(s) you want to execute, type CTRL+D to finish and submit the job. Note the job number. As root you can check on it using “at -c <job number>” or just list all “at -l” or “atq”. “at -d <job number” to remove job.
Or use -f to specify a filename to execute:
at -f ~/myball.sh at 02:00 5/18/14

Now, cron is for repeated executions if you don’t screw up the /etc/crontab file!
The format for entries in the crontab file is:
20 1,12 1-15 * * find / -name core
{20=minute of the hour} {1,12=Hour of the Day} {1-15=Dates of the Month} {*/2=Every second Month of the Year} {*=Day of the Week} Find / -name core

crontab -e -u student              (Run as Root to create cron for user student)
vi /etc/cron.allow                   (Run as root to permit student to execute cron jobs)
Now as the user student run “crontab -l” to show the job and “crontab -r” to remove it.

Start and stop services and configure services to start automatically at boot
Great, they changed this considerably in RHEL7!! HaHa!
systemctl start crond.service              (Start crond service the RHEL7 way!)
systemctl stop crond.service              (Guess what this does)
systemctl status crond.service            (For those with short term memory)
systemctl list-units --type service       (List all active services, add --all for others)
systemctl {enable/disable} crond.service       (Enables/Disabled service automatic startup)

Configure systems to boot into a specific target automatically
This is about booting into specific runlevels but they’ve rebranded it “systemd targets” represented by target units.

Runlevel          Target Units                          Description
0          runlevel0.target, poweroff.target      Shut down and power off the system.
1          runlevel1.target, rescue.target          Set up a rescue shell.
2          runlevel2.target, multi-user.target    Set up a non-graphical multi-user system.
3          runlevel3.target, multi-user.target    Set up a non-graphical multi-user system.
4          runlevel4.target, multi-user.target    Set up a non-graphical multi-user system.
5          runlevel5.target, graphical.target      Set up a graphical multi-user system.
6          runlevel6.target, reboot.target          Shut down and reboot the system.

systemctl get-default                                      (what is the current default?)
systemctl set-default multi-user.target          (Sets default to non-graphical multi-user system. Run “startx” to load graphical interface at run level 3!)
systemctl isolate multi-user.target                (Changes the current target)
By the way, systemctl can be used as follows:
systemctl {halt/poweroff/reboot}      
 

Install Red Hat Enterprise Linux automatically using Kickstart
Check the root users home folder for anaconda-ks.cfg. This is a good Kickstart primer generated using the installation of that RHEL system.
Web Server where RHEL7 DVD is copied
/var/www/html/anaconda-ks.cfg       edit permissions to allow public access to file chmod 777 etc and test download from workstation

Not getting a DHCP Address on the virtual adapter when booting the VM

Configure a physical machine to host virtual guests
A few tools to be aware of:
virsh                (Command line tool, watch out for the virsh # prompt, if you fire this up with options! Exit will return you to normal bash shell)
virt-manager               (Graphical Tool)
virt-install                    (Provisions new VMs)

grep -E ‘svm|vmx’ /proc/cpuinfo       (checks for AMD extension - svm and Intel extensions - vmx required for full virtulization)
yum -y install qemu-kvm qemu-img              (Main two Virtualization packages)

yum -y install virt-manager                            (Appears under system tools. Opening it complains about package libvirt-daemon-config-network missing. Install but you’ll need to enter root password several times. Groupinstall doesn’t appear to work with local yum repository)

Use virt-manager and right click localhost (QEMU) and Click Details to create a virtual network for VMs. (This worked fine in one environment using Workstation 10 but Failed on Workstation 9?!).  I was unable to get a remote ISO to work so I ended up using mount to connect to the extracted RHEL7 DVD on the NFS share as detailed further down this document. Then I just pointed it at /nfs and it worked fine and installed the VM.

Install Red Hat Enterprise Linux systems as virtual guests

Not Completed

Configure systems to launch virtual machines at boot

Bring up the VM Details and under Boot Options you can choose Autostart – Start virtual machine on host boot up.
Configure network services to start automatically at boot

See service section above, many of the older graphical tools are defunct unfortunately.

Configure a system to use time services

timedatectl     (command to configure current time, date & timezone)
timedatectl set-ntp yes

chrony best for mobile/virtual systems, ntpd best for servers left permanently on.
chrony configuration file is /etc/chrony.conf and is populated with remarked examples.

systemctl {status/start/enable} chronyd        (Kick off chronyd service)
chronyc {tracking/sources/sourcestats}         (Various checks you can perform)

Note: There was no /etc/ntp.conf file on my build by default and you need to disable chrony first. I think learn chrony and leave it at that.

Install and update software packages from Red Hat Network, a remote repository, or from the local file system

To configure YUM have a look at /etc/yum.conf. At the end of this file it lists the folder where the .repo files should reside (/etc/yum.repos.d). Now I’m not sure if you’ll have to create the repositories themselves but let’s see how to configure the client piece of each of these requirements above.

Yum has a few useful switches (use “man yum” also):
yum -y install <package>        (standard install and don’t prompt me one)
yum search tigervnc               (searches for packages with the string tigervnc in it)
yum update tigervnc-server   (updates package - needs RHN)                    
yum remove/erase <package>           (Removes selected package)
yum info tigervnc-server        (displays package header information)

So let’s start by creating a local Yum Repository:
yum -y install createrepo
mount /dev/cdrom /mnt        (mounts the RHEL7 DVD to /mnt)
mkdir -p /var/yum/repos.d/local       (Creates folder to store Repository)
cp -a /dev/cdrom/.  /var/yum/repos.d/local (Copies DVD contents locally, watch out for the .period or you’ll get a slightly different subfolder DVD appearing where you don’t want it)
createrepo -v /var/yum/repos.d/local           (Reads all the packages in)
vi /etc/yum.repos.d/local.repo           (Create new definition file with contents below. Note: the name in [] can’t have spaces)

[local]
name=local yum repository
baseurl=file:///var/yum/repos.d/local/
enabled=1
gpgcheck=0

The remote repository could be http/nfs/ftp so let’s cover out bases:
vi /etc/yum.repos.d/http.repo

[http]
name=remote http repository
baseurl=http://10.0.0.129/rhel7/
gpgcheck=0

The IIS7 Engine needs a custom mime map to define .bz2 files (File name extension = “.bz2” MIME type = “application/x-bzip2” without the quotes). This will allow you to download them instead of giving an annoying error. You will need to enable directory browsing to the virtual directory where you copied the RHEL7 DVD contents to the windows server. I configured CIFS/NFS/FTP/HTTP to the same folder.

vi /etc/yum/repos.d/ftp.repo

[ftp]
name=remote ftp repository
baseurl=ftp://10.0.0.129/
gpgcheck=0

Turn off the Windows Server 2012 R2 Firewall to permit FTP on port 21 or create a rule to avoid pulling your hair out! Running a “yum repolist” should pull in the FTP contents,

vi /etc/yum/repos.d/nfs.repo

[nfs]
name=remote nfs repository
baseurl=file:///nfs
gpgcheck=0

mount 10.0.0.129:/rhel7 /nfs            (This will use a mount point to provide a path to the NFS share)
yum clean all              (This can be run after each of the sections above)
yum repolist                (This will validate the repodata xml files from each repository)

For the official RHN, find the GUI under Applications, System Tools, Red Hat Subscription Manager

FYI - You can use the GUI “gpk-update-viewer” to look for available updates and “gpk-prefs” to set update check frequency and source.

Update the kernel package appropriately to ensure a bootable system
uname -r                                 (This shows current version of running kernel)
yum -y install kmod                (is installed by default)
lsmod                                      (Lists all kernel modules loaded in memory)
modinfo e1000e                      (Displays detailed information about a particular kernel module)
modprobe -v wacom               (Loads wacom module and dependencies)
modprobe -r wacom               (removes wacom module from kernel)
yum -y update kernel              (Required RHN subscription)
rpm -ivh /tmp/kernel-*.rpm   (Installs new Kernel Files)
rpm -qa | grep ^kernel           (Checks installed packages. Note: shift + 6 = ^)

Modify the system bootloader

When you boot from the DVD there’s a Troubleshooting option. You can choose “Rescue a Red Hat Enterprise Linux system” from the next menu. Choose continue and ok and it will mount the system and show you the command below.

chroot /mnt/sysimage
/sbin/grub2-install /dev/sda   (Reinstall Grub2 bootloader)
rpm -e xorg-x11-drv-wacom  (Remove failed driver, or use rpm to install one with -ivh)
Reboot                                     (System restarts twice)