Andrew Wippler's Sketchpad - Linux

Recompiling AbiWord

2025-09-08T09:03:20.706302+00:00

In my quest to replace Google Docs, I came across AbiWord, Gnome's editor. It looks newer than LibreOffice, appears feature complete, and has footnote support. The only problem is that it does not have keyboard shortcuts for footnotes. This is how I compiled AbiWord from the git source:</p>

Install the dependencies</h2>

sudo</span></span> dnf install gcc gcc-c++ make autoconf automake libtool intltool m4 pkgconfig gtk3-devel libgsf-devel libxml2-devel glib2-devel libX11-devel libXext-devel libXpm-devel libXft-devel gperf bison flex libjpeg-turbo-devel libtiff-devel libpng-devel poppler-glib-devel cairo-devel pango-devel atk-devel gdk-pixbuf2-devel desktop-file-utils docbook2X docbook-dtds libxslt-devel libICE-devel libSM-devel libuuid-devel libIDL-devel boost-devel</span>
</span></code></pre>
Build</h2>
To build, one has to do "the normal Unix installation method": ./autogen.sh</code>, ./configure --prefix=$HOME/abi-install</code>^{1</a></sup>, make -j$(nproc)</code>, and make install</code>. However, on my Fedora 42 install, I received the error:</p>}
./autogen.sh</span></span>
</span>libtoolize:</span></span> putting auxiliary files in '</span>.'</span></span>.</span>
</span>libtoolize:</span></span> copying file '</span>./ltmain.sh'</span></span></span>
</span>libtoolize:</span></span> putting macros in AC_CONFIG_MACRO_DIRS, '</span>m4'</span></span>.</span>
</span>libtoolize:</span></span> copying file '</span>m4/libtool.m4'</span></span></span>
</span>libtoolize:</span></span> copying file '</span>m4/ltoptions.m4'</span></span></span>
</span>libtoolize:</span></span> copying file '</span>m4/ltsugar.m4'</span></span></span>
</span>libtoolize:</span></span> copying file '</span>m4/ltversion.m4'</span></span></span>
</span>libtoolize:</span></span> copying file '</span>m4/lt~obsolete.m4'</span></span></span>
</span>configure.ac:58:</span></span> error: possibly undefined macro: AC_MSG_ERROR If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation.</span>
</span>autoreconf:</span></span> error: /usr/bin/autoconf failed with exit status: 1</span>
</span>Running</span></span> ./configure --</span>enable-maintainer-mode</span> ...</span>
</span>configure:</span></span> error: cannot find required auxiliary files: compile missing install-sh config.guess config.sub</span>
</span></code></pre>
That meant I needed an additional package:</p>
sudo</span></span> dnf install autoconf-archive</span>
</span></code></pre>
After recompiling, I found out that my added shortcuts did not integrate properly. I filed an issue against the repo and am awaiting a response.</p>



the prefix is to have a second, butchered version available to test. I can continue using distro version of AbiWord if this doesn't work out. ↩</a></p>
</li>
</ol>
</section>



Moving to Desktop GNU/Linux from Windows/Mac
2017-04-14T14:00:00+00:00
There are many curious individuals who tinker with GNU/Linux as a Server OS and want to experience what it is like as a Desktop OS. The switch is often hindered by two obstacles:</p>

Some daily use programs are not available. (i.e. Photoshop, iTunes, etc.)</li>
The unknown of what to do if something goes wrong or what do I do to get my 3d graphics driver installed and working.</li>
</ol>
While these are valid reasons and definitely show stoppers for some, others can safely migrate to GNU/Linux.</p>
The obstacle of programs</h2>
I like Krita as an alternative to Photoshop. The menu options are nearly the same and I do not have to install a silly theme (like I have to do in Gimp) or re-learn photo editing just to recognize where everything is at. I have successfully installed Photoshop CS4 with wine without any issues, but Krita is more featured than CS4. Darktable is also a good alternative to Photoshop RAW/bridge.</p>
Rhythmbox connects to iPhones/iPods the same way as iTunes does, but without the store. iTunes does run on a recent version of wine quite well. Some might also want to check out Clementine</a>.</p>
Most every program has an alternative. Alternatives can be found via alternativeto.net</a> or software recommendations on StackExchange.</p>
The unknown obstacles</h2>
To use GNU/Linux successfully as the primary Desktop OS, in my opinion, one must have a desktop with worthy hardware. I consider myself an AMD guy. I like the price for performance and I rarely do CPU intensive tasks on my desktop. When AMD bought ATI, I was also happy as ATI was my favorite graphics card. Unfortunately, most Desktop GNU/Linux users are developers and need that extra performance. They have desktop workstations that have Nvidia graphics cards in them with Intel CPUs. You will often find that Desktop GNU/Linux performs better, is easier to use, and has more tutorials for Nvidia graphics cards and how to get them working.</p>


Easy unix epoch timestamps from CLI
2016-12-23T14:00:27+00:00
While working on various projects and ultimately the need for a Unix timestamp for expiring swift objects in OpenStack, I needed a quick way to convert past, present, and future timestamps to the Unix epoch. Traditionally, I went to google, searched for a Unix timestamp converter, and retrieved my seconds that way. Unfortunately in exams, you are not allowed to visit external websites.</p>
If you know how to read documentation, you will already know that the date</code> command has this feature already built in. An excerpt from the docs is as follows:</p>
 ...
</span>       Show the local time for 9AM next Friday on the west coast of the US
</span>
</span>              $ date --date='TZ="America/Los_Angeles" 09:00 next Fri'
</span>
</span>DATE STRING
</span>       The  --date=STRING  is  a mostly free format human readable date string
</span>       such as "Sun, 29 Feb 2004 16:21:42 -0800" or "2004-02-29  16:21:42"  or
</span>       even  "next Thursday".  A date string may contain items indicating cal‐
</span>       endar date, time of day, time zone, day of week, relative  time,  rela‐
</span>       tive date, and numbers.  An empty string indicates the beginning of the
</span>       day.  The date string format is more complex than is easily  documented
</span>       here but is fully described in the info documentation.
</span>...
</span></code></pre>
Further reading of the docs will point you in specifically formatting a return string by doing a date +%s</code>. So when the time comes to expire an object from swift at 17:00 next Friday, you can do something like:</p>
swift post container file -H 'X-Delete-On: </code>date +%s --date="17:00 next Friday"'</code></p>


Using Puppet to host a private RPM repository
2016-11-18T14:00:46+00:00
A repository is a place where files are stored, indexed, and available through a package manager to anyone who has the repository information. With rpm</code> based systems, a repository is created with a tool called createrepo</code>. Most of the time, publicly available repositories already offer the packages your server needs. When you have a custom application you want to deploy (or even rebuild an existing application with your patches), it is best to distribute that package with a repository rather than a file share or some other means. Often a folder structure is created so that differing client OS versions can connect to the same repository and access versions compiled to that specific release. In my example below, I am not creating this folder structure as I am only serving one major release - Centos 7 - and the packages I am generating are website directories which are just a collection of portable code.</p>
A private repository is not a tricky feat - all you have to do is serve the repository via https and require http basic authentication. You then configure the clients to connect to the repository with the basic authentication in the URL string (i.e. baseurl=https://user:pass@repo.example.com/</code>). The HTTPS protocol is not required to serve a repository, but it does prevent network snoopers from seeing your repository credentials.</p>
Now that we know what is needed for a private repository, we can then define it in our puppet code.</p>
node 'repo.example.com' {
</span>
</span>  file { '/var/yumrepos':
</span>    ensure => directory,
</span>  }
</span>
</span>  createrepo { 'yumrepo':
</span>    repository_dir => '/var/yumrepos/yumrepo',
</span>    repo_cache_dir => '/var/cache/yumrepos/yumrepo',
</span>    enable_cron    => false, #optional cron job to generate new rpms every 10 minutes
</span>  }
</span>
</span>  package { 'httpd':
</span>    ensure => installed,
</span>  }
</span>
</span>  httpauth { 'repouser':
</span>    ensure    => present,
</span>    file      => '/usr/local/nagios/etc/htpasswd.users',
</span>    password  => 'some-long-password',
</span>    mechanism => basic,
</span>    require   => Package['httpd'],
</span>  }
</span>
</span>  file { '/usr/local/nagios/etc/htpasswd.users':
</span>    ensure => file,
</span>    owner  => 'nginx',
</span>    mode   => '0644',
</span>  }
</span>
</span>  class{'nginx':
</span>    manage_repo    => true,
</span>    package_source => 'nginx-mainline',
</span>  }
</span>
</span>  nginx::resource::vhost{"$::fqdn":
</span>    www_root             => '/var/yumrepos/yumrepo',
</span>    index_files          => [],
</span>    autoindex            => 'on',
</span>    rewrite_to_https     => true,
</span>    ssl                  => true,
</span>    auth_basic           => 'true',
</span>    auth_basic_user_file => '/usr/local/nagios/etc/htpasswd.users',
</span>    ssl_cert             => "/etc/puppetlabs/puppet/ssl/public_keys/$::fqdn.pem",
</span>    ssl_key              => "/etc/puppetlabs/puppet/ssl/private_keys/$::fqdn.pem",
</span>    vhost_cfg_prepend    => {
</span>      'default_type'     => 'text/html',
</span>    }
</span>  }
</span>
</span>}
</span></code></pre>
For the above code to work, we need the required modules:</p>
mod 'palli/createrepo', '1.1.0'
</span>mod "puppet/nginx", "0.4.0"
</span>mod "jamtur01/httpauth", "0.0.3"
</span></code></pre>
We can then use the following declaration on our nodes to use this repository.</p>
yumrepo {'private-repo':
</span>  descr           => 'My Private Repo - x86_64',
</span>  baseurl         => 'https://repouser:some-long-password@repo.example.com/',
</span>  enabled         => 'true',
</span>  gpgcheck        => 'false',
</span>  metadata_expire => '1',
</span>}
</span></code></pre>
You now have a fully functional private repository - deploy your awesome software.</p>


The future without Microsoft Office products
2016-07-29T14:00:00+00:00
I recently submitted a proposal to remove Microsoft Office from off my network and switch to Google Apps for Work and LibreOffice. This would incur a cost savings of ~$17.50 per user per month (GAFW $5 plan versus Office 2016 Professional Plus, Corporate, Open License, License Only). Some may argue that there are better license options with Microsoft and the $508 per user per 2 years (with the open license; source: http://mla.microsoft.com) is not a fair estimation, however, it is not fair to compare a stagnant version of Office versus the always updated version of GAFW or LibreOffice.</p>
With LibreOffice, I can contribute a patch, submit it upstream, get it reviewed, and have it accepted into main stream. If I couldn't wait for it to get to upstream, I could recompile with my patch and get it deployed in a matter of hours. This is the power and strength of open source software. Even with Google Apps, I submit a feature request, wait for it, and get the updated version when it arrives - I don't have to buy a new version to get this new feature. This is the power of SaaS.
Word processing is also not proprietary. What you see on the screen in Microsoft Office, Google Apps, or LibreOffice will be what you get when you print it out or email it. LibreOffice and Microsoft Office save in formats that are compatible with each other. LibreOffice reads and writes docx and xlsx, and Microsoft Office reads and writes odf and ods.</p>
The biggest hurdle to switch is that Microsoft Office included odbc connectors in a spreadsheet program (Excel) instead of directing users to a database program (access). LibreOffice did it right by making a spreadsheet program (calc) do spreadsheet things only and their database (base) connect via odbc to other databases. LibreOffice has Microsoft beat in that you can open more odbc types such as a MySQL database.</p>
Before marrying me, my wife was a secretary for 5 years. All she used was Microsoft Office products until she used my computer to type a recipe document. Her response was, "this is different." She told me later that she had to look for her formatting tools, but when she found them there was no difference except the tools she used were in different places than where they were in Microsoft Office. This is by far the best reason to use LibreOffice and Google Apps - you can save money and lose none of the features.</p>


Puppet with Mac and GNU/Linux
2016-07-08T14:00:00+00:00
Puppet on Mac is a mixture of Puppet on Linux and Windows. Registry settings are called "secrets" and to make things easier, you need to install homebrew.</p>
Enforcing a local admin is a little bit tedious. In the past few OSX releases, the have changed their password hashing algorithm several times. This causes a few case statements based on release version in order to set up one single local admin.</p>
Secret management is a little more complicated than Windows registry management. First, you need to find your secret decoder website (which is now only available in the archive</a>), next you need to rip out the puppet code to manage secrets</a> (because nobody thought it wise to follow Puppet best practice and make a module do only one thing) and make your own personal company module, and finally you are ready to define an OSX secret. I use boxen::osx_defaults</code> to set up the Mac equivalent of legalNoticeText with this code:</p>
  boxen::osx_defaults { "loginwindowtext" :
</span>    domain => '/Library/Preferences/com.apple.loginwindow.plist',
</span>    key    => 'LoginwindowText',
</span>    value  => "This computer system is the property of ....",
</span>  }
</span></code></pre>
Managing a GNU/Linux workstation is similar to OSX and Windows only you know what you are doing and everything makes sense because smart people write and manage the software. I choose to use KDM as the greeter is easier to customize and make the default Desktop Environment to be GNOME. On my greeter background, I have the legalNoticeText properly formatted to my liking and saved in the background image. So far I am the only GNU/Linux workstation on Puppet so I haven't configured it to a great extent. It does help between re-installs though :)</p>


Learn GNU/Linux the easy way
2016-06-10T14:00:00+00:00
Let's face it, Linux is a kernel and no matter what distribution you use, it is all the same. You have a repository of packages, you get a package manager to manage your packages, you get a desktop environment, and you get freedom to tinker down to the lowest level of the kernel to configure things like IP routing and forwarding.</p>
Differences lie in the release cycle of the distribution, package names, and the default desktop environment - though you can find spins to even change that part. Each are trying to tackle a specific problem and come with a solution. It may be security, research, UI, stability, or even high performance computing.</p>
If starting out, pick a user friendly distribution like Ubuntu or Debian. Use it with the defaults for 6 months while trying to learn as much as you can. Then move onto the specific use cases for Enterprise, you can use CentOS, RedHat, Ubuntu, or SUSE (you will get the best hardware/software support if you go that route) for home use, you may want to go with Debian, Ubuntu, Arch, Gentoo, Fedora or anything you want to use; for embedded, you may go with Debian, Yocto, Gentoo, OpenEmbedded, OpenWRT, and others; for stability and security, you may want to go with Debian or one of the Enterprise distributions.</p>
At the end of the day, it is all built upon the Linux kernel - unless you are using the Debian BSD fork.</p>


Access Samba shares from Chromebook
2016-05-24T14:10:50+00:00
Chromebooks are cloud focused. Many Chromebooks come with very limited storage in hopes you would be storing everything in the cloud. While this is a great habit to practice, in all reality, how likely are you to store 2tb of data in the cloud? Not many cloud providers even offer plans for that much storage.</p>
Today marks a milestone - Google has released an extension to the Chromebook file app to access Samba shares</a>.</p>
Samba is the implementation in which Windows file shares are broadcasted across the network. There is also an open source version of the implementation known by the name of Samba which is found on most Linux distributions as well as at http://Samba.org</a>.</p>
Enjoy accessing your network shares on ChromeOS, and don't forget to file bug reports</a>.</p>


5 Things to do after installing X
2016-05-06T14:00:00+00:00
Congratulations, you have installed X! Here are 5 things to do right now:</p>

Change your background</li>
Install needless software</li>
Customize your font size</li>
Take a screenshot</li>
Share about your experience on social media!</li>
</ol>
This post is mainly a response to all of those 10 things to do after installing Ubuntu 16.04 blog posts.</p>


How to fix Error: Transaction check error with dnf/yum
2016-02-08T15:00:06+00:00
When a dnf</code> or yum</code> process gets interrupted, you may get the below error:</p>
Running transaction check
</span>Transaction check succeeded.
</span>Running transaction test
</span>The downloaded packages were saved in cache until the next successful transaction.
</span>You can remove cached packages by executing 'dnf clean packages'.
</span>Error: Transaction check error:
</span>file /usr/share/doc/avahi-libs/README from install of avahi-libs-0.6.32-0.4.rc.fc23.i686 conflicts
</span>with file from package avahi-libs-0.6.31-43.fc23.x86_64
</span></code></pre>
When presented with Error: Transaction check error</code>, you are unable to install, update, or upgrade your system. The solution is to attempt to install the program (or download the files), locate them on your system, and manually update them using rpm.</p>
In the example above, I want to update avahi-libs</code> to a later version, but an older version still exists on my system. The dnf</code> process was interrupted before it could erase the older version. Hence, the error means manual intervention of the problem is required. To fix, one needs to locate the newer version and use the rpm</code> command to forcefully install the update. In other words, do the following:</p>
find /var/cache/dnf/ -iname avahi-libs-0.6.32* -type f
</span>rpm -Uvh --replacefiles /path/to/avahi-libs-0.6.32-0.4.rc.fc23.i686.rpm
</span></code></pre>
There is a good chance that the file you need is in /var/cache/dnf/</code> already and does not need to be downloaded from a mirror.</p>


Switching from Active Directory to Samba4
2015-12-21T14:00:46+00:00
Active Directory is solid, secure, and stable platform for user, group, and computer management. I would go as far and say that it is probably the backbone of 99.9% of all organizations world wide. So why would anyone want to switch away from Active Directory? The answer to that question is varied, but the most common reason why are:</p>

Reduce licensing costs (per user/device cals)</li>
Reduce Windows foot print</li>
Advanced features of AD are not needed</li>
Less than 5,000 users</li>
Because <insert_favorite_software> is greater than <insert_hated_software></li>
</ul>
Let us get started on switching to a Samba4 backend.</p>
This guide assumes the following:</p>

You already have a domain environment</li>
The forest functional level is 2003 or greater</li>
The domain functional level is not greater than 2008 R2</li>
You are running CentOS/RedHat 7 as your Samba4 host and it is a vanilla minimal install with no added repositories (i.e. you just installed it)</li>
Your domain is: AD.ANDREWWIPPLER.COM and your NETBIOS is AD.</li>
</ul>
Installing Samba4</h2>
The samba version that ships with CentOS is compiled in legacy NT4 emulation mode. In order to get the AD emulation, we will need to compile Samba4 (Don't worry, it is very easy and compiles under 20 minutes with a 2 core processor.)</p>
cd /usr/src/
</span>wget https://download.samba.org/pub/samba/stable/samba-4.3.2.tar.gz
</span>sudo tar xf samba-4.3.2.tar.gz
</span>cd samba-4.3.2/
</span></code></pre>
Now we need to install the build tools. (The most updated list is located here</a>)</p>
sudo yum install perl gcc attr libacl-devel libblkid-devel \
</span>    gnutls-devel readline-devel python-devel gdb pkgconfig \
</span>    krb5-workstation zlib-devel setroubleshoot-server libaio-devel \
</span>    setroubleshoot-plugins policycoreutils-python \
</span>    libsemanage-python perl-ExtUtils-MakeMaker perl-Parse-Yapp \
</span>    perl-Test-Base popt-devel libxml2-devel libattr-devel \
</span>    keyutils-libs-devel cups-devel bind-utils libxslt \
</span>    docbook-style-xsl openldap-devel autoconf python-crypto
</span></code></pre>
The next step is to compile and run:</p>
./configure
</span>make -j 2
</span># The number 2 should be relative to the number of cores on your machine
</span>sudo make install
</span></code></pre>
This process should take less than 20 minutes. After it is done compiling, it will install to /usr/local/samba/</code>. To make it easier to run the new commands, let us add the paths to our global path:</p>
sudo cat << EOF > /etc/profile.d/samba.sh
</span>##add samba to PATH
</span>export PATH=/usr/local/samba/bin/:/usr/local/samba/sbin/:$PATH
</span>EOF
</span>sudo chmod 0644 /etc/profile.d/samba.sh
</span>. /etc/profile
</span></code></pre>
Preparing the system to join AD</h2>
Now that Samba is installed, we need to configure our system to interact with Active Directory as well and set up BIND9.</p>
Network related</h3>
A static IP as well as DNS must be configured properly for this to work. Ensure the appropriate settings are in /etc/sysconfig/network-scripts/ifcfg-(iface-name)</code>. The DNS servers must be an Active Directory domain controller and you should be able to ping it. If modification is done to this file, you will need to restart NetworkManager for changes to take effect. The desired result is to have /etc/resolv.conf</code> appear like the following:</p>
# Generated by NetworkManager
</span>search ad.andrewwippler.com
</span>nameserver 192.168.1.201
</span></code></pre>
In my lab, 192.168.1.201 is a Windows 2008 R2 server named DC1.</p>
Hostname related</h3>
If you have not named your CentOS install, it is best to do it now. You will also need to verify that pinging your hostname works and it returns with the ip of the interface you set and not the loopback interface.</p>
sudo hostname dc2.ad.andrewwippler.com
</span>sudo echo 'dc2.ad.andrewwippler.com' > /etc/hostname
</span>echo '192.168.1.202 dc2 dc2.ad.andrewwippler.com' >> /etc/hosts
</span></code></pre>
Kerberos related</h3>
Ensure /etc/krb5.conf</code> has the following. The domain needs to be in all caps.</p>
...
</span>[libdefaults]
</span>    ...
</span>    dns_lookup_realm = false
</span>    dns_lookup_kdc = true
</span>    default_realm = AD.ANDREWWIPPLER.COM
</span>...
</span></code></pre>
Testing</h3>
We can now test our DNS and Kerberos settings with two simple commands.</p>
kinit administrator
</span></code></pre>
This should ask you for the domain administrator's password. Once entered you can verify everything is working with klist</code>.</p>
Joining Active Directory</h2>
At this point, we have not started Samba, nor do we need to until the very end. We can now issue the join command (with BIND9 support)</p>
sudo samba-tool domain join ad.andrewwippler.com DC -Uadministrator --realm=AD.ANDREWWIPPLER.COM --dns-backend=BIND9_DLZ
</span></code></pre>
Now we will have to configure bind. For convenience sake, I have included my /etc/named.conf</code></p>
//
</span>// named.conf
</span>//
</span>
</span>options {
</span>	listen-on port 53 { any; };
</span>	listen-on-v6 port 53 { any; };
</span>	directory 	"/var/named";
</span>	dump-file 	"/var/named/data/cache_dump.db";
</span>	statistics-file "/var/named/data/named_stats.txt";
</span>	memstatistics-file "/var/named/data/named_mem_stats.txt";
</span>	allow-query     { any; };
</span>	recursion yes;
</span>	dnssec-enable yes;
</span>	dnssec-validation yes;
</span>	dnssec-lookaside auto;
</span>	/* Path to ISC DLV key */
</span>	bindkeys-file "/etc/named.iscdlv.key";
</span>	managed-keys-directory "/var/named/dynamic";
</span>	pid-file "/run/named/named.pid";
</span>	session-keyfile "/run/named/session.key";
</span>
</span>        //samba
</span>        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
</span>};
</span>
</span>logging {
</span>        channel default_debug {
</span>                file "data/named.run";
</span>                severity dynamic;
</span>        };
</span>};
</span>
</span>zone "." IN {
</span>	type hint;
</span>	file "named.ca";
</span>};
</span>
</span>include "/etc/named.rfc1912.zones";
</span>include "/etc/named.root.key";
</span>//samba
</span>include "/usr/local/samba/private/named.conf";
</span></code></pre>
Allowing access</h2>
Now that we have a functioning samba server (even though it hasn't started yet), we need to allow it through SELinux and the firewall. Below are the commands to do just that:</p>
Firewall</h3>
sudo firewall-cmd --add-port=389/tcp --permanent
</span>sudo firewall-cmd --add-port=389/udp --permanent
</span>sudo firewall-cmd --add-port=636/tcp --permanent
</span>sudo firewall-cmd --add-port=53/tcp --permanent
</span>sudo firewall-cmd --add-port=53/udp --permanent
</span>sudo firewall-cmd --add-port=88/tcp --permanent
</span>sudo firewall-cmd --add-port=88/udp --permanent
</span>sudo firewall-cmd --add-port=464/tcp --permanent
</span>sudo firewall-cmd --add-port=464/udp --permanent
</span>sudo firewall-cmd --add-port=135/tcp --permanent
</span>sudo firewall-cmd --add-port=137/udp --permanent
</span>sudo firewall-cmd --add-port=139/tcp --permanent
</span>sudo firewall-cmd --add-port=138/udp --permanent
</span>sudo firewall-cmd --add-port=445/tcp --permanent
</span>sudo firewall-cmd --add-port=3268/tcp --permanent
</span>sudo firewall-cmd --reload
</span></code></pre>
SELinux</h3>
sudo chown named:named /usr/local/samba/private/dns
</span>sudo chgrp named /usr/local/samba/private/dns.keytab
</span>sudo chmod g+r /usr/local/samba/private/dns.keytab
</span>sudo chmod 775 /usr/local/samba/private/dns
</span>sudo chown named:named /usr/local/samba/lib/bind9/dlz_bind9_9.so
</span>sudo chcon -t named_conf_t /usr/local/samba/private/dns.keytab
</span>sudo chcon -t named_conf_t /usr/local/samba/private/named.conf.update
</span>sudo chcon -t named_var_run_t /usr/local/samba/private/dns
</span>sudo chcon -t named_var_run_t /usr/local/samba/lib/bind9/dlz_bind9_9.so
</span>sudo semanage fcontext -a -t named_conf_t /usr/local/samba/private/dns.keytab
</span>sudo semanage fcontext -a -t named_conf_t /usr/local/samba/private/named.conf
</span>sudo semanage fcontext -a -t named_conf_t /usr/local/samba/private/named.conf.update
</span>sudo semanage fcontext -a -t named_var_run_t /usr/local/samba/private/dns
</span>sudo semanage fcontext -a -t named_var_run_t /usr/local/samba/lib/bind9/dlz_bind9_9.so
</span>
</span></code></pre>
Now we need to run SELinux in permissive mode and add the policy.</p>
sudo setenforce 0
</span>sudo systemctl restart named
</span>sleep 60
</span>sudo systemctl stop named
</span>cd ~
</span>sudo grep named /var/log/audit/audit.log | audit2allow -M named > named.te
</span>sudo semodule -i named.pp
</span>sudo setenforce 1
</span>sudo systemctl start named
</span></code></pre>
Init files</h2>
Samba does not ship with an init file so we will have to create one and enable it to start at boot.</p>
sudo cat << EOF > /etc/init.d/samba
</span>#!/bin/bash
</span>#
</span># samba4        This shell script takes care of starting and stopping
</span>#               samba4 daemons.
</span>#
</span># chkconfig: - 58 74
</span># description: Samba 4.0 will be the next version of the Samba suite
</span># and incorporates all the technology found in both the Samba4 alpha
</span># series and the stable 3.x series. The primary additional features
</span># over Samba 3.6 are support for the Active Directory logon protocols
</span># used by Windows 2000 and above.
</span>
</span>### BEGIN INIT INFO
</span># Provides: samba4
</span># Required-Start: $network $local_fs $remote_fs
</span># Required-Stop: $network $local_fs $remote_fs
</span># Should-Start: $syslog $named
</span># Should-Stop: $syslog $named
</span># Short-Description: start and stop samba4
</span># Description: Samba 4.0 will be the next version of the Samba suite
</span># and incorporates all the technology found in both the Samba4 alpha
</span># series and the stable 3.x series. The primary additional features
</span># over Samba 3.6 are support for the Active Directory logon protocols
</span># used by Windows 2000 and above.
</span>### END INIT INFO
</span>
</span># Source function library.
</span>. /etc/init.d/functions
</span>
</span># Source networking configuration.
</span>. /etc/sysconfig/network
</span>
</span>prog=samba
</span>prog_dir=/usr/local/samba/sbin/
</span>lockfile=/var/lock/subsys/$prog
</span>
</span>start() {
</span>        [ "$NETWORKING" = "no" ] && exit 1
</span>#       [ -x /usr/sbin/ntpd ] || exit 5
</span>                # Start daemons.
</span>                echo -n $"Starting samba4: "
</span>                daemon $prog_dir/$prog -D
</span>        RETVAL=$?
</span>                echo
</span>        [ $RETVAL -eq 0 ] && touch $lockfile
</span>        return $RETVAL
</span>}
</span>
</span>stop() {
</span>        [ "$EUID" != "0" ] && exit 4
</span>                echo -n $"Shutting down samba4: "
</span>        killproc $prog_dir/$prog
</span>        RETVAL=$?
</span>                echo
</span>        [ $RETVAL -eq 0 ] && rm -f $lockfile
</span>        return $RETVAL
</span>}
</span>
</span># See how we were called.
</span>case "$1" in
</span>start)
</span>        start
</span>        ;;
</span>stop)
</span>        stop
</span>        ;;
</span>status)
</span>        status $prog
</span>        ;;
</span>restart)
</span>        stop
</span>        start
</span>        ;;
</span>*)
</span>        echo $"Usage: $0 {start|stop|status|restart}"
</span>        exit 2
</span>esac
</span>EOF
</span>sudo chmod +x /etc/init.d/samba
</span>sudo chkconfig samba on
</span></code></pre>
Flipping the switch</h2>
You are now ready to either restart the system or start samba. The next steps to fully migrate to a Samba4 AD backend would be to migrate the FSMO roles to this server. Managing this AD instance is done by loading the Remote Server Administration Tools (RSAT) on a windows client.</p>
Sources</h2>
Here are the list of sources and references to compile this tutorial:</p>

https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory</li>
https://wiki.samba.org/index.php/Build_Samba_from_source</li>
https://wiki.samba.org/index.php/Samba4/InitScript</li>
https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD</li>
https://lists.samba.org/archive/samba/2013-March/172397.html (Thanks Thomas Simmons</strong>)</li>
</ul>


Converting Debian/Ubuntu to oVirt
2015-12-18T15:00:08+00:00
oVirt 3.6 will have a better way to import virtual machines. In the mean time, here is the best method for getting an already made ova into oVirt. The example I am using is the open source log analyzer - graylog</a>.</p>
A prerequisite is the script located at http://git.annexia.org/git/import-to-ovirt.git</a></p>
git clone http://git.annexia.org/git/import-to-ovirt.git
</span></code></pre>
Verify the type of the downloaded file:</p>
file graylog.ova
</span>graylog.ova: POSIX tar archive
</span></code></pre>
This is wrapped archive, extract it.</p>
tar xf graylog.ova
</span></code></pre>
Whether converting from Hyper-V or OVA, the following steps will be the same except Hyper-V's format will be vpc</code> instead of vmdk</code></p>
sudo qemu-img convert -f vmdk -O qcow2 graylog-disk1.vmdk graylog.qcow2
</span></code></pre>
This line will import the image into oVirt.</p>
sudo import-to-ovirt.pl graylog.qcow2 ovirt-nfs-storage:/exports/import_export
</span></code></pre>
The VM can then be imported using the import tab of the storage domain where you uploaded the file.</p>


Converting VMs for oVirt
2015-12-11T15:00:14+00:00
My existing Hyper-V infrastructure consisted of Windows, a few CentOS, and Debian/Ubuntu guests. The best method I found to importing into oVirt was using the virt-p2v disc</a>. This required down time of the server (approx 3 hours per 100GB on gigabit backbone) and a dedicated Fedora or Debian server which had virt-v2v</code> installed. I used my Acer C710 Chromebook to serve as the virt-v2v</code> converter. (This is possibly the reason I had slow conversion times.)</p>
Once you boot into virt-p2v</code>, you enter the IP address of an ssh server with virt-v2v</code> installed. Unfortunately, I had to log in with root credentials as using the sudo method did not work when I tried. In some instances, my virtual machines needed the legacy Hyper-V network adapter to get an IP from DHCP and be able to ping the conversion server. It would have been helpful if virt-v2v</code> mentioned this rather than giving a general username/password is invalid error.</p>
After successfully testing the server and logging in, the next step is to enter the target properties. These are what you will name the image, how many virtual CPUs to allocate, and the desired RAM. Next the output options have to be set. Since I was using oVirt, I selected the Output to (-o)</em> as rhev. I then had to enter the Output storage (-os)</em> which is required when converting for oVirt/rhev. Since these settings are relative to the virt-v2v</code> server, I could have mounted the nfs import domain (defaults in getting started guide - nfs-server:/exports/import_export</em> ) as /var/tmp on the virt-v2v</code> converter; however, I decided to enter the nfs server and path instead as this value. Next, you select the discs to convert as well as any network interfaces and removable media. I found that you only need to select the harddrives - everything else can be configured in oVirt.</p>
Once you click start conversion, virt-p2v</code> boots into the virtual machine and forwards data to your virt-v2v</code> server. The virt-v2v</code> process removes devices and adds the special ones needed to prevent a BSOD when you boot your Windows server for the first time on oVirt. Something similarly happens on CentOS based VMs.</p>
Once that is done you need to go into the storage tab of the cluster (in my case, Default) and select the import storage domain. This will then open up the lower third of the web interface with another tab that is labeled import</em>. This will list all VM guests that have successfully been converted by virt-p2v</code>.</p>


Planning the Deployment of oVirt
2015-12-04T15:00:46+00:00
After I played with oVirt I needed to do several items:</p>

Migrate the oVirt engine to a new host</li>
Migrate the storage from a single NFS share to GlusterFS</li>
Move my VMs from Hyper-V to oVirt</li>
Test my setup</li>
</ol>
Migrate the oVirt Engine to a new host</h2>
This task was to prepare me for the disaster recovery scenario - what if my server room blew up - how would I recover my virtualization backbone? It might not be that important (considering I back up my VMs and can restore them anywhere), but when disaster strikes, tasks need to be simple because concentration will be difficult. As of version 3.5, oVirt had a good back up and restore operation:</p>

</span>#backup example
</span>/usr/share/ovirt-engine/bin/engine-backup.sh --mode=backup --scope=all --file=/root/engine_backup --log=/root/backup_log
</span>
</span>#restore example
</span>/usr/share/ovirt-engine/bin/engine-backup.sh --mode=restore --scope=all --file=/root/engine_backup --log=restore_lg
</span>engine-setup
</span>
</span></code></pre>
All I had to do was run the backup script, copy the file, restore it, and run engine-setup</code>. To further harden my installation, I placed the backup line in my daily crontab</code> an hour earlier than my scheduled duplicity</code> run.</p>
Migrate the storage from a single NFS share to GlusterFS</h2>
This next step was a bit under-sighted on my part. In my test lab, I had 4 VMs running on 1 NFS server. The NFS server I chose in the lab environment began to choke around 30 VMs and eventually crashed when I hit the 35 mark. It was not a limitation on oVirt or NFS, but on my hardware. GlusterFS</code> was extremely simple to set up and their documentation is easy to follow.</p>
Move my VMs from Hyper-V to oVirt</h2>
I will discuss this in more detail in a following post. It was mostly running virt-p2v</code> on Windows and CentOS and import-to-ovirt.pl</code> on Debian and Ubuntu VMs.</p>
Test my setup</h2>
During the transition, I had the opportune time to experience what it was like when my single point of failure (the one NFS server) crashed. It was also painful when DNS and DHCP were on servers on the failed storage server (oVirt didn't like that). Through this process, I have formulated several key steps to prevent a failure like that from happening again.</p>


Switching from Hyper-V to oVirt
2015-11-27T15:00:31+00:00
For quite some time I have heard that Hyper-V was a low player when it came to virtualization. It came with Windows and was the hypervisor of choice, but it had its limitations. In my environment, we had local storage and no clustering of hosts and consequently no high availability or fail over. This brought the first pain point - we need high availability.</p>
On one of my hosts, the broadcom Ethernet driver kept triggering flow control and would not resume causing all of the VM Guests to go offline. This triggered the second pain point - I need high availability yesterday.</p>

What matters most in a hypervisor environment is the tools you use to manage it.</p>
</blockquote>
I took this principle as a guide when searching for a hypervisor environment. I first looked at Hyper-V and the new licensing costs it would accrue. Next I looked at the popular VMWare ESXi, but I heard the neat features were at a premium price and all I needed was high availability. I looked at Open Source versions like KVM, Xen, and OpenStack (which appeared to be too big for my 40 VM environment). Then I found RHEV's community version - oVirt. It had all the bells and whistles I needed - Linux hosts and high availability.</p>
oVirt's install documents were surprisingly simple as I quickly found 3 servers to set up: an engine server, a file server, and a VM Host. Once set up, I tinkered with it, and to my delight - everything worked right out of the box (on old hardware too!) My next step was to install a few VMs and test the high availability features. It was evident that oVirt was the solution to my pain points.</p>


Paying for Open Source
2015-11-13T14:59:38+00:00
While Open Source software is free to download, use, and depending on the license, free to distribute, it is not free to creator. The Open Source creators have to pay for hosting, branding (domain, etc.), coding (in time), and distribution. While some are offloading the costs by hosting the project on Open Source aware distribution channels such as GitHub</a> or BitBucket</a>, many projects still lack the funds they need.</p>
The general rule is: if you use it, you should pay for it. How you should pay for it is entirely up to you. Below are several ways you can pay for open source software.</p>
For Corporations</h3>

Hire an Open Source Developer to work on the project he contributes to</li>
Estimate how much it would cost annually with proprietary software and donate 10-30% of the amount evenly to various projects</li>
Open Source internally developed software</li>
Provide a publicly accessible mirror to an Open Source project</li>
</ul>
For Individuals</h3>

Donate a fixed amount annually to an Open Source Foundation such as the Linux Foundation</a> or the Document Foundation</a></li>
Donate a fixed amount to the specific project you use</li>
Submit a patch that fixes a bug</li>
Submit a patch that adds a feature (bonus points if it was previously requested by another user)</li>
Offer support to other users using the program via the channels the creators recognize (mailing lists, forums, etc.)</li>
Create a plugin that enhances the project</li>
Promote the project you use most</li>
Suggest your company switch to the project (using the paid version)</li>
</ul>
Have a suggestion that was not listed? Submit it in the comments below.</p>


USB Key Start
2015-10-03T21:55:06+00:00
Back in the good 'ole days of floppy drives, I used to install grub</code> onto one. I would use it like a key to my computer and take it out if I did not want anyone using my computer when I was not around. Today, we use LUKS encryption to keep unwanted users out. Once grub</code> became too big to fit on floppy drives (and floppy drives became extinct) I still wanted the physical functionality of removing a part that prevents others from using my desktop/laptop. Sure, I could remove the hard drive every time I was done with the computer, but this would become tedious and I want something quick and easy.</p>
I recently stumbled across mkinitramfs-ll</a> which allowed passing in a LUKS keyfile in initrd. I attempted to use this for Fedora, but did not get very far. I then discovered dracut</code> (Fedora's initrd maker) already includes support for passing in a LUKS keyfile as an argument. At this point, I raced to get one of my legacy 256mb flash drives and made a fully functional "key" to operate my laptop.</p>
The main points to get it working were simple:</p>

Have a crypted root file system</li>
Generate a keyfile to use</li>
Format a flash drive with a label</li>
Add the keyfile to the crypted filesystem and flash drive</li>
Configure and run dracut</code></li>
Configure and generate grub</code> configs</li>
</ul>
**Generate a keyfile to use:**Keyfiles can be anything. Some use a gpg key, but I found it as easy and beneficial just to run: sudo dd if=/dev/urandom of=/root/keyfile bs=1024 count=4</code></p>
**Format a flash drive with a label:**As I mentioned before, I already had a worthless flash drive handy. Since this flash drive is essentially the key to my computer, I do not want to risk plugging it into another computer and getting the key stolen or corrupted. It will have to become solely used for the purpose of unlocking my system. Creating the flash drive is the same as any other drive with ext4:</p>
mkfs.ext4 -L SECURIKEY /dev/sdb1
</span></code></pre>
Add the keyfile to the crypted filesystem and flash drive.</strong></p>
sudo mount /dev/sdb1 /mnt
</span>sudo cp /root/keyfile /mnt/keyfile
</span>sudo cryptsetup -v luksAddKey /dev/mapper/fedora-00 /mnt/keyfile
</span></code></pre>
Configure dracut</code>:</strong> dracut</code> needs to load two modules in order for us to pass in the keyfile. Additionally systemd has an issue with keyfiles at the time of writing this so we will have to omit it. Both of these settings can be permanently set by sudo vim /etc/dracut.conf.d/00-keyfile.conf</code> and inserting the below contents.</p>
# dracut modules to omit
</span>omit_dracutmodules+="systemd"
</span>
</span># dracut modules to add to the default
</span>add_dracutmodules+="crypt lvm"
</span></code></pre>
Configuring grub:</strong> Open up /etc/default/grub</code> and append rd.luks.key=/keyfile:LABEL=SECURIKEY</code> inside the quotes of GRUB_CMDLINE_LINUX</code>. Mine looks like the following:</p>
GRUB_CMDLINE_LINUX="rd.lvm.lv=fedora/00 rd.luks.uuid=luks-fad7c380-bc0c-4680-917e-1e80eb244476 rhgb quiet rd.luks.key=/keyfile:LABEL=SECURIKEY"
</span></code></pre>
grub</code> can then be regenerated by running sudo grub2-mkconfig -o /boot/grub2/grub.cfg</code>. After grub</code> has been re-generated, we can then regenerate our initrd by issuing dracut --force</code>. Everything is then all set and ready to go! If the keyfile is not present, you will be prompted to enter your encryption password upon next boot to unlock the root filesystem. I would advise leaving the password as you would be unable to access your files if the flash drive was ever lost or picked up by one of your kids and thrown in the toilet.</p>


My Review of Arch
2015-09-26T21:49:51+00:00
After my minimal install of Arch, I was greeted by a terminal console upon booting the kernel. With 5,013 packages in the 32 bit stable repositories</a> (compare that to Debian Stable's 56,865</a>), I was not getting very far by relying on the built-in package manager pacman</code>. The package count increased another 27,023</a> once I began using the Arch Users Repository (AUR) scripts.</p>
After installing a few packages, I realized Arch's greatest weaknesses: customizability and project collaboration. Arch is like a snowflake - no two systems are exactly alike. From a SysAdmin's viewpoint, I can't determine what state the operating system is just by looking at it. In certain circumstances where time is of the most urgent matter, one cannot spend time comparing program versions with unknown and known bugs. I envision managing two or more devices would be quite painful in the long run.</p>
Project collaboration is still in the early stages. With two great AUR package managers (yaourt</code> and cower</code>) and the
realization that neither have been pushed to upstream, I have an eerie feeling that xkcd's standards statement</a> is at play in the Arch environment.</p>
**For those that do not know how collaboration works, here is a quick overview:**I use project A. Project A is lacking feature B. I fork project A, write feature B, and continue using project A with feature B. If people other than myself can benefit from feature B, I push my changes to upstream. If my changes are not accepted in mainstream, I have two choices: keep feature B to myself or write feature B to match upstream's policy.</p>
**This is how not to collaborate:**Project A is missing feature B. I fork project A, call it project V, write feature B, C, and D with a wrapper for project A. If somebody wants feature E in project A, tell them to use project C which is a fork/clone of project V.</p>
Contrary to public thinking, Arch is not a GNU/Linux distribution geared towards intermediate to advanced users. It is a primitive distribution that only intermediate-level and above understand. We understand the basics of how to compile a program and how to find the one line command to run that is nested in 5 sub-links on the wiki. We overlook the high level of expert documentation that isn't spelled out clearly, gives a recommended setting to new users, or in some cases doesn't actually tell you how to do what you are seeking to do.</p>
I claim Arch is still primitive because when I was installing packages, I felt like a caveman digging up xf86-input-mouse</code> after I installed gdm</code> and GNOME 3. (A clever person might think that would be at least a requirement of one of the packages that installs rather than an optional one - Oh, wait - GUI is never used by anybody on a desktop.) It might be that I was spoiled by reading Gentoo's Handbook</a> back when I was a noob and trying out an advanced distribution, or it could be that I have used distributions that have worked out all of these kinks for too long, but making GNU/Linux users dig like cavemen to find appropriate packages is harmful towards our primary objective: dominating the desktop OS marketplace.</p>
Even with these prominent issues, Arch will probably stay installed on my Acer C710 for awhile - at least until Fedora 23 becomes stable.</p>


Jumping on the Arch Bandwagon
2015-09-19T21:46:47+00:00
Well, after avoiding it for a few years, I have decided to install the Arch GNU/Linux distribution on my Acer C710. At first glance, it was nice to just install the necessary packages and have a working system within 20 minutes. The downside to having everything up and running in 20 minutes is that I did not install the base packages that come with most distributions - such as a GUI terminal program (i.e. gnome-terminal</code>). That was OK since I still had my favorite tty - 3. I am going to miss the delta packages (DRPMS) from Fedora as I particularly enjoy saving bandwidth.</p>
Installing Arch was pretty simple compared to Gentoo or Funtoo, but not as simple as Fedora or Ubuntu. In Ubuntu, you load a LiveDVD, click the install icon on the desktop and follow the prompts. In Arch, you are presented with a terminal and are not given much instruction. The basic steps are to partition your drive, create a filesystem, mount your root partition as /mnt</code>, run the package initializer, and chroot into the environment. In other words, it is as simple as:</p>
fdisk /dev/sda
</span>mkfs.ext4 /dev/sda2
</span>mount /dev/sda2 /mnt
</span>pacstrap /mnt base
</span>genfstab -p /mnt >> /mnt/etc/fstab
</span>arch-chroot /mnt
</span>echo wipplertop > /etc/hostname
</span>ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
</span>sed -i 's/^#en_US.UTF-8$/en_US.UTF-8/g' /etc/locale.gen
</span>locale-gen
</span>echo LANG=en_US.UTF-8 > /etc/locale.conf
</span>mkinitcpio -p linux
</span>passwd
</span>useradd -m andrew
</span>passwd andrew
</span>pacman -S grub os-prober
</span>grub-install --recheck /dev/sda
</span>grub-mkconfig -o /boot/grub/grub.cfg
</span>exit
</span>reboot
</span></code></pre>


Expect with expect
2015-08-30T22:41:50+00:00
Wouldn't it be nice to program a script that expects a certain line of text then sends a predetermined string? How about copy your ssh id to 40 different RPi units without typing the command for every one? Expect is that sort of program we all have been dreaming about. Just look at this script:</p>
#!/usr/bin/expect -f
</span>
</span>set timeout 3
</span>set serv [lindex $argv 0];
</span>
</span>spawn ssh-copy-id pi@$serv
</span>sleep 4
</span>expect "Are you sure you want to continue connecting (yes/no)?"
</span>send "yes\r"
</span>expect "pi@{$serv}'s password: "
</span>send "p@ssw0rd\r"
</span>interact
</span></code></pre>
When this block of code is saved as copy_pi.sh</code> and invoked as ./copy_pi.sh 192.168.1.42</code>, it will attemp to connect as the pi user, copy the current public key, say yes to the prompt, send the password (provided it is escaped properly), and drop you into the process you spawned.</p>
Now, let's look at the script in more detail as to what expect has to offer.</p>
#!/usr/bin/expect -f
</span></code></pre>
This line has to be the absolute path of expect with the -f</code> switch. This is to tell the program that it is being passed a file with a list of commands. On Debian/Fedora, this path is where expect</code> is located. On other systems, you will need to run which expect</code> to find the absolute location.</p>
set timeout 3
</span>set serv [lindex $argv 0];
</span></code></pre>
The first line tells expect</code> to wait up to 3 seconds for a new line before it times out. The second line is grabbing the variable being passed into this script. Normally, one would think arg 0 would be the name of the program (i.e. copy_pi.sh</code>); however, expect</code> captures the variables into $argv</code> ($argc</code> is the length of the variables).You can also specify a range of variables into one: set range [lrange $argv 0 2];</code></p>
spawn ssh-copy-id pi@$serv
</span>sleep 4
</span></code></pre>
This is we are initializing the process of copying our ssh key to $serv</code>.
This is the part we would normally be typing ourselves. sleep 4</code> tells expect to wait 4 seconds before continuing.</p>
expect "Are you sure you want to continue connecting (yes/no)?"
</span>send "yes\r"
</span>expect "pi@{$serv}'s password: "
</span>send "p@ssw0rd\r"
</span>interact
</span></code></pre>
The expect</code> line could either be regex or what will be exactly shown. Since I know exactly what will appear in the process, I have chosen to go that route. The send</code> command is transmitting the text into the spawned program. Special characters such as & need to be escaped with a backslash. The \r</code> simulates a carriage return (enter key). Since the ssh-copy-id</code> is completed by the time interact</code> is called, you will not be in the remote pi's shell. I have sometimes found it necessary to include interact</code> so that the password is actually sent.</p>
expect</code> is a great tool that uses TCL syntax. expect</code> has prooved useful to me many times over - especially when I had to re-key my puppet deployment after Heartbleed.</p>


The Arrow Law
2015-08-16T22:02:52+00:00
When I first started out with Linux, I was having trouble understanding the basic commands such as ln</code>, andrewmv</code>, scp</code>, rsync</code>, etc. What got me with those commands was the SOURCE and DEST options until I figured out the arrow law.</p>
A typical rsync</code> command looks like this:</p>
rsync -av /home/andrew/file1.txt /opt/andrew/file2.txt
</span></code></pre>
Where as a basic tar command looks like this:</p>
tar -cJf tarfile.xz /home/andrew/file1.txt
</span></code></pre>
In the rsync</code> example, the SOURCE came first. In the tar</code> example, the DEST came first. Did I really have to learn every command to know which order my commands were supposed to be in?</p>
There are a few quirks, but most commands follow the arrow law:-></code> . SOURCE should come first - then DEST.</p>
To place the tar</code> command in the arrow law way, we would write the command like the example below. Tar allows the use of multiple source locations in the form of files or folders. Each source is then compress and place in the file.</p>
tar -cJ /home/andrew/file1.txt /opt /folder -f files.xz
</span></code></pre>
At a glance, one should easily recognize that the -f</code> indicates the DEST/SOURCE file to be worked on by the tar</code> command. Thus by typing the extraction command as the below is following the arrow law.</p>
tar -xvJf files.xz
</span></code></pre>
The command that really confused me the most was the ln</code>. By using the arrow law, it was easy to figure this one out. (note: in the below example -s</code> is the option for making a symbolic link - not to indicate the source.)</p>
ln -s /opt /home/andrew/opt
</span></code></pre>
In human readable terms, the above command means the following: take /opt</code> and make it accessible by going to /home/andrew/opt</code>.</p>


Setting the I/O scheduler for a single disk on Fedora
2015-07-26T22:35:41+00:00
You can set your IO scheduler on-the-fly by echoing the scheduler you want into /sys/block/{DEVICE-NAME}/queue/scheduler</code>. This setting, however, does not persist across system reboots. The legacy method is to place this command in /etc/rc.local</code> or by placing an elevator variable in grub.cfg</code>.</p>
Beginning with Fedora 20, a better way of tuning your system has emerged: tuned</code>.</p>
tuned</code> is a daemon that monitors your system and updates it based upon the variables at that moment. For instance, it will scale back your network interface - reducing power consumption - when it is not in use and will return it to full throttle when you are downloading the latest Fedora ISO. Enabling tuned</code> on Fedora 22 is as simple as:</p>
sudo dnf install tuned
</span>systenctl enable tuned
</span>systemctl start tuned
</span></code></pre>
tuned</code> comes pre-installed with default profiles (listed by running tuned-adm list</code>). By default the IO scheduler is set for all disks on the system. Since this is not the behavior we intend, nor the result we want, we will have to create our own profile for tuned</code>.</p>
System profiles are stored in /usr/lib/tuned</code> and custom profiles are stored in /etc/tuned</code>. Creating a custom profile is as simple as finding the recommended for your system, copying it to a new profile, editing it, and applying it.</p>
sudo mkdir /etc/tuned/andrewwippler
</span>sudo cp /usr/lib/tuned/$(tuned-adm recommend)/tuned.conf /etc/tuned/andrewwippler/tuned.conf
</span>
</span></code></pre>
tuned.conf</code> has a simple structure:</p>
[NAME]
</span>type=TYPE
</span>devices=DEVICES
</span>setting1=value
</span>setting2=value
</span>...
</span></code></pre>
In the event of your NAME</code> being the same as the TYPE</code>, you can omit the type line. For example, a normal disk declaration looks like this:</p>
[disk]
</span># Comma separated list of devices, all devices if commented out.
</span># devices=sda
</span>alpm=medium_power
</span>
</span></code></pre>
Now all we have to do is append our declaration to /etc/tuned/andrewwippler/tuned.conf</code> for sda's elevator switch and enable it.</p>
[my_ssd_disk]
</span>type=disk
</span>devices=sda
</span>elevator=noop
</span></code></pre>
I can then enable my custom tuned profile by running tuned-adm profile andrewwippler</code>.</p>


Send Aliases over SSH connections
2015-07-18T22:12:35+00:00
Bash reads aliases from a file only; however, this file does not have to reside on the server you are connecting to. With OpenSSH, we have to ability to send environment variables that the server allows.</p>
On Debian/Ubuntu systems, the default accept environment variables are:
</span># Allow client to pass locale environment variables
</span>AcceptEnv LANG LC_*
</span>
</span>On CentOS/Fedora systems, the default accept environment variables are:
</span># Accept locale-related environment variables
</span>AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
</span>AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
</span>AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
</span>AcceptEnv XMODIFIERS
</span>
</span></code></pre>
If you remote into a mixed environment of servers - whether they be Debian, Ubuntu, or CentOS, you will need to find a common AcceptEnv</code> variable. Since Debian and Ubuntu allow LC_* (everything with the prefix LC_), we are limited to forwarding our aliases over one of CentOS's variables. For me, it was easy to decide on a variable to overwrite - LC_PAPER</code>. I hardly print anything and I especially do not print on remote servers.</p>
In order to send your aliases into a remote server, you have to set up your environment first.</p>
In ~/.ssh/config</code>, you need a line that sends the environment variable of your choice. These two lines denote that for every host, we will send the environment variable.</p>
Host *
</span>     SendEnv LC_PAPER
</span>
</span></code></pre>
Next, we will have to set an alias file we want to transfer. For my test, I create ~/.bash_aliases_xfer</code> and had the contents of:</p>
# .bash_aliases_xfer
</span># Source global definitions
</span>if [ -f /etc/bashrc ]; then
</span>    . /etc/bashrc
</span>fi
</span>alias lollypop="echo lollypop"
</span>alias lolp="lollypop"
</span>#My servers display useful information in the motd.
</span>[ ! -z "$TERM" -a -r /etc/motd ] && cat /etc/motd
</span>
</span></code></pre>
Next, we have to craft our ssh command:</p>
LC_PAPER=$(cat ~/.bash_aliases_xfer; exec 3<&-) \
</span>ssh -t user@remote \
</span>    'exec bash --rcfile /dev/fd/3 3< <(printf %s "$LC_PAPER")'
</span>
</span></code></pre>
The first line defines the environment variable - an output of our local file and places that information in file descriptor 3. The second line is where we actually connect to the server. The third line is the command executed on the remote server: cleanly print the contents of our environment variable, put that information in file descriptor 3, and reload bash with that file as the only configuration file.</p>
To make the process easier, I have place the following function in my .bashrc. Since the function has $@ variable, I can use it as a replacement to ssh and I can pass any needed ssh switches to my new function.</p>
function ssha() {
</span>LC_BASHRC=$(cat ~/.bash_aliases_xfer; exec 3<&-) ssh -t "$@" 'exec bash --rcfile /dev/fd/3 3< <(printf %s "$LC_BASHRC")';
</span>}
</span>
</span></code></pre>
After I reload my bashrc ( source ~/.bashrc</code> ), I can then pass my aliases into my new ssh session: ssha user@remote -i ~/.ssh/remote_id -X</code>.</p>

Andrew Wippler's Sketchpad - Linux

Recompiling AbiWord

Moving to Desktop GNU/Linux from Windows/Mac

Easy unix epoch timestamps from CLI

Using Puppet to host a private RPM repository

The future without Microsoft Office products

Puppet with Mac and GNU/Linux

Learn GNU/Linux the easy way

Access Samba shares from Chromebook

5 Things to do after installing X

How to fix Error: Transaction check error with dnf/yum

Switching from Active Directory to Samba4

Installing Samba4</h2> The samba version that ships with CentOS is compiled in legacy NT4 emulation mode. In order to get the AD emulation, we will need to compile Samba4 (Don't worry, it is very easy and compiles under 20 minutes with a 2 core processor.)</p>

Preparing the system to join AD</h2> Now that Samba is installed, we need to configure our system to interact with Active Directory as well and set up BIND9.</p>

Allowing access</h2> Now that we have a functioning samba server (even though it hasn't started yet), we need to allow it through SELinux and the firewall. Below are the commands to do just that:</p>

Converting Debian/Ubuntu to oVirt

Converting VMs for oVirt

Planning the Deployment of oVirt

Switching from Hyper-V to oVirt

Paying for Open Source

For Corporations</h3> Hire an Open Source Developer to work on the project he contributes to</li> Estimate how much it would cost annually with proprietary software and donate 10-30% of the amount evenly to various projects</li> Open Source internally developed software</li>

USB Key Start

My Review of Arch

Jumping on the Arch Bandwagon

Expect with expect

The Arrow Law

Setting the I/O scheduler for a single disk on Fedora

Send Aliases over SSH connections

Preparing the system to join AD</h2>
Now that Samba is installed, we need to configure our system to interact with Active Directory as well and set up BIND9.</p>

Allowing access</h2>
Now that we have a functioning samba server (even though it hasn't started yet), we need to allow it through SELinux and the firewall. Below are the commands to do just that:</p>