December 22, 2014

SyntaxHighlighter

Supported styling.

https://github.com/rwz/SyntaxHighlighter/blob/master/demos/autoloader.html

Java EE 7 Maven Dependency

In my previous blog about Java EE 6 Maven Dependency a wrote about the crippled javaee-api maven dependency in maven central.

That is finally fixed in EE 7.

See also Essential Maven POM For JavaEE 7

December 21, 2014

Java EE 6 Maven Dependency

The EE 6 classes are available in maven central.

But when running unit test against them you receive the below error. Thats because they do not contain implementation classes, only api class.

So in practice, the dependecy is in real life unusable. Instead you must use api classes from specific vendors like JBoss.

Java EE 7 Deployment Descriptors

Deployment descriptors are like configuration files.

The below sites summaries all xml schemas defintions for all EE 7 deployment descriptors.

http://antoniogoncalves.org/2013/06/04/java-ee-7-deployment-descriptors/

Java EE 6 Interceptors 1.0 (JSR318)

Introduction

Interceptor was in EE 5 introduced in EJB 3.0, see EJB3 Interceptors javax.ejb.AroundInvoke. In EE 6 that was taken out and made generic into Interceptors (JSR318), package javax.interceptor.*.

You can call Interceptor in EE 6 in two way:

  • By annotating method or class with @javax.interceptor.Interceptors(MyInterceptor.class)
  • Create custom Annotation with Annotation @javax.interceptor.InterceptorBinding and annotate with that you method or class.

Example

Your custom Interceptor.

Interception in a POJO.

Interception in a Stateless Session Bean.

beans.xml located for war in WEB-INF/.

To use the Interceptor you must let weld create the intercepted class, otherwise will weld never knew about the interceptor and hence will the interceptor never work.

Example usage from a Servlet.

Limitation

You cannot use Interceptor directly in servlets, see https://java.net/projects/servlet-spec/lists/jsr340-experts/archive/2012-02/message/0.

Taking Snapshot in Ubuntu

When taking snapshot in Ubuntu you could always use the predefined keyboard shortcuts, see https://help.ubuntu.com/community/KeyboardShortcuts#Desktop_shortcuts

A better tool is to use the gnome-screenshot tool.

You can install via `sudo apt-get install gnome-screenshot`


How to Manage Properties Files in JBoss Module

From JBoss AS 7 and EAP 6 forth, classloading have changed and all jar dependencies are packaged and loaded as jboss modules.

Besides dependency jar in a module you also might need to be able to configure it for different server environment. The best way and maybe the natural way, is to make use of a java properties file.

This is a good practice, now you can RPM package your custom module. This is how Red Hat do with JBoss EAP 6. With RPM packing you have now the capability of versioning your module and to centrally install it from, e.g. Red Hat Satellite. And finally centrally configure the property file from, e.g. Satellite 6 via Puppet.

But there is classloading gotchas. You need to add <resource-root path="."/> to you module.xml.

See https://developer.jboss.org/wiki/HowToPutAnExternalFileInTheClasspath for longer description.

List JNDI Tree Entries with JBoss CLI

To list all JNDI entries with JBoss CLI.

First start JBoss CLI.

Then execute.

How to Deploy Sources and Javadoc Jar

When deploying a snapshot release or if you by some other reason want to generate sources or javadoc jar, you could always configure maven-source-plugin and maven-javadoc-plugin and hook them in maven life cycle.

But that is not necessary in maven uber pom is that already defined for release. You can reuse that by adding -DperformRelease=true

Different example of usage:

Local build with sources and javadoc jar generation

Deploy target. Use only with snapshot version. Then deploy means snapshot publishing to defined snapshot repository.

Overview EE and JBoss EE Compliance

Overview of EE evolution

The capabilities and what is supported out of the box in EE, is increasing from next version to next version. The drive behind the new feature are:

  • Common task are finally included in standard EE.
  • Better maven dependency management.
  • Better test support (FINALLY!), but in this area, more can be done.

[http://en.wikipedia.org/wiki/Java_EE_version_history]

Summary of JBoss AS, EAP and new Wildfly EE Compliance

EE 4 - JBoss AS 4.X, JBoss EAP 4 *

EE 5 - JBoss AS 5.1, JBoss EAP 5 *

EE 6 - JBoss AS 7.1, JBoss EAP 6 *

EE 7 - Wildfly 8.x, JBoss EAP 7 * (release date Q2-Q3? 2015)

*) The EAP is forked from AS/Wildfly version left to it, but with much more quality (tested, patched, security compliance testing, security patched), documentation and with support.

Reference

August 12, 2014

RHEL 6 Synchronize Time Using Other NTP Peers

Introduction

In this blog will I show how to setup a NTP server and perform NTP synchronizing on remote server.

Server Installation

Server Configuration

The server IP is 192.168.1.240 and is located in 192.168.1.0/24 subnet.

Server Firewall

Server Start

Client Installation

Client Start

Client Test

Query your NTP server, but NOT set time. If query return higher stratum than 16, just wait a little and then requery.

Client Set NTP Server

And finally you need to restart ntpd service.

August 10, 2014

RHEL 6 Configure an MTA to Forward (Relay) Email Through a Smart Host.

Introduction

A relay mail server (MTA) is a intermediate server that forwards email to the final delivery mail server (MDA), i.e. writes message to default store /var/spool/mail/${USER}.

Remote Client --> Mail Transfer Agent, MTA (192.168.1.11) --> Mail Delivery Agent, MDA (192.168.1.12)

Configuration MTA

If you want MTA to ONLY transfer mail then set 'mydestination = '. With the above configuration the MTA will delivers local users email from remote client.

Restart service to let configuration take effects.

Check that SMTP port 25 (TCP) is open in iptables. If you need to update the configuration, don't forget to restart iptables service.

Configuration MDA

Do not forget to restart postfix service after configuration changes.

Create ordinary unix user for test, via command adduser mail2.

Check iptables SMTP port 25 (tcp) is open. Update if needed and restart iptables service.

If SELinux is active (default), check that default SELinux boolean for postfix is on.

Test

Now we are ready to test by sending mail from a remote client.

Now verify that mail was delivered on MDA (192.168.1.12).

August 8, 2014

RHEL 6 Postfix Aliases

Introduction

In my previos blog I described to configure and run MTA with postfix. Here I will describe how to make aliases.

Configuration

Start

Create alias

Now to let this take effect you must run the program newaliases.

Test

On remote client send mail to root@san.magnuskkarlsson.com.

And to verify on server.

RHEL 6 Configure a Mail Transfer Agent (MTA) to Accept Inbound Email From Other Systems

Installation

Configuration

Start

Firewall

Add TCP port 25 for SMTP.

Then restart firewall, to let new configuration take effect.

Test

First create a test user on server.

Then on remote client, we use telnet to send mail. For details see http://magnus-k-karlsson.blogspot.se/2014/06/how-to-send-mail-from-command-line-with.html.Here follows a summary.

Now check mail on server.

Reference

  • man 5 postconf

August 7, 2014

RHEL 6 FTP Configure Anonymous-Only Download.

Installation

Configuration

Start

Firewall

Test

Create test data.

And download it from remote host.

RHEL 6 Configure a Caching-Only Name Server to Forward DNS Queries

Installation

Configuration

Start

Test

Firewall

June 30, 2014

Packt is offering all of its eBooks and Videos at just $10 each for 10 days

Packt is celebrating 10 years anniversary and is celebrating that with offering all of its eBooks and Videos at just $10 each for 10 days.
http://bit.ly/1k5EUYD

How to Send Mail from the Command Line with Telnet

You can easily test your mail configuration from a linux server with telnet.

$ telnet rhel1 25
Trying 172.168.1.1...
Connected to rhel1.
Escape character is '^]'.
220 rhel1.localdomain ESMTP Postfix
HELO rhel1                        # Note that "HELO" is not a misspelled. It is the command for telnet services.
250-rhel1.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: ivan@rhel2
250 2.1.0 Ok
RCPT TO: david@rhel1
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Subject goes here.
Body goes here.
.                                # End body with '.' and Enter                            
250 2.0.0 Ok: queued as 5C3E5E12EA
                                 # Quite interactive mail session with ctrl + ']'
quit
221 2.0.0 Bye
Connection closed by foreign host.

For a more detail description, please see http://www.ehow.com/how_5209651_use-sendmail-command-line.html.

Server Comaparison between RHEL and Windows

An interesting comparison (in swedish) between RHEL server and Windows server.

Windows vs Linux

Source:http://techworld.idg.se/2.2524/1.498006/windows-vs-linux---nu-avgors-kampen

How to Install KVM on Ubuntu 14.04 LTS (Trusty)

Prerequisite

Verify that you have enabled virtualization in BIOS. For detail see Virtualization with KVM on RHEL 6

Install

Install required packages.

Run

Now you ready to run virt-manager and install new virtual guests.

If you are new to kvm, please read Virtualization with KVM on RHEL 6 for a detailed description.

June 21, 2014

Tweak Unity in Ubuntu 14.04

The preferred way to tweak the user interface (Unity) in Ubuntu 14.04 is via the unity-tweak-tool. You can also use ccsm - CompizConfig Settings Manager, but I would recommend to stick with the recommended unity-tweak-tool, since settings can be messed up, when manipulating settings with different tools.

To install:

And if you have got lost when configure, you can always get back to original configuration with:

Static Routes with RHEL 6

The new way to add static routes in RHEL 6 is

Or alternative via the old ip command style.

And to set the default gateway.

How to Install Minecraft in Ubuntu 14.04

Kids go crazy over the swedish developed game Minecraft. Below is a link how to install it on Ubuntu 14.04.

http://ubuntuhandbook.org/index.php/2014/04/install-minecraft-in-ubuntu-14-04/

How to Merge Multiple PDF Files in Ubuntu

You can easily merge several pdf files into on file with 'pdftk - A handy tool for manipulating PDF'

Example how to merge file1.pdf and file2.pdf to mergedfile.pdf.

June 12, 2014

Convert MP4 to MP3 on Ubuntu 14.04 Trusty

There is a program available on Ubuntu youtube-dl, that can download videos from youtube.com or other video platforms. But it stores the file in mp4, since it contains video. But sometimes you do not want the video and only the audio. To extract only the audio part, you can use the pacpl comamnd line tool.

June 9, 2014

Bash Programming Documentation in RHEL 6

I'm not a bash script guru, so I need documentation. Here I will show you how to get/install that for RHEL 6.

All the BASH documentation is available via the bash-doc RPM, but it is not located in the RHEL base channel (rhel-x86_64-server-6), but in the RHEL Server Optional channel (rhel-x86_64-server-optional-6).

To add or remove channels from the command line you use the rhn-channel.

Now you are ready to install the bash-doc package.

And to list the installed files.

And the most interesting file is the BASH Reference Manual, as highlighted above.

May 20, 2014

Configure RHEL 6 as Router

Introduction

In this blog I will show you how to configure a RHEL 6 server as router for LAN (eth1) and WAN (eth0).

Enable IP forwarding

First we need to enable IP forwarding.

And to verify.

To make it permanent, you need to edit /etc/sysctl.conf.

Configure Router Server Network

Before we begin, we disable NetworkManager.

Then we manually edit our network configuration files.

We begin with our WAN (eth0) card.

And continue with our LAN (eth1) card.

The above HWADDR is different for your environment. To get yours use ifconfig.

Finally restart network service and check new ip addresses are set, via ip or ifconfig command.

iptables

Now we are ready to configure iptables. First flush existing rules.

Then add the MASQUERADE roule to the WAN (eth0) card

Finally save iptables configuration.

Test

I have connected a separate machine on LAN and configure it manually with static IP.

Now we can ping 192.168.2.100 (gateway), 192.168.1.100 (rhel 6 router), 192.168.1.1 (WAN GATEWAY) and finally www.google.com.

April 22, 2014

How To Install and Configure SAMBA Server on RHEL 6

Installation

Configuration

The default configuration works just fine.

Security

Having 'security = user' means we need a UNIX account. Lets create one.

And set samba password for account.

Firewall

Test

Now lets test it from a remote client. First lets list all shares on host.

And to mount it.

Finally lets test to write to winuser1 home directory.

This did not go well. The missing configuration is SELinux.

SELinux

On the SAMBA server, run the following command, if you want to share home directories via samba.

Now lets get back to client and un mount and the remount and write and read and that should be successful.

Different Way to Mount NFS in RHEL6

Automounting

The below will auto mount the user 'ldapuser1' home directory with rw permission on nfs.server.com.

Manual

You can manually mount a nfs exported directory to a local directory /remote.

Mount at boot

How to Install and Configure NFS Sharing on RHEL 6

Installation

To get nfs to work we need to install and start rpcbind and nfslock. Double check that is done.

Now we are ready to start NFS.

Finally lets test our new NFS server.

This will return a empty export list, without error.

Firewall

To be able to access NFS exports remotely, we need to open certain ports in the firewall. To investigate which one, we use the command rpcinfo.

This will return quite some ports. To lock down which port that are used please uncomment all ports in NFS conf file.

Now restart NFS service and lets start open ports.

And after opening all ports the iptables should look like.

Test your new firewall configuration by from remote client execute command.

Configuration

After we have successfully configured the firewall, lets back to our server and configure NFS export directories. We start with creating a new directory, that we will exports.

Now configure NFS to export it.

To apply the new changes run

And to list current exports

Test

From a second machine on the same LAN, test connectivity to NFS server (192.168.1.15).

The simplest way to test read and write is to use the automounting functionality.

April 21, 2014

How to Install Chrome on Ubuntu 14.04 LTS (Trusty)

Open a Terminal and run the commands.

Add the public key for the Google repo.

Add the Google repo for the chome package.

Update and install chrome web browser.

April 14, 2014

How To Configure KVM Virtual Machine Network

Background

Here I will configure a KVM host with virtual machines to be accessible from a local network.

This can be achieved in two ways by configure on KVM host machine:

  • A network bridge
  • Configure iptables as a router, which will forward traffic to virtual machines.

The easiest way is to use a network bridge, since then both desktop and virtual machines will be on the same subnet.

Prerequisite

Here we will configure the KVM host machine network configuration, manually, so we start by disable the NetworkManager

KVM Host Network Bridge Configuration

/etc/sysconfig/network-scripts/ifcfg-eth0

Above we have disabled NetworkManager (NM_CONTROLLED=no) and is using a Bridge.

/etc/sysconfig/network-scripts/ifcfg-br0

Above have we configured a static IP (BOOTPROTO=none) and assigned IP, Gateway and DNS.

KVM Host iptables

Since we are not using the second alternative with routing, the KVM host machines iptables configuration is the same as default.

After editing/creating files you might need to restore SELinux security contexts.

And finally restart network on KVM host

Virtual Macines Network Configuration

The last part is to configure the virtual machine network. This is easiest achieved with the virt-manager.

For an existing virtual machine.

And for a new.

Inside the Virtual Machine

Inside the virtual machine you can configure either a static IP or a dynamic one. The easiest way is to use the tool system-config-network-tui.

Test

And finally test to ping the virtual machine (virtual1) from the desktop.

Reference

March 27, 2014

Fedora 20 Better Theme

The default theme (Adwaita) that Fedora 20 is shipped is not the best. And beside it has a large window border at the top of each window. A better theme that exists in default rpm repo is greybird. To install

and to change use gnome-tweak-tool (rpm package gnome-tweak-tool)

March 26, 2014

Fedora 20 Install MySQL Server 5.5 and Workbench 6

MySQL Server 5.5

The MySQL packages has been renamed. The now official open source version of MySQL is MariaDB. To install the same version of MySQL on Fedora as in Enterprise Linux, such as RHEL, install these packages.

To start the mysqld.

Set MySQL root password to 'root'.

Finally login and test password.

MySQL Workbench 6

The workbench rpm is orphan, so you need to download and install it manually. http://dev.mysql.com/downloads/tools/workbench/

Little bit of searching for installing dependeny packages, with 'yum provides', e.g.

And finally ending up with all required packages.

Then run install of workbench again and start workbench and connect to you localhost.

Fedora 20 How to Install Eclipse

Before Eclipse started with bundling Eclipse into EE, C++, etc bundles. There were pain to install Eclipse and to get all it's plugins right. Then the bundles came. You download a zip file and unzipped and off you go.

But a better way is to have RPM packages of everything. And that is done with Fedora. (That is also done in Ubuntu, but they don't have any modern version of Eclipse available.)

To install Eclipse 4.3.1 (Kepler)

Now you can search and install Eclipse plugin

Fedora 20 Disable Gnome Alt+Tab from Grouping Windows

Most modern Linux distros (and including Windows) now days group window from the same application. I found this not effective and lowers mine productivity.

To disable grouping when Alt-Tab switching, install gnome extension https://extensions.gnome.org/extension/15/alternatetab/

March 20, 2014

Install and Configure KVM on Fedora 20

Install

To manage the KVM daemon - libvirtd.

Imported directories.

  • Data - /var/lib/libvirt/
  • Configuration - /etc/libvirt/

Graphical manager, to install new virtual machines and control them.

Or the command line way.

And to control the virtual machines, via command line.

March 16, 2014

HTTP Configure LDAP-Based Authentication

In my previous blog I showed you how to set up basic authentication via access file for a private directory. To do the same thing for LDAP, use this configuration instead.

Reference

http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html

HTTP Configure Private Directories

Create Private Directory

Here we will make things a little more difficult, we are going to create our new directory outside the apache default document root, which means, we will need to manually handle SELinux policy. We will get into detail how to do that soon, but first lets create our new private directory.

Set file permissions.

Ok, here is where things get a little more complicated. Lets first have a look of the SELinux file context of the default document root.

Ok, now we knew how things should look like. Now lets look how things currently look in our new directory.

The thing you always should try first, is to try to restore default SELinux policy. Lets do that.

Ok, so the last part that is missing is the file context. We can set that with semanage (policycoreutils-python package).

And to verify.

Now we only need to restorecon on our new private directory.

Configure Private Directory

Now lets begin to add our new private directory as public and test.

Restart apache and test our new private directory. If things are not working go back and fix it.

Now we are going to add user authentication, but before that you might want to install apache manual.

We will here configure a basic authentication with file containing our user credential.

To create the user credential

And now finally restart and test your new private directory.

Reference

http://httpd.apache.org/docs/2.2/mod/mod_authn_file.html

March 15, 2014

HTTP Deploy a Basic CGI Application

Prerequisite

You have successfully installed apache web server with default configuration.

Deploy

Copy our CGI script to default directory.

Set file permission

Set SELinux

Test

Open http://<your-host>/cgi-bin/hello.cgi

HTTP Configure a Virtual Host

Introduction

Virtual hosts are good when you want to server multiple web sites from the same web server.

Prerequisite

Install Apache Web Server.

Since I do not have a reliable DNS, we need to hardcode the host name in /etc/hosts on the client.

Initial Configuration

Configure Listen and ServerName, to be able to start the server clean without warnings.

Also verify that firewall (iptables) is configured or stop it 'service iptables stop'.

Now check our installation by restarting apache web server and open url 'jbossas1.magnuskkarlsson.com' from client machine. You should be able to see Apache Welcome Page. If not go back and fix.

Configure Name-Based Virtual Hosting

Now create two virtual host, one for the default host 'jbossas1.magnuskkarlsson.com' and one new 'virtualhost1.magnuskkarlsson.com'.

Now create the new document root for 'virtualhost1.magnuskkarlsson.com'.

Set file permissions.

Create test web page.

Set SELinux for our new virtual host.

Test

Restart apache web server and test your new virtual host by accessing:

  1. http://virtualhost1.magnuskkarlsson.com/ (you should see default apache web server welcome page)
  2. http://jbossas1.magnuskkarlsson.com/ (you should see your 'Hello World' page)

Configure a System to Log to a Remote System.

Example forward all info message to remote host 192.168.122.10.

Restart rsyslog to let changes take effects.

And to test it use logger tool from client.

Open /var/log/messages on server and verify.

Reference

/usr/share/doc/rsyslog-*/rsyslog_conf.html

Configure a System to Accept Logging from a Remote System

UDP

Edit /etc/rsyslog.conf and enable module imudp.

Restart rsyslog to let changes take effects.

TCP

Edit /etc/rsyslog.conf and enable module imtcp.

Restart rsyslog to let changes take effects.

Produce and Deliver Reports on System Utilization (Processor, Memory, Disk, and Network).

Processor

System Activity Reporter, SAR. To display 5 samples with 2 seconds apart.

-u      Report  CPU  utilization.

Memory

vmstat - Report virtual memory statistics. To display 5 samples with 2 seconds apart.

Disk

Report file system disk space usage.

-h, --human-readable    Print sizes in human readable format (e.g., 1K 234M 2G)

Statistics for input/output statistics for devices, partitions and network filesystems (NFS). To display 5 samples with 2 seconds apart.

-d     Display the device utilization report.
-N     Display the registered device mapper names for any device mapper devices.  
       Useful for viewing LVM2 statistics.
-k     Display statistics in kilobytes per second instead of blocks per second.  
       Data displayed are valid only with kernels 2.4 and later.

network

Configure a System to Authenticate Using Kerberos

You can either do this graphically (system-config-authentication) or via command line (authconfig).

When doing it with the command line, it can be hard to remember all the parameter, but with help of '--help' it is easier.

The LDAP parameters

The Kerberos parameter.

And finally SSSD (System Security Services Daemon), which enable cached authentication, which in turn means enabled off-line authentication. Which both can be good and bad. An unstable network connection does not stop you for logging in. But you also need to remember that authentication data might be stale.

Lets put all this together and add --update at the end to update authentication configuration.

March 14, 2014

SSH Port Forwarding

We have 3 machines.

  1. Client (192.168.1.12)
  2. JBoss (192.168.122.20)
  3. Apache (192.168.122.10)

SSH Port Forwardning from localhost:5555 to 192.168.122.20:8080.

Now test your tunnel by opening a web browser from client and enter http://localhost:5555/. The tunnel is:

localhost:5555 -> 192.168.122.20:8080

Now lets tunnel through apache server (192.168.122.10:22) to jboss server (192.168.122.20:8080).

The tunnel is now:

localhost:5555 -> 192.168.122.10:22 -> 192.168.122.20:8080

So every tunneling begins at the client, that opens the tunnel.

Adding a Static Route to the Route Table

Prerequisite

Install the kernel documentation package, if you have not.

The package contains several documentation and you can list them all with 'rpm -ql kernel-doc'.

Display Current Routing

Enabling Kernel Routing

To enable kernel paremeter ip_forward needs to be on.

And the corresponding documentation.

If you are not sure how to add search the system documentation.

Or you can add via CLI, but this will not be permanent.

Disable Ping Request (ICMP Echo) in Linux Kernel

Prerequisite

Install the kernel documentation package, if you have not.

The package contains several documentation and you can list them all with 'rpm -ql kernel-doc'.

Test Before

Ok. The machine is responding to ping.

Set Kernel Parameter to Ignore Ping (ICMP echo) Request

Now use kernel configuration tool, sysctl, to first list all parameter that contain ICMP.

To find out what each parameter do read the kernel network ip sysctl documentation.

And to set kernel parameter.

Now test again to ping server and you should not get any respond.

To make the changes permanent.

Network Bonding in RHEL 6

Introduction

To bind multiple network interfaces together into a single channel is called bonding.

The reason for this is to achieve:

  1. Round robin around network interfaces.
  2. Master - slave for redundancy.
  3. Throughput. Use all at the same time.

Reference

RHEL 6 Deployment Guide

IP Aliases in RHEL 6

Introduction

Assigning multiple IP addresses to a single interface is called IP aliasing. This can be handy if you want a single web server to serve multiple sites.

Prerequisite

It is advised to disable NetworkManager.

Configuration

Show current configuration for eth0.

Add IP alias.

Show new configuration for eth0

To make it persistent edit the following

Now restart network service.

Test

Ping from another machine

Reference

/usr/share/doc/initscripts-*/sysconfig.txt

March 13, 2014

Build a Simple RPM Package

Prerequisite

Install package that contain the rpmbuild tool that create the rpm package.

Install also a convenient development tool for setting up environment.

When building rpm package you should do that with a noon root user. To create a new user.

Setup

Change to rpm user and from it's home directory run:

This will create a new empty catalogue structure for your rpm package development.

Creating the Program

We can test run to see that it actually runs.

Creating the RPM Spec File

Now with help of wim, that will create a template spec file, we will create a rpm spec file for our hello rpm package.

Build the RPM

Test the RPM

Query (q) the local package (p) for all it's files (l).

Now switch to root and install the package.

And test it.

And to uninstall it.

Yum Plugins

There are numerous yum plugins. You can search for which are available.

What does yum-plugin-verify do?

"This plugin adds the commands verify, verify-all and verify-rpm. There are also a couple of options. This command works like rpm -V, to verify your installation." [yum info yum-plugin-verify]

For more information about each commands, run 'yum --help'

What does yum-plugin-versionlock do?

"This plugin takes a set of name/versions for packages and excludes all other versions of those packages (including optionally following obsoletes). This allows you to protect packages from being updated by newer versions, for example." [yum info yum-plugin-versionlock]

The yum-plugin-versionlock uses the /etc/yum/pluginconf.d/versionlock.list to lock down specific packages.

The following format is used for locking down. See /usr/share/doc/yum-plugin-versionlock-*/README.

EPOCH:NAME-VERSION-RELEASE.ARCH

Encrypting Files with GnuPG

Generate private key.

List all public keys.

Export a public key.

Import a public key from "Pelle Petterson".

Encrypt a file for recipient "Pelle Petterson", with public key from "Pelle Petterson".

Decrypt a file, encrypted with your public key.

Using OpenLDAP as Authentication Directory Service in RHEL 6

Installing OpenLDAP

Configure OpenLDAP

Modify domain (olcSuffix) and the LDAP super username (olcRootDN).

Set password for the LDAP super user. To create password use slappasswd.

And add password to configuration file.

Create OpenLDAP Schema

Creat an empty text file /root/example.com.ldif, with

Configure OpenLDAP

Add this.

Verify add with search.

Add User and Group OpenLDAP

Configure Client Authentication through LDAP

You can configure this graphically

or you can do it via command line tool authconfig.

Test

Reference

March 12, 2014

Blogspot Blogger set Dynamic Width

It is quite silly with fix width layout for HTML pages, which indirectly means a web page will only use a small part of modern laptop or monitors screen. Why not make it dynamic? Let people self decide their size, by simply resizing theirs browser window. Static width does not make sense for me. So this is how I changed this blog. Simple and safe http://thewebthought.blogspot.com/2011/09/blogger-make-your-blog-fluid-fit-any.html.

How to Disable System Beep in Fedora 20

The default setup of Fedora 20 have a quite annoying feature and that is the system beep. The beep sounds when using auto completion in terminal window, but also in firefox when searching in page and not results are found.

To disable Terminal beep.

To disable Firefox beep, when no search result are found in page.

March 11, 2014

Installing RHEL 6 Default Directory Servers, OpenLDAP

Introduction

In this blog I will show you how to install, configure and test the default directory service in RHEL 6 - OpenLDAP. LDAP directory services are common used for storing authentication credential.

1. Install

2. Configure

The OpenLDAP configuration has been altered in RHEL 6. Previously it was a configuration file /etc/openldap/slapd.conf, but now it is a configuration database located in /etc/openldap/slapd.d/.

Global configuration is stored in /etc/openldap/slapd.d/cn\=config.ldif.

Database specific configuration is stored in /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif.

We will here change the olcSuffix (the domain for which the LDAP server provides information) and the olcRootDN (the LDAP super username).

Finally we need to generate a password for olcRootDN. To generate the password we use the slappasswd tool. And to add it, we add the directive olcRootPW to the /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif.

3. Start

And to automatically start OpenLDAP at boot time.

4. Test

To test the installation we perform a simple search (query for you SQL people).

Now we are going to add entries to your directory. To add entries we use the ldapadd tool. The ldapadd expects LDIF (LDAP Data Interchange Format) file.

Finally we test the added entries.