Marshall Hamrick

Using a FreeBSD box using ZFS, a drive share was setup recently.   Standard NFS setup was used, but the share was not working.  ZFS requires that sharenfs be enabled before it will work with NFS.

‘zfs sharenfs=”on” tank/yourshare’

For several years now, I have rebelled against the standard advice in the RH/CentOS world of just setting SELinux to off. However, there are times when leaving it on gets complicated.

Case in point is that I share repos from a RAIDed drive via the web. SELinux will block this from occuring until the context is set on the shared directories. The first command defines the context for the directory.

semanage fcontext -a -t httpd_sys_ra_content_t “/your/share(/.*)?”

This does not apply the context however, so a restorecon has to be run.

restorecon -Rv /your/share

After this is completed on the directories, I do a reboot.

A recent issue required  all users reading and writing a directory maintain the group owner.

To ensure the group owner was maintained, ACLs were set on the directories.

The first command sets the privileges on everything that is existing.

setfacl -Rm g:yourgroup:rwx /yourdirectory

The next command does the same thing, but sets the default. This means that when a new file or subdirectory is created it inherits the existing ACLs.

setfacl -Rm d:g:yourgroup:rwx /yourdirectory

The script below is a basic script that I use in conjunction with RPMs that I have created to install WebWork. Eventually I will figure out how to have this actions occur inside of the RPM.

mkdir /opt/webwork/courses  
mkdir /opt/webwork/libraries  
cd /opt/webwork/webwork2/courses.dist  
cp *.lst /opt/webwork/courses/  
rsync -a --exclude '.svn' modelCourse /opt/webwork/courses/  
cd /opt/webwork/pg  
chmod -R u+rwX,go+rX .  
cd /opt/webwork/webwork2  
chmod -R u+rwX,go+rX .  
groupadd wwdata  
cd /opt/webwork/webwork2/  
chgrp -R wwdata DATA ../courses htdocs/tmp logs tmp  
chmod -R g+w DATA ../courses htdocs/tmp logs tmp  
find DATA/ ../courses/ htdocs/tmp logs/ tmp/ -type d -a ! \( -name .svn -prune \) -exec chmod g+s {} \;  
newgrp wwdata  
/opt/webwork/webwork2/bin/addcourse --db-layout=sql_single --users=adminClasslist.lst --professors=admin 

A feature in Ubuntu 14.04 by default searches Amazon and the web when a user searchs for application using Dash. This might be great for a home user, but not for an enterprise user. To fix this issue we ran the script available on fuxubuntu.com to all 14.04 machines.

Previously, only a few CENTOS server were used. Now that the number of CENTOS machines has increased, yum-cron is being used to automatically push out the updates.

https://github.com/treydock/puppet-yum_cron

The updates should be installed, not just downloaded, so the check_only option is set to no. The code that was used to include the module in the puppet manifest is below.

class { 'yum_cron':
  check_only => 'no',
}

First, this must be done with root privledges.

Open a terminal window and become root. Todo this on the terminal command line:

sudo bash
cd /

The system will then ask you for your password.

Next, lets create a directory that is to be shared.

mkdir share

Then we will enter the directory:

cd share

Create a file, in this case I used vim to add the line “This is a test file” to a file called test.txt.

vim test.txt

To make this appear on every users desktop, you need to create a symlink in the system templates directory. Note, to get into the /System/Libary/User_Template directory, it is best to /System/Library/User\ with a space on the end and hit tab to get the full directory.

cd /System/Library/User\ Template/English.lproj/Desktop/
ln -s /share/test.txt

Now, when a user logs in, the link will be on there desktop. If the user tries to edit it, they will be forced to save a local copy.

During the upgrade to PuppetDB 2.0, PuppetDB failed to start. The location of the config file for the logging-config changed.

The original location is in the link below.

/etc/puppetdb/log4j.properties

The /etc/puppetdb/conf.d/config.ini file should be updated to point to the link below.

logging-config = /etc/puppetdb/logback.xml

Previously unattended upgrades were setup during the install. Since we wanted to verify that the upgrades were still setup, it has been moved into puppet.

If you are using the puppetlabs::apt module, the setup is basically a one liner;

include apt::unattended_upgrades 

This sets up the unattended security upgrades by default. The machine will check and download the updates daily, and flush the local cache every 7 days.

Recently, users administering Virtual Machines on our a RHEL KVM servers found they could not open virt-manager.

The polkit file format changed sometime around RHEL 6.4, and a newer format has to be used. If not setup virt-manager will fail work over SSH. The page below discusses this in further detail.

http://wiki.libvirt.org/page/SSHPolicyKitSetup