Daniel Lara: Spacewalk no Fedora 27

Share Button


Bom a instalação é muito fácil
estamos usando a versão Server do Fedora 27

Primeiramente atualiza seu fedora

# dnf update -y 

Após a reiniciar a maquina vamos ativar o repo copr do spacewalk

# dnf copr enable @spacewalkproject/spacewalk-2.8

Instale os pacotes

# dnf install spacewalk-postgresql spacewalk-setup-postgresql

Configure o seu firewall liberando acesso

# firewall-cmd –add-service=http

# firewall-cmd –add-service=https

# firewall-cmd –runtime-to-perm

Agora instale

# spacewalk-setup

Feito isso só accessar

https://

Guia de Referencia: https://spacewalkproject.github.io/

Powered by WPeMatico

Share Button

Daniel Vrátil: My KDE PIM Update

Share Button

This blog post is long overdue, but now that I’m back home from the KDE PIM Sprint in Toulouse, which took place last weekend, there’s some more news to report.

Akonadi Improvements

On the sprint, I finally finished and merged a new improvement in Akonadi called Notification Payloads. I will not go into the technical details here, the most important thing is that this new improvement will notably reduce the CPU and disk load in Akonadi, especially during intensive operations like email sync. It should also help with the long-standing issue regarding errors and email duplication when using POP3 and local mail filters. Finally, this new feature opens doors to further improvements and optimizations like server-side change recording (technicalities here) and ultimately being able to
shut down Akonadi Resources when they are not needed and start them on-demand, thus saving some more resources.

As I was touching the internal notification system in Akonadi I also improved the relevant debugging tools in Akonadi Console, our developer and debugging tool for Akonadi. Based on input from Sandro I also added Logs view. Thanks to that it’s now possible to see debug output from all running Akonadi applications straight in the Akonadi Console without the need to restart Akonadi or the application from the terminal to see the debug output. This will make it easier for users to provide us with relevant information to help us debug and solve their Akonadi issues.

Kontact Improvements

This was just a minor change, but it finally solved my long-standing issue with Kontact and Breeze: the side-pane icons to choose between different Kontact modules were colorful – the only non-monochromatic part of Kontact which was so obviously not fitting into the rest of the UI. With a tiny change, the icons are now also monochromatic, making the Kontact window look more uniform.


 

Native Gmail authentication for IMAP and SMTP

For a while now the IMAP resource supports logging into Gmail accounts using the so-called OAuth method, where you provide your credentials into the Gmail login window which also supports two-factor authentication. The IMAP Resources was forcing the OAuth method with Gmail for everyone, but this requirement has now been relaxed. Although the IMAP resource will choose this method by default it’s possible now to also choose the traditional authentication methods like with any other email provider.

Secondly, the OAuth support has finally landed also into our SMTP module which is used for sending emails, so if you select this method in your Outgoing account configuration with Gmail, you no longer need to use “App-specific passwords” from Gmail.

Syndication Cleanup

The Syndication library is used to retrieve and parse RSS and ATOM feeds and is used among others by Akregator. We have now cleaned up the library and removed some redundant dependencies so that we will eventually be able to move it into KDE Frameworks so that even more applications can benefit from it.

Going to Windows

Thanks to a huge effort from Hannah we are now able to build Akonadi and other parts of the KDE PIM stack on Windows. While we are still a long way away from having Kontact properly running on Windows, we managed to get Akonadi to work on Windows with some other programs. Windows is a huge platform and Kontact with all its features and functionality could be a good competition to established PIM solutions there and a huge potential to grow our user and developer base. While we still focus primarily on Linux, we are slowly looking forward to extending our reach to Windows.

Bugfixes

A lot of them. Big thanks to David Faure who spent a big part of the weekend debugging his IMAP resource to figure out why it keeps getting stuck on occasions. He fixed several issues in the IMAP resource so that it properly reconnects after server connection is lost or times out (due to poor internet connectivity usually) and also found and fixed some issues in Akonadi syncing code.

Future

What’s next then? We will continue to work towards a stable release for Windows,
and hopefully soon finish the rewrite of the indexing and search infrastructure
in KDE PIM to make it faster, reliable and more useful again. There’s also a lot
of smaller tasks and improvements to look into during the year.

Powered by WPeMatico

Share Button

William Brown: AD directory admins group setup

Share Button

AD directory admins group setup

Recently I have been reading many of the Microsoft Active Directory best practices for security
and hardening. These are great resources, and very well written. The major theme of the
articles is “least privilege”, where accounts like Administrators or Domain Admins are
over used and lead to further compromise.

A suggestion that is put forward by the author is to have a group that has no other permissions
but to manage the directory service. This should be used to temporarily make a user an admin,
then after a period of time they should be removed from the group.

This way you have no Administrators or Domain Admins, but you have an AD only group that
can temporarily grant these permissions when required.

I want to explore how to create this and configure the correct access controls to enable
this scheme.

Create our group

First, lets create a “Directory Admins” group which will contain our members that have the
rights to modify or grant other privileges.

# /usr/local/samba/bin/samba-tool group add 'Directory Admins'
Added group Directory Admins

Now that we have this, lets add a member to it. I strongly advise you create special accounts
just for the purpose of directory administration – don’t use your daily account for this!

# /usr/local/samba/bin/samba-tool user create da_william
User 'da_william' created successfully
# /usr/local/samba/bin/samba-tool group addmembers 'Directory Admins' da_william
Added members to group Directory Admins

Configure the permissions

Now we need to configure the correct dsacls to allow Directory Admins full control over directory objects. It could be possible to constrain this to only
modification of the cn=builtin and cn=users container however, as directory admins might not need so much control for things like dns modification.

If you want to constrain these permissions, only apply the following to cn=builtins instead – or even just the target groups like Domain Admins.

First we need the objectSID of our Directory Admins group so we can build the ACE.

# /usr/local/samba/bin/samba-tool group show 'directory admins' --attributes=cn,objectguid
dn: CN=Directory Admins,CN=Users,DC=adt,DC=blackhats,DC=net,DC=au
cn: Directory Admins
objectSid: S-1-5-21-2488910578-3334016764-1009705076-1104

Now with this we can construct the ACE.

(A;CI;RPWPLCLORC;;;S-1-5-21-2488910578-3334016764-1009705076-1104)

This permission grants:

  • RP: read property
  • WP: write property
  • LC: list child objects
  • LO: list objects
  • RC: read control

It could be possible to expand these rights: it depends if you want directory admins to be able to do “day to day” ad control jobs, or if you just use them
for granting of privileges. That’s up to you. An expanded ACE might be:

# Same as Enterprise Admins
(A;CI;RPWPCRCCDCLCLORCWOWDSW;;;S-1-5-21-2488910578-3334016764-1009705076-1104)

Now lets actually apply this and do a test:

# /usr/local/samba/bin/samba-tool dsacl set --sddl='(A;CI;RPWPLCLORC;;;S-1-5-21-2488910578-3334016764-1009705076-1104)' --objectdn='dc=adt,dc=blackhats,dc=net,dc=au'
# /usr/local/samba/bin/samba-tool group addmembers 'directory admins' administrator -U 'da_william%...'
Added members to group directory admins
# /usr/local/samba/bin/samba-tool group listmembers 'directory admins' -U 'da_william%...'
da_william
Administrator
# /usr/local/samba/bin/samba-tool group removemembers 'directory admins' -U 'da_william%...'
Removed members from group directory admins
# /usr/local/samba/bin/samba-tool group listmembers 'directory admins' -U 'da_william%...'
da_william

It works!

Conclusion

With these steps we have created a secure account that has limited admin rights, able to temporarily promote users with privileges for administrative work –
and able to remove it once the work is complete.

Powered by WPeMatico

Share Button

Paul Mellors [MooDoo]: Fedora 27 Coloured Bash prompt

Share Button

For my information, but others might find it useful.

To get this prompt

ps1

Add the following line to your .bashrc file

PS1=”[[33[1;31m]u[33[0m]@h W]\$ ”

To get this colour at the root prompt

ps2

Add this to the root .bashrc prompt

PS1=”[[33[1;32m]u[33[0m]@h W]\$ ”

The actual color code is “1;31″ inside the PS1 variable. The 1 says make it ”’bold”’ and the 31 says the color red.

1;30 Black

1;31 Red

1;32 Green

1;33 Yellow

1;34 Blue

1;35 Magenta

1;36 Cyan

1;37 White (Don’t think white would show up too well on this page)

Powered by WPeMatico

Share Button

Fedora Community Blog: How to use Fedora Wiki as your wiki whiteboard

Share Button

Welcome to the Fedora Wiki, wiki for Fedora Project, a free software Linux distributionThe Fedora Project Wiki is a helpful tool for the Fedora community. It is a public “whiteboard” with information about Fedora, its community, and its contributors. New wiki pages are like a clean whiteboard space for a meeting. The flexibility is useful for collaborative planning or frequent logging of information. The wiki doesn’t offer great support for durable documents, but they are more spontaneous and convenient.

How to write in Fedora Wiki

The Fedora Wiki uses default MediaWiki markup language. MediaWiki is easy to use and made popular by Wikipedia. It is similar but more simple than writing HTML for web pages.

A note on durable documents

Treat wiki pages like whiteboards – if it were wiped clean, it wouldn’t be a loss of critical information. If you are writing something that needs to be durable, consider publishing it in Fedora Documentation. These documents benefit from version control, search engine ranking, and offering valuable content to our community and users. Visit the documentation Pagure project for on-boarding for new document repositories.

Common syntax

Here is a set of common syntax for basic formatting. This lets you write in bold, italics, and underline, add images, and insert links.

Description You type You get
Italics ''italics'' italics
Italics, bold, and both '''bold''' bold
Italics and bold '''''both''''' both
Underline your text This topic is notable This topic is notable
Adding a strikethrough This topic isn’t [[WP:N|notable]]. This topic isn’t notable.
Adding a hyperlink [http://www.wikipedia.org Wikipedia] Wikipedia
Show an image [[File:Wiki.png|thumb|Caption]]

Caption


Advanced MediaWiki syntax

The following examples add more formatting to your wiki contributions, including tables, lists, and headers.

With the new wiki theme, pay close attention to tables. To render tables with borders, add a class="wikitable" metadata to your table (see below for an example). An issue against the theme is open to make this behavior the default.

Description You type You get
Section Headings ==Level 2==
===Level 3===
====Level 4====
=====Level 5=====
======Level 6======do not use  =Level 1=  as it is for page titles

Level 2

Level 3

Level 4

Level 5
Level 6
Bulleted list * One
* Two
** Two point one
* Three
  • One
  • Two
    • Two point one
  • Three
Numbered list # One
# Two
## Two point one
# Three
  1. One
  2. Two
    1. Two point one
  3. Three
Indented Text no indent (normal)
:first indent
::second indent
:::third indent
no indent (normal)

first indent

second indent

third indent
Adding Source Code
function int m2() is nice.
function int m2() is nice.
Showing Bordered Tables {| class=”wikitable”
|-
! Header 1
! Header 2
! Header 3
|-
| row 1, cell 1
| row 1, cell 2
| row 1, cell 3
|-
| row 2, cell 1
| row 2, cell 2
| row 2, cell 3
|}
Header 1 Header 2 Header 3
row 1, cell 1 row 1, cell 2 row 1, cell 3
row 2, cell 1 row 2, cell 2 row 2, cell 3

 

The post How to use Fedora Wiki as your wiki whiteboard appeared first on Fedora Community Blog.

Powered by WPeMatico

Share Button

Fedora Magazine: Enhance your Python with an interactive shell

Share Button

The Python programming language has become one of the most popular languages used in IT. One reason for this success is it can be used to solve a variety of problems. From web development to data science, machine learning to task automation, the Python ecosystem is rich in popular frameworks and libraries. This article presents some useful Python shells available in the Fedora packages collection to make development easier.

Python Shell

The Python Shell lets you use the interpreter in an interactive mode. It’s very useful to test code or try a new library. In Fedora you can invoke the default shell by typing python3 in a terminal session. Some more advanced and enhanced shells are available to Fedora, though.

IPython

IPython provides many useful enhancements to the Python shell. Examples include tab completion, object introspection, system shell access and command history retrieval.  Many of these features are also used by the Jupyter Notebook , since it uses IPython underneath.

Install and run IPython

dnf install ipython3
ipython3

Using tab completion prompts you with possible choices. This features comes in handy when you use an unfamiliar library.

If you need more information, use the documentation by typing the ? command. For more details, you can use the ?? command.

Another cool feature is the ability to execute a system shell command using the ! character. The result of the command can then be referenced in the IPython shell.

A comprehensive list of IPython features is available in the official documentation.

bpython

bpython doesn’t do as much as  IPython, but nonetheless it provides a useful set of features in a simple and lightweight package. Among other features, bpython provides:

  • In-line syntax highlighting
  • Autocomplete with suggestions as you type
  • Expected parameter list
  • Ability to send or save code to a pastebin service or file

Install and run bpython

dnf install bpython3
bpython3

As you type, bpython offers you choices to autocomplete your code.

When you call a function or method, the expected parameters and the docstring are automatically displayed.

Another neat feature is the ability to open the current bpython session in an external editor (Vim by default) using the function key F7. This is very useful when testing more complex programs.

For more details about configuration and features, consult the bpython documentation.

Conclusion

Using an enhanced Python shell is a good way to increase productivity. It gives you enhanced features to write a quick prototype or try out a new library. Are you using an enhanced Python shell? Feel free to mention it in the comment section below.


Photo by David Clode on Unsplash

Powered by WPeMatico

Share Button

Guillaume Kulakowski: Docker pour ma stack LAMP

Share Button

J’avais déjà décrit ma précédente stack LAMP sous Docker, mais, à nouveau serveur, nouvelle architecture ! Tout d’abord posons le décor : un serveur Scaleway VC1M avec dessus, ce blog WordPress et un GitLab (que je ne décrirais pas). On s’attend donc à une stack avec un serveur HTTP, un daemon PHP-FPM et une base […]

Cet article Docker pour ma stack LAMP est apparu en premier sur Guillaume Kulakowski’s blog.

Powered by WPeMatico

Share Button

Enhance your Python with an interactive shell

Share Button

The Python programming language has become one of the most popular languages used in IT. One reason for this success is it can be used to solve a variety of problems. From web development to data science, machine learning to task automation, the Python ecosystem is rich in popular frameworks and libraries. This article presents some useful Python shells available in the Fedora packages collection to make development easier.

Python Shell

The Python Shell lets you use the interpreter in an interactive mode. It’s very useful to test code or try a new library. In Fedora you can invoke the default shell by typing python3 in a terminal session. Some more advanced and enhanced shells are available to Fedora, though.

IPython

IPython provides many useful enhancements to the Python shell. Examples include tab completion, object introspection, system shell access and command history retrieval.  Many of these features are also used by the Jupyter Notebook , since it uses IPython underneath.

Install and run IPython

dnf install ipython3
ipython3

Using tab completion prompts you with possible choices. This features comes in handy when you use an unfamiliar library.

If you need more information, use the documentation by typing the ? command. For more details, you can use the ?? command.

Another cool feature is the ability to execute a system shell command using the ! character. The result of the command can then be referenced in the IPython shell.

A comprehensive list of IPython features is available in the official documentation.

bpython

bpython doesn’t do as much as  IPython, but nonetheless it provides a useful set of features in a simple and lightweight package. Among other features, bpython provides:

  • In-line syntax highlighting
  • Autocomplete with suggestions as you type
  • Expected parameter list
  • Ability to send or save code to a pastebin service or file

Install and run bpython

dnf install bpython3
bpython3

As you type, bpython offers you choices to autocomplete your code.

When you call a function or method, the expected parameters and the docstring are automatically displayed.

Another neat feature is the ability to open the current bpython session in an external editor (Vim by default) using the function key F7. This is very useful when testing more complex programs.

For more details about configuration and features, consult the bpython documentation.

Conclusion

Using an enhanced Python shell is a good way to increase productivity. It gives you enhanced features to write a quick prototype or try out a new library. Are you using an enhanced Python shell? Feel free to mention it in the comment section below.


Photo by David Clode on Unsplash

Powered by WPeMatico

Share Button

Roland Wolters: [Howto] Using Ansible to manage RHEL 5 systems

Share Button

Ansible Logo

With the release of Ansible 2.4, Ansible requires that managed nodes have a Python version of at least 2.6. Most notable, this leaves RHEL 5 users wondering how to manage RHEL 5 systems in the future – given it only provides Python 2.4.

I covered this topic in a recent blog post at ansible.com/blog, read more at “USING ANSIBLE TO MANAGE RHEL 5 YESTERDAY, TODAY AND TOMORROW“.

Powered by WPeMatico

Share Button

Christian F.K. Schaller: Warming up for Fedora Workstation 28

Share Button

Been some time now since my last update on what is happening in Fedora Workstation and with current plans to release Fedora Workstation 28 in early May I thought this could be a good time to write something. As usual this is just a small subset of what the team has been doing and I always end up feeling a bit bad for not talking about the avalanche of general fixes and improvements the team adds to each release.

Thunderbolt
Christian Kellner has done a tremendous job keeping everyone informed of his work making sure we have proper Thunderbolt support in Fedora Workstation 28. One important aspect for us of this improved Thunderbolt support is that a lot of docking stations coming out will be requiring it and thus without this work being done you would not be able to use a wide range of docking stations. For a lot of screenshots and more details about how the thunderbolt support is done I recommend reading this article in Christians Blog.

3rd party applications
It has taken us quite some time to get there as getting this feature right both included a lot of internal discussion about policies around it and implementation detail. But starting from Fedora Workstation 28 you will be able to find more 3rd party software listed in GNOME Software if you enable it. The way it will work is that you as part of the initial setup will be asked if you want to have 3rd party software show up in GNOME Software. If you are upgrading you will be asked inside GNOME Software if you want to enable 3rd party software. You can also disable 3rd party software after enabling it from the GNOME Software settings as seen below:

GNOME Software settings

GNOME Software settings

In Fedora Workstation 27 we did have PyCharm available, but we have now added the NVidia driver and Steam to the list for Fedora Workstation 28.

We have also been working with Google to try to get Chrome included here and we are almost there as they merged for instance the needed Appstream metadata some time ago, but the last steps requires some tweaking of how Google generates their package repository (basically adding the appstream metadata to their yum repository) and we don’t have a clear timeline for when that will happen, but as soon as it does the Chrome will also appear in GNOME Software if you have 3rd party software enabled.

As we speak all 3rd party packages are RPMs, but we expect that going forward we will be adding applications packaged as Flatpaks too.

Finally if you want to propose 3rd party applications for inclusion you can find some instructions for how to do it here.

Virtualbox guest
Another major feature that got some attention that we worked on for this release was Hans de Goedes work to ensure Fedora Workstation could run as a virtualbox guest out of the box. We know there are many people who have their first experience with linux running it under Virtualbox on Windows or MacOSX and we wanted to make their first experience as good as possible. Hans worked with the virtualbox team to clean up their kernel drivers and agree on a stable ABI so that they could be merged into the kernel and maintained there from now on.

Firmware updates
The Spectre/Meltdown situation did hammer home to a lot of people the need to have firmware updates easily available and easy to update. We created the Linux Vendor Firmware service for Fedora Workstation users with that in mind and it was great to see the service paying off for many Linux users, not only on Fedora, but also on other distributions who started using the service we provided. I would like to call out to Dell who was a critical partner for the Linux Vendor Firmware effort from day 1 and thus their users got the most benefit from it when Spectre and Meltdown hit. Spectre and Meltdown also helped get a lot of other vendors off the fence or to accelerate their efforts to support LVFS and Richard Hughes and Peter Jones have been working closely with a lot of new vendors during this cycle to get support for their hardware and devices into LVFS. In fact Peter even flew down to the offices one of the biggest laptop vendors recently to help them resolve the last issues before their hardware will start showing up in the firmware service. Thanks to the work of Richard Hughes and Peter Jones you will both see a wider range of brands supported in the Linux Vendor Firmware Service in Fedora Workstation 28, but also a wider range of device classes.

Server side GL Vendor Neutral Dispatch
This is a bit of a technical detail, but Adam Jackson and Lyude Paul has been working hard this cycle on getting what we call Server side GLVND ready for Fedora Workstation 28. Currently we are looking at enabling it either as a zero-day update or short afterwards. so what is Server Side GLVND you say? Well it is basically the last missing piece we need to enable the use of the NVidia binary driver through XWayland. Currently the NVidia driver works with Wayland native OpenGL applications, but if you are trying to run an OpenGL application requiring X we need this to support it. And to be clear once we ship this in Fedora Workstation 28 it will also require a driver update from NVidia to use it, so us shipping it is just step 1 here. We do also expect there to be some need for further tuning once we got all the pieces released to get top notch performance. Of course over time we hope and expect all applications to become Wayland native, but this is a crucial transition technology for many of our users. Of course if you are using Intel or AMD graphics with the Mesa drivers things already work great and this change will not affect you in any way.

Flatpak
Flatpaks basically already work, but we have kept focus this time around on to fleshing out the story in terms of the so called Portals. Portals are essentially how applications are meant to be able to interact with things outside of the container on your desktop. Jan Grulich has put in a lot of great effort making sure we get portal support for Qt and KDE applications, most recently by adding support for the screen capture portal on top of Pipewire. You can ready more about that on Jan Grulichs blog. He is now focusing on getting the printing portal working with Qt.

Wim Taymans has also kept going full steam ahead of PipeWire, which is critical for us to enable applications dealing with cameras and similar on your system to be containerized. More details on that in my previous blog entry talking specifically about Pipewire.

It is also worth noting that we are working with Canonical engineers to ensure Portals also works with Snappy as we want to ensure that developers have a single set of APIs to target in order to allow their applications to be sandboxed on Linux. Alexander Larsson has already reviewed quite a bit of code from the Snappy developers to that effect.

Performance work
Our engineers have spent significant time looking at various performance and memory improvements since the last release. The main credit for the recently talked about ‘memory leak’ goes to Georges Basile Stavracas Neto from Endless, but many from our engineering team helped with diagnosing that and also fixed many other smaller issues along the way. More details about the ‘memory leak’ fix in Georges blog.

We are not done here though and Alberto Ruiz is organizing a big performance focused hackfest in Cambridge, England in May. We hope to bring together many of our core engineers to work with other members of the community to look at possible improvements. The Raspberry Pi will be the main target, but of course most improvements we do to make GNOME Shell run better on a Raspberry Pi also means improvements for normal x86 systems too.

Laptop Battery life
In our efforts to make Linux even better on laptops Hans De Goede spent a lot of time figuring out things we could do to make Fedora Workstation 28 have better battery life. How valuable these changes are will of course depend on your exact hardware, but I expect more or less everyone to have a bit better battery life on Fedora Workstation 28 and for some it could be a lot better battery life. You can read a bit more about these changes in Hans de Goedes blog.

Powered by WPeMatico

Share Button