My blog

Category: Linux

  • Puppet vs Ansible vs Chef vs Salt

    Good presentation, high level.

  • Bash scripting manual

    Apple has got very nice bash scripting manual here: https://developer.apple.com/library/content/documentation/OpenSource/Conceptual/ShellScripting/Introduction/Introduction.html

    Check the security and AWK sections.

  • Let’s encrypt cert updates

    Let’s encrypt is wonderful, but certificate are getting expired every 3 months. Since it’s a first time I need to renew them, I have done it manually. The tool authenticates you (by default) with special file created in the .well-know/acme-challenge directory of the root, so the blog engine should not interfere or rewrite anything and should not return it’s own 404 page. Historically my nginx.conf has lots of existing redirects and rules, I am too lazy to correct and simplify it, so simple

    localtion ~ .well-known {
        allow all;
    }

    does not work. And I am too lazy to figure out why it is so (bad for me). So the most simple way to renew certs for me is to switch to minimal config. Putting it here for the future reference.

    user  nginx;  
worker_processes  1;
error_log  /var/log/nginx/error.log;
pid        /run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    server_names_hash_bucket_size 128;
    index   index.html index.htm;
    server { listen 80;
        listen [::]:80;
        server_name andreybondarenko.com;
location / {
                 root   /var/www/;
        }

    }
}

  • How to sort messages log

    If you need to sort out what is reporting to the /var/log/messages to array in case of Red Hat Enterprise Linux or Fedora, you need to do flowing manipulations:

    1. read log;
    2. get 5th column from the log, it’s daemon name;
    3. get rid of all digits, so the daemons with different PIDs would be counted as one;

    1. get rid of all ‘/’ and replace ‘[’ and ‘]’ with ‘\[’ and ‘\]’ to keep things both readable and usable for future scripting;

    1. sort unique stuff.

    in my case this gets look like:

    cat /var/log/messages | awk '{ print $5 }'| sed 's/\[[0-9].*$//'|sed 's/\[/\\\[/g' | sed 's/\]/\\\]/g'| sed 's/://g' |sed 's/\///g' |sort -u``

    the result is usable as array for example. My host’s result:

    abrt-hook-ccpp
at-spi-bus-launcher
audit
avahi-daemon
blueman.desktop
blueman-mechanism
bluetoothd
chronyd
cinnamon-killer-daemon
cinnamon-session
com.redhat.imsettings
...
skip
...
tracker-store.desktop
udisksd
usrlibexecgdm-x-session
vmware-user.desktop
wpa_supplicant

  • Debugging Kerberos

    If you need to debug Kerberos, check the time synchronization at the first place. In about 50% cases it is it.

    1. the ntpd (or chrony) should be presented in the process list
    2. they should really be configured correctly
    3. in case of the virtual host crony is preferable, with the ntpd time skew is possible

    Really nice crony/ntpd comparative chart: https://chrony.tuxfamily.org/comparison.html , “Summary” section is complete.

  • Not to forget: ugly font and the Opera Browser

    Might be interesting for non-English speaking users of the Opera: some font on some sites are really ugly and there is no way in the interface to disable them, because they’re not system fonts, but one that web page get downloaded. –disable-remote-fonts is the option to fix them forever. Such fonts usually contain normal English glyphs, bot other are ugly. To fix it in the Gnome Shell:

    1. cp /usr/share/applications/opera.desktop ~/.local/share/application
    2. Add –disable-remote-fonts to every “Exec”. Don’t touch “TryExec”

  • Not to forget useful vi and bash settings

    .bash_profile

    alias opera=opera --disable-remote-fonts
alias grep='grep --color=auto'
alias unigrep='grep -P "[^\x00-\x7F]"'
alias mkdir="mkdir -p"
alias ls='ls -lh --color=auto'
HISTCONTROL=ignoredups:ignorespace
HISTSIZE=100000
HISTFILESIZE=200000

    .vimrc

    set mouse=r
syntax enable
set tabstop=4
set softtabstop=4
set expandtab
set number
set cursorline
set hlsearch
set incsearch  
set showmatch
nmap <F1> <Esc>:set nonumber<cr>                                                                                                                                             
nmap <F2> <Esc>:set number<cr>
nmap <F5> <Esc>yy<cr>
nmap <F6> <Esc>p<cr>
nmap <F8> <Esc>dd<cr>
nmap <F10> <Esc>:wq!<cr>
nmap <F12> <Esc>:q!<cr>

    Not sure about ‘number’ setting, if interferes with the clipboard annoyingly, so I can turn them off.

  • Simple way to fuck-up Gnome Shell in Fedora 25

    1. Open Evolution
    2. New message
    3. Attach file from Web DAV disk
    4. PROFIT!

  • FC 25 annoying auth bugs

    Evolution keeps failing to connect to Google calendars if it works for more than one day. Restarting goa-daemon with

    /usr/libexec/goa-daemon --replace

    does not always help. That is frustrating: why not always?

  • Evolution mail signature workaround

    Evolution mail application in the Fedora 25 has annoying bug: it freezes when trying to add/edit signature (although, you can delete old one). It’s a known bug fixed in upstream and you can actually edit signature files (it’s quite tricky), but you can add shell script that would generate signature for you.

    UPD: need to use “cowsay `fortune`”