Spotify Beta Preview on Fedora 16 64-bit

This guide is now out of date, please check the original Spotify on Fedora 16 64-bit post

This guide is similar to the post I put up awhile back on installing the Spotify Linux Preview on Fedora 16 64-bit, except this post is related to the new unstable Beta that is out that has the Spotify Apps stuff.  Don’t be surprised if you have issues with this since it’s basically a Beta of a Preview.  *Will crash out upon opening if Adobe Flash is installed*

Below are the commands in the the correct order to run as root post installation with Desktop chosen with no custom package changes, selinux, and iptables are off

 

yum -y install perl-ExtUtils-MakeMaker gcc qt-webkit rpm-build git cd /tmp git clone git://git.kitenet.net/alien cd alien perl Makefile.PL; make; make install wget http://download.spotify.com/preview/spotify-client_0.8.0.1031.ga1569aa.552-1_amd64.deb /usr/local/bin/alien --to-rpm spotify-client_0.8.0.1031.ga1569aa.552-1_amd64.deb rpm -Uvh --nodeps spotify-client-0.8.0.1031.ga1569aa.552-2.x86_64.rpm ln -s /usr/lib64/libssl.so.1.0.0e /usr/lib64/libssl.so.0.9.8 ln -s /lib64/libcrypto.so.1.0.0e /lib64/libcrypto.so.0.9.8 ln -s /usr/lib64/libnss3.so /usr/lib64/libnss3.so.1d ln -s /usr/lib64/libnssutil3.so /usr/lib64/libnssutil3.so.1d ln -s /usr/lib64/libsmime3.so /usr/lib64/libsmime3.so.1d ln -s /lib64/libplc4.so /lib64/libplc4.so.0d ln -s /lib64/libnspr4.so /lib64/libnspr4.so.0d
Advertisements
Posted in Uncategorized | Leave a comment

Nagios and NagiosQL on RHEL6 Part 1: The Installation

This guide is for setting up the Nagios monitoring software along with NagiosQL for easy web configuration on a RHEL6 platform.  I use Nagios for server monitoring because it’s free, open source, and very reliable.  NagiosQL really helps take the pain out of manual Nagios configuration.  As usual, this guide assumes a fresh RHEL6 installation with default package options and all updates applied from RHN.  Also, make sure this server is subscribed to the RHEL Server Optional channel in RHN as we need packages installed from that channel.  One more thing, turn off SELinux by editing /etc/selinux/config and setting it to disabled or permissive.  Then you will need to reboot to apply the change.  I really tried to get this going with SELinux, but I honestly just don’t know enough to fix the problems that NagiosQL had.

First, you will want to head over to the nagios.org and download the latest Nagios Core package and the Nagios Plugins package.  And then head over to nagiosql.org and grab the latest stable package from there.  You should end up with three different .tar.gz packages.

Now, we will install some pre-requisite packages from RHN and create the nagios user/group with the following commands as root:

rpm -Uvh http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
yum -y install httpd php gcc gd-devel postgresql-devel mysql-devel openssl-devel net-snmp perl-Net-SNMP mod_ssl mysql-server php-mysql php-pecl-ssh2

The next few commands create the nagios user and group.  Run as root:

useradd -m nagios
echo MyPass | passwd --stdin nagios
groupadd nagcmd
usermod -a -G nagcmd nagios
usermod -a -G nagcmd apache

Next, you want to change to the directory where you downloaded your nagios packages and run the following commands to unpackage, compile, and install them:

tar -xvzf nagios-3*gz && tar -xvzf nagios-plug*gz && tar -xvzf nagiosq*gz
cd nagios && ./configure --with-command-group=nagcmd --localstatedir=/var/nagios --sysconfdir=/etc/nagios && make all && make install
make install-init && make install-config && make install-commandmode && make install-webconf
cd ../nagios-plugin* && ./configure --with-nagios-user=nagios --with-nagios-group=nagios && make && make install
cd ../ && mv nagiosql /var/www/html && chcon -R -t httpd_sys_content_t /var/www/html/nagiosql/ && chown apache /var/www/html/nagiosql/config
mkdir /etc/nagiosql /etc/nagiosql/hosts /etc/nagiosql/services /etc/nagiosql/backup /etc/nagiosql/backup/hosts /etc/nagiosql/backup/services
chmod 775 /etc/nagios && chmod 664 /etc/nagios/cgi.cfg /etc/nagios/nagios.cfg && chgrp nagcmd /etc/nagios /etc/nagios/nagios.cfg /etc/nagios/cgi.cfg /etc/nagios/resource.cfg
chmod -R 6755 /etc/nagiosql && chown -R apache.nagios /etc/nagiosql && chown -R apache.apache /var/www/html/nagiosql/config
chown nagios.nagcmd /usr/local/nagios/bin/nagios && chmod 750 /usr/local/nagios/bin/nagios
chown -R nagios.nagcmd /var/nagios/rw && chgrp nagcmd /var/nagios/spool/checkresults

The next command will setup your nagiosadmin user and password, you will use this to login to the web interface, run as root:

htpasswd -c /etc/nagios/htpasswd.users nagiosadmin

Next, we need to make a change by opening up /etc/php.ini with our favorite editor and searching for date.timezone, find the line that looks like this:

;date.timezone =

and replace it with something like this:

date.timezone = America/Chicago

Replace America/Chicago with your own timezones country/city.

Now, we will start up the apache, nagios, and mysql services, set them to startup on reboot.

chkconfig httpd on && chkconfig nagios on && chkconfig mysqld on && service httpd start && service nagios start && service mysqld start
iptables -I INPUT -p tcp --dport 80 -j ACCEPT && iptables -I INPUT -p tcp --dport 443 -j ACCEPT && service iptables save

Now, point your browser to http://yourserversip/nagiosql and click START INSTALLATION.

On the next page, you should have all green checks except for one yellow exclamation point about a config file that will be created automatically, if this is what you have, then click Next in the lower right corner.

On this page, leave the database stuff alone unless you want to change the database name, username, password, or if you set a password on the mysql root user.  In the NagiosQL User Setup you will want to type in a password that you will use to login as the admin user on the NagiosQL site and then type it a second time in the next box.  You also want to check Import Nagios sample config.  Then click Next again.

This page should have nothing but green words indicating that things went well.  If not look back and see if you missed a step.  Now you will want to delete the install directory, so back at the command line, run this command as root:

rm -rf /var/www/html/nagiosql/install

Then, click Finish in the lower right corner, which will bring you to a login screen for NagiosQL, login with the username admin and the password that you specified for the admin user.

Now, we need to make some modifications to the /etc/nagios/nagios.cfg file to point the config files to the path for NagiosQL.  Use the following commands for this:

cp /etc/nagios/nagios.cfg /etc/nagios/nagios.cfg.bck && sed -i 's/cfg_file/#cfg_file/g' /etc/nagios/nagios.cfg

The line above comments out current cfg_file locations, the lines below adds new ones(make sure to copy/paste whole thing at once)

echo "cfg_file=/etc/nagiosql/contacttemplates.cfg
cfg_file=/etc/nagiosql/contactgroups.cfg
cfg_file=/etc/nagiosql/contacts.cfg
cfg_file=/etc/nagiosql/timeperiods.cfg
cfg_file=/etc/nagiosql/commands.cfg
cfg_file=/etc/nagiosql/hostgroups.cfg
cfg_file=/etc/nagiosql/servicegroups.cfg
cfg_dir=/etc/nagiosql/hosts
cfg_dir=/etc/nagiosql/services
cfg_file=/etc/nagiosql/hosttemplates.cfg
cfg_file=/etc/nagiosql/servicetemplates.cfg
cfg_file=/etc/nagiosql/servicedependencies.cfg
cfg_file=/etc/nagiosql/serviceescalations.cfg
cfg_file=/etc/nagiosql/hostdependencies.cfg
cfg_file=/etc/nagiosql/hostescalations.cfg
cfg_file=/etc/nagiosql/hostextinfo.cfg
cfg_file=/etc/nagiosql/serviceextinfo.cfg" >> /etc/nagios/nagios.cfg

At this point, you should be able to login to NagiosQL at http://yourserversip/nagiosql with the username admin and the password you provided earlier when setting up NagiosQL.  After you successfully login, go to Tools > Nagios control.  Then click all the Do It buttons from top to bottom and verify you do not get any errors.  Then, you can access your Nagios web interface at http://yourserversip/nagios to see that it is working.

At this point, NagiosQL is setup to manage Nagios properly.  In the next post, I will go over how to use NagiosQL to configure Nagios hosts and services.

Posted in Uncategorized | Tagged , , , | Leave a comment

Toggl Desktop client for Fedora 16 64-bit

Here are instructions for converting the Toggl Desktop deb to an rpm and installing.  As always, this guide assumes that your Fedora has all the updates installed, if not, run the following as root:

yum -y update

First, we need to install alien using the following commands as root:

yum -y install perl-ExtUtils-MakeMaker gcc qt-webkit rpm-build git
cd /tmp
git clone git://git.kitenet.net/alien
cd alien
perl Makefile.PL; make; make install

Now, to download, convert, and install the Toggl-Desktop deb package.  Run the following as root:

yum -y install libXScrnSaver
cd /tmp
wget https://download.toggl.com/toggldesktop/latest/toggl-desktop_current_amd64.deb
/usr/local/bin/alien -r toggl-desktop_current_amd64.deb
rpm --nodeps -Uvh toggl-desktop-*.rpm
ln -s /lib64/libbz2.so.1 /lib64/libbz2.so.1.0
cp /opt/toggl/toggl-desktop/toggl-desktop.desktop /usr/share/applications/
cp /opt/toggl/toggl-desktop/product_logo_64.png /usr/share/icons/toggl-desktop.png

Now, you should be able to find and launch Toggl-Desktop from your Applications list in the Internet subsection.

Posted in Uncategorized | Tagged , , , | 7 Comments

Running Minecraft on Fedora 16

The following is a guide to getting the popular game Minecraft running on your Fedora 16 system.  This guide should work for most versions of Fedora, but I only tested with the latest version.

First, you need to install the Oracle version of Java if you have not already.  Go to http://www.java.com/en/download/index.jsp and click Free Java Download.  Scroll down and choose Linux RPM or Linux x64 RPM.  If you are using a 64-bit version of Fedora, choose the x64 version.

Back at the command line, do the following commands after the download finishes:

cd ~/Downloads
chmod u+x jre*bin
sudo ./jre*bin

You should see some stuff go on that looks like the package is getting installed including # symbols until reaching 100%.

Now, back at your browser, head over to http://www.minecraft.net/ and on the right of the page under Buy Now! click Download.  Then, just under Minecraft for Linux / Other, click minecraft.jar, if it does nothing, you may have to right click it and choose Save Link As.

Now, head back to your terminal window, and type the following to launch Minecraft.

cd ~/Downloads
/usr/java/latest/bin/java -Xmx1024M -Xms512M -cp minecraft.jar net.minecraft.LauncherFrame
Posted in Uncategorized | Tagged , , | 13 Comments

Skype on Fedora 16 64-bit

I got a webcam to play with at work and found that installing Skype on 64-bit Fedora wasn’t as easy as it should be.  I did the usual yum install, and oddly it installed the package without a single dependency complaint… which was wrong.  Run the below command as root to install all the dependencies you need to install the latest Skype beta.

yum -y install glibc.i686 alsa-lib.i686 libXv.i686 libXScrnSaver.i686 qt.i686 qt-x11.i686

Then, as root, do the following in the directory where you saved skype to:

yum -y install skype*

After that, you should be able to find skype by searching for it in Gnome and run it.

Posted in Uncategorized | Tagged , , | 1 Comment

Setup a Windows/Mac file server with Samba and Netatalk on RHEL6 in Active Directory

Okay, for this post, I am going to presume that you attached your RHEL6 server to the domain using the settings from my previous RHEL6 AD authentication guide.  If not, please click on that link and go there to set it up.

Setting up Samba

First we will start by setting up your Samba/Winbind config to do some actual file sharing with Windows workstations on your domain.  And to do that, we will need to install the samba server package with the following command as root:

yum -y install samba policycoreutils-python && service smb restart

Now, we need to poke a few holes in the firewall to allow clients to connect to our Samba ports with the following commands as root:

iptables -I INPUT -p tcp --dport 139 -j ACCEPT
iptables -I INPUT -p tcp --dport 445 -j ACCEPT

And to save the changes to iptables so they will work after a reboot, do the following as root:

service iptables save

Next, we will open our smb.conf file with your favorite editor and go near the bottom of the file to the section “Share Definititions”.  You will notice that by default, samba is configured to share out home directories and printers, the home directories settings won’t work right so go ahead and just comment them out for now by putting a ; in front of those lines.  Scroll to the very bottom of the file, and we create our new share by adding the following:

[data]
	comment = Data Share
	browseable = yes
	writable = yes
	path = /data
        valid users = @MYDOMAIN"my share group"
	force group = "my share group"

Replace the word data in the brackets on the first line to what you want to name the share.  Change the comment as well to what you want, and then change the path to where on the filesystem you want to store the shared files and then change the valid users line parts of MYDOMAIN and my share group to your domain shortname and the group in AD that you want to allow access to the share.  And by having the force group line point to your my share group, and new files or folders created in that share from Windows clients will keep that group as the group owner.

Next, we need to do some SELinux magic and permission fixes so Samba has access to the folder with the following commands as root: *change the /data parts to where your share will be located on your filesystem*

chmod 770 /data
semanage fcontext -a -t samba_share_t "/data(/.*)?"
restorecon -R -v /data

Now, we can go ahead and restart Samba to check and see if our configuration works with the following command as root:

service smb restart

At this point, try connecting from a Windows box logged in as a user that is a member of the group that you granted permissions to the /data share.  It should work and allow your to create new files and delete them.  You should be able to see the files on the Linux server as well by doing an ls -l in the folder where the share is located at.

Last, we need to set this service to start after a reboot with the following command:

chkconfig smb on

Setting up Netatalk

Okay, now we are going to work on setting up Netatalk to share stuff from our /data partition as well.   We will start by getting the Netatalk RPM for our architecture at the EPEL repository with the next command as root:

yum -y install http://download.fedora.redhat.com/pub/epel/6/x86_64/netatalk-2.2.0-2.el6.x86_64.rpm

If you are using 32-bit or the command doesn’t work, you can head over to the EPEL Repo and grab it from there.

Next, we need to again open ports on the firewall to allow for the new AFP service using the following firewall commands:

iptables -I INPUT -p tcp --dport 548 -j ACCEPT
iptables -I INPUT -p tcp --dport 5353 -j ACCEPT
service iptables save

Now, we will do the minimal configuration to get our /data share up on AFP by adding the following to the bottom of the file /etc/netatalk/AppleVolumes.default

/data data allow:@"my share group"

After adding that, you should modify the /data directory to have sticky on the group so that new files/directories created using AFP will have the same group, use this command as root:

chmod g+s /data

That will also apply to local Linux users connecting via SSH.  Now to start the netatalk service and configure it to automatically start after a reboot using these commands as root:

service netatalk restart && chkconfig netatalk on

And with that, you should be able to reach your share from a Mac using AFP or SMB.  There are guides out on how to setup a Mac to backup to an AFP share with Time Machine as well.  You can use Netatalk for this by turning on the Time Machine option and optionally limiting the size of the AFP share seen by clients since Time Machine will otherwise use all the space on the drive.  Below is an example with the two settings for that:

/data data allow:@"my share group" volsizelimit:1000000 options:tm
Posted in Uncategorized | Tagged , , , , , | Leave a comment

Attaching a RHEL6 server install to Active Directory for authentication

This guide presumes a clean install of RHEL6.1 with the Basic Server install with no custom packages chosen and the server is registered to RHN already.  This is the basic steps you can take to attach the server to an Active Directory domain.  I also assume that you have a login with the rights to add a workstation to a domain and know how to do that.

First, let’s go ahead and make sure all packages are up to date and install packages needed to configure winbind with the graphical utility, run the following command as root

yum -y update && yum -y install samba-winbind authconfig-gtk xorg-x11-xauth

Second, let’s make sure your clock is in sync with your network’s time server because a skew will cause a domain join to fail.  You can use the following time server if you don’t know your local one.  Run as root:

ntpdate clock.redhat.com

Now, you will want to logout and log back in so that xauth creates the necessary connection to run the graphical utility over ssh.  Then type the following command as root:

authconfig-gtk

AuthConfig

Now, you will want to change User Account Database to Winbind, then set the Winbind Domain to your domain shortname, change Security Model to ads, change Winbind ADS REALM to your domain longname, change Winbind Domain Controllers to your domain controllers fullnames seperated by commas, change Template Shell to the shell you want your users to have, and finally click Join Domain where you will be prompted for your Domain administrator login and password.  Click OK after filling out the login information.

If all goes well, you should see Joined ‘HOSTNAME’ to realm ‘DOMAIN LONGNAME’ and maybe a DNS update failed! message after that.  You can ignore the DNS error though.

AdvanceOption

Next click over to the Advanced Options tab and check “Create home directories on the first login” to have home directories automatically generated with the contents of /etc/skel when users login for the first time.  Otherwise, you will need to pre-create all the home directories, and that isn’t terribly fun if you have more than like 5 users.  After that, click Apply and the window should close.  You might also see some Gtk-Message errors, but those are nothing to worry about either as they are just libraries to open different window themes.

Okay, so to test the Winbind connection is up and working, let’s run the next couple of commands as root.

net ads testjoin

The result should be “Join is OK”

wbinfo -u

This command may take a few minutes to return if you have a lot of users in your domain.  But it should eventually return with a list of all the users in your domain.  If that comes back the way we expect, then next we will try logging in with a user.

ssh aduser@MYDOMAIN@localhost

Right now, all your logins have your domain as part of the login name, your login actually looks like MYDOMAIN\aduser.  It’s really just one in the middle, but you need the second one to tell the shell that the is a literal .  Anyways, it should prompt you for your password and you should be able to login and have your home directory automatically created at /home/MYDOMAIN/aduser, you can test by typing pwd.  You can also test that groups is working by just typing groups to see what groups you are a member of.  You can stop here if you are happy with the way everything is.

Extra Settings for different options:

Now, I will share some extra settings for RHEL6 because the default options are honestly annoying for you and your users trying to log into the server.

Pull UID/GID Numbers from ad instead of local database

Be default, Samba/Winbind authentication is setup to generate it’s own database of UID/GID numbers for users and groups.  If you are setting up a group of computers that mount a shared filesystem and you want to make sure that all users and groups on each workstation have the same UID/GID.  You can change some settings to have those numbers pulled from AD instead of generated locally.  To fix this, we make changes in the /etc/samba/smb.conf file

Below are the settings configured by system-config-authentication:

idmap uid = 16777216-33554431
idmap gid = 16777216-33554431

Here is what I replace them with to get UID/GID numbers pulled from AD.  Change MYDOMAIN to your domain shortname.

idmap backend = idmap_rid:MYDOMAIN=1000-9000000
idmap uid = 1000-9000000
idmap gid = 1000-9000000

After applying that conf change, do the following to clean out the winbind local database caches.

service winbind stop && rm -f /var/lib/samba/*.tdb && service winbind start

remove domain name from username/login and change home directory location

To fix your login names from being something like MYDOMAIN\mylogin or mylogin@MYDOMAIN and instead have it just be mylogin, you will need to change a setting in the /etc/samba/smb.conf file.  Below is the setting and it defaults to false, you just have to change it to true.

winbind use default domain = true

Another helpful setting is the one below for changing the default location where home directories are created.  By default, they are created as /home/DOMAIN/username, this is best added in /etc/samba/smb.conf above the template shell line.

template homedir = /home/%U
Posted in Uncategorized | Tagged , , , , , | 3 Comments