月度归档:2016年05月

Secure Files/Directories using ACLs (Access Control Lists) in Linux

As a System Admin, our first priority will be to protect and secure data from unauthorized access. We all are aware of the permissions that we set using some helpful Linux commands like chmod, chown, chgrp… etc. However, these default permission sets have some limitation and sometimes may not work as per our needs. For example, we cannot set up different permission sets for different users on same directory or file. Thus, Access Control Lists (ACLs) were implemented.

 

Let’s say, you have three users, ‘tecmint1‘, ‘tecmint2‘ and ‘tecmint3‘. Each having common group say ‘acl’. User ‘tecmint1‘ want that only ‘tecmint2‘ user can read and access files owned by ‘tecmint1‘ and no one else should have any access on that.

ACLs (Access Control Lists) allows us doing the same trick. These ACLs allow us to grant permissions for a user, group and any group of any users which are not in the group list of a user.

Note: As per Redhat Product Documentation, it provides ACL support for ext3 file system and NFS exported file systems. 继续阅读

FilePermissionsACLs

POSIX Access Control Lists (ACLs) are more fine-grained access rights for files and directories. An ACL consists of entries specifying access permissions on an associated object. ACLs can be configured per user, per group or via the effective rights mask.

These permissions apply to an individual user or a group, and use the same as rwx found in regular permissions.

For an explanation of rwx, see FilePermissions 继续阅读

How to: Configure Additional IP Addresses on CentOS 7.x or Redhat 7.x

Introduction

There are several different ways that you can enable IP addresses on CentOS/Redhat 7.x. In this guide, we’ll provide you with instructions and examples for configuring a small number of additional IP addresses, entire CIDR network prefixes (blocks/ranges), and ways to remove them.

继续阅读

Linux Basics: Assign Multiple IP Addresses To Single Network Interface Card On CentOS 7

Some times you might want to use more than one IP address for your network interface card. What are you going to do? Buy an extra network card and assign new IP? No, It’s not necessary(atleast in the small networks). We can now assign multiple ip addresses to single network interface card in CentOS / RHEL 7 systems. Curious to know how? Well, Follow me, It is not that difficult. 继续阅读

Puppet整合Foreman与Mcollective

一、功能说明

  1.   Marionette Collective(MCollective)是一个与Puppet关系密切的服务运行框架。
  2.   MC依赖Ruby1.9.3或1.8.7,通过Stomp协议通信,因此依赖rubygem 1.2.2+
  3.   在puppet客户端上安装Mcollective服务端
  4.   在puppet服务端上安装Mcollective客户端
  5.   在puppet服务端或单独安装MQ中间件

参考官方文档:https://docs.puppetlabs.com/mcollective/deploy/standard.html 继续阅读

Windows PowerShell – 在 PowerShell 中编写 Windows 服务

Windows 服务通常就是编译的程序用 C、 c + +、 C# 或其他 Microsoft 基于.NET Framework 的语言,编写并调试此类服务可能会相当困难。在几个月前,通过允许编写服务作为简单的 shell 脚本,其他操作系统启发我开始想知道是否有可能会更简单的方法以及在 Windows 中,创建它们。

这篇文章介绍了此项工作成果的最终结果 ︰ 新颖简便的方法来创建 Windows 服务,通过在 Windows PowerShell 脚本语言中编写它们。没有更多的编译,就可以在任何系统上,而不仅仅是开发人员自己完成一个快速的编辑测试周期。

我提供一个称为 PSService.ps1,以便您可以创建并以分钟为单位,与只是记事本等文本编辑器中测试新的 Windows 服务的通用服务脚本模板。此技术可以保存任何人如想尝试使用 Windows 服务的很大的时间和开发工作量,或甚至提供针对 Windows 的实际服务时不考虑性能的关键因素。可以从下载 PSService.ps1 bit.ly/1Y0XRQB继续阅读

Loading agent puppet failed: Could not create instance of plugin MCollective::Agent::Puppet: cannot load such file — puppet

D, [2016-05-13T17:35:58.594609 #21476] DEBUG — : activemq.rb:293:in `subscribe’ Subscribing to /topic/mcollective.discovery.agent with headers {}
D, [2016-05-13T17:35:58.594609 #21476] DEBUG — : agents.rb:104:in `block in findagentfile’ Found puppet at C:\mcollective\plugins/mcollective/agent/puppet.rb
D, [2016-05-13T17:35:58.594609 #21476] DEBUG — : pluginmanager.rb:167:in `loadclass’ Loading MCollective::Agent::Puppet from mcollective/agent/puppet.rb
D, [2016-05-13T17:35:58.641409 #21476] DEBUG — : pluginmanager.rb:44:in `<<‘ Registering plugin puppet_agent with class MCollective::Agent::Puppet single_instance: false
D, [2016-05-13T17:35:58.641409 #21476] DEBUG — : pluginmanager.rb:88:in `[]’ Returning new plugin puppet_agent with class MCollective::Agent::Puppet
D, [2016-05-13T17:35:58.657009 #21476] DEBUG — : <internal:10:in `synchronize’ PLMC15: No item called ‘agent/puppet’ for cache ‘ddl’
D, [2016-05-13T17:35:58.657009 #21476] DEBUG — : base.rb PLMC18: Found ‘puppet’ ddl at ‘C:\mcollective\plugins/mcollective/agent/puppet.ddl’
E, [2016-05-13T17:35:58.657009 #21476] ERROR — : agents.rb:71:in `rescue in loadagent’ Loading agent puppet failed: Could not create instance of plugin MCollective::Agent::Puppet: cannot load such file — puppet

问题分析
分析问题是ruby加载puppet插件未成功报错,最终找到原因是mcollective主配置文件server.cfg中 libdir = C:\mcollective\plugins中只指向了mcollective的lib库,并没有找到puppet和facter的lib库导致!因此 需要在libdir中添加puppet和facter的lib库路径

libdir = C:\mcollective\plugins;C:\Program Files\Puppet Labs\Puppet\puppet\lib;C:\Program Files\Puppet Labs\Puppet\facter\lib

Host save fails if name contains underscore with Failed to save: Name is invalid

当使用Foreman时,在WEB上对主机名包含下划线的主机进行保存操作时,会提示“Name is invalid

或者在/var/log/foreman/production.log日志中会出现类似错误:

| Started POST “/api/hosts/facts” for 124.202.155.164 at 2016-05-12 16:23:06 +0800
2016-05-12T16:23:06 [app] [I] Processing by Api::V2::HostsController#facts as JSON
2016-05-12T16:23:06 [app] [I]   Parameters: {“facts”=>”[FILTERED]”, “certname”=>”mx136v_bak”, “name”=>”mx136v_bak”, “apiv”=>”v2”, :host=>{“name”=>”mx136v_bak”, “certname”=>”mx136v_bak”}}
2016-05-12T16:23:06 [app] [I] Import facts for ‘mx136v_bak’ completed. Added: 0, Updated: 5, Deleted 0 facts
2016-05-12T16:23:06 [app] [W] Action failed
| ActiveRecord::RecordInvalid: Validation failed: Name is invalid
| /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/validations.rb:56:in `save!’
| /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/attribute_methods/dirty.rb:33:in `save!’
| /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/transactions.rb:246:in `block in save!’
| /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/transactions.rb:295:in `block in with_transaction_returning_status’

| Started POST “/api/hosts/facts” for 124.202.155.164 at 2016-05-12 03:47:06 +0800
2016-05-12T03:47:06 [app] [I] Processing by Api::V2::HostsController#facts as JSON
2016-05-12T03:47:06 [app] [I]   Parameters: {“facts”=>”[FILTERED]”, “certname”=>”s108k_bak.domain.com”, “name”=>”s108k_bak.domain.com”, “apiv”=>”v2”, :host=>{“name”=>”s108k_bak.domain.com”, “certname”=>”s108k_bak.domain.com”}}
2016-05-12T03:47:06 [app] [W] Action failed
| ActiveRecord::RecordInvalid: Validation failed: Name is invalid
| /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/validations.rb:56:in `save!’
| /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/attribute_methods/dirty.rb:33:in `save!’
| /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/transactions.rb:246:in `block in save!’
| /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/transactions.rb:295:in `block in with_transaction_r
eturning_status’
| /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/connection_adapters/abstract/database_statements.rb
:192:in `transaction’
| /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/transactions.rb:208:in `transaction’
| /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/transactions.rb:293:in `with_transaction_returning_
status’
| /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/transactions.rb:246:in `save!’

临时解决办法:

修改 /usr/share/foreman/lib/net/validations.rb文件中的 “HOST_REGEXP”
HOST_REGEXP = /\A(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\z/更改为 HOST_REGEXP = /\A(([a-z0-9]|[a-z0-9][a-z0-9\-_]*[a-z0-9])\.)*([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\z/