Quantcast
Channel: linuxadmin: Expanding Linux SysAdmin knowledge
Viewing all 17870 articles
Browse latest View live

How to update passwords for iRedMail?

January 8, 2018, 8:34 am
$
0
0

I am using iRedMail with a MySQL backend. For security reasons, I would like to update all of my passwords once a month. Changing the postmaster password can easily be done through the web interface, but I am having trouble finding all of the places that the various passwords for MySQL are stored.

So far, I have found the following MySQL users for iRedMail:

  • amavisd
  • iredadmin
  • iredapd
  • roundcube
  • sogo
  • vmail
  • vmailadmin

Looking around, it looks like the password for these users are in various files, including /root/.my.cnf*

Does anyone know how to go about changing all of these passwords?

submitted by /u/MR2Rick
[link] [comments]
Search

LizardFS NFS-Ganesha

January 8, 2018, 5:21 pm
$
0
0

Running LizardFS 3.12 on Centos 7.4 wihout issue using the mfsmount command. This part works.

[root@client ~]# mfsmount /mfs/lizardfs mfsmaster accepted connection with parameters: read-write,restricted_ip ; root mapped to root:root [root@client ~]# ls -lh /mfs/lizardfs/ total 0 [root@client ~]#

I'm following https://docs.lizardfs.com/adminguide/gateways.html for setting up a NFS chunkserver but it fails with the following:

[root@chunkserver1 ganesha]# systemctl start nfs-ganesha Job for nfs-ganesha.service failed because the control process exited with error code. See "systemctl status nfs-ganesha.service" and "journalctl -xe" for details.

[root@chunkserver1 ganesha]# systemctl status nfs-ganesha -l nfs-ganesha.service - NFS-Ganesha file server Loaded: loaded (/usr/lib/systemd/system/nfs-ganesha.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2018-01-08 19:13:15 CST; 6s ago Docs: http://github.com/nfs-ganesha/nfs-ganesha/wiki Process: 10077 ExecStop=/bin/dbus-send --system --dest=org.ganesha.nfsd --type=method_call /org/ganesha/nfsd/admin org.ganesha.nfsd.admin.shutdown (code=exited, status=0/SUCCESS) Process: 10071 ExecStartPost=/bin/bash -c /usr/bin/sleep 2 && /bin/dbus-send --system --dest=org.ganesha.nfsd --type=method_call /org/ganesha/nfsd/admin org.ganesha.nfsd.admin.init_fds_limit (code=exited, status=0/SUCCESS) Process: 10070 ExecStartPost=/bin/bash -c prlimit --pid $MAINPID --nofile=$NOFILE:$NOFILE (code=exited, status=0/SUCCESS) Process: 10068 ExecStart=/bin/bash -c ${NUMACTL} ${NUMAOPTS} /usr/bin/ganesha.nfsd ${OPTIONS} ${EPOCH} (code=exited, status=0/SUCCESS) Main PID: 10069 (code=exited, status=2)

Jan 08 19:13:13 chunkserver1.local systemd[1]: Starting NFS-Ganesha file server... Jan 08 19:13:13 chunkserver1.local systemd[1]: nfs-ganesha.service: main process exited, code=exited, status=2/INVALIDARGUMENT Jan 08 19:13:15 chunkserver1.local systemd[1]: Failed to start NFS-Ganesha file server. Jan 08 19:13:15 chunkserver1.local systemd[1]: Unit nfs-ganesha.service entered failed state. Jan 08 19:13:15 chunkserver1.local systemd[1]: nfs-ganesha.service failed.

No idea what status=2/INVALIDARGUMENT is about.

Here's /etc/config/ganesha.conf (sorry for the bad copy and paste, line start at first pipe character and ends with pipe character):

EXPORT { # Export Id (mandatory, each EXPORT must have a unique Export_Id) Export_Id = 77;

# Exported path (mandatory) Path = "/mfs/chunk1"; # Pseudo Path (required for NFS v4) Pseudo = "/mfs/chunk1"; # Required for access (default is None) # Could use CLIENT blocks instead Access_Type = RW; Squash = None; Attr_Expiration_Time = 0; # Exporting FSAL FSAL { Name = LizardFS; # The address of the LizardFS Master Server or Floating IP hostname = "192.168.4.131; # The port to connect to on the Master Server port = "9421"; # How often to retry to connect io_retries = 5; cache_expiration_time_ms = 2500; } # Which NFS protocols to provide #Protocols = 3, 4; Protocols = 3;

}

LizardFS { # Is this a NFS metadataserver ? PNFS_MDS = false; # Is this a NFS dataserver and is it installed on an active chunkserver? PNFS_DS = true; }

NFSV4 { Grace_Period = 5;

}

I don't have experience with NFS-Ganesha but trying to setup a NFS v3 server for my network streamer (Mede8er MED600X3D) which doesn't use NFSv4.

Thanks for any pointers.

submitted by /u/dancerjx
[link] [comments]

Anybody here use Rancher? Would using Rancher help familiarize me with Kubernetes?

January 8, 2018, 10:27 am
$
0
0

Hey everyone,

I'm looking to learn more about Kubernetes and begin using it, and was wondering if installing and using it through Rancher would be a good idea.

Would Rancher give me the same command line interface as Kubernetes or is it a different one?

The documentation as far as installing Kubernetes looks really complex and I don't know if it'll be worth the time, especially if I could just use it through Rancher.

But if installing it on my own is the best way to learn then I'll guess I do that, any suggestions or advice?

submitted by /u/anacondapoint6
[link] [comments]

HA chicken and egg question.

January 8, 2018, 1:56 pm
$
0
0

Let's say you have an app server. You want HA. You do that by have an HA proxy in front of 2 app server. But then didn't we get back to square one because the single point of failure just got moved to that single haproxy server?

So fine we can do 2 x haproxy + corosync/pacemaker sharing the same IP, so even if 1 haproxy and appserver is down there is no downtime on the client side. However, that method is not really doable across the country, the two haproxy kind of need to be in the same site; what if that datacenter got a power outage etc?

So how does HA really get done in the industry?

submitted by /u/juniorsysadmin1
[link] [comments]

iRedMail and stored plaintext passwords?

January 8, 2018, 12:17 pm
$
0
0

I recently setup a iRedMail server (with a MySQL backend) and everything is working fine, so I am switching to maintenance mode.

In that spirit, I was investigating updating all of the iRedMail server passwords. In the process of my investigation, I discovered that all of the passwords are stored in plaintext in various config files.

From a security standpoint this seems like a bad idea and I was wondering if there was a better option.

submitted by /u/MR2Rick
[link] [comments]

unattended backup to google drive - how?

January 9, 2018, 2:25 pm
$
0
0

I want to start backing up my small home server to google drive - unattended, (gpg?-)encrypted.

I used to use duplicity with dropbox backend, but the "unattended" part didnt work, and then there was the API change, and the duplicity mailing list is not sure if v2 is really working.

What other, robust ways are out there? I dont want to fill up my cloud storage, so it should be able to remove old backup sets.

submitted by /u/bremen15
[link] [comments]

Can i resize the aws instance size in a node cluster in docker cloud

January 9, 2018, 9:51 am
$
0
0

we have 8 aws instances in our node cluster (m4.xlarge) .

Can i destroy the stack file and resize each instance size in aws console to m4.2xlarge and deploy the stack again ?

will this affect any of my services that has been already there on docker hosts ?

submitted by /u/aish33
[link] [comments]

The Machine [Linux Automation]

January 9, 2018, 2:14 pm
$
0
0

Over the past couple of years I've worked at organisations that have used a collection of common Linux server applications that became onerous to manage at scale, or too difficult for non-admins to help out with. For instance, I contracted to a military organisation and they were (unsurprisingly) seriously into fine-grained access control via sudo. I spent half of my time editing sudo files on hundreds of hosts as contractors joined and left, each requiring individualised access to specific systems.

What we ideally wanted was to 'outsource' the problem to the service desk with minimal input from us admins, but at the same time not inundate them with extra work. So I made an application to securely manage sudo files across all the systems, with built-in access control, automatic expiry of rules or users (like temp-contractors), automated distribution of sudoers files plus a bunch of other stuff from a point and click browser-based interface. It was a huge success and I received a pat on the head (but no extra money, yay government).

The last few places I've worked have had similar problems with other applications, Apache reverse proxy configuration, BIND DNS zone record administration, IP address allocation and management, and more recently managing Linux systems in bulk (managing updates, deploying applications, etc). Most of them had jumped on the configuration management / dev ops hype-train and found that in most cases these added as much administration as they solved, sometimes more. It was also difficult to switch between the tools as they all did things differently, needing specific configuration (each with their own funky names for the same thing) with no way to migrate between them.

I recently merged all these application tools together and called it the 'System Harmony and Integration Tool' but management didn't see the funny side of the acronym. So it was renamed to just 'The Machine'.

The Machine is designed to do, among other things:

  • IPv4 and IPv6 allocation, assignment and management including floating addresses
  • Detailed remote sudo management on a large scale
  • Apache Reverse Proxy and Redirect configuration
  • DNS Domains and Zone Records (BIND)
  • Bulk remote execution and reboot control of systems via SSH (D-Shell)
  • VMWare snapshot integration (via API)
  • Service dependency management and automatic dependency visualisation
  • Full auditability of actions
  • Icinga 2 configuration (beta)

I showed it to a new colleague today and he said "Why haven't I heard about this before?". I conceded that while I had plopped it onto GitHub I hadn't actually told the internet yet. Dear Reddit sysadmins, spin up a new CentOS 7 VM and help yourself (instructions and screenshots at the following):

https://github.com/ChipwizBen/TheMachine

I work on it in my spare time so things are added fairly regularly and I welcome any feedback or contributions.

If you got this far, thanks for reading the history. I hope The Machine is useful.

submitted by /u/TheITWarrior
[link] [comments]
Search

VirtualBox Host-Only Networking + TAP + ARP troubles...

January 9, 2018, 11:11 pm
$
0
0

So I do most of my development on an Ubuntu VM + macOs host and am learning about networking. Before describing the problem here's my network topology with (1) host-only networking between eth1 and vboxnet and (2) a bridge between tap0 and eth1.

---------------------------- -------------------------------- | Ubuntu VM | | macOS Host | | | | | | tap0 (Mac = A, IP = X) | | | | || | | | | bridge (Mac = B, IP = Y) | | | | || | | | | eth1 (Mac = C) <===========> vboxnet (Mac = D, IP = Z) | | | | | ---------------------------- --------------------------------

Before creating bridge, eth1 had IP X. With this setup "ip route Y" indicates a path through the bridge. Pinging the macOS host on IP Y from the Ubuntu guest works great. Now onto my problem...

I'm writing raw ethernet frames tap0, specifically ARP requests for IP Y. "tshark -i eth1" on the VM shows the ARP frames from tap0 being forwarded onto eth1 with the proper MAC addresses (HwSrc = A, HwDst = Broadcast, IpSrc = X, IpDst = Z). Likewise, wireshark on the macOS host is confirms these frames showing up on vboxnet and in return my host sends ARP responses on vboxnet with (HwSrc = D, HwDst = A, IpSrc = Z, IpDst = X).

However, these responses are not showing up on eth1 in the VM! I can clearly see the ARP rquests being forwarded with "tshark -i eth1" but no responses. Struggling to figure out why the ARP requests can go from eth1 -> vboxnet but the ARP responses get dropped/filterd-out from vboxnet -> eth1.

Any tips?

Update: Set bridge to act as a hub via "sudo brctl setageing bridge 0" but that didn't see to help.

submitted by /u/kambabamba
[link] [comments]

HP renamed their firmware RPMs...

January 10, 2018, 3:00 am
$
0
0

So now rather than just chucking the latest system RPMs in our repo and letting our auto-updater handle the firmware upgrade I now either have to rebuild all future RPMs with the old naming scheme, or remove old package style and install new package style.

Change for the sake of change.

submitted by /u/bippity12
[link] [comments]

Help! - Career Day Presentation Activity

January 10, 2018, 9:06 am
$
0
0

So I've made the great choice to go speak with my son's school for career day (4th & 5th Grade [9 - 11 yr olds]). I'll be presenting to 9 different groups of kids (20 per group) for 40 minutes at a time.

The school wants there to be a hands on activity for half of the 20 minutes. So far I've considered using some of the offline activities from Code.org but those seem lame.

I'll have some hardware with me to show off to the kids but not enough where I could have all the kids have their own server to take a part or put together. I also won't have access to a computer lab area.

This is where I could use some help r/linuxadmin. What suggestions do you all have for a hands on activity that would demonstrate a similar task / process that we linux admins have to deal with on the regular?

submitted by /u/ryan8403
[link] [comments]

how to import plugins in jenkins?

January 10, 2018, 12:58 pm
$
0
0

So I have two jenkins box. one old jenkins box with bunch of plugins, the other slightly different jenkins box that's clean.

How can I import all the plugins from the old jenkin box to the new jenkin box? I am not going to click through 100+ plugins via gui. Is there a faster way?

submitted by /u/juniorsysadmin1
[link] [comments]

Noob questions about partitioning - lvm - parted - fdisk

January 10, 2018, 11:56 am
$
0
0

Assuming I have a full hard drive at my disposal.

Do I have to create a LVM partition with parted or fdisk to use a disk with LVM? Or does pvcreate-vgcreate-lvcreate will take of that?

Then of course I will have to do mkfs to create the filesystems that I want (boor, home, whatever).

Yes, no? Where am I wrong?

Thank you.

submitted by /u/whateverbarever
[link] [comments]

jenkins server host key rejected.

January 10, 2018, 3:06 pm
$
0
0

I have 2 box.

cloudbees and slavebees.

I have a test job running designating the job to run on slavebees. However, I am getting the following error. 

Jan 10, 2018 3:05:54 PM [ssh] Opening connection to slavebee-1.production-dr.squaretrade.com:22 as jenkins (login on slavebees) Jan 10, 2018 3:05:54 PM [ssh] Authenticating... Jan 10, 2018 3:05:54 PM [ssh] Verifying server host key... Jan 10, 2018 3:05:54 PM [ssh] ECDSA key fingerprint is SHA256:Laslkdjflkasjdfljsaldfjlasdfjlw Jan 10, 2018 3:05:54 PM [ssh] Server host key rejected Jan 10, 2018 3:05:54 PM [ssh] Authentication failed.

That is odd because from cloudbees using the id_rsa i can ssh as jenkins to the slavebees with strictkeyaccess as ssh -o option.

What can I be missing here?

submitted by /u/juniorsysadmin1
[link] [comments]

inodes got filled one of my instance in aws but there is lot of space left on the disk..... so to increase the inodes is it sufficient to increase the EBS volume size ?

January 10, 2018, 4:16 pm
Search

Does anyone know how to use policyd-rate-limiter?

January 11, 2018, 6:01 am
$
0
0

Hey guys

I have a linux server that runs IMSCP 1.5.1. I need to set up a global outgoing rate limit for all email users. The server is running latest debian, and in the apt repo I have something called policyd-rate-limiter which judging by it's lackluster documentation should be perfect for what I intend to achieve.

This is the documentation I followed:

https://pypi.python.org/pypi/policyd-rate-limit

According to this I should put this into my main.cf

smtpd_recipient_restrictions = ..., check_policy_service { unix:ratelimit/policy, default_action=DUNNO }, ...

I do that, and I see in the syslog that it does something with what looks like incoming emails not outgoing? Anyways the limits don't work. So if anyone has some advice or experience in this I would gladly get them a reddit silver.

Thanks in advance.

submitted by /u/saffer001
[link] [comments]

Proftpd question for a very new Linux user/admin

January 11, 2018, 9:06 am
$
0
0

Can you limit what users see if using a program like FileZilla to upload or download? I was able to set users to only see their home directory if they login via the address bar, but if they login in with Filezilla they are able to access everything. Is there a way to change this? Or possible a work around for this?

I am very new to Linux and the IT world so if you could explain things as simple as possible, that would be great, thanks.

submitted by /u/newITuser
[link] [comments]

Xen HVM, Grub, partition tables and file images.

January 11, 2018, 8:42 am

Has anyone used Veeam for backing up their linux systems?

January 11, 2018, 11:52 am
$
0
0

I'm trying to find a backup software to use for a future tape library I plan to purchase. I'm currently using Arkeia but it has been EOL for a while now and I need to move to something else. When I've talked to most of the backup vendors, they mention Veeam as the primary backup software they recommend but it seems like it's more for Windows than for Linux even though it supports Linux clients. Does anyone have experience with it? I don't mind setting up a Windows system in our primarily Linux cluster if it backs up our Linux systems well.

Thanks in advance!

submitted by /u/polkaron
[link] [comments]

SSH Through a Jumpbox to a Protected Server - the Easy Way

January 3, 2018, 7:04 am
Viewing all 17870 articles
Browse latest View live
Search