Linux

Update GNOME Keyring Password

Especially in enterprise environments, authentication is done not through /etc/passwd, but via SSSD/LDAP/IPA. In this case, when your password is changed, it isn't updated in GNOME keyring. This can lead to an annoying popup every time you log in to a Linux workstation asking you to "unlock your keyring because it wasn't done when you signed in."

To update your GNOME keyring password, open Seahorse. Seahorse is the GUI manager for GNOME keyring. It can be accessed by running the seahorse command, or opening the Encryption and Keys manager in most distros.

From there, find Passwords > Login in the left panel. Right click on it and click Change Password. You'll be prompted to enter your old password -- that is, your password before it was changed. Then, enter your new password. It should match the password used to sign in to the computer exactly.

If you updated the password to match your sign in password, your GNOME keyring should be unlocked automatically upon sign-in.

Spacewalk

Spacewalk

Installing Spacewalk Server on RHEL/CentOS/SL 7

This is my method for installing Spacewalk server on RHEL7 -- this works for CentOS7 and Scientific7. Spacewalk is a system management and automation server for RHEL based systems.

Learn from my mistakes:

If you're installing Spacewalk in a VM, make sure you give it at least 25GB of space to be safe. I left it on the default 10GB, and the 6GB left-over after installing SL7 wasn't enough space to initialize the Postgres database.

Install Spacewalk

Spacewalk depends on several EPEL packages, including OpenJDK, so we'll make sure the EPEL repository is installed:
# yum install epel-release

Now, we'll install the Spacewalk repository:
# rpm -Uvh https://copr-be.cloud.fedoraproject.org/results/@spacewalkproject/spacewalk-2.9/epel-7-x86_64/00830557-spacewalk-repo/spacewalk-repo-2.9-4.el7.noarch.rpm

Update the system:
# yum clean metadata && yum update

Spacewalk requires a database backend. By default, it can configure and install PostgreSQL:
# yum install spacewalk-setup-postgresql

Finally, install Spacewalk with the Postgres backend (this one will take a while):
# yum install spacewalk-postgresql

Configure the Firewall

Spacewalk uses HTTP/S to communicate with the client machines. Port 5222 is also opened. This allows the Spacewalk server to push instant commands to the client machines over a tunnel.

Enable HTTPS:
# firewall-cmd --add-service=https --permanent

Enable HTTP:
# firewall-cmd --add-service=http --permanent

Enable Port 5222:
# firewall-cmd --add-port=5222/tcp --permanent
# firewall-cmd --add-port=5222/udp --permanent

Reload the Firewall:
# firewall-cmd --reload

Configure Spacewalk

Spacewalk requires a FQDN for the server to function properly. If you're working in an environment with a local DNS server, set it up that way. If you're not, modify the /etc/hosts file to include the following, or similar to your environment:

10.0.9.117	spacewalk.glmdev.local	spacewalk

Now, run the Spacewalk configuration command:
spacewalk-setup

You'll need to provide the following:

  • An administrator's email-address
  • Confirmation to configure Apache2 with default SSL settings
  • A CA certificate password for the Spacewalk self-signed certificate
  • Organization and location information for said certificate
  • Confirmation to enable tftp and xinetd

After the wizard completes, we can open the web portal by visiting the FQDN of the host. You'll receive a certificate error because the certificate is self-signed. Add an exception and continue. You'll then be prompted to create an administrative user for your organization. After creating the user, you'll be dropped at the Spacewalk portal!

Spacewalk

Software & Configuration: Setting Up Spacewalk Channels

RedHat Satellite, and by extension Spacewalk, uses a system of channels to organize the software and configuration available to registered systems. In fact, those are the two main types of channel: software and configuration. Software channels contain a collection of repositories and packages that are made available to systems in that channel. Configuration channels contain a number of centrally-managed configuration files that can be deployed to systems registered in that channel.

In this guide, we'll look at basic setup of each type.

Creating Software Channels

Create a Base Channel

Sign in to the Spacewalk web portal. Then, navigate to Channels > Manage Software Channels > Create Channel. Fill in the channel name and label (these are usually the same) and the summary. Then, click Create Channel.

We're going to start off by creating a base channel for CentOS7 machines.

Create Channel

Add the Repositories

Next, we'll add the CentOS7 base repositories to our channel. Navigate to Manage Repositories > Create Repository. Fill in the repository label, repository URL, and select the repository type. For example, for the CentOS7 os repository:

Create Repository
Note: The repository URL should be the location that contains the repodata directory.

In this example, I repeated this process to add the CentOS7 extras and updates repositories.

Assign Repositories to the Channel

We need to tell the base channel we created to use the repositories we just added. To do this, navigate to Channels > Manage Software Channels > channel name > Repositories. Here, select the repositories we just added and click Update Repositories.

Add Repositories to Channel

Create a Child Channel

We're also going to create a child channel. This channel will fall under the base CentOS7 channel we created, but it will provide additional repositories and software. As an example, we're going to create a channel that provides the MariaDB repositories for EL7. To do this, basically repeat the same process.

Navigate to Channels > Manage Software Channels > Create Channel. Provide a channel name, label, and summary. This time, in the Parent Channel drop-down, select the centos7-base channel we created earlier. This will establish the new channel as a child of that channel.

Add the Repository

Navigate to Channels > Manage Software Channels > Manage Repositories > Create Repository. Provide the name, URL, and type of the MariaDB repository.

In our example, we used the following:

Repository name: el7-mariadb
Repository URL: http://yum.mariadb.org/10.3/centos7-amd64/
Repository type: yum

Assign the Repository to the Channel

Navigate to Channels > Manage Software Channels > child channel name > Repositories. Select the MariaDB repository we just added, and click Update Repositories.

Syncing Repository Packages

Spacewalk caches local copies of all the packages for the repositories we add. This allows it to offer those packages to registered clients with lower internet bandwidth costs, especially across larger deployments. Since all of our CentOS7 clients will already have access to the main repositories, we won't bother caching the entirety of the CentOS mirror for this example. We will, however, sync the much smaller MariaDB repository so our clients can access its packages.

To do this, navigate to Channels > Manage Software Channels > MariaDB channel > Repositories > Sync > Sync Now. This will manually start downloading and indexing the packages from the repositories. On the same page, you can create a schedule to automatically sync the repositories.

Note:
This will take a while, even if the repository is relatively small. One way to view the progress of the sync process is by navigating to /var/sattelite/redhat/1/stage. The stage folder is where Spacewalk downloads the packages to before it sorts them to other folders in the 1 directory (where 1 is the ID of the Spacewalk group in question). You can roughly gauge the sync process by seeing how many packages are in this folder.

When the sync process finishes, you should be able to view all the repository's packages by navigating to Channels > Manage Software Channels > MariaDB channel > Packages > List / Remove Packages.

Creating Configuration Channels

Similar to software channels, Spacewalk uses configuration channels to make custom configuration files available to clients subscribed to that channel. These configuration files can be pushed to the clients from the Spacewalk control panel. In this example, we'll create a configuration channel with a fake configuration file, /root/test.conf.

Create the Configuration Channel

Navigate to Configuration > Configuration Channels > Create Config Channel. Give the channel a name, label, and brief description.

Add the Configuration File

To add the /root/test.conf configuration file, navigate to Configuration > Configuration Channels > test channel > Add Files > Create File. Give the file a fully-qualified filename. You can change the file owner and permissions, then fill in the contents in the text field below.

Create a Config File

Then click Create Configuration File. Spacewalk will save the configuration file. You'll notice that it drops you on a page called "Revision 1 of /root/test.conf." This is because Spacewalk will allow you to revise your configuration files and it will track the changes. You can deploy different revisions to different hosts.

Learn from my mistakes:
By default, adding an external repository to a channel (like the MariaDB repository) doesn't add its GPG key to the registered hosts. This means that, without providing the GPG key to the clients, they will be unable to install the software. We'll cover this in the Registering Clients section, but this can be done by pushing the GPG key via a configuration channel to /etc/pki/rpm-gpg and importing it via rpm.

Spacewalk

Registering Spacewalk Clients

Now that we've set up Spacewalk server and created some software and configuration channels, we can register clients against the server and set them up to be managed by Spacewalk. This is done by creating an activation key in the Spacewalk server, installing the client services on the remote machines, then using the activation key to register them.

Create an Activation Key

Log in to the Spacewalk administration panel and navigate to Systems > Activation Keys > Create Key. Give your key a description, key-code for remote systems, select the base channel for systems registered with the key, and (optionally) limit the number of times the key can be used. If you leave the "Usage" box blank, the key can be used to register an unlimited number of systems.

Create a New Activation Key

Customize Activation Key Packages

You can configure Spacewalk to automatically install a list of packages on clients when they are registered with a given activation code. You can configure this by navigating to Systems > Activation Keys > key name > Packages and entering a list of package names with one package per line. These packages should be available in the channels with which the activation key is associated.

Specify a List of Packages

Register Client Systems

Now that we have software and configuration channels created and registered with an activation key, we can register client systems to be managed by the Spacewalk server.

Prerequisites (EL7)

The Spacewalk client packages have dependencies in the EPEL repositories. Install those:

# yum install epel-release -y

Next, install the EL7 Spacewalk client repository:

# rpm -Uvh https://copr-be.cloud.fedoraproject.org/results/@spacewalkproject/spacewalk-2.9/epel-7-x86_64/00830557-spacewalk-repo/spacewalk-client-repo-2.9-4.el7.noarch.rpm

Finally, install the required client packages:

# yum install -y rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin osad rhncfg-actions rhncfg-management

Prerequisites (Fedora)

Install the Fedora Spacewalk client repository:

# dnf copr enable @spacewalkproject/spacewalk-2.9-client

Install the required client packages:

# dnf -y install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto dnf-plugin-spacewalk osad rhncfg-actions rhncfg-management

For the interested:

rhncfg-actions and rhncfg-management are daemons that allow Spacewalk to manage configuration files

osad is a real-time messaging daemon that Spacewalk uses to communicate with the host

yum-rhn-plugin is a plugin for YUM that allows Spacewalk to dynamically manage the repositories it has access to

m2crypto is a Python wrapper for OpenSSL that secures communications between Spacewalk clients and the server

rhnsd and rhn-check are tools and background services that polls the Spacewalk server to check for new actions

rhn-client-tools and rhn-setup provide the core functionality of Spacewalk management and setup processes

Install the Spacewalk Server CA Certificate

Spacewalk uses a self-signed SSL certificate to communicate with the registered clients. This prevents 3rd-parties from intercepting and modifying Spacewalk communications. To allow Spacewalk to manage the clients, we need to install the Spacewalk server's certificate authority. This can be done two ways.

Copy the CA file manually:

# scp root@spacewalk.server.url:/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

Install the generated CA package:

# rpm -Uvh http://spacewalk.server.url/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm

Register the Spacewalk Client

We can now register the client against Spacewalk server. Depending on how many packages your activation key specifies to install, this may take a while.

# rhnreg_ks --activationkey="1-yourkeyhere" --serverUrl=http://spacewalk.server.url/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

Learn from my mistakes:

Spacewalk server supports multiple organizations per server. As such, it prefixes each activation key with the ID number of the organization. In most cases (i.e. if you're only using Spacewalk with one organization), this ID number is "1". Hence, you need to prefix the activation code you created with 1- to specify the organization.

Now, do an initial sync with the Spacewalk server:

# rhn-profile-sync

Enable Required Background Services

Spacewalk relies on either a real-time messaging daemon or periodic check-ins from registered systems to push management actions. As such, we need to enable the OSA Daemon service and enable all RHN control actions (which Spacewalk uses to push centrally-managed configuration files).

# systemctl enable osad
# systemctl restart osad
# rhn-actions-control --enable-all

Finally, it's a good idea to do one last profile sync to make sure Spacewalk sees that the required daemons are running:

# rhn-profile-sync

Success!

At this point, you should be able to navigate to Spacewalk > Systems and see the newly registered systems.

Systems Overview Page

Spacewalk

Misc Tips & Tricks

Increase Max Configuration File Size

When using Spacewalk, I discovered that the default file size limit for configuration files is 128KB. I was trying to upload a 5MB binary file. To increase this limit:

  1. Edit /etc/rhn/rhn.conf on the Spacewalk server.
  2. Append the following to the end of the file (slightly less than 50mb in bytes):

    web.maximum_config_file_size = 50000000
    maximum_config_file_size = 50000000
  3. Save and exit.
  4. Restart Spacewalk with:  # spacewalk-service restart

Source for this one.

Do What?

Do What?

Installation & Setup

Do What? adds the wh command to your given shell. This command attempts to save time for users navigating the command line by opening and displaying info about files and directories automatically based on what they are.

Do What? currently has installers only for RPM based systems, but other support is in the works.

Installation (Fedora)

Repository Setup

Do What? is available as a package in the glmdev Fedora software repository. To add this repository to your system, create the following file and add the repository information in it:

/etc/yum.repos.d/glmdev.repo

[glmdev]
name=glmdev RPM repository
baseurl=https://static.glmdev.tech/repos/fedora/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://static.glmdev.tech/repos/RPM-GPG-KEY-glmdev
Installation

Install the Do What? package like so:

# dnf install dowhat

Setup

Do What? ties into your preferred shell using a function called wh. This is done by adding a line to your shell's config file.

Bash Family

Add the following line to your ~/.bashrc or ~/.bash_profile:

source <(dowhat bash)

Fish / C-shell Family

Add the following line to your ~/.config/fish/config.fish or ~/.cshrc:

dowhat fish | .

Installing MATLAB on Linux

Not enough space in /tmp

I got this error when trying to install MATLAB on Fedora 29. This is because, by default, Fedora limits the size of the /tmp partition. You can temporarily expand it like so (it will revert on next reboot):

mount -o remount,size=20G,noatime /tmp

Hangs on Startup/Splash Screen

This is usually due to two things: bad embedded freetype libraries, and a missing system library. Correct like so:

dnf install -y libnsl

rm -rf /usr/local/MATLAB/{version}/bin/glnxa64/*freetype*

Not Executable by This User/Matlab won't run

When MATLAB installer is run as root, this permission error can happen. It's bad form, but I did:

chown -R glmdev:glmdev /usr/local/MATLAB

chmod +x /usr/local/bin/matlab

Get Log File from Startup

matlab -desktop -logfile {filename}

Installing Mathematica on Linux

Won't Launch - "libfontconfig.so undefined symbol"

This is because Mathematica ships with some weird libraries. I'm not sure why this fix works, but it does. Delete the following (assuming that Mathematica is installed to the default dir):

rm -rf /usr/local/Wolfram/Mathematica/{VERSION}/SystemFiles/Libraries/Linux-x86-64/zlib*

rm -rf /usr/local/Wolfram/Mathematica/{VERSION}/SystemFiles/Libraries/Linux-x86-64/*freetype*

Wayland!

Run GUI Apps As Root

Okay, so this doesn't work by default for a reason. It's a bad idea to run GUI apps as root, as it gives them access to X.org/Xwayland/Wayland/etc. But, if you MUST do it (*cough* MATLAB *cough*), here's how:

Allow Root Control of Wayland:

xhost si:localuser:root

Revoke Root Control of Wayland When Finished:

xhost -si:localuser:root

Guake F12 Toggle Doesn't Work!

This is a problem that occurs when Guake is installed on Wayland. It occurs because Guake can't add register the default keybinding with GNOME. You can fix this by adding it yourself:

  1. Open the GNOME dash and search for "Keyboard." Open the keyboard shortcut settings.
  2. Scroll to the bottom and create a new global shortcut:
    1. Name: Guake
    2. Command: guake -t
    3. Shortcut: F12

Source for this one here.

Personal Config Notes

Personal Config Notes

Gnome Extensions I Use

  • Arc-Dark Theme (not an extension, I know)
  • AlternateTab
  • Bing Wallpaper Changer
  • Blyr
  • Dash to dock
  • No title bar
  • Panel osd
  • Places status indicator
  • Removable drive menu
  • Remove dropdown arrows
  • User themes
  • Windowoverlay Icons
  • KStatusNotifierItem/AppIndicator Support
  • Handy scripts

RPM/YUM/DNF

RPM/YUM/DNF

DNF

View User Installed Packages

This is suuuuper helpful for seeing what software I manually installed in a distro:

sudo dnf history userinstalled

RPM/YUM/DNF

Misc

RPM Search!

https://rpmfind.net/linux/RPM/index.html

Python

Python3 Packages Out-of-the-box:

  • python3-devel
  • python3-magic
  • python3-numpy
  • python3-opencv
  • pip3

Virtualenvs for Fish!

https://github.com/adambrenecki/virtualfish

Create a new venv: vf new {name}

Use venv: vf activate {name}

Stop using venv: vf deactivate {name}

Misc

Allow Executable to Bind Ports < 1000

sudo setcap CAP_NET_BIND_SERVICE=+eip /path/to/binary

Original Source