Tuesday, August 14, 2018

How to allow non-root users to control system.d services/utilities that needs root permissions.

How to allow non-root users to control system.d services/utilities that needs root permissions.

By default sudo is not installed on debian. So, install sudo
apt-get install sudo -y

Add current user to sodoers list
usermod -a -G sudo vq

Change editor for visudo (I love vim). 
update-alternatives --config editor

Let's give user perrmision to reboot without password. First off all we should change configuration in /etc/sudoers file. In order to edit the fiole  use visudo:
vq ALL=NOPASSWD:/sbin/reboot

Usage (password is not required)
sudo reboot

Now let's allow user to access concrete system.d service without password. For example let's do it for firewalld service.

Create file
cd /etc/sudoers.d
touch vq
vim vq

Add the following configuration
%vq ALL= NOPASSWD: /bin/systemctl start firewalld
%vq ALL= NOPASSWD: /bin/systemctl stop firewalld
%vq ALL= NOPASSWD: /bin/systemctl status firewalld

Usage (password is not required)
sudo systemctl start firewalld
sudo systemctl stop firewalld
sudo systemctl status firewalld

Note that my user and group is called vq

.
Posted by at No comments:

Friday, July 27, 2018

synchronise time using ntpd and timesyncd

Imagine that you have many servers. It's important to have synchronized time between our servers - at least the log files should have same time in order to find out the correct sequence of the processes. We can use the following tools for time synchronization
  • ntpd - powerfull Network Time Protocol Daemon. Full implementation of  NTP protocol
  • systemd-timesyncd - it is lightweight daemon for synchronizing the system clock. This client implements an SNTP.  if we  have ntpd daemon we can use ntpdc - utility program used to monitor NTP daemo (now it's deprecated and we use ntpq).  If we have systemd-timesyncd we can use  timedatectl - it has very beautiful configurations and controls the system time/date very well.
  • chrony is also full implementation of NTP. it has really great performance because It quickly detects sudden time changes like ntpd.   
  • OpenNTPD - It's part of the Open BSD project that also implements NTP protocol.
There are another implementations too but know let's talk for about ntpd and timedatectl.

 How to Configure ntpd

  • Install and enable ntpd for CentOS:
yum install ntpd
systemctl enable ntpd
firewall-cmd --add-service=ntp --permanent
  • Install and enable ntpd for Debian:
apt-get install ntpd
apt-get install ntpdate
  • Add pools in  /etc/ntp.conf  server configuration
server 0.[YOUR_POOLl]
server 1.[YOUR_POOLl]
  • Add local clock in  /etc/ntp.conf  server configuration.  For example, we can add local clock as a stratum 10  server or we  can set up to stratum 15 - so that it will never be used unless internet access is lost.
server  127.127.1.0 
fudge   127.127.1.0 stratum 10
  • Add pool adress in /etc/ntp.conf client configuration
server  X.X.X.X
  • Force update time, we can create crontab too (optional)
ntpdate -u X.X.X.X
  • Start ntpd service for CentOS:
systemctl start ntpd
  • Start ntpd service for Debian:
service ntp start  or systemctl start ntp

Let's check if everything works well and print all the peers of the servers
[vq@centos etc]# ntpq -p
 remote   refid  st t when poll reach delay  offset jitter
===========================================================
*LOCAL(0) .LOCL. 10 l 40  64   17     0.000  0.000  0.000

 How to Configure timesyncd

Because of we have installed ntpd we can't use systemd-timesyncd. Even if you try to use systemd-timesyncd service you will have the follolwing error:

vq@debian:/var/log# systemctl status 
systemd-timesyncd.service
● systemd-timesyncd.service - Network Time Synchronization
   Loaded: loaded 
(/lib/systemd/system/systemd-timesyncd.service;
 enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/systemd-timesyncd.service.d
           └─disable-with-time-daemon.conf
   Active: inactive (dead)
Condition: start condition failed at 
Fri 2018-07-27 13:31:23 +04; 35s ago
           └─ ConditionFileIsExecutable=
!/usr/sbin/ntpd was not met
     Docs: man:systemd-timesyncd.service(8)


So we should remove ntpd if we want to use  timesyncd and timedatectl. You can find  timesyncd configuration to the following URL:

/etc/systemd/timesyncd.conf

[Time]
NTP= ${URLS}
FallbackNTP=${URLS}
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048
  • check if NTP synchronization is enabled  
 
vq@debian:/etc# timedatectl
      Local time: Fri 2018-07-27 13:27:36 +04
  Universal time: Fri 2018-07-27 09:27:36 UTC
        RTC time: Fri 2018-07-27 09:46:02
       Time zone: Asia/Tbilisi (+04, +0400)
 Network time on: YES
NTP synchronized: YES
 RTC in local TZ: YES
Posted by at No comments:

Friday, July 13, 2018

How to install JDK on linux and how it really works?

How to install JDK on linux and how it really works?

You may , well, ask me the question - which installation file should you download for your Linux. You know, you have many options: prm or deb or tar.gz


What is difference between rpm and deb file formats?

  • RPM and DEB files files provide an easy way for software to be distributed, installed, upgraded, and removed 
  • tag.gz is g-zipped tar file. You should download it if you are going to install JDK manually.

What is difference between deb and rpm file formats?

To be honest, therey are both archive files, with some metadata. In order to install deb file you need dpkg - this is package manager for Debian-based systems like Ubuntu, Debian etc. For rpm file format we use RPM Package Manager.

What about dependency problem?

Everything seems great but sometimes we have dependency problems.  In the other words, we had better install all dependencies for our program to work correctly.  Therefor RPM and dpkg  is unable to automatically do it.   Fortunately we have many tools in order to sole the problem:

  • APT (the Advanced Packaging Tool) to install, update and remove software  on Debian-based systems. 
  • YUM  package-management utility that uses the RPM Package Manager.
  • Zypper this is my favorite  package manager for installing, updating and removing packages as well as for managing repositories.  

How To install RPM format JDK on linux?


This method is suitable for SUSE/Arch/Fedora/CentOS/RedHat etc. You should just have RPM package manager.
 
  •  Download oracle jdk RPM package
  • To install using terminal type: `rpm -ivh {jdk-name-version}.rpm`
  • Run the following commands
update-alternatives --install /usr/bin/java java /usr/java/latest/bin/java 100
update-alternatives --install /usr/bin/javac javac /usr/java/latest/bin/javac 100
view raw update_java_path.sh hosted with ❤ by GitHub
  • Set default Java for in system

update-alternatives --config java
update-alternatives --config javac
view raw default_java.sh hosted with ❤ by GitHub



  

How to install  tar.gz format zypped JDK on linux?


  •  Download oracle jdk tar.gz
  •  mkdir /opt/jdk
  •  tar -zxf {jdk-name-version}.tar.gz -C /opt/jdk
  • update-alternatives --install /usr/bin/java java /opt/jdk/{jdk-name-version}/bin/java 100
  • update-alternatives --install /usr/bin/javac javac /opt/jdk/{jdk-name-version}/bin/javac 100
Check if java is installed

  •  update-alternatives --display java
  •  update-alternatives --display javac
 Set default Java for in System
  •  update-alternatives --config java
  •  update-alternatives --config javac


Posted by at No comments:

how to change shceduler times in spring

How to change scheduler times in Spring

 

Imagine that you have scheduler but you want to change time at runtime. What Can you do? Off-course there are ways do solve the problem. So In this article I will write how to implement Trigger interface that is located to the following package: org.springframework.scheduling in the spring-context project.

1. First off all, let's create interface for our logic:

























2. In Spring we have org.springframework.scheduling.Trigger interface:
























So we can write our own implementation. It's very simple. We should just overwrite nextExecutionTime(_) method.  Something like that:



3. Now we can write configuration.





In this example we just choose ThreadPoolTaskScheduler that is child ofTaskScheduler interface.


4. So what is the next? Let's see how to use our scheduler. Everything is simple:



That's it!

Goodbye!
Have good day!
Posted by at No comments:

Tuesday, January 16, 2018

Running rsync as a daemon



rsync is a very flexible utility for  transferring and synchronizing files across computer systems. For example, when we want to run updates to the remote devices, we can just update some files in the rsync server and another remote devices will receive the updated files automatically.







Rsync has three ways to decide if a file is outdated:
  1. Compare size of files
  2. Compare timestamps
  3. Compare static checksums

So we can choose   --size-only, --ignore-times or ---checksum option in order to decide how to compare files.


Let's write little example

  • Let's create some directory and write some files in it. The idea is the following: if we add any files in the directory , remote devices will revieve that files (any devices who have rsync client)

mkdir /opt/{my_app_settings}/dev/
  •  Edit rsyncd.conf file and write configurations. I have created 2 configuration. But before editing the file imagine that some remote devices mught need to revieve files from different directory. We have already created directory named "dev" but we can also can create another directory. For example let's create another directory named "prod". So rsync client will decide which directory to use  - in the other words where to get files. So our configuration looks like that:

[dev] 
path = /opt/{my_app_settings}/dev 
read only = true
uid = root
gid = root


[prod]
path = /opt/{my_app_settings}/prod 
read only = true 
uid = root 
gid = root

  • Run rsync daemon

 rsync --daemon

  • Run rsync client in order to retrieve new files:

  rsync -rtv root@IP::dev {destionation_directory}


Also we can create sheduler in order to execute auto synchronization.

 crontab -e

If you want to run cron job every 1 minute, write the following  cron config




  • Cron examples 


Every 1 minute     * * * * * 
Every 15 minutea   */15 * * * * 
Every 30 minutes   */30 * * * * 
Every 1 hour       0 * * * * 
Every 6 hours      0 */6 * * * 
Every 12 hours     0 */12 * * * 
Once a day         4 0 * * *
Once a week        4 0 * * 0 
Once a month       4 0 1 * *


Now just verify your cron job

 crontab -l
Results should be something like that:

Posted by at No comments:

Tuesday, October 3, 2017

Debian 9 touch screen calibration (ENG)


Touchscreen mouse calibration is tested for the following OS:


  • Description: Debian GNU/Linux 9.1 (stretch)
  • Release: 9.1
  • ernel: Linux 4.9.0-3-686-pae
  • Architecture: x86


For touch screen we can use libinput or evdev driver. Libinput replaces the evdev driver. The configuration below is created for evdev. In the other words We use evdev.


  • Get information about xserver-xorg-input.



dpkg -l | grep xserver-xorg-input


Result:




As we see there is no evdev driver.


  • Let's install evdev driver.


apt-get install xserver-xorg-input-evdev


  • Check if evdev driver is installed



dpkg -l | grep xserver-xorg-input


Result:







  • Check if configuration files are in /usr/share/X11/xorg.conf.d directory.



cd /usr/share/X11/xorg.conf.d
ls

result:

 

10-amdgpu.conf 10-evdev.conf 10-quirks.conf 40-libinput.conf 70-wacom.conf


  • now remove libinput driver or we can just remove touch screen section from libinput driver configuration file.


in order to remove libinput driver with dependent packages:


 

apt-get remove --auto-remove xserver-xorg-input-libinput


in order to disable libinput touch scree:

open 40-libinput.conf and remove a touchscreen InputClass Section that is shown in image below.




  • now install xinput-calibrator




sudo apt-get install xinput-calibrator


  • Check if you need to swap axes. if you need to swap just run:



xinit set-int-prop "eGalax Inc." "Evdev Axes Swap" 8 1


  • Run calibrator to get correct x,y positions.

 

xinput_calibrator --output-type xinput

The result will be like this:





Now everything should be fine, but if we want to make calibration permanent (after system restart),  open 10-evdev.conf config, find touch screen section and add "Calibration" and "SwapAxes" entries.





If we don't want to touch evdev configuration we can run the folloing command after X11 load:



xinput set-prop "eGalax Inc." "Evdev Axis Calibration" 1543, 222, 409, 1582
xinput set-prop "eGalax Inc." "Evdev Axes Swap" 1
if you want to configure libinput instead of evdev, remove evdev driver and install lib input if the last one is removed:

dpkg -P xserver-xorg-input-evdev
apt-get install xserver-xorg-input-libinput
Posted by at 6 comments:

Wednesday, May 24, 2017

dnsmasq in Gnu/Linux



dnsmasq არის DNS forwarder და ასევე შეგვიძლია გამოვიყენოთ როგორც DCHP სერვერად. სხვა სიტყვებით რომ ვთქვათ dnsmasq საშუალებით ჩვენ შეგვიძლია DNS ის ქეშირება/ჩვენ გემოზე კონფიგურაცია სიჩქარის გასაზრდელად,  ასევე  როუტების,  internal IP გასაწერად.

მიუხედავად იმისა, რომ პირადად Open Suse Leap ზე ვმუშაობ, უნდა ვაღიარო,   ერთერთი ყველაზე კარგი დოკუმენტაცია  archlinux აქვს.  შესაბამისად,  ზოგჯერ, arch ის დოკუმენტაციაშიც ვიხედები. ხშირად ბევრი რამე პირდაპირ ემთხვევა.  მოკლედ, დეტალებში თუ დაგაინტერებთ იხილეთ შემდეგი ლინკი.




პატარა მაგალითი მოვიყვანოთ:

წარმოიდგინეთ მუშაობთ კომპანიაში სადაც გაქვთ შიდა DNS სერვერი.  როგორც Google-ს მოყვარული ჩემთვის პრიორიტეტი ყოველთვის 8.8.8.8 არის, გამომდინარე იქიდან, რომ ხშირად ვაწყდები ისეთ სიტუაციას, როდესაც შიდა DNS სერვერი ცუდად მუშაობს.

გამოსავალი:

1. მოვახდინო ქეშირება.
2. თუ შიდა სერვერი არაა, გავიდე გუგლის DNS მეშვეობით.


 პირველ რიგში ვნახოთ, dnsmasq თუ გვიყენია.  დაყენების ინსტრუქცია just google (გააჩნია დისტროს  zypper, apt-get, yast, etc...)

 სტატუსი:

vq@local:/etc/NetworkManager> sudo systemctl status dnsmasq.service 
root's password:
dnsmasq.service - DNS caching server.
   Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; 
 vendor preset: disabled)
  Drop-In: /run/systemd/generator/dnsmasq.service.d
           └─50-insserv.conf-$named.conf
   Active: active (running) since Wed 2017-05-24 11:22:19 +04;  
 34min ago
  Process: 5341 ExecStartPre=/usr/sbin/dnsmasq --test 
 (code=exited, status=0/SUCCESS)
 Main PID: 5344 (dnsmasq)
    Tasks: 1 (limit: 512)
   Memory: 464.0K
      CPU: 244ms
   CGroup: /system.slice/dnsmasq.service
           └─5344 /usr/sbin/dnsmasq --log-async 
 --enable-dbus --keep-in-foreground

შემდეგი ნაბიჯი (საჭიროა კომენტარების მოხსნა კონფიგურაციის ფაილში და გადაკეთება თქვენს გემოზე):

vim /etc/dnsmasq.conf 
resolv-file=/etc/resolv.dnsmasq.conf
strict-order
server=/დომეინი /DNS მისამართი
listen-address=127.0.0.1
bind-interfaces

vim /etc/resolv.dnsmasq.conf
nameserver 8.8.4.4
nameserver 8.8.8.8
იმის შემდეგ, რაც NetworkManager - ს ვეტყვით რომ 127.0.0.1-ს მოუსმინოს, შევამოწმოთ, რომ მართლაც 127.0.0.1 -ს უსმენს:

vim /etc/resolv.conf  nameserver 127.0.0.1 
vq@local:/etc> nmcli dev show | grep DNS
IP4.DNS[1]:                             127.0.0.1 

vq@local:/etc> nslookup domain
Server:        127.0.0.1



Posted by at No comments:
Subscribe to: Posts (Atom)