пятница, 12 декабря 2014 г.

I'm adherent of Copyleft

Some time ago I had a task to choose configuration management system for our Linux machines and came to the battle between Salt and Ansible. While technically these systems are similar, licensing models are different. Salt developers chose Apache license and Ansible stopped on GPL one. As a copyleft lover I shouldn't not even think much and Ansible would be my the only choice. However I decided to dig a bit and Google what other people think.

Ideas I keep in mind when I choose software licensed by copyleft license:
- this software is open
- this software will be open forever (or at least for a long period of time)
- developers and users are motivated to contribute

And generally this works for copyleft licensed software, but this is not a rule.

Coming back to Ansible vs Salt I found Salt community extremely active, friendly and welcoming. And this is the most reliable indicator that this piece of software is going to live long and open life. And thus I choose Salt, I choose community and not the license.

Some links to the topic:
http://ryandlane.com/blog/2014/08/04/moving-away-from-puppet-saltstack-or-ansible/
http://jensrantil.github.io/salt-vs-ansible.html

пятница, 5 сентября 2014 г.

Safe work around to make check_esxi_hardware.py work within normal user

Adding nagios user to the root group (popular work around in the Internet) is a big security hole. I suggest never doing this.

Here is a better work around until VMware fixes 'CIM interaction' permission (which doesn't work at least since 4.0 and up to the recent 5.5):

1) Create a local user 'nagios' on a ESXi host
2) Add a cron job to check and update /etc/security/access.conf
user=nagios; access=/etc/security/access.conf; crontab=/var/spool/cron/crontabs/root; grep $access $crontab > /dev/null || cat << EOF >> $crontab
*/5  *    *   *   *   grep '^+:$user:sfcb$' $access > /dev/null || sed -i '2i +:$user:sfcb' $access
EOF
3) Done!

Now you can use nagios user to check check_esxi_hardware.py, no special roles or permissions are needed.

суббота, 15 марта 2014 г.

Как читать блог Навального и другие заблокированные ресурсы с помощью Tor

Блог Навального на ЖЖ не отрывается с российского диапазона IP-адресов. В интернете можно найти много разных решений и, в частности, использование Tor. При использовании Tor обратите внимание, что по-умолчанию входящая и исходящая ноды выбираются случайным образом, т.е. выходая нода может попасть в список заблокированных. Чтобы избежать этого вы можете ограничить выходные ноды географически, добавив в torrc следующий параметр:
ExitNodes {de}

Параметр "ExitNodes {de}" указывает на использование выходных нод с IP-адресами Германии. Можно указать несколько диапазонов через запятую, например:
ExitNodes {de},{gb},5.78.0.0/16

пятница, 17 января 2014 г.

Ubuntu 12.04, OCS Inventory and UTF-8

Ubuntu 12.04 ships with OCS Inventory 2.0.2, however UTF-8 patchs come later in 2.0.4. Here is a way to fix UTF-8 for 2.0.2.
 # The following changes made to OCS Inventory after installing in order to make it display UTF-8 correctly.  
 wget http://bazaar.launchpad.net/~ocsinventory-core/ocsinventory-ocsreports/stable-2.0/diff/791 -O /tmp/utf8-1.patch  
 wget http://bazaar.launchpad.net/~ocsinventory-core/ocsinventory-ocsreports/stable-2.0/diff/801 -O /tmp/utf8-2.patch  
 cd /usr/share/ocsinventory-reports  
 patch -p0 -i /tmp/utf8-1.patch  
 sed -i 's/,,/,/' backend/require/lib/phpcas/CAS.php  
 patch -p0 -i /tmp/utf8-2.patch