Palemoon 64-bit for Linux and Flash Player Plugin

  1. Install Palemoon using the pminstaller.sh from http://linux.palemoon.org/download/installer/
  2. Visit the main page at https://get.adobe.com/flashplayer/otherversions/ or use this direct link: https://get.adobe.com/flashplayer/download/?installer=FP_27.0_for_Linux_64-bit_(.rpm)_-_NPAPI&stype=7768&standalone=1 and install it.
  3. Load the libraries in the directory Pale Moon looks in:
    sudo ln -s /usr/lib64/flash-plugin/libflashplayer.so /usr/lib/mozilla/plugins/
    

References

My links

  1. https://bgstack15.wordpress.com/2017/12/07/palemoon-64-bit-for-linux-and-google-talk-plugin/
Advertisements

Palemoon 64-bit for Linux and Google Talk Plugin

  1. Install Palemoon using the pminstaller.sh from http://linux.palemoon.org/download/installer/
  2. Visit gmail and initiate a call, which will cause it to prompt you to download the google talk plugin. Install it.
  3. Load the libraries in the directory Pale Moon looks in:
    pushd /usr/lib/mozilla/plugins 1>/dev/null 2>&1
    sudo ln -s ../../../../opt/google/talkplugin/libnpo1d.so
    sudo ln -s ../../../../opt/google/talkplugin/libnpgoogletalk.so
    popd 1>/dev/null 2>&1

    You don’t even need to close and re-open the browser!

You will still get the warning “Hangouts phone calls will temporarily stop working in Firefox.” When making an outgoing call, you can dismiss the warning. However, I was unable dismiss the warning when receiving a call, which means I was not able to receive calls. I don’t know how to fix that part.

Also, on occasion, it simply wouldn’t make an outgoing call. Just cancel and try again, and then it will work.

References

Weblinks

https://askubuntu.com/questions/906315/install-java-plugin-in-pale-moon-browser/906341#906341

Original research

rpmrebuild google-talkplugin_current_x86_64.rpm

Python get Linux-compatible password hash

This snippet gets you a sha-512 ($6) password hash suitable for putting in /etc/shadow.

# Reference: https://www.shellhacks.com/linux-generate-password-hash/
# python 2
import crypt, getpass, sys;
if len(sys.argv) >= 2: 
 thisraw=str(sys.argv[1]);
else:
 thisraw=getpass.getpass(prompt='New password: ')
 #sys.exit(1)
print(crypt.crypt(thisraw,crypt.mksalt(crypt.METHOD_SHA512)))

Ansible tasks for auditd and logrotate

Auditd does not play nicely with logrotate on CentOS7.

Here is my solution, in ansible format:

tasks

---
# the intention with auditd is to minimize the disk usage of the logs

# modify auditd.conf which notifies the handler
- name: auditd does not keep logs
  lineinfile:
    path: "{{ auditd_conf }}"
    regexp: "{{ item.r }}"
    backrefs: yes
    line: "{{ item.l }}"
    create: no
    state: present
  notify: auditd handler
  with_items:
  - { r: '^max_log_file_action.*$', l: 'max_log_file_action      =  ignore' }
  - { r: '^max_log_file.*$', l: 'max_log_file             =  0' }

# tarball and cleanup any existing audit.log.1 files
- name: list all old auditd logs which need to be compressed and cleaned up
  shell: warn=no find /var/log/audit -regex {{ auditd_log_cleanup_regex }}
  register: cleanup_list
  ignore_errors: yes

- name: touch archive file
  file:
    path: "{{ auditd_log_dir }}/old-audit.log.tgz"
    state: touch
    owner: root
    group: root
    mode: 0600

- name: archive and cleanup existing audit.log.1 files
  archive:
    dest: "{{ auditd_log_dir }}/old-audit.log.tgz"
    #path: "{{ auditd_log_dir }}/audit.log.*"
    path: "{{ cleanup_list.stdout_lines }}"
    format: gz
    owner: root
    group: root
    remove: yes
  ignore_errors: yes
  #check_mode: yes

- name: apply logrotate script for audit
  copy:
    src: etc/logrotate.d/audit
    dest: "{{ auditd_logrotate_conf }}"
    owner: root
    group: root
    mode: 0644
    backup: yes

- name: run logrotate
  shell: warn=no /sbin/logrotate -f "{{ auditd_logrotate_conf }}"
  register: run_logrotate

- debug:
    msg: "{{run_logrotate}}"

vars or defaults

auditd_conf: /etc/audit/auditd.conf
auditd_log_dir: /var/log/audit
auditd_log_cleanup_regex: '.*audit\.log\.[0-9]+'
auditd_service: auditd
auditd_logrotate_conf: /etc/logrotate.d/audit

Debug the values passed to a function in python

Tested on python 2.

import inspect

def caller_args():
   frame = inspect.currentframe()
   outer_frames = inspect.getouterframes(frame)
   caller_frame = outer_frames[1][0]
   return inspect.getargvalues(caller_frame)

def updateval(infile,regex,result,verbose=False,apply=False,debug=0,stanza="",stanzaregex="",atbeginning=False):
   print caller_args()

It’s that simple!

Reference

Weblinks

  1. https://stackoverflow.com/questions/29935276/inspect-getargvalues-throws-exception-attributeerror-tuple-object-has-no-a/29935277#29935277

Ansible delegate_to a Windows host

If you use Ansible, and Windows, and you need to perform a few tasks out of a play on a Windows host, you use delegate_to.

However, using a regular delegate_to doesn’t work, because of a certificate validation error.

TASK [certreq : win_shell] *****************************************************************************************
fatal: [linux_host]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='win_host', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),))", "unreachable": true}

What you need to do is set a host fact in the play:

- set_fact:
    ansible_winrm_server_cert_validation: ignore

- win_shell: Write-Host 'Hello World!'
  delegate_to: "{{ winhost_hostname }}"
  vars:
    ansible_user: "{{ winhost_user }}"
    ansible_port: 5986

I have tried placing the variable in the vars on the win_shell command, but it didn’t work. You have to set it as a host fact of the regular host(s) running the play.
And that’s it! You’ll still get the warning, but the connection will work!

TASK [certreq : win_shell] *****************************************************************************************
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
changed: [linux_host -> win_host] => {"changed": true, "cmd": "Write-Host 'Hello World!'", "delta": "0:00:00.265626", "end": "2017-11-14 03:36:10.390993", "rc": 0, "start": "2017-11-14 03:36:10.125366", "stderr": "", "stderr_lines": [], "stdout": "Hello World!\n", "stdout_lines": ["Hello World!"]}

References

Weblinks

  1. My original research based on info from another github user, jborean93 https://github.com/ansible/ansible/issues/32673#issuecomment-344291429

Ansible playbook that changes root password

I wrote a playbook that updates the root password on EL6 and EL7 hosts.

Because I was not able to get the user: name=root password={{password}} directive working, I had to be creative.

Coincidentally, I learned that pasting in a gist.github.com link into the WordPress.com editor automatically shows the contents of the gist. That is nifty! See below. For the link: https://gist.github.com/bgstack15/d565880badb92599536b751a15dc7189

Compiling FreeFileSync on Fedora

FreeFileSync is a great open source GUI application. Think of it as the GUI for rsync.

The Freefilesync team does not provide an rpm of the software, but they do provide the source code. The link is for reference, I suppose, but the team does not allow direct linking. I haven’t even been able to script downloading the source, so for now just go visit their main site and get the source that way.

So, once you open up the zip file of the source code, you need to modify a few things. Please examine the patch I wrote: http://albion320.no-ip.biz/smith122/repo/patch/freefilesync/FreeFileSync_9.4.fc25.patch

Here is the text, in case my home server is down:

diff -Naur FreeFileSync/Source/Makefile FreeFileSync.fc25/Source/Makefile
--- FreeFileSync/Source/Makefile	2017-10-05 09:54:58.000000000 -0400
+++ FreeFileSync.fc25/Source/Makefile	2017-10-22 21:33:01.445470939 -0400
@@ -10,8 +10,8 @@
 LINKFLAGS = -s `wx-config --libs std, aui --debug=no` -lboost_thread -lboost_chrono -lboost_system -lz -pthread
 
 #Gtk - support recycler/icon loading/no button border/grid scrolling
-CXXFLAGS  += `pkg-config --cflags gtk+-2.0`
-LINKFLAGS += `pkg-config --libs   gtk+-2.0`
+CXXFLAGS  += `pkg-config --cflags gtk+-3.0`
+LINKFLAGS += `pkg-config --libs   gtk+-3.0`
 
 #support for SELinux (optional)
 SELINUX_EXISTING=$(shell pkg-config --exists libselinux && echo YES)
diff -Naur FreeFileSync/Source/RealTimeSync/Makefile FreeFileSync.fc25/Source/RealTimeSync/Makefile
--- FreeFileSync/Source/RealTimeSync/Makefile	2017-10-05 09:54:58.000000000 -0400
+++ FreeFileSync.fc25/Source/RealTimeSync/Makefile	2017-10-22 21:33:19.853796285 -0400
@@ -7,8 +7,8 @@
 LINKFLAGS = -s `wx-config --libs std, aui --debug=no` -lboost_thread -lboost_chrono -lboost_system -lz -pthread
 
 #Gtk - support "no button border"
-CXXFLAGS  += `pkg-config --cflags gtk+-2.0`
-LINKFLAGS += `pkg-config --libs   gtk+-2.0`
+CXXFLAGS  += `pkg-config --cflags gtk+-3.0`
+LINKFLAGS += `pkg-config --libs   gtk+-3.0`
 
 CPP_LIST=
 CPP_LIST+=application.cpp
diff -Naur FreeFileSync/Source/ui/main_dlg.cpp source.fc25/FreeFileSync/Source/ui/main_dlg.cpp
--- FreeFileSync/Source/ui/main_dlg.cpp	2017-10-05 09:54:58.000000000 -0400
+++ FreeFileSync.fc25/Source/ui/main_dlg.cpp	2017-10-22 21:33:01.446470957 -0400
@@ -1024,7 +1024,7 @@
         history.resize(globalSettings.gui.cfgFileHistMax);
 
     globalSettings.gui.cfgFileHistory = history;
-    globalSettings.gui.cfgFileHistFirstItemPos = m_listBoxHistory->GetTopItem();
+    //globalSettings.gui.cfgFileHistFirstItemPos = m_listBoxHistory-gt;GetTopItem();
     //--------------------------------------------------------------------------------
     globalSettings.gui.lastUsedConfigFiles.clear();
     for (const Zstring& cfgFilePath : activeConfigFiles_)
@@ -4862,6 +4862,7 @@
 
     m_menuItemCheckVersionAuto->Check(updateCheckActive(globalCfg_.gui.lastUpdateCheck));
 
+    /*
     if (shouldRunPeriodicUpdateCheck(globalCfg_.gui.lastUpdateCheck))
     {
         flashStatusInformation(_("Searching for program updates..."));
@@ -4869,6 +4870,7 @@
         periodicUpdateCheckEval(this, globalCfg_.gui.lastUpdateCheck, globalCfg_.gui.lastOnlineVersion,
                                 periodicUpdateCheckRunAsync(periodicUpdateCheckPrepare().get()).get());
     }
+    */
 }
 
 
@@ -4877,6 +4879,7 @@
     //execute just once per startup!
     Disconnect(wxEVT_IDLE, wxIdleEventHandler(MainDialog::OnRegularUpdateCheck), nullptr, this);
 
+    /*
     if (shouldRunPeriodicUpdateCheck(globalCfg_.gui.lastUpdateCheck))
     {
         flashStatusInformation(_("Searching for program updates..."));
@@ -4890,6 +4893,7 @@
                                     resultAsync.get()); //run on main thread:
         });
     }
+    */
 }
 
 

You will need a set of packages installed to compile:

dnf install -y boost-devel compat-wxGTK3-gtk2-devel gcc-c++ gtk+-devel gtk3-devel wxGTK-devel wxGTK3-devel

Multiple monitors on Windows guest in KVM

Introduction

It is easy to set up a virtual machine with the virt-manager GUI.

To add a second monitor (or more) is also pretty easy, once you know how to do it. However, to view a second monitor simultaneously with the first, you will need to use the tool remote-viewer.

In virt-manager, select “Show virtual hardware details.”
Screenshot of virt-manager open to a virtual machine, "Show virtual hardware details" page.
Add a new video card. A basic QXL type should be sufficient.

It is possible to connect to the guest’s displays over the network, if you configure it to be possible. For example, you use your desktop Virtual Machine Manager to connect to a server’s libvirt via a connection string like qemu+ssh://root@vm1.ipa.example.com/system.

On that virtual machine’s “Display spice” virtual hardware, modify the address tag to “All interfaces.” Also note the the port number given to this guest. In my screenshot you can see mine is port 5907.
Screenshot showing vm settings for display spice

You will want to open up the firewall on the vm host. I suggest just using the vdsm definition, which is for the oVirt project and includes TCP ports 5900-6923.

sudo firewall-cmd --permanent --add-service=vdsm; sudo firewall-cmd --reload

You will need to shut down (not reboot) the guest if it is running at the time, for it to be able to use the new virtual hardware or pretty much any new setting.

Once the virtual machine is running again, use “Remote Viewer” in the GUI, or run from the command line.

remote-viewer spice://vm1.ipa.example.com:5907

Improvements

Learn how to do this in the cli, including maybe at the virt-install statement. Or at least how to retro-fit an existing domain.

References

  1. search “kvm spice guest windows multiple monitors”
  2. Shamelessly ripped off from https://solus-project.com/forums/viewtopic.php?f=11&t=8663
  3. spice guest tools https://www.spice-space.org/download.html