Ansible collect basic facts about host

ansible -m setup ipa3.ipa.example.com

This gets output similar to:

ipa3.ipa.example.com | SUCCESS => {
    "ansible_facts": {
        "ansible_all_ipv4_addresses": [
            "10.212.16.236"
        ],
        "ansible_all_ipv6_addresses": [],
        "ansible_apparmor": {
            "status": "disabled"
        },
        "ansible_architecture": "x86_64",
...
Advertisements

Check if network port is open

On the local system, check if something is listening to the port:

netstat -tlpn

On a remote system, you can use telnet or ncat to check to see if you can actually get to the port:

echo '' | telnet myserver 1054

If successful, telnet returns ‘Connected to myserver’ before closing out.

echo '' | nc -v myserver 1054
$ echo '' | nc -v myserver 1054
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 192.168.50.35:1054.
$ echo '' | nc -v myserver 1055
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: No route to host.

Ansible delegate_to a Windows host

If you use Ansible, and Windows, and you need to perform a few tasks out of a play on a Windows host, you use delegate_to.

However, using a regular delegate_to doesn’t work, because of a certificate validation error.

TASK [certreq : win_shell] *****************************************************************************************
fatal: [linux_host]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='win_host', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),))", "unreachable": true}

What you need to do is set a host fact in the play:

- set_fact:
    ansible_winrm_server_cert_validation: ignore

- win_shell: Write-Host 'Hello World!'
  delegate_to: "{{ winhost_hostname }}"
  vars:
    ansible_user: "{{ winhost_user }}"
    ansible_port: 5986

I have tried placing the variable in the vars on the win_shell command, but it didn’t work. You have to set it as a host fact of the regular host(s) running the play.
And that’s it! You’ll still get the warning, but the connection will work!

TASK [certreq : win_shell] *****************************************************************************************
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
changed: [linux_host -> win_host] => {"changed": true, "cmd": "Write-Host 'Hello World!'", "delta": "0:00:00.265626", "end": "2017-11-14 03:36:10.390993", "rc": 0, "start": "2017-11-14 03:36:10.125366", "stderr": "", "stderr_lines": [], "stdout": "Hello World!\n", "stdout_lines": ["Hello World!"]}

References

Weblinks

  1. My original research based on info from another github user, jborean93 https://github.com/ansible/ansible/issues/32673#issuecomment-344291429

Ansible playbook that changes root password

I wrote a playbook that updates the root password on EL6 and EL7 hosts.

Because I was not able to get the user: name=root password={{password}} directive working, I had to be creative.

Coincidentally, I learned that pasting in a gist.github.com link into the WordPress.com editor automatically shows the contents of the gist. That is nifty! See below. For the link: https://gist.github.com/bgstack15/d565880badb92599536b751a15dc7189

Pretty print json in python

For python2

I wanted to show what variables are in use in a function, and I wanted to see it in a nicer format than a really long, single line.

import inspect, json
def function():
print json.dumps(locals(),indent=3,separators=(',',': '))

Bonus

To view what parameters were passed in to a function, add these.

def caller_args():
   frame = inspect.currentframe()
   outer_frames = inspect.getouterframes(frame)
   caller_frame = outer_frames[1][0]
   return inspect.getargvalues(caller_frame)

def function():
print caller_args()

References

  1. https://stackoverflow.com/questions/29935276/inspect-getargvalues-throws-exception-attributeerror-tuple-object-has-no-a#29935277
  2. compact encoding https://docs.python.org/2/library/json.html

					

Compiling FreeFileSync on Fedora

FreeFileSync is a great open source GUI application. Think of it as the GUI for rsync.

The Freefilesync team does not provide an rpm of the software, but they do provide the source code. The link is for reference, I suppose, but the team does not allow direct linking. I haven’t even been able to script downloading the source, so for now just go visit their main site and get the source that way.

So, once you open up the zip file of the source code, you need to modify a few things. Please examine the patch I wrote: http://albion320.no-ip.biz/smith122/repo/patch/freefilesync/FreeFileSync_9.4.fc25.patch

Here is the text, in case my home server is down:

diff -Naur FreeFileSync/Source/Makefile FreeFileSync.fc25/Source/Makefile
--- FreeFileSync/Source/Makefile	2017-10-05 09:54:58.000000000 -0400
+++ FreeFileSync.fc25/Source/Makefile	2017-10-22 21:33:01.445470939 -0400
@@ -10,8 +10,8 @@
 LINKFLAGS = -s `wx-config --libs std, aui --debug=no` -lboost_thread -lboost_chrono -lboost_system -lz -pthread
 
 #Gtk - support recycler/icon loading/no button border/grid scrolling
-CXXFLAGS  += `pkg-config --cflags gtk+-2.0`
-LINKFLAGS += `pkg-config --libs   gtk+-2.0`
+CXXFLAGS  += `pkg-config --cflags gtk+-3.0`
+LINKFLAGS += `pkg-config --libs   gtk+-3.0`
 
 #support for SELinux (optional)
 SELINUX_EXISTING=$(shell pkg-config --exists libselinux && echo YES)
diff -Naur FreeFileSync/Source/RealTimeSync/Makefile FreeFileSync.fc25/Source/RealTimeSync/Makefile
--- FreeFileSync/Source/RealTimeSync/Makefile	2017-10-05 09:54:58.000000000 -0400
+++ FreeFileSync.fc25/Source/RealTimeSync/Makefile	2017-10-22 21:33:19.853796285 -0400
@@ -7,8 +7,8 @@
 LINKFLAGS = -s `wx-config --libs std, aui --debug=no` -lboost_thread -lboost_chrono -lboost_system -lz -pthread
 
 #Gtk - support "no button border"
-CXXFLAGS  += `pkg-config --cflags gtk+-2.0`
-LINKFLAGS += `pkg-config --libs   gtk+-2.0`
+CXXFLAGS  += `pkg-config --cflags gtk+-3.0`
+LINKFLAGS += `pkg-config --libs   gtk+-3.0`
 
 CPP_LIST=
 CPP_LIST+=application.cpp
diff -Naur FreeFileSync/Source/ui/main_dlg.cpp source.fc25/FreeFileSync/Source/ui/main_dlg.cpp
--- FreeFileSync/Source/ui/main_dlg.cpp	2017-10-05 09:54:58.000000000 -0400
+++ FreeFileSync.fc25/Source/ui/main_dlg.cpp	2017-10-22 21:33:01.446470957 -0400
@@ -1024,7 +1024,7 @@
         history.resize(globalSettings.gui.cfgFileHistMax);
 
     globalSettings.gui.cfgFileHistory = history;
-    globalSettings.gui.cfgFileHistFirstItemPos = m_listBoxHistory->GetTopItem();
+    //globalSettings.gui.cfgFileHistFirstItemPos = m_listBoxHistory-gt;GetTopItem();
     //--------------------------------------------------------------------------------
     globalSettings.gui.lastUsedConfigFiles.clear();
     for (const Zstring& cfgFilePath : activeConfigFiles_)
@@ -4862,6 +4862,7 @@
 
     m_menuItemCheckVersionAuto->Check(updateCheckActive(globalCfg_.gui.lastUpdateCheck));
 
+    /*
     if (shouldRunPeriodicUpdateCheck(globalCfg_.gui.lastUpdateCheck))
     {
         flashStatusInformation(_("Searching for program updates..."));
@@ -4869,6 +4870,7 @@
         periodicUpdateCheckEval(this, globalCfg_.gui.lastUpdateCheck, globalCfg_.gui.lastOnlineVersion,
                                 periodicUpdateCheckRunAsync(periodicUpdateCheckPrepare().get()).get());
     }
+    */
 }
 
 
@@ -4877,6 +4879,7 @@
     //execute just once per startup!
     Disconnect(wxEVT_IDLE, wxIdleEventHandler(MainDialog::OnRegularUpdateCheck), nullptr, this);
 
+    /*
     if (shouldRunPeriodicUpdateCheck(globalCfg_.gui.lastUpdateCheck))
     {
         flashStatusInformation(_("Searching for program updates..."));
@@ -4890,6 +4893,7 @@
                                     resultAsync.get()); //run on main thread:
         });
     }
+    */
 }
 
 

You will need a set of packages installed to compile:

dnf install -y boost-devel compat-wxGTK3-gtk2-devel gcc-c++ gtk+-devel gtk3-devel wxGTK-devel wxGTK3-devel

Multiple monitors on Windows guest in KVM

Introduction

It is easy to set up a virtual machine with the virt-manager GUI.

To add a second monitor (or more) is also pretty easy, once you know how to do it. However, to view a second monitor simultaneously with the first, you will need to use the tool remote-viewer.

In virt-manager, select “Show virtual hardware details.”
Screenshot of virt-manager open to a virtual machine, "Show virtual hardware details" page.
Add a new video card. A basic QXL type should be sufficient.

It is possible to connect to the guest’s displays over the network, if you configure it to be possible. For example, you use your desktop Virtual Machine Manager to connect to a server’s libvirt via a connection string like qemu+ssh://root@vm1.ipa.example.com/system.

On that virtual machine’s “Display spice” virtual hardware, modify the address tag to “All interfaces.” Also note the the port number given to this guest. In my screenshot you can see mine is port 5907.
Screenshot showing vm settings for display spice

You will want to open up the firewall on the vm host. I suggest just using the vdsm definition, which is for the oVirt project and includes TCP ports 5900-6923.

sudo firewall-cmd --permanent --add-service=vdsm; sudo firewall-cmd --reload

You will need to shut down (not reboot) the guest if it is running at the time, for it to be able to use the new virtual hardware or pretty much any new setting.

Once the virtual machine is running again, use “Remote Viewer” in the GUI, or run from the command line.

remote-viewer spice://vm1.ipa.example.com:5907

Improvements

Learn how to do this in the cli, including maybe at the virt-install statement. Or at least how to retro-fit an existing domain.

References

  1. search “kvm spice guest windows multiple monitors”
  2. Shamelessly ripped off from https://solus-project.com/forums/viewtopic.php?f=11&t=8663
  3. spice guest tools https://www.spice-space.org/download.html

Xfce on Xrdp on Fedora 26

Introduction

This post will demonstrate how to set up a Fedora installation to act as a terminal server that serves desktops over RDP. This will allow Windows computers to connect to it, as well as a GNU/Linux system running xfreerdp clients.
These instructions should be easy to follow on any RHEL-based distros, and easily adapted to others. The copy-paste segments have been tested on Fedora 26 but the accompanying instructions should guide you in deploying a terminal server on a broad range of GNU/Linux environments.

How to set up xrdp on Fedora

Ensure your desktop environment is installed. For CentOS 7 that would be something similar to yum groupinstall “Server with gui” or yum groupinstall xfce.
Install the components necessary for rdp and vnc. When the rdp server allows a user to connect, the user connects to a X windows session in VNC.

yum -y install xrdp tigervnc-server

Set up a firewall rule for the RDP port.

tf=/lib/firewalld/services/xrdp.xml; touch "${tf}"; chmod 0644 "${tf}"
cat <<EOF >"${tf}"
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Remote Desktop Protocol (RDP)</short>
  <description>A RDP service that serves X desktop sessions. Using this allows a Windows client to connect using the built-in mstsc utility!</description>
  <port protocol="tcp" port="3389"/>
</service>
EOF
firewall-cmd --reload
firewall-cmd --permanent --add-service=xrdp
firewall-cmd --reload

Running xfce or any arbitrary DE

On Fedora, for xfce specifically you need to make sure that X clients are told to run xfce. The vnc services will try to start a window manager, but as of the time of this writing xfce is not included in the list, so it will fail out (or run gnome, if it’s present).
The file to inspect is /etc/X11/xinit/Xclients, or the per-user settings at ~/.Xclients. For the etc file, it should be fairly obvious how to add to it. Additionally, make sure the file is executable!

For Fedora 26 and xfce, you can inspect this patch file, and then either run the patch statement or make the changes yourself manually.

# for all users
tf=/etc/X11/xinit/Xclients.patch; touch "${tf}"; chmod 0644 "${tf}";
cat <<'EOFPATCH' >"${tf}"
--- /etc/X11/xinit/Xclients	2017-02-12 00:38:18.000000000 -0500
+++ /etc/X11/xinit/Xclients.new	2017-10-14 08:12:34.340524791 -0400
@@ -12,6 +12,7 @@
 MSESSION="$(type -p mate-session)"
 STARTKDE="$(type -p startkde)"
 STARTLXDE="$(type -p startlxde)"
+STARTXFCE="$(type -p startxfce4)"
 
 # check to see if the user has a preferred desktop
 PREFERRED=
@@ -25,6 +26,8 @@
 	PREFERRED="$STARTKDE"
     elif [ "$DESKTOP" = "LXDE" ]; then
 	PREFERRED="$STARTLXDE"
+    elif [ "$DESKTOP" = "XFCE" ]; then
+	PREFERRED="$STARTXFCE"
     fi
 fi
 
@@ -44,6 +47,9 @@
 elif [ -n "$STARTLXDE" ]; then
     # if neither GNOME nor KDE then LXDE
     exec "$STARTLXDE"
+elif [ -n "$STARTXFCE" ]; then
+    # if none of the above, try XFCE.
+    exec "$STARTXFCE"
 fi
 
 # We should also support /etc/X11/xinit/Xclients.d scripts
EOFPATCH
patch -p1 /etc/X11/xinit/Xclients < /etc/X11/xinit/Xclients.patch

And for the individual users (I have yet to test to see if the normal order of resolution of the X files lets this actually override it for the user):

tf=~/.Xclients; touch "${tf}"; chmod 0700 "${tf}";
cat <<EOF > "${tf}"
exec /usr/bin/startxfce4
EOF

And that’s it! A sample xfreerdp statement to connect to this service could be:

xfreerdp /sec-rdp /cert-tofu /size:1520x820 /bpp:16 /v:192.168.1.76 -z /disp /audio-mode:0 /wallpaper /themes /u:bgstack15
Screenshot of session manager login screen in vnc in xrdp
Login screen after connecting to xrdp service

References

Weblinks

  1. Using the patch utility https://docs.moodle.org/dev/How_to_create_a_patch#Creating_a_patch_using_diff
  2. update file /etc/X11/xinit/Xclients https://docs-old.fedoraproject.org/en-US/Fedora/13/html/Deployment_Guide/s1-x-runlevels.html
  3. https://forum.xfce.org/viewtopic.php?id=8261
  4. General xrdp guide https://hostpresto.com/community/tutorials/using-a-desktop-environment-on-a-centos-7-vps/
  5. Notes about cinnamon on CentOS 7 https://www.techbrown.com/install-cinnamon-2-6-on-fedora-22-centos-7-rhel-7.shtml
  6. xrdp on centos 7 http://idroot.net/tutorials/how-to-install-xrdp-on-centos-7/
  7. http://www.itzgeek.com/how-tos/linux/centos-how-tos/install-xrdp-on-centos-7-rhel-7.html