Weblog

General posts from the webinterface

Fedora 26 released

0

The Fedora Project, sponsored by Red Hat, releases version 26 of their operating system. In the past I was an active desktop user. The OS offers latest-and-greatest with 6-months release cycle and 18 months life-cycle. More important: Fedora releases are the base of Red Hat Enterprise LInux releases, which are the base of CentOS releases. And that’s why I mention this Fedora release in particular. Since Red Hat is busy releasing v7.4 of her Enterprise Linux, I guess engineers are also looking at the horizon to work on RHEL 8.0. I’m not the only one with this view. Fedora 26 could be the foundation of this OS. So let’s compare RHEL 7 with Fedora 26.

So what’s new in Fedora 26 compared to RHEL7:

  • Yum is gone. Welcome DNF. In Fedora 26, DNF is rebased to v2.x;
  • Anaconda had a new partitioner tool, including support for this provisioned LVM;
  • Python is v3.6 by default. So all scripts are rebased from v2.x to v3.x;
  • The old GCC6 compiler is gone. Welcome GCC7;
  • Better (local) caching of users and groups using SSSD. A must for enterprises;
  • OpenSSL 1.1.0. Which is required to support HTTP/2 (ALPN support);

So yes. I’m definitely going to test-drive Fedora 26 and gain hands-on experience with some features like DNF and HTTP/2 which is much, much faster for SSL-secured websites, which is more common these days due to the Let’s Encrypt initiative.

RHEL 8
If Fedora 26 will be the base for RHEL 8… I’m not sure. One of the open issues for a new Enterprise-graded Linux is Long Term Support. And the file-system is changing every RHEL-version. Was it ext3 in RHEL5, it became ext4 in RHEL6, which became xfs in RHEL7. Many out there hope that ZFS will come to Linux but licensing does not allow binaries to be distributed. Btrfs is a good alternative candidate, in particular the checksumming function which is missing in XFS but Red Hat is deprecating btrfs in RHEL7.4. A good candidate would be bcachefs. Tools for this storage type will be made available in Fedora 28, released mid 2018.

Welcome, High Sierra

0

The usual issues (with 3rd party software):

  • GPGtools don’t work
  • Homebrew is broken. Fix:
    • Download Xcode 9-beta, unzip and move in Applications
    • sudo xcode-select –switch /Applications/Xcode-beta.app
    • Use ‘brew doctor’ for debugging but the above step should fix the issues.
  • In my case I had to re-add the TimeMachine disk. In my case back-ups still failed. I’ll try to make a new clean disk.
  • Docker auto-starts. I didn’t find a way to disable this yet.
  • VMware Fusion doesn’t work (more info)

Developer info:

  • Python 2.7 (default), but 3.3, 3.4 and 3.5 are also available
  • PHP 7.1.6  as default (without Zend OpCache)
  • Perl v5.18.2 for those born before 1960 🙂

Keep in mind SIP (System Integrity Protection) is turned on in High Sierra.

Red Hat 7.4 beta released

1

Red Hat released the beta version of its 7.4 Enterprise Linux. Amongst others, new features are:

  • Ansible is included in the extra reporitory from not. Please not that these packages are FIPS140 compliant. Previous installed packaged need to be removed first.
  • ⁠Identity Management now supports FIPS. With this enhancement, Identity Management (IdM) supports the Federal Information Processing Standard (FIPS). This enables you to run IdM in environments that must meet the FIPS criteria. To run IdM with FIPS mode enabled, you must set up all servers in the IdM environment using Red Hat Enterprise Linux 7.4 with FIPS mode enabled.
  • Beter Active Directory support now let’s users login to the WebUI of an IPA server. Previously only kinit was supported.
  • usbguard is now included. You can whitelist and blacklist USB-devices to achieve better security.
  • ⁠openssh rebased to version 7.4, which provides a number of enhancements, new features, and bug fixes. This includes support for the resumption of interrupted uploads in SFTP and a new fingerprint type that uses the SHA-256 algorithm.
  • Standards Compliance. OpenSCAP scanner NIST certified, DISA STIG profile included
  • Support added in LVM for RAID level takeover now provides full support for RAID takeover, previously available as a Technology Preview, which allows users to convert a RAID logical volume from one RAID level to another. LVM also now provides support for RAID reshaping, which allows users to reshape properties such as the RAID algorithm, stripe size, or number of images.

The complete list of changes can be fount on the Red Hat website. Finally, according to this post, OpenSSL should be upgraded to 1.0.2k in RHEL 7.4.

Update ESXi standalone to 6.5

1

To update your standalone lab box to the latest ESXi version, first enable SSH. Then put all the VM’s into maintenance mode and log in via SSH. Use the esxcli command to update to the latest version (mind the build numbers) by using your internet connection. So no hassle with packages, downloads, etc.

Open the firewall if needed:

esxcli network firewall ruleset set -e true -r httpClient

Update the box (this will take 5-10 minutes if using slow USB stick as storage)

esxcli software profile update -p ESXi-6.5.0-4564106-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

Reboot the box, get coffee and login afterwards. You’re box is updated to latest-and-greatest. Don’t forget to update VMware Tools on the guests if needed.

Start testing CentOS 6.9

0

If you want to start testing CentOS 6.9 without the official release is there (re-packaging to fit all on one DVD) then install the CentOS CR (Continues Release) repository by: yum install centos-release-cr. After this, yum update will install CentOS 6.9.

Installation instructions for CentOS 7: The repository configuration file is included in the newest centos-release package. First update your system with yum update to get the new centos-release package, then run yum-config-manager –enable cr to enable the CR repository.

Red Hat 6.9 beta released

0

Last week, Red Hat released the beta of Enterprise Linux 6.9. This new version of RHEL supports Transport Layer Security (TLS) 1.2. This gives RHEL 6.9 complete support for TLS 1.2 in the shipped security libraries. TLS 1.2 is recommended by modern security standards. Simultaneously, insecure cryptographic protocols and algorithms, such as MD5, SHA0, RC4, or 512-bit DH, have been deprecated. For this reason alone, you’ll want to upgrade to RHEL 6.9 as soon as possible.

Goodbye cmd.exe

0

Remember all those times Microsoft, Microsoft MVPs, and others said “YOU MUST LEARN POWERSHELL” like there was no avoiding it?? Well, in case you didn’t start to learn, now is your last change. Microsoft released the latest insider build of Windows 10 and removed the 30-year old DOS command box. So, learn PowerShell (which celebrates it’s 10th birthday). Have a look at the Microsoft Virtual Academy for free courses.

Soft Restart in Windows Server 2016

1

A cool new, but optional feature has landed in Windows Server 2016: Soft Restart. Once installed, it provides the capability to initiate a soft restart, which skips hardware initialisation. In other words, it restarts the operating system without restarting the whole machine. After installation, there are two ways to initiate Soft Restart:

Command Line: shutdown /r /soft /t 0
PowerShell: Restart-Computer -Soft

The new (to be implemented) feature sounds very handy for physical servers with large amounts of memory and/or raid-controllers, eliminating the need to check these components. This will save minutes. This might, in particular, be handy when an unscheduled restart is needed during production hours. Well don’t, Microsoft.

RHEL 7.3 released

0

Last week, Red Hat released version 7.3 of her Enterprise Linux. CentOS builds will follow soon. There are a number of features introduced as Technology Preview. The complete release notes can be found on the Red Hat website.

Security

  • The SELinux userspace has been rebased and provides various enhancements and performance improvements. Notably, the new SELinux module store supports priorities, and the SELinux Common Intermediate Language (CIL) has been introduced.
  • OpenSCAP workbench now provides a new SCAP Security Guide integration dialog and enables modification of SCAP policies using a graphical tool.
  • The OpenSCAP suite now includes support for scanning containers using the atomic scan command.
  • Upgraded firewalld starts and restarts significantly faster due to a new transaction model. It also provides improved management of connections, interfaces, and sources, a new default logging option, and ipset support.
  • The audit daemon introduces a new flush technique, which significantly improves performance. Audit policy, configuration, and logging have been enhanced and now support a number of new options.
  • Media Access Control Security (MACsec) encryption over Ethernet is now supported.

(more…)

Switching Apache to Nginx and Selfoss

0

After updating the Synology and switch webserver from Apache to Nginx, the web-based RSS reader selfoss stopped working. This application uses a .htaccess file to rewrite all requests in Apache. Unfortunately, Nginx doesn’t support .htaccess files.
Make these adjustments in: /etc/nginx/app.d/server.webstation-vhost.conf (last line before the final closing bracket ‘}’. Keep in mind, the space after $1 belongs in the configuration file. If you forget about this nginx won’t restart (with the command: nginx -s reload).

# Custom configuration by Randy - Fix SelfOss RSS reader
location /selfoss {
 root /volume1/web;
}
location ~ ^/selfoss/$ {
 index index.php;
}
location ~ ^/selfoss/favicons/(.+)$ {
 try_files /selfoss/data/favicons/$1 =404;
}
location ~ ^/selfoss/(.+)$ {
 try_files /selfoss/public/$1 /selfoss/index.php$is_args$args;
}

If you also want to switch other applications from Apache reverse proxy to Nginx, the configuration would be:

# Custom configuration by Randy - Add reverse proxies
location /sabnzbd {
  proxy_pass http://127.0.0.1:8080;
}
location /sb {
  proxy_pass http://127.0.0.1:8083/sb;
}
location /transmission {
  proxy_pass http://127.0.0.1:9091/transmission;
}
location /couchpotato {
  proxy_pass http://127.0.0.1:5053/couchpotato;
}
# Spotweb fix for API via NGingx
location /spotweb {
 if ($uri !~ "api/"){
 rewrite api/?$ /spotweb/index.php?page=newznabapi last;
 }
}

Synology Disk Station Manager 6.1 Beta

0

Yesterday, Synology unveiled the newest version of her Disk Station Manager: 6.1 Beta. Testers are urged to download this build and test out new features. Amongst others, these are PHP7-support, a switchable web front end between Apache (2.2) and NGinx. The resource manager is extended with lots of new features showing per-process indication of disk, cpu and network use. The Storage Manager let’s users switch from SHR-1 (RAID5) to SHR-2 (RAID6) online.

Furthermore, a new package calles Active Directory Server will be available soon. I guess this DS is based on Samba 4, the Windows file sharing service for Linux. Starting with version 4.0, Samba is able to run as an Active Directory (AD) domain controller (DC).

More information, features and downloads can be found on the Synology DSM 6.1 Beta website.

Franz: One application, endless possibilities

0

Meet Franz, the multi-platform, multi-messenger application to have a (tabbed) single pane of glass for messengers like WhatsApp, Facebook, Telegram, LinkedIn, Twitter, Slack, etc. Clients are available for Windows, Mac OSX and Linux. Yes. I Like It!

franz_screenshot-97ec75912b

Go to Top