Saturday, December 04, 2010

Bugtracking using Trac

This documentation is aimed at version 0.12

http://trac.edgewall.org

This documentation heavily based on the official documentation, so if you are unsure about something address it:
http://trac.edgewall.org/wiki/TracInstall

A. Prerequisites:

1. Database

I will use a MySQL database, but you could also use PostgreSQL or a local DB file (through Sqlite). So first you install the Server, if do not have one, and create the database according to the documentation, that I reproduce here.
#---
yum -y install \
mysql-server \
mysql \
MySQL-python
#---

I need "root" access for the following steps. (If have some "root" related problems please address to my corresponding post.)
http://gka-linux.blogspot.com/2010/03/mysql-root-password-reset.html

1.2. Start the server (if necessary):
#---
service mysqld restart
chkconfig --level 345 mysqld on
#---

1.3. Get "root" MySQL shell:
#---
## skip this part if you already have a working MySQL server
## mysql_secure_installation
mysql -u root -p
#---

1.4. Create the database (on the shell):
CREATE DATABASE trac DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
USE trac;
GRANT ALL ON trac.* TO tracuser@localhost IDENTIFIED BY '<plain text root password for trac>';

NOTE: Your connection string will be (remember it): mysql://tracuser:<plain text root password for trac>@localhost/trac

2. Version Control System:

For this example Subversion (SVN) which I already documented here:
http://gka-linux.blogspot.com/2009/07/subversion-and-apache-with-pam.html
Or Git: 
http://gka-linux.blogspot.com/2011/03/git-server-on-centos-55.html

3. Apache

I assume that you already have an Apache server and want to put Trac along with other pages you may have.

3.1. Additional packages:
#---
yum -y install \
mod_fcgid \
mod_python \
mod_wsgi
#---

B. The Trac:

OBS.: For CentOS boxes, you need RPMForge repository (or else you are bound to the version 0.10):

#---
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
#---

1. Installing things:

1.1. Fedora:
#---
yum -y install \
trac \
trac-git-plugin \
trac-mercurial-plugin \
trac-iniadmin-plugin \
trac-accountmanager-plugin \
trac-customfieldadmin-plugin \
trac-peerreview-plugin \
trac-privateticketsplugin \
trac-ticketdelete-plugin \
trac-spamfilter-plugin
#---

1.2. CentOS:
#---
yum -y install \
trac \
trac-git-plugin \
trac-mercurial-plugin \
trac-iniadmin-plugin \
trac-peerreview-plugin \
trac-ticketdelete-plugin \
trac-spamfilter-plugin
#---

1.2.1 MySQL-python:

Because CentOS comes with MySql-python 1.2.1 (and this version does NOT work with Trac) you need to upgrade this manually:

#---
wget http://dev.centos.org/centos/5/testing/x86_64/RPMS/MySQL-python-1.2.2-3.el5s2.x86_64.rpm
rpm -Uvh MySQL-python-1.2.2-3.el5s2.x86_64.rpm
#---


2. Start the setup process:
#---
PRJ_NAME="<project name>"
PRJ_DIR=`echo $PRJ_NAME | tr [A-Z] [a-z] | sed -e "s/[^[:alnum:]]/\./g"`
DB_CONN="mysql://tracuser:<plain text root password for trac>@localhost/trac"
#DB_CONN="sqlite:db/trac.db"
REPOS_TYPE="git" # could be one of: "git", "mercurie" or "svn"
REPOS_DIR="/var/lib/git/${PRJ_NAME}.git"
TRAC_DIR="/var/local/trac"
TRAC_PRJS_DIR="${TRAC_DIR}/projects"
TRAC_PRJ_DIR="${TRAC_PRJS_DIR}/${PRJ_DIR}"
mkdir -p ${TRAC_PRJ_DIR}
trac-admin ${TRAC_PRJ_DIR} initenv "${PRJ_NAME}" "${DB_CONN}" "${REPOS_TYPE}" "${REPOS_DIR}"
#---

NOTE: If something goes wrong and you want to do it again just remove the directory (but be aware that the Trac content will be lost):
#---
rm -rf ${TRAC_DIR}
#---

2.1. CentOS:
Currently there is an open issue with GitPlugin and Trac working together on CentOS:
http://trac-hacks.org/ticket/3757
http://trac-hacks.org/ticket/8102

2.2. Git Repository setup:
#---
cat >> ${TRAC_PRJ_DIR}/conf/trac.ini << __END__
[git]
cached_repository = false
git_bin = /usr/bin/git
persistent_cache = false
shortrev_len = 7

[components]
tracext.git.* = enabled
__END__
#---



3. Setting up the Apache server:

I prefer this more complicated option because the odds are that you do not need yet another server running. Another assumption is that you will have several projects that also need separated tracking "spaces". For instance, you may start using technology "X" and latter on decide to migrate everything to technology "Y", so you probably do not want to mix bugs from "X" with "Y". This is, of course, obvious if you have software factory.

3.1. Create Web content (per project):

#---
TMP_DIR=`mktemp -d`
rm -rf ${TMP_DIR}
trac-admin ${TRAC_PRJ_DIR} deploy ${TMP_DIR}
mv ${TMP_DIR}/* ${TRAC_PRJ_DIR}
rm -rf ${TMP_DIR}
#---

3.2. Global configuration file (/etc/httpd/conf.d/trac.conf):
#---
cat > /etc/httpd/conf.d/trac.conf << __END__
#Global environment for Trac's CGI
<LocationMatch /cgi-bin/trac\.f?cgi>
SetEnv TRAC_ENV_PARENT_DIR "${TRAC_PRJS_DIR}"
</LocationMatch>
#Special environment for Trac's FastCGI CGI
<IfModule mod_fastcgi.c>
<LocationMatch /cgi-bin/trac\.fcgi>
FCGIDDefaultInitEnv TRAC_ENV_PARENT_DIR ${TRAC_PRJS_DIR}
</LocationMatch>
</IfModule>
#Python environment
<IfModule mod_python.c>
<LocationMatch "/trac/[^/]+/cgi-bin/trac.cgi>
SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir ${TRAC_PRJS_DIR}
</LocationMatch>
</IfModule>
##
# Authentication @ ${TRAC_DIR}/trac.htpasswd
# To add a new user:
# htpasswd ${TRAC_DIR}/trac.htpasswd <username>
#
##
<LocationMatch "/trac/[^/]+/login">
AuthType Basic
AuthName "Trac"
AuthUserFile ${TRAC_DIR}/trac.htpasswd
Require valid-user
</LocationMatch>
__END__
#---

3.3. Project specific configuration file (/etc/httpd/conf.d/trac-"<project name>".conf):
#---
cat > /etc/httpd/conf.d/trac-${PRJ_DIR}.conf << __END__
### Regular CGI
#ScriptAlias /trac/${PRJ_DIR} ${TRAC_PRJ_DIR}/cgi-bin/trac.cgi
### Fast CGI (default)
ScriptAlias /trac/${PRJ_DIR} ${TRAC_PRJ_DIR}/cgi-bin/trac.fcgi
__END__
#---

3.4. Authentication (via password file):

3.4.1. Creating the file AND admin user (JUST this ONE time):
#---
htpasswd -c ${TRAC_DIR}/trac.htpasswd admin
#---

3.4.2. Creating a regular user (notice the lack of '-c' parameter):
#---
htpasswd ${TRAC_DIR}/trac.htpasswd <username>
#---

3.4.3. Or use a generic safe single line:
#---
PASSFILE="${TRAC_DIR}/trac.htpasswd"
htpasswd `([[ -f ${PASSFILE} ]] && echo "" || echo "-c")` ${PASSFILE} admin
#---

#---
htpasswd `([[ -f ${PASSFILE} ]] && echo "" || echo "-c")` ${PASSFILE} <username>
#---

3.4.4. Check it out:
#---
cat ${PASSFILE}
#---

3.5. Security and SElinux:

3.5.1. SElinux and Trac:
#---
echo /usr/bin/chcon -R -v -t httpd_t \'${TRAC_DIR}\' | bash
#---

3.5.2. SElinux and Repository:
#---
echo /usr/bin/chcon -R -v -t httpd_t \'${REPOS_DIR}\' | bash
#---

4. Access and test:

#---
service httpd restart
firefox "http://localhost/trac/${PRJ_DIR}"
#---

C. Important files and directories:

1. Content:
/var/local/trac

2. Setup:
/var/local/trac/projects/<your project>/conf/trac.ini

3. Apache config:
3.1. General setup:
/etc/httpd/conf.d/trac.conf
3.2. Your project:
/etc/httpd/conf.d/trac-<your project>.conf

4. Logging:
/var/local/trac/projects/<your project>/log/

Wednesday, November 03, 2010

My Fedora 14 road map

- If you have had problems with automatically mounting LUKS partition, see my post addressing the issue here

- Add repositories:
-- RPM Fusion (free)
#---
rpm -Uvhi http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm
#---


-- RPM Fusion (non-free)
#---
rpm -Uvhi http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
#---


NOTE: There are currently some outage by the official repository, so try a mirror:
#---
rpm -Uvhi http://ftp.tu-chemnitz.de/pub/linux/rpmfusion/free/fedora/updates/14/i386/rpmfusion-free-release-14-0.4.noarch.rpm
rpm -Uvhi http://ftp.tu-chemnitz.de/pub/linux/rpmfusion/nonfree/fedora/updates/14/i386/rpmfusion-nonfree-release-14-0.4.noarch.rpm
#---


-- Adobe (Flash plugin, AdobeAIR and AcrobatReader)
#---
rpm -Uvhi http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm
#---


-- Adobe Flash for 64bits:
1. go to http://labs.adobe.com/downloads/flashplayer10.html
2. download the latest version for linux (a tar.gz file)
2.1. for me it was: http://download.macromedia.com/pub/labs/flashplayer10/flashplayer10_1_rc6_linux_052510.tar.gz
3. install it:
#---
tar -vxzf <file.tar.gz> -C /usr/lib64/mozilla/plugins/
#---

4. restart browser
5. check if it is working: about:plugins

-- JPackage:

#---
wget http://www.jpackage.org/jpackage17.repo -O /etc/yum.repos.d/jpackage.repo
#---


-- Chromium:

#---
wget http://repos.fedorapeople.org/repos/spot/chromium/fedora-chromium.repo -O /etc/yum.repos.d/fedora-chromium.repo
#---


--- Edit the /etc/yum.repos.d/jpackage.repo file:

If you want to work with J2EE, JBoss, and such change it to the following:
[jpackage-generic]
name=JPackage (free), generic
mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0
failovermethod=priority
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
enabled=1


-- Setting up a not-so-restricting SELinux: here

[update: remove before installing, thanks to a reader comment]
-- Remove things I do NOT like (do not remove xine if you prefer KDE):

--- Multimedia players that do not play divx/mp3 and stays as default for video and audio files:
#---
yum -y erase \
xine \
gxine* \
totem* \
brasero*
#---


--- This is REALLY annoying, it prevents mplayerplug-in from working properly:
#---
yum -y erase \
mozplugger
#---


-- Update your system:
#---
yum -y upgrade
#---


- Install additional software:

-- Chromium:
#---
yum -y install \
chromium
#---


-- Multimedia:
#---
yum -y install \
alsa-tools \
alsamixergui \
mplayer \
mencoder \
live555 \
gecko-mediaplayer \
gnome-mplayer \
vlc \
grip \
flash-plugin \
adobeair \
k3b \
k3b-extras-nonfree
#---


Because Adobe Reader is usually very slow to download, I keep it separated and leave it to be last installed.
#---
yum -y install \
AdobeReader_enu
#---


-- Spell-checking
--- Additional languages: German (de), Spanish (es), and Portuguese from Brazil (br)
#---
yum -y install \
hunspell-de \
hunspell-es \
hunspell-pt
#---


-- Email with sylpheed-claws
#---
yum -y install \
claws-mail \
claws-mail-plugins
#---


--- Turn SpamAssassin on (if you use it to filter your emails):
#---
chkconfig --level 345 spamassassin on
#---


-- XMMS with its most precious plug-ins
#---
yum -y install \
xmms \
xmms-libs \
xmms-skins.noarch \
xmms-mp3 \
xmms-faad2 \
xmms-flac \
xmms-arts \
xmms-esd \
xmms-musepack \
xmms-acme \
xmms2 \
xmms2-avcodec \
xmms2-faad \
xmms2-freeworld \
xmms2-mp4 \
xmms2-nonfree
#---


-- Pidgin, a very good IM client
#---
yum -y install \
pidgin \
pidgin-guifications \
pidgin-libnotify \
pidgin-otr \
pidgin-gfire \
pidgin-musictracker \
purple-plugin_pack-pidgin \
purple-plugin_pack-pidgin-xmms \
purple-facebookchat \
purple-microblog \
purple-msn-pecan
#---


--- If you use LaTeX you may find this plugin appealing:
#---
yum -y install \
pidgin-latex
#---


-- For kernel modules
#---
yum -y install \
kernel-PAE-devel \
kernel-headers
#---


--- For 64bit or old processors (non-PAE)
#---
yum -y install \
dkms \
kernel-devel \
kernel-headers
#---


-- Nautilus plug-ins
#---
yum -y install \
nautilus-open-terminal \
nautilus-search-tool \
nautilus-flac-converter \
nautilus-extensions
#---


-- Misc

--- Backups with Back In Time:
#---
yum -y install \
backintime-common \
backintime-gnome
#---


--- Diagrams and images, usually old stuff that I'm used to
#---
yum -y install \
ImageMagick \
graphviz \
dia \
gv \
xfig \
gnuplot \
inkscape
#---


--- Editors and related
#---
yum -y install \
gvim \
ctags \
dictd \
diction
#---


--- My beloved spreadsheet program
#---
yum -y install \
gnumeric
#---


--- Compression related programs
#---
yum -y install \
unrar \
p7zip
#---


--- Administration related programs
#---
yum -y install \
telnet \
lsof \
nmap \
nc \
traceroute \
mc \
tsclient \
AcetoneISO2 \
rdesktop
#---


--- Very nice "must-have" admin programs:
#---
yum -y install \
keepassx \
system-config-display \
gnome-password-generator
#---


--- For WLAN Cracking
#---
yum -y install \
aircrack-ng \
airsnort
#---


--- NVIDA
#---
yum -y install \
akmod-nvidia \
kmod-nvidia-PAE \
xorg-x11-drv-nvidia
#---


-- Note about the driver:
It messes the font resolution up (IMHO). So to keep the same aspect between the normal driver and the NVIDIA driver you need to edit the file: [/etc/X11/xorg.conf] and add the following line in the section Device:

Option "DPI" "90 x 90"

My section device looks like this:

Section "Device"
Identifier "Videocard0"
#Driver "nouveau"
Driver "nvidia"
Option "AddARGBGLXVisuals" "True"
Option "DPI" "90 x 90"
EndSection


-- Development
--- Some helper programs
#---
yum -y install \
ant
#---


--- My beloved debugging program
#---
yum -y install \
ddd
#---


--- Debug related programs
#---
yum -y install \
gdb \
gcc \
strace \
ltrace
#---


--- Java support:
#---
yum -y install \
gcc-java \
java-1.6.0-openjdk \
java-1.6.0-openjdk-plugin \
java-1.6.0-openjdk-javadoc \
java-1.6.0-openjdk-src \
java-1.5.0-gcj \
java-1.5.0-gcj-devel \
java-1.5.0-gcj-javadoc \
java-1.5.0-gcj-src
#---


--- JBoss support:
#---
yum -y install \
jbossas
#---


--- NetBeans:
#---
yum -y install \
netbeans
#---


--- Eclipse for Java:
#---
yum -y install \
eclipse-platform \
eclipse-ecj \
eclipse-jdt \
eclipse-cvs-client \
#---


--- For SVN support:
#---
yum -y install \
rapidsvn
#---


--- For GIT support:
#---
yum -y install \
git-all
#---


#---
yum -y install \
eclipse-subclipse \
eclipse-subclipse-book
#---


--- For C++ development:
#---
yum -y install \
eclipse-cdt
#---


--- Mylyn plugin:
#---
yum -y install \
eclipse-mylyn \
eclipse-mylyn-ide \
eclipse-mylyn-java \
eclipse-mylyn-bugzilla \
eclipse-mylyn-trac
#---


A note on the docs, you will find them in:

/usr/share/javadoc/java-1.5.0-gcj/
/usr/share/javadoc/java-1.6.0-openjdk/


-- Update your system:
#---
yum -y upgrade
#---


- Install and setup third-part programs
-- VirtualBox/VMware
-- Skype
-- Real Player (check for the RPM version)
-- Sun Java
-- Eclipse
-- NetBeans

- For a better experience when installing third-part software from Danger Mouse:
#---
rpm -Uvh http://dnmouse.org/autoten-4.6-4.fc13.noarch.rpm
#---


- Setup printers
- Backup [/etc] and [/boot/grub]
#---
tar -czf bkp-system.`/bin/date +"%Y%m%d-%H%M"`.tgz /etc /boot/grub
#---


- Some issues:
-- Acrobat Reader install its Firefox/Mozilla plug-in, which has a memory leak. I recommend to remove it. To do so:
-- Skype may need some extra configuration (see link for 64bits) and some SELinux relaxation (see link for SELinux).

#---
rm -f /usr/lib/mozilla/plugins/nppdf.so
#---


Related posts:
- Installing Skype in 64bits (external link)
- Mounting former LUKS partition
- SELinux
- Road map for Fedora 13
- Making USB to work with VirtualBox (external link)
- Adding security to SSH
- Backups with Back In Time

Monday, August 23, 2010

[update] Skype and MS VX-1000 WebCam

Ok here is the deal, since my last kernel update (2.6.33.6-147.2.4.fc13.x86_64) my webcam (a crappy Microsoft Corp. LifeCam VX-1000, USBID: 045e:00f7) stops working. No video and no microphone.

You have some options:

1. Back to the previous kernel (not a good idea)
2. Buy another camera (this one is really crappy, but an option for either)
3. Buy an extra microphone (I'm not kin of that either)
4. Do the hard work (what I'm going to show here)

[UPDATE] Still necessary for the kernel 2.6.33.8-149.fc13.x86_64
A.The Video

First of all to get the video running you need the following library (which you probably already have):
#---
yum -y install \
libv4l
#---


The creates a Skype start-up script:
#---
cat > ~/bin/skype-vl41compat.sh < __END__
export LD_PRELOAD=/usr/lib/libv4l/v4l1compat.so
/usr/bin/skype
__END__
#---

NOTE if you have a x86_64 it is the SAME script (the lib64 version does NOT work)

Changes the shortcut for Skype to: $HOME/bin/skype-vl41compat.sh. Now just check it out on Skype by testing the camera.

As an alternative you can follow the instructions here: http://dougsland.livejournal.com/107373.html (Very nicely done with screenshots and all).

[UPDATE] for kernel 2.6.33.8-149.fc13.x86_64 you do NOT need to recompile the audio driver
B. The Audio (Microphone)

Here is the tricky part, you need to compile the patched driver.
Get the latest driver from http://linuxtv.org/hg/~hgoede/gspca/ and compile it:

#---
wget http://linuxtv.org/hg/~hgoede/gspca/archive/tip.tar.gz
tar -vxzf tip.tar.gz -C /tmp
cd /tmp/`tar -vtzf tip.tar.gz | grep INSTALL | sed -e 's/.*\(gspca-.*\)INSTALL/\1/'`
make
make install
#---

Restart your box (it has updated the kernel modules) and have fun.

NOTE If the mic does not work you may need to restart the module:
#---
rmmod gspca_sonixj
modprobe gspca_sonixj
#---


References:
http://osdir.com/ml/ubuntu-http://www.blogger.com/img/blank.gifusers/2009-06/msg00531.html
http://dougsland.livejournal.com/107373.html

Monday, July 19, 2010

Fedora 13 and Hedgewars 0.9.13

Hedgewars is a nice game, try it :-)

1. Download and expand Hedgewars source code:
#---
wget http://fireforge.net/frs/download.php/541/hedgewars-src-0.9.13.tar.bz2
tar -xjf hedgewars-src-0.9.13.tar.bz2 -C /tmp/
#---


2. Install the following packages:
#---
yum -y install \
fpc \
gcc \
gcc-c++ \
qt-devel \
SDL-devel \
SDL_net-devel \
SDL_mixer-devel \
SDL_image-devel \
SDL_ttf-devel
#---


3. Compile the code:
#---
cd /tmp/hedgewars-src-0.9.13
cmake -Wno-dev
make
make install
#---


4. Code deployed at:

/usr/local/bin/hedgewars

and

/usr/local/share/hedgewars/

Have fun

Friday, June 18, 2010

Backups with Back In Time

I used to be a user of flyback (post here) but since it only launches updates for Debian/Ubuntu I started to look for another alternative. The best I could found was Back In Time. It works exactly like Flyback (rsync and hard links) :

http://backintime.le-web.org/

To install:
#---
yum -y install \
backintime-common \
backintime-gnome
#---


Related posts:
Time Machine on Linux

Sunday, June 13, 2010

Monitoring with Nagios

If planning on monitoring your servers, Nagios is the guy.

Official documentation:
http://www.nagios.org/documentation
http://nagios.sourceforge.net/docs/3_0/toc.html

For Fedora configuration and SElinux issues refer to:
http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html

Install the necessary packages:
#---
yum -y install \
httpd \
php \
nagios \
nagios-plugins-all
#---


Main configuration and relevant files:
/etc/httpd/conf.d/nagios.conf -- (refer further on by the alias http-nagios)
/var/log/httpd/error_log -- error_log (alias)
/var/log/httpd/access_log -- access_log (alias)
/etc/nagios/passwd -- pass_nagios (alias)
/etc/nagios/nagios.cfg -- cfg_nagios (alias)
/etc/nagios/cgi.cfg -- cgi_nagios (alias)


The default user is "nagios" (specified in http-nagios) and you need to set its password before trying to access your fresh Nagios site
#---
htpasswd -c /etc/nagios/passwd nagios
#---


Add further users, such as the nagiosadmin, with:
#---
htpasswd /etc/nagios/passwd nagiosadmin
#---

Check it:
#---
cat /etc/nagios/passwd
#---


Setup Nagios to accept access from the nagios user: editing the cgi_nagios file and change it to have the following settings:

...
authorized_for_system_information=nagiosadmin,nagios
...
authorized_for_all_services=nagiosadmin,nagios
authorized_for_all_hosts=nagiosadmin,nagios
...
authorized_for_read_only=nagios
...


Note: every time you change your cgi_nagios file you need to restart the nagios service:
#---
service nagios restart
#---


Start the services:
#---
service httpd start
service nagios start
#---


Set services to run automatically:
#---
chkconfig --level 345 httpd on
chkconfig --level 345 nagios on
#---


Try to access the home-page:
http://127.0.0.1/nagios/
or
http://127.0.0.1/nagios/index.php

Note: This is VERY important to notice that it is NOT localhost but 127.0.0.1. You can change it on http-nagios file.
Troubleshooting: If have any problem look at error_log file and check if the user is actually on the pass_nagios file.

Wednesday, May 26, 2010

Mounting former LUKS partition

To mount existing LUKS partitions in your disk:

#---
REAL_DEVICE="/dev/<like sda5>"
MOUNTING_POINT="<Where in the disk, like /home>"
FSTYPE="<someting like ext4>"
UUID=`cryptsetup luksUUID ${REAL_DEVICE}`
LUKS_DEVICE="luks-${UUID}"
cryptsetup luksOpen ${REAL DEVICE} ${LUKS_DEVICE}
mount /dev/mapper/${LUKS_DEVICE} ${MOUNTING_POINT}
echo "/dev/mapper/${LUKS_DEVICE} ${MOUNTING_POINT} defaults 1 3" >> /etc/fstab
#---

[updated] My Fedora 13 road map

- If you have had problems with automatically mounting LUKS partition, see my post addressing the issue here

- Add repositories:
-- RPM Fusion (free)
#---
rpm -Uvhi http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm
#---

-- RPM Fusion (non-free)
#---
rpm -Uvhi http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
#---
-- Adobe (flash plugin)
#---
rpm -Uvhi http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm
#---


-- Adobe Flash for 64bits:
1. go to http://labs.adobe.com/downloads/flashplayer10.html
2. download the latest version for linux (a tar.gz file)
2.1. for me it was: http://download.macromedia.com/pub/labs/flashplayer10/flashplayer10_1_rc6_linux_052510.tar.gz
3. install it:
#---
tar -vxzf <file.tar.gz> -C /usr/lib64/mozilla/plugins/
#---

4. restart browser
5. check if it is working: about:plugins

-- JPackage:

#---
wget http://www.jpackage.org/jpackage17.repo -O /etc/yum.repos.d/jpackage.repo
#---


-- Chromium:

#---
wget http://repos.fedorapeople.org/repos/spot/chromium/fedora-chromium.repo -O /etc/yum.repos.d/fedora-chromium.repo
#---


--- Edit the /etc/yum.repos.d/jpackage.repo file:

If you want to work with J2EE, JBoss, and such change it to the following:
[jpackage-generic]
name=JPackage (free), generic
mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0
failovermethod=priority
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
enabled=1


-- Setting up a not-so-restricting SELinux: here

[update: remove before installing, thanks to a reader comment]
-- Remove things I do NOT like (do not remove xine if you prefer KDE):

--- Multimedia players that do not play divx/mp3 and stays as default for video and audio files:
#---
yum -y erase \
xine \
gxine* \
totem*
#---


--- This is REALLY annoying, it prevents mplayerplug-in from working properly:
#---
yum -y erase \
mozplugger
#---


-- Update your system:
#---
yum -y upgrade
#---


- Install additional software:

-- Chromium:
#---
yum -y install \
chromium
#---


-- Multimedia:
#---
yum -y install \
alsa-tools \
alsamixergui \
mplayer \
mencoder \
live555 \
gecko-mediaplayer \
gnome-mplayer \
vlc \
grip \
flash-plugin \
k3b \
k3b-extras-nonfree
#---


Because Adobe Reader is usually very slow to download, I keep it separated and leave it to be last installed.
#---
yum -y install \
AdobeReader_enu
#---


-- Spell-checking
--- Additional languages: German (de), Spanish (es), and Portuguese from Brazil (br)
#---
yum -y install \
hunspell-de \
hunspell-es \
hunspell-pt
#---


-- Email with sylpheed-claws
#---
yum -y install \
claws-mail \
claws-mail-plugins
#---


--- Turn SpamAssassin on (if you use it to filter your emails):
#---
chkconfig --level 345 spamassassin on
#---


-- XMMS with its most precious plug-ins
#---
yum -y install \
xmms \
xmms-libs \
xmms-skins.noarch \
xmms-mp3 \
xmms-faad2 \
xmms-flac \
xmms-arts \
xmms-esd \
xmms-musepack \
xmms-acme \
xmms2 \
xmms2-avcodec \
xmms2-faad \
xmms2-freeworld \
xmms2-mp4 \
xmms2-nonfree
#---


-- Pidgin, a very good IM client
#---
yum -y install \
pidgin \
pidgin-guifications \
pidgin-libnotify \
pidgin-otr \
pidgin-gfire \
pidgin-musictracker \
purple-plugin_pack-pidgin \
purple-plugin_pack-pidgin-xmms \
purple-facebookchat \
purple-microblog \
purple-msn-pecan
#---


--- If you use LaTeX you may find this plugin appealing:
#---
yum -y install \
pidgin-latex
#---


-- For kernel modules
#---
yum -y install \
kernel-PAE-devel \
kernel-headers
#---


--- For 64bit or old processors (non-PAE)
#---
yum -y install \
kernel-devel \
kernel-headers
#---


-- Nautilus plug-ins
#---
yum -y install \
nautilus-open-terminal \
nautilus-search-tool \
nautilus-flac-converter \
nautilus-extensions
#---


-- Misc

--- Backups with Back In Time:
#---
yum -y install \
backintime-common \
backintime-gnome
#---


--- Diagrams and images, usually old stuff that I'm used to
#---
yum -y install \
ImageMagick \
graphviz \
dia \
gv \
xfig \
xpdf \
gnuplot \
inkscape \
grace
#---


--- Editors and related
#---
yum -y install \
gvim \
ctags \
kile \
dictd \
diction
#---


--- My beloved spreadsheet program
#---
yum -y install \
gnumeric
#---


--- Compression related programs
#---
yum -y install \
unrar \
p7zip
#---


--- Administration related programs
#---
yum -y install \
telnet \
lsof \
nmap \
nc \
traceroute \
mc \
tsclient \
AcetoneISO2 \
rdesktop
#---


--- Very nice "must-have" admin programs:
#---
yum -y install \
keepassx \
system-config-display \
gnome-password-generator
#---


--- For WLAN Cracking
#---
yum -y install \
aircrack-ng \
airsnort
#---


--- NVIDA
#---
yum -y install \
akmod-nvidia \
kmod-nvidia-PAE \
xorg-x11-drv-nvidia
#---


-- Note about the driver:
It messes the font resolution up (IMHO). So to keep the same aspect between the normal driver and the NVIDIA driver you need to edit the file: [/etc/X11/xorg.conf] and add the following line in the section Device:

Option "DPI" "90 x 90"

My section device looks like this:

Section "Device"
Identifier "Videocard0"
#Driver "nouveau"
Driver "nvidia"
Option "AddARGBGLXVisuals" "True"
Option "DPI" "90 x 90"
EndSection


-- Development
--- Some helper programs
#---
yum -y install \
ant
#---


--- My beloved debugging program
#---
yum -y install \
ddd
#---


--- Debug related programs
#---
yum -y install \
gdb \
gcc \
strace \
ltrace
#---


--- Java support:
#---
yum -y install \
gcc-java \
java-1.6.0-openjdk \
java-1.6.0-openjdk-plugin \
java-1.6.0-openjdk-javadoc \
java-1.6.0-openjdk-src \
java-1.5.0-gcj \
java-1.5.0-gcj-devel \
java-1.5.0-gcj-javadoc \
java-1.5.0-gcj-src
#---


--- JBoss support:
#---
yum -y install \
jbossas
#---


--- NetBeans:
#---
yum -y install \
netbeans
#---


--- Eclipse for Java:
#---
yum -y install \
eclipse-platform \
eclipse-ecj \
eclipse-jdt \
eclipse-cvs-client \
#---


--- For SVN support:
#---
yum -y install \
rapidsvn
#---


--- For GIT support:
#---
yum -y install \
git-all
#---


#---
yum -y install \
eclipse-subclipse \
eclipse-subclipse-book
#---


--- For C++ development:
#---
yum -y install \
eclipse-cdt
#---


--- Mylyn plugin:
#---
yum -y install \
eclipse-mylyn \
eclipse-mylyn-ide \
eclipse-mylyn-java \
eclipse-mylyn-bugzilla \
eclipse-mylyn-trac
#---


A note on the docs, you will find them in:

/usr/share/javadoc/java-1.5.0-gcj/
/usr/share/javadoc/java-1.6.0-openjdk/


-- Update your system:
#---
yum -y upgrade
#---


- Install and setup third-part programs
-- VirtualBox/VMware
-- Skype
-- Real Player (check for the RPM version)
-- Sun Java
-- Eclipse
-- NetBeans

- For a better experience when installing third-part software from Danger Mouse:
#---
rpm -Uvh http://dnmouse.org/autoten-4.6-4.fc13.noarch.rpm
#---


- Setup printers
- Backup [/etc] and [/boot/grub]
#---
tar -czf bkp-system.`/bin/date +"%Y%m%d-%H%M"`.tgz /etc /boot/grub
#---


- Some issues:
-- Acrobat Reader install its Firefox/Mozilla plug-in, which has a memory leak. I recommend to remove it. To do so:
-- Skype may need some extra configuration (see link for 64bits) and some SELinux relaxation (see link for SELinux).

#---
rm -f /usr/lib/mozilla/plugins/nppdf.so
#---


Related posts:
- Installing Skype in 64bits (external link)
- Mounting former LUKS partition
- SELinux
- Road map for Fedora 12
- Making USB to work with VirtualBox (external link)
- Adding security to SSH
- Backups with Back In Time

Friday, April 02, 2010

[updated] JsUnit and Firefox mysterious timeout

Here is the thing. I was trying to get my JsUnit Tests to work using Firefox 3.x and it wont work no matter what.

[UPDATE] (Thank you Kevin, see comments)
Before you start using JsUnit you NEED to keep in mind that ALL inputs must be FULL qualified and not just relative paths.
[UPDATE]

I kept on getting timeout from the Runner. I use the runner locally rather than letting it be o server mode or even on my Apache config. So here is my test environment:

1. Software:
1.1. Firefox 3.6.2 (but the same happens on 3.x)
1.2. JsUnit 2.2
1.3. OS: Fedora 12

2. Run the JsUnit TestRunner locally, like: file:///var/local/jsunit/testRunner.html
3. Inform a local html test page, like: file:///home/gustavo/projects/jsunit-tsts/failingTest.html (which is a copy of $JSUNIT_HOME/tests/failingTest.html, setting the path to jsUnitCore.js correctly)
4. Hit Run

Then I got:

Reading Test Page file:///home/gustavo/projects/jsunit-tsts/failingTest.html timed out.
Make sure that the file exists and is a Test Page.


It does not make any sense, since running the same test from JsUnit it works: file:///var/local/jsunit/tests/failingTest.html

So I Google it and found this page: http://siliconforks.com/jscoverage/faq.html (oddly enough).

The answer is: Firefox has a very strict policy about accessing local files, thus preventing JsUnit TestRunner to run my tests.

Solution:

1. Go to your configuration page: about:config
2. Search for: security.fileuri.strict_origin_policy
3. And set it to FALSE

NOTE: This presents a security problem, so do yourself a favour and get another Firefox profile to run your tests and not to browse.

Now the tricky part: I like organizing and this means that I want to use Test Suites and modularize my tests. But the documentation does not tell you a very dirty story about that: You need full path when running tests like I do (local file URLs) and thus the relative paths do not work properly. Lets go to the example:

The test suite page snippet:

<script type="text/javascript">

function suite() {

var result = new top.jsUnitTestSuite();
var currentURL = location.href;

<!-- extract the current URL path -->
currentURL = currentURL.substr(0, currentURL.lastIndexOf("/", currentURL.length));

<!-- prepend each test page relative URL with the current URL path -->
result.addTestPage(currentURL + "/html_tst/my_tests.html");

return result;
}
</script>


The tree structure:


SOME WHERE IN YOUR DISK:
testSuite.html
html_tst/my_tests.html



If you do not fully qualify the test page path (the currentURL part) you get a time-out when trying to load the test suite with the sub-pages.

Have fun!

Wednesday, March 24, 2010

Installing Atlassian FishEye and Crucible

Here I will explain how to install another Atlassian tool, the Fisheye (v2.2.1) (see the previous post for more about JIRA and Confluence). This documentation is based on the original guide, which I recommend you to read:


http://confluence.atlassian.com/display/FISHEYE/FishEye+Installation+Guide


1. First you need to download it. You can go to the download page: http://www.atlassian.com/software/fisheye/FishEyeDownloadCenter.jspa or get it with:

#---
wget http://www.atlassian.com/software/fisheye/downloads/binary/fisheye-2.2.1.zip
#---


I will assume that you already done the first steps from the JIRA and Confluence installation guide (MySQL + Tomcat) and that you have a running SVN server (see installation here). It is also assumed that you already enrolled a license for FishEye and Crucible. Have it handy.

2. To install FishEye you need to decompress the archive file:
#---
unzip fisheye-2.2.1.zip -d /usr/local/
#---


3. You need to create the database for FishEye and Crucible (I assume that the daemon is running):
#---
mysql -u root -p
#---


4. At the MySQL shell:
#---
CREATE DATABASE fisheyedb CHARACTER SET utf8;
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER,INDEX,LOCK TABLES ON fisheyedb.* TO 'fisheyeuser'@'localhost' IDENTIFIED BY '';
FLUSH PRIVILEGES;
\q
#---


5. Check if you can access the databases:
#---
mysql \--user=fisheyeuser \--password= \--database=fisheyedb
#---


6. Then prepare for running:
#---
export FISHEYE_HOME="/usr/local/fecru-2.2.1/"
mkdir -p /var/local/atlassian/fisheye
export FISHEYE_INST="/var/local/atlassian/fisheye"
export JAVA_HOME="/usr/java/default/"
export JRE_HOME="/usr/java/default/jre/"
cp $FISHEYE_HOME/config.xml $FISHEYE_INST/
cd $FISHEYE_HOME/bin
./run.sh
#---


6.1. Wait until the server is up an than go to: http://localhost:8060/

7. Go directly to the Database Configuration and provide the following fields with the following data:

Type: MySQL
URL: jdbc:mysql://localhost/fisheyedb
User Name: fisheyeuser
Password: <plain text pass for fisheyeuser>


Hit "Test Connection" and than "Save & Migrate"

8. Go to Users and add a user putting it as administrator (in Administrators)

9. Add a user to your JIRA Server, if you have one: http://localhost:8080/jira

10. Set JIRA to accept API remote calls:
Administration -> General Configuration -> Accept remote API calls (must be ON)

11. Then return to FishEye and configure your JIRA server with the corresponding user. (You have to have at least one project).

12. Add a user in SVN by editing the files (for the very crude installation): [/var/svn/<repository>/conf/passwd]

13. Then return to FishEye and configure your SVN repository: svn://localhost/var/svn/<project>

P.S.: You may need to add an additional rule to your IPtables in the file [/etc/sysconfig/iptables]:

...
# Tomcat (FishEye)
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8060 -j ACCEPT
...


#---
service iptables restart
#---


Related posts:
JIRA and Confluence instalation: http://gka-linux.blogspot.com/2010/03/jira-and-confluence.html
SVN instalation: http://gka-linux.blogspot.com/2009/07/subversion-and-apache-with-pam.html

Sunday, March 21, 2010

Postfix + Cyrus SASL + TLS

Setting up Postfix as a relay:

A. Postfix basic configuration:

1. You need to install Posftix and Cyrus for authentication (you definitely do not want an open relay).
#---
yum -y install \
postfix \
cyrus-sasl \
cyrus-sasl-lib \
cyrus-sasl-md5 \
cyrus-sasl-ntlm \
cyrus-sasl-plain
#---


1.1. If you want Postfix, remove sendmail.
#---
yum -y remove \
sendmail
#---


2. Edit your IPtables configuration file and add the following line (you will change it when we are done) to the file [/etc/sysconfig/iptables]:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 --source 127.0.0.1 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 587 --source 127.0.0.1 -j ACCEPT


3. Restart Postfix and check if you can access it:
#---
service postfix restart
telnet 127.0.0.1 25
#---


3.1. You must become something like this:
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 note ESMTP Postfix


4. Configuring Postfix for relay:
#---
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
service postfix reload
#---


4.1. This has the same effect as adding the parameter directly to [/etc/postfix/main.cf].

5. Set your relay host:
#---
postconf -e 'relayhost ='
postconf -e 'myhostname = <your mail server, such as mx.yourdomain.com>'
service postfix reload
#---


5.1. Check if you can send emails:

5.2. On the telnet prompt give the following commands, but on another terminal keep track of the file [/var/log/maillog]

5.2.1. Terminal A:
#---
tail -f /var/log/maillog
#---


5.2.2. Terminal B:
#---
telnet 127.0.0.1 25


EHLO localhost
MAIL FROM: root@localhost
RCPT TO: <some external valid email>
DATA
Subject:Test mail

Testing email relay
.
QUIT

#---

5.2.3. It should come something like this by Terminal A:
Mar 20 16:59:43 note postfix/smtpd[8705]: connect from localhost[127.0.0.1]
Mar 20 16:59:50 note postfix/smtpd[8705]: improper command pipelining after HELO from localhost[127.0.0.1]
Mar 20 16:59:50 note postfix/smtpd[8705]: 6694A6AB62: client=localhost[127.0.0.1]
Mar 20 16:59:50 note postfix/cleanup[8722]: 6694A6AB62: message-id=<20100320195950.6694A6AB62@localhost>
Mar 20 16:59:50 note postfix/qmgr[8691]: 6694A6AB62: from=<root@localhost.localdomain>, size=376, nrcpt=1 (queue active)
Mar 20 16:59:52 note postfix/smtpd[8705]: disconnect from localhost[127.0.0.1]
Mar 20 16:59:53 note postfix/smtp[8694]: 20C526AB51: to=<some external valid email>, relay=<external mail server>[<ip address>]:25, delay=1215, delays=1167/0.02/6.9/41, dsn=2.0.0, status=sent (250 2.0.0 OK 1269115192 10si2969636yxe.131)
Mar 20 16:59:53 note postfix/qmgr[8691]: 20C526AB51: removed


Your email wont be delivered if the destination server checks if you are an actual registered mail exchanger (mx entry of your domain). But you may get lucky (for instance, google accepted my emails, even though it threw them in the Spam box).

6. If everything worked until this point you need to setup authentication (remember until here you are an open relay, even though you blocked external incoming connections via IPtables).

B. Prepare Postfix for using TLS.

NOTE: Because this documentation is "education"-purposed only I will skip the proper TLS configuration (this means that I'm skipping the certificate generation step) but you can easily get further information at: http://www.postfix.org/TLS_README.html

#---
postconf -e 'smtpd_tls_cert_file = none' # no CA signed file
postconf -e 'smtpd_tls_loglevel = 1' # get at least handshake logging
service postfix restart
#---


C. Setting Cyrus up as its authentication server:

NOTE: You have basically two authentication options: internal authentication (using local users) or external authentication (using an additional user/password database). I will approach the 'shadow' (internal authentication) and 'sasldb' (Cyrus built-in external authentication database). You may customize for your own needs, like LDAP, SQL (MySQL for instance), etc. But that is not my concern here.

C.1. Using the internal authentication (local users):

1. This is the simplest method and pretty straight forward. So first you create a local test user:
#---
adduser -b /tmp -s /sbin/nologin -c "Cyrus SASL authentication test account" -p tst smtptst
#---


2. Set SASL tu use local authentication by editing [/etc/sysconfig/saslauthd] and setting the MECH variable to shadow:

...
MECH=shadow
...


3. Restart and test if it is working:
#---
service saslauthd restart
testsaslauthd -u smtptst -p tst -s smtp
#---


You should get:
0: OK "Success."

C.2. Using 'sasldb' to authenticate users:

1. First and MOST important step: setup PAM at [/etc/pam.d/smtp]
#---
cat > /etc/pam.d/smtp << __END__
#%PAM-1.0
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
password required pam_permit.so
__END__
#---


2. Set Cyrus to use PAM by editing [/etc/sysconfig/saslauthd] and setting the MECH variable to pam:

...
MECH=pam
...


3. Set Cyrus to use sasldb:
#---
cat > /usr/lib/sasl2/smtpd.conf << __END__
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: plain login cram-md5 digest-md5 ntlm
__END__
#---


3.1. To add a user to sasldb:
#---
## this one is for domain specific
saslpasswd2 -c -u <your domain> smtptst2
## this is for internal services that also send emails
saslpasswd2 -c smtptst2
#---


NOTE: for testing purposes I assume that you set the password to 'tst'

3.2. Check if it was included:
#---
sasldblistusers2 ## password will be substituted by the 'userPassword' string
#---


3.3. Set the right permissions:
#---
chmod 640 /etc/sasldb2
chown root:mail /etc/sasldb2
#---


4. Restart and test if it is working:
#---
service saslauthd restart
testsaslauthd -u smtptst2 -p tst -s smtp
#---


You should get:
0: OK "Success."

D. Setting Postfix up to enforce authentication using TLS through SASL:
#---
postconf -e 'myhostname = localhost' ## change for your actual hostname
postconf -e 'smtpd_client_restrictions = permit_sasl_authenticated,reject' ## some protection
postconf -e 'smtpd_sasl_type = cyrus' ## just be explicit about this
postconf -e 'smtpd_sasl_path = smtpd' ## just be explicit about this
postconf -e 'smtpd_sasl_auth_enable = yes' ## use authentication
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous' ## enforce authentication
postconf -e 'smtpd_sasl_tls_security_options = $smtpd_sasl_security_options'
postconf -e 'broken_sasl_auth_clients = yes' ## for Outlook
service postfix restart
#---


1. Testing everything together:
#---
telnet localhost 25
#---


1.1. Type:
EHLO localhost
AUTH LOGIN


Then enter the full qualified username encoded in base64:

1.1.1. Internal user:
#---
perl -MMIME::Base64 -e 'print encode_base64("smtptst\@localhost")'
#---


1.1.2. SASLDB user:
#---
perl -MMIME::Base64 -e 'print encode_base64("smtptst2\@localhost")'
#---


Then enter the password encoded in base64:
#---
perl -MMIME::Base64 -e 'print encode_base64("tst")'
#---


Then follow as usual:

MAIL FROM: smtptst@localhost
RCPT TO: <some external valid email>
DATA
Subject:Test mail

Testing email relay
.
QUIT


#---

1.2. It all should look like this:

telnet 0 25
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
220 localhost ESMTP Postfix
EHLO tst
250-localhost
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH NTLM PLAIN CRAM-MD5 DIGEST-MD5 LOGIN
250-AUTH=NTLM PLAIN CRAM-MD5 DIGEST-MD5 LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
bXh1c2VyQGxvY2FsaG9zdA==
334 UGFzc3dvcmQ6
dHN0
235 2.7.0 Authentication successful
MAIL FROM: smtptst@localhost
250 2.1.0 Ok
RCPT TO: <some external valid email>
250 2.1.5 Ok
DATA
Subject:Test mail

Testing email relay
.
QUIT

354 End data with <CR><LF>.<CR><LF>
250 2.0.0 Ok: queued as 0C4B861845
221 2.0.0 Bye
Connection closed by foreign host.


2. Cleaning up:
#---
userdel smtptst
saslpasswd2 -d smtptst2
#---


3. Opening IPTables up at [/etc/sysconfig/iptables]:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 587 -j ACCEPT


Relevant configuration files:
SASL: /usr/lib/sasl2/smtpd.conf
SASL user mapping: /etc/postfix/sasl_passwd
Postfix: /etc/postfix/main.cf
IPtables: /etc/sysconfig/iptables


Relevant log files:
Security/authentication related: /var/log/secure
Mail: /var/log/maillog
General process: /var/log/messages

Wednesday, March 17, 2010

Jira and Confluence - Backup

This is a follow-up from my previous post about how to install and configure Jira and Confluence.

Backing everything up:

Create the backup directory:
#---
mkdir -p /var/local/atlassian-bkp/
chmod 750 /var/local/atlassian-bkp/
#---


Create the backup script:
#---
cat > /var/local/atlassian-bkp/atlassian_bkp.sh << __END__
#!/bin/sh
#
# Author: Gustavo Kuhn Andriotti
# Date: 2010.03.17
#

####
## Needed variables, you should edit only this
####

## general
BACKUP_DIR="/var/local/atlassian-bkp/"
DATE=\`date --utc +%Y%m%d-%H%M%S\`
LOG_FILE="\${BACKUP_DIR}/bkp-\${DATE}.log"

## JIRA
JIRA_DIR="/var/local/atlassian/jira/"
JIRA_DB="jiradb"
JIRA_USER="jirauser"
JIRA_PASS=""
## Confluence
CONFLUENCE_DIR="/var/local/atlassian/confluence/"
CONFLUENCE_DB="confluencedb"
CONFLUENCE_USER="confluenceuser"
CONFLUENCE_PASS=""

## services
STOP_TOMCAT="Y"
STOP_MYSQL="N"

####
## Stop relevant services
## You may not want to do this
####

echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Starting backup" > \${LOG_FILE}

## tomcat
if [ "Y" == \${STOP_TOMCAT} ]
then
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Stopping Tomcat" >> \${LOG_FILE}
service tomcat5 stop
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Tomcat stopped" >> \${LOG_FILE}
fi
## mysql
if [ "Y" == \${STOP_MYSQL} ]
then
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Stopping MySQL" >> \${LOG_FILE}
service mysqld stop
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" MySQL Stopped" >> \${LOG_FILE}
fi

####
## Backup databases
####

## General
mkdir -p \${BACKUP_DIR}

## JIRA
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backing the JIRA database up" >> \${LOG_FILE}
BKP_FILE="\${BACKUP_DIR}/\${JIRA_DB}-\${DATE}.gz"
mysqldump -B \${JIRA_DB} -u \${JIRA_USER} -p\${JIRA_PASS} | gzip -c - > \${BKP_FILE}
chmod 400 \${BKP_FILE}
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" JIRA database backed up at: \${BKP_FILE}" >> \${LOG_FILE}

## CONFLUENCE
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backing the Confluence database up" >> \${LOG_FILE}
BKP_FILE="\${BACKUP_DIR}/\${CONFLUENCE_DB}-\${DATE}.gz"
mysqldump -B \${CONFLUENCE_DB} -u \${CONFLUENCE_USER} -p\${CONFLUENCE_PASS} | gzip -c - > \${BKP_FILE}
chmod 400 \${BKP_FILE}
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Confluence database backed up at: \${BKP_FILE}" >> \${LOG_FILE}

####
## Backup files
####

## JIRA
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backing the JIRA files up" >> \${LOG_FILE}
BKP_FILE="\${BACKUP_DIR}/\`basename \${JIRA_DIR}\`-\${DATE}.tgz"
tar -czf \${BKP_FILE} \${JIRA_DIR}
chmod 400 \${BKP_FILE}
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" JIRA files backed up at: \${BKP_FILE}" >> \${LOG_FILE}

## Confluence
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backing the Confluence files up" >> \${LOG_FILE}
BKP_FILE="\${BACKUP_DIR}/\`basename \${CONFLUENCE_DIR}\`-\${DATE}.tgz"
tar -czf \${BKP_FILE} \${CONFLUENCE_DIR}
chmod 400 \${BKP_FILE}
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Confluence files backed up at: \${BKP_FILE}" >> \${LOG_FILE}

####
## Start services if they were stopped
####

## mysql
if [ "Y" == \${STOP_MYSQL} ]
then
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Starting MySQL" >> \${LOG_FILE}
service mysqld start
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" MySQL Started" >> \${LOG_FILE}
fi

## tomcat
if [ "Y" == \${STOP_TOMCAT} ]
then
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Starting Tomcat" >> \${LOG_FILE}
rm -f \${JIRA_DIR}/.jira-home.lock
service tomcat5 start
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Tomcat started" >> \${LOG_FILE}
fi

####
## Done
####
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backup done!" >> \${LOG_FILE}
__END__
chmod 750 /var/local/atlassian-bkp/atlassian_bkp.sh
#---

NOTE: DO edit the resulting file: /var/local/atlassian-bkp/atlassian_bkp.sh to put the correct passwords for the database users.

It will store all backups at /var/local/atlassian-bkp/ and a typical backup will have a file list as follows:

-rwxr-xr-x. 1 root root 3112 2010-03-17 19:32 atlassian_bkp.sh
-rw-r--r--. 1 root root 796 2010-03-17 19:32 bkp-20100317-223145.log
-r--------. 1 root root 181902319 2010-03-17 19:32 confluence-20100317-223145.tgz
-r--------. 1 root root 8572 2010-03-17 19:31 confluencedb-20100317-223145.gz
-r--------. 1 root root 79531583 2010-03-17 19:31 jira-20100317-223145.tgz
-r--------. 1 root root 15302 2010-03-17 19:31 jiradb-20100317-223145.gz


Test the script:
#---
sh -x /var/local/atlassian-bkp/atlassian_bkp.sh
#---


Put the script in the crontab (daily):
#---
ln /var/local/atlassian-bkp/atlassian_bkp.sh /etc/cron.daily/atlassian
#---


Notice that it is a HARD link to the cron.daily, so that when you edit the original file it also reflects a change at the crontab.

BUT to remove the file completely you MUST remove from BOTH locations:
#---
rm -f /var/local/atlassian-bkp/atlassian_bkp.sh
rm -f /etc/cron.daily/atlassian
#---


Checkout if the starting time is okay for you (the standard is 03:00):
#---
cat /etc/anacrontab
#---


Related posts:
Installation and configuration: http://gka-linux.blogspot.com/2010/03/jira-and-confluence.html

Sunday, March 14, 2010

[UPDATE] Jira and Confluence

I will not explain what are Jira (v4.0.2) and Confluence (v3.1.2) (read at their corresponding description) but how to put both of them to run in a Fedora box using MySQL and Tomcat v5.5 (just one).

This procedure is based on the original documentation (given below) and when in doubt please DO read the originals.

Jira: http://confluence.atlassian.com/display/JIRA/Installing+JIRA+on+Tomcat+5.5
Confluence: http://confluence.atlassian.com/display/DOC/Installing+Confluence+EAR-WAR+on+Tomcat


NOTE: Before you start installing please do get it handy both licenses. I will also assume that you already downloaded both programs in the WAR/EAR form. This is *VERY* important because you do *NOT* want the standalone versions. The links are provided here: Jira v4.0.2 and Confluence v3.1.2.

Or:
#---
wget http://www.atlassian.com/software/jira/downloads/binary/atlassian-jira-enterprise-4.0.2.tar.gz
wget http://www.atlassian.com/software/confluence/downloads/binary/confluence-3.1.2.tar.gz
#---


1. Install the necessary software:
#---
yum -y install \
mysql \
mysql-server \
mysql-connector-java \
javamail \
tomcat5
#---


2. Install Sun's JDK:
JDK: http://java.sun.com/javase/downloads/widget/jdk6.jsp

Get the some additional libs from Atlassian:
#---
wget http://confluence.atlassian.com/download/attachments/200709089/jira-jars-tomcat5.zip
#---


3. Put the necessary libs in the Tomcat lib dir:
#---
unzip jira-jars-tomcat5.zip -d /tmp/
mv /tmp/jira-jars-tomcat5/*.jar /var/lib/tomcat5/common/lib/
rm -rf /tmp/jira-jars-tomcat5/
unzip jaf-1_1_1.zip -d /tmp/
mv /tmp/jaf-1.1.1/activation.jar /var/lib/tomcat5/common/lib/
rm -rf /tmp/jaf-1.1.1/
ln -s /usr/share/java/mysql-connector-java-5.1.12.jar /var/lib/tomcat5/common/lib
ln -s /usr/share/java/javamail/mail-1.4.3.jar /var/lib/tomcat5/common/lib
ln -s /usr/share/java/javamail/dsn-1.4.3.jar /var/lib/tomcat5/common/lib
#---


4. Create a build directory for Jira and Confluence:
#---
mkdir -p /usr/local/atlassian/
tar -vxzf atlassian-jira-enterprise-4.0.2.tar.gz -C /usr/local/atlassian/
tar -vxzf confluence-3.1.2.tar.gz -C /usr/local/atlassian/
#---


5. Create the home directory for Jira and Confluence:
#---
mkdir -p /var/local/atlassian/jira/
mkdir -p /var/local/atlassian/confluence/
#---


6. Forces Tomcat to use Sun's JRE by editing [/etc/tomcat5/tomcat5.conf] and setting the following variables:

JAVA_HOME="/usr/java/default/"
JRE_HOME="/usr/java/default/jre/"


Also add the following statements (do NOT remove the already existing ones, just ADD):

JAVA_OPTS="$JAVA_OPTS -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Xms128m -Xmx512m -XX:MaxPermSize=256m"

7. Prepare the MySQL:

You need to create the databases for Jira and Confluence:
#---
mysql -u root -p
#---


[UPDATE]
At the MySQL shell:
#---
CREATE DATABASE jiradb CHARACTER SET utf8;
CREATE DATABASE confluencedb CHARACTER SET utf8;
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER,INDEX,LOCK TABLES ON jiradb.* TO 'jirauser'@'localhost' IDENTIFIED BY '<plain text pass for jirauser>';
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER,INDEX,LOCK TABLES ON confluencedb.* TO 'confluenceuser'@'localhost' IDENTIFIED BY '<plain text pass for confluenceuser>';
FLUSH PRIVILEGES;
\q
#---


Check if you can access the databases:
#---
mysql \--user=jirauser \--password=<plain text pass for jirauser> \--database=jiradb
#---


#---
mysql \--user=confluenceuser \--password=<plain text pass for confluenceuser> \--database=confluencedb
#---


8. Install Jira:

8.1. Set Jira to use MySQL in the file [/usr/local/atlassian/atlassian-jira-enterprise-4.0.2/edit-webapp/WEB-INF/classes/entityengine.xml]

Change from:
<datasource name="defaultDS" field-type-name="hsql"
schema-name="PUBLIC"


to:
<datasource name="defaultDS" field-type-name="mysql"

8.2. Set Jira home dir in the file: [/usr/local/atlassian/atlassian-jira-enterprise-4.0.2/edit-webapp/WEB-INF/classes/jira-application.properties]

It looks like this:
jira.home = /var/local/atlassian/jira/

8.3. Compile Jira:
#---
export JAVA_HOME="/usr/java/default/"
cd /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/
rm -f /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/webapp/WEB-INF/lib/{activation-1.1.1.jar,mail-1.4.1.jar}
sh ./build.sh
rm -f /var/local/atlassian/jira/atlassian-jira-4.0.2.war
cp /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/dist-tomcat/atlassian-jira-4.0.2.war /var/local/atlassian/jira/
cp /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/dist-tomcat/tomcat-5.5/jira.xml /etc/tomcat5/Catalina/localhost/
chown -R tomcat:tomcat /var/local/atlassian/jira/
chmod 755 /var/local/atlassian/jira/
chmod -R ug+rw /var/local/atlassian/jira/
chmod -R o+r /var/local/atlassian/jira/
chmod -R o-w /var/local/atlassian/jira/
#---


8.4. Setup the Jira application to use MySQL in file [/etc/tomcat5/Catalina/localhost/jira.xml]

The resource section must look like this:
<Context path="/jira" docBase="/var/local/atlassian/jira/atlassian-jira-4.0.2.war" debug="0">
...
<Resource name="jdbc/JiraDS" auth="Container" type="javax.sql.DataSource"
username="jirauser"
password="<plain text pass for jirauser>"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost/jiradb?autoReconnect=true&amp;sessionVariables=storage_engine=InnoDB&amp;useUnicode=true&amp;characterEncoding=UTF8"/>


If a complementary build is necessary try this shorter form:
#---
export JAVA_HOME="/usr/java/default/"
cd /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/
rm -f /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/webapp/WEB-INF/lib/{activation-1.1.1.jar,mail-1.4.1.jar}
sh ./build.sh
rm -f /var/local/atlassian/jira/atlassian-jira-4.0.2.war
cp /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/dist-tomcat/atlassian-jira-4.0.2.war /var/local/atlassian/jira/
chown tomcat:tomcat /var/local/atlassian/jira/atlassian-jira-4.0.2.war
#---



8.5. Checking it out if Jira is working:
#---
service mysqld restart
service tomcat5 restart
#---


Go to: http://localhost:8080/jira/

9. Install Confluence:

9.1. Set Confluence home dir in the file: [/usr/local/atlassian/confluence-3.1.2/confluence/WEB-INF/classes/confluence-init.properties]

It looks like this:
confluence.home = /var/local/atlassian/confluence

9.2. Compile Confluence:
#---
export JAVA_HOME="/usr/java/default/"
cd /usr/local/atlassian/confluence-3.1.2/
rm -f /usr/local/atlassian/confluence-3.1.2/confluence/WEB-INF/lib/{activation-1.0.2.jar,mail-1.4.1.jar}
sh ./build.sh
rm -f /var/local/atlassian/confluence/confluence-3.1.2.war
cp /usr/local/atlassian/confluence-3.1.2/dist/confluence-3.1.2.war /var/local/atlassian/confluence/
cat > /etc/tomcat5/Catalina/localhost/confluence.xml << __END__
<Context path="/confluence" docBase="/var/local/atlassian/confluence/confluence-3.1.2.war" debug="0" reloadable="true">
</Context>
__END__
chown -R tomcat:tomcat /var/local/atlassian/confluence/
chmod 755 /var/local/atlassian/confluence/
chmod -R ug+rw /var/local/atlassian/confluence/
chmod -R o+r /var/local/atlassian/confluence/
chmod -R o-w /var/local/atlassian/confluence/
#---


Shorter version for recompile:
#---
export JAVA_HOME="/usr/java/default/"
cd /usr/local/atlassian/confluence-3.1.2/
rm -f /usr/local/atlassian/confluence-3.1.2/confluence/WEB-INF/lib/{activation-1.0.2.jar,mail-1.4.1.jar}
sh ./build.sh
rm -f /var/local/atlassian/confluence/confluence-3.1.2.war
cp /usr/local/atlassian/confluence-3.1.2/dist/confluence-3.1.2.war /var/local/atlassian/confluence/
chown tomcat:tomcat /var/local/atlassian/confluence/confluence-3.1.2.war
#---


9.3. Checking it out if Confluence is working:
#---
service mysqld restart
service tomcat5 restart
#---


Go to: http://localhost:8080/confluence/

Setting up Confluence (at http://localhost:8080/confluence/)

9.4. Enter the key and go to Custom Installation

9.5. At External Database choose MySQL and click at External Database >>

At Configure Database choose Direct JDBC >>

9.6. For the Database configuration fill with the following:

Driver Class Name: com.mysql.jdbc.Driver
Database URL: jdbc:mysql://localhost/confluencedb?autoReconnect=true&amp;sessionVariables=storage_engine=InnoDB&amp;useUnicode=true&amp;characterEncoding=UTF8
User Name: confluenceuser
Password: <plain text pass for confluenceuser>



The rest is straight forward.

P.S.: You may want to change your MySQL maximum allowed packet size to allow plugin installation (which normally requires more than the default 1Mb size). Edit the file [/etc/my.cnf] and put the following line (or change it) to:
...
[mysqld]
...
max_allowed_packet = 16M


Important logs for trouble shooting:
System: /var/log/messages
Tomcat: /var/log/tomcat5/catalina.out
MySQL: /var/log/mysqld.log
Jira: /var/log/tomcat5/catalina.out (all gets thrown at the Tomcat log)
Confluence: /var/local/atlassian/confluence/logs/atlassian-confluence.log
Jira database config: /etc/tomcat5/Catalina/localhost/jira.xml
Confluence database config: /var/local/atlassian/confluence/confluence.cfg.xml

Related posts:
Jira and Confluence Backup: http://gka-linux.blogspot.com/2010/03/jira-and-confluence-backup.html
Fedora 12 Road Map: http://gka-linux.blogspot.com/2009/12/my-fedora-12-road-map.html
MySQL root password reset: http://gka-linux.blogspot.com/2010/03/mysql-root-password-reset.html

MySQL root password reset

This is rather annoying, so here is the complete procedure:

Get MySQL to be in the safe mode:
#---
service mysqld stop
mysqld_safe --skip-grant-tables &
#---


Start the MySQL shell:
#---
mysql -u root
#---


At the MySQL shell (this is NOT safe):
USE mysql;
UPDATE user SET PASSWORD=PASSWORD("<plain text root password for mysql>") WHERE User='root';
FLUSH PRIVILEGES;
FLUSH TABLES;
\q


Back at the root shell:
#---
kill `cat /var/run/mysqld/mysqld.pid`
service mysqld start
#---


NOTE: MySQL records its shell commands at ~/.mysql_history This means that
your passwords (informed as I shown you) are recorded in plain text at this
file. It is advised to remove this file after applying the commands above
displayed:
#---
rm -f ~/.msyql_history
#---

Thursday, February 18, 2010

Java and Firefox 3.6

Well it is not an issue for Fedora 12 (yet) but here is how it must be done to get Java working with Firefox 3.6:

#---
ln -s /usr/java/default/jre/lib/i386/libnpjp2.so /usr/lib/mozilla/plugins
#---


You need java 1.6u10 or higher.