Active Directory | Apache | Astrology | C | Citrix XenServer | Command line | Conference | Debian | Development | Django | Fedora | Gentoo | git | GLib | Gnome3 | Heartbeat cluster | Kerberos | Linux | Monitoring | Oracle | OTRS | PHP | Red Hat | SELinux | SSH | Symfony | Technology | Testing | Windows | Wordpress | Zabbix

First impressions of Windows 8

Many of you may know my commitment to Linux and Open Source Software. But this doesn’t mean I hate proprietary software like many others do. I think everything has its own place in the world, and this goes for software as well.

A few days ago I got my hands on a new notebook, thanks to my company. It was shipped with Windows 8 by default, and although I installed Fedora 19 in an instant (which went smoothlessly, even with Secure Boot enabled), I’ve decided to give a try to this new Windows Version.

Being a heavy Windows 7 user, my first thought was “What the hell is this?” But in a day, I got totally used to it. I don’t miss the Start button at all. The applications already installed were almost enough for me (I still need Office. Maybe I’ll also enroll for Office 365 later…), and the games are great and beautiful too. So overall, this new version may be totally different (by the looks), but it seems almost the same Windows as we know it. So if you don’t freak out by touching something new, go give it a try: don’t instant-remove 8 in favour of 7!

From Symfony to Django in two days

I was a Python hater for a long time, although I can't really tell why. It didn't fit in my mind, maybe. I was programming in BASIC, Pascal (none of these would come to my mind, though), C, PHP, Perl, JavaScript, and different shell “languages” like awk, sed or bash.

After I could not fit my next Symfony app on my cloud server (it is pretty low on storage), I have decided to move slowly to Django. My first task was simple: transition my web page (this one) from PHP+Symfony 2 to Python + Django. The results: the “static” pages are already working, the blog listing is almost ready (some styling issues are still around), only tagging remains. And this is after about 6 hours of work. Oh, and the admin site is included with Django, so I don't have to port that. I have decided to finally integrate a comment feature in the Django version.

SWE-GLib final release

Few of you may know that I'm interested in astrology. About two months ago I have decided to create an astrologers' software for the GNOME desktop. Since then, I have contacted Jean-André Santoni, who created a software called Astrognome some years ago. We exchanged some e-mails, and after several weeks of coding, I'm proud to present SWE-GLib 1.0.1. This is “just” a library which wraps around Swiss Ephemeris, creating a nice GLib-ish interface around it. See the project page and the “built-in” GTK-Doc document for more information.

The astrologer's software I'm writing will be Astrognome. It is currently in pre-alpha status, but already utilizes SWE-GLib (it just can't display the results yet). If you happen to be interested in astrology and/or Astrognome, fork the repository and contribute! You can also contact me (or open an enhancement issue on GitHub) if you have any ideas.

Installing OTRS in Fedora 18 with SELinux enabled

I've read somewhere in an OTRS installation howto that if you want to install OTRS, you will have to disable SELinux. Well, I won't.

During the last few months, I have been using Fedora 18 with SELinux on all of my desktop machines and on my notebook, and I had no problems at all. Meanwhile I got familiar with SELinux itself, and got used to solving problems caused by it. So I started tail -f /var/log/httpd/error_log in one terminal (to see if something Apache related thing appears), tail -f /var/log/audit/audit.log in another (to see errors caused by SELinux), opened the admin manual at the installation chapter, took a deep breath, and went on.

Throughout this article, I will refer to OTRS 3.2.6 as OTRS and Fedora 18 (with only “stock” repositories) as Fedora. I assume that you have already installed OTRS in a non-SELinux environment before, and that you have at least some basic knowledge about SELinux, MAC, RBAC, and all the like. I'm installing OTRS in /opt/otrs, so if you install it somewhere else, you will have to modify the paths below. Also, if you happen to install under /var/www (I wouldn't recommend it), that directory already has the httpd_sys_content_t type, so you won't have to set it explicitly.

As the first step I have unpacked the archive to /opt/otrs. This directory is the OTRS default, many config files have it hardcoded, and changing it is no easy task.

Running gave me a list of missing perl modules. Red Hat and Fedora makes it easy to install these, as you don't have to know the RPM package name, just the perl module name:

yum install 'perl(Crypt::SSLeay)' 'perl(DBD::Pg)' 'perl(GD)' 'perl(JSON::XS)' 'perl(GD::Text)' 'perl(GD::Graph)' 'perl(Mail::IMAPClient)' 'perl(Net::DNS)' 'perl(PDF::API2)' 'perl(Text::CSV_XS)' 'perl(YAML::XS)'

I also needed to install mod_perl. Although didn't mention it, the default settings use syslog as the logging module, so unless you change it in, you will also need to install 'perl(Unix::Syslog)', either.

By default SELinux doesn't permit any network connection to be initiated by Apache. As OTRS needs to connect to its database, you need to enable it. In older distributions, the httpd_can_network_connect was the SELinux boolean for this, but recent installations also have a httpd_can_network_connect_db flag. As far as I know, this enables all network connections to the well-known database servers' default port, but I will have to check for it. For me, with a MySQL listening on its standard port, the setsebool httpd_can_network_connect_db=1 command just did it.

With SELinux enabled, Apache won't be able to read anything that's not under the httpd_sys_content_t type, nor write anywhere without the httpd_sys_rw_content_t type. The trivial, quick and dirty solution is to label all the files as httpd_sys_rw_content_t, and let everything go. However, the goal of SELinux is just the opposite of this: grant access only to what is really needed. After many trial-and-error steps, it finally turned out that for OTRS to work correctly, you must set

  • httpd_sys_content_t
    • on /opt/otrs/var/httpd/htdocs
  • httpd_script_exec_t
    • on /opt/otrs/bin/cgi-bin
  • httpd_sys_rw_content_t
    • on /opt/otrs/Kernel
    • on /opt/otrs/var/sessions
    • on /opt/otrs/var/log (unless you use syslog for logging)
    • on /opt/otrs/var/packages (this is used only when you download an .opm package)
    • on /opt/otrs/var/stats
    • on /opt/otrs/var/tmp
    • on /opt/otrs/bin (I wonder why this is required, though)

To do this, use the following command:

# semanage fcontext -a -t ''

Where is something like /opt/otrs/Kernel(/.*)?

The last thing I faced is that Fedora is more restrictive on reading directories other than /var/www. It has a Require all denied on , and a Require all granted on , so /opt/otrs/var/httpd/htdocs will throw a 403 Forbidden (client denied by server configuration) error. To get rid of this, I had to modify scripts/apache2-httpd.include.conf and add Require all granted to both the cgi-bin and htdocs directories.

As I will have to use OTRS in a production environment soon with SELinux enabled, it is more than sure that this list will change in the near future. As there are no official documentation on this (I haven't find one yet), I have to do it with the trial-and-error way, so be patient!

:: Copyright © 2012, Gergely Polonkai :: Disclaimer ::
Fork me on GitHub