Category Archives: DevOps

Apache and SVN configuration with user permissions

apache-svn
This tutorial shows how to configure Apache+SVN couple.

1. First of all you should install Apache Httpd server (version 2.4 in this case) with DAV_SVN module and subversion client:

yum -y install httpd mod_dav_svn subversion

2. Check installed modules are turned on:

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_user_module modules/mod_authz_user.so

LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
LoadModule dontdothat_module  modules/mod_dontdothat.so

3. Configure repository folder in http.conf:

<Directory "/srv/svn/repos">
    Options None
    AllowOverride None
    Require all granted
</Directory>

4. Add virtual host:

<VirtualHost *:80>
    ServerName svn.domain.com
    DocumentRoot "/srv/svn"
    ErrorLog "/srv/svn/log/svn.domain.com_error_log"
    CustomLog "/srv/svn/log/svn.domain.com_access_log" common
    TransferLog "/srv/svn/log/svn.domain.com_transfer_log"

    LimitXMLRequestBody 0
    LimitRequestBody 0

    <Location />
        DAV svn
        SVNParentPath "/srv/svn/repos"
        SVNListParentPath on
        AuthType Basic
        AuthName "Subversion repository"
        AuthUserFile "/srv/svn/svn.passwd"
        AuthzSVNAccessFile "/srv/svn/svn.access"
        Require valid-user
    </Location>
</VirtualHost>

5. Create passwd file “/srv/svn/svn.passwd”:

htpasswd -c -b /srv/svn/svn.passwd tom tomPasswordHere
htpasswd -b /srv/svn/svn.passwd jerry jerryPasswordHere
htpasswd -b /srv/svn/svn.passwd spike spikePasswordHere

6. Create access file “/srv/svn/svn.access”:

[groups]
adminGroup = tom
otherGroup = jerry,spike

[/]
* =
@adminGroup = rw

[php:/project42]
@otherGroup = rw

[php:/projectGood]
@otherGroup = r

So, as you see adminGroup has full access to php repository.
But otherGroup has write access to project42 and only read permissions on projectGood.

Also see http://stackoverflow.com/questions/81361/how-to-setup-access-control-in-svn

Subversion (SVN) tricks

subversion_logo-384x332
When you use Subversion as a source control management system it is useful to know some magic commands.

The next command cleans, updates, adds and shows status of local repository:

  svn cleanup \
    && echo "-UPDATE-" && svn up \
    && echo "-ADD-" && svn add * --force \
    && echo "-STATUS-" && svn st

After you can commit changes with:

  svn ci -m "your comment..."

More info on https://subversion.apache.org/ and http://svnbook.red-bean.com/

Remove kernel in CentOS

kernel
After unsuccessful upgrade of kernel you have to fix linux OS.
To delete invalid kernel in case of CentOS do next steps.

1. Show kernel list:

  rpm -q kernel

And you’ll see output:

  kernel-3.10.0-229.14.1.el7.x86_64
  kernel-3.10.0-229.20.1.el7.x86_64
  kernel-3.10.0-327.3.1.el7.x86_64
  kernel-3.10.0-327.4.4.el7.x86_64
  kernel-3.10.0-327.22.2.el7.x86_64

2. Delete corrupted kernel:

  rpm -e kernel-3.10.0-327.22.2.el7.x86_64

3. Reboot.
So, you system downgraded!

Thanx to http://blog.zwiegnet.com/linux-server/delete-oldcorrupt-linux-kernel-centos/

Execute command from other user in Linux

linux-sudo
Linux OS is fluent to run commands under different user if you are logged as root.
Here are two ways to do it:

1. Using “SUDO” command:

  sudo -u <username> "<commands>"

Example: sudo -u www-data php occ

2. Using “SU” command:

  su - <username> -c "<commands>"

Example: su – www-data -c ‘php /var/www/html/console.php files:scan –all’

Thanx to http://askubuntu.com/a/606149

OwnCloud connection to server error

Owncloud-logo
The OwnCloud is great replacement of google, yandex, dropbox disks. It is really useful and convenient tool to manage your private data.

There are few ways to connect to you server:
- web dav directly from OS
- browser access
- iOS/Android mobile OS

If you OwnCloud service is behind the Nginx server with SSL protection, you can see the next error when access from mobile client:

it is not possible to connect to the server at this time

After spending few days in searching the solution on forum https://forum.owncloud.org no one fix helped.

I paid attention in Admin panel on “Security & setup warnings” section:

The "Strict-Transport-Security" HTTP header 
is not configured to least "15768000" seconds. 
For enhanced security we recommend enabling HSTS 
as described in our security tips.

So, go ahead!

Just add the header to Nginx config (Strict-Transport-Security):

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

Restart Nginx and voila – mobile client will ask you to accept SSL certificate!

Xrdp configuration to connect existing session

xrdp
The RDP protocol is very convenient to manage windows and linux servers. But if you use Xrdp as terminal server, you may notice new session always creates when connection established.

The CentOS (RedHat) rdp server implementation is more useful, because can connect to existing session by default. But Ubuntu (Debian) always creates new session if you configure it as “port=-1” setting in xrdp.ini file:

[xrdp2]
name=test-name
...
port=-1

But if you set port to certain value, connection problem occurs.
To fix the problem I recommend to create two different xrdp configurations in xrdp.ini file:

[xrdp1]
name=existing-session
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=5910

[xrdp2]
name=new-session
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=-1

So, for the first connection you have to use “new-session” configuration, and the next one will be used “existing-session” configuration by default.
Make sure, you are connecting to 5910 port (in my case).

Docker containers dependencies

composer
As a rule, you have more then one docker containers. It can be one base container (parent) and many other (children).
To connect they in docker-compose you can use the next snippets:

1. Using “links” – in common case is the most popular method. Here are network ports and volumes from parent container shares to child one.
docker-compose.yml

...
  links:
    - base
...

2. Using “volumes_from” – only volumes from parent container shares to child.
docker-compose.yml

...
  volumes_from:
    - base
...

The second way is useful when you connect your docker contaner network is applied to host network. The “links” directive cannot be used (since docker-compose v1.9).
docker-compose.yml

...
  net: "host"
...

Also, http://docs.docker.com/compose/compose-file