Wednesday, October 30, 2013

Cyrus IMAP Administration

Configuration Files:
/etc/imapd.conf
/etc/cyrus.conf

Login as cyrus
$ cyradm -user cyrus localhost


localhost> help
authenticate, login, auth         authenticate to server
chdir, cd                         change current directory
createmailbox, create, cm         create mailbox
deleteaclmailbox, deleteacl, dam  remove ACLs from mailbox
deletemailbox, delete, dm         delete mailbox
disconnect, disc                  disconnect from current server
exit, quit                        exit cyradm
help, ?                           show commands
info                              display mailbox/server metadata
listacl, lam, listaclmailbox      list ACLs on mailbox
listmailbox, lm                   list mailboxes
listquota, lq                     list quotas on specified root
listquotaroot, lqr, lqm           show quota roots and quotas for mailbox
mboxcfg, mboxconfig               configure mailbox
reconstruct                       reconstruct mailbox (if supported)
renamemailbox, rename, renm       rename (and optionally relocate) mailbox
server, servername, connect       show current server or connect to server
setaclmailbox, sam, setacl        set ACLs on mailbox
setinfo                           set server metadata
setquota, sq                      set quota on mailbox or resource
subscribe, sub                    subscribe to a mailbox
unsubscribe, unsub                unsubscribe from a mailbox
version, ver                      display version info of current server
xfermailbox, xfer                 transfer (relocate) a mailbox to a different server
localhost> setquota user.dav 51200


export all user name to file
$ cyradm -user cyrus localhost -password <password> << EOF > user.txt
>lm
>EOF

List all quota into text file
$ cyradm -user cyrus localhost -password <password> << EOF > user.txt
>quota
>EOF

Cyrus admin to clean up mail box

$ /usr/lib/cyrus/bin/ipurge -f -b 0 <user.mailbox>

# References:
http://liseyko.blogspot.ca/2007/07/cyrus-management.html


Posted by at No comments:

Tuesday, October 29, 2013

Setup APEX Environment

Oracle APEX Installation Guide Download Oracle HTTP Server


POC Env:

http://apex.goweekend.ca:7777/pls/apex/apex_admin

admin

Database:

SID: APEX

Server: apex.goweekend.ca

Port: 1521





Apex Workspace

http://apex.goweekend.ca:8080/apex

Workspace: WS1



Restart APEX

Login as oracle

$ sqlplus / as sysdba

$ shutdown immediate

$ startup

Ensure Listener is up

Login as ohs

$ cd /usr2/middleware/Oracle_WT/instances/apex/bin

$ ./opmnctl stopall

$ ./opmnctl startall
Posted by at No comments:

Thursday, October 10, 2013

MongoDB: Readahead for /data/db/ is set to 512KB

OS: Suse Linux 11 SP2

Problem:
Wed Sep 11 08:15:55.215 [initandlisten] ** WARNING: Readahead for /data/db/ is set to 512KB
Wed Sep 11 08:15:55.215 [initandlisten] **          We suggest setting it to 256KB (512 sectors) or less
Wed Sep 11 08:15:55.215 [initandlisten] **          http://dochub.mongodb.org/core/readahead

Solution:

Login as root, and check current Readhead. First of all, find out the file system your database located in. i.e.
# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2             448G  319G  107G  75% /

in my case, /dev/sda2 is the one.
#  blockdev --getra /dev/sda2

Change  Readahead
# blockdev --setra 256 /dev/sda2

restart mongodb server


$ mongo
> use admin
> db.shutdownServer({shutdown:1, force:true})

Start mongodb server again
$ mongodb
Posted by at No comments:
Labels:

Wednesday, October 9, 2013

SVN: ACL Configuration on Linux


Purpose

Restrict access to SVN contents

Configuration Files

/srv/svn/<repository name>/conf/authz  
/srv/svn/<repository name>/conf/svnserve.conf
/srv/svn/<repository name>/conf/svnpasswd
/etc/apache2/conf.d/subversion.conf

Users

Define users in /srv/svn/<repository name>/conf/svnpasswd
# cd /srv/svn/<repository name>/conf
# htpasswd2 -m svnpasswd svnadmin
New password:
Re-type new password:
Adding password for user svnadmin

Subversion Server

Add below entries in section [general]
anon-access = read
auth-access = write
password-db = svnpasswd
authz-db = authz

 ACL

Define group and access in
[groups]
svnadmins = svnadmin1, svnadmin2
developers =developer1, developer2
qas =qa1, qa2
[/]
*=r
@svnadmins = rw

[/trunk]
@svnadmins = rw
@developers = rw
@qas = r

Apache2

add below lines /etc/apache2/conf.d/subversion.conf
<Location /<repository name>>
        DAV svn
        SVNPath /srv/svn/<repository name>/
        # Limit write permission to list of valid users.
        <LimitExcept GET PROPFIND OPTIONS REPORT>
        AuthType Basic
        AuthName "Online"
        AuthUserFile /srv/svn/<repository name>/conf/svnpasswd
        AuthzSVNAccessFile /srv/svn/<repository name>/conf/authz
                Require valid-user
        </LimitExcept>
</Location>
Restart Apache2
# service apache2 restart



Posted by at No comments:
Labels: , ,

Friday, October 4, 2013

SVN CLI and Kwallet Integration on SuSE Linux 11

Purpose:


Use kwallet to save SVN credential instead of plain-text password.

Prerequisites:


Subversion client, systemsettings from KDE, kwallet, libsvn_auth_kwallet-1-0

Limitation:


To run svn client to use kwallet, you have to run it on the client GUI console.

Install Subversion Client


Install subversion from SuSE repository,

For SLE 11 SP3 run the following as root:

# zypper addrepo http://download.opensuse.org/repositories/devel:tools:scm:svn/SLE_11_SP3/devel:tools:scm:svn.repo
# zypper refresh
# zypper install subversion

For SLE 11 SP2 run the following as root:

# zypper addrepo http://download.opensuse.org/repositories/devel:tools:scm:svn/SLE_11_SP2/devel:tools:scm:svn.repo
# zypper refresh
# zypper install subversion

For SLE 11 run the following as root:

# zypper addrepo http://download.opensuse.org/repositories/devel:tools:scm:svn/SLE_11/devel:tools:scm:svn.repo
# zypper refresh
# zypper install subversion

Install Systemsettings


Ignore this step if Systemsettings has been installed on your desktop

# zypper install kdebase4-workspace

Install kwallet


Ignore this step if kwallet has been installed on your desktop

# zypper install kwallet

Install libsvn_auth_kwallet-1-0


Ignore this step if libsvn_auth_kwallet-1-0 package has been installed on your desktop

# zypper in libsvn_auth_kwallet-1-0

Enable and configure kwallet


Login as root, and run systemsettings.

Choose Tab Advanced -&gt; KDE Wallet

In KDE Wallet Configuration Window -&gt; Wallet Preference:

    Check Enable KDE Wallet Subsystem, and click New button to create new wallet
    Give a name to the new wallet, i.e. aniu
    Input password to protect your wallet, and click Create
    Click Apply, then Click Launch Wallet Manager which is right above Apply Button
    Close the configuration button

Configure subversion client


Run svn, and it will create ~/.subversion folder and the configuration files needed.

# cd ~/.subversion

edit config, and add below entry in [auth] section:

password-stores = kwallet

edit server, and add below entries in [global] section:

store-passwords = yes

store-plaintext-passwords = no

Verify Integration


On client desktop, start xterm,

# cd /var/tmp

# mkdir test

# svn co <url>

After you type in username and password, a GUI window pops up to ask your wallet password, and then choose Allow Always.

You may got Segmentation Fault message, please ignore it, and run the command again.

If it says the folder has been locked, please run svn cleanup to unlock the folder, run the checkout command again.

Check the wallet, you would be able to see a new folder called Subversion with one password.

Keep your wallet password secret because with it, people can see your svn password stored in the wallet.

Run below command, it won't ask you for password anymore.

# svn up


Posted by at No comments:
Labels: , ,

Thursday, October 3, 2013

Subversion Installation on SuSE Linux

Prerequisites

Apache 2
Neon Library
Subversion Client

Installation

Prerequisites Installation

1.    Install Apache 2
2.    Install neon from first DVD, libneon27-0.29.6-6.7.1.x86_64.rpm
3.    Get Subversion Server and Client Binaries
4.    Install SubVersion Client first, and then Subversion Server
       to install SVN client on SuSE linux, please refer to http://software.opensuse.org/download.html?project=devel:tools:scm:svn&package=subversion

Subversion Installation

Install Subversion Client
# zypper install subversion
Change folder to where Subversion Server binary placed
# rpm -ivh subversion-server-1.6.17-51.1.x86_64.rpm
After Subversion installation, you should be able to find below file placements:

# rpm -ql subversion-server-1.6.17-51.1.x86_64
/etc/apache2/conf.d
/etc/apache2/conf.d/subversion.conf
/usr/lib64/apache2
/usr/lib64/apache2/mod_authz_svn.so
/usr/lib64/apache2/mod_dav_svn.so

Configuration

Configure Apache 2

1. Apply below changes in /etc/sysconfig/apache2

APACHE_MODULES="authz_host actions alias auth_basic authz_groupfile authn_file authz_user autoindex cgi dir include log_config mime negotiation setenvif status userdir asis dav dav_fs imagemap php5 perl python dav_svn authz_svn authz_default ssl"

< APACHE_SERVER_FLAGS="SSL"
2. SSL Enablement
Creating a “Dummy” Certificate
Generating a dummy certificate is simple. Just call the script /usr/bin/gensslcert. It creates or overwrites the following files:

    /etc/apache2/ssl.crt/ca.crt
    /etc/apache2/ssl.crt/server.crt
    /etc/apache2/ssl.key/server.key
    /etc/apache2/ssl.csr/server.csr

A copy of ca.crt is also placed at /srv/www/htdocs/CA.crt for download.

Apply below changes to /etc/apache2/vhosts.d/vhost-ssl.conf (copy it from vhost-ssl.template if it doesn't exist)
Comment out below line:
SSLProtocol all -SSLv2 -SSLv3


Restart Apache2 and test both secure and non-secured connection.

Configure SVN Repository

Initialization

# svnadmin create /path/to/repository
# svnlook info /path/to/repository

Chang repository group and permission
Suggestion: change the group to apache2 group, permission 770

Edit subversion.conf as needed

Using local password file to authentication

 <Location /repos>
        DAV svn
        SVNPath /srv/svn/repos


        # Limit write permission to list of valid users.
        <LimitExcept GET PROPFIND OPTIONS REPORT>
                Require valid-user
        AuthType Basic
        AuthName "Test Repository"
        AuthUserFile /srv/svn/repos/conf/passwd
        SVNPathAuthz on
        AuthzSVNAccessFile /srv/svn/repos/conf/authz
        </LimitExcept>
</Location>

Using LDAP Authentication

 <Location /repos>
        DAV svn
        SVNPath /srv/svn/repos
        AuthType Basic
        AuthName "Utilities"

        AuthzLDAPAuthoritative Off
        AuthBasicProvider ldap

        AuthLDAPURL "ldap://ldap.goweekend.ca/dc=suzhou,dc=goweekend,dc=ca?uid?sub?(appperm=svnusers)"
        REQUIRE valid-user

        # Limit write permission to list of valid users.
        <LimitExcept GET PROPFIND OPTIONS REPORT>
                Require valid-user
        </LimitExcept>
</Location>

Repository Populating (optional)

Dump repository
# svnadmin dump /path/to/sourceRepository > repositoryDump.rep

Load repository from dump file
#  svnadmin load /path/to/targetRepository <repositoryDump.rep

Verification

open browser and type in url like below:
http://<server name>.domain.name/<repository name>
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)