Ansible with su instead of sudo   October 13th, 2017

At TBits.net, we have decided to use Ansible for setting up our servers.

The most documented way of installing something on a machine via Ansible is using sudo: you create a normal user (eg. called deploy), that you can use with SSH to login to the machine, and if that user has sudo permissions (eg. part of the group wheel in CentOS), then you can install software with root privileges.

The call is quite easy:

ansible-playbook myplaybook.yaml --user=deploy --ask-become-pass

Now we wanted to limit access only to users who have the actual password for root.

Finally, this worked on the command line:

ansible-playbook myplaybook.yaml --user=deploy --become --become-method=su --ask-become-pass

Now, I wanted to specify these parameters in my ansible.cfg file. It took me a while to find out how to do this. I found https://github.com/ansible/ansible/blob/devel/lib/ansible/config/base.yml which was helpful.

[defaults]
remote_user=deploy
 
[privilege_escalation]
become = true
become_method = su
become_ask_pass = true

Two pitfalls that are solved by this:

  • You need to specify the become settings in section privilege_escalation, not just in defaults.
  • The command line parameter ask-become-pass becomes become_ask_pass in the config file.

This works with Ansible 2.3.2 on CentOS 7.4.

Tags: ,
Posted in Hosting, Software Development | Comments Closed

Here comes a quick overview on recent updates to Kolab 16 packages.

Please note: I am only using public information. I have no background knowledge about the releases.

In the past weeks, the kolab-autoconf package has been updated from version 0.1 to 0.2. This affects Debian/Ubuntu and RHEL/CentOS.

For details see:

Tags: ,
Posted in Hosting, Software Development | Comments Closed

A customer of TBits.net asked about notifications: you set up a filter in Roundcube, and you will be notified whenever an email arrives, and the notification is sent to an email address that you check more regularly. It is not like forwarding the message, but the notification does not contain the message itself, to force you to use Roundcube and keep the contents of the email secure on our mail server. This scenario applies to people working for a company or charity and not checking mails regularly, but wanting to be informed on their private email accounts at GMail or Hotmail or whereever. This way data protection is enforced, but still people know about their new emails.

It took me a while to find this page: https://www.cyrusimap.org/imap/reference/manpages/configs/imapd.conf.html which mentions:

sievenotifier:
Notifyd(8) method to use for “SIEVE” notifications. If not set, “SIEVE” notifications are disabled.

See also https://www.cyrusimap.org/imap/reference/manpages/systemcommands/notifyd.html

So you set in /etc/imapd.conf:

sievenotifier: mailto

And I assume you have in your /etc/cyrus.conf:

notify      cmd="notifyd"   listen="/var/lib/imap/socket/notify"    proto="udp" prefork=1

The notification email will look like this:

Subject: [SIEVE] New mail notification
From:    Mail Sieve Subsystem
Body:
  your customized text defined in the filter
 
  Action(s) taken:

These strings are hard coded unfortunately. I am wondering if I should patch them out in our own build of Cyrus…

Here is the code:

https://github.com/cyrusimap/cyrus-imapd/blob/master/sieve/script.c#L666

strcpy(actions_string,"Action(s) taken:\n");

https://github.com/cyrusimap/cyrus-imapd/blob/master/notifyd/notify_mailto.c#L121

fprintf(sm, "From: Mail Sieve Subsystem <%s>\r\n", config_getstring(IMAPOPT_POSTMASTER));
fprintf(sm, "To: <%s>\r\n", options[0]);
fprintf(sm, "Subject: [%s] New mail notification\r\n", class);
Tags:
Posted in Software Development | Comments Closed

Recently I was in the situation where I needed to manage users in Kolab from PHP.

There is an API for the Kolab Webadmin, and it is documented here: https://docs.kolab.org/architecture-and-design/kolab-wap-api.html

There is also a PHP class, that I could have used: https://cgit.kolab.org/webadmin/tree/lib/kolab_client_api.php. But for some reason, I am using CURL.

It took me some time to figure out how to do the GET or POST calls for connecting to the API and call user.info, user.delete, user.add and users.list.

Therefore, I have created a small PHP class, that shows how to do that.

You can find it here: https://github.com/TBits/KolabScripts/tree/KolabWinterfell/kolab-webadmin-api-client

There is also a test.config.php and a test.php to show the usage of that class.

During development, I sometimes got the message: “Internal error”. This is from the class kolab_api_controller, eg. https://cgit.kolab.org/webadmin/tree/lib/kolab_api_controller.php#n181

Actually, it would help if that error was logged to /var/log/kolab-webadmin/errors with some detail:

else {
    Log::error("API controller: Internal Error, ".$service . "_" . $method. " Post: " .print_r($postdata,true). " Get: ".print_r($_GET,true));
    $this->output->error("Internal error", 500);
}
Tags: ,
Posted in Software Development | Comments Closed

Here comes a quick overview on recent updates to Kolab 16 packages.

Please note: I am only using public information. I have no background knowledge about the releases.

In the past days, the roundcubemail-plugin-contextmenu package has been updated from version 2.1.1 to 2.3. This affects Debian/Ubuntu and RHEL/CentOS.

For details see:

Tags: ,
Posted in Hosting, Software Development | Comments Closed

Here comes a quick overview on recent updates to Kolab 16 packages.

Please note: I am only using public information. I have no background knowledge about the releases.

In the past days, the erlang package has been built for Debian Jessie for Plesk, so that version 18.3.4 will be available there. It only affects Debian Jessie packages for Plesk. Guam has been rebuilt due to this.

For details see:

Tags: ,
Posted in Hosting, Software Development | Comments Closed

Here comes a quick overview on recent updates to Kolab 16 packages.

Please note: I am only using public information. I have no background knowledge about the releases.

In the past days, the package roundcubemail has been updated from 1.2 to version 1.3. It affects both RHEL/CentOS and Debian/Ubuntu. Other packages have been rebuilt due to this upgrade:

Here is a link to the Roundcube Mail 1.3 Release notes: Roundcube Webmail 1.3.0 released.

Tags: ,
Posted in Hosting, Software Development | Comments Closed

Here comes a quick overview on recent updates to Kolab 16 packages.

Please note: I am only using public information. I have no background knowledge about the releases.

I did not report on Updates for Kolab 16 for quite a while. But now that we are finally on a production server with Kolab 16 for TBits.net, I have the intention to report again if anything relevant to the RPM packages changed.

In the past days, the package kolab-syncroton has been updated and rebuilt. It affects both RHEL/CentOS and Debian/Ubuntu.

  • kolab-syncroton: Patch setAttendeeStatus for increased Outlook compatibility
Tags: ,
Posted in Hosting, Software Development | Comments Closed

Installing Kontact on CentOS7   June 29th, 2017

If you search for “install kontact centos7”, you find the first link: https://www.kolabsys.com/installation-guide/kontact-centos.html

Unfortunately, that does not work. Even if you add the Kolab 16 repository (wget https://obs.kolabsys.com/repositories/Kolab:/16/CentOS_7/Kolab:16.repo) so that libkolab etc can be installed, you still have conflicts because kdepim-libs is installed from the base repository.

It seems, that the packages on OBS are targetted mainly for Ubuntu: https://obs.kolabsys.com/project/monitor/Kontact:4.13

Then I looked if Kontact is available in Epel, but it is only available for Fedora: https://apps.fedoraproject.org/packages/kontact

Then I found the copr of Rex Dieter, which provides uptodate packages for Kontact and is maintained by the Fedora KDE-SIG: https://copr.fedorainfracloud.org/coprs/rdieter/kde4/

So to install Kontact on CentOS7, you need to do this:

cd /etc/yum/repos.d
wget https://copr.fedorainfracloud.org/coprs/rdieter/kde4/repo/epel-7/rdieter-kde4-epel-7.repo
yum install kontact
Tags: ,
Posted in Hosting | Comments Closed

KontoCheck ist eine Bibliothek zum Test deutscher Bankkonten, kann aber auch zum Umrechnen der Kontonummern und BLZ in IBAN und BIC benutzt werden.

Es gab ein neues Update der Bankdatei, deren Inhalt jetzt für den Zeitraum 06. März 2017 bis 03. September 2017 gilt. In unserer Bankdatei sind immer die zwei neuesten Bankdaten von der Bundesbank enthalten. Quelle: Deutsche Bundesbank, BLZ Download.

Entsprechend habe ich die Debian und CentOS Pakete aktualisiert:

http://software.opensuse.org/download/package?project=home:tpokorra:kontocheck&package=kontocheck

Auch der Online Dienst https://kontocheck.solidcharity.com/ wurde auf die neue Version aktualisiert. Hier können sowohl manuell Umwandlungen von Kontonummer/BLZ auf IBAN/BIC durchgeführt werden, als auch über einen WebService Abfragen gestellt werden, die mit XML beantwortet werden.

Tags:
Posted in Hosting, Software Development | Comments Closed