Kolab 16 for Fedora 25   December 31st, 2016

This is work in progress, but I just wanted to share the news: I have Kolab 16 packages for Fedora 25 (with PHP7), built on copr!

Read the rest of this entry »

Tags: , ,
Posted in Software Development | Comments Closed

For the LightBuildServer (LBS) I want to run some of my nightly builds already against Fedora 25 Beta, to see if I need to fix anything in the Mono packages for Fedora.

But there is no Beta image for Fedora 25 available at Docker Hub: https://hub.docker.com/_/fedora/

But here you can find an image for Fedora 25 Beta: https://getfedora.org/fi/cloud/prerelease/docker.html

So I download the image, and load the image like this:

cd /var/lib/docker
wget https://download.fedoraproject.org/pub/fedora/linux/releases/test/25_Beta/Docker/x86_64/images/Fedora-Docker-Base-25_Beta-1.1.x86_64.tar.xz
docker load -i /var/lib/docker/Fedora-Docker-Base-25_Beta-1.1.x86_64.tar.xz

You can see the image listed, when typing docker images:

REPOSITORY                                 TAG                 IMAGE ID            CREATED             SIZE
fedora-docker-base-25_beta-1.1.x86_64      latest              a85629813141        8 days ago          197.8 MB

Now I can reference it in my Dockerfile like this:

FROM fedora-docker-base-25_beta-1.1.x86_64:latest

Make sure to use the image name in lower case.

Tags: , ,
Posted in Hosting, Software Development | Comments Closed

I was able to modify the existing Fedora spec file for owncloud-client, to build a package with the nextcloud theming:

Tags: , , ,
Posted in Software Development | Comments Closed

Fedora: vi/vim gzipped file   February 19th, 2016

When I edit myfile.log.gz with vi, I want to see the uncompressed file.

There are lots of useful posts on the Internet for how to make this work in Ubuntu. But for Fedora I could not find a solution.

There is a workaround according to http://labs.sasslantis.ee/2011/05/open-gzipped-file-with-vi/:

zcat myfile.log.gz | vi -

But that is hard to remember…

This is the easiest solution:

sudo dnf install vim-enhanced
vim myfile.log.gz
Tags: , ,
Posted in Hosting, Software Development | Comments Closed

First I want to say that I am glad that there is https://obs.kolabsys.com, the OBS instance maintained and sponsored by Kolab Systems. Jeroen put a lot of work into making that system work.

Unfortunately, it seems Jeroen is the only one maintaining it. And that is not a healthy situation, in several regards:

On Wednesday, we have seen OBS hang, and Jeroen had to restart it during his holidays. At least that is what I suspect, there has not been any response on the mailing list or IRC to our questions about the downtime. That is not right for any employee to have to do such tasks during his well deserved holidays.

The other point is updating the operating systems: CentOS 7.2 is out, and the current installation of Kolab on CentOS7 does not work, due to incompatibilities with newer CentOS 7.2 packages. The libcalendaring package would need a rebuild against CentOS 7.2. See for details: http://lists.kolab.org/pipermail/users/2015-December/020317.html

I see several options:

  • Kolab Systems hires more Sysadmin engineers to maintain the growing complexity of servers and build infrastructure.
  • Or trusted members of the community get permission to add new operating systems to OBS, and to restart the server. On the other hand, that is a complex installation, and with enterprise customers also using the Kolab Systems OBS, I don’t think that is a valid alternative
  • I am developing my own LightBuildServer (aka LBS), which could allow everyone to easily install his own building environment for various Operating Systems. I am building Kolab packages on LBS, even some private packages for use at TBits.net patched with our (public) ISP extensions for Kolab. But again this is risky, as long I am the only one developing it.
  • At least for CentOS/Fedora, we could use the Fedora infrastructure provided by RedHat. That gives us the benefit of quick availability of the latest releases of the OS, and that it is maintained and used by many people. It is possible to duplicate a Copr repository, if you need to fix something yourself.

So I tried to mirror the Kolab packages from the OBS to Copr. My goal is to still maintain the sources of the packages at OBS, so that everyone can benefit from the fixes. But I will get the source rpms, and build them for CentOS and Fedora at my Copr repository. It is also split into a Release and an Update Repository.

I have documented the process here: https://github.com/TBits/KolabScripts/tree/Kolab3.4/copr#build-instructions

A quick summery of those instructions:

I have written a script that will

  1. download the source rpms from OBS (http://obs.kolabsys.com/repositories/Kolab:/3.4/CentOS_7/src/ and http://obs.kolabsys.com/repositories/Kolab:/3.4:/Updates/CentOS_7/src/)
  2. process the source rpms and tell you the right order of building the packages, which is something Copr cannot do
  3. upload the source rpms to my webspace at fedorapeople.org: https://tpokorra.fedorapeople.org/kolab/kolab-3.4/ and https://tpokorra.fedorapeople.org/kolab/kolab-3.4-updates/

Then I build the packages in the prescribed order at https://copr.fedoraproject.org/coprs/tpokorra/Kolab-3.4/ and https://copr.fedoraproject.org/coprs/tpokorra/Kolab-3.4-Updates/

Currently the Fedora 23 packages don’t build yet completely. I need to look into this later.

The CentOS6 and CentOS7 packages should be fine, I just tested them with clean machines!

Here are the installation instructions: https://github.com/TBits/KolabScripts/tree/Kolab3.4/copr#installing-kolab-from-the-copr-repositories

At last, I want to mention that I had to only add one missing source rpm, for CentOS6. see details at https://github.com/TBits/KolabScripts/tree/Kolab3.4/copr#python-pyasn1

The other packages are identical to the ones at OBS, apart from the CentOS7 packages built against CentOS 7.2, so that should be a direct improvement to the OBS packages.

 

Tags: , , ,
Posted in Software Development | Comments Closed

Fedora 22 on Jiffybox   July 10th, 2015

I am using Jiffybox for developing and testing. It easy to create a new virtual machine, and start from fresh again.

Unfortunately, Fedora 22 is not available yet. See for details: https://www.df.eu/forum/threads/76789-Update-auf-Fedora-22

For the moment, the only way is to upgrade your Jiffyboxes from Fedora 21 to Fedora 22. Fedup does not work, because of the kernel image.

IOError: [Errno 2] No such file or directory: '/boot/initramfs-3.18.9-x86_64-jb1.img'

The solution is to use yum distro-sync.

There is another problem with the firewalld package:

Fehler: Paket: firewalld-config-standard-0.3.14.2-2.fc21.noarch (@updates/21)
            Benötigt: firewalld = 0.3.14.2-2.fc21
            Entfernen: firewalld-0.3.14.2-2.fc21.noarch (@updates/21)
                firewalld = 0.3.14.2-2.fc21
            Aktualisiert durch: firewalld-0.3.14.2-2.fc22.noarch (updates)
                firewalld = 0.3.14.2-2.fc22
            Verfügbar: firewalld-0.3.13-7.fc22.noarch (fedora)
                firewalld = 0.3.13-7.fc22

So these are the commands that work for me:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-22-$(uname -i)
yum update yum
yum clean all
# avoid problems with yum not being able to resolve firewalld upgrade
yum remove firewalld
yum --releasever=22 distro-sync
Tags: ,
Posted in Software Development | Comments Closed

This post originates in the idea from Stephen Gallagher, who is working on rolekit: “rolekit is a daemon for Linux systems providing a stable D-BUS interface to manage the deployment of [Fedora] Server Roles”.
The code of Rolekit is available here: https://github.com/sgallagher/rolekit

On his blog, Stephen stated in this post:

A few that I’d love to see (but don’t have time to start on yet):

  • A fileserver role that manages Samba and NFS file-shares (maybe [s]ftp as well).
  • A mail and/or groupware server role built atop something like Kolab
  • A backup server

This made me wonder, how would that be, if Kolab became a Server Role for Fedora, and could be installed from the Fedora repositories? Through my work on OpenPetra and Mono I got involved with Fedora, and noticed that the Fedora community tries out new technology, proves if it works, and then the technology will eventually end up in other distributions as well.

First steps

On IRC, we agreed that the first step would be to create a Copr repo, that contains the Kolab packages, and to write this blog post describing how to install and configure Kolab.

Creating the Copr Repo

So, here is the Copr repository for Fedora 22: https://copr.fedoraproject.org/coprs/tpokorra/kolab/

I created it by getting the src rpm packages from the Kolab repository, from 3.4 and 3.4 updates, in this order:

  • kolab-utils
  • roundcubemail-plugins-kolab
  • kolab-webadmin
  • kolab
  • pykolab
  • chwala
  • iRony
  • kolab-freebusy
  • roundcubemail-skin-chameleon
  • php-Net-LDAP3
  • roundcubemail
  • kolab-syncroton
  • roundcubemail-plugin-contextmenu
  • kolab-schema
  • kolab-autodiscover
  • python-sievelib
  • php-pear-Net-LDAP2
  • cyrus-imapd

The packages libkolab and libkolabxml and kdepim are already in Fedora, and I did not update them:

Cyrus Imapd is also in Fedora, https://admin.fedoraproject.org/pkgdb/package/cyrus-imapd/, but not on the latest version. So I used version 2.5 from Kolab.

Roundcubemail is uptodate in Fedora, https://admin.fedoraproject.org/pkgdb/package/roundcubemail, but somehow does not provide roundcubemail(core) >= 1.1 as required by some Kolab packages. So I also used the package from Kolab.

I have patched the pykolab package, and backported some features to extend the setup-kolab command so that it can be used non-interactively, which is probably required to be integrated into rolekit. In Kolab 3.5 (release planned for August 2015), those features will be included.

Installing Kolab from the Copr Repo

I have tested this with Fedora 22.

Please disable SELinux, since there isn’t a SELinux policy available yet for Kolab.
Jeroen van Meeuwen has worked on it a while ago, but it probably needs updating and testing: https://github.com/kanarip/kolab-selinux

Another thing: the server should have a FQDN, eg. kolab.example.org. See the installation instructions for details.

dnf install dnf-plugins-core
dnf copr enable tpokorra/kolab
dnf install kolab
mytz=Europe/Brussels
pwd=test
setup-kolab --default --mysqlserver=new --timezone=$mytz --directory-manager-pwd=$pwd

On my setup, I need to add this line to /etc/kolab/kolab.conf, in section [kolab-wap], because I am running it inside an LXC container with an iptables tunnel for port 80, and the Kolab webadmin does not calculate the url for the API properly:

api_url = http://localhost/kolab-webadmin/api

You also need to add these lines to /etc/roundcubemail/config.inc.php (this will be fixed in Kolab 3.5):

    # required for php 5.6, see https://bbs.archlinux.org/viewtopic.php?id=193012 and http://php.net/manual/de/context.ssl.php
    # production environment requires real security settings!!!
    $config['imap_conn_options']=array(
            'ssl'=>array(
            'verify_peer_name'=>false,
            'verify_peer'=>false,
            'allow_self_signed'=>true));
    $config['smtp_conn_options']=array(
            'ssl'=>array(
            'verify_peer_name'=>false,
            'verify_peer'=>false,
            'allow_self_signed'=>true));

After this, the Kolab Server should run, and you can go to http://localhost/kolab-webadmin and login with the user “cn=Directory Manager” (without the quotes) and the password that you specified as parameter for setup-kolab.

The webmail runs at http://localhost/roundcubemail

Conclusion

I hope this shows the possibilities, and what amount of work still needs to be done.

I guess the existing packages in Fedora should be kept uptodate, and missing Kolab packages need to be added to Fedora as well.

Work on SELinux policy is also required (see above).

The other thing: with the server role Kolab, how much should the role define how the server is configured securely? In Kolab Upstream, we documented how to secure the server, but left it to the Sysadmin to actually enforce security, because the Kolab community cannot take responsibility for the server.

I have a number of scripts, that might be useful for rolekit: https://github.com/TBits/KolabScripts There is eg. a script for setting up a self-signed SSL Certificate, etc.

Tags: , ,
Posted in Software Development | Comments Closed