Another Home Page Blog - Logiciels libreshttps://blog.anotherhomepage.org/2019-07-08T09:30:00+02:00Bind : automatiser la mise à jour d'entrées DNS2019-07-08T09:30:00+02:002019-07-08T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2019-07-08:/post/2019/07/08/bind-mise-a-jour-automatique-dns/<p><img alt=""to be completed"" src="https://blog.anotherhomepage.org/public/2019/busyfreewaytrafficatnight.jpg">J'ai eu récemment à configurer un accès vers une machine dont l'adresse IP n'est pas fixe (typiquement derrière une box ADSL dont l'abonnement ne propose pas d'IP fixe). J'avais déjà mis en place un accès similaire il y a quelques années, mais je n'en avais pas fait de billet, voici …</p><p><img alt=""to be completed"" src="https://blog.anotherhomepage.org/public/2019/busyfreewaytrafficatnight.jpg">J'ai eu récemment à configurer un accès vers une machine dont l'adresse IP n'est pas fixe (typiquement derrière une box ADSL dont l'abonnement ne propose pas d'IP fixe). J'avais déjà mis en place un accès similaire il y a quelques années, mais je n'en avais pas fait de billet, voici donc l'occasion.</p>
<h3>Plantons un peu le décor</h3>
<p>Je suis donc dans la situation suivante : la machine, sous NetBSD, dispose d'un accès Internet derrière une box ADSL fournissant une IPv4 dynamique. Je dispose d'un nom de domaine, d'un serveur DNS public, ainsi que d'un serveur web public. En dehors des éléments, je ne souhaite pas compter sur un service tiers supplémentaire. L'idée est donc la suivante : depuis la machine en question, réussir à obtenir son adresse IP publique de sortie, et aller la donner au serveur DNS pour qu'il mette à jour une entrée afin que la dite machine soit accessible (pour un accès SSH ou HTTPS par exemple).</p>
<h3>Étape 1 : connaître son adresse IP publique</h3>
<p>Pour cette première étape, j'ai choisi d'utiliser un serveur web existant, qui tourne sous Nginx. Celui-ci me permet d'afficher l'adresse IP du client, sans utiliser de script supplémentaire PHP, Python ou autre. J'ai ajouté la configuration suivante dans mon virtual host :</p>
<div class="highlight"><pre><span></span><code><span class="k">location</span><span class="w"> </span><span class="s">/myip</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="kn">default_type</span><span class="w"> </span><span class="s">text/plain</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">return</span><span class="w"> </span><span class="mi">200</span><span class="w"> </span><span class="s">"</span><span class="nv">$remote_addr"</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>
<p>Une fois Nginx relancé, je peux lancer une requête via un navigateur, wget ou curl pour afficher mon adresse IP :</p>
<div class="highlight"><pre><span></span><code>$ curl http://www.example.org/myip
<span class="m">109</span>.XXX.YYY.ZZZ
</code></pre></div>
<h3>Étape 2 : mettre à jour une entrée DNS sans les mains</h3>
<p>Cette deuxième étape commence par la création, manuelle, d'une nouvelle entrée de type A dans la zone DNS. Je ne détaille cette création, elle est en théorie assez basique pour toute personne qui a déjà monté un serveur DNS. Par contre il va falloir mettre à jour régulièrement cet enregistrement. Pour ne pas avoir à le mettre à jour manuellement, j'ai utilisé <a href="https://en.wikipedia.org/wiki/Nsupdate" title=""nsupdate">nsupdate</a>. Cet outil repose sur la <a href="https://tools.ietf.org/html/rfc2136" title=""RF">RFC 2136</a>, ce qui a l'avantage d'être ouvert et documenté, et de ne pas être une solution bricolée maison à base de sed dans le fichier de zone en direct.</p>
<p>Pour utiliser nsupdate, il faut commencer par créer une paire de clés TSIG sur le client, et ensuite autoriser la clé publique au niveau du serveur DNS. L'outil <em>dnssec-keygen</em> va nous aider pour la création de clés :</p>
<div class="highlight"><pre><span></span><code>$ dnssec-keygen -a HMAC-SHA256 -b <span class="m">256</span> -n HOST dynamic.example.org
Kdynamic.example.org.+163+16284
</code></pre></div>
<p>On notera que l'option -a permet de choisir l'algorithme cryptographique, -b la taille de clé, et l'option -n spécifie le type d'entrée à laquelle se destine cette paire de clés.2 fichiers sont alors produits, dans notre exemples ils se nomment <em>Kdynamic.example.org.+163+16284.key</em> (la clé publique) et <em>Kdynamic.example.org.+163+16284.private</em> (la clé privée). La clé publique a cette tête :</p>
<div class="highlight"><pre><span></span><code>$ cat Kdynamic.example.org.+163+16284.key
dynamic.example.org. IN KEY <span class="m">512</span> <span class="m">3</span> <span class="m">163</span> EmvYb14yJA+0qgRmqaMng02cQoCAbekP2ou9M1fNWX4<span class="o">=</span>
</code></pre></div>
<p>Quant à la clé privée :</p>
<div class="highlight"><pre><span></span><code>$ cat Kdynamic.example.org.+163+16284.private
Private-key-format: v1.3
Algorithm: <span class="m">163</span> <span class="o">(</span>HMAC_SHA256<span class="o">)</span>
Key: EmvYb14yJA+0qgRmqaMng02cQoCAbekP2ou9M1fNWX4<span class="o">=</span>
Bits: <span class="nv">AAA</span><span class="o">=</span>
Created: <span class="m">20181112210734</span>
Publish: <span class="m">20181112210734</span>
Activate: <span class="m">20181112210734</span>
</code></pre></div>
<p>Note : je n'ai pas de problème à divulguer cette clé, car je l'ai volontairement générée à des fins d'exemple. Bien entendu, il ne fait pas divulguer sa clé privée ;)</p>
<p>Maintenant, autorisons notre clé publique au niveau du serveur DNS Bind. Cela se situe directement dans le fichier de configuration <em>named.conf</em>, et cela se passe en deux parties. La première consiste à déclarer la clé publique :</p>
<div class="highlight"><pre><span></span><code>key <span class="s2">"dynamic.example.org."</span> <span class="o">{</span>
algorithm HMAC-SHA256<span class="p">;</span>
secret <span class="s2">"EmvYb14yJA+0qgRmqaMng02cQoCAbekP2ou9M1fNWX4="</span><span class="p">;</span>
<span class="o">}</span><span class="p">;</span>
</code></pre></div>
<p>Attention, il faut bien préciser le même algorithme que lors de la génération de clés.</p>
<p>La deuxième partie consiste à autoriser cette clé publique au niveau de la configuration de la zone DNS sur laquelle je souhaite agir :</p>
<div class="highlight"><pre><span></span><code><span class="n">zone</span><span class="w"> </span><span class="s2">"example.org"</span><span class="w"> </span><span class="n">IN</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="k">master</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">file</span><span class="w"> </span><span class="s2">"/var/named/master/example.org"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">allow</span><span class="o">-</span><span class="n">transfer</span><span class="w"> </span><span class="p">{</span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.53</span><span class="p">;</span><span class="w"> </span><span class="p">};</span><span class="w"></span>
<span class="w"> </span><span class="n">allow</span><span class="o">-</span><span class="n">query</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">any</span><span class="p">;</span><span class="w"> </span><span class="p">};</span><span class="w"></span>
<span class="w"> </span><span class="n">update</span><span class="o">-</span><span class="n">policy</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">grant</span><span class="w"> </span><span class="n">dynamic</span><span class="o">.</span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">dynamic</span><span class="o">.</span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="w"> </span><span class="n">A</span><span class="w"> </span><span class="n">CNAME</span><span class="w"> </span><span class="n">TXT</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">grant</span><span class="w"> </span><span class="n">dynamic2</span><span class="o">.</span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">dynamic2</span><span class="o">.</span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="w"> </span><span class="n">A</span><span class="w"> </span><span class="n">CNAME</span><span class="w"> </span><span class="n">TXT</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">};</span><span class="w"></span>
<span class="p">};</span><span class="w"></span>
</code></pre></div>
<p>Il s'agit d'une déclaration relativement classique, mais on notera la présence d'une directive <em>update-policy</em> dans laquelle j'autorise ma clé (définie par le nom lors de la génération par <em>dnssec-keygen</em>) à modifier un enregistrement DNS (définie par <em>name</em> puis son nom) des types décrits après (ici, mon enregistrement peut être de type A, CNAME ou TXT). L'exemple ci-dessus propose même deux enregistrements modifiés par deux clés différentes.</p>
<p>On peut alors utiliser nsupdate. Créons un fichier qui va contenir les données à pousser vers le serveur DNS :</p>
<div class="highlight"><pre><span></span><code>$ cat dnsupdate.txt
server ns0.example.org
zone example.org.
update delete dynamic.example.org.
update add dynamic.example.org. <span class="m">180</span> A <span class="m">10</span>.13.37.92
show
send
</code></pre></div>
<p>Ensuite, lançons nsupdate :</p>
<div class="highlight"><pre><span></span><code>nsupdate -k ./Kdynamic.example.org.+163+16284.private -v ./dnsupdate.txt
</code></pre></div>
<p>Si tout se passe bien, l'enregistrement DNS devrait être à jour. Pour se faciliter les tests, on peut, lors de la création de celui-ci, mettre une valeur volontairement erronée, et constater qu'une fois nsupdate lancé, la valeur est correcte.</p>
<h3>Étape 3 : on secoue bien fort</h3>
<p>Maintenant qu'on a tous les outils, il ne reste plus qu'à tout englober ensemble dans un script à glisser dans une tâche cron. Voici, dessous, le script que j'ai fait pour l'exemple. Bien entendu, il utilise la méthode "La Rache" et mériterait un peu plus de rigueur dans son développement. Mais c'est un début, fonctionnel et simple à comprendre.</p>
<div class="highlight"><pre><span></span><code><span class="ch">#!/usr/pkg/bin/bash</span>
<span class="nb">set</span> -x
<span class="nv">curl_bin</span><span class="o">=</span><span class="k">$(</span>which curl<span class="k">)</span>
<span class="nv">curl_opts</span><span class="o">=</span><span class="s2">"-s"</span>
<span class="nv">dig_bin</span><span class="o">=</span><span class="k">$(</span>which dig<span class="k">)</span>
<span class="nv">nsupdate_bin</span><span class="o">=</span><span class="k">$(</span>which nsupdate<span class="k">)</span>
<span class="nv">ip_check_service</span><span class="o">=</span><span class="s2">"http://www.example.org/myip"</span>
<span class="nv">keyfile</span><span class="o">=</span><span class="s2">"/home/nils/keys/Kdynamic.example.org.+163+16284.private"</span>
<span class="nv">current_ip</span><span class="o">=</span><span class="k">$(</span><span class="si">${</span><span class="nv">curl_bin</span><span class="si">}</span> <span class="si">${</span><span class="nv">curl_opts</span><span class="si">}</span> <span class="si">${</span><span class="nv">ip_check_service</span><span class="si">}</span><span class="k">)</span>
<span class="nv">current_reverse</span><span class="o">=</span><span class="k">$(</span><span class="si">${</span><span class="nv">dig_bin</span><span class="si">}</span> +short @ns1.fdn.org -x <span class="si">${</span><span class="nv">current_ip</span><span class="si">}</span><span class="k">)</span>
<span class="nv">previous_cname</span><span class="o">=</span><span class="k">$(</span><span class="si">${</span><span class="nv">dig_bin</span><span class="si">}</span> +short @ns0.example.org dynamic.example.org<span class="k">)</span>
<span class="nv">dns_server</span><span class="o">=</span><span class="k">$(</span>dig +short -t A ns0.example.org<span class="k">)</span>
cat > /tmp/majdnscloud.txt <span class="s"><< EOF</span>
<span class="s">server ${dns_server}</span>
<span class="s">zone example.org.</span>
<span class="s">update delete dynamic.example.org.</span>
<span class="s">update add dynamic.example.org. 180 CNAME ${current_reverse}</span>
<span class="s">show</span>
<span class="s">send</span>
<span class="s">EOF</span>
nsupdate -k <span class="si">${</span><span class="nv">keyfile</span><span class="si">}</span> -v /tmp/majdnscloud.txt
rm -f /tmp/majdnscloud.txt
</code></pre></div>
<h3>Autres possibilités ?</h3>
<p>Il se peut qu'on ne dispose pas de ressource pour installer un serveur qui donnerait notre IP publique de sortie, il est alors possible d'utiliser un service tiers. J'en utilise occasionnellement deux : <a href="https://www.whatsmyip.org/" title=""What's">What's My IP</a> et <a href="https://ipchicken.com/" title=""IP">IP chicken</a>.</p>
<p>Pour ce qui est de la mise à jour automatisée d'un enregistrement DNS, selon le registrar, il est possible que celui-ci le propose via une API, comme <a href="https://doc.livedns.gandi.net/" title=""Gandi">Gandi LiveDNS</a> par exemple.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://unsplash.com/photos/iR8m2RRo-z4" title=""Jake">Jake Givens - Busy freeway traffic at night</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 08/07/2019 22:37 par cmic</h3>
<p>Hello
Cool. Je me souviens d'avoir écrit la même chose (ou presque) en Perl pour mettre ma zone à jour avec l'ajout ou la suppression d'un PC ou d'un serveur ; avec maj du reverse également.
cmic, Sysadmin à la retraite...</p>
<h3>Le 09/07/2019 19:53 par user</h3>
<blockquote>
<p>grant dynamic.anotherhomepage.org. name dynamic.anotherhomepage.org. A CNAME TXT;
grant dynamic2.anotherhomepage.org. name dynamic2.anotherhomepage.org. A CNAME TXT;</p>
</blockquote>
<p>Ça ne devrait pas être « grant dynamic.example.org. » vu le nom des clés générées au-dessus ?</p>
<p>Merci pour le tuto :)</p>
<h3>Le 09/07/2019 22:05 par Nils</h3>
<p>@user : en fait non, comme j'indique avec maladresse dans mon billet :</p>
<div class="highlight"><pre><span></span><code><span class="n">L</span><span class="p">'</span><span class="n">exemple</span><span class="w"> </span><span class="n">ci</span><span class="o">-</span><span class="n">dessus</span><span class="w"> </span><span class="n">propose</span><span class="w"> </span><span class="n">même</span><span class="w"> </span><span class="n">deux</span><span class="w"> </span><span class="n">enregistrements</span><span class="w"> </span><span class="n">modifiés</span><span class="w"> </span><span class="n">par</span><span class="w"> </span><span class="n">deux</span><span class="w"> </span><span class="n">clés</span><span class="w"> </span><span class="n">différentes</span><span class="p">.</span><span class="w"></span>
</code></pre></div>
<p>Je cherchais à montrer qu'en mettant une deuxième clé, on pourrait avoir pour la même zone un deuxième enregistrement dynamique, mais je n'ai pas pris la peine de dupliquer toutes les autres parties. Pardon pour la confusion !</p>FreeNAS VM : installation d'un invité CentOS 72018-10-25T13:50:00+02:002018-10-25T13:50:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2018-10-25:/post/2018/10/25/freenas-vm-installation-invite-centos-7/<p><img alt=""Riga" src="https://blog.anotherhomepage.org/public/2018/Riga_20.08.2016_53.jpg" title=""Riga">J'ai commencé à jouer avec la fonctionnalité “VM” de FreeNAS 11, la célèbre distribution BSD pour créer son propre NAS. J'ai assez de puissance sur mon NAS actuel pour lancer quelques machines virtuelles, ce qui me permettra d'utiliser d'autres OS que FreeBSD (disponible via les jails), comme par exemple ici …</p><p><img alt=""Riga" src="https://blog.anotherhomepage.org/public/2018/Riga_20.08.2016_53.jpg" title=""Riga">J'ai commencé à jouer avec la fonctionnalité “VM” de FreeNAS 11, la célèbre distribution BSD pour créer son propre NAS. J'ai assez de puissance sur mon NAS actuel pour lancer quelques machines virtuelles, ce qui me permettra d'utiliser d'autres OS que FreeBSD (disponible via les jails), comme par exemple ici CentOS.</p>
<h3>À propos de VM</h3>
<p>FreeNAS étant basé sur FreeBSD, celui-ci base sa fonction d'hyperviseur sur bhyve, l'hyberviseur BSD. Les prérequis matériels sont assez simples :</p>
<ul>
<li>assez de mémoire vive pour que FreeNAS puisse continuer à en utiliser pour gérer la partie NAS ;</li>
<li>assez de puissance CPU pour que FreeNAS puisse continuer à en utiliser pour gérer la partie NAS ;</li>
<li>assez d'espace disque (puisqu'on va aussi en allouer à nos machines virtuelles) ;</li>
<li>et enfin, s'assurer que le processeur de notre NAS dispose des instructions de virtualisation.</li>
</ul>
<p>Concernant la quantité de mémoire vive, il faut se rappeler que FreeNAS réclame au moins 8 Go de RAM, voire plus selon les usages. La section <a href="http://doc.freenas.org/11/intro.html#hardware-recommendations" title=""FreeNAS">Hardware Recommandations</a> de la documentation officielle est à ce titre à lire en premier. En ce qui me concerne, j'ai décidé d'ajouter de la mémoire vive à mon système avant de commencer à utiliser VM.</p>
<p>Concernant les instruction de virtualisation, la section <a href="http://doc.freenas.org/11/vms.html" title=""FreeNAS">VMs</a> de la documentation officielle est aussi très instructive. Pour vérifier que notre CPU dispose bien du jeu d'instruction nécessaire, deux possibilités :</p>
<ul>
<li>Sur un système Intel : <code>grep VT-x /var/run/dmesg.boot</code> ;</li>
<li>Sur un système AMD : <code>grep POPCNT /var/run/dmesg.boot</code>.</li>
</ul>
<p>Sur mon NAS, j'ai un Xeon E3-1220L V2. Cela donne donc :</p>
<div class="highlight"><pre><span></span><code>root@arreat:~ <span class="c1"># grep VT-x /var/run/dmesg.boot</span>
VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID
</code></pre></div>
<h3>Créer sa machine virtuelle</h3>
<p>Dans l'absolu, créer sa machine virtuelle est assez simple et suivre la documentation en anglais assez facile. On commence par aller dans le menu <em>VMs</em>, puis on clique sur le bouton <em>Add VM</em>. Un menu s'affiche alors, et on peut renseigner les informations de notre système virtuel :</p>
<ul>
<li>Name : nom de la machine virtuelle ;</li>
<li>Description : un texte descriptif ;</li>
<li>Virtual CPUs : le nombre de processeurs virtuels ;</li>
<li>Memory Size (MiB) : la quantité de mémoire-vive ;</li>
<li>Boot Method : si la machine virtuelle est en UEFI pur ou en mode de compatibilité avec BIOS (UEFI-CSM), mais visiblement il vaut mieux rester en UEFI ;</li>
<li>Autostart : si la machine démarre automatiquement au démarrage du NAS.</li>
</ul>
<p>On peut ensuite créer des périphériques pour notre machine virtuelle, en la sélectionnant puis en appuyant sur le bouton "Devices" en bas de l'interface web. Un nouvel onglet apparaît, et grâce au bouton "Add device", on peut alors ajouter :</p>
<ul>
<li>Network interface : une carte réseau (Intel émulée, ou VirtIO) ;</li>
<li>Disk : un disque dur, sous forme de ZVol (en AHCI ou VirtIO) ;</li>
<li>CD-ROM : un lecteur optique, en choisissant une image ISO hébergée sur le NAS ;</li>
<li>VNC : un écran virtuel accessible via le protocole VNC.</li>
</ul>
<h3>Démarrer sa machine virtuelle et installer CentOS</h3>
<p>Une fois la machine virtuelle crée, on s'assure que le CD-ROM virtuel est bien une ISO d'installation de CentOS et on appuie sur le bouton de démarrage.Par contre, et c'est à ce moment que la documentation et peut-être bhyve sont muets, c'est à propos du périphérique VNC : j'ai perdu littéralement des heures à cause du mapping clavier, qui respecte les lettres pour de l'azerty, mais qui ne respecte pas les caractères spéciaux et les chiffres. Ceci est donc particulièrement gênant.</p>
<p>Mon astuce consiste à ne pas créer de périphérique VNC : VM crée alors une console série, à laquelle on peut accéder via la commande cu depuis un shell sur la machine FreeNAS :</p>
<div class="highlight"><pre><span></span><code>cu -s <span class="m">9600</span> -l /dev/nmdm1B
</code></pre></div>
<p>A noter que le périphérique d'accès peut changer selon la machine virtuelle, il faut donc changer la commande en conséquence.</p>
<p>Une fois que le CD-ROM est démarré, il convient d'éditer les options de démarrage en appuyant sur 'e', puis en ajoutant à la première ligne l'option <code>console=ttyS0</code>. Cette option est indiquée dans <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/chap-anaconda-boot-options" title=""RHEL">la documentation d'installation de RHEL 7</a></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/108459338@N08/29164996475/" title=""Riga">E Livermore - Riga 20.08.2016 (53)</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 26/10/2018 08:09 par <a href="https://utux.fr">utux</a></h3>
<p>Je l'utilise depuis quelques temps et c'est vraiment pas mal, bhyve carbure bien. Je dirais même qu'avec l'interface de FreeNAS on concurrencerait presque Proxmox. Je me rappelle juste de soucis avec UEFI-CSM (Bios) et FreeNAS voulait une affectation mini de 1GB de RAM pour les VM (alors que 256 me suffisent souvent pour les tests).</p>
<p>VNC est une plaie pour le mapping de touches, l'astuce est de faire l'installation sans accents avec un mot de passe simple puis faire la modification après par SSH.</p>
<p>J'utilise beaucoup les jails, avec iocage en ligne de commandes qui est vraiment bien et qui permet les updates. L'avantage par rapport à la virtualisation je trouve c'est le stockage direct sur zfs (compression, perfs, snapshots) et l'impact moindre sur les ressources (pas obligé de réserver de manière fixe 1GB de RAM, il prend ce qu'il a besoin).</p>
<h3>Le 26/10/2018 11:17 par nzo</h3>
<p>Merci pour l'article...je vais tester cela ce week-end.</p>Firefox : 4 versions différentes du navigateur web en parallèle sur son OS2018-10-18T13:10:00+02:002018-10-18T13:10:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2018-10-18:/post/2018/10/18/firefox-4-versions-differentes/<p><img alt=""plusieurs marteaux alignés"" src="https://blog.anotherhomepage.org/public/2018/samebutdifferent.jpg">Savez-vous qu'il est possible d'exécuter plusieurs versions de Firefox sur son ordinateur, et même de les exécuter en parallèle ? Voici une liste de différentes versions du célèbre navigateur de Mozilla que j'ai pu installer et utiliser sur les différents ordinateurs que j'ai pu utiliser ces derniers temps, que ce soit …</p><p><img alt=""plusieurs marteaux alignés"" src="https://blog.anotherhomepage.org/public/2018/samebutdifferent.jpg">Savez-vous qu'il est possible d'exécuter plusieurs versions de Firefox sur son ordinateur, et même de les exécuter en parallèle ? Voici une liste de différentes versions du célèbre navigateur de Mozilla que j'ai pu installer et utiliser sur les différents ordinateurs que j'ai pu utiliser ces derniers temps, que ce soit sous GNU/Linux (Fedora), macOS voire Windows.</p>
<h3>Firefox</h3>
<p>Le classique, celui qu'on installe et utilise partout, bien entendu ! Comment s'en passer ? L'installeur pour macOS et Windows est facilement disponible, et bien entendu empaqueté dans Fedora. C'est généralement le navigateur que j'utilise pour les sites connus et de confiance.</p>
<p>Firefox est disponible à l'adresse suivante : <a href="https://www.mozilla.org/fr/firefox/" title="https://www.mozilla.org/fr/firefox/">https://www.mozilla.org/fr/firefox/</a>.</p>
<h3>Firefox Developer Edition</h3>
<p><a href="https://www.mozilla.org/fr/firefox/developer/" title=""Firefox">Firefox Developer Edition</a>, <a href="https://fr.wikipedia.org/wiki/Mozilla_Firefox#Versions_de_d%C3%A9veloppement" title=""Mozilla">anciennement Aurora</a>, est en fait la version bêta, agrémentée d'un thème sombre. Un installeur est disponible non seulement pour macOS et Windows, mais une archive est aussi disponible pour GNU/Linux. L'inconvénient de cette archive est qu'elle n'est du coup pas intégrée à la distribution ni à l'environnement de bureau (Gnome pour ma part). J'ai donc du manuellement créer des fichiers desktop, en prenant pour modèle celui de Firefox. Concernant mon utilisation, je l'utilise en mode "navigation privée" pour les sites inconnus et en lesquels je n'ai pas confiance.</p>
<h3>Tor Browser</h3>
<p><a href="https://www.torproject.org/projects/torbrowser.html.en" title=""Tor">Tor Browser</a> est une version particulière de Firefox, basée sur la version ESR, qui permet de naviguer sur le réseau Tor. En plus de la connexion au réseau d'anonymisation, cette version dispose de deux extensions : HTTPS Everywhere et NoScript. Il peut m'arriver de l'utiliser pour des tests, cela évite parfois d'utiliser un VPN lorsqu'on veut accéder à un site depuis une autre adresse IP.</p>
<h3>IceCat</h3>
<p>Enfin, <a href="http://www.gnu.org/software/gnuzilla/" title="IceCat">IceCat</a> est le navigateur du projet GNU, qu'on connaissait plutôt sous le nom d'IceWeasel. Basé lui aussi sur la version ESR de Firefox, mais totalement dépourvu de modules non-libres, IceCat dispose en plus de fonctionnalités de protection de la vie privée. Il peut servir aussi si on souhaite comparer entre deux versions de Firefox.</p>
<h3>Et pourquoi pas d'autres ?</h3>
<p>Si vous connaissez une autre variante de Firefox, vous pouvez profiter des commentaires pour m'en parler, ainsi que de l'usage que vous en faites. N'hésitez pas aussi à me parler de vos usages de celles déjà listées !</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://unsplash.com/photos/PtgLGdMzi-Y" title=""Sonny">Sonny Ravesteijn (sans titre)</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 18/10/2018 14:13 par Eragon</h3>
<p>Je me permet de faire remarquer qu'il existe aussi Fierfox nightly, mais pour l'installation sous linux cette dernière version présente les mêmes problèmes que Firefox Devloper Edition, sa particularité est d'être mise à jour plusieurs fois par jours, elle est la version qui, si les builds fonctionnent la version se met à jour</p>
<h3>Le 19/10/2018 11:38 par el</h3>
<ul>
<li>Firefox Nightly</li>
<li>Firefox Developer Edition</li>
<li>Firefox Beta</li>
<li>Firefox</li>
<li>Firefox Extended Support Release (ESR)</li>
</ul>
<p>https://developer.mozilla.org/fr/docs/Mozilla/Firefox</p>
<h3>Le 20/10/2018 13:19 par pulp</h3>
<p>Palemoon une version allégée de firefox.
https://www.palemoon.org/</p>Installation d'OpenWRT dans VirtualBox - Another Home Page Vlog épisode 22018-05-29T13:37:00+02:002018-05-29T13:37:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2018-05-29:/post/2018/05/29/vlog-installation-openwrt-virtualbox/<p><img alt="""" src="https://blog.anotherhomepage.org/public/2018/sharegrid.jpg">Une autre vidéo pour ce billet : cette fois il s'agit de disposer d'un routeur OpenWRT dans VirtualBox, et de configurer celui-ci pour que la machine virtuelle Kali Linux, installée dans <a href="/post/vlog-installation-kali-linux-virtualbox">l'épisode précédent</a>, l'utilise comme passerelle.</p>
<h3>On prend les mêmes et on recommence ?</h3>
<p>Comme pour la précédente vidéo, il ne s'agit …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/2018/sharegrid.jpg">Une autre vidéo pour ce billet : cette fois il s'agit de disposer d'un routeur OpenWRT dans VirtualBox, et de configurer celui-ci pour que la machine virtuelle Kali Linux, installée dans <a href="/post/vlog-installation-kali-linux-virtualbox">l'épisode précédent</a>, l'utilise comme passerelle.</p>
<h3>On prend les mêmes et on recommence ?</h3>
<p>Comme pour la précédente vidéo, il ne s'agit pas vraiment d'une installation. Un import ? Pas tout à fait : cette manipulation consiste à télécharger l'image disque OpenWRT et à la convertir en disque dur VirtualBox. On peut alors créer une nouvelle machine virtuelle, sans stockage, et assigner le nouveau disque dur à celle-ci. Cette machine virtuelle n'ayant pas d'interface graphique, pas besoin d'addition ici. On peut retrouver la documentation qui a inspiré cette vidéo directement sur <a href="https://openwrt.org/docs/guide-user/virtualization/virtualbox-vm" title=""Wiki">le wiki d'OpenWRT</a>.</p>
<h3>Quel intérêt ?</h3>
<p>VirtualBox dispose de nombreuses options réseau assez complètes. Mais ici l'idée est de simuler un routeur ressemblant un peu à ce qu'on trouve chez soi. On peut le configurer via une interface web, et il dispose d'une puissance limitée. On peut aussi envisager de s'en servir avant d'installer OpenWRT sur du matériel, probablement d'une autre architecture, pour se faire la main. Petit truc amusant, j'ai même trouvé dans les téléchargement <a href="https://downloads.lede-project.org/releases/17.01.4/targets/x86/geode/" title=""OpenWRT">une image pour les processeurs Geode</a>, qu'on trouve par exemple dans les anciens <a href="http://soekris.eu/shop/net5501_en/" title=""Soekris">Soekris net5501</a>.</p>
<h3>Le plus important : la vidéo</h3>
<p>Pour voir la vidéo, c'est <a href="https://youtu.be/7kfts2IrDZo" title=""Installation">ici</a> :</p>
<p><a href="https://youtu.be/7kfts2IrDZo" title=""Installation"><img alt="""" src="https://blog.anotherhomepage.org/public/2018/miniature_openwrt_virtualbox_blog.png"></a></p>
<p>J'espère que vous apprécierez cette vidéo au moins autant que j'ai apprécié de la faire ! La capture de bureau m'amuse bien :) Si jamais vous avez des suggestions d'installations de systèmes en machine virtuelle, faites-m'en part : cela pourrait aussi me faire découvrir des trucs :)</p>
<p>Enfin, tout ceci ne serait pas possible sans le <a href="https://www.youtube.com/channel/UCdl83V9Dim8bTLbTU6LohBQ" title=""chaine">Studio Cyanotype</a> ! Merci à elle de m'avoir enseigné les rudiments du montage vidéo ! N'hésitez pas à aller voir sa chaine Youtube et son <a href="http://cyanotype-leblog.fr/" title=""Cyanotype">blog</a> !</p>
<p><em>Crédit photo : <a href="https://unsplash.com/photos/-x3vyyixejA" title="Sharegrid">Sharegrid</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 29/05/2018 15:34 par william</h3>
<p>Après OpenWRT, il serait intéressant de jeter un oeil sur pfSense.</p>
<p>Là c'est un vrai routeur/firewall.</p>
<h3>Le 30/05/2018 08:36 par Nils</h3>
<p>Merci pour ton commentaire William ! J’envisage déjà Pfsense et OPNsense, mais mis à part la comparaison avec OpenWRT, je n’ai rien vu de particulier qui justifie un tutoriel vidéo, pour l’instant.</p>CentOS 7 : installation vraiment minimale - errata2018-04-23T09:30:00+02:002018-04-23T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2018-04-23:/post/2018/04/23/centos-7-installation-vraiment-minimale-errata/<p><img alt="""" src="https://blog.anotherhomepage.org/public/2018/samebutdifferent.jpg">Dans un billet précédent, j'avais réalisé une <a href="/post/centos-7-installation-vraiment-minimale">installation vraiment minimale de CentOS 7</a>. Si globalement le cahier des charges était respecté, je me suis heurté à quelques petites déconvenues, je me suis donc dit qu'un billet sous forme d'errata ne serait pas de trop.</p>
<h3>SELinux</h3>
<p>Bon, d'accord, SELinux est probablement …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/2018/samebutdifferent.jpg">Dans un billet précédent, j'avais réalisé une <a href="/post/centos-7-installation-vraiment-minimale">installation vraiment minimale de CentOS 7</a>. Si globalement le cahier des charges était respecté, je me suis heurté à quelques petites déconvenues, je me suis donc dit qu'un billet sous forme d'errata ne serait pas de trop.</p>
<h3>SELinux</h3>
<p>Bon, d'accord, SELinux est probablement l'un des composants de CentOS, Fedora et RHEL le plus détesté (ou est-ce systemd ?), car nombreux sont encore les tutoriaux qui commencent par demander de désactiver celui-ci (à tort). Bref, si comme moi vous vous attendez à ce que votre système minimaliste soit paramétré en "Enforcing" (après tout c'est marqué dans le kickstart), pas de chance. Tapez 20 fois la commande <code>setenforce Enforcing</code> si vous voulez, la réponse sera la même : non.</p>
<p>Pourquoi ? Parce que votre serviteur, en allant tailler dans les paquets à la tronçonneuse, s'est débarrassé des politiques SELinux. Sans politique, cela fonctionne moins bien. Comment on les obtient ? En installant deux paquets : <code>selinux-policy</code> et <code>selinux-policy-targeted</code>. N'envisagez pas un seul instant de n'installer que le premier : le système se bloquera au démarrage.</p>
<h3>scp</h3>
<p>Quand on est sur une machine serveur, il n'est a priori pas nécessaire d'installer un quelconque client, sauf cas exceptionnel et identifié. En voici un : sans installer le paquet <code>openssh-clients</code> sur mon serveur minimaliste, je ne peux pas faire de scp vers celui-ci. Je suppose que le binaire scp doit être appelé à un moment quelconque côté serveur, mais toujours est-il que sans, bein ça ne fonctionne pas.</p>
<h3>Perl et la locale</h3>
<p>Celui-ci est assez tordu et concerne les paramétrages de langue. Il se trouve qu'après avoir installé Perl sur ce serveur minimaliste, j'ai voulu lancer un script utilisant ce langage. J'ai eu droit, durant les scripts, à un message de ce genre :</p>
<div class="highlight"><pre><span></span><code>perl: warning: Falling back to the standard locale <span class="o">(</span><span class="s2">"C"</span><span class="o">)</span>.
</code></pre></div>
<p>Alors le pourquoi exact, je ne suis toujours pas certain, je suspecte qu'il manque un paquet et que celui-ci (toujours pas identifié) fait un paramétrage particulier, toujours est-il que je me voyais mal <a href="https://stackoverflow.com/questions/2499794/how-to-fix-a-locale-setting-warning-from-perl" title=""Stackoverflow">modifier ma configuration OpenSSH</a> pour aller jouer avec les variables d'environnement exportées par ce dernier. J'ai préféré finalement <a href="https://qiita.com/Kaisyou/items/9c2c5f5e1b28c24e91b7" title=""CentOS7">ajouter deux petites lignes à /etc/environment</a> :</p>
<div class="highlight"><pre><span></span><code><span class="nv">LANG</span><span class="o">=</span>en_US.utf-8
<span class="nv">LC_ALL</span><span class="o">=</span>en_US.utf-8
</code></pre></div>
<p>Cela force le système en anglais américain, en UTF-8.</p>
<h3>Les logs</h3>
<p>Bon alors celle-là, elle est fantastique : rsyslog n'est du coup plus installé par défaut et certains logiciels n'envoient plus de log, comme OpenSSH : j'ai voulu diagnostiquer des erreurs de connexion SSH et je n'avais pas de fichier <code>/var/log/secure</code> ! En effet, par défaut OpenSSH sous CentOS utilise le protocole syslog pour fournir ses logs. A noter aussi que logrotate manquait, ce qui aurait pu s'avérer plus dramatique au bout de quelques mois sur une machine de production.</p>
<h3>C'est tout ?</h3>
<p>Ce n'est probablement que le début. Je me rends compte à l'usage qu'il me manque pas mal de choses de mon petit confort (vim, less, tmux...). Un autre paquet que je n'ai pas encore réinstallé est NetworkManager, à voir si cela devient vraiment pratique.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://unsplash.com/photos/PtgLGdMzi-Y" title=""Same">Adam Sherez - Same but different</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 15/06/2018 06:47 par <a href="http://www.standardtelephonique.org/">Alain C</a></h3>
<p>Merci pour ton tuto ! Perso je me verrais mal bosser sans NetworkManager mais je pense que c'est facile à ré-installer une fois que CentOS 7 est ON ? Non ?
Au plaisir,
Alain</p>
<h3>Le 16/06/2018 12:12 par Nils</h3>
<p>Merci de ton commentaire Alain ! Pour ce qui est de l’installation de NetworkManager sur un système CentOS 7 existant, oui c’est facile, il suffit d’utiliser yum pour les packages ! En revanche si de nombreuses configurations réseau particulières ont été faites (bridge, bonding...) ça sera un peu plus coton.</p>
<p>Personnellement j’ai connu les versions précédentes de CentOS et de Fedora, où NetworkManager n’était pas forcément présent, donc je n’aurais pas de problème sans ;)</p>
<h3>Le 20/06/2018 06:33 par Alain C</h3>
<p>Ok super ! Merci pour ta réponse je vais essayer :)</p>Installation de Kali Linux dans VirtualBox - Another Home Page Vlog épisode 12018-02-09T20:20:00+01:002018-02-09T20:20:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2018-02-09:/post/2018/02/09/vlog-installation-kali-linux-virtualbox/<p><img alt=""p1020274.jpg"" src="https://blog.anotherhomepage.org/public/p1020274.jpg" title=""tournage">Aujourd'hui, une nouvelle vidéo ! Pour ce nouvel épisode du vlog, je change de support : au lieu de voir ma tête, c'est mon bureau (informatique) qui est affiché. J'ai dans l'idée de mettre en place plusieurs machines virtuelles pour monter une sorte de labo de tests, et j'ai choisi de commencer …</p><p><img alt=""p1020274.jpg"" src="https://blog.anotherhomepage.org/public/p1020274.jpg" title=""tournage">Aujourd'hui, une nouvelle vidéo ! Pour ce nouvel épisode du vlog, je change de support : au lieu de voir ma tête, c'est mon bureau (informatique) qui est affiché. J'ai dans l'idée de mettre en place plusieurs machines virtuelles pour monter une sorte de labo de tests, et j'ai choisi de commencer par installer un système graphique comportant de nombreux outils de sécurité offensive, Kali Linux. Pour voir la vidéo, c'est <a href="https://youtu.be/ClcQtdncUdw" title=""Installation">ici</a> :</p>
<p><a href="https://youtu.be/ClcQtdncUdw" title=""Installation"><img alt=""miniature_kali_virtualbox_blog.jpg"" src="https://blog.anotherhomepage.org/public/2018/miniature_kali_virtualbox_blog.jpg" title=""Miniature"></a></p>
<h3>Import ou installation ?</h3>
<p>Pour cette nouvelle vidéo, je passe donc en mode "capture de bureau" et je vous montre comment installer l'image virtuelle de Kali Linux dans VirtualBox ! Pour mettre en place cette machine virtuelle, j'ai choisi d'utiliser non pas l'image ISO, mais une image virtuelle de système déjà installé, qu'on peut récupérer sur <a href="https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/" title=""Kali">la page de téléchargement d'Offensive Security</a>. Avantage non négligeable, les VirtualBox additions sont déjà installées et facilitent donc l'utilisation de cette machine virtuelle, que ce soit au niveau graphique ou au niveau réseau.</p>
<p>J'espère que vous apprécierez cette vidéo au moins autant que j'ai apprécié de la faire ! En ce qui me concerne j'aime bien le principe de capture de bureau, et j'espère en faire d'autres prochainement. D'ailleurs, si jamais vous avez des suggestions d'installations de systèmes en machine virtuelle, faites-m'en part : cela pourrait aussi me faire découvrir des trucs :)</p>
<p>Enfin, tout ceci ne serait pas possible sans le <a href="https://www.youtube.com/channel/UCdl83V9Dim8bTLbTU6LohBQ" title=""chaine">Studio Cyanotype</a> ! Merci à elle de m'avoir enseigné les rudiments du montage vidéo ! N'hésitez pas à aller voir sa chaine Youtube et son <a href="http://cyanotype-leblog.fr/" title=""Cyanotype">blog</a> !</p>
<p><em>Crédit Photo : Vincent Battez - <a href="https://www.flickr.com/photos/146909781@N02/34103055685/" title="P1020274">P1020274</a></em></p>NetBSD : haute disponibilité avec CARP2017-12-22T10:25:00+01:002017-12-22T10:25:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-22:/post/2017/12/22/netbsd-haute-disponibilite-avec-carp/<p><img alt=""Turner" src="https://blog.anotherhomepage.org/public/2017/turnertwins.jpg" title=""Turner">NetBSD dispose depuis la version 4.0 d'une implémentation du protocole <a href="https://fr.wikipedia.org/wiki/Common_Address_Redundancy_Protocol" title=""CARP">CARP</a>. Il s'agit d'un protocole, à l'origine prévu pour les routeurs, permettant à un groupe de machines de disposer d'une adresse IP flottante. Si la machine principale venait à être indisponible, une machine secondaire peut alors prendre le relai …</p><p><img alt=""Turner" src="https://blog.anotherhomepage.org/public/2017/turnertwins.jpg" title=""Turner">NetBSD dispose depuis la version 4.0 d'une implémentation du protocole <a href="https://fr.wikipedia.org/wiki/Common_Address_Redundancy_Protocol" title=""CARP">CARP</a>. Il s'agit d'un protocole, à l'origine prévu pour les routeurs, permettant à un groupe de machines de disposer d'une adresse IP flottante. Si la machine principale venait à être indisponible, une machine secondaire peut alors prendre le relai. CARP permet donc de mettre en place de la haute disponibilité.</p>
<p>Je me suis amusé à mettre en place une configuration CARP sur les deux serveurs DNS de mon LAN. Pourquoi ? J'ai remarqué que bien souvent, selon les OS, quand on spécifie deux serveurs DNS dans les paramètres réseau, même si la redondance est là, on peut sentir un ralentissement :</p>
<ul>
<li>le client va faire du round-robin et donc régulièrement des requêtes vont échouer ;</li>
<li>le client va d'abord s'adresser au premier serveur DNS de sa liste, et si celui-ci est indisponible, il attendra un timeout avant de passer au suivant.</li>
</ul>
<p>Il y a probablement d'autres moyens d'adresser ces problèmes, mais cela m'a fourni une excuse de jouer avec CARP, c'est le plus important :)</p>
<p>CARP se présente en fait sous forme d'une carte réseau fictive dont le pilote est disponible dans le noyau. Quand je dis disponible, c'est qu'en théorie l'option est compilée dans le noyau GENERIC, mais cela n'est pas forcément le cas sur toutes les plateformes. Ainsi, j'ai dû <a href="/post/netbsd-recompilation-noyau-npf-domu">recompiler un noyau</a> contenant “pseudo-device carp”.</p>
<p>Une fois que CARP est bien disponible, il suffit tout simplement de créer une nouvelle interface réseau sur chaque machine. La machine principale aura un poids plus fort que la machine secondaire, et portera l'adresse IP flottante en temps normal.</p>
<p>Sur la machine principale :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># ifconfig carp0 create</span>
<span class="c1"># ifconfig carp0 vhid 101 pass motdepassehalakon 10.13.37.42 netmask 255.255.255.0</span>
</code></pre></div>
<p>Sur la machine secondaire :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># ifconfig carp0 create</span>
<span class="c1"># ifconfig carp0 vhid 100 pass motdepassehalakon 10.13.37.42 netmask 255.255.255.0</span>
</code></pre></div>
<p>On peut alors vérifier que l'adresse IP flottante est joignable. A noter la présence d'un mot de passe permettant de limiter les cas de "vol d'IP flottante", ici positionné à "motdepassehalakon"</p>
<p>Pour que cela tienne au redémarrage, il faut bien entendu que la configuration soit enregistrée quelque part. En fait, en terme de configuration, il s'agit tout simplement de la configuration de la carte réseau <em>carp0</em>, ici sur la machine principale :</p>
<div class="highlight"><pre><span></span><code>$ cat /etc/ifconfig.carp0
create
up
vhid <span class="m">101</span> pass motdepassehalakon <span class="m">10</span>.13.37.42 <span class="m">255</span>.255.255.0
</code></pre></div>
<p>Ensuite sur la machine secondaire :</p>
<div class="highlight"><pre><span></span><code>$ cat /etc/ifconfig.carp0
create
up
vhid <span class="m">100</span> pass motdepassehalakon <span class="m">10</span>.13.37.42 <span class="m">255</span>.255.255.0
</code></pre></div>
<p>Maintenant, il ne reste plus qu'à tester... en débranchant la prise !</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/statelibraryofnsw/3073045010/" title=""Turner">State Library of New South Wales - Turner Twins, acrobats, 1937 / by Sam Hood</a>.</em></p>rsnapshot, le robot de sauvegarde2017-12-21T16:50:00+01:002017-12-21T16:50:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-21:/post/2017/12/21/rsnapshot-robot-sauvegarde/<p><img alt=""vélo en pièces détachées"" src="https://blog.anotherhomepage.org/public/spareparts.jpg">Suite au <a href="/post/en-retard#c265">commentaire de Xate</a> dans <a href="/post/en-retard">un récent billet</a>, aujourd'hui un billet sur <a href="http://rsnapshot.org/" title="rsnapshot">rsnapshot</a>, un logiciel de sauvegarde incrémentale basé sur rsync. Si j'en fais un billet, c'est tout simplement car c'est ce que j'ai mis en place pour sauvegarder mon infrastructure.</p>
<p>J'avoue ne pas trop savoir quoi raconter sur …</p><p><img alt=""vélo en pièces détachées"" src="https://blog.anotherhomepage.org/public/spareparts.jpg">Suite au <a href="/post/en-retard#c265">commentaire de Xate</a> dans <a href="/post/en-retard">un récent billet</a>, aujourd'hui un billet sur <a href="http://rsnapshot.org/" title="rsnapshot">rsnapshot</a>, un logiciel de sauvegarde incrémentale basé sur rsync. Si j'en fais un billet, c'est tout simplement car c'est ce que j'ai mis en place pour sauvegarder mon infrastructure.</p>
<p>J'avoue ne pas trop savoir quoi raconter sur ce logiciel, car de nombreuses documentations existent déjà, quasiment pour chaque distribution :</p>
<ul>
<li><a href="https://doc.ubuntu-fr.org/rsnapshot" title=""documentation">chez Ubuntu-fr</a> ;</li>
<li><a href="https://wiki.archlinux.org/index.php/Rsnapshot" title=""documentation">chez ArchLinux</a> ;</li>
<li><a href="https://wiki.gentoo.org/wiki/Rsnapshot" title=""documentation">chez Gentoo</a> ;</li>
<li><a href="https://wiki.alpinelinux.org/wiki/Rsnapshot" title=""documentation">chez Alpine Linux</a> ;</li>
<li>encore pour Ubuntu, <a href="https://www.digitalocean.com/community/tutorials/how-to-install-rsnapshot-on-ubuntu-12-04" title=""tutoriel">un tutoriel chez Digital Ocean</a> ;</li>
<li>cette fois-ci pour Debian, un autre <a href="https://www.howtoforge.com/set-up-rsnapshot-archiving-of-snapshots-and-backup-of-mysql-databases-on-debian" title=""tutoriel">tutoriel rsnapshot pour MySQL</a>, de chez Howtoforge.</li>
</ul>
<p>Je vais donc parler de quelques points de ma configuration en particulier. La première particularité de celle-ci est que j'ai choisi d'installer rsnapshot sur une machine (en fait une jail FreeBSD sur mon NAS FreeNAS) et de l'utiliser en mode "robot de sauvegarde", c'est-à-dire qu'il va se connecter sur toutes les machines à sauvegarder via SSH pour effectuer les sauvegardes. J'y vois l'avantage que je n'ai qu'une seule configuration à modifier, et un utilisateur à configurer sur mes serveurs (accompagné, bien entendu, de sa configuration sudo et de la clé SSH).</p>
<p>Par exemple, pour la sauvegarde du Raspberry Pi qui fait des bulk builds :</p>
<div class="highlight"><pre><span></span><code>backup rsnapshot@netpi2:/etc/ netpi2/ +rsync_long_args<span class="o">=</span>--rsync-path<span class="o">=</span><span class="s1">'/usr/pkg/bin/sudo /usr/pkg/bin/rsync'</span>
backup rsnapshot@netpi2:/usr/pkg/etc/ netpi2/ +rsync_long_args<span class="o">=</span>--rsync-path<span class="o">=</span><span class="s1">'/usr/pkg/bin/sudo /usr/pkg/bin/rsync'</span>
backup rsnapshot@netpi2:/var/log/ netpi2/ +rsync_long_args<span class="o">=</span>--rsync-path<span class="o">=</span><span class="s1">'/usr/pkg/bin/sudo /usr/pkg/bin/rsync'</span>
backup rsnapshot@netpi2:/srv/sandbox/pkgsrc-current/usr/pbulk/etc/ netpi2/ +rsync_long_args<span class="o">=</span>--rsync-path<span class="o">=</span><span class="s1">'/usr/pkg/bin/sudo /usr/pkg/bin/rsync'</span>
</code></pre></div>
<p>On peut aussi noter que j'ai choisi d'ajouter des options à rsync selon mes machines, car celles-ci peuvent être de différents OS, ce qui fait que rsync et sudo ne se trouvent pas toujours au même endroit.</p>
<p>Du côté de la rétention et des intervalles de sauvegarde, j'ai fait très simple :</p>
<ul>
<li>une sauvegarde par jour (daily);</li>
<li>370 jours de rétention.</li>
</ul>
<p>370 jours peut sembler un peu abusé, mais la force de rsnapshot est dans son utilisation des liens (hardlinks) combinée à celle de rsync, qui rend les sauvegardes rapides, mais aussi moins consommatrices en espace disque car dédupliquées. Par exemple pour le serveur web de ce blog :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># du -csh daily.0/vhost2/ daily.1/vhost2/</span>
17G daily.0/vhost2/
<span class="m">2</span>.3G daily.1/vhost2/
19G total
</code></pre></div>
<p>La restauration se fait très simplement aussi, puisqu'il s'agit de fichiers tout ce qu'il y a de plus classiques, ou de liens.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/ritpir88/35264463313/in/photolist-VJcAma-5K3eF2-owvd5T-U46ZAF-oc8krN-owhDzo-otGXrC-b6RQDv-WPNxGG-otqL4r-ov2Dg3-otEoq9-ouD1K4-W8PR2f-o2uUFL-ocy4bx-ormpmj-6MBUNa-oyfnQv-odqyci-SU7dXw-ocSV29-oeZ2iy-SwkNTe-RCRYTq-w7KHtd-oye1Pp-oeZD6q-72SJuQ-ouQij4-c12JYW-od4qo2-wPnb4x-7rNLdi-ous2vd-oy6YDr-od7TTZ-ouHwxn-otF8wG-ov2ccu-ocUjQZ-orDtxb-ouj5n3-od63dh-ot696C-ocNRAC-oupxQD-VtcZkA-4jym8u-Wm1wvu" title=""Spare">Ritva Pirinen - Spare Parts</a>.</em></p>sslh : faire cohabiter SSH et HTTPS2017-12-19T17:25:00+01:002017-12-19T17:25:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-19:/post/2017/12/19/sslh-faire-cohabiter-ssh-et-https/<p><img alt="""" src="https://blog.anotherhomepage.org/public/20160214_183534.jpg">Sur un système Unix libre, il n'est pas possible de faire écouter deux services réseau sur un même port. <a href="http://www.rutschle.net/sslh" title="sslh">sslh</a> est un logiciel qui permet d'écouter sur un port et redirige le trafic vers un service, selon les premiers octets écoutés. Il devient ainsi possible, par exemple, de partager son …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/20160214_183534.jpg">Sur un système Unix libre, il n'est pas possible de faire écouter deux services réseau sur un même port. <a href="http://www.rutschle.net/sslh" title="sslh">sslh</a> est un logiciel qui permet d'écouter sur un port et redirige le trafic vers un service, selon les premiers octets écoutés. Il devient ainsi possible, par exemple, de partager son port 443 entre un serveur SSH et un serveur HTTPS.</p>
<p>La configuration est très simple, voici ce que j'ai mis en place sur un Raspberry Pi fonctionnant sous NetBSD :</p>
<div class="highlight"><pre><span></span><code><span class="n">verbose</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="o">;</span><span class="w"></span>
<span class="n">foreground</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="o">;</span><span class="w"></span>
<span class="n">inetd</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="o">;</span><span class="w"></span>
<span class="n">numeric</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="o">;</span><span class="w"></span>
<span class="n">transparent</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="o">;</span><span class="w"></span>
<span class="n">timeout</span><span class="o">:</span><span class="w"> </span><span class="mi">2</span><span class="o">;</span><span class="w"></span>
<span class="n">user</span><span class="o">:</span><span class="w"> </span><span class="s2">"nobody"</span><span class="o">;</span><span class="w"></span>
<span class="n">pidfile</span><span class="o">:</span><span class="w"> </span><span class="s2">"/var/run/sslh.pid"</span><span class="o">;</span><span class="w"></span>
<span class="n">listen</span><span class="o">:</span><span class="w"></span>
<span class="o">(</span><span class="w"></span>
<span class="w"> </span><span class="o">{</span><span class="w"> </span><span class="n">host</span><span class="o">:</span><span class="w"> </span><span class="s2">"netpi3"</span><span class="o">;</span><span class="w"> </span><span class="n">port</span><span class="o">:</span><span class="w"> </span><span class="s2">"443"</span><span class="o">;</span><span class="w"> </span><span class="o">}</span><span class="w"></span>
<span class="o">);</span><span class="w"></span>
<span class="n">protocols</span><span class="o">:</span><span class="w"></span>
<span class="o">(</span><span class="w"></span>
<span class="w"> </span><span class="o">{</span><span class="w"> </span><span class="n">name</span><span class="o">:</span><span class="w"> </span><span class="s2">"ssh"</span><span class="o">;</span><span class="w"> </span><span class="n">service</span><span class="o">:</span><span class="w"> </span><span class="s2">"ssh"</span><span class="o">;</span><span class="w"> </span><span class="n">host</span><span class="o">:</span><span class="w"> </span><span class="s2">"netpi3"</span><span class="o">;</span><span class="w"> </span><span class="n">port</span><span class="o">:</span><span class="w"> </span><span class="s2">"22"</span><span class="o">;</span><span class="w"> </span><span class="n">probe</span><span class="o">:</span><span class="w"> </span><span class="s2">"builtin"</span><span class="o">;</span><span class="w"> </span><span class="o">},</span><span class="w"></span>
<span class="w"> </span><span class="o">{</span><span class="w"> </span><span class="n">name</span><span class="o">:</span><span class="w"> </span><span class="s2">"ssl"</span><span class="o">;</span><span class="w"> </span><span class="n">host</span><span class="o">:</span><span class="w"> </span><span class="s2">"netpi3"</span><span class="o">;</span><span class="w"> </span><span class="n">port</span><span class="o">:</span><span class="w"> </span><span class="s2">"8443"</span><span class="o">;</span><span class="w"> </span><span class="n">probe</span><span class="o">:</span><span class="w"> </span><span class="s2">"builtin"</span><span class="o">;</span><span class="w"> </span><span class="o">}</span><span class="w"></span>
<span class="o">);</span><span class="w"></span>
</code></pre></div>
<p>Avec cette configuration, sslh redirige le trafic SSH vers netpi3 sur le port 443 vers netpi3 sur le port 22 (j'aurais pû mettre localhost), et redirige aussi le trafic HTTPS vers netpi3 sur le port 443 vers netpi3 sur le port 8443 (j'aurais aussi pû mettre localhost). Un inconvénient à ce système, c'est que le trafic vu par le serveur SSH ou par le serveur HTTPS est vu comme provenant de l'IP hébergeant sslh. Cela peut s'avérer gênant dans la configuration d'un pare-feu ou d'autres outils comme Fail2ban. Il existe toutefois une configuration pour ce dernier, et dans le cas de Linux et de FreeBSD, sslh gère une fonctionnalité de proxy transparent (voir la <a href="http://www.rutschle.net/tech/sslh/README.html" title=""sslh">documentation</a>).</p>
<p>A noter que HTTPS et SSH ne sont pas les seuls protocoles pris en charge. Il est possible de faire pareil avec XMPP et OpenVPN, par exemple.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/134947886@N02/25146087731/" title="20160214_183534">David Verbrugge - 20160214_183534</a>.</em></p>CentOS 7 : installation vraiment minimale2017-12-18T11:25:00+01:002017-12-18T11:25:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-18:/post/2017/12/18/centos-7-installation-vraiment-minimale/<p><img alt="""" src="https://blog.anotherhomepage.org/public/feather.jpg">Il y a deux ans, j'ai écrit un article sur une <a href="/post/2015/08/29/installation-minimaliste-de-CentOS-7">installation minimaliste de CentOS 7</a>. Celle-ci avait le mérite d'avoir été réalisée rapidement, et d'être assez satisfaisante. Bref, un bon exemple de <a href="https://fr.wikipedia.org/wiki/Principe_de_Pareto" title=""Loi">la loi de Pareto</a>. Toutefois, je n'en étais pas pleinement satisfait, par exemple à cause de paquets …</p><p><img alt="""" src="https://blog.anotherhomepage.org/public/feather.jpg">Il y a deux ans, j'ai écrit un article sur une <a href="/post/2015/08/29/installation-minimaliste-de-CentOS-7">installation minimaliste de CentOS 7</a>. Celle-ci avait le mérite d'avoir été réalisée rapidement, et d'être assez satisfaisante. Bref, un bon exemple de <a href="https://fr.wikipedia.org/wiki/Principe_de_Pareto" title=""Loi">la loi de Pareto</a>. Toutefois, je n'en étais pas pleinement satisfait, par exemple à cause de paquets de type firmware, qui peuvent être ajoutés avec le temps lors de nouvelles versions de CentOS, mais aussi parce que j'enlevais pas mal de paquets par rapport au groupe nommé “Base”. J'ai donc décidé de toucher au groupe “Core”.</p>
<p><strong>Avertissement</strong> : ce genre d'exercice ou d'expérience n'est pas à utiliser "en production" tel quel. Le système réellement basique qui en résulte ne contient pas vraiment grand-chose, et il manque ainsi de nombreux outils de diagnostic ou d'administration qui peuvent s'avérer utile en environnement professionnel. Dans le cas d'une reproduction de ces manipulations avec un système RHEL, il faudra très probablement ajouter de nombreux paquets pour gérer l'enregistrement auprès du RHN (ou d'un Satellite), ainsi que des paquets requis par le support de Red Hat.</p>
<p>Je vois donc cet exercice comme une base, me permettant ensuite d'installer les logiciels que j'estime nécessaires pour le besoin de chaque serveur.</p>
<h3>Pourquoi ?</h3>
<p>Quel est l'intérêt de faire une installation vraiment minimale ? En fait j'en vois plusieurs :</p>
<ul>
<li>tout d'abord, moins de paquets c'est moins de place occupée, même si la place sur nos disques durs augmente avec le temps, il apparaît pertinent dans le cas de machines virtuelles d'occuper le moins de place possible ;</li>
<li>ensuite, car cela peut rendre l'installation plus rapide : moins de paquets à installer, moins de temps à les installer ;</li>
<li>enfin, car c'est <a href="https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/" title=""Recommandations">une recommandation ANSSI</a>, de n'installer que le strict nécessaire, afin de limiter la surface d'attaque ; j'en viens d'ailleurs à passer pour un extrémiste auprès de certains lorsque j'annonce que les pages de manuel n'ont rien à faire sur un système de production...</li>
</ul>
<p>Un autre point à aborder avant de mettre les mains dans le cambouis : jusqu'où aller ? A quel point peut-on dire que cela est réellement une installation minimale, et à quel point le système qui en résulte est utilisable ? Voici mes critères pour cette installation :</p>
<ul>
<li>le système doit pouvoir démarrer, au moins en machine virtuelle, idéalement en machine physique ;</li>
<li>le système doit avoir un accès au réseau filaire fonctionnel avec une adresse IPv4 fixe (le DHCP n'est pas nécessaire) ;</li>
<li>le système doit pouvoir installer et mettre à jour des paquets ;</li>
<li>le partitionnement est réduit au minimum (/boot, / et swap) et utilise le système de fichiers utilisé par défaut (XFS) ;</li>
<li>les fonctions suivantes sont disponibles : serveur SSH, client NTP, pare-feu (firewalld) ;</li>
<li>le système peut rester en anglais.</li>
</ul>
<p>Tout le reste peut être retiré. Tout ? Presque, pour éviter de me casser la tête avec un clavier QWERTY, j'ai décidé d'installer le paquet <em>kbd</em>. Mais cela reste une préférence toute personnelle.</p>
<h3>Comment ?</h3>
<p>Partir d'une installation "manuelle" et retirer des éléments est contre-productif. Pour arriver à l'objectif, il va falloir automatiser l'installation, grâce à <a href="https://en.wikipedia.org/wiki/Kickstart_(Linux)" title=""Kickstart">kickstart</a>.</p>
<p>Voici donc le fichier que j'utilise pour cela :</p>
<div class="highlight"><pre><span></span><code><span class="cp"># Kickstart file automatically generated by anaconda.</span>
<span class="cp">#version=DEVEL</span>
<span class="n">install</span><span class="w"></span>
<span class="n">text</span><span class="w"></span>
<span class="n">reboot</span><span class="w"></span>
<span class="n">firstboot</span><span class="w"> </span><span class="o">--</span><span class="n">disabled</span><span class="w"></span>
<span class="n">lang</span><span class="w"> </span><span class="n">en_US</span><span class="p">.</span><span class="n">UTF</span><span class="mi">-8</span><span class="w"></span>
<span class="n">keyboard</span><span class="w"> </span><span class="n">fr</span><span class="o">-</span><span class="n">latin9</span><span class="w"></span>
<span class="n">firewall</span><span class="w"> </span><span class="o">--</span><span class="n">enabled</span><span class="w"></span>
<span class="n">authconfig</span><span class="w"> </span><span class="o">--</span><span class="n">enableshadow</span><span class="w"> </span><span class="o">--</span><span class="n">passalgo</span><span class="o">=</span><span class="n">sha512</span><span class="w"></span>
<span class="n">selinux</span><span class="w"> </span><span class="o">--</span><span class="n">enforcing</span><span class="w"></span>
<span class="n">services</span><span class="w"> </span><span class="o">--</span><span class="n">enabled</span><span class="w"> </span><span class="n">sshd</span><span class="p">,</span><span class="n">chronyd</span><span class="w"></span>
<span class="n">timezone</span><span class="w"> </span><span class="o">--</span><span class="n">utc</span><span class="w"> </span><span class="n">Europe</span><span class="o">/</span><span class="n">Paris</span><span class="w"></span>
<span class="n">network</span><span class="w"> </span><span class="o">--</span><span class="n">onboot</span><span class="w"> </span><span class="n">yes</span><span class="w"> </span><span class="o">--</span><span class="n">device</span><span class="w"> </span><span class="n">eth0</span><span class="w"> </span><span class="o">--</span><span class="n">mtu</span><span class="o">=</span><span class="mi">1500</span><span class="w"> </span><span class="o">--</span><span class="n">bootproto</span><span class="w"> </span><span class="k">static</span><span class="w"> </span><span class="o">--</span><span class="n">ip</span><span class="w"> </span><span class="n">A</span><span class="p">.</span><span class="n">B</span><span class="p">.</span><span class="n">C</span><span class="p">.</span><span class="n">D</span><span class="w"> </span><span class="o">--</span><span class="n">netmask</span><span class="w"> </span><span class="mf">255.255.255.0</span><span class="w"> </span><span class="o">--</span><span class="n">gateway</span><span class="w"> </span><span class="n">A</span><span class="p">.</span><span class="n">B</span><span class="p">.</span><span class="n">C</span><span class="p">.</span><span class="n">E</span><span class="w"> </span><span class="o">--</span><span class="n">nameserver</span><span class="w"> </span><span class="n">A</span><span class="p">.</span><span class="n">B</span><span class="p">.</span><span class="n">C</span><span class="p">.</span><span class="n">F</span><span class="w"> </span><span class="o">--</span><span class="n">activate</span><span class="w"> </span><span class="o">--</span><span class="n">hostname</span><span class="w"> </span><span class="n">pxemachine</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">loc</span><span class="w"></span>
<span class="n">rootpw</span><span class="w"> </span><span class="n">centos</span><span class="w"></span>
<span class="n">user</span><span class="w"> </span><span class="o">--</span><span class="n">name</span><span class="o">=</span><span class="n">nils</span><span class="w"> </span><span class="o">--</span><span class="n">homedir</span><span class="o">=/</span><span class="n">home</span><span class="o">/</span><span class="n">nils</span><span class="w"> </span><span class="o">--</span><span class="n">uid</span><span class="o">=</span><span class="mi">1001</span><span class="w"> </span><span class="o">--</span><span class="n">gid</span><span class="o">=</span><span class="mi">1001</span><span class="w"> </span><span class="o">--</span><span class="n">password</span><span class="o">=</span><span class="n">centos</span><span class="w"> </span><span class="o">--</span><span class="n">groups</span><span class="o">=</span><span class="n">wheel</span><span class="w"></span>
<span class="n">url</span><span class="w"> </span><span class="o">--</span><span class="n">url</span><span class="w"> </span><span class="n">ftp</span><span class="o">:</span><span class="c1">//X.Y.Z.T/pub/centos/7/os/x86_64/</span>
<span class="n">repo</span><span class="w"> </span><span class="o">--</span><span class="n">name</span><span class="o">=</span><span class="n">updates</span><span class="w"> </span><span class="o">--</span><span class="n">baseurl</span><span class="o">=</span><span class="n">ftp</span><span class="o">:</span><span class="c1">//X.Y.Z.T/pub/centos/7/updates/x86_64/</span>
<span class="n">bootloader</span><span class="w"> </span><span class="o">--</span><span class="n">location</span><span class="o">=</span><span class="n">mbr</span><span class="w"> </span><span class="o">--</span><span class="n">driveorder</span><span class="o">=</span><span class="n">sda</span><span class="w"> </span><span class="o">--</span><span class="n">append</span><span class="o">=</span><span class="s">"crashkernel=auto rhgb quiet"</span><span class="w"></span>
<span class="n">clearpart</span><span class="w"> </span><span class="o">--</span><span class="n">all</span><span class="w"> </span><span class="o">--</span><span class="n">initlabel</span><span class="w"></span>
<span class="n">part</span><span class="w"> </span><span class="o">/</span><span class="n">boot</span><span class="w"> </span><span class="o">--</span><span class="n">asprimary</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="o">=</span><span class="mi">500</span><span class="w"></span>
<span class="n">part</span><span class="w"> </span><span class="n">swap</span><span class="w"> </span><span class="o">--</span><span class="n">asprimary</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="o">=</span><span class="mi">1024</span><span class="w"></span>
<span class="n">part</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="o">--</span><span class="n">asprimary</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="o">=</span><span class="mi">1024</span><span class="w"> </span><span class="o">--</span><span class="n">grow</span><span class="w"></span>
<span class="nf">%packages</span><span class="w"> </span><span class="o">--</span><span class="n">excludedocs</span><span class="w"> </span><span class="o">--</span><span class="n">instLangs</span><span class="o">=</span><span class="n">en</span><span class="w"> </span><span class="o">--</span><span class="n">nocore</span><span class="w"></span>
<span class="n">bash</span><span class="w"></span>
<span class="n">yum</span><span class="w"></span>
<span class="n">centos</span><span class="o">-</span><span class="n">release</span><span class="w"></span>
<span class="n">passwd</span><span class="w"></span>
<span class="n">iputils</span><span class="w"></span>
<span class="n">iproute</span><span class="w"></span>
<span class="n">systemd</span><span class="w"></span>
<span class="n">rootfiles</span><span class="w"></span>
<span class="n">kbd</span><span class="w"></span>
<span class="n">openssh</span><span class="o">-</span><span class="n">server</span><span class="w"></span>
<span class="o">-</span><span class="n">bind</span><span class="o">-</span><span class="n">license</span><span class="w"></span>
<span class="o">-</span><span class="n">dhclient</span><span class="w"></span>
<span class="o">-</span><span class="n">kexec</span><span class="o">-</span><span class="n">tools</span><span class="w"></span>
<span class="o">-</span><span class="n">e2fsprogs</span><span class="o">-</span><span class="n">libs</span><span class="w"></span>
<span class="o">-</span><span class="n">e2fsprogs</span><span class="w"></span>
<span class="nf">%end</span><span class="w"></span>
</code></pre></div>
<p>Comme évoqué plus haut, j'ai utilisé quelques arguments de la directive “%packages” qui me permet de n'installer que le minimum : ainsi, pas de documentation, on reste en anglais, et le groupe “Core” saute ! Il m'a donc fallu spécifier volontairement les paquets indispensables, comme le noyau, bash ou encore yum. Pour aller encore plus vite, j'ai choisi d'effectuer l'installation en mode texte (je pourrais être plus brutal et remplacer “text” par “cmdline”), mais effectuer celle-ci en mode graphique n'a pas d'incidence sur le nombre de paquets installés.</p>
<p>Malgré tout, il m'a fallu retirer volontairement quelques paquets qui me semblent peu utiles pour le moment : pas besoin de gérer des partitions ext2, 3 ou 4, pas besoin de kexec, ni de dhcp.</p>
<p>Le pare-feu reste activé, ainsi que SELinux : ils s'agit de paramètres par défaut assez sains, je ne vais donc pas recommander de les retirer. A noter malgré tout que le système est utilisable sans ces deux éléments.</p>
<h3>Résultat</h3>
<p>J'ai pu abaisser l'installation à 193 paquets installés. En poussant plus loin (pas de pare-feu, pas de ssh, pas de NTP, pas de kbd), je peux descendre à environ 170.Ma partition principale est alors utilisée à 466Mo, dont 393Mo dans <em>/usr</em>, et 11Mo dans <em>/etc</em>. Jamais je n'ai installé ou démarré un système CentOS aussi vite. Jamais je n'ai eu un système CentOS aussi austère : pas de vim, pas de less, pas de htop, et c'est limite si je dois me considérer heureux de disposer de grep !</p>
<p>D'un autre côté, pas de fioritures : pas de firmware de matériel non utilisé, pas de system-config-*, ni de NetworkManager. Bon, par contre faut pas rêver, systemd est obligatoire ;)</p>
<h3>Et la suite ?</h3>
<p>A partir de maintenant il est possible de personnaliser plus en avant son installation, et de n'utiliser des outils non pas parce qu'ils sont présents, mais parce qu'on en a besoin. Je ne sais pas encore quelle suite je pourrais donner à ce billet, qui vaille la peine d'être racontée : il n'est probablement pas intéressant de faire des billets en mode "yum install" pour vim, audit, ou quelque autre logiciel. Une possibilité pourrait être de coller aux recommandations ANSSI, mais il existe déjà plein de guides de sécurité pour Linux, non ?</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/144396386@N05/27871981232/in/photolist-JsXbYy-otzCWr-otqh3v-7APFzX-5qtrDT-ocU67C-4jy9ns-otkJrQ-9GY3SR-7AAxYq-otEsUm-9hY2We-Y5AJM7-qNW86X-owqbFv-5zoJJr-cvNE2S-owdzRS-RQfbvV-otAb1v-ovkUxR-BrQ4TZ-X8s1r8-Eh7Btj-QSWPCN-VbGZQL-9GE3S6-obMEYV-otgFiJ-odFJbW-otz6QA-UY2RUD-owdB3j-oeU728-otGXrC-orRxeq-ov75pe-odwgJf-pd3FzP-otqncq-owZN72-5jVMGh-otBFZ6-oc1qnc-obYwWD-oc1gaK-sbg6wn-oweqq2-4VAJM7-otCm5a" title="Feather">badr yousef - Feather</a>.</em></p>CentOS 7 : démarrer Anaconda en PXE2017-12-16T11:42:00+01:002017-12-16T11:42:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-16:/post/2017/12/16/centos-7-anaconda-pxe/<p><img alt=""Pare-brise brisé"" src="https://blog.anotherhomepage.org/public/carglass03.jpg">Je voulais, à la base, écrire un billet sur une installation particulière de CentOS 7. J'ai donc voulu utiliser mon "infrastructure de boot PXE" à la maison et commencer à gribouiller un kickstart, mais quand j'ai démarré ma machine virtuelle sur le réseau, le drame :</p>
<div class="highlight"><pre><span></span><code>dracut-initqueue<span class="o">[</span><span class="m">584</span><span class="o">]</span>: Warning: Could not …</code></pre></div><p><img alt=""Pare-brise brisé"" src="https://blog.anotherhomepage.org/public/carglass03.jpg">Je voulais, à la base, écrire un billet sur une installation particulière de CentOS 7. J'ai donc voulu utiliser mon "infrastructure de boot PXE" à la maison et commencer à gribouiller un kickstart, mais quand j'ai démarré ma machine virtuelle sur le réseau, le drame :</p>
<div class="highlight"><pre><span></span><code>dracut-initqueue<span class="o">[</span><span class="m">584</span><span class="o">]</span>: Warning: Could not boot.
dracut-initqueue<span class="o">[</span><span class="m">584</span><span class="o">]</span>: Warning: /dev/root does not exist
</code></pre></div>
<p>Ma configuration pxelinux à ce moment est la suivante :</p>
<div class="highlight"><pre><span></span><code><span class="n">LABEL</span> <span class="n">centos7amd64</span>
<span class="n">MENU</span> <span class="n">LABEL</span> <span class="n">Install</span> <span class="n">CentOS</span> <span class="mi">7</span> <span class="n">x86_64</span> <span class="p">(</span><span class="n">interactive</span><span class="p">)</span>
<span class="n">KERNEL</span> <span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span><span class="n">isolinux</span><span class="o">/</span><span class="n">vmlinuz</span>
<span class="n">APPEND</span> <span class="n">initrd</span><span class="o">=</span><span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span><span class="n">isolinux</span><span class="o">/</span><span class="n">initrd</span><span class="p">.</span><span class="n">img</span> <span class="n">ip</span><span class="o">=</span><span class="n">dhcp</span> <span class="n">inst</span><span class="p">.</span><span class="n">repo</span><span class="o">=</span><span class="n">ftp</span><span class="p">:</span><span class="o">//</span><span class="n">X</span><span class="p">.</span><span class="n">Y</span><span class="p">.</span><span class="n">Z</span><span class="p">.</span><span class="n">T</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span> <span class="n">inst</span><span class="p">.</span><span class="n">ks</span><span class="o">=</span><span class="n">ftp</span><span class="p">:</span><span class="o">//</span><span class="n">X</span><span class="p">.</span><span class="n">Y</span><span class="p">.</span><span class="n">Z</span><span class="p">.</span><span class="n">T</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">ks</span><span class="o">/</span><span class="n">c7_x86_64</span><span class="p">.</span><span class="n">cfg</span>
</code></pre></div>
<p>Et bien entendu, le même type de configuration fonctionne en CentOS 6.</p>
<p>Ce message d'erreur arrive à des moments et des types d'installation parfois différents, de ce que j'ai lu. Et la résolution n'est pas toujours la même. Dans mon cas, il a fallu que j'ajoute le chemin vers un fichier squashfs, qui doit contenir l'OS minimal pour démarrer Anaconda je crois. Cela donne donc la configuration suivante :</p>
<div class="highlight"><pre><span></span><code><span class="n">LABEL</span> <span class="n">centos7amd64</span>
<span class="n">MENU</span> <span class="n">LABEL</span> <span class="n">Install</span> <span class="n">CentOS</span> <span class="mi">7</span> <span class="n">x86_64</span> <span class="p">(</span><span class="n">interactive</span><span class="p">)</span>
<span class="n">KERNEL</span> <span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span><span class="n">isolinux</span><span class="o">/</span><span class="n">vmlinuz</span>
<span class="n">APPEND</span> <span class="n">initrd</span><span class="o">=</span><span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span><span class="n">isolinux</span><span class="o">/</span><span class="n">initrd</span><span class="p">.</span><span class="n">img</span> <span class="n">root</span><span class="o">=</span><span class="n">live</span><span class="p">:</span><span class="n">ftp</span><span class="p">:</span><span class="o">//</span><span class="n">X</span><span class="p">.</span><span class="n">Y</span><span class="p">.</span><span class="n">Z</span><span class="p">.</span><span class="n">T</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span><span class="n">LiveOS</span><span class="o">/</span><span class="n">squashfs</span><span class="p">.</span><span class="n">img</span> <span class="n">ip</span><span class="o">=</span><span class="n">dhcp</span> <span class="n">inst</span><span class="p">.</span><span class="n">repo</span><span class="o">=</span><span class="n">ftp</span><span class="p">:</span><span class="o">//</span><span class="n">X</span><span class="p">.</span><span class="n">Y</span><span class="p">.</span><span class="n">Z</span><span class="p">.</span><span class="n">T</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">centos</span><span class="o">/</span><span class="mi">7</span><span class="o">/</span><span class="n">os</span><span class="o">/</span><span class="n">x86_64</span><span class="o">/</span> <span class="n">inst</span><span class="p">.</span><span class="n">ks</span><span class="o">=</span><span class="n">ftp</span><span class="p">:</span><span class="o">//</span><span class="n">X</span><span class="p">.</span><span class="n">Y</span><span class="p">.</span><span class="n">Z</span><span class="p">.</span><span class="n">T</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">ks</span><span class="o">/</span><span class="n">c7_x86_64</span><span class="p">.</span><span class="n">cfg</span>
</code></pre></div>
<p>J'espère que cela rendra service à d'autres !</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/mnsc/4391351493/in/photolist-7G3PNM-DBw5uK-kn9btB-rPm4Rs-5nwgSk-3k2H6u-VG2vMT-sHiEDr-Stg5Rm-7G3PE8-WeAcBc-7Wd8wT-TwtQjC-RHSjHY-T4biAk-schHmv-DvKkvL-fA1Kou-SPjrVS-7Wd8gz-T4axKV-rACUHa-UgGJde-sp4J5e-SRLv3Z-rmU7fN-5bgGnY-rTHJTM-5knknw-pgu9hJ-ouZyZp-oePFWz-oujSWW-hf1735-oszBPJ-S4SUnj-CuEiHV-H6seSx-jyNXi2-SRNxcK-T1ngND-21j23Fw-Stggks-4judBT-22pgdti-SWLSjb-qYGYz8-SRNhPB-4jyEdt-s1XYCR" title=""Car">Mattias - Car Glass 03</a>.</em></p>NetBSD : recompilation d'un noyau pour intégrer NPF dans un domU2017-12-15T11:55:00+01:002017-12-15T11:55:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-15:/post/2017/12/15/netbsd-recompilation-noyau-npf-domu/<p><img alt=""Porsche 911 GT3 RS"" src="https://blog.anotherhomepage.org/public/gt3rs.jpg">Dans <a href="/post/xen-installation-domu-netbsd">un billet précédent</a>, j'abordais l'installation d'une machine virtuelle Xen NetBSD en mode paravirtuel.NetBSD, comme Linux, dispose en plus d'un noyau, de modules permettant d'étendre ses fonctionnalités. Ainsi, l'une des briques de pare-feu de NetBSD, NPF, est disponible sous forme de module. Le problème avec ce module, c'est qu'il …</p><p><img alt=""Porsche 911 GT3 RS"" src="https://blog.anotherhomepage.org/public/gt3rs.jpg">Dans <a href="/post/xen-installation-domu-netbsd">un billet précédent</a>, j'abordais l'installation d'une machine virtuelle Xen NetBSD en mode paravirtuel.NetBSD, comme Linux, dispose en plus d'un noyau, de modules permettant d'étendre ses fonctionnalités. Ainsi, l'une des briques de pare-feu de NetBSD, NPF, est disponible sous forme de module. Le problème avec ce module, c'est qu'il n'est pas compatible avec un noyau domU. Il est donc nécessaire de recompiler un noyau NetBSD pour en profiter, en incluant le pilote NPF directement dedans plutôt qu'en module.</p>
<h3>Récupération des sources</h3>
<p>Recompiler un noyau NetBSD est assez facile. D'abord, je récupère les sources, ici celles de NetBSD 7.1 :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:/srv$ <span class="nb">export</span> <span class="nv">CVSROOT</span><span class="o">=</span><span class="s2">"anoncvs@anoncvs.NetBSD.org:/cvsroot"</span>
nils@shell2:/srv$ <span class="nb">export</span> <span class="nv">CVS_RSH</span><span class="o">=</span><span class="s2">"ssh"</span>
nils@shell2:/srv$ cvs checkout -r netbsd-7-1-RELEASE -P src
</code></pre></div>
<p>La <a href="https://www.netbsd.org/docs/guide/en/chap-build.html#chap-boot-cross-build-kernel" title=""NetBSD">documentation officielle</a> le fait dans <em>/usr/src</em>, mais je le fais dans <em>/srv/src</em>, cela ne pose pas de problème.</p>
<p>Si vous souhaitez recompiler un système complet (et pas juste le noyau), il faudra aussi récupérer xsrc, ce que je ne ferai pas ici.</p>
<h3>Création d'une configuration noyau personnalisée</h3>
<p>Maintenant que les sources sont disponibles, je crée un fichier de configuration pour notre nouveau noyau. Pour cela pas besoin de repartir de zéro, je vais tout simplement copier un fichier existant, et ajouter l'option qui m'intéresse. A noter que les configurations de noyau pour NetBSD sont placées dans les sous-arborescences des différentes architectures. Dans mon cas, mes machines virtuelles sont en x86_64, ce qui correspond à amd64 côté NetBSD :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:/srv$ <span class="nb">cd</span> src
nils@shell2:/srv/src$ sys/arch/amd64/conf
</code></pre></div>
<p>Le fichier de configuration du noyau utilisé par défaut est <em>GENERIC</em>, et il en existe aussi un spécialisé pour un invté Xen : <em>XEN3_DOMU</em>. Je vais copier ce dernier au lieu de le modifier pour facilement différencier ma configuration de l'officielle :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:/srv/src/sys/arch/amd64/conf$ cp -vp XEN3_DOMU XEN3_DOMU_NPF
</code></pre></div>
<p>Je peux ensuite éditer mon nouveau fichier, et aller chercher cette ligne :</p>
<div class="highlight"><pre><span></span><code>#pseudo-device npf # NPF packet filter
</code></pre></div>
<p>Il suffit alors de commenter cette ligne, et de sauvegarder le fichier. Passons maintenant à la compilation en elle-même.</p>
<h3>Compilation du noyau NetBSD personnalisé</h3>
<p>La compilation d'un noyau NetBSD peut se faire de deux manières : manuellement ou via l'aide d'un script nommé build.sh. Ce script est capable, depuis n'importe quel OS compatible, de créer très simplement non seulement un noyau, mais aussi une release complète de NetBSD. Ce script est fourni dans les sources, et se trouve d'ailleurs à la racine.</p>
<p>D'abord, compilons les outils nécessaires :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:/srv/src/sys/arch/amd64/conf$
nils@shell2:/srv/src$ ./build.sh -U -u -m amd64 tools
</code></pre></div>
<p>Autre détail intéressant, et c'est aussi la raison de la présence de l'option <em>-U</em> dans la commande précédente, je n'ai pas besoin d'être root pour ces opérations :)Passons donc à la compilation du noyau à proprement parler :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:/srv/src$ ./build.sh -U -u -m amd64 <span class="nv">kernel</span><span class="o">=</span>XEN3_DOMU_NPF
</code></pre></div>
<p>Selon la puissance de la machine, quelques minutes plus tard un résultat similaire au suivant devrait apparaître :</p>
<div class="highlight"><pre><span></span><code><span class="o">===</span>> Kernels built from XEN3_DOMU_NPF:
/srv/src/sys/arch/amd64/compile/obj/XEN3_DOMU_NPF/netbsd
<span class="o">===</span>> build.sh ended: Sun Jun <span class="m">18</span> <span class="m">20</span>:29:39 CEST <span class="nv">2017</span>
<span class="o">===</span>> Summary of results:
build.sh command: ./build.sh -U -u -m amd64 <span class="nv">kernel</span><span class="o">=</span>XEN3_DOMU_NPF
build.sh started: Sun Jun <span class="m">18</span> <span class="m">20</span>:29:26 CEST <span class="m">2017</span>
NetBSD version: <span class="m">7</span>.1
MACHINE: amd64
MACHINE_ARCH: x86_64
Build platform: NetBSD <span class="m">7</span>.1 amd64
HOST_SH: /bin/sh
MAKECONF file: /etc/mk.conf
TOOLDIR path: /srv/src/obj/tooldir.NetBSD-7.1-amd64
DESTDIR path: /srv/src/obj/destdir.amd64
RELEASEDIR path: /srv/src/obj/releasedir
Updated makewrapper: /srv/src/obj/tooldir.NetBSD-7.1-amd64/bin/nbmake-amd64
Building kernel without building new tools
Building kernel: XEN3_DOMU_NPF
Build directory: /srv/src/sys/arch/amd64/compile/obj/XEN3_DOMU_NPF
Kernels built from XEN3_DOMU_NPF:
/srv/src/sys/arch/amd64/compile/obj/XEN3_DOMU_NPF/netbsd
build.sh ended: Sun Jun <span class="m">18</span> <span class="m">20</span>:29:39 CEST <span class="nv">2017</span>
<span class="o">===</span>> .
</code></pre></div>
<p>Il me suffit donc de copier le fichier <em>/srv/src/sys/arch/amd64/compile/obj/XEN3_DOMU_NPF/netbsd</em> sur mon dom0 et de l'utiliser dans un fichier de configuration Xen pour un domU !</p>
<h3>Et NPF alors ?</h3>
<p>Une fois notre domU démarré à l'aide de ce noyau, il suffit de suivre la <a href="https://www.netbsd.org/~rmind/npf/" title=""NPF">documentation de NPF</a>.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/fokuzx2/14286976703/" title=""GT3">D - 15 photography - GT3 RS</a>.</em></p>
<h2>Commentaires</h2>
<h3>Le 15/12/2017 22:21 par <a href="https://utux.fr">utux</a></h3>
<p>Oh, un autre utilisateur de NetBSD ^^
Avec iMil ça en fait deux répertoriés xD</p>
<h3>Le 18/12/2017 19:21 par <a href="https://mathieulubrano.com">Mathieu</a></h3>
<p>Bonjour</p>
<p>Merci pour cet article ! Npf c'est utile par les temps qui courent, et ça change un peu d'iptables.</p>
<p>Et en réponse à utux : les utilisateurs et admins NetBSD sont discrets, mais sympa et efficaces ;-)</p>
<p>Cordialement
Mathieu</p>
<h3>Le 19/12/2017 21:35 par Nils</h3>
<p>@ utux : nous sommes encore plus nombreux sur IRC, #netbsdfr sur Freenode.</p>
<p>@ Mathieu : merci du compliment :)</p>pbulk : aller plus loin sur les paramètres2017-12-14T18:42:00+01:002017-12-14T18:42:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-14:/post/2017/12/14/pbulk-aller-plus-loin-sur-les-parametres/<p><img alt=""pignons mécaniques"" src="https://blog.anotherhomepage.org/public/gears.jpg">Aujourd'hui, je me suis dit que j'allais encore parler de mon Raspberry Pi 2. Oui, celui-là même qui en ce moment passe sont temps à compiler des paquets pkgsrc. J'avais commencé par parler <a href="/post/pbulk-compilation-massive-de-paquets-pkgsrc">de la mise en place de pbulk</a>, puis il y a peu j'ai abordé <a href="/post/raspberry-pi-attention-alimentation">les problèmes d'alimentation …</a></p><p><img alt=""pignons mécaniques"" src="https://blog.anotherhomepage.org/public/gears.jpg">Aujourd'hui, je me suis dit que j'allais encore parler de mon Raspberry Pi 2. Oui, celui-là même qui en ce moment passe sont temps à compiler des paquets pkgsrc. J'avais commencé par parler <a href="/post/pbulk-compilation-massive-de-paquets-pkgsrc">de la mise en place de pbulk</a>, puis il y a peu j'ai abordé <a href="/post/raspberry-pi-attention-alimentation">les problèmes d'alimentation</a> rencontrés suite à cette mise en place.</p>
<p>Cette fois-ci, ce n'est pas une question d'alimentation, mais de limites systèmes. J'indiquais dans mon billet les options suivantes en tête du fichier <em>pbulk.conf</em> :</p>
<div class="highlight"><pre><span></span><code><span class="nb">ulimit</span> -t <span class="m">3600</span> <span class="c1"># set the limit on CPU time (in seconds)</span>
<span class="nb">ulimit</span> -v <span class="m">2097152</span> <span class="c1"># limits process address space</span>
</code></pre></div>
<p>Le premier problème que j'ai eu s'est matérialisé sous la forme d'un pur et simple “kill” lors de la compilation d'un paquet. Difficile ensuite de comprendre que celui-ci arrivait au bout d'une heure ! J'ai donc compilé le dit paquet manuellement et me suis rendu compte que cela mettait bien plus d'une heure. Cela peut sembler surprenant au premier abord, mais j'avais oublié que même en ayant 4 coeurs, un Raspberry Pi 2 est bien moins puissant qu'un PC classique x86_64. Il met donc, logiquement, bien plus de temps pour créer un même paquet. J'ai donc fini par commenter ces deux directives, pour voir si d'autres paquets, auparavant en échec pour des raisons obscures, peuvent compiler sans soucis.</p>
<p>A l'heure où j'écris ceci, le bulk build n'est pas terminé, mais j'ai déjà pu voir que le paquet qui m'a mis sur la voie est créé avec succès, ainsi que d'autres qui ne pouvaient pas être créés du fait de l'absence de ce premier.</p>
<p><em>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</em></p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/mustangjoe/22711070429/in/photolist-AAUaZP-9XHGYT-eAWnqt-2mSyH-agSVfM-drap2V-dT1izt-fpHAcp-Jm3VSU-ow87cH-asQ6mi-TqSdM4-oukRiE-QHJVMu-JmhXCu-aDPmJg-fpXQUN-oupGCq-owtNSQ-8w64xS-dkmjGr-49QMPR-ocXcSx-3Kwwmd-8zmq1v-dwrSsC-boimEK-ZcaAe2-fq3mPC-imruke-orWcYS-8uRAs7-oubu1h-WkYqVq-fJZXmL-xdqXkd-FD1fia-dnFi6i-ovTE4H-egibSs-8NghJ-ous93c-XcEPBC-8Nftq-gsGt5t-RCxBQR-oV3t79-WEUjWW-9GH5eo-cyjsHU" title="Gears">Joe deSousa - Gears</a>.</em></p>Trouver des fichiers doublons avec fdupes2017-12-10T11:30:00+01:002017-12-10T11:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-10:/post/2017/12/10/Trouver-des-fichiers-doublons-avec-fdupes/<p><img alt=""Figurines en LEGO de soldats clones de l'univers Star Wars"" src="https://blog.anotherhomepage.org/public/day341.jpg">Il m'arrive d'avoir des fichiers en double : copie à l'arrache au moment de changer d'ordinateur, copie avant de modifier un fichier que je ne modifie finalement pas, sauvegardes diverses... bref, avec le temps, on peut se retrouver avec pas mal de fichiers doublons. Pour moi, c'est principalement de la musique …</p><p><img alt=""Figurines en LEGO de soldats clones de l'univers Star Wars"" src="https://blog.anotherhomepage.org/public/day341.jpg">Il m'arrive d'avoir des fichiers en double : copie à l'arrache au moment de changer d'ordinateur, copie avant de modifier un fichier que je ne modifie finalement pas, sauvegardes diverses... bref, avec le temps, on peut se retrouver avec pas mal de fichiers doublons. Pour moi, c'est principalement de la musique.</p>
<p>Un moyen de repérer ces doublons est d'utiliser <a href="https://github.com/adrianlopezroche/fdupes" title=""Fdupes">fdupes</a>. Ce logiciel vérifie plusieurs attributs pour comparer les fichiers, comme la taille, une somme de contrôle MD5, voire même une comparaison bit à bit. Il suffit de lui donner un répertoire à vérifier, et il fait le travail. Ce répertoire peut très bien être un point de montage distant, comme un export NFS ou CIFS.</p>
<p>Dans mon cas, j'ai décidé de lancer la commande suivante :</p>
<div class="highlight"><pre><span></span><code>fdupes -R -s -S /Volumes/nils/ <span class="p">|</span> tee -a ./fdupes.log
</code></pre></div>
<p>J'ai choisi de renvoyer la sortie de fdupes dans tee et de conserver un fichier de log. Pour les options :</p>
<ul>
<li>-R permet une recherche récursive ;</li>
<li>-s permet de prendre en compte les liens symboliques ;</li>
<li>-S montre la taille.</li>
</ul>
<p>Voici un exemple de la sortie, pour un fichier :</p>
<div class="highlight"><pre><span></span><code><span class="mf">3178172</span><span class="w"> </span><span class="n">bytes</span><span class="w"> </span><span class="n">each</span><span class="p">:</span><span class="w"></span>
<span class="o">/</span><span class="n">Volumes</span><span class="o">/</span><span class="n">nils</span><span class="o">/</span><span class="n">Musique</span><span class="o">/</span><span class="n">laptop</span><span class="o">/</span><span class="n">Serge</span><span class="w"> </span><span class="n">Gainsbourg</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">Histoire</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">Melody</span><span class="w"> </span><span class="n">Nelson</span><span class="o">/</span><span class="mf">02</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">Ballade</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">Melody</span><span class="w"> </span><span class="n">Nelson</span><span class="mf">.</span><span class="n">mp3</span><span class="w"></span>
<span class="o">/</span><span class="n">Volumes</span><span class="o">/</span><span class="n">nils</span><span class="o">/</span><span class="n">Musique</span><span class="o">/</span><span class="n">laptop_old</span><span class="o">/</span><span class="n">Serge</span><span class="w"> </span><span class="n">Gainsbourg</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">Histoire</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">Melody</span><span class="w"> </span><span class="n">Nelson</span><span class="o">/</span><span class="mf">02</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">Ballade</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">Melody</span><span class="w"> </span><span class="n">Nelson</span><span class="mf">.</span><span class="n">mp3</span><span class="w"></span>
</code></pre></div>
<p>Une dernière fonctionnalité intéressante est celle de laisser fdupes gérer l'effacement des fichiers doublons, mais je préfère d'abord vérifier qu'il n'y a pas d'erreur.</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/pasukaru76/4797101119/" title=""Day">Pascal - Day 341</a>.</em></p>Python : 3 outils pour analyser son code2017-12-08T09:30:00+01:002017-12-08T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-08:/post/2017/12/08/python-3-outils-anaylser-code/<p>python, Python
Status: published</p>
<p><img alt="""" src="https://blog.anotherhomepage.org/public/study_in_pink.jpg">Suite à mon billet <a href="/tag/blogmas">blogmas</a> <a href="/post/make-automatiser-quelques-taches-avec-un-makefile">make : automatiser quelques tâches avec un Makefile</a>, une discussion intéressante a suivi sur Mastodon, où <a href="https://oldbytes.space/@dashie" title=""Dashie">Dashie</a> me signalait sa préférence pour <a href="https://www.pylint.org/" title="Pylint">pylint</a> pour analyser la validité de son code Python. Je saisis donc l'occasion, non pas d'argumenter pour mon choix, ou …</p><p>python, Python
Status: published</p>
<p><img alt="""" src="https://blog.anotherhomepage.org/public/study_in_pink.jpg">Suite à mon billet <a href="/tag/blogmas">blogmas</a> <a href="/post/make-automatiser-quelques-taches-avec-un-makefile">make : automatiser quelques tâches avec un Makefile</a>, une discussion intéressante a suivi sur Mastodon, où <a href="https://oldbytes.space/@dashie" title=""Dashie">Dashie</a> me signalait sa préférence pour <a href="https://www.pylint.org/" title="Pylint">pylint</a> pour analyser la validité de son code Python. Je saisis donc l'occasion, non pas d'argumenter pour mon choix, ou celui de Dashie, mais plutôt d'énumérer quelques possibilités pour qui souhaite avoir un code lisible, et se conformer à des conventions de style de code.</p>
<h3>Exit pep8, bonjour pycodestyle !</h3>
<p>Et là, les choses deviennent très drôles, car je voulais commencer par parler de pep8. Je lance donc la commande <em>pep8</em> dans mon code Python :</p>
<div class="highlight"><pre><span></span><code>nils@dalaran-wifi:~/fabfile$ pep8 *.py
/opt/pkg/lib/python2.7/site-packages/pep8.py:2124: UserWarning:
pep8 has been renamed to pycodestyle <span class="o">(</span>GitHub issue <span class="c1">#466)</span>
Use of the pep8 tool will be removed <span class="k">in</span> a future release.
Please install and use <span class="sb">`</span>pycodestyle<span class="sb">`</span> instead.
$ pip install pycodestyle
$ pycodestyle ...
<span class="s1">'\n\n'</span>
</code></pre></div>
<p>Donc, pep8 est obsolète, il faut utiliser pycodestyle. Heureusement, celui-ci est disponible dans pkgsrc :</p>
<div class="highlight"><pre><span></span><code>nils@dalaran-wifi:~$ sudo pkgin av<span class="p">|</span>grep codestyle
py27-codestyle-2.3.1 Python style guide checker
py27-pep8-1.7.1 Python style guide checker <span class="o">(</span>obsolete, use py-codestyle<span class="o">)</span>
py34-codestyle-2.3.1 Python style guide checker
py34-pep8-1.7.1 Python style guide checker <span class="o">(</span>obsolete, use py-codestyle<span class="o">)</span>
py35-codestyle-2.3.1 Python style guide checker
py35-pep8-1.7.1 Python style guide checker <span class="o">(</span>obsolete, use py-codestyle<span class="o">)</span>
py36-codestyle-2.3.1 Python style guide checker
py36-pep8-1.7.1 Python style guide checker <span class="o">(</span>obsolete, use py-codestyle<span class="o">)</span>
</code></pre></div>
<p>Bon, là aussi le message est clair : pep8 c'est fini, faut changer de crèmerie.</p>
<h3>flake8 l'aggrégateur</h3>
<p>Un autre outil dont j'avais entendu parler, c'est <a href="https://gitlab.com/pycqa/flake8" title="flake8">flake8</a>. Celui-ci est assez intéressant, car c'est justement une combinaison de plusieurs outils : pep8, pyflakes, mccabe, et potentiellement d'autres via des plugins.</p>
<h3>pylint, qui fait tout, sauf le café</h3>
<p>Pylint ne fait pas que vérifier la conformité par rapport à des standards ou styles de code, il permet aussi de faire de la détection d'erreur, de proposer du refactoring de code et de faire des diagrammes UML via <a href="https://www.logilab.org/blogentry/6883" title="Pyreverse">Pyreverse</a>. Entre ça, et l'intégration à un environnement de développement ou à un système d'intégration continue, le moins qu'on puisse dire, c'est que pylint est très complet !</p>
<h3>En conclusion : faut tester !</h3>
<p>Je n'ai pas encore eu le temps de me faire un avis. Je compte bien sûr tester tout cela, dès que je remet le nez dans du code Python !</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/pasukaru76/5330972736/" title=""Study">Pascal - Study in Pink</a>.</em></p>make : automatiser quelques tâches avec un Makefile2017-12-05T09:30:00+01:002017-12-05T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-05:/post/2017/12/05/make-automatiser-quelques-taches-avec-un-makefile/<p><img alt=""Vue de rails de la ligne 14 du metro parisien, en station"" src="https://blog.anotherhomepage.org/public/meteoro.jpg">Quand on parle d'automatisation, on pense tout de suite à des outils qui permettent du déploiement automatisé, comme <a href="https://www.ansible.com/" title="Ansible">Ansible</a>, <a href="https://www.chef.io/chef/" title="Chef">Chef</a>, <a href="https://puppet.com/fr" title="Puppet">Puppet</a> ou <a href="https://saltstack.com/" title="Salt">Salt</a>. Mais bien avant d'en arriver là, il y a eu (GNU) <a href="https://fr.wikipedia.org/wiki/Make" title=""make">make</a>.</p>
<p>Après m'être pas mal amusé avec <a href="http://www.fabfile.org/" title="Fabric">Fabric</a>, en ce moment je me met à Ansible …</p><p><img alt=""Vue de rails de la ligne 14 du metro parisien, en station"" src="https://blog.anotherhomepage.org/public/meteoro.jpg">Quand on parle d'automatisation, on pense tout de suite à des outils qui permettent du déploiement automatisé, comme <a href="https://www.ansible.com/" title="Ansible">Ansible</a>, <a href="https://www.chef.io/chef/" title="Chef">Chef</a>, <a href="https://puppet.com/fr" title="Puppet">Puppet</a> ou <a href="https://saltstack.com/" title="Salt">Salt</a>. Mais bien avant d'en arriver là, il y a eu (GNU) <a href="https://fr.wikipedia.org/wiki/Make" title=""make">make</a>.</p>
<p>Après m'être pas mal amusé avec <a href="http://www.fabfile.org/" title="Fabric">Fabric</a>, en ce moment je me met à Ansible (mieux vaut tard que jamais). J'apprécie de pouvoir, assez rapidement, effacer des fichiers temporaires ou effectuer certaines vérifications. Avoir un Makefile est une solution qui, pour le moment, m'apparaît comme simple et élegante.</p>
<p>Ainsi, dans le répertoire où je stocke mes recettes Fabric, j'ai créé un fichier nommé, sans surprise, <em>Makefile</em>. Son contenu est à peu près le suivant :</p>
<div class="highlight"><pre><span></span><code><span class="nf">clean</span><span class="o">:</span>
rm -f *.pyc *.pyo *~ */*.pyc */*.pyo */*~ .*~ .DS_Store */.DS_Store
<span class="nf">pep8</span><span class="o">:</span>
pep8 *.py
</code></pre></div>
<p>J'ai donc deux cibles :</p>
<ul>
<li>la première, <em>clean</em>, fait comme on s'en doute, du nettoyage, c'est-à-dire de la suppression de fichiers temporaires ou de fichiers qui n'ont pas vocation à servir (comme les paramètres d'affichage de répertoire sous macOS) ;</li>
<li>la deuxième me permet de vérifier que mon code Python est bien conforme aux standards de style Python, regroupés dans le <a href="https://www.python.org/dev/peps/pep-0008/" title="PEP8">PEP8</a> (voir chez <a href="http://sametmax.com/le-pep8-en-resume/" title=""Le">Sam et Max</a> pour une explication en français, mais attention, c'est un peu NSFW).</li>
</ul>
<p>Une fois que je suis dans mon répertoire, et que j'ai fini d'éditer mes fichiers, je peux vérifier que tout cela respecte le PEP8 avec la commande “make pep8”. Pour faire le ménage dans mes fichiers, ça sera “make clean”. Ah, si je pouvais réellement faire le ménage chez moi comme ça ;)</p>
<p>En fait, make est bien plus complet et complexe que cela, et ne se limite pas à faire le ménage. On peut, et c'est pour cela qu'il existe, compiler et installer des programmes. Je m'en sers aussi pour <a href="https://github.com/ahpnils/cfgfiles/blob/a7d73d593b552a582c10bce6b983547ee22f2d5a/Makefile" title=""Github">installer mon petit confort</a> sur une nouvelle machine.</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Et puis n'hésitez pas à proposer vos propres cibles make en commentaires !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/daquellamanera/194660985/in/photolist-icFVT-9Vxso8-ot3LJg-63W1Mt-6XcpRF-rNEMNp-sKtLik-91kMwU-GR47aF-duE1NE-5eNWGc-rNteyY-oePgYf-ssTGpj-icFSj-sKuhe6-rNEsw8-sKhfNw-nT2ST-D9a9y9-st2gZc-WLKdRU-otLFwy-YrrtxQ-bZ7pow-9Hn9px-8JMDBA-oy51MD-ow7dKq-7fzFJt-6Xcy7a-6Xcy1k-6XgnHY-6Xcy3e-7GYUQN-ouhqem-6XgxEC-ow79zb-ETxKfN-oeQdAZ-sKtndc-nT2TB-sKu1d8-8P16VL-Y7d4su-oy8Bwc-8Nzcf5-osXx4C-sH9VGA-oupu2A" title="Meteoro">Daniel Lobo - Meteoro</a>.</em></p>logrotate : exemple vite fait2017-12-04T09:30:00+01:002017-12-04T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-04:/post/2017/12/04/logrotate-exemple-vite-fait/<p><img alt=""Logs made of wood"" src="https://blog.anotherhomepage.org/public/logs.jpg">Aujourd'hui, un peu de configuration pour la rotation de ses logs, en utilisant <a href="https://github.com/logrotate/logrotate" title=""Logrotate">Logrotate</a>.</p>
<p>Sur un système Unix, bon nombre de programmes génèrent des fichiers de log. La rotation de ceux permet de séparer régulièrement les fichiers afin de les empêcher de devenir trop gros (et difficile à exploiter), et …</p><p><img alt=""Logs made of wood"" src="https://blog.anotherhomepage.org/public/logs.jpg">Aujourd'hui, un peu de configuration pour la rotation de ses logs, en utilisant <a href="https://github.com/logrotate/logrotate" title=""Logrotate">Logrotate</a>.</p>
<p>Sur un système Unix, bon nombre de programmes génèrent des fichiers de log. La rotation de ceux permet de séparer régulièrement les fichiers afin de les empêcher de devenir trop gros (et difficile à exploiter), et à effacer ceux qui sont trop vieux pour empêcher qu'ils ne saturent l'espace disque. La rotation des logs peut aussi être intéressante d'un point de vue légal, si on doit conserver un minimum ou maximum de temps les logs d'accès d'un serveur web, par exemple.</p>
<p>Continuons d'ailleurs sur l'exemple du serveur web. Je vais me baser sur une configuration proche de celle que j'utilise pour le serveur web qui rend ce blog accessible :</p>
<div class="highlight"><pre><span></span><code>/srv/www/*/*/log/*.log {
compress
compresscmd /usr/bin/xz
compressext .xz
uncompresscmd /usr/bin/unxz
delaycompress
daily
rotate 9999
create 644 root wheel
sharedscripts
missingok
prerotate
/usr/pkg/bin/perl /usr/pkg/awstats/bin/awstats_updateall.pl now -awstatsprog=/usr/pkg/awstats/cgi-bin/awstats.pl -configdir=/usr/pkg/etc/awstats/ > /dev/null
endscript
postrotate
/usr/pkg/sbin/apachectl restart > /dev/null 2>/dev/null || true
endscript
}
</code></pre></div>
<p>Dans cet exemple, on peut remarquer que les logs sont compressés (directive <em>compress</em>), mais pas immédiatement lors de la rotation (directive <em>delaycompress</em>). Il s'agit d'un compromis entre la facilité de recherche dans les logs, et l'espace occupé. Autre information intéressante, l'utilisation de xz, déjà abordé dans un <a href="/post/xz-pour-une-meilleure-compression-de-ses-fichiers">billet précédent</a>, au lieu de Gzip (paramétrage par défaut). La plupart des options sont faciles à comprendre.</p>
<p>Attardons-nous cependant sur les dernières lignes de configuration, en particulier sur les directives <em>prerotate</em> et <em>postrotate</em>. Comme leur nom l'indique, elles permettent d'agir juste avant la rotation et juste après. Ainsi, j'ai choisi dans cette configuration de lancer Awstats pour gérer les statistiques de visites de tous les sites hébergés. Concernant l'action après rotation, la relance du serveur web est obligatoire, car sinon ce dernier continue à écrire dans l'ancien fichier (car l'inode ne bouge pas, lui).</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/107640324@N05/26883118626/in/photolist-GXz1zh-GXz3Fm-H1vKwt-G69hJP-GXz4x1-H1vNFz-GXyUrf-G699sD-Gnxw8N-RQJjMv-GewNiy-GydJQu-FZgSSN-GmQcJv-GnxKap-GfYdkb-Ga6V5A-NoPvcs-F2FP1m-FKdHag-FvJFku-EAf6xR-F6mJGJ-EXhUth-F2RwRV-DSczhs-EMBnrj-DHmwz9-EwRJDM-ECLpsQ-EjnCfH-DLD1De-DYxtqj-HEQkrq-P33LAp-DBoPkn-DBoPuF-DBoPLx-CZ1f7B-Np5aiP-DpJTyK-CYvrCF-zh6Fbt-A73Wej-AoEeU8-A79QtZ-A79ZgD-AoEhRa-zrLzVB-zrLyrp" title="logs">Intermountain Region USFS - logs ET5A3073</a>.</em></p>xz pour une meilleure compression de ses fichiers2017-12-02T10:00:00+01:002017-12-02T10:00:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-12-02:/post/2017/12/02/xz-pour-une-meilleure-compression-de-ses-fichiers/<p><img alt=""Bell system technical journal"" src="https://blog.anotherhomepage.org/public/bell_system_technical_journal.jpg">Aujourd'hui, causons un peu compression. Habituellement, dans le monde Unix, on a tendance à utiliser <a href="https://fr.wikipedia.org/wiki/Gzip" title=""Gzip">Gzip</a>. Ce format de compression a le mérite, aujourd'hui, d'être assez rapide, mais il est loin d'être le plus efficace. Une alternative a vu le jour, il s'agit de <a href="https://fr.wikipedia.org/wiki/Bzip2" title=""bzip2">bzip2</a>. Si ce dernier est bien …</p><p><img alt=""Bell system technical journal"" src="https://blog.anotherhomepage.org/public/bell_system_technical_journal.jpg">Aujourd'hui, causons un peu compression. Habituellement, dans le monde Unix, on a tendance à utiliser <a href="https://fr.wikipedia.org/wiki/Gzip" title=""Gzip">Gzip</a>. Ce format de compression a le mérite, aujourd'hui, d'être assez rapide, mais il est loin d'être le plus efficace. Une alternative a vu le jour, il s'agit de <a href="https://fr.wikipedia.org/wiki/Bzip2" title=""bzip2">bzip2</a>. Si ce dernier est bien plus efficace, il est hélas beaucoup plus lent. Comme on cherche toujours à avoir le beurre et l'argent du beurre, d'autres formats de compression ont vu le jour plus récemment, comme <a href="https://fr.wikipedia.org/wiki/XZ_(format_de_fichier)" title=""XZ">XZ</a>, utilisant actuellement l'algorithme <a href="https://fr.wikipedia.org/wiki/LZMA" title=""LZMA">LZMA</a> 2.</p>
<p>Pour utiliser le format de compression xz, il suffit d'utiliser les outils xz et unxz. Ils sont généralement disponibles sur toutes les distributions Linux, voire même par défaut depuis longtemps. Les systèmes BSD ne sont pas en reste, puisque NetBSD 7 dispose de xz dans le système de base (une version plus récente est disponible dans pkgsrc). Enfin, seul macOS ne semble pas en disposer nativement, mais cela peut être corrigé grâce à pkgsrc, macports ou Homebrew. Selon les systèmes, en plus des outils de compression et décompression, xz vient avec des outils fichiers "classique" qui décompressent à la volée, comme xzcat, xzgrep, xzless ou xzdiff.</p>
<p>Quelques exemples d'utilisation, à commencer par la compression d'un fichier, ici en mode verbeux et avec un taux de compression maximum :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:~/irclogs/freenode$ xz -v -9 <span class="se">\\</span><span class="c1">#gcu.2017-11-30.log</span>
<span class="c1">#gcu.2017-11-30.log (1/1)</span>
<span class="m">100</span> % <span class="m">8</span>?020 B / <span class="m">23</span>,2 <span class="nv">KiB</span> <span class="o">=</span> <span class="m">0</span>,338
</code></pre></div>
<p>Soyons fous, recherchons une chaîne de caractères :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:~/irclogs/freenode$ xzgrep -i -m <span class="m">1</span> pinpin <span class="se">\\</span><span class="c1">#gcu.2017-11-30.log.xz </span>
<span class="m">01</span>:26 < pinpin> olivier__ runne irssi v1.0.5 - running on FreeBSD amd64
</code></pre></div>
<p>Et bien entendu, la décompression :</p>
<div class="highlight"><pre><span></span><code>nils@shell2:~/irclogs/freenode$ unxz -v <span class="se">\\</span><span class="c1">#gcu.2017-11-30.log.xz </span>
<span class="c1">#gcu.2017-11-30.log.xz (1/1)</span>
<span class="m">100</span> % <span class="m">8</span>?020 B / <span class="m">23</span>,2 <span class="nv">KiB</span> <span class="o">=</span> <span class="m">0</span>,338
</code></pre></div>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/internetarchivebookimages/14733726886/in/photolist-orYcFU-odZb28-ouALWf-oubHW5-owcadT-ox4T7K-ouCPjA-owyEXc-oeTAqs-odEZPn-odbtUr-oufaDH-ouqpfs-ocVsFg-owcn5w-owkuw8-ocUUBX-ocT2R9-odCbPL-odzUfe-od9WZH-odjbkp-owVry6-owVvWp-osxGbd-owpVSv-odj5YS-odjpx5-ocUaAM-ow8ZvA-ocFgzz-osCeLu-ow7naS-ouoJY9-octZyk-oxcW7M-ocHuhY-ouK3Z9-ocUDjv-ocS7LS-owLJXx-osCfpy-ocSti5-owbhG5-owoJ3n-vNf6mA-wkkWhE-osmV5G-ouNKz4-ocUAsZ" title=""The">Internet Archive Book Images - Image from page 1351 of "The Bell System technical journal" (1922)</a>.</em></p>CentOS 7 : désactiver firewalld et réactiver iptables2017-06-27T13:10:00+02:002017-06-27T13:10:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-06-27:/post/2017/06/27/centos-7-desactiver-firewalld-reactiver-iptables/<p><img alt=""tools"" src="https://blog.anotherhomepage.org/public/tools.jpg" title=""tools,">En plus de systemd, RHEL 7 et CentOS 7 disposent d'une nouvelle interface de pare-feu : firewalld. Bien qu'il fasse plutôt bien le boulot, je me suis trouvé dans des cas où j'avais du mal à lui faire faire ce que je voulais. En fait dès l'instant où j'ai commencé à …</p><p><img alt=""tools"" src="https://blog.anotherhomepage.org/public/tools.jpg" title=""tools,">En plus de systemd, RHEL 7 et CentOS 7 disposent d'une nouvelle interface de pare-feu : firewalld. Bien qu'il fasse plutôt bien le boulot, je me suis trouvé dans des cas où j'avais du mal à lui faire faire ce que je voulais. En fait dès l'instant où j'ai commencé à jouer avec des interfaces tun, des zones et de la retransmission de paquets, j'ai commencé à avoir des difficultés. En attendant de les résoudre, j'ai noté que je pouvais revenir au fonctionnement précédent, et piloter iptables directement.</p>
<h3>Désactivation de firewalld</h3>
<p>Commençons par arrêter firewalld, et s'assurer qu'il est bien coupé :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># systemctl stop firewalld.service</span>
<span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># systemctl status firewalld.service</span>
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded <span class="o">(</span>/usr/lib/systemd/system/firewalld.service<span class="p">;</span> disabled<span class="p">;</span> vendor preset: enabled<span class="o">)</span>
Active: inactive <span class="o">(</span>dead<span class="o">)</span>
Docs: man:firewalld<span class="o">(</span><span class="m">1</span><span class="o">)</span>
Jun <span class="m">27</span> <span class="m">10</span>:27:00 test.anotherhomepage.org systemd<span class="o">[</span><span class="m">1</span><span class="o">]</span>: Starting firewalld - dynamic firewall daemon...
Jun <span class="m">27</span> <span class="m">10</span>:27:00 test.anotherhomepage.org systemd<span class="o">[</span><span class="m">1</span><span class="o">]</span>: Started firewalld - dynamic firewall daemon.
Jun <span class="m">27</span> <span class="m">10</span>:27:25 test.anotherhomepage.org systemd<span class="o">[</span><span class="m">1</span><span class="o">]</span>: Stopping firewalld - dynamic firewall daemon...
Jun <span class="m">27</span> <span class="m">10</span>:27:25 test.anotherhomepage.org systemd<span class="o">[</span><span class="m">1</span><span class="o">]</span>: Stopped firewalld - dynamic firewall daemon.
</code></pre></div>
<p>Bien sûr, cela veut dire qu'à partir de maintenant, la machine n'est plus protégée par le pare-feu.</p>
<p>Ensuite, on désactive son démarrage automatique :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># systemctl disable firewalld.service</span>
</code></pre></div>
<p>Si vraiment on ne souhaite plus pouvoir démarrer firewalld par accident, on peut le masquer :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># systemctl mask firewalld.service</span>
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.
</code></pre></div>
<p>Maintenant c'est pas tout, mais faut remettre un pare-feu.</p>
<h3>Activation d'iptables</h3>
<p>Pour activer iptables, c'est très simple, commençons par installer le paquet "iptables-services" :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># yum -y install iptables-services</span>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.imt-systems.com
* extras: mirror.netcologne.de
* updates: mirror.ratiokontakt.de
Resolving Dependencies
--> Running transaction check
---> Package iptables-services.x86_64 <span class="m">0</span>:1.4.21-17.el7 will be installed
--> Finished Dependency Resolution
Dependencies <span class="nv">Resolved</span>
<span class="o">=============================================================================================================================================================================================================================================</span>
Package Arch Version Repository <span class="nv">Size</span>
<span class="o">=============================================================================================================================================================================================================================================</span>
Installing:
iptables-services x86_64 <span class="m">1</span>.4.21-17.el7 base <span class="m">50</span> k
Transaction <span class="nv">Summary</span>
<span class="o">=============================================================================================================================================================================================================================================</span>
Install <span class="m">1</span> Package
Total download size: <span class="m">50</span> k
Installed size: <span class="m">24</span> k
Downloading packages:
iptables-services-1.4.21-17.el7.x86_64.rpm <span class="p">|</span> <span class="m">50</span> kB <span class="m">00</span>:00:00
Running transaction check
Running transaction <span class="nb">test</span>
Transaction <span class="nb">test</span> succeeded
Running transaction
Installing : iptables-services-1.4.21-17.el7.x86_64 <span class="m">1</span>/1
Verifying : iptables-services-1.4.21-17.el7.x86_64 <span class="m">1</span>/1
Installed:
iptables-services.x86_64 <span class="m">0</span>:1.4.21-17.el7
Complete!
</code></pre></div>
<p>Ensuite, on l'active dans systemd :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># systemctl enable iptables</span>
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
</code></pre></div>
<p>On peut alors le lancer :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>root@test ~<span class="o">]</span><span class="c1"># systemctl start iptables</span>
</code></pre></div>
<p>Comme pour RHEL 6 et CentOS 6, la configuration se trouve dans le fichier <em>/etc/sysconfig/iptables</em>, et dispose d'un jeu de règles n'ouvrant la voie qu'au ping et à SSH. La machine est, à partir de cet instant, de nouveau protégée par un pare-feu.</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/velacreations/5249327029/" title="tools">velacreations - tools</a>.</em></p>Redirection de ports vers localhost sous Linux2017-06-19T09:30:00+02:002017-06-19T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-06-19:/post/2017/06/19/redirection-ports-localhost-linux/<p>Il m'est arrivé récemment de lancer des services uniquement sur la boucle locale d'une machine, par exemple un serveur web. On peut douter du bien-fondé de la démarche, mais je trouve cela intéressant à deux titres :- d'abord, si la configuration du service nécessite une adresse IP, cela sera 127.0 …</p><p>Il m'est arrivé récemment de lancer des services uniquement sur la boucle locale d'une machine, par exemple un serveur web. On peut douter du bien-fondé de la démarche, mais je trouve cela intéressant à deux titres :- d'abord, si la configuration du service nécessite une adresse IP, cela sera 127.0.0.1, et n'aura pas besoin d'être modifiée en cas de copie sur une autre machine ;- ensuite, si jamais pour une raison ou une autre le pare-feu vient à être inactif, le service ne sera pas exposé.</p>
<p>Bien sûr, cela ajoute une contrainte, celle d'effectuer une redirection de port en plus de l'ouverture de flux. De plus, je ne sais pas si cela a une influence réelle en terme de performance. Je pourrais tester cela à l'occasion, et en faire un article, tiens :)</p>
<p>Donc me voilà en train d'installer un serveur web, de le lancer sur localhost, je fais ma petite configuration à grands coups d'iptables, et là c'est le drame : le trafic ne passe pas. Quelques recherches plus tard, j'apprends qu'en fait par défaut, le noyau Linux considère que ce n'est pas normal qu'un paquet vienne de l'extérieur et ait comme destination 127.0.0.1. Ce comportement peut être modifié depuis la version 3.6, grâce à un paramètre sysctl :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># sysctl -w net.ipv4.conf.all.route_localnet=1</span>
</code></pre></div>
<p>Bien entendu, pour un résultat permanent, il faut penser à éditer /etc/sysctl.conf.</p>
<p>Petit détail sympathique, activer la retransmission de paquets (le fameux <em>ip_forward</em>) n'est pas nécessaire.</p>
<p>Source : <a href="https://superuser.com/questions/661772/iptables-redirect-to-localhost" title=""networking">Super User</a>.</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>systemd : reconfigurer une unité de service2017-05-22T09:30:00+02:002017-05-22T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-05-22:/post/2017/05/22/systemd-reconfigurer-unite-service/<p><img alt=""bricolage" src="https://blog.anotherhomepage.org/public/bricolagebumper.jpg" title=""bricolage">Dans <a href="/post/haveged-ajouter-entropie-vps-linux">le billet précédent</a>, j'ai abordé haveged et je terminais sur le fait que certains paramètres pouvaient être accessibles. Cela ne semble pas forcément évident, car si on regarde la liste des fichiers du paquet RPM, on n'y trouve aucun fichier de configuration :</p>
<div class="highlight"><pre><span></span><code>$ rpm -ql haveged
/usr/lib/systemd/system …</code></pre></div><p><img alt=""bricolage" src="https://blog.anotherhomepage.org/public/bricolagebumper.jpg" title=""bricolage">Dans <a href="/post/haveged-ajouter-entropie-vps-linux">le billet précédent</a>, j'ai abordé haveged et je terminais sur le fait que certains paramètres pouvaient être accessibles. Cela ne semble pas forcément évident, car si on regarde la liste des fichiers du paquet RPM, on n'y trouve aucun fichier de configuration :</p>
<div class="highlight"><pre><span></span><code>$ rpm -ql haveged
/usr/lib/systemd/system/haveged.service
/usr/lib64/libhavege.so.1
/usr/lib64/libhavege.so.1.1.0
/usr/sbin/haveged
/usr/share/doc/haveged
/usr/share/doc/haveged/AUTHORS
/usr/share/doc/haveged/COPYING
/usr/share/doc/haveged/ChangeLog
/usr/share/doc/haveged/README
/usr/share/doc/haveged/havege_sample.c
/usr/share/man/man8/haveged.8.gz
</code></pre></div>
<p>De plus, si on regarde le processus lancé, on remarque que certaines options sont précisées sur la ligne de commande :</p>
<div class="highlight"><pre><span></span><code>$ ps auxwww <span class="p">|</span> grep haveged <span class="p">|</span> grep -v grep
root <span class="m">22470</span> <span class="m">0</span>.0 <span class="m">0</span>.7 <span class="m">12132</span> <span class="m">3824</span> ? Rs May16 <span class="m">0</span>:00 /usr/sbin/haveged -w <span class="m">1024</span> -v <span class="m">1</span> --Foreground
</code></pre></div>
<p>Allons un peu plus loin, le paquet contient un fichier "haveged.service" :</p>
<div class="highlight"><pre><span></span><code>$ cat /usr/lib/systemd/system/haveged.service
<span class="o">[</span>Unit<span class="o">]</span>
<span class="nv">Description</span><span class="o">=</span>Entropy Daemon based on the HAVEGE algorithm
<span class="nv">Documentation</span><span class="o">=</span>man:haveged<span class="o">(</span><span class="m">8</span><span class="o">)</span> http://www.issihosts.com/haveged/
<span class="o">[</span>Service<span class="o">]</span>
<span class="nv">Type</span><span class="o">=</span>simple
<span class="nv">ExecStart</span><span class="o">=</span>/usr/sbin/haveged -w <span class="m">1024</span> -v <span class="m">1</span> --Foreground
<span class="nv">SuccessExitStatus</span><span class="o">=</span><span class="m">143</span>
<span class="o">[</span>Install<span class="o">]</span>
<span class="nv">WantedBy</span><span class="o">=</span>multi-user.target
</code></pre></div>
<p>Il ne faut pas succomber à la tentation de modifier directement ce fichier, car une possibilité plus propre existe : <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Unit_Files.html#sect-Managing_Services_with_systemd-Unit_File_Modify" title=""RHEL">la documentation officielle RHEL 7</a> nous apprend ainsi comment créer un fichier de configuration pour le service.</p>
<p>Dans ce cas précis, je souhaite augmenter la valeur de l'argument -w à 2048. Pour l'anecdote, cette option permet d'augmenter l'utilisation de haveged en définissant une taille minimale du réservoir d'entropie. Nous allons donc d'abord créer un répertoire de configuration de service systemd, puis le fichier lui-même :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># mkdir /etc/systemd/system/haveged.service.d/</span>
<span class="c1"># vi /etc/systemd/system/haveged.service.d/custom_args.conf</span>
</code></pre></div>
<p>Bon, peu importe le nom du fichier tant qu'il a pour extension ".conf", mais il est malgré tout préférable de lui donner un nom explicite (en clair, faites ce que je dis, pas ce que je fais).</p>
<p>Nous allons dans ce fichier redéfinir la directive <em>ExecStart</em>, puisque c'est celle qui définit l'option à modifier. Par contre, petite subtilité, cette directive doit être vidée pour être redéfinie. Le fichier a donc cette allure :</p>
<div class="highlight"><pre><span></span><code><span class="k">[Service]</span><span class="w"></span>
<span class="na">ExecStart</span><span class="o">=</span><span class="w"></span>
<span class="na">ExecStart</span><span class="o">=</span><span class="s">/usr/sbin/haveged -w 2048 -v 1 --Foreground</span><span class="w"></span>
</code></pre></div>
<p>Il faut maintenant recharger les unités avant de redémarrer le service haveged :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># systemctl restart haveged.service</span>
Warning: haveged.service changed on disk. Run <span class="s1">'systemctl daemon-reload'</span> to reload units.
<span class="c1"># systemctl daemon-reload</span>
<span class="c1"># systemctl restart haveged.service</span>
<span class="c1"># ps auxwww | grep haveged | grep -v grep</span>
root <span class="m">23074</span> <span class="m">2</span>.4 <span class="m">0</span>.7 <span class="m">12132</span> <span class="m">3836</span> ? Ss <span class="m">04</span>:02 <span class="m">0</span>:00 /usr/sbin/haveged -w <span class="m">2048</span> -v <span class="m">1</span> --Foreground
</code></pre></div>
<p>Le démon haveged est alors lancé avec une valeur de 2048 pour l'option -w.</p>
<p>Dernier petit détail, SELinux. J'ai testé cette manipulation sur un système configuré en "enforcing", l'édition du fichier s'est donc faite dans le bon contexte. Au cas où certains se demandent comment sont les labels, les voici :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># ll -Z -d /etc/systemd/system/haveged.service.d</span>
drwxr-xr-x. root root unconfined_u:object_r:systemd_unit_file_t:s0 /etc/systemd/system/haveged.service.d
<span class="c1"># ll -Z /etc/systemd/system/haveged.service.d/custom_args.conf</span>
-rw-r--r--. root root unconfined_u:object_r:systemd_unit_file_t:s0 /etc/systemd/system/haveged.service.d/custom_args.conf
</code></pre></div>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p>Crédit photo : <a href="https://www.flickr.com/photos/khargrav/3732587579/" title=""bricolage">Katie Hargrave - bricolage bumper.</a></p>Haveged : ajouter de l'entropie à son VPS Linux2017-05-18T09:00:00+02:002017-05-18T09:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-05-18:/post/2017/05/18/haveged-ajouter-entropie-vps-linux/<p><img alt=""Entropy"" src="https://blog.anotherhomepage.org/public/entropy.jpg" title=""Entropy,">Entre deux bidouilles <a href="/tag/NetBSD">NetBSD</a>, je me suis retrouvé à des bidouilles <a href="/tag/Linux">Linux</a>. Plus particulièrement en jetant un œil à <a href="https://www.ssi.gouv.fr/entreprise/guide/recommandations-pour-un-usage-securise-dopenssh/" title=""Usage">une certaine documentation utile</a>, j'ai pu lire :</p>
<blockquote>
<p>Les clés doivent être générées dans un contexte où la source d’aléa est fiable, ou à défaut dans un environnement où suffisamment d …</p></blockquote><p><img alt=""Entropy"" src="https://blog.anotherhomepage.org/public/entropy.jpg" title=""Entropy,">Entre deux bidouilles <a href="/tag/NetBSD">NetBSD</a>, je me suis retrouvé à des bidouilles <a href="/tag/Linux">Linux</a>. Plus particulièrement en jetant un œil à <a href="https://www.ssi.gouv.fr/entreprise/guide/recommandations-pour-un-usage-securise-dopenssh/" title=""Usage">une certaine documentation utile</a>, j'ai pu lire :</p>
<blockquote>
<p>Les clés doivent être générées dans un contexte où la source d’aléa est fiable, ou à défaut dans un environnement où suffisamment d’entropie a été accumulée.</p>
</blockquote>
<p>Et là, on commence à se poser des questions : qu'est-ce que l'entropie ? Pourquoi faut-il une source fiable ? Comment avoir une meilleure entropie ?</p>
<h3>Entropie et aléa</h3>
<p>Pour résumer, disons que l'entropie c'est la qualité de la génération de nombres aléatoires. C'est un raccourci assez grossier j'en conviens, mais cela évitera d'écrire ou de paraphraser des pavés mathématiques.</p>
<p>Mais alors, pourquoi générer des nombres aléatoires ? Tout simplement parce que cela fait partie de nombreuses bases d'outils cryptographiques, comme par exemple la génération de clés SSH. C'est d'ailleurs l'occasion d'aborder la question du risque qu'on prend si on ne génère pas assez d'aléa dans notre exemple : il devient possible de générer deux fois le même couple de clés SSH, et par conséquent, que quelqu'un soit en mesure de se connecter à une machine à laquelle il ne devrait pas avoir accès.</p>
<p>Si vous pensez que cela n'arrive jamais, il suffit de se rappeler la vulnérabilité OpenSSH Debian. En 2008, la version Debian d'OpenSSL s'est trouvée modifiée, et a eu pour conséquence un très faible nombre de possibilités pour générer des clés SSH. La preuve ? On peut trouver sur cette page l'intégralité des clés DSA (1024 et 2048 bits) et RSA (1024 à 4096 bits) possibles via cette version vulnérable. J'admets volontiers que c'est un cas extrême, mais il a le mérite d'être assez parlant.</p>
<p>Bref, tout ça pour dire que plus on a d'entropie, mieux c'est.</p>
<h3>Mesurer la qualité de l'entropie</h3>
<p>Pour mesurer la qualité de l'entropie, c'est très simple :</p>
<div class="highlight"><pre><span></span><code>$ cat /proc/sys/kernel/random/entropy_avail
<span class="m">175</span>
</code></pre></div>
<p>On voit que cela renvoie un nombre, qui désigne la quantité de nombres aléatoires générés. On dit que ce nombre est la taille de notre réservoir d'entropie. Et donc, plus il est grand, mieux c'est. Sauf que là, 175 sur une VM Vagrant CentOS 7, bein c'est pas glorieux.</p>
<p>Une autre manière de mesurer l'entropie consiste à utiliser l'outil rngtest (disponible dans le paquet rng-tools pour CentOS). Celui-ci va lancer un certain nombre de tests utilisant le standard FIPS-140.</p>
<p>Par exemple :</p>
<div class="highlight"><pre><span></span><code>$ cat /dev/random <span class="p">|</span> rngtest -c <span class="m">1000</span>
rngtest <span class="m">5</span>
Copyright <span class="o">(</span>c<span class="o">)</span> <span class="m">2004</span> by Henrique de Moraes Holschuh
This is free software<span class="p">;</span> see the <span class="nb">source</span> <span class="k">for</span> copying conditions. There is NO warranty<span class="p">;</span> not even <span class="k">for</span> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: <span class="m">96</span>
rngtest: FIPS <span class="m">140</span>-2 successes: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2 failures: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Monobit: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Poker: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Runs: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Long run: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Continuous run: <span class="m">0</span>
rngtest: input channel speed: <span class="o">(</span><span class="nv">min</span><span class="o">=</span><span class="m">0</span>.000<span class="p">;</span> <span class="nv">avg</span><span class="o">=</span><span class="m">0</span>.000<span class="p">;</span> <span class="nv">max</span><span class="o">=</span><span class="m">0</span>.000<span class="o">)</span>bits/s
rngtest: FIPS tests speed: <span class="o">(</span><span class="nv">min</span><span class="o">=</span><span class="m">0</span>.000<span class="p">;</span> <span class="nv">avg</span><span class="o">=</span><span class="m">0</span>.000<span class="p">;</span> <span class="nv">max</span><span class="o">=</span><span class="m">0</span>.000<span class="o">)</span>bits/s
rngtest: Program run time: <span class="m">21307295</span> microseconds
</code></pre></div>
<p>Et là, ce n'est toujours pas glorieux, car j'ai arrêté l'exécution faute de patience.</p>
<p>Avant de remédier à ce problème, comparons avec une machine physique notre premier indicateur :</p>
<div class="highlight"><pre><span></span><code>$ cat /proc/sys/kernel/random/entropy_avail
<span class="m">3217</span>
</code></pre></div>
<p>On peut aussi constater que le problème d'entropie affecte particulièrement les machines virtuelles. Cela s'explique surtout par le fait qu'elles disposent de beaucoup moins d'éléments qu'une machine physique, et donc moins d'éléments à lire pour espérer y trouver de l'aléa.</p>
<p>Bon, ce n'est pas tout, mais il est temps de remédier à ce problème d'entropie sur cette VM !</p>
<h3>Haveged : générateur d'entropie en espace utilisateur</h3>
<p><a href="http://issihosts.com/haveged/" title=""haveged">Haveged</a> est un logiciel qui se présente sous la forme d'un démon qui reste en espace utilisateur. Il tire son nom de l'algorithme qu'il utilise, HAVEGE (HArdware Volatile Entropy Gathering and Expansion).</p>
<p>Côté installation, rien de plus simple, il suffit, pour CentOS, d'avoir accès au dépôt <a href="https://fedoraproject.org/wiki/EPEL" title="EPEL">Fedora EPEL</a>. Une fois que c'est fait, un simple yum -y install haveged suffit à disposer du logiciel.</p>
<p>Comme il s'agit d'un démon, il faut le démarrer. Sous CentOS 7, cela se fait via systemd :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># systemctl start haveged.service</span>
</code></pre></div>
<p>Et voilà ! Bon d'accord, cela fait peu. Maintenant, vérifions que notre entropie augmente :</p>
<div class="highlight"><pre><span></span><code>$ cat /proc/sys/kernel/random/entropy_avail
<span class="m">1779</span>
</code></pre></div>
<p>Voilà qui est mieux. Vérifions aussi avec rngtest :</p>
<div class="highlight"><pre><span></span><code>$ cat /dev/random <span class="p">|</span> rngtest -c <span class="m">1000</span>
rngtest <span class="m">5</span>
Copyright <span class="o">(</span>c<span class="o">)</span> <span class="m">2004</span> by Henrique de Moraes Holschuh
This is free software<span class="p">;</span> see the <span class="nb">source</span> <span class="k">for</span> copying conditions. There is NO warranty<span class="p">;</span> not even <span class="k">for</span> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: <span class="m">20000032</span>
rngtest: FIPS <span class="m">140</span>-2 successes: <span class="m">1000</span>
rngtest: FIPS <span class="m">140</span>-2 failures: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Monobit: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Poker: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Runs: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Long run: <span class="m">0</span>
rngtest: FIPS <span class="m">140</span>-2<span class="o">(</span><span class="m">2001</span>-10-10<span class="o">)</span> Continuous run: <span class="m">0</span>
rngtest: input channel speed: <span class="o">(</span><span class="nv">min</span><span class="o">=</span><span class="m">2</span>.057<span class="p">;</span> <span class="nv">avg</span><span class="o">=</span><span class="m">17</span>.351<span class="p">;</span> <span class="nv">max</span><span class="o">=</span><span class="m">25</span>.915<span class="o">)</span>Mibits/s
rngtest: FIPS tests speed: <span class="o">(</span><span class="nv">min</span><span class="o">=</span><span class="m">44</span>.564<span class="p">;</span> <span class="nv">avg</span><span class="o">=</span><span class="m">139</span>.836<span class="p">;</span> <span class="nv">max</span><span class="o">=</span><span class="m">161</span>.640<span class="o">)</span>Mibits/s
rngtest: Program run time: <span class="m">1237535</span> microseconds
</code></pre></div>
<p>Dans ce dernier cas, la récupération des informations fut quasi-instantanée ! On peu d'ailleurs noter le nombre de tests réalisés avec succès, qui correspond mieux à nos attentes.</p>
<p>Pour ce qui est d'activer haveged au démarrage, il ne faut pas oublier la commande systemctl qui va bien :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># systemctl enable haveged.service</span>
Created symlink from /etc/systemd/system/multi-user.target.wants/haveged.service to /usr/lib/systemd/system/haveged.service.
</code></pre></div>
<p>Selon les distributions, certains paramètres supplémentaires sont accessibles, mais cela fera l'objet d'un autre article ;)</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/teatimer/6773350588/" title="Entropy">teatimer - Entropy</a></em></p>
<h2>Commentaires</h2>
<h3>Le 18/05/2017 16:20 par Melua</h3>
<p>Je vous suggère de lire cet article à ce sujet : si l'instruction RDTSC n'est pas rendue disponible par votre machine hôte, les machines virtuelles recevront toujours le même résultat (ou un résultat prévisible) rendant votre génération par haveged faussement aléatoire.</p>
<p>https://security.stackexchange.com/questions/34523/is-it-appropriate-to-use-haveged-as-a-source-of-entropy-on-virtual-machines</p>
<h3>Le 18/05/2017 20:09 par Nils</h3>
<p>Merci pour ce commentaire très pertinent, Melua !</p>
<p>Cela m'a en effet été remonté sur Mastodon (discussion <a href="https://mastodon.xyz/@Nils/2876532">ici</a>), via le wiki d'Archlinux. Visiblement on mentionne surtout les produits VMware, et un peu VirtualBox, sans que ce dernier soit concerné (je suis du coup tranquille pour le moment). J'espère faire un billet de suivi concernant cette instruction, mais il me faudra chercher pour voir si cette instruction est disponible via d'autres hypverviseurs (je pense particulièrement à Xen en paravirtuel, mais je suis intéressé aussi par KVM et Hyper-V).</p>Xen : installation d'un invité domU NetBSD2017-05-09T09:00:00+02:002017-05-09T09:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-05-09:/post/2017/05/09/xen-installation-domu-netbsd/<p><img alt=""the" src="https://blog.anotherhomepage.org/public/thehandler.jpg" title=""the">Dans <a href="/post/xen-installation-dom0-netbsd">le billet précédent</a>, j'ai abordé la création d'un hyperviseur Xen (dom0) NetBSD.Il est donc temps de s'occuper du système invité NetBSD, le domU.</p>
<h3>Création du domU Xen</h3>
<p>Pour créer notre domU, nous avons besoin de 3 éléments présents sur le dom0 :</p>
<ul>
<li>un fichier de disque dur (on pourrait …</li></ul><p><img alt=""the" src="https://blog.anotherhomepage.org/public/thehandler.jpg" title=""the">Dans <a href="/post/xen-installation-dom0-netbsd">le billet précédent</a>, j'ai abordé la création d'un hyperviseur Xen (dom0) NetBSD.Il est donc temps de s'occuper du système invité NetBSD, le domU.</p>
<h3>Création du domU Xen</h3>
<p>Pour créer notre domU, nous avons besoin de 3 éléments présents sur le dom0 :</p>
<ul>
<li>un fichier de disque dur (on pourrait utiliser LVM ou une partition, mais cela est moins flexible) ;</li>
<li>dans le cas de NetBSD, un fichier de noyau ;</li>
<li>et un fichier de configuration.</li>
</ul>
<p>D'abord, le fichier de disque dur. Pour le créer, il suffit d'utiliser la commande <em>dd</em>. La taille de ce fichier déterminera la taille du disque dur de la machine virtuelle. Créons un fichier de 4 Go (4096 blocs d'1 Mo) :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dd</span><span class="w"> </span><span class="k">if</span><span class="o">=/</span><span class="n">dev</span><span class="o">/</span><span class="n">zero</span><span class="w"> </span><span class="k">of</span><span class="o">=/</span><span class="n">srv</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="k">disk</span><span class="o">/</span><span class="n">netbsd</span><span class="p">.</span><span class="n">img</span><span class="w"> </span><span class="n">bs</span><span class="o">=</span><span class="mi">1</span><span class="n">m</span><span class="w"> </span><span class="nf">count</span><span class="o">=</span><span class="mi">4096</span><span class="w"></span>
</code></pre></div>
<p>On peut remarquer que cet exemple remplit notre fichier de zéros, et ne crée pas de fichier sparse. Il semble que la gestion des fichiers sparse ne soit pas parfaite sous NetBSD, d'après le <a href="https://wiki.netbsd.org/ports/xen/howto/" title="">tutoriel officiel</a>.</p>
<p>Ensuite, récupérons les fichiers noyau :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="n">kernels</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="o">/</span><span class="w"></span>
<span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="n">kernels</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="o">/</span><span class="w"></span>
<span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="n">kernels</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">ftp</span><span class="w"> </span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">cdn</span><span class="p">.</span><span class="n">netbsd</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="o">/</span><span class="nc">binary</span><span class="o">/</span><span class="n">kernel</span><span class="o">/</span><span class="n">netbsd</span><span class="o">-</span><span class="n">INSTALL_XEN3_DOMU</span><span class="p">.</span><span class="n">gz</span><span class="w"></span>
<span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="n">kernels</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">ftp</span><span class="w"> </span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">cdn</span><span class="p">.</span><span class="n">netbsd</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="o">/</span><span class="nc">binary</span><span class="o">/</span><span class="n">kernel</span><span class="o">/</span><span class="n">netbsd</span><span class="o">-</span><span class="n">XEN3_DOMU</span><span class="p">.</span><span class="n">gz</span><span class="w"></span>
</code></pre></div>
<p>On récupère deux fichiers de noyau, car l'un d'entre eux ne sert que pour l'installation. Une fois celle-ci terminée, il faut penser à configurer notre domU avec le noyau "classique".</p>
<p>Nous pouvons enfin créer notre fichier de configuration, <em>/usr/pkg/etc/xen/netbsd</em> :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">xen</span><span class="err">#</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">^</span><span class="err">#</span><span class="w"> </span><span class="n">netbsd</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">^</span><span class="err">$</span><span class="w"></span>
<span class="n">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="ss">"netbsd"</span><span class="w"></span>
<span class="n">uuid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="ss">"d0f3e8d3-2f54-11e7-b035-00301bbde894"</span><span class="w"></span>
<span class="n">kernel</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="ss">"/srv/xen/images/kernels/NetBSD/NetBSD-7.1/amd64/netbsd-INSTALL_XEN3_DOMU.gz"</span><span class="w"></span>
<span class="n">memory</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">256</span><span class="w"></span>
<span class="n">vcpus</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">1</span><span class="w"></span>
<span class="n">vif</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">[</span><span class="n"> 'bridge=bridge0,mac=00:16:3E:00:00:02' </span><span class="o">]</span><span class="w"></span>
<span class="k">disk</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">[</span><span class="n"> '/srv/xen/images/disk/netbsd.img,raw,xvda,rw' </span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Les directives du fichier de configuration sont assez explicites, néanmoins il convient de préciser certaines choses :</p>
<ul>
<li>d'abord, le nom de la machine virtuelle ("name") doit être unique ;</li>
<li>et en passant, l'uuid aussi (généré via <em>uuidgen</em>), mais il n'est pas obligatoire, la directive peut être vide ;</li>
<li>la mémoire est spécifiée en méga-octets ;</li>
<li>on peut spécifier plusieurs interfaces réseau ou disques durs.</li>
</ul>
<p>On peut ajouter bien d'autres options, mais il est préférable de commencer par un fichier simple, qui démarrera une machine en mode texte, avant d'aller plus loin.</p>
<p>Maintenant que notre fichier de configuration est prêt, démarrons notre domU :</p>
<p>````
root@rogue:/usr/pkg/etc/xen# xl create -c netbsd</p>
<div class="highlight"><pre><span></span><code>L'option -c permet d'attacher la console locale de la machine virtuelle en mode texte, et donc de pouvoir interagir avec (pour, par exemple, effectuer une installation).
### Installation de NetBSD dans le domU
L'installation se passe de manière similaire à ce qui est [présenté dans le guide officiel](https://www.netbsd.org/docs/guide/en/chap-exinst.html ""NetBSD"), mais à une différence près : une fois l'installation terminée, il faut quitter l'installeur (au lieu de redémarrer), puis éteindre la machine virtuelle :
</code></pre></div>
<h1>shutdown -p now</h1>
<div class="highlight"><pre><span></span><code>De retour dans le dom0, il faut alors changer le fichier de noyau pour un démarrage "classique" :
</code></pre></div>
<p>root@rogue:/usr/pkg/etc/xen# vi netbsd
kernel = "/srv/xen/images/kernels/NetBSD/NetBSD-7.1/amd64/netbsd-XEN3_DOMU.gz"</p>
<div class="highlight"><pre><span></span><code>On peut ensuite démarrer notre machine virtuelle, dans l'exemple suivant sans attacher la console locale de celle-ci :
</code></pre></div>
<p>root@rogue:/usr/pkg/etc/xen# xl create netbsd
```</p>
<h3>On est vraiment obligé de spécifier sur le noyau ?</h3>
<p>Dans le domU d'exemple du billet précédent, le système OpenWrt était démarré grâce à pygrub, un chargeur de démarrage pour Xen. Celui-ci n'est hélas pas capable de lire le système de fichiers FFS utilisé par NetBSD. Cela n'est pas non plus possible pour pv-grub, qui n'est de toute façon pas disponible dans les paquets Xen pkgsrc.</p>
<p>Quelles sont alors les possibilités ? La première consiste à créer une partition /boot en ext2/3/4 au début du disque virtuel, et d'y placer noyau et configuration Grub, comme l'indique <a href="http://wiki.prgmr.com/mediawiki/index.php/NetBSD_as_a_DomU#Partitioning_for_pv-grub" title=""NetBSD">ce tutoriel</a>. Une autre consiste à compiler soi-même une version de Grub2, qui semble maintenant gérer Xen, tout du moins d'après ce <a href="https://blog.xenproject.org/2015/01/07/using-grub-2-as-a-bootloader-for-xen-pv-guests/" title=""Using">billet du blog officiel Xen</a>, daté de janvier 2015.</p>
<h3>Autres actions possibles</h3>
<p>Démarrer sa machine virtuelle, c'est bien, pouvoir effectuer d'autres actions et vérifications, c'est mieux ! Voici donc, en vrac, quelques commandes utiles pour gérer ses domU :</p>
<ul>
<li><em>xl shutdown \<chemin vers le fichier de configuration></em> permet d'arrêter proprement celui-ci ;</li>
<li>besoin d'appuyer sur le bouton Off comme un gros barbare ? <em>xl destroy \<nomdudomU></em> ;</li>
<li>lister les domU en fonctionnement : <em>xl list</em> ;</li>
<li>et pour avoir cette liste en temps réel, présentée à la manière d'un <em>top</em>, on peut utiliser <em>xl top</em>.</li>
</ul>
<p>D'autres commandes et paramètres sont disponibles dans la page de manuel de la commande <em>xl</em>.</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p><em>Crédit photo :</em> <a href="https://www.flickr.com/photos/cmustard/34064469610/in/photolist-TUaj2y-ajyqsY-4XMPYQ-4LCSFr-2wz6-6zQVu2-G36kR-oGVpNV-7BguV-4oXq8s-7kKgjh-3KdvKY-8nM4kw-S1W13y-aFogBm-7JNRuf-aE1mHJ-8Roq1t-MQEVs-eaW368-4UFV14-hRpNi-ps4yHK-7JJWbk-6eHd2K-7RjCRN-u5qc9-dKBGda-fCAKEu-duoNYJ-fE8FRp-4vTuc8-4XMNTG-b9et7R-9eFif6-9eJp2C-9eFiez-5Q7YTg-6to7X4-6pBDge-8RogFM-bmZ5X-dqPf7h-3pm8Lc-4WBHsG-7rnC8-c3i3zN-6Yko5-a7h1Wr-6eMmmw" title=""the">ColonelMustard - the handler</a>''</p>Xen : installation d'un hyperviseur dom0 NetBSD2017-05-02T12:00:00+02:002017-05-02T12:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-05-02:/post/2017/05/02/xen-installation-dom0-netbsd/<p><img alt=""Army"" src="https://blog.anotherhomepage.org/public/army.jpg" title=""Army,">J'ai écrit dans le passé quelques billets concernant <a href="/tag/Xen">Xen</a>, mais jamais sur l'installation à proprement parler d'un hyperviseur Xen à base de NetBSD. Il est temps de réparer cela ! Mais avant de commencer, quelques rappels :</p>
<ul>
<li>en terminologie Xen, chaque système invité se nomme un "domaine" ;</li>
<li>une machine virtuelle est un …</li></ul><p><img alt=""Army"" src="https://blog.anotherhomepage.org/public/army.jpg" title=""Army,">J'ai écrit dans le passé quelques billets concernant <a href="/tag/Xen">Xen</a>, mais jamais sur l'installation à proprement parler d'un hyperviseur Xen à base de NetBSD. Il est temps de réparer cela ! Mais avant de commencer, quelques rappels :</p>
<ul>
<li>en terminologie Xen, chaque système invité se nomme un "domaine" ;</li>
<li>une machine virtuelle est un domaines non-privilégié, en anglais "unprivileged domain", généralement raccourci en "domU" ;</li>
<li>l'OS qui fait fonctionner l'hyperviseur est un domaine privilégié, en anglais "privileged domain", ce qui donne en raccourci "dom0".</li>
</ul>
<p>Il s'agit donc de détailler l'installation et la configuration de Xen en tant que dom0 sur un système NetBSD amd64. Pour valider son bon fonctionnement, une installation rapide d'un domU OpenWrt sera effectuée à la fin.</p>
<p>Mais avant de démarrer, voici quelques informations sur la configuration qui sera effectuée :</p>
<ul>
<li>comme la machine physique ne dispose pas des instructions de virtualisation (Intel Atom 330), seul le mode "paravirtuel" sera abordé ;</li>
<li>la machine physique se verra attribuer 256 Mo de RAM sur ses 2 Go pour son fonctionnement ;</li>
<li>la configuration réseau sera en mode "bridge", le dom0 et les domU seront donc sur le même réseau.</li>
</ul>
<p>Allons-y !</p>
<h3>Installation et configuration de NetBSD</h3>
<p>Commençons par l'installation du système d'exploitation : NetBSD 7.1 amd64. Il n'y a rien en particulier à signaler sur l'installation, cela dépend avant tout de son usage. Cette machine n'étant pas destinée à devenir un environnement de production, j'ai choisi un partitionnement minimal, à savoir juste un / qui prend tout le disque.</p>
<p>A noter aussi qu'à ce moment, il n'y a besoin de rien en particulier concernant le noyau. J'ai pris l'habitude de ne pas installer les sets de compilation ou source sur une machine sauf si j'en ai expressément besoin. Donc, je me suis limité aux sets suivants :</p>
<ul>
<li>base ;</li>
<li>etc ;</li>
<li>man ;</li>
<li>misc ;</li>
<li>modules ;</li>
<li>tests ;</li>
<li>text ;</li>
<li>xbase.</li>
</ul>
<p>Côté réseau, il sera sans doute plus simple de configurer une adresse IP statique. On va aussi dès maintenant configurer le bridge :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="p">@</span><span class="n">rogue</span><span class="p">:</span><span class="o">~</span>#<span class="w"> </span><span class="nb">cat</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">ifconfig</span><span class="p">.</span><span class="n">bridge0</span><span class="w"> </span>
<span class="n">create</span><span class="w"></span>
<span class="s">!brconfig</span><span class="w"> </span><span class="s">$int</span><span class="w"> </span><span class="s">add</span><span class="w"> </span><span class="s">re0</span><span class="w"> </span><span class="s">up</span><span class="w"></span>
</code></pre></div>
<p>A noter que l'interface de la machine physique est re0, il convient de la modifier selon celle disponible. On va aussi autoriser la retransmission de paquets réseau :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">cat</span><span class="w"> </span><span class="o">>></span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">sysctl</span><span class="p">.</span><span class="n">conf</span><span class="w"></span>
<span class="n">net</span><span class="p">.</span><span class="n">inet</span><span class="p">.</span><span class="n">ip</span><span class="p">.</span><span class="n">forwarding</span><span class="o">=</span><span class="mi">1</span><span class="w"></span>
</code></pre></div>
<p>Ces modifications seront prises en compte au prochain démarrage du système, qu'il convient de faire dès maintenant.</p>
<p>Pour les paquets logiciels, j'ai choisi d'utiliser mon propre dépôt pkgsrc de paquets binaires. Là aussi, rien d'exceptionnel, j'ai juste installé mon petit confort personnel. Il est néanmoins possible d'utiliser le dépôt binaire pkgsrc officiel (configuré lors de l'installation) ou d'utiliser pkgsrc depuis les sources.</p>
<h3>Installation et configuration de Xen 4.6</h3>
<p>Maintenant que notre système est installé et prêt, passons à l'installation de Xen. Rien de compliqué non plus à ce niveau, il suffit d'utiliser pkgin :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="err">@</span><span class="n">rogue</span><span class="p">:</span><span class="o">~</span><span class="c1"># pkgin in xenkernel46 xentools46</span><span class="w"></span>
</code></pre></div>
<p>Des messages seront affichés durant l'installation des différents paquets, montrant un certain nombre de messages de conseils et de recommandations.</p>
<p>Pour que Xen fonctionne, il faut d'abord démarrer un noyau spécialisé qui chargera de lancer l'hyperviseur. Le noyau NetBSD dom0 est disponible à côté du noyau générique sur les dépôts :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">wget</span><span class="w"> </span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">cdn</span><span class="p">.</span><span class="n">netbsd</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">/</span><span class="n">NetBSD</span><span class="o">-</span><span class="mf">7.1</span><span class="o">/</span><span class="n">amd64</span><span class="o">/</span><span class="nc">binary</span><span class="o">/</span><span class="n">kernel</span><span class="o">/</span><span class="n">netbsd</span><span class="o">-</span><span class="n">XEN3_DOM0</span><span class="p">.</span><span class="n">gz</span><span class="w"></span>
<span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">mv</span><span class="w"> </span><span class="n">netbsd</span><span class="o">-</span><span class="n">XEN3_DOM0</span><span class="p">.</span><span class="n">gz</span><span class="w"> </span><span class="o">/</span><span class="w"></span>
</code></pre></div>
<p>Configurons maintenant le chargeur de démarrage. Il suffit d'insérer la ligne suivante au début du fichier /boot.cfg :</p>
<div class="highlight"><pre><span></span><code><span class="n">menu</span><span class="o">=</span><span class="n">Xen</span><span class="p">:</span><span class="nb">load</span><span class="w"> </span><span class="o">/</span><span class="n">netbsd</span><span class="o">-</span><span class="n">XEN3_DOM0</span><span class="o">.</span><span class="n">gz</span><span class="w"> </span><span class="n">console</span><span class="o">=</span><span class="n">pc</span><span class="p">;</span><span class="n">multiboot</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">xen46</span><span class="o">-</span><span class="n">kernel</span><span class="o">/</span><span class="n">xen</span><span class="o">.</span><span class="n">gz</span><span class="w"> </span><span class="n">dom0_mem</span><span class="o">=</span><span class="mi">256</span><span class="n">M</span><span class="w"></span>
</code></pre></div>
<p>Parmi les détails de cette ligne de configuration, on remarquera l'allocation de 256 Mo de mémoire vive pour le dom0.</p>
<p>Par contre, si jamais le partitionnement prévoit un /usr séparé, il vaudra mieux copier /usr/pkg/xen46-kernel/xen.gz dans / et de remplacer les chemins en accord avec la nouvelle localisation du fichier. Une fois que le chargeur de démarrage est modifié, un redémarrage est nécessaire, mais juste avant on peut créer les fichiers spéciaux dans /dev :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">sh</span><span class="w"> </span><span class="n">MAKEDEV</span><span class="w"> </span><span class="n">xen</span><span class="w"></span>
</code></pre></div>
<p>Maintenant on peut redémarrer :)</p>
<p>Mais tout n'est pas encore prêt. Par exemple, le service xencommons doit être activé et démarré. On ajoute alors la ligne suivante au fichier /etc/rc.conf :</p>
<div class="highlight"><pre><span></span><code>xencommons=YES
</code></pre></div>
<p>On peut ensuite lancer le service :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">xencommons</span><span class="w"> </span><span class="k">start</span><span class="w"></span>
</code></pre></div>
<p>Il y a encore un fichier de configuration à modifier avant de commencer à faire joujou avec nos machines (para-)virtuelles : /usr/pkg/etc/xl.conf. Je n'ai fait que deux modifications à ce fichier :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">^</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">xl</span><span class="p">.</span><span class="n">conf</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">^</span><span class="err">$</span><span class="w"></span>
<span class="n">vif</span><span class="p">.</span><span class="k">default</span><span class="p">.</span><span class="n">script</span><span class="o">=</span><span class="ss">"vif-bridge"</span><span class="w"></span>
<span class="n">vif</span><span class="p">.</span><span class="k">default</span><span class="p">.</span><span class="n">bridge</span><span class="o">=</span><span class="ss">"bridge0"</span><span class="w"></span>
</code></pre></div>
<p>Il est temps d'effectuer rapidement un test de domU !</p>
<h3>Test d'un domU OpenWrt</h3>
<p>Un moyen de tester rapidement le fonctionnement de son dom0 Xen est d'utiliser un domU OpenWrt : il s'agit en effet d'un OS léger, non seulement d'un point de vue processeur et mémoire, mais aussi d'un point de vue espace disque. Au moment de la rédaction de cet article, la dernière version stable d'OpenWrt est la 15.05.1 et porte le nom de <em>Chaos Calmer</em>.</p>
<p>Deux éléments sont nécessaires : un fichier qui sera le disque dur de la machine virtuelle, et un fichier de configuration. Dans le premier cas c'est très simple, il suffit d'aller le récupérer sur le site d'OpenWrt, de le placer dans un répertoire, et de le décompresser :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="err">@</span><span class="n">rogue</span><span class="p">:</span><span class="o">~</span><span class="c1"># mkdir -p /srv/xen/images/disk</span><span class="w"></span>
<span class="n">root</span><span class="err">@</span><span class="n">rogue</span><span class="p">:</span><span class="o">~</span><span class="c1"># cd /srv/xen/images/disk</span><span class="w"></span>
<span class="n">root</span><span class="err">@</span><span class="n">rogue</span><span class="p">:</span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="n">disk</span><span class="c1"># wget https://downloads.openwrt.org/latest/x86/xen_domu/openwrt-15.05.1-x86-xen_domu-combined-ext4.img.gzroot@rogue:/srv/xen/images/disk# zcat openwrt-15.05.1-x86-xen_domu-combined-ext4.img.gz > openwrt.img</span><span class="w"></span>
</code></pre></div>
<p>Continuons avec le fichier de configuration, basé sur un fichier d'exemple. Il doit se trouver dans /usr/pkg/etc/xen/, et se nomme tout simplement openwrt :</p>
<div class="highlight"><pre><span></span><code><span class="n">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"openwrt"</span><span class="w"></span>
<span class="n">uuid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"26824417-2dde-11e7-a2aa-00301bbde894"</span><span class="w"></span>
<span class="n">bootloader</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"/usr/pkg/bin/pygrub"</span><span class="w"></span>
<span class="n">extra</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"root=/dev/xvda2 rw"</span><span class="w"></span>
<span class="n">memory</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">128</span><span class="w"></span>
<span class="n">vcpus</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">1</span><span class="w"></span>
<span class="n">vif</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s1">'bridge=bridge0,mac=00:16:3E:00:00:01'</span><span class="w"> </span><span class="p">]</span><span class="w"></span>
<span class="n">disk</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s1">'/srv/xen/images/disk/openwrt.img,raw,xvda,rw'</span><span class="w"> </span><span class="p">]</span><span class="w"></span>
</code></pre></div>
<p>Maintenant que tout cela est en place, il ne reste plus qu'à lancer la machine virtuelle :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@rogue</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">xl</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="o">-</span><span class="n">c</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">xen</span><span class="o">/</span><span class="n">openwrt</span><span class="w"></span>
</code></pre></div>
<p>Une fois OpenWrt démarré, il suffit alors d'appuyer sur la touche entrée pour activer la console locale. Côté tests, il faut vérifier le nombre de processeurs (dans /proc/cpuinfo, il doit n'y en avoir qu'un), ainsi que la quantité de mémoire vive (dans /proc/meminfo, ou via free -m, on doit avoir 128 Mo). Si un serveur DHCP est présent, on peut facilement tester le réseau via udhcpc :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@OpenWrt</span><span class="err">:</span><span class="o">/</span><span class="err">#</span><span class="w"> </span><span class="n">udhcpc</span><span class="w"> </span><span class="o">-</span><span class="n">i</span><span class="w"> </span><span class="n">br</span><span class="o">-</span><span class="n">lan</span><span class="w"></span>
</code></pre></div>
<p>On peut désormais vérifier que le réseau est bien connecté.</p>
<p>Vous avez aimé cet article ? Alors partagez-le sur les réseaux sociaux ! Si en plus vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>
<p><em>Crédit photo : <a href="https://www.flickr.com/photos/marcosuk/2995294027/in/photolist-bEiYBV-5yjhGn-jn2zg-6XbeEt-6c5qwC-e7mGh-8xvUWD-4gNkcQ-gmq2dj-921mhJ-4yhA4x-9EVpBj-5qQcS4-uUVN8-wKonJq-5rpK3-8UayAc-qaQboF-4FKmj-n6r2qb-4AKCxg-4He9aP-5qUxvm-88ni6P-4tH4JW-bt4zbR-5yFEyt-7QLkdW-fgfozy-6kzPTG-8nqJ3b-8nqJzu-5qQcU8-5qQcYT-8nnCvX-9uniVc-cMA1Q-8nqLoQ-8nqM41-4DmsM3-AuZqQv-zxJvYj" title=""Colourful">Marcos Leal - Army</a></em></p>
<h2>Commentaires</h2>
<h3>Le 03/05/2017 14:35 par <a href="https://utux.fr">utux</a></h3>
<p>NetBSD ? Masochiste.</p>
<h3>Le 03/05/2017 15:05 par Nils</h3>
<p>Mais qu'est-ce que c'est bon ;-)</p>curl : utiliser une version plus récente sur macOS2017-04-04T11:30:00+02:002017-04-04T11:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-04-04:/post/2017/04/04/curl-utiliser-une-version-plus-recente-sur-macos/<p>Le système macOS dispose en standard de curl. Mais ce binaire n'est pas forcément dans une version assez récente, ou alors certaines options ne sont pas compilées.</p>
<h2>Installation de curl par pkgin</h2>
<p>Nous allons, grâce à pkgsrc, installer une autre version, sans toucher à celle installée par défaut. Pour cela …</p><p>Le système macOS dispose en standard de curl. Mais ce binaire n'est pas forcément dans une version assez récente, ou alors certaines options ne sont pas compilées.</p>
<h2>Installation de curl par pkgin</h2>
<p>Nous allons, grâce à pkgsrc, installer une autre version, sans toucher à celle installée par défaut. Pour cela, le prérequis est de suivre <a href="/post/2017/01/21/pkgsrc-installer-un-gestionnaire-de-paquets-pour-plus-de-logiciels-sur-macos">mon tutoriel pour installer pkgsrc</a>. Une fois que c'est fait, une commande suffit :</p>
<div class="highlight"><pre><span></span><code>sudo pkgin in curl
</code></pre></div>
<p>Comme vu dans les billets précédents, installer un logiciel grâce à pkgin est très simple. En plus, si la variable d'environnement \$PATH définit l'emplacement des programmes issus de pkgsrc avant ceux du système, la prochaine invocation de curl dans le terminal sera celle que nous venons d'installer.</p>
<p>Mais il se peut qu'on ait besoin de plus : par exemple, ajouter ou retirer des options de compilation. Passons donc à une autre méthode d'installation, via les sources.</p>
<h2>Installation de curl par compilation des sources</h2>
<p>Tout d'abord, comparons les versions et les options de compilation :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@dalaran</span><span class="o">-</span><span class="nl">wifi</span><span class="p">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">curl</span><span class="w"> </span><span class="o">-</span><span class="n">V</span><span class="w"></span>
<span class="n">curl</span><span class="w"> </span><span class="mf">7.51.0</span><span class="w"> </span><span class="p">(</span><span class="n">x86_64</span><span class="o">-</span><span class="n">apple</span><span class="o">-</span><span class="n">darwin16</span><span class="mf">.0</span><span class="p">)</span><span class="w"> </span><span class="n">libcurl</span><span class="o">/</span><span class="mf">7.51.0</span><span class="w"> </span><span class="n">SecureTransport</span><span class="w"> </span><span class="n">zlib</span><span class="o">/</span><span class="mf">1.2.8</span><span class="w"></span>
<span class="nl">Protocols</span><span class="p">:</span><span class="w"> </span><span class="n">dict</span><span class="w"> </span><span class="k">file</span><span class="w"> </span><span class="n">ftp</span><span class="w"> </span><span class="n">ftps</span><span class="w"> </span><span class="n">gopher</span><span class="w"> </span><span class="n">http</span><span class="w"> </span><span class="n">https</span><span class="w"> </span><span class="n">imap</span><span class="w"> </span><span class="n">imaps</span><span class="w"> </span><span class="n">ldap</span><span class="w"> </span><span class="n">ldaps</span><span class="w"> </span><span class="n">pop3</span><span class="w"> </span><span class="n">pop3s</span><span class="w"> </span><span class="n">rtsp</span><span class="w"> </span><span class="n">smb</span><span class="w"> </span><span class="n">smbs</span><span class="w"> </span><span class="n">smtp</span><span class="w"> </span><span class="n">smtps</span><span class="w"> </span><span class="n">telnet</span><span class="w"> </span><span class="n">tftp</span><span class="w"></span>
<span class="nl">Features</span><span class="p">:</span><span class="w"> </span><span class="n">AsynchDNS</span><span class="w"> </span><span class="n">IPv6</span><span class="w"> </span><span class="n">Largefile</span><span class="w"> </span><span class="n">GSS</span><span class="o">-</span><span class="n">API</span><span class="w"> </span><span class="n">Kerberos</span><span class="w"> </span><span class="n">SPNEGO</span><span class="w"> </span><span class="n">NTLM</span><span class="w"> </span><span class="n">NTLM_WB</span><span class="w"> </span><span class="n">SSL</span><span class="w"> </span><span class="n">libz</span><span class="w"> </span><span class="n">UnixSockets</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@dalaran</span><span class="o">-</span><span class="nl">wifi</span><span class="p">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">curl</span><span class="w"> </span><span class="o">-</span><span class="n">V</span><span class="w"></span>
<span class="n">curl</span><span class="w"> </span><span class="mf">7.53.1</span><span class="w"> </span><span class="p">(</span><span class="n">x86_64</span><span class="o">-</span><span class="n">apple</span><span class="o">-</span><span class="n">darwin13</span><span class="p">)</span><span class="w"> </span><span class="n">libcurl</span><span class="o">/</span><span class="mf">7.53.1</span><span class="w"> </span><span class="n">OpenSSL</span><span class="o">/</span><span class="mf">1.0.2</span><span class="n">k</span><span class="w"> </span><span class="n">zlib</span><span class="o">/</span><span class="mf">1.2.8</span><span class="w"> </span><span class="n">libssh2</span><span class="o">/</span><span class="mf">1.8.0</span><span class="w"> </span><span class="n">nghttp2</span><span class="o">/</span><span class="mf">1.20.0</span><span class="w"></span>
<span class="nl">Protocols</span><span class="p">:</span><span class="w"> </span><span class="n">dict</span><span class="w"> </span><span class="k">file</span><span class="w"> </span><span class="n">ftp</span><span class="w"> </span><span class="n">ftps</span><span class="w"> </span><span class="n">gopher</span><span class="w"> </span><span class="n">http</span><span class="w"> </span><span class="n">https</span><span class="w"> </span><span class="n">imap</span><span class="w"> </span><span class="n">imaps</span><span class="w"> </span><span class="n">ldap</span><span class="w"> </span><span class="n">ldaps</span><span class="w"> </span><span class="n">pop3</span><span class="w"> </span><span class="n">pop3s</span><span class="w"> </span><span class="n">rtsp</span><span class="w"> </span><span class="n">scp</span><span class="w"> </span><span class="n">sftp</span><span class="w"> </span><span class="n">smb</span><span class="w"> </span><span class="n">smbs</span><span class="w"> </span><span class="n">smtp</span><span class="w"> </span><span class="n">smtps</span><span class="w"> </span><span class="n">telnet</span><span class="w"> </span><span class="n">tftp</span><span class="w"></span>
<span class="nl">Features</span><span class="p">:</span><span class="w"> </span><span class="n">IPv6</span><span class="w"> </span><span class="n">Largefile</span><span class="w"> </span><span class="n">NTLM</span><span class="w"> </span><span class="n">NTLM_WB</span><span class="w"> </span><span class="n">SSL</span><span class="w"> </span><span class="n">libz</span><span class="w"> </span><span class="n">TLS</span><span class="o">-</span><span class="n">SRP</span><span class="w"> </span><span class="n">HTTP2</span><span class="w"> </span><span class="n">UnixSockets</span><span class="w"> </span><span class="n">HTTPS</span><span class="o">-</span><span class="n">proxy</span><span class="w"></span>
</code></pre></div>
<p>Une option dont on a besoin n'est pas présente ? Ce n'est pas grave, car on peut l'ajouter. L'étape suivante consiste à lister les options disponibles :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@dalaran</span><span class="o">-</span><span class="nl">wifi</span><span class="p">:</span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">/</span><span class="n">www</span><span class="o">/</span><span class="n">curl</span><span class="err">$</span><span class="w"> </span><span class="n">bmake</span><span class="w"> </span><span class="n">show</span><span class="o">-</span><span class="n">options</span><span class="w"></span>
<span class="ow">Any</span><span class="w"> </span><span class="k">of</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">following</span><span class="w"> </span><span class="k">general</span><span class="w"> </span><span class="n">options</span><span class="w"> </span><span class="n">may</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="nl">selected</span><span class="p">:</span><span class="w"></span>
<span class="n">gssapi</span><span class="w"> </span><span class="n">Enable</span><span class="w"> </span><span class="n">gssapi</span><span class="w"> </span><span class="p">(</span><span class="n">Kerberos</span><span class="w"> </span><span class="n">V</span><span class="p">)</span><span class="w"> </span><span class="n">support</span><span class="p">.</span><span class="w"></span>
<span class="n">http2</span><span class="w"> </span><span class="k">Add</span><span class="w"> </span><span class="n">support</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">HTTP</span><span class="o">/</span><span class="mf">2.</span><span class="w"></span>
<span class="n">inet6</span><span class="w"> </span><span class="n">Enable</span><span class="w"> </span><span class="n">support</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">IPv6</span><span class="p">.</span><span class="w"></span>
<span class="n">ldap</span><span class="w"> </span><span class="n">Enable</span><span class="w"> </span><span class="n">LDAP</span><span class="w"> </span><span class="n">support</span><span class="p">.</span><span class="w"></span>
<span class="n">libidn</span><span class="w"> </span><span class="k">Add</span><span class="w"> </span><span class="n">support</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">libidn</span><span class="w"> </span><span class="nc">text</span><span class="w"> </span><span class="n">conversion</span><span class="p">.</span><span class="w"></span>
<span class="n">libssh2</span><span class="w"> </span><span class="k">Use</span><span class="w"> </span><span class="n">libssh2</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">SSHv2</span><span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">support</span><span class="p">.</span><span class="w"></span>
<span class="n">rtmp</span><span class="w"> </span><span class="n">Enable</span><span class="w"> </span><span class="nl">rtmp</span><span class="p">:</span><span class="o">//</span><span class="w"> </span><span class="n">support</span><span class="w"> </span><span class="k">using</span><span class="w"> </span><span class="n">rtmpdump</span><span class="p">.</span><span class="w"></span>
<span class="n">These</span><span class="w"> </span><span class="n">options</span><span class="w"> </span><span class="k">are</span><span class="w"> </span><span class="n">enabled</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="k">default</span><span class="err">:</span><span class="w"></span>
<span class="n">inet6</span><span class="w"> </span><span class="n">libidn</span><span class="w"></span>
<span class="n">These</span><span class="w"> </span><span class="n">options</span><span class="w"> </span><span class="k">are</span><span class="w"> </span><span class="n">currently</span><span class="w"> </span><span class="nl">enabled</span><span class="p">:</span><span class="w"></span>
<span class="n">inet6</span><span class="w"> </span><span class="n">ldap</span><span class="w"> </span><span class="n">libidn</span><span class="w"> </span><span class="n">libssh2</span><span class="w"></span>
<span class="n">You</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="k">select</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">build</span><span class="w"> </span><span class="n">options</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">use</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="n">setting</span><span class="w"> </span><span class="n">PKG_DEFAULT_OPTIONS</span><span class="w"></span>
<span class="ow">or</span><span class="w"> </span><span class="n">PKG_OPTIONS</span><span class="p">.</span><span class="n">curl</span><span class="p">.</span><span class="w"></span>
</code></pre></div>
<p>On peut alors éditer _/opt/pkg/etc/mk.conf.local_ (en tant que root, ou via _sudo_) et ajouter des options, comme par exemple http2 :</p>
<div class="highlight"><pre><span></span><code>PKG_OPTIONS.curl+= http2
</code></pre></div>
<p>Et ensuite, on recompile :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@dalaran</span><span class="o">-</span><span class="nl">wifi</span><span class="p">:</span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">/</span><span class="n">www</span><span class="o">/</span><span class="n">curl</span><span class="err">$</span><span class="w"> </span><span class="n">bmake</span><span class="w"> </span><span class="n">package</span><span class="o">-</span><span class="n">install</span><span class="w"></span>
</code></pre></div>
<p>L'étape d'après est de vérifier la présence de l'option http2 :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@dalaran</span><span class="o">-</span><span class="nl">wifi</span><span class="p">:</span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">/</span><span class="n">www</span><span class="o">/</span><span class="n">curl</span><span class="err">$</span><span class="w"> </span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">curl</span><span class="w"> </span><span class="o">-</span><span class="n">V</span><span class="w"></span>
<span class="n">curl</span><span class="w"> </span><span class="mf">7.53.1</span><span class="w"> </span><span class="p">(</span><span class="n">x86_64</span><span class="o">-</span><span class="n">apple</span><span class="o">-</span><span class="n">darwin16</span><span class="p">)</span><span class="w"> </span><span class="n">libcurl</span><span class="o">/</span><span class="mf">7.53.1</span><span class="w"> </span><span class="n">OpenSSL</span><span class="o">/</span><span class="mf">1.0.2</span><span class="n">k</span><span class="w"> </span><span class="n">zlib</span><span class="o">/</span><span class="mf">1.2.8</span><span class="w"> </span><span class="n">libssh2</span><span class="o">/</span><span class="mf">1.8.0</span><span class="w"> </span><span class="n">nghttp2</span><span class="o">/</span><span class="mf">1.20.0</span><span class="w"></span>
<span class="nl">Protocols</span><span class="p">:</span><span class="w"> </span><span class="n">dict</span><span class="w"> </span><span class="k">file</span><span class="w"> </span><span class="n">ftp</span><span class="w"> </span><span class="n">ftps</span><span class="w"> </span><span class="n">gopher</span><span class="w"> </span><span class="n">http</span><span class="w"> </span><span class="n">https</span><span class="w"> </span><span class="n">imap</span><span class="w"> </span><span class="n">imaps</span><span class="w"> </span><span class="n">ldap</span><span class="w"> </span><span class="n">ldaps</span><span class="w"> </span><span class="n">pop3</span><span class="w"> </span><span class="n">pop3s</span><span class="w"> </span><span class="n">rtsp</span><span class="w"> </span><span class="n">scp</span><span class="w"> </span><span class="n">sftp</span><span class="w"> </span><span class="n">smb</span><span class="w"> </span><span class="n">smbs</span><span class="w"> </span><span class="n">smtp</span><span class="w"> </span><span class="n">smtps</span><span class="w"> </span><span class="n">telnet</span><span class="w"> </span><span class="n">tftp</span><span class="w"></span>
<span class="nl">Features</span><span class="p">:</span><span class="w"> </span><span class="n">IPv6</span><span class="w"> </span><span class="n">Largefile</span><span class="w"> </span><span class="n">NTLM</span><span class="w"> </span><span class="n">NTLM_WB</span><span class="w"> </span><span class="n">SSL</span><span class="w"> </span><span class="n">libz</span><span class="w"> </span><span class="n">TLS</span><span class="o">-</span><span class="n">SRP</span><span class="w"> </span><span class="n">HTTP2</span><span class="w"> </span><span class="n">UnixSockets</span><span class="w"> </span><span class="n">HTTPS</span><span class="o">-</span><span class="n">proxy</span><span class="w"></span>
</code></pre></div>
<p>En conclusion, il est très simple, grâce à pkgsrc, de disposer d'une autre version de logiciel que celle installée par défaut, et de la compiler avec les options dont on a besoin.</p>
<p>Si vous aimez cet article, partagez-le sur les réseaux sociaux. Si vous avez des remarques, ou des propositions d'améliorations, n'hésitez pas : les commentaires sont là pour ça !</p>Sysupgrade : mise à jour facile d'un système NetBSD2017-03-28T09:30:00+02:002017-03-28T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-03-28:/post/2017/03/28/sysupgrade-mise-a-jour-facile-d-un-systeme-netbsd/<p><a href="https://blog.netbsd.org/tnf/entry/netbsd_7_1_released" title=""NetBSD">NetBSD 7.1</a> est disponible. Comme d'habitude, il est recommandé de mettre à jour son système, en particulier car cette version apporte de nombreux correctifs de sécurité.</p>
<p>Historiquement, mettre à jour son système NetBSD se fait via le logiciel d'installation, <a href="https://www.netbsd.org/docs/guide/en/chap-upgrading.html#upgrading-sysinst" title=""Chapter">sysinst</a>. Cependant, cette méthode a le principal désavantage de nécessiter …</p><p><a href="https://blog.netbsd.org/tnf/entry/netbsd_7_1_released" title=""NetBSD">NetBSD 7.1</a> est disponible. Comme d'habitude, il est recommandé de mettre à jour son système, en particulier car cette version apporte de nombreux correctifs de sécurité.</p>
<p>Historiquement, mettre à jour son système NetBSD se fait via le logiciel d'installation, <a href="https://www.netbsd.org/docs/guide/en/chap-upgrading.html#upgrading-sysinst" title=""Chapter">sysinst</a>. Cependant, cette méthode a le principal désavantage de nécessiter de redémarrer sur l'installeur, et donc de rendre le système indisponible pendant toute la mise à jour.</p>
<p>Une deuxième possibilité consiste à décompresser soi-même les sets du système de base puis de lancer les commandes de post-installation, comme expliqué par exemple sur le <a href="http://wiki.gcu.info/doku.php?id=netbsd:upgrade_binaire" title=""Methode">wiki de GCU</a>.</p>
<p>Cette deuxième possibilité, certes plus rapide, est automatisable, mais nécessite un peu d'intelligence, comme le fait de n'installer que les sets nécessaires, un noyau différent de GENERIC (surtout dans le cas où on compile soi-même un noyau personnalisé), voire même d'effacer son répertoire de téléchargement après coup. Et cela tombe bien, car c'est ce que fait <a href="https://github.com/jmmv/sysupgrade/" title=""Automates">sysupgrade</a> ! A l'aide d'un simple fichier de configuration, celui-ci est capable de :</p>
<ul>
<li>télécharger les sets d'une version précise de NetBSD ;</li>
<li>remplacer votre noyau par le nouveau, automatiquement, ou en spécifiant un nom de configuration ;</li>
<li>d'effectuer les tâches de post-installation ;</li>
<li>et même de faire le ménage à la fin !</li>
</ul>
<p>Sysupgrade fait maintenant partie de la <a href="https://www.netbsd.org/docs/guide/en/chap-upgrading.html#using-sysupgrade" title=""Chapter">documentation officielle de mise à jour</a>. Pour l'utiliser, idéalement, une commande suffit :</p>
<div class="highlight"><pre><span></span><code># sysupgrade auto http://cdn.NetBSD.org/pub/NetBSD/NetBSD-7.1/amd64
</code></pre></div>
<p>En ce qui me concerne, j'ai choisi de m'assurer que certaines options sont activées dans _/usr/pkg/etc/sysupgrade.conf_, en particulier car la commande _config_, qui permet de détecter le nom de la configuration du noyau, est disponible dans le set _comp_, que je n'installe pas systématiquement (ce dernier permet de disposer d'outils de développement et de compilation, que j'estime inutiles sur un serveur web par exemple).Mon fichier de configuration ressemble donc à ceci :</p>
<div class="highlight"><pre><span></span><code>RELEASEDIR="http://cdn.netbsd.org/pub/NetBSD/NetBSD-7.1/$(uname -m)"
KERNEL=GENERIC
ETCUPDATE=yes
</code></pre></div>
<p>Ma commande de mise à jour se résume donc à un simple <em>sysupgrade auto</em>. En revanche, la post-installation sera déclenchée et me demandera si je souhaite mettre à jour certains fichiers de configuration. Il convient donc d'être particulièrement attentif lors de cette étape.</p>
<p>Des remarques, des propositions d'améliorations ? Où même des exemples supplémentaires ? Les commentaires sont là pour ça !</p>dmidecode : pour en savoir un peu plus sur son matériel2017-03-13T09:30:00+01:002017-03-13T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-03-13:/post/2017/03/13/dmidecode-pour-en-savoir-un-peu-plus-sur-son-materiel/<p>De nombreux outils libres de détection et d'information sur le matériel de son ordinateur existent. En vrac, lspci, lshw, et <a href="http://www.nongnu.org/dmidecode/" title="Dmidecode">dmidecode</a>. J'ai un peu mis le nez dans ce dernier récemment, et j'ai remarqué quelques options intéressantes, que je partage ici.</p>
<p>Habituellement, dmidecode est lancé, sans argument, en tant que …</p><p>De nombreux outils libres de détection et d'information sur le matériel de son ordinateur existent. En vrac, lspci, lshw, et <a href="http://www.nongnu.org/dmidecode/" title="Dmidecode">dmidecode</a>. J'ai un peu mis le nez dans ce dernier récemment, et j'ai remarqué quelques options intéressantes, que je partage ici.</p>
<p>Habituellement, dmidecode est lancé, sans argument, en tant que root. En effet, celui-ci a besoin d'accéder au matériel via le <a href="https://en.wikipedia.org/wiki/System_Management_BIOS" title=""System">SMBIOS</a>. Je ne copierai pas ici un exemple de sortie, car c'est assez long. On peut commencer par limiter un peu cette longueur, en utilisant l'option “-q”, pour <em>quiet</em>. La différence est assez notable, voici une comparaison (sous NetBSD, bien entendu) :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">wc</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"></span>
<span class="w"> </span><span class="mi">544</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">q</span><span class="o">|</span><span class="w"> </span><span class="n">wc</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"></span>
<span class="w"> </span><span class="mi">443</span><span class="w"></span>
</code></pre></div>
<p>Près de 100 lignes de différence, concernant principalement des entrées inactives et des méta-données. Cela devrait déjà aider en lisibilité.</p>
<p>Ensuite, il se peut qu'on cherche une information précise sur son système. Par exemple, le nombre de modules de mémoire vive, ainsi que le nombre total de modules présents :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">q</span><span class="w"> </span><span class="o">-</span><span class="n">t</span><span class="w"> </span><span class="n">memory</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="k">Size</span><span class="w"></span>
<span class="w"> </span><span class="k">Size</span><span class="err">:</span><span class="w"> </span><span class="mi">4096</span><span class="w"> </span><span class="n">MB</span><span class="w"></span>
<span class="w"> </span><span class="k">Size</span><span class="err">:</span><span class="w"> </span><span class="k">No</span><span class="w"> </span><span class="k">Module</span><span class="w"> </span><span class="n">Installed</span><span class="w"></span>
<span class="w"> </span><span class="k">Size</span><span class="err">:</span><span class="w"> </span><span class="k">No</span><span class="w"> </span><span class="k">Module</span><span class="w"> </span><span class="n">Installed</span><span class="w"></span>
<span class="w"> </span><span class="k">Size</span><span class="err">:</span><span class="w"> </span><span class="k">No</span><span class="w"> </span><span class="k">Module</span><span class="w"> </span><span class="n">Installed</span><span class="w"></span>
</code></pre></div>
<p>J'ai donc un module de 4 Go de mémoire vive, et la machine peut en accueillir trois autres. L'option “-t” peut prendre d'autres valeurs, il suffit de ne pas en indiquer pour avoir la liste.</p>
<p>Une autre option utile est “-s”, par exemple si on recherche des informations sur son processeur :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">processor</span><span class="o">-</span><span class="n">family</span><span class="w"></span>
<span class="n">Atom</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">processor</span><span class="o">-</span><span class="n">manufacturer</span><span class="w"></span>
<span class="n">Intel</span><span class="p">(</span><span class="n">R</span><span class="p">)</span><span class="w"> </span><span class="n">Corporation</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">processor</span><span class="o">-</span><span class="n">version</span><span class="w"></span>
<span class="n">Intel</span><span class="p">(</span><span class="n">R</span><span class="p">)</span><span class="w"> </span><span class="n">Atom</span><span class="p">(</span><span class="n">TM</span><span class="p">)</span><span class="w"> </span><span class="n">CPU</span><span class="w"> </span><span class="n">C2350</span><span class="w"> </span><span class="err">@</span><span class="w"> </span><span class="mf">1.74</span><span class="n">GHz</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">processor</span><span class="o">-</span><span class="n">frequency</span><span class="w"></span>
<span class="mi">1743</span><span class="w"> </span><span class="n">MHz</span><span class="w"></span>
</code></pre></div>
<p>Cette option peut aussi prendre d'autres valeurs, et comme pour la précédente, il suffit de ne pas en indiquer pour avoir la liste.</p>
<p>Là où j'ai beaucoup ri, c'est quand je suis allé chercher des informations sur le système et le baseboard :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="k">system</span><span class="o">-</span><span class="n">manufacturer</span><span class="w"></span>
<span class="n">Online</span><span class="w"> </span><span class="n">Labs</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="k">system</span><span class="o">-</span><span class="n">product</span><span class="o">-</span><span class="n">name</span><span class="w"></span>
<span class="n">SR</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="k">system</span><span class="o">-</span><span class="n">version</span><span class="w"></span>
<span class="p">(</span><span class="o">^</span><span class="n">_</span><span class="o">^</span><span class="p">)</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="k">system</span><span class="o">-</span><span class="n">serial</span><span class="o">-</span><span class="n">number</span><span class="w"></span>
<span class="mi">42</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">baseboard</span><span class="o">-</span><span class="n">manufacturer</span><span class="w"></span>
<span class="n">Online</span><span class="w"> </span><span class="n">Labs</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">baseboard</span><span class="o">-</span><span class="n">product</span><span class="o">-</span><span class="n">name</span><span class="w"></span>
<span class="n">SR</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">baseboard</span><span class="o">-</span><span class="n">version</span><span class="w"></span>
<span class="mi">42</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">baseboard</span><span class="o">-</span><span class="n">serial</span><span class="o">-</span><span class="n">number</span><span class="w"></span>
<span class="mi">42</span><span class="w"></span>
<span class="n">root</span><span class="nv">@shell2</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">dmidecode</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">baseboard</span><span class="o">-</span><span class="n">asset</span><span class="o">-</span><span class="n">tag</span><span class="w"></span>
<span class="mi">42</span><span class="w"></span>
</code></pre></div>
<p>On remarque donc que le constructeur de la machine peut y mettre un peu ce qu'il veut. On reconnaît ici clairement un serveur Dédibox.</p>
<p>Pour plus de détails, <a href="https://linux.die.net/man/8/dmidecode" title="dmidecode(8)">la page de manuel</a> reste incontournable.</p>
<p>Des remarques, des propositions d'améliorations ? Où même des exemples amusants sur certains systèmes particuliers ? Les commentaires sont là pour ça !</p>pbulk : compilation massive de paquets pkgsrc2017-02-27T09:30:00+01:002017-02-27T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-02-27:/post/2017/02/27/pbulk-compilation-massive-de-paquets-pkgsrc/<p>Je continue dans ma série de billets sur <a href="/tag/pkgsrc">pkgsrc</a>, mais cette fois-ci on retourne sous NetBSD. L'objectif aujourd'hui est de construire de nombreux paquets (idéalement tous, ou alors une liste précise) binaires et de créer un dépôt pour ceux-ci. On appelle cela un <em>bulk build</em> lorsqu'on tente de construire tous …</p><p>Je continue dans ma série de billets sur <a href="/tag/pkgsrc">pkgsrc</a>, mais cette fois-ci on retourne sous NetBSD. L'objectif aujourd'hui est de construire de nombreux paquets (idéalement tous, ou alors une liste précise) binaires et de créer un dépôt pour ceux-ci. On appelle cela un <em>bulk build</em> lorsqu'on tente de construire tous les paquets disponibles, et un <em>partial bulk build</em> lorsqu'on décide de n'en construire qu'une partie, en inscrivant ceux-ci dans un fichier de liste.</p>
<p>Précisons que ce contenu est en partie basé sur le tutoriel du wiki officiel : <em><a href="https://wiki.netbsd.org/tutorials/pkgsrc/pbulk/" title=""Using">Using pbulk to create a pkgsrc binary repository</a></em>. Si vous préférez la langue de Shakespeare, cela peut s'avérer un bon point de départ.</p>
<h2>Préparation</h2>
<p>Effectuer ce genre d'opérations requiert idéalement un système dédié, matériel ou virtuel. Dans mon cas, j'ai opté un Raspberry Pi 2B.</p>
<p><img alt=""braverthanithought.jpg"" src="https://blog.anotherhomepage.org/public/memes/braverthanithought.jpg" title=""extrait"></p>
<p>Bon, on va pas se faire d'illusion, c'est juste pour du bulk build partiel, n'imaginons même pas tenter de construire tous les paquets disponibles sans une cinquantaine de ces trucs.</p>
<p>Côté ressources, il est donc préférable d'avoir plusieurs coeurs, 1 giga-octet de mémoire vive minimum, et quelques dizaines de giga-octets d'espace disque. Au niveau du partitionnement, c'est un peu comme on veut tant que l'endroit où on crée la sandbox (et les paquets) est assez grand. Dans mon cas, j'ai fait un choix très simpliste, vu que le Pi ne sert qu'à cela : un / sur une carte SD de 32 giga-octets. Le répertoire pour créer les sandbox est tout simplement <em>/srv/sandbox</em>.</p>
<p>Concernant l'installation de l'OS, là aussi on va se faciliter l'existence, il suffit d'installer tous les sets, sauf les codes sources du noyau et du système (encore moins de la partie graphique). Exemple sur le Pi, la liste des sets installés :</p>
<div class="highlight"><pre><span></span><code>$ ls -hl /etc/mtree/
total <span class="m">5</span>.7M
-r--r--r-- <span class="m">1</span> root wheel 57K Sep <span class="m">25</span> <span class="m">2015</span> NetBSD.dist
-r--r--r-- <span class="m">1</span> root wheel 749K Sep <span class="m">25</span> <span class="m">2015</span> set.base
-r--r--r-- <span class="m">1</span> root wheel <span class="m">2</span>.4M Sep <span class="m">25</span> <span class="m">2015</span> set.comp
-r--r--r-- <span class="m">1</span> root wheel 43K Sep <span class="m">25</span> <span class="m">2015</span> set.etc
-r--r--r-- <span class="m">1</span> root wheel 43K Sep <span class="m">25</span> <span class="m">2015</span> set.games
-r--r--r-- <span class="m">1</span> root wheel 815K Sep <span class="m">25</span> <span class="m">2015</span> set.man
-r--r--r-- <span class="m">1</span> root wheel 96K Sep <span class="m">25</span> <span class="m">2015</span> set.misc
-r--r--r-- <span class="m">1</span> root wheel 26K Sep <span class="m">25</span> <span class="m">2015</span> set.modules
-r--r--r-- <span class="m">1</span> root wheel 90K Sep <span class="m">25</span> <span class="m">2015</span> set.text
-r--r--r-- <span class="m">1</span> root wheel 193K Sep <span class="m">25</span> <span class="m">2015</span> set.xbase
-r--r--r-- <span class="m">1</span> root wheel 473K Sep <span class="m">25</span> <span class="m">2015</span> set.xcomp
-r--r--r-- <span class="m">1</span> root wheel 11K Sep <span class="m">25</span> <span class="m">2015</span> set.xetc
-r--r--r-- <span class="m">1</span> root wheel 761K Sep <span class="m">25</span> <span class="m">2015</span> set.xfont
-r--r--r-- <span class="m">1</span> root wheel 17K Sep <span class="m">25</span> <span class="m">2015</span> set.xserver
-r--r--r-- <span class="m">1</span> root wheel 18K Sep <span class="m">25</span> <span class="m">2015</span> special
</code></pre></div>
<p>Par contre, dans certains cas, l'absence de /usr/src ou de /usr/xsrc peut arrêter net certaines manipulations. IL faut donc penser à les créer (en tant que root) : <em>mkdir /usr/src && mkdir /usr/xsrc</em>. Il n'est pas nécessaire d'installer pkgsrc, mais disposer au moins d'un dépôt de paquets binaires peut être une bonne idée (la dernière version stable suffira). Il s'agit plus d'une question de préférence ici.</p>
<h2>Création et configuration de la sandbox</h2>
<p>Nous allons donc créer une sandbox qui va contenir l'installation de l'outil pbulk. Cela a plusieurs avantages :</p>
<ul>
<li>on peut créer plusieurs sandbox pour tester différents cas, comme une version différente de pkgsrc ou des options de compilation ;</li>
<li>si une sandbox ne fonctionne plus, il est possible d'en créer une autre, voire même de scripter son installation pour aller plus vite ;</li>
<li>on pourra installer son petit confort sur le système hébergeant la sandbox (qui a dit bash, vim et git ?), et aussi installer des outils de supervision ou de métrologie.</li>
</ul>
<p>Ne soyons pas non plus trop optimistes sur la pérennité du système, dans le cas du Pi, j'en suis à la troisième réinstallation (une carte SD n'est pas un disque dur, une clé USB non plus).</p>
<p>Pour créer la sandbox, installons <a href="http://pkgsrc.se/pkgtools/mksandbox" title=""mksandbox">mksandbox</a>. Cet outil est en fait un script shell qui va utiliser des points de montage de type <em>null mountpoint</em> pour faciliter la création de nos espaces de création de paquet et éviter de recopier tout le contenu du système hôte. Au moment de l'écriture de ce billet, la version en date est la 1.7, disponible dans pkgsrc-2016Q4. Au choix, on peut <em>pkgin in mksandbox</em>, <em>pkg_add -v mksandbox</em>, ou bien <em>cd /usr/pkgsrc/pkgtools/mksandbox && make install clean clean-depends</em>.</p>
<p>Une fois mksandbox installé, créons notre premier bac à sable (en tant que root) :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># mksandbox --without-pkgsrc /srv/sandbox/pkgsrc-2016q4</span><span class="w"></span>
<span class="n">Make</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">populate</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">dev</span><span class="w"></span>
<span class="n">Make</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">populate</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">etc</span><span class="w"></span>
<span class="n">Make</span><span class="w"> </span><span class="n">empty</span><span class="w"> </span><span class="n">dirs</span><span class="w"> </span><span class="n">upon</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">mount</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="n">mounts</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="n">tmp</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">games</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">run</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="nb">log</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">spool</span><span class="o">/</span><span class="n">lock</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">utmp</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">utmpx</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="nb">log</span><span class="o">/</span><span class="n">wtmp</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="nb">log</span><span class="o">/</span><span class="n">wtmpx</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="nb">log</span><span class="o">/</span><span class="n">lastlog</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Making</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="nb">log</span><span class="o">/</span><span class="n">lastlogx</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Mount</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">src</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Mount</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">xsrc</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="w"></span>
<span class="n">Sandbox</span><span class="w"> </span><span class="n">creation</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">now</span><span class="w"> </span><span class="n">complete</span><span class="w"></span>
</code></pre></div>
<p>La sandbox est d'ailleurs déjà montée à l'issue de sa création :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># mount | grep 2016q4</span><span class="w"></span>
<span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">X11R7</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">X11R7</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">games</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">games</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libdata</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libdata</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">mail</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">mail</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">src</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">src</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">xsrc</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">sandbox</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">q4</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">xsrc</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="nb nb-Type">null</span><span class="w"> </span><span class="p">(</span><span class="n">read</span><span class="o">-</span><span class="n">only</span><span class="p">,</span><span class="w"> </span><span class="n">local</span><span class="p">)</span><span class="w"></span>
</code></pre></div>
<p>Profitons-en pour découvrir le script de montage, démontage, et d'entrée dans la sandbox, qui se nomme <em>sandbox</em> et se trouve à la racine de celle-ci. Dans mon cas c'est donc <em>/srv/sandbox/pkgsrc-2016q4</em>.</p>
<p>Pour démonter la sandbox, c'est donc :</p>
<div class="highlight"><pre><span></span><code># /srv/sandbox/pkgsrc-2016q4/sandbox umount
</code></pre></div>
<p>Pour monter la sandbox, c'est :</p>
<div class="highlight"><pre><span></span><code># /srv/sandbox/pkgsrc-2016q4/sandbox umount
</code></pre></div>
<p>Et pour entrer dans la sandbox, c'est :</p>
<div class="highlight"><pre><span></span><code># /srv/sandbox/pkgsrc-2016q4/sandbox chroot
</code></pre></div>
<p>Démontons-donc la sandbox, et avant de la remonter, éditons le script de sandbox. Les lignes 16 à 33 montrent la liste des répertoires à monter, et nous allons en ajouter une, qui permettra à la sandbox d'envoyer des mails (c'est donc optionnel mais pratique parfois). Il s'agit du répertoire <em>/var/spool</em>. Dans mon cas, le résultat est donc :</p>
<div class="highlight"><pre><span></span><code><span class="n">fses</span><span class="o">=</span><span class="s2">"</span><span class="se">\\</span>
<span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">X11R7</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">X11R7</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">games</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">games</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">lib</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libdata</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libdata</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">libexec</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">sbin</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">mail</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">mail</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">src</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">src</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">xsrc</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">xsrc</span><span class="w"> </span><span class="n">ro</span><span class="w"> </span>\\<span class="w"></span>
<span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">spool</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">spool</span><span class="w"> </span><span class="n">rw</span><span class="w"> </span>\\<span class="w"></span>
<span class="s2">"</span>
</code></pre></div>
<p>Notons qu'il s'agit du seul répertoire accessible en écriture. Nous pouvons alors monter la sandbox, et y entrer.</p>
<p>Notre sandbox est crée, mais il nous faut ajouter quelques éléments avant d'installer pbulk. Par exemple, il nous manque pkgsrc. Installons donc ce dernier :</p>
<div class="highlight"><pre><span></span><code><span class="n">netpi2</span><span class="err">#</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="o">/</span><span class="n">root</span><span class="o">/</span><span class="p">.</span><span class="n">ssh</span><span class="w"></span>
<span class="n">netpi2</span><span class="err">#</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="w"> </span>
<span class="n">netpi2</span><span class="err">#</span><span class="w"> </span><span class="n">cvs</span><span class="w"> </span><span class="o">-</span><span class="n">d</span><span class="w"> </span><span class="n">anoncvs</span><span class="nv">@anoncvs</span><span class="p">.</span><span class="n">netbsd</span><span class="p">.</span><span class="nl">org</span><span class="p">:</span><span class="o">/</span><span class="n">cvsroot</span><span class="w"> </span><span class="n">co</span><span class="w"> </span><span class="o">-</span><span class="n">rpkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="n">Q4</span><span class="w"> </span><span class="n">pkgsrc</span><span class="w"></span>
</code></pre></div>
<p>Dans le cas d'une installation de pkgsrc-current, il suffit de retirer la partie <em>-rpkgsrc-2016Q4</em> de la commande précédente.Sauf que, dans mon cas, le Raspberry Pi (ou bien sa carte SD) ne tient pas le coup et abandonne avant la fin du checkout. Procédons à l'alternative :</p>
<div class="highlight"><pre><span></span><code><span class="nv">netpi2</span># <span class="nv">mkdir</span> <span class="o">-</span><span class="nv">p</span> <span class="o">/</span><span class="nv">root</span><span class="o">/</span>.<span class="nv">ssh</span>
<span class="nv">netpi2</span># <span class="nv">cd</span> <span class="o">/</span><span class="nv">usr</span>
<span class="nv">netpi2</span># <span class="nv">ftp</span> <span class="nv">http</span>:<span class="o">//</span><span class="nv">cdn</span>.<span class="nv">netbsd</span>.<span class="nv">org</span><span class="o">/</span><span class="nv">pub</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span>.<span class="nv">tar</span>.<span class="nv">xz</span>
<span class="nv">Trying</span> <span class="mi">2</span><span class="nv">a04</span>:<span class="mi">4</span><span class="nv">e42</span>:<span class="mi">4</span>::<span class="mi">262</span>:<span class="mi">80</span> ...
<span class="nv">ftp</span>: <span class="nv">Can</span><span class="s1">'</span><span class="s">t connect to `2a04:4e42:4::262:80</span><span class="s1">'</span>: <span class="nv">No</span> <span class="nv">route</span> <span class="nv">to</span> <span class="nv">host</span>
<span class="nv">Trying</span> <span class="mi">151</span>.<span class="mi">101</span>.<span class="mi">61</span>.<span class="mi">6</span>:<span class="mi">80</span> ...
<span class="nv">Requesting</span> <span class="nv">http</span>:<span class="o">//</span><span class="nv">cdn</span>.<span class="nv">netbsd</span>.<span class="nv">org</span><span class="o">/</span><span class="nv">pub</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span>.<span class="nv">tar</span>.<span class="nv">xz</span>
<span class="mi">100</span><span class="o">%</span> <span class="o">|*************************************************************************************************************************************************************************************************|</span> <span class="mi">37422</span> <span class="nv">KiB</span> <span class="mi">2</span>.<span class="mi">65</span> <span class="nv">MiB</span><span class="o">/</span><span class="nv">s</span> <span class="mi">00</span>:<span class="mi">00</span> <span class="nv">ETA</span>
<span class="mi">38320872</span> <span class="nv">bytes</span> <span class="nv">retrieved</span> <span class="nv">in</span> <span class="mi">00</span>:<span class="mi">13</span> <span class="ss">(</span><span class="mi">2</span>.<span class="mi">65</span> <span class="nv">MiB</span><span class="o">/</span><span class="nv">s</span><span class="ss">)</span>
<span class="nv">netpi2</span># <span class="nv">unxz</span> <span class="o">-</span><span class="nv">v</span> <span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span>.<span class="nv">tar</span>.<span class="nv">xz</span>
<span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span>.<span class="nv">tar</span>.<span class="nv">xz</span> <span class="ss">(</span><span class="mi">1</span><span class="o">/</span><span class="mi">1</span><span class="ss">)</span>
<span class="mi">100</span> <span class="o">%</span> <span class="mi">36</span>.<span class="mi">5</span> <span class="nv">MiB</span> <span class="o">/</span> <span class="mi">437</span>.<span class="mi">1</span> <span class="nv">MiB</span> <span class="o">=</span> <span class="mi">0</span>.<span class="mi">084</span> <span class="mi">8</span>.<span class="mi">8</span> <span class="nv">MiB</span><span class="o">/</span><span class="nv">s</span> <span class="mi">0</span>:<span class="mi">49</span>
<span class="nv">netpi2</span># <span class="nv">tar</span> <span class="o">-</span><span class="nv">xvpf</span> <span class="nv">pkgsrc</span><span class="o">-</span><span class="mi">2016</span><span class="nv">Q4</span>.<span class="nv">tar</span>
# <span class="nv">non</span>, <span class="nv">je</span> <span class="nv">ne</span> <span class="nv">copierai</span> <span class="nv">pas</span> <span class="nv">la</span> <span class="nv">sortie</span> <span class="nv">d</span><span class="s1">'</span><span class="s">un tar verbose de pkgsrc.</span>
<span class="nv">netpi2</span># <span class="nv">cd</span> <span class="nv">pkgsrc</span> <span class="o">&&</span> <span class="nv">cvs</span> <span class="nv">update</span> <span class="o">-</span><span class="nv">dP</span>
</code></pre></div>
<p>Note pour plus tard : <em>bsdtar</em> ne prend pas en compte nativement le format xz. En attendant, les archives au format bzip2 c'est pas mal.</p>
<h2>Installation et configuration de pbulk</h2>
<p>Avant d'installer pbulk, il convient de comprendre certains détails. Pbulk s'installe via pkgsrc, mais tous les paquets qui vont être créés par la suite le seront aussi, et probablement désinstallés. Cela risque donc d'influer sur les dépendances de pbulk. L'idée est donc d'installer pbulk non pas dans l'emplacement habituel des paquets <em>/usr/pkg/</em> mais dans un autre endroit, qui se trouve être <em>/usr/pbulk</em>.</p>
<p>En préalable à l'installation de pbulk, initialisons un fichier d'options de compilation, nommé mk.conf.frag :</p>
<div class="highlight"><pre><span></span><code><span class="n">PKG_DEVELOPER</span><span class="o">=</span><span class="n">yes</span><span class="w"></span>
<span class="n">MAKE_JOBS</span><span class="o">=</span><span class="mi">3</span><span class="w"></span>
<span class="n">SKIP_LICENSE_CHECK</span><span class="o">=</span><span class="n">yes</span><span class="w"></span>
<span class="n">PKG_COMPILER</span><span class="o">=</span><span class="n">ccache</span><span class="w"> </span><span class="n">gcc</span><span class="w"></span>
<span class="n">PKG_RCD_SCRIPTS</span><span class="o">=</span><span class="n">yes</span><span class="w"></span>
<span class="n">ALLOW_VULNERABLE_PACKAGES</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">PKG_DEFAULT_OPTIONS</span><span class="o">+=</span><span class="w"></span>
<span class="n">KRB5_ACCEPTED</span><span class="o">=</span><span class="n">heimdal</span><span class="w"> </span><span class="n">mit</span><span class="o">-</span><span class="n">krb5</span><span class="w"></span>
<span class="n">USE_CWRAPPERS</span><span class="o">=</span><span class="n">yes</span><span class="w"></span>
<span class="n">PKG_OPTIONS</span><span class="o">.</span><span class="n">irssi</span><span class="o">+=</span><span class="w"> </span><span class="n">ssl</span><span class="w"> </span><span class="n">perl</span><span class="w"> </span><span class="n">inet6</span><span class="w"></span>
<span class="n">PKGCHK_CONF</span><span class="err">?</span><span class="o">=</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pkgchk</span><span class="o">.</span><span class="n">conf</span><span class="w"></span>
<span class="n">DEPENDS_TARGET</span><span class="o">=</span><span class="w"> </span><span class="n">bulk</span><span class="o">-</span><span class="n">install</span><span class="w"></span>
<span class="n">BATCH</span><span class="o">=</span><span class="w"> </span><span class="n">yes</span><span class="w"></span>
<span class="n">BULK_PREREQ</span><span class="o">+=</span><span class="w"> </span><span class="n">pkgtools</span><span class="o">/</span><span class="n">lintpkgsrc</span><span class="w"></span>
<span class="n">BULK_PREREQ</span><span class="o">+=</span><span class="w"> </span><span class="n">pkgtools</span><span class="o">/</span><span class="n">pkg_install</span><span class="w"></span>
<span class="n">BULK_PREREQ</span><span class="o">+=</span><span class="w"> </span><span class="n">devel</span><span class="o">/</span><span class="n">ccache</span><span class="w"></span>
<span class="c1"># http://wiki.netbsd.org/tutorials/pkgsrc/cross_compile_distcc/</span><span class="w"></span>
<span class="o">.</span><span class="k">for</span><span class="w"> </span><span class="n">DISTCCDEPS</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">devel</span><span class="o">/</span><span class="n">ccache</span><span class="w"> </span><span class="n">sysutils</span><span class="o">/</span><span class="n">checkperms</span><span class="w"> </span><span class="n">pkgtools</span><span class="o">/</span><span class="n">digest</span><span class="w"> </span><span class="n">devel</span><span class="o">/</span><span class="n">distcc</span><span class="w"> </span><span class="n">devel</span><span class="o">/</span><span class="n">popt</span><span class="w"> </span><span class="n">devel</span><span class="o">/</span><span class="n">libtool</span><span class="o">-</span><span class="n">base</span><span class="w"> </span><span class="n">lang</span><span class="o">/</span><span class="n">f2c</span><span class="w"> </span><span class="n">devel</span><span class="o">/</span><span class="n">gmake</span><span class="w"></span>
<span class="o">.</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="s2">"${PKGPATH}"</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="s2">"${DISTCCDEPS}"</span><span class="w"></span>
<span class="n">IGNORE_DISTCC</span><span class="o">=</span><span class="w"> </span><span class="n">yes</span><span class="w"></span>
<span class="n">IGNORE_CCACHE</span><span class="o">=</span><span class="w"> </span><span class="n">yes</span><span class="w"></span>
<span class="o">.</span><span class="w"> </span><span class="n">endif</span><span class="w"></span>
<span class="o">.</span><span class="n">endfor</span><span class="w"></span>
<span class="n">WRKOBJDIR</span><span class="o">=</span><span class="w"> </span><span class="o">/</span><span class="n">tmp</span><span class="w"></span>
<span class="n">PACKAGES</span><span class="o">=</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">packages</span><span class="w"></span>
<span class="n">DISTDIR</span><span class="o">=</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">distfiles</span><span class="w"></span>
</code></pre></div>
<p>L'idée est d'indiquer ici des options de personnalisation de compilation. Il est possible de comprendre à quoi correspondent ces options en allant jeter un œil dans le répertoire <em>/usr/pkgsrc/mk/defaults/</em>, mais je vais malgré tout m'attarder sur l'une d'entre elles : <em>MAKE_JOBS</em>. Cette directive permet d'utiliser plusieurs commandes <em>make</em> en parallèle, et il convient de l'ajuster selon le nombre de cœurs ou de threads de votre ordinateurs. Généralement une règle simple serait au minimum "nombre de processeurs +1". Mais, le Raspberry PI, malgré ses 4 cœurs, ne tient pas le coup, j'ai donc abaissé la valeurs à 3. A noter que le contenu de ce mk.conf.frag sera copié lors de l'installation de pbulk dans le fichier <em>/etc/mk.conf</em>. On pourra le modifier entre deux builds, pas besoin de relancer l'installation. Tiens, d'ailleurs, lançons-là :</p>
<div class="highlight"><pre><span></span><code>sh /usr/pkgsrc/mk/pbulk/pbulk.sh -n -c mk.conf.frag
</code></pre></div>
<p>Une fois pbulk installé, configurons son fichier principal : <em>/usr/pbulk/etc/pbulk.conf</em>. Je ne vais pas détailler toutes les options, mais juste celles que je modifie. Commençons d'ailleurs par ajouter les deux lignes suivantes juste après la première :</p>
<div class="highlight"><pre><span></span><code>ulimit -t 3600 # set the limit on CPU time (in seconds)
ulimit -v 2097152 # limits process address space
</code></pre></div>
<p>Comme l'indiquent les commentaires en anglais (recopiés textuellement depuis la page wiki du début du billet), ils servent à limiter la consommation CPU de nos builds, au cas où. Je choisis ensuite l'URL du rapport de bulk build :</p>
<div class="highlight"><pre><span></span><code>base_url=http://pkg.anotherhomepage.org/pub/pkgsrc/reports/NetBSD/earmv6hf/7.0_2016Q
</code></pre></div>
<p>Ce rapport va me permettre de voir quels paquets n'ont pu être construits, et surtout de comprendre pourquoi grâce aux fichiers de log.</p>
<p>Avant la construction des paquets, une phase permet de lister ceux-ci et de déterminer l'ordre dans lequel les construire. Cette étape se nomme le "scan". Pour accélérer cette étape, nous pouvons conserver le résultat du scan d'un build précédent. Pour cela :</p>
<div class="highlight"><pre><span></span><code>reuse_scan_results=yes
</code></pre></div>
<p>Il est possible d'utiliser plusieurs machines avec pbulk. Ce n'est pas notre cas ici :</p>
<div class="highlight"><pre><span></span><code>master_mode=no
</code></pre></div>
<p>On passe alors aux options de publication des paquets, via rsync :</p>
<div class="highlight"><pre><span></span><code><span class="n">pkg_rsync_args</span><span class="o">=</span><span class="ss">"-rltoDPq"</span><span class="w"></span>
<span class="n">pkg_rsync_target</span><span class="o">=</span><span class="ss">"user@host:/chemin/vers/les/paquets/"</span><span class="w"></span>
<span class="n">report_rsync_args</span><span class="o">=</span><span class="ss">"-rltoDPq"</span><span class="w"></span>
<span class="n">report_rsync_target</span><span class="o">=</span><span class="ss">"user@host:/chemin/vers/les/rapports/"</span><span class="w"></span>
</code></pre></div>
<p>Le build est long, c'est pratique d'avoir un mail quand c'est fini, et qui contient le rapport :</p>
<div class="highlight"><pre><span></span><code><span class="n">report_subject_prefix</span><span class="o">=</span><span class="ss">"pkgsrc-2016Q4"</span><span class="w"></span>
<span class="n">report_recipients</span><span class="o">=</span><span class="ss">"adresse@domaine.valide"</span><span class="w"></span>
</code></pre></div>
<p>C'est d'ailleurs l'occasion de parler du <a href="https://bulktracker.appspot.com/" title="BulkTracker">BulkTracker</a>, qui permet de suivre différents bulk builds. Pour y participer, il suffit d'ajouter dans dans <em>report_recipients</em> l'adresse <em>pkgsrc-bulk chez NetBSD point org</em>.</p>
<p>On parlait de bulk buid partiel, on peut spécifier un fichier contenant une liste de paquets pour ne pas avoir à compiler tous les paquets :</p>
<div class="highlight"><pre><span></span><code>limited_list=/etc/pkgchk.conf
</code></pre></div>
<p>Dans ce fichier, chaque paquet est sur sa propre ligne. Pour le moment, on peut démarrer avec juste <em>pkgtools/pkgin</em> dedans.</p>
<p>Je choisis ensuite de modifier certains répertoires, celui qui contient les logs de construction des paquets, et celui qui contient les paquets :</p>
<div class="highlight"><pre><span></span><code>bulklog=/srv/bulklog
packages=/srv/packages
</code></pre></div>
<p>Ne pas oublier aussi, surtout pour NetBSD, de bien positionner la variable <em>make</em> :</p>
<div class="highlight"><pre><span></span><code>make=/usr/bin/make
</code></pre></div>
<p>Dernier détail, la fin du fichier contient quelques redéfinitions de variables, donc attention de les mettre en commentaire !</p>
<h2>Et tu bulk, et tu bulk, et tu bulk (mais sans t-shirt jaune ni planche de surf)</h2>
<p>Avant de lancer la construction à proprement parler, petit avertissement : il est plus que recommandé d'utiliser screen ou tmux, car cela prend énormément de temps !</p>
<p>Lançons pbulk :</p>
<div class="highlight"><pre><span></span><code><span class="o">/</span><span class="nv">usr</span><span class="o">/</span><span class="nv">pbulk</span><span class="o">/</span><span class="nv">bin</span><span class="o">/</span><span class="nv">bulkbuild</span>
<span class="nv">Warning</span>: <span class="nv">All</span> <span class="nv">log</span> <span class="nv">files</span> <span class="nv">of</span> <span class="nv">the</span> <span class="nv">previous</span> <span class="nv">pbulk</span> <span class="nv">run</span> <span class="nv">will</span> <span class="nv">be</span>
<span class="nv">removed</span> <span class="nv">in</span> <span class="mi">5</span> <span class="nv">seconds</span>. <span class="k">If</span> <span class="nv">you</span> <span class="nv">want</span> <span class="nv">to</span> <span class="nv">abort</span>, <span class="nv">press</span> <span class="nv">Ctrl</span><span class="o">-</span><span class="nv">C</span>.
<span class="nv">Removing</span> <span class="nv">old</span> <span class="nv">scan</span> <span class="nv">results</span>
</code></pre></div>
<p>Si jamais un paquet ne fonctionne pas, mais qu'après mise à jour, il peut compiler, il est possible de ne pas tout recompiler :</p>
<div class="highlight"><pre><span></span><code>/usr/pbulk/bin/bulkbuild-rebuild category/pkgname
</code></pre></div>
<p>Il est aussi possible de reprendre un build arrêté inopinément :</p>
<div class="highlight"><pre><span></span><code>/usr/pbulk/bin/bulkbuild-restart
</code></pre></div>
<p>J'espère que malgré la longueur, ce billet saura se montrer utile et intéressant. Comme toujours, les commentaires sont là pour accueillir remarques, questions et compléments !</p>dehydrated, un client alternatif pour Let's Encrypt2017-01-16T09:30:00+01:002017-01-16T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2017-01-16:/post/2017/01/16/dehydrated,-un-client-alternatif-pour-Let-s-Encrypt/<p>Après quelques galères avec <a href="https://github.com/certbot/certbot" title=""Certbot,">Certbot</a>, j'ai découvert <a href="https://github.com/lukas2511/dehydrated" title=""dehydrated,">dehydrated</a>, un client pour Let's Encrypt écrit en Bash.</p>
<p>Depuis plusieurs semaines, voire mois, le client officiel de l'autorité de certification Let's Encrypt, Certbot, ne fonctionne plus sous NetBSD. Cela semble venir du fait que Python, dont dépend Certbot, est compilé avec PaX …</p><p>Après quelques galères avec <a href="https://github.com/certbot/certbot" title=""Certbot,">Certbot</a>, j'ai découvert <a href="https://github.com/lukas2511/dehydrated" title=""dehydrated,">dehydrated</a>, un client pour Let's Encrypt écrit en Bash.</p>
<p>Depuis plusieurs semaines, voire mois, le client officiel de l'autorité de certification Let's Encrypt, Certbot, ne fonctionne plus sous NetBSD. Cela semble venir du fait que Python, dont dépend Certbot, est compilé avec PaX MPROTECT. C'est tout du moins ce qu'indique <a href="https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51490" title=""NetBSD">ce rapport de bug</a>.</p>
<p>N'ayant ni le temps ni les compétences pour voir ce qui bloque exactement du côté de Certbot, j'ai fait ce que pas mal d'autres ont fait : j'ai recherché une alternative. La première alternative qui a attiré mon attention est <a href="https://kristaps.bsd.lv/acme-client/" title="acme-client">acme-client</a>, en version <a href="https://github.com/kristapsdz/acme-client-portable" title=""portable">portable</a>, d'ailleurs disponible au moment où j'écris ces lignes dans pkgsrc-wip. Mais en fait celui-ci ne semble pas fonctionner sous NetBSD, me hurlant des histoires de droits et de suid bizarres.</p>
<p>J'ai ensuite jeté mon dévolu sur dehydrated, un client écrit en Bash. Celui-ci a l'avantage non-négligeable de fonctionner, contrairement au précédent. Je me suis donc lancé dans son empaquetage (wip/dehydrated au moment où j'écris ces lignes, mais j'espère l'importer dans pkgrsc-current dès que possible). Dehydrated est assez pratique à utiliser, il nécessite des dépendances assez classiques pour un script shell (sed, awk, curl), en plus d'OpenSSL. Bien qu'il dispose de fichiers de configuration, de nombreuses options peuvent être spécifiées sur la ligne de commandes. Dehydrated prévoit aussi des scripts "hook" pour pouvoir déclencher d'autres actions avant et après le renouvellement d'un certificat par exemple.</p>
<p>Le paquet est globalement fonctionnel sous NetBSD, le seul prérequis avant de se lancer dans l'édition des fichiers de configuration est d'avoir une configuration OpenSSL existante (ce qui se fait rapidement, en copiant simplement le fichier d'exemple fourni dans <em>/usr/share/examples/openssl/</em>), et de savoir dans quel répertoire le challenge ACME sera déposé. J'espère d'ici là avoir amélioré la prise en compte d'OpenSSL d'ailleurs (utilisation de celui de pkgsrc par exemple). Idéalement, ce serait assez cool que dehydrated puisse utiliser <a href="https://www.libressl.org/" title="LibreSSL">LibreSSL</a>.</p>
<p>Il existe d'autres clients alternatifs que je n'ai pas essayés, comme <a href="https://github.com/srvrco/getssl" title=""obtain">getssl</a>, mais lequel est votre préféré et pourquoi ? Le formulaire de commentaire n'attend que votre réponse !</p>SSL à l'arrache, épisode 22016-12-28T09:30:00+01:002016-12-28T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2016-12-28:/post/2016/12/28/SSL-à-l-arrache,-épisode-2/<p>Le premier épisode est <a href="/post/2008/07/19/SSL-a-l-arrache">ici</a>. En gros, je voulais rapidement générer un certificat SSL/TLS à des fins de tests.</p>
<p>Mais pourquoi un deuxième épisode ? Parce qu'il manquait quelque chose au premier, c'est la facilité d'automatisation. Alors bon, pour un site public, aujourd'hui, <a href="https://letsencrypt.org/" title=""Let's">Let's Encrypt</a> fait très bien le travail …</p><p>Le premier épisode est <a href="/post/2008/07/19/SSL-a-l-arrache">ici</a>. En gros, je voulais rapidement générer un certificat SSL/TLS à des fins de tests.</p>
<p>Mais pourquoi un deuxième épisode ? Parce qu'il manquait quelque chose au premier, c'est la facilité d'automatisation. Alors bon, pour un site public, aujourd'hui, <a href="https://letsencrypt.org/" title=""Let's">Let's Encrypt</a> fait très bien le travail et il vaut mieux se diriger vers cela. Mais dans le cas d'un site de tests, voire utilisé uniquement dans un LAN, c'est moins évident.</p>
<p>Retournons-donc à ce bon vieil <a href="https://www.openssl.org/" title="OpenSSL">OpenSSL</a> et à <a href="https://www.openssl.org/docs/man1.0.1/apps/openssl.html" title=""Page">sa page de manuel</a>. Les autres pages de manuel sont fort utiles, elles aussi. On peut alors arriver à une seule commande créant un CSR puis un certificat. En utilisant l'argument <em>-subj</em> on peut alors indiquer directement sur la ligne de commande les informations de type pays, province, ainsi que le <em>common name</em>. On peut d'ailleurs ajouter plusieurs noms en ajoutant plusieurs directives de type "CN".</p>
<p>Voici un exemple de création de certificat auto-signé, valable un an :</p>
<div class="highlight"><pre><span></span><code>openssl req -x509 -nodes -days 365 -newkey rsa:4096 \\
-keyout default.key \\
-out default.crt \\
-subj '/C=FR/ST=IdF/L=Paris/O=Example Org/OU=Dev/CN=example/CN=example.org/CN=www.example.org'
</code></pre></div>
<p>Des remarques, des propositions d'améliorations ? Les commentaires sont là pour ça !</p>
<h2>Commentaires</h2>
<h3>Le 09/01/2017 10:33 par utux</h3>
<blockquote>
<p>Des remarques, des propositions d'améliorations ? Les commentaires sont là pour ça !</p>
</blockquote>
<p>Oui, sous debian/ubuntu quand tu installe 'ssl-cert' (qui vient souvent avec ca-cert et openssl) tu as un certificat auto-signé (généré lors de l'installation). /etc/ssl/private/ssl-cert-snakeoil.key et /etc/ssl/certs/ssl-cert-snakeoil.pem</p>
<p>ça peut faire gagner un peu de temps :)</p>
<h3>Le 10/01/2017 09:31 par Nils</h3>
<p>Merci utux pour ta proposition !</p>
<p>Je suis allé jeter un oeil au paquet source <a href="https://packages.debian.org/source/sid/ssl-cert">ssl-cert</a>, et je ne suis pas totalement convaincu :</p>
<ul>
<li>d'abord, l'outil semble vraiment pensé uniquement pour Debian, dès le début, le script essaie de sourcer des fichiers spécifiques (/usr/share/debconf/confmodule) ;</li>
<li>ensuite, le fait qu'il ne semble utiliser que le nom d'hôte de la machine, il n'y a pas moyen d'utiliser un nom alternatif dans le script ;</li>
<li>enfin, la clé générée n'a une longueur que de 2048 bits ; on pourra néanmoins argumenter que cela est paramétrable, et que de toute façon c'est un certificat par défaut qui a pour but d'être temporaire.</li>
</ul>installation minimaliste de CentOS 72015-08-29T09:30:00+02:002015-08-29T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2015-08-29:/post/2015/08/29/installation-minimaliste-de-CentOS-7/<p>Mieux vaut tard que jamais, j'ai commencé à jouer un peu avec CentOS 7 ! Bien que celle-ci regorge de fonctionnalités et de mécanismes intéressants, elle amène beaucoup de paquets logiciels. J'ai donc commencé par regarder ce que je pouvais retirer comme paquets, et à préparer une section _packages_ minimaliste, bien …</p><p>Mieux vaut tard que jamais, j'ai commencé à jouer un peu avec CentOS 7 ! Bien que celle-ci regorge de fonctionnalités et de mécanismes intéressants, elle amène beaucoup de paquets logiciels. J'ai donc commencé par regarder ce que je pouvais retirer comme paquets, et à préparer une section _packages_ minimaliste, bien plus que l'image iso "minimal install" fournie par les miroirs. Cette liste de paquets retirés peut se voir complétée par une liste de paquets à installer, mais il s'agit d'un choix personnel. Qu'ai-je donc retiré ? Et bien c'est simple, comme il s'agit généralement d'une installation sur une machine physique ou virtuelle reliée en réseau filaire et disposant d'une adresse IP fixe (sauf lors de l'installation), j'ai retiré tous les firmwares possibles de matériel que je n'utilise probablement pas, comme les cartes Wifi. J'ai aussi enlevé, usage serveur oblige, des paquets liés au son (alsa). Un choix discutable, j'ai retiré man et les pages de manuel de base : je considère, en particulier si la machine est "en production", que la documentation n'a rien à faire à cet endroit. Je n'ai, par contre, rien à redire à l'installation des pages de manuel sur une machine de test. De plus, comme j'utilise le système de fichiers proposé par défaut (xfs), j'estime ne pas avoir besoin des outils pour gérer les systèmes ext2-3-4 ou btrfs.</p>
<p>Voici donc, la liste :</p>
<div class="highlight"><pre><span></span><code><span class="nf">%packages</span><span class="w"> </span><span class="o">--</span><span class="n">nobase</span><span class="w"></span>
<span class="err">@</span><span class="n">core</span><span class="w"></span>
<span class="o">-</span><span class="n">NetworkManager</span><span class="w"></span>
<span class="o">-</span><span class="n">NetworkManager</span><span class="o">-</span><span class="n">team</span><span class="w"></span>
<span class="o">-</span><span class="n">NetworkManager</span><span class="o">-</span><span class="n">tui</span><span class="w"></span>
<span class="o">-</span><span class="n">aic94xx</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">alsa</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">alsa</span><span class="o">-</span><span class="n">lib</span><span class="w"></span>
<span class="o">-</span><span class="n">alsa</span><span class="o">-</span><span class="n">tools</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">atmel</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">avahi</span><span class="o">-</span><span class="n">autoipd</span><span class="w"></span>
<span class="o">-</span><span class="n">avahi</span><span class="o">-</span><span class="n">libs</span><span class="w"></span>
<span class="o">-</span><span class="n">b43</span><span class="o">-</span><span class="n">openfwwf</span><span class="w"></span>
<span class="o">-</span><span class="n">bfa</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">biosdevname</span><span class="w"></span>
<span class="o">-</span><span class="n">btrfs</span><span class="o">-</span><span class="n">progs</span><span class="w"></span>
<span class="o">-</span><span class="n">dhclient</span><span class="w"></span>
<span class="o">-</span><span class="n">dmidecode</span><span class="w"></span>
<span class="o">-</span><span class="n">dnsmasq</span><span class="w"></span>
<span class="o">-</span><span class="n">dracut</span><span class="o">-</span><span class="n">network</span><span class="w"></span>
<span class="o">-</span><span class="n">e2fsprogs</span><span class="w"></span>
<span class="o">-</span><span class="n">e2fsprogs</span><span class="o">-</span><span class="n">libs</span><span class="w"></span>
<span class="o">-</span><span class="n">gnutls</span><span class="w"></span>
<span class="o">-</span><span class="n">kexec</span><span class="o">-</span><span class="n">tools</span><span class="w"></span>
<span class="o">-</span><span class="n">ipw2100</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ipw2200</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ivtv</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl100</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl1000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl105</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl135</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl2000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl2030</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl3160</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl3945</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl4965</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl5000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl5150</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl6000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl6000g2a</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl6000g2b</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl6050</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl7260</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">libertas</span><span class="o">-</span><span class="n">usb8388</span><span class="w"></span>
<span class="o">-</span><span class="n">man</span><span class="w"></span>
<span class="o">-</span><span class="n">man</span><span class="o">-</span><span class="n">db</span><span class="w"></span>
<span class="o">-</span><span class="n">mariadb</span><span class="o">-</span><span class="n">libs</span><span class="w"></span>
<span class="o">-</span><span class="n">postfix</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2100</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2200</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql23xx</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2400</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2500</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">rt61pci</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">rt73usb</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">snappy</span><span class="w"></span>
<span class="o">-</span><span class="n">teamd</span><span class="w"></span>
<span class="o">-</span><span class="n">tuned</span><span class="w"></span>
<span class="o">-</span><span class="n">virt</span><span class="o">-</span><span class="n">what</span><span class="w"></span>
<span class="o">-</span><span class="n">wpa_supplicant</span><span class="w"></span>
<span class="o">-</span><span class="n">xorg</span><span class="o">-</span><span class="n">x11</span><span class="o">-</span><span class="n">drv</span><span class="o">-</span><span class="n">ati</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">zd1211</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
</code></pre></div>
<p>Il y a de fortes chances que pour une machine vraiment en production, j'ai besoin d'un MTA, mais à moins de prévoir une configuration dès l'installation, postfix fait aussi partie des exclus. De cette manière, non seulement le système s'installe rapidement, mais il démarre aussi rapidement ! On arrive à un total inférieur à 220 paquets. Cela peut varier pour vous en particulier si vous installez un système avec du RAID logiciel, qui nécessitera l'installation de mdadm.</p>
<p>Et vous, est-ce que vous retireriez d'autres paquets ?</p>Moi aussi j'ai des lutins qui courent très vite dans les fils !2015-03-25T09:30:00+01:002015-03-25T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2015-03-25:/post/2015/03/25/Moi-aussi-j-ai-des-lutins-qui-courent-très-vite-dans-les-fils-!/<p>Résumé des épisodes précédents : NetBSD et PXE sont de grands copains. Démarrer ce type d'OS en PXE est faisable, pas trop difficile, documenté <a href="http://www.netbsd.org/docs/network/netboot/index.html" title=""Diskless">dans la langue de Shakespeare</a> ou dans celle de Molière que ce soit pour <a href="http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMFHS-030/NetBSD-sans-disque-ou-La-magie-des-lutins-qui-courent-tres-vite-dans-les-fils" title=""NetBSD">un système fini</a> (merci <a href="http://imil.net/wp/" title=""Emile">iMil</a>) ou juste <a href="http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-166/Creation-d-un-serveur-de-demarrage-PXE-sous-NetBSD-pour-installer-NetBSD" title=""Création">pour l'installation</a> (autopromotion sans honte).</p>
<p>Mieux …</p><p>Résumé des épisodes précédents : NetBSD et PXE sont de grands copains. Démarrer ce type d'OS en PXE est faisable, pas trop difficile, documenté <a href="http://www.netbsd.org/docs/network/netboot/index.html" title=""Diskless">dans la langue de Shakespeare</a> ou dans celle de Molière que ce soit pour <a href="http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMFHS-030/NetBSD-sans-disque-ou-La-magie-des-lutins-qui-courent-tres-vite-dans-les-fils" title=""NetBSD">un système fini</a> (merci <a href="http://imil.net/wp/" title=""Emile">iMil</a>) ou juste <a href="http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-166/Creation-d-un-serveur-de-demarrage-PXE-sous-NetBSD-pour-installer-NetBSD" title=""Création">pour l'installation</a> (autopromotion sans honte).</p>
<p>Mieux vaut tard que jamais, j'ai décidé de tenter ma chance et de configurer un système NetBSD sans disque, suite à la présence à \${HOME} d'une machine graphiquement réduite mais disposant d'une puissance de calcul non négligeable, jugez plutôt :</p>
<div class="highlight"><pre><span></span><code>marvin# egrep '(name|MHz)' /proc/cpuinfo
model name : AMD Phenom(tm) 8450 Triple-Core Processor
cpu MHz : 2100.35
model name : AMD Phenom(tm) 8450 Triple-Core Processor
cpu MHz : 2106.73
model name : AMD Phenom(tm) 8450 Triple-Core Processor
cpu MHz : 2304.94
marvin# grep MemTotal /proc/meminfo
MemTotal: 3931368 kB
</code></pre></div>
<p>Merci à Madame de me laisser l'utiliser !</p>
<p>Je pourrais utiliser une clé USB, débrancher les disques durs et en ajouter un de mon stock. Mais ce ne serait pas drôle. J'ai utilisé les liens ci-dessus pour démarrer le brave Marvin via NFS, je ne vais donc pas paraphraser ces articles, mais ajouter ici quelques détails, remarques, trucs et peut-être astuces glanés ici et là et qui m'ont aidé.</p>
<p>D'abord, mieux vaut tester dans une machine virtuelle. Parce qu'aller chercher la bécane au fond sous le bureau, ça va une fois. Du coup, il faut s'assurer quand même qu'elle démarre sur le réseau, voire via Wake On LAN pour les plus fainéants. Sinon, une clé USB ou un CD Etherboot devrait faire l'affaire.</p>
<p>Ensuite, repérer la marque de la carte réseau et surtout potentiellement le pilote qui sera utilisé par NetBSD sera pratique : en effet, il faudra créer un fichier <em>ifconfig.xy0</em>, où <em>xy0</em> sera remplacé par le nom du pilote de la carte réseau, dans mon cas c'est <em>nfe0</em>. Comment trouver le nom du pilote ? Soit on démarre un noyau NetBSD (l'installeur par exemple, qui permet d'obtenir un shell et d'exécuter <em>dmesg | grep -i eth</em>), soit on connaît le modèle de carte réseau et on cherche dans <a href="http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/arch/amd64/conf/GENERIC?only_with_tag=MAIN" title=""CVS">les sources</a>. En ce qui me me concerne, je suis allé cherché la chaîne "NVIDIA" dans le fichier de configuration du noyau.</p>
<p>Toujours dans la catégorie réseau, si vous faites des tests en machine virtuelle, vous risquez probablement de le faire depuis un ordinateur portable connecté en Wi-Fi. Mieux vaut réfléchir un instant à la qualité de son réseau sans fil, et envisager de faire les tests en filaire. Mon expérience personnelle (VM simple cœur, 2Go de ram) : en Wi-Fi, le système démarre en plus de 5 bonnes minutes, en filaire (gigabit Ethernet) cela met moins d'une minute. 5 FICHUES MINUTES QUOI !!! En prime, dès que vous allez vouloir écrire ne serait-ce qu'un méga-octet sur le système, cela va se traîner. J'ai senti ma douleur quand je me suis rendu compte que j'avais oublié de décompresser un set.</p>
<p>J'ai eu une surprise sur le fichier <em>/dev/null</em>, il peut être nécessaire de le recréer :</p>
<div class="highlight"><pre><span></span><code>marvin# cd /dev/
marvin# rm null
marvin# ./MAKEDEV -u all
</code></pre></div>
<p>L'installeur de NetBSD crée automatiquement certains fichiers ou paramètres. Sauf qu'on ne l'a pas utilisé... Parmi les trucs qu'il peut être utile de faire manuellement, il y a ces lignes dans /etc/fstab :</p>
<div class="highlight"><pre><span></span><code><span class="k">proc</span><span class="nb">fs</span><span class="w"> </span><span class="o">/</span><span class="nv">proc</span><span class="w"> </span><span class="nv">procfs</span><span class="w"> </span><span class="nv">rw</span><span class="p">,</span><span class="nv">auto</span><span class="p">,</span><span class="nv">linux</span><span class="w"></span>
<span class="nf">kernfs</span><span class="w"> </span><span class="o">/</span><span class="nv">kern</span><span class="w"> </span><span class="nv">kernfs</span><span class="w"> </span><span class="nv">rw</span><span class="w"></span>
<span class="nf">ptyfs</span><span class="w"> </span><span class="o">/</span><span class="nv">dev</span><span class="o">/</span><span class="nv">pts</span><span class="w"> </span><span class="nv">ptyfs</span><span class="w"> </span><span class="nv">rw</span><span class="w"></span>
</code></pre></div>
<p>Il n'est pas obligatoire de monter <em>/proc</em> avec l'option <em>linux</em>, c'est juste un confort personnel. Ne pas oublier de créer les répertoires <em>/proc/</em> et <em>/kern/</em> avant.</p>
<p>Autre paramètre, celui de la date et de l'heure : par défaut, le système est en heure UTC, moi je veux l'heure de Paris. Pour cela, j'ai modifié le lien symbolique <em>/etc/localtime</em> :</p>
<div class="highlight"><pre><span></span><code>marvin# readlink -f /etc/localtime
/usr/share/zoneinfo/Europe/Paris
</code></pre></div>
<p>Cela n'exclut pas le paramétrage NTP.</p>
<p>J'ai choisi de ne configurer qu'un seul partage NFS, car je n'envisage pas dans l'immédiat d'utiliser ce partage pour d'autres machines. Du coup, je n'ai initialement pas paramétré de swap, mais j'ai ajouté un fichier après coup, en utilisant <a href="http://www.netbsd.org/docs/misc/index.html#adding-swap" title=""Adding">la documentation officielle</a>. Cela donne :</p>
<div class="highlight"><pre><span></span><code><span class="nv">marvin</span># <span class="nv">dd</span> <span class="k">if</span><span class="o">=/</span><span class="nv">dev</span><span class="o">/</span><span class="nv">zero</span> <span class="nv">bs</span><span class="o">=</span><span class="mi">1024</span><span class="nv">k</span> <span class="nv">count</span><span class="o">=</span><span class="mi">1024</span> <span class="nv">of</span><span class="o">=/</span><span class="nv">swapfile</span>
<span class="nv">marvin</span># <span class="nv">chmod</span> <span class="mi">600</span> <span class="o">/</span><span class="nv">swapfile</span>
<span class="nv">marvin</span># <span class="nv">swapctl</span> <span class="o">-</span><span class="nv">a</span> <span class="o">-</span><span class="nv">p</span> <span class="mi">1</span> <span class="o">/</span><span class="nv">swapfile</span>
<span class="nv">marvin</span># <span class="nv">echo</span> <span class="s2">"</span><span class="s">/swapfile none swap sw,priority=1 0 0</span><span class="s2">"</span> <span class="o">>></span> <span class="o">/</span><span class="nv">etc</span><span class="o">/</span><span class="nv">fstab</span>
</code></pre></div>
<p>Si comme moi vous avez déjà un serveur PXE en place, avec un fichier boot.cfg utilisé par pxeboot_ia32.bin, vous n'avez pas envie de mettre tous les noyaux, d'installation ou non, dans une longue liste. Il est possible de créer un deuxième fichier, qu'on donne à manger à pxeboot en lieu et place de boot.cfg. On le paramètre au niveau du serveur DHCP, par exemple pour ISC DHCP j'ai mis en place la configuration suivante :</p>
<div class="highlight"><pre><span></span><code><span class="nt">host</span><span class="w"> </span><span class="nt">marvin</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="err">hardware</span><span class="w"> </span><span class="err">ethernet</span><span class="w"> </span><span class="err">01:23:45:67:89:ab</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">fixed-address</span><span class="w"> </span><span class="err">192.168.1.13</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">host-name</span><span class="w"> </span><span class="err">"marvin"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">root-path</span><span class="w"> </span><span class="err">"/chemin/vers/diskless/nbmarvin"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">if</span><span class="w"> </span><span class="err">filename</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="err">"boot.cfg"</span><span class="w"> </span><span class="err">{</span><span class="w"></span>
<span class="w"> </span><span class="err">filename</span><span class="w"> </span><span class="err">"</span><span class="n">tftp</span><span class="p">:</span><span class="n">nbmarvin</span><span class="o">.</span><span class="n">boot</span><span class="o">.</span><span class="n">cfg</span><span class="err">"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span>
<span class="err">}</span><span class="w"></span>
</code></pre></div>
<p>On remarque donc que si pxeboot veut récupérer boot.cfg depuis la machine marvin, alors on lui servira nbmarvin.boot.cfg.</p>
<p>J'ai aussi remarqué que le clavier est en qwerty par défaut. Comme je n'ai pas relié de clavier ou d'écran à cette machine, et que j'ai configuré un accès SSH dès que possible, je n'ai pas changé ce paramètre. Toutefois, pour les pressés, vous pouvez utiliser <a href="https://www.netbsd.org/docs/guide/en/chap-boot.html#chap-boot-keyboard-layout" title=""Changing">la documentation officielle</a> pour changer l'agencement du clavier.</p>
<p>Et sinon, pas de bol, la carte Wi-Fi PCI n'est pas reconnue :</p>
<div class="highlight"><pre><span></span><code>vendor 0x1814 product 0x3060 (miscellaneous network) at pci1 dev 7 function 0 not configured
</code></pre></div>
<p>Bref, quelques notes en vrac qui, je l'espère, pourront s'avérer utile à l'occasion. Maintenant, il me reste à utiliser cette puissance de calcul à ma disposition (quelqu'un a dit bulk build pkgsrc ?).</p>vimrc global à son système2015-02-06T09:30:00+01:002015-02-06T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2015-02-06:/post/2015/02/06/vimrc-global-pour-le-système/<p>Quand on utilise Vim, on a tendance à personnaliser sa configuration en ajoutant ses options préférées dans son fichier <em>\~/.vimrc</em>. Sur un système GNU/Linux (mon expérience porte principalement sur RHEL/CentOS/Fedora), il est possible d'étendre cette personnalisation à tous les utilisateurs d'un système en modifiant <em>/etc/vimrc</em>. En …</p><p>Quand on utilise Vim, on a tendance à personnaliser sa configuration en ajoutant ses options préférées dans son fichier <em>\~/.vimrc</em>. Sur un système GNU/Linux (mon expérience porte principalement sur RHEL/CentOS/Fedora), il est possible d'étendre cette personnalisation à tous les utilisateurs d'un système en modifiant <em>/etc/vimrc</em>. En revanche, côté NetBSD, le chemin n'est pas le même. On pourrait naïvement penser qu'il suffit d'utiliser le préfixe <em>/usr/pkg</em>, hein ? Bein non, loupé : le fichier par défaut pour tous les utilisateurs est <em>/usr/pkg/share/vim/vimrc</em>. Heureusement, rien d'insurmontable, et quelques liens symboliques bien placés permettront d'harmoniser les configurations sur tous les systèmes.</p>CentOS Dojo Paris talk2014-12-17T12:30:00+01:002014-12-17T12:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2014-12-17:/post/2014/12/17/CentOS-Dojo-Paris-talk/<p><strong>EN</strong></p>
<p>Following my <a href="/post/2014/08/25/CentOS-Dojo-Paris">previous post</a> about the CentOS Dojo in Paris last August, the recording of my talk is now online : <a href="http://www.infoq.com/fr/presentations/discovering-using-etckeeper" title=""Discovering">Discovering and using etckeeper</a>. Many thanks to <a href="http://www.infoq.com/fr/" title=""InfoQ">InfoQ</a> for hosting the video !</p>
<p><strong>FR</strong></p>
<p>Suite à mon <a href="/post/2014/08/25/CentOS-Dojo-Paris">billet précédent</a> sur le CentOS Dojo à Paris en Août dernier, l'enregistrement de …</p><p><strong>EN</strong></p>
<p>Following my <a href="/post/2014/08/25/CentOS-Dojo-Paris">previous post</a> about the CentOS Dojo in Paris last August, the recording of my talk is now online : <a href="http://www.infoq.com/fr/presentations/discovering-using-etckeeper" title=""Discovering">Discovering and using etckeeper</a>. Many thanks to <a href="http://www.infoq.com/fr/" title=""InfoQ">InfoQ</a> for hosting the video !</p>
<p><strong>FR</strong></p>
<p>Suite à mon <a href="/post/2014/08/25/CentOS-Dojo-Paris">billet précédent</a> sur le CentOS Dojo à Paris en Août dernier, l'enregistrement de ma présentation est maintenant disponible : <a href="http://www.infoq.com/fr/presentations/discovering-using-etckeeper" title=""Discovering">Discovering and using etckeeper</a>. Merci beaucoup à <a href="http://www.infoq.com/fr/" title=""InfoQ">InfoQ</a> pour l'hébergement de la vidéo !</p>On vit dans un monde formidable2014-12-17T09:30:00+01:002014-12-17T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2014-12-17:/post/2014/12/17/On-vit-dans-un-monde-formidable/<p>J'ai déjà fait quelques billets sur <a href="http://www.openssh.org/fr/index.html" title="OpenSSH">OpenSSH</a>, c'est toujours un plaisir d'apprendre de nouveaux trucs avec ce logiciel ! Parmi les trucs super chouette, il y a les possibilités d'<a href="/post/2009/11/09/Utilisation-transparente-d-une-passerelle-SSH">utilisation transparente</a>. Si vous avez la flemme de lire le lien, en gros quand je voulais passer au travers d'un serveur …</p><p>J'ai déjà fait quelques billets sur <a href="http://www.openssh.org/fr/index.html" title="OpenSSH">OpenSSH</a>, c'est toujours un plaisir d'apprendre de nouveaux trucs avec ce logiciel ! Parmi les trucs super chouette, il y a les possibilités d'<a href="/post/2009/11/09/Utilisation-transparente-d-une-passerelle-SSH">utilisation transparente</a>. Si vous avez la flemme de lire le lien, en gros quand je voulais passer au travers d'un serveur OpenSSH de manière transparente, j'utilisais ce genre de configuration :</p>
<div class="highlight"><pre><span></span><code><span class="k">Host</span><span class="w"> </span><span class="n">serveurdmz1</span><span class="w"></span>
<span class="w"> </span><span class="n">Hostname</span><span class="w"> </span><span class="n">lenomouladresseipduserveurdepuislapasserelle</span><span class="w"></span>
<span class="w"> </span><span class="n">Port</span><span class="w"> </span><span class="mi">22</span><span class="w"></span>
<span class="w"> </span><span class="n">Protocol</span><span class="w"> </span><span class="mi">2</span><span class="w"></span>
<span class="w"> </span><span class="k">User</span><span class="w"> </span><span class="n">nils</span><span class="w"></span>
<span class="w"> </span><span class="n">ProxyCommand</span><span class="w"> </span><span class="n">ssh</span><span class="w"> </span><span class="n">nils</span><span class="nv">@passerelle</span><span class="w"> </span><span class="ss">"nc %h %p"</span><span class="w"></span>
</code></pre></div>
<p>Depuis OpenSSH 5.4 (ouais, ça date, hein), il n'y a plus besoin de faire appel à Netcat ("nc" dans la directive "ProxyCommand"). Il suffit d'utiliser la commande "ssh -W". Cela donne donc :</p>
<div class="highlight"><pre><span></span><code>Host serveurdmz1
Hostname lenomouladresseipduserveurdepuislapasserelle
Port 22
Protocol 2
User nils
ProxyCommand ssh -W %h:%p passerelle
</code></pre></div>
<p>Y a pas à dire, on vit dans un monde formidable, où des développeurs prennent en compte les utilisations de leur logiciel.</p>CentOS Dojo Paris2014-08-25T20:54:00+02:002014-08-25T20:54:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2014-08-25:/post/2014/08/25/CentOS-Dojo-Paris/<p><em>Version en français plus bas.</em></p>
<p>For once, this blog post is available both in french and in english. Today I attended the first <a href="http://wiki.centos.org/Events/Dojo/Paris2014" title=""Events/Dojo/Paris2014">CentOS Dojo in Paris</a>. I also had the chance to be one of the speakers, wich was a very interesting experience : even if I am almost used …</p><p><em>Version en français plus bas.</em></p>
<p>For once, this blog post is available both in french and in english. Today I attended the first <a href="http://wiki.centos.org/Events/Dojo/Paris2014" title=""Events/Dojo/Paris2014">CentOS Dojo in Paris</a>. I also had the chance to be one of the speakers, wich was a very interesting experience : even if I am almost used to talk to a crowd, it was a long time since I used a microphone (more than 10 years if I remember correctly). Moreover, it was my first talk in english, and the demo I planned failed. Since all the talks of the day were recorded, I'm not going to tell you who talked about what. You can go to <a href="https://twitter.com/AHP_Nils" title=""Nils">my Twitter account</a> or search tweets with the hashtag <a href="https://twitter.com/hashtag/centosdojo?src=hash" title="#centosdojo">#centosdojo</a>. However I can't help thinking again about my talk and the problem in my demo. My frustration is compensated by the fact that everyone was really nice to me. Like I tweeted earlier, I learned the lesson and won't try another live demo soon. While waiting for the recordings to be online, you can <a href="http://medias.anotherhomepage.org/talks/CentOS/Paris-2014/" title=""CentOS">download the slides</a>, in french or in english. Many thanks to <a href="http://zenika.com/" title=""Zenika">Zenika</a>, <a href="http://www.normation.com/" title="Normation">Normation</a> and <a href="http://www.infoq.com/fr/" title=""InfoQ">InfoQ</a> for sponsoring the event !</p>
<p>Pour une fois, ce billet est en français et en anglais. Aujourd'hui j'ai assisté au premier <a href="http://wiki.centos.org/Events/Dojo/Paris2014" title=""Events/Dojo/Paris2014">CentOS Dojo à Paris</a>. J'ai aussi eu la chance d'être l'un des intervenants, ce qui fut une expérience très intéressante : même si j'ai à peu près l'habitude de parler en public, je n'ai pas utilisé de micro depuis très longtemps (plus de 10 ans si je me souviens bien). De plus, cela a été ma première présentation en anglais, et la démo que j'avais prévue n'a pas fonctionné. Puisque toutes les présentations du jour ont été enregistrées, je ne vais pas vous raconter qui a parlé de quoi. Vous pouvez simplement aller voir sur <a href="https://twitter.com/AHP_Nils" title=""Nils">mon compte Twitter</a> ou rechercher les tweets ayant pour hashtag <a href="https://twitter.com/hashtag/centosdojo?src=hash" title="#centosdojo">#centosdojo</a>. Cependant, je ne peux m'empêcher de penser à ma présentation et au problème lors de ma démo. Ma frustration est compensée par le fait que tout le monde a été sympa avec moi. Comme je l'ai tweeté plus tôt, j'ai compris la leçon et je ne vais pas tenter des démonstrations en direct. En attendant que les enregistrements soient en ligne, vous pouvez <a href="http://medias.anotherhomepage.org/talks/CentOS/Paris-2014/" title=""CentOS">télécharger les slides</a>, en français ou en anglais. Merci beaucoup à <a href="http://zenika.com/" title=""Zenika">Zenika</a>, <a href="http://www.normation.com/" title="Normation">Normation</a> et <a href="http://www.infoq.com/fr/" title=""InfoQ">InfoQ</a> d'avoir sponsorisé l'évènement !</p>obtenir facilement les propriétés d'un fichier avec stat2013-09-02T09:42:00+02:002013-09-02T09:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2013-09-02:/post/2013/09/02/obtenir-facilement-les-proprietes-d-un-fichier-avec-stat/<p>Généralement, quand on cherche à obtenir les propriétés d'un fichier, on utilise la commande <em>ls</em>, avec l'argument <em>-l</em>, ce qui donne un résultat proche de ceci :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@orgrimmar</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span>
<span class="n">crw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="n">août</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="mi">11</span><span class="err">:</span><span class="mi">21</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"></span>
</code></pre></div>
<p>C'est bien gentil, mais …</p><p>Généralement, quand on cherche à obtenir les propriétés d'un fichier, on utilise la commande <em>ls</em>, avec l'argument <em>-l</em>, ce qui donne un résultat proche de ceci :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@orgrimmar</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span>
<span class="n">crw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="n">août</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="mi">11</span><span class="err">:</span><span class="mi">21</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"></span>
</code></pre></div>
<p>C'est bien gentil, mais si on ne souhaite avoir comme information que le propriétaire d'un fichier, ça fait beaucoup de choses à filtrer. Filtrer la sortie de ls avec awk n'est pas le truc le plus méchant, mais je trouve que c'est comme utiliser un fusil à pompe pour se débarrasser d'une mouche. On est dans le monde UNIX, là où il y a des programmes qui ne font qu'une seule tâche, mais qui la font bien.</p>
<p>Et l'outil qui fait cela se nomme tout simplement <em>stat</em>, et est disponible sur de nombreux systèmes. Sous RHEL/CentOS, il est inclus dans le paquet <em>coreutils</em>, et il est installé avec le système de base dans NetBSD. Là où c'est par contre un peu moins drôle, c'est que l'implémentation Linux diffère de l'implémentation BSD.</p>
<p>Exemple, sous Linux :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@orgrimmar</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">stat</span><span class="w"> </span><span class="o">-</span><span class="n">c</span><span class="w"> </span><span class="o">%</span><span class="n">U</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span>
<span class="n">root</span><span class="w"></span>
</code></pre></div>
<p>Et ensuite sous NetBSD :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@dev</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">stat</span><span class="w"> </span><span class="o">-</span><span class="n">c</span><span class="w"> </span><span class="o">%</span><span class="n">U</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span>
<span class="nl">stat</span><span class="p">:</span><span class="w"> </span><span class="k">unknown</span><span class="w"> </span><span class="k">option</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="n">c</span><span class="w"></span>
<span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">stat</span><span class="w"> </span><span class="o">[</span><span class="n">-FlLnqrsx</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-f format</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-t timefmt</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">file ...</span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Allez, on recommence avec les bonnes options :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@dev</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">stat</span><span class="w"> </span><span class="o">-</span><span class="n">f</span><span class="w"> </span><span class="o">%</span><span class="n">Su</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span>
<span class="n">root</span><span class="w"></span>
</code></pre></div>
<p>Ici, j'ai cherché à afficher le nom de l'utilisateur propriétaire du fichier, mais d'autres propriétés sont disponibles, comme le nom du groupe, les UID et GID propriétaires, les droits, la taille, les dates de création et de modification, le nom du fichier... D'ailleurs, lancé sans autre argument que le nom du fichier, stat propose bon nombre d'informations.</p>freeshell : votre accès terminal UNIX sur internet2013-08-26T09:42:00+02:002013-08-26T09:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2013-08-26:/post/2013/08/26/freeshell-votre-acces-terminal-UNIX-sur-internet/<p>Je me suis dit que ça serait sympa de vous faire découvrir l'association <a href="http://sdf.org/?faq?BASICS?01" title="SDF">SDF</a> (pour Super Dimension Fortress) et son projet <a href="http://www.freeshell.org" title="Freeshell">freeshell</a> : un accès en mode terminal sur une machine UNIX (NetBSD pour être exact). Cet accès, dans certaines conditions, est gratuit. C'est assez chouette, ça existe depuis très longtemps …</p><p>Je me suis dit que ça serait sympa de vous faire découvrir l'association <a href="http://sdf.org/?faq?BASICS?01" title="SDF">SDF</a> (pour Super Dimension Fortress) et son projet <a href="http://www.freeshell.org" title="Freeshell">freeshell</a> : un accès en mode terminal sur une machine UNIX (NetBSD pour être exact). Cet accès, dans certaines conditions, est gratuit. C'est assez chouette, ça existe depuis très longtemps et permet d'apprendre les rudiments d'UNIX sans forcément installer en physique ou en virtuel ce type d'environnement. L'association fait cela à but éducatif et culturel, et est reconnue "non-profit" (oui, c'est une association américaine).</p>
<p>Pour accéder à freeshell, et créer un compte, il suffit de se munir d'un client SSH et de se connecter de la façon suivante :</p>
<div class="highlight"><pre><span></span><code><span class="n">ssh</span><span class="w"> </span><span class="k">new</span><span class="nv">@sdf</span><span class="p">.</span><span class="n">org</span><span class="w"></span>
</code></pre></div>
<p>il existe d'autres moyens, qui reposent généralement sur SSH ou telnet, sur la page <a href="http://sdf.org/?signup" title=""SDF">d'inscription au service</a>.</p>
<p>J'ai indiqué plus haut que sous certaines conditions, ce service est gratuit : il y a en fait différent niveaux de services, selon ce que vous êtes prêts à payer. Une fois le compte et l'accès créé, vous disposez de certains outils, comme :</p>
<ul>
<li>mutt, pop3, imap, icq, twitter, bsflite (aim), irc (sur le réseau SDF) ;</li>
<li>games, mud, lynx, gopher, TOPS-20 ;</li>
<li>hébergement HTTP statique de type http://yourlogin.sdf.org (d'autres domaines sont possibles) ;</li>
<li>traceroute, ping, whois, dig et d'autres.</li>
</ul>
<p>mais tout ça est dans un shell limité. Si vous consentez à payer une petite somme (historiquement 1 Dollar US), un accès shell "classique" (comprendre : bash, ksh, tcsh, rc ou zsh) vous est alors ouvert, avec bien plus de possibilités, comme le webmail, FTP, SFTP (en entrée, pas en sortie), ou un accès à plus d'outils. Pourquoi le shell limité et pourquoi la somme ? Pour éviter le spam d'une part, et d'autre part car le traitement peut se faire par courrier papier, il suffit d'envoyer un billet de 1 Dollar (ou de 5 Euros) à l'adresse indiquée dans la <a href="http://www.sdf.org/index.cgi?why" title=""SDF">page d'explication</a>.</p>
<p>Encore plus d'outils et de possibilités sont offertes à qui est prêt à mettre un peu plus la main au portefeuille, et certains services sont facturés au mois, comme par exemple un accès VPN. Le tout est hébergé aux USA, et il existe aussi une version européenne, hébergée en Allemagne : <a href="https://sdfeu.org/w/join:join" title=""SDF">SDFEU</a>. Rien que pour l'accès shell, traceroute, dig, whois et autres lynx, c'est assez pratique je trouve, d'avoir un point "de sortie" ailleurs que dans son pays d'origine. Cela permet par exemple de tester des filtrages (géolocalisation ?). C'est aussi, à mon sens, un moyen de disposer d'un hébergement web (statique) peu coûteux et à taille plus humaine, et à finalité moins commerciale.</p>dépôt de paquets pkgsrc en mode rapide2013-08-19T09:42:00+02:002013-08-19T09:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2013-08-19:/post/2013/08/19/depot-de-paquets-pkgsrc-en-mode-rapide/<p>Avec pkgsrc, on peut facilement créer des paquets binaires avant de les installer. Généralement, un simple :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@machine</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">/</span><span class="n">category</span><span class="o">/</span><span class="n">software</span><span class="err">$</span><span class="w"> </span><span class="n">make</span><span class="w"> </span><span class="n">package</span><span class="w"></span>
</code></pre></div>
<p>suffit pour créer un paquet. On peut l'installer avec la cible "install" en plus, mais on peut aussi faire ceci :</p>
<div class="highlight"><pre><span></span><code><span class="nv">rm</span> <span class="o">-</span><span class="nv">f</span> <span class="o">/</span><span class="nv">usr</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">/</span><span class="nv">packages</span><span class="o">/</span><span class="nv">All …</span></code></pre></div><p>Avec pkgsrc, on peut facilement créer des paquets binaires avant de les installer. Généralement, un simple :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@machine</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkgsrc</span><span class="o">/</span><span class="n">category</span><span class="o">/</span><span class="n">software</span><span class="err">$</span><span class="w"> </span><span class="n">make</span><span class="w"> </span><span class="n">package</span><span class="w"></span>
</code></pre></div>
<p>suffit pour créer un paquet. On peut l'installer avec la cible "install" en plus, mais on peut aussi faire ceci :</p>
<div class="highlight"><pre><span></span><code><span class="nv">rm</span> <span class="o">-</span><span class="nv">f</span> <span class="o">/</span><span class="nv">usr</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">/</span><span class="nv">packages</span><span class="o">/</span><span class="nv">All</span><span class="o">/</span><span class="nv">pkg_summary</span><span class="o">*</span>
<span class="k">for</span> <span class="nv">i</span> <span class="nv">in</span> $<span class="ss">(</span><span class="nv">ls</span> <span class="o">/</span><span class="nv">usr</span><span class="o">/</span><span class="nv">pkgsrc</span><span class="o">/</span><span class="nv">packages</span><span class="o">/</span><span class="nv">All</span><span class="cm">/*.tgz | sort); do pkg_info -X $i >> /usr/pkgsrc/packages/All/pkg_summary; done</span>
<span class="cm">bzip2 /usr/pkgsrc/packages/All/pkg_summary</span>
</code></pre></div>
<p>Ensuite, ajouter dans sa configuration pkgin le dépôt suivant : <em>file:///usr/pkgsrc/packages/All</em>. Un <em>pkgin in nomdupackage</em> plus tard, et tout est installé. C'est d'autant plus sympathique pour les mises à jour. Ainsi, j'ai ajouté les commandes précédentes dans un script shell que j'appelle après compilation du paquet. Je peux aussi copier les paquets avec le fichier <em>pkg_summary.bz2</em> à un autre endroit pour que d'autres machines en profitent. Mais tout ceci est manuel et ne saurait remplacer une infrastructure de bulk build.</p>10 ans de dotclear2013-08-13T09:42:00+02:002013-08-13T09:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2013-08-13:/post/2013/08/13/10-ans-de-dotclear/<p>Je me prend au jeu de fêter les 10 ans du moteur de blog <a href="http://www.dotclear.net" title="Dotclear">Dotclear</a>, comme annoncé sur <a href="https://twitter.com/dotclear/status/364344872267821056" title=""Twitter">Twitter</a>, dont je reprend le texte ici, pour archive :</p>
<blockquote>
<p>Pour les 10 ans de #Dotclear le 13/08/13, publiez sur votre blog le 13 août votre texte : "Dotclear et moi, tout …</p></blockquote><p>Je me prend au jeu de fêter les 10 ans du moteur de blog <a href="http://www.dotclear.net" title="Dotclear">Dotclear</a>, comme annoncé sur <a href="https://twitter.com/dotclear/status/364344872267821056" title=""Twitter">Twitter</a>, dont je reprend le texte ici, pour archive :</p>
<blockquote>
<p>Pour les 10 ans de #Dotclear le 13/08/13, publiez sur votre blog le 13 août votre texte : "Dotclear et moi, tout une histoire" #dotclear10</p>
</blockquote>
<p>Alors voilà, Dotclear ça fait presque 8 ans que je m'en sers (voir <a href="/post/2005/11/13/1-first-post">mon premier billet,</a> rien d'original, j'ai même changé le nom du blog depuis). Et franchement, même si j'y ai pensé, je n'ai pas prévu de changer de crèmerie. Pourquoi ? Parce que :</p>
<ul>
<li>ça fonctionne ;</li>
<li>ça fournit tout ce dont j'ai besoin, ou presque ;</li>
<li>c'est du logiciel libre ;</li>
<li>c'est français (j'avoue, je suis assez chauvin sur ce coup) ;</li>
<li>ça n'a pas l'air d'une usine à gaz ;</li>
<li>et c'est encore développé.</li>
</ul>
<p>J'ai réussi à transvaser ce blog d'un hébergement Free à 1and1, puis à mon serveur dédié, sous différents OS, différentes versions d'Apache, de PHP, de MySQL, au gré de l'évolution de mes compétences techniques. Dotclear a été le premier témoin de ces évolutions, quelque part le premier outil aussi.</p>
<p>Alors, joyeux anniversaire, Dotclear ! Puisse-tu te développer encore plus et encore mieux pour les 10 prochaines années !</p>sudoers.d2013-08-12T09:42:00+02:002013-08-12T09:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2013-08-12:/post/2013/08/12/sudoers.d/<p>J'ai mis du temps à m'en rendre compte : la plupart des OS récents disposant de <a href="http://www.sudo.ws/" title="sudo">sudo</a> ont en plus de leur fichier <em>sudoers</em> un répertoire nommé <em>sudoers.d</em>. A quoi sert ce répertoire ? Tout simplement à inclure des fichiers de configuration sudo, en utilisant la même syntaxe que le fichier …</p><p>J'ai mis du temps à m'en rendre compte : la plupart des OS récents disposant de <a href="http://www.sudo.ws/" title="sudo">sudo</a> ont en plus de leur fichier <em>sudoers</em> un répertoire nommé <em>sudoers.d</em>. A quoi sert ce répertoire ? Tout simplement à inclure des fichiers de configuration sudo, en utilisant la même syntaxe que le fichier <em>sudoers</em>. Comment cela est-il possible ? Grâce à la capacité de sudo à inclure des fichiers de configuration, comme en témoigne cet extrait (pris sous NetBSD), généralement à la fin du fichier <em>sudoers</em> :</p>
<div class="highlight"><pre><span></span><code>## Read drop-in files from /usr/pkg/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /usr/pkg/etc/sudoers.d
</code></pre></div>
<p>Maintenant, au lieu d'ajouter de la configuration dans <em>sudoers</em>, il suffit de créer un fichier, par exemple <em>sudoers.d/toto</em> contenant notre configuration personnelle.</p>
<p>Et pour la compatibilité ? La plus vieille version de sudo que j'ai testée avec succès est la 1.7.2p1, sur une CentOS 5. J'ai aussi fait un test sur une RHEL 4.5 (disposant de sudo 1.6.7p5), mais celui-ci n'était pas concluant.</p>en cours dans pkgsrc-wip et pkgsrc2013-08-06T09:42:00+02:002013-08-06T09:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2013-08-06:/post/2013/08/06/en-cours-dans-pkgsrc-wip-et-pkgsrc/<p>C'est un peu bizarre, en commençant ce billet, je m'aperçois que la catégorie se nomme "Linux et Logiciels libres". Il m'apparaît que pour un billet traitant surtout de NetBSD et de pkgsrc, ce n'est pas très malin. Abracadabra ! La catégorie se nomme dorénavant "Logiciels libres". Bref, passons.</p>
<p>Je maintiens quelques …</p><p>C'est un peu bizarre, en commençant ce billet, je m'aperçois que la catégorie se nomme "Linux et Logiciels libres". Il m'apparaît que pour un billet traitant surtout de NetBSD et de pkgsrc, ce n'est pas très malin. Abracadabra ! La catégorie se nomme dorénavant "Logiciels libres". Bref, passons.</p>
<p>Je maintiens quelques paquets pour NetBSD, grâce à pkgsrc. Cela pourrait peut-être en intéresser certains, et leur donner un peu de visibilité. Commençons par celui qui a fait son entrée il y a un moment dans pkgsrc de manière stable, à savoir <a href="http://pkgsrc.se/sysutils/logrotate" title=""sysutils/logrotate">sysutils/logrotate</a> : j'en suis assez content, c'est mon premier paquet, et j'arrive à peu près à le maintenir : à l'heure où j'écris ces lignes, la dernière version est la 3.8.6 (sortie dimanche 4 août !!!), la dernière disponible dans pkgsrc-current est la 3.8.5, et pkgsrc-2013Q2 dispose de la 3.8.4.</p>
<p>Je m'étais aussi pas mal investi sur Cacti, mais quelqu'un m'a doublé et l'a importé dans net/cacti avant que je puisse proposer quoi que ce soit. Pas grave, j'ai concentré mes efforts sur <a href="http://pkgsrc.se/wip/cacti-spine" title=""cacti-spine">wip/cacti-spine</a>, qui je l'espère, sera bientôt importé. J'ai pris la peine d'ajouter quelques plugins à Cacti dans pkgsrc-wip : <a href="http://pkgsrc.se/wip/cacti-plugin-aggregate" title=""cacti-plugin-aggregate">cacti-plugin-aggregate</a>, <a href="http://pkgsrc.se/wip/cacti-plugin-realtime" title=""cacti-plugin-realtime">cacti-plugin-realtime</a>, et <a href="http://pkgsrc.se/wip/cacti-plugin-rrdclean" title=""cacti-plugin-rrdclean">cacti-plugin-rrdclean</a>. J'ai aussi mis à jour quelques autres plugins qui étaient déjà présent, comme <a href="http://pkgsrc.se/wip/cacti-plugin-weathermap" title=""cacti-plugin-weathermap">cacti-plugin-weathermap</a> ou <a href="http://pkgsrc.se/wip/cacti-plugin-thold" title=""cacti-plugin-thold">cacti-plugin-thold</a>. C'est en fait assez facile : une fois qu'un plugin est correctement empaqueté, il suffit de le copier et de remplacer son nom, la version, et les descriptions (éventuellement la licence) pour en faire un autre.</p>
<p>Dans le registre "travail en cours", j'ai pu empaqueter <a href="http://pkgsrc.se/wip/pelican" title=""pelican">wip/pelican</a> et quelques dépendances (les autres étaient déjà présentes dans pkgsrc). Je n'ai pas encore pris le temps de jouer avec, mais le concept m'intéresse assez pour que j'en fasse un paquet.</p>
<p>Bref, cher lecteur, si tu as du temps à perdre, n'hésite pas à compiler, tester ces paquets et me faire un petit retour, ça me ferait très plaisir !</p>Nombre d'occurrences dans un fichier - remix2012-10-01T13:37:00+02:002012-10-01T13:37:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2012-10-01:/post/2012/10/01/Nombre-d-occurrences-dans-un-fichier-remix/<p>Je détaillais dans <a href="/post/2010/03/01/Nombre-d-occurences-d-un-champ-dans-un-fichier">un billet</a> écrit il y a déjà un sacré bout de temps comment obtenir une sorte de top 10 des adresses IP effectuant le plus de requêtes dans un fichier de log Apache. J'ai décidé de revenir dessus, et de faire quelques déclinaisons de ce one-liner selon …</p><p>Je détaillais dans <a href="/post/2010/03/01/Nombre-d-occurences-d-un-champ-dans-un-fichier">un billet</a> écrit il y a déjà un sacré bout de temps comment obtenir une sorte de top 10 des adresses IP effectuant le plus de requêtes dans un fichier de log Apache. J'ai décidé de revenir dessus, et de faire quelques déclinaisons de ce one-liner selon les recherches. Attention si vous voulez copier-coller ces exemples, ils ont été réalisés sous NetBSD, et la commande <em>sort</em> n'a pas les mêmes options. Grosso modo pour le moment, j'ai vu que là où on écrit <em>sort -g</em> sous GNU/Linux, il faut écrire <em>sort -n</em> sous NetBSD. J'ai aussi décidé de me limiter à un top 5 dans l'affichage, afin d'éviter un billet trop long.</p>
<p>Revenons donc d'abord sur le one-liner de base, les IP qui font le plus de requêtes, avec à gauche, l'adresse IP, et à droite le nombre de hits :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$1]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="mf">81.</span><span class="n">X</span><span class="p">.</span><span class="n">Y</span><span class="p">.</span><span class="n">Z</span><span class="w"> </span><span class="mi">6414</span><span class="w"></span>
<span class="mf">208.</span><span class="n">F</span><span class="p">.</span><span class="n">B</span><span class="p">.</span><span class="n">I</span><span class="w"> </span><span class="mi">1578</span><span class="w"></span>
<span class="mf">178.</span><span class="n">K</span><span class="p">.</span><span class="n">G</span><span class="p">.</span><span class="n">B</span><span class="w"> </span><span class="mi">1301</span><span class="w"></span>
<span class="mf">67.</span><span class="n">D</span><span class="p">.</span><span class="n">S</span><span class="p">.</span><span class="n">T</span><span class="w"> </span><span class="mi">1179</span><span class="w"></span>
<span class="mf">77.</span><span class="n">C</span><span class="p">.</span><span class="n">I</span><span class="p">.</span><span class="n">A</span><span class="w"> </span><span class="mi">1157</span><span class="w"></span>
</code></pre></div>
<p>Ensuite, effectuons pareil mais sur les URLs visitées, toujours avec le nombre de hits à droite :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$7]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">17</span><span class="o">/</span><span class="n">installation</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">phpmyadmin</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="w"> </span><span class="mi">7787</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">24</span><span class="o">/</span><span class="n">Installation</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">mod_gnutls</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="w"> </span><span class="mi">4010</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">06</span><span class="o">/</span><span class="mi">20</span><span class="o">/</span><span class="n">Utilisateurs</span><span class="o">-</span><span class="n">virtuels</span><span class="o">-</span><span class="n">sous</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="o">-</span><span class="n">avec</span><span class="o">-</span><span class="n">base</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">donnees</span><span class="o">-</span><span class="n">MySQL</span><span class="w"> </span><span class="mi">1910</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2007</span><span class="o">/</span><span class="mi">11</span><span class="o">/</span><span class="mi">28</span><span class="o">/</span><span class="n">Installation</span><span class="o">-</span><span class="n">et</span><span class="o">-</span><span class="n">configuration</span><span class="o">-</span><span class="n">dun</span><span class="o">-</span><span class="n">serveur</span><span class="o">-</span><span class="n">dedie</span><span class="o">-</span><span class="n">OpenArena</span><span class="o">-</span><span class="mi">071</span><span class="w"> </span><span class="mi">1284</span><span class="w"></span>
<span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2009</span><span class="o">/</span><span class="mi">11</span><span class="o">/</span><span class="mi">09</span><span class="o">/</span><span class="n">Utilisation</span><span class="o">-</span><span class="n">transparente</span><span class="o">-</span><span class="n">d</span><span class="o">-</span><span class="n">une</span><span class="o">-</span><span class="n">passerelle</span><span class="o">-</span><span class="n">SSH</span><span class="w"> </span><span class="mi">1266</span><span class="w"></span>
</code></pre></div>
<p>Comme il ne s'agit que de modifier le numéro du champ, on peut aussi voir les codes de retour HTTP les plus obtenus :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$9]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="mi">200</span><span class="w"> </span><span class="mi">57019</span><span class="w"></span>
<span class="mi">304</span><span class="w"> </span><span class="mi">6156</span><span class="w"></span>
<span class="mi">404</span><span class="w"> </span><span class="mi">1797</span><span class="w"></span>
<span class="mi">500</span><span class="w"> </span><span class="mi">114</span><span class="w"></span>
<span class="mi">403</span><span class="w"> </span><span class="mi">20</span><span class="w"></span>
</code></pre></div>
<p>On peut ensuite aller chercher avec <em>grep</em> les pages causant des erreurs 500 ou 404.</p>
<p>Toujours avec la même facilité (un simple numéro de champ à modifier), on peut afficher les referers qui amènent le plus de hits :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$11]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="ss">"-"</span><span class="w"> </span><span class="mi">44306</span><span class="w"></span>
<span class="ss">"http://blog.anotherhomepage.org/post/2008/05/17/installation-de-phpmyadmin-sur-CentOS-5"</span><span class="w"> </span><span class="mi">3443</span><span class="w"></span>
<span class="ss">"http://blog.anotherhomepage.org/post/2008/06/20/Utilisateurs-virtuels-sous-CentOS-5-avec-base-de-donnees-MySQL"</span><span class="w"> </span><span class="mi">686</span><span class="w"></span>
<span class="ss">"http://blog.anotherhomepage.org/post/2009/11/09/Utilisation-transparente-d-une-passerelle-SSH"</span><span class="w"> </span><span class="mi">552</span><span class="w"></span>
<span class="ss">"http://www.google.fr/search?q=phpmyadmin+centos&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a"</span><span class="w"> </span><span class="mi">401</span><span class="w"></span>
</code></pre></div>
<p>On remarque que beaucoup n'ont pas de referer, mais il est probable que ce soient des hits sur le flux RSS. On remarque aussi que j'ai beaucoup de referers de mon propre site, il me suffit de les filtrer si je ne veux pas les afficher. Afin de rendre le traitement plus rapide, je décide de mettre la commande <em>grep</em> en premier dans mon traitement :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="ss">"blog.anotherhomepage.org"</span><span class="w"> </span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$11]++;} END {for (field in frequencies) printf "%s\\t%d" , field , frequencies[field];}'</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="ss">"-"</span><span class="w"> </span><span class="mi">44306</span><span class="w"></span>
<span class="ss">"http://www.google.fr/search?q=phpmyadmin+centos&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a"</span><span class="w"> </span><span class="mi">401</span><span class="w"></span>
<span class="ss">"http://www.google.fr/search?q=centos+phpmyadmin&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a"</span><span class="w"> </span><span class="mi">166</span><span class="w"></span>
<span class="ss">"http://forum.hardware.fr/hfr/OSAlternatifs/Installation/resolu-centos-phpmyadmin-sujet_70143_1.htm"</span><span class="w"> </span><span class="mi">121</span><span class="w"></span>
<span class="ss">"http://www.google.fr/"</span><span class="w"> </span><span class="mi">77</span><span class="w"></span>
</code></pre></div>
<p>Reprenons notre affichage des URLs les plus visitées, mais cette fois prenons en compte les méthodes (GET, HEAD, POST) et la version du protocole HTTP :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="o">-</span><span class="n">F</span><span class="w"> </span><span class="ss">""" '{frequencies[$2]++;} END {for (field in frequencies) printf "</span><span class="o">%</span><span class="n">s</span><span class="err">\\</span><span class="n">t</span><span class="o">%</span><span class="n">d</span><span class="err">"</span><span class="w"> </span><span class="p">,</span><span class="w"> </span><span class="n">field</span><span class="w"> </span><span class="p">,</span><span class="w"> </span><span class="n">frequencies</span><span class="o">[</span><span class="n">field</span><span class="o">]</span><span class="p">;</span><span class="err">}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">4</span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="k">GET</span><span class="w"> </span><span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">17</span><span class="o">/</span><span class="n">installation</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">phpmyadmin</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="w"> </span><span class="n">HTTP</span><span class="o">/</span><span class="mf">1.1</span><span class="w"> </span><span class="mi">4266</span><span class="w"></span>
<span class="k">GET</span><span class="w"> </span><span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">17</span><span class="o">/</span><span class="n">installation</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">phpmyadmin</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="w"> </span><span class="n">HTTP</span><span class="o">/</span><span class="mf">1.0</span><span class="w"> </span><span class="mi">3521</span><span class="w"></span>
<span class="k">GET</span><span class="w"> </span><span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">24</span><span class="o">/</span><span class="n">Installation</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">mod_gnutls</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="w"> </span><span class="n">HTTP</span><span class="o">/</span><span class="mf">1.1</span><span class="w"> </span><span class="mi">2181</span><span class="w"></span>
<span class="k">GET</span><span class="w"> </span><span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">24</span><span class="o">/</span><span class="n">Installation</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">mod_gnutls</span><span class="o">-</span><span class="n">sur</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="w"> </span><span class="n">HTTP</span><span class="o">/</span><span class="mf">1.0</span><span class="w"> </span><span class="mi">1829</span><span class="w"></span>
<span class="k">GET</span><span class="w"> </span><span class="o">/</span><span class="n">post</span><span class="o">/</span><span class="mi">2008</span><span class="o">/</span><span class="mi">06</span><span class="o">/</span><span class="mi">20</span><span class="o">/</span><span class="n">Utilisateurs</span><span class="o">-</span><span class="n">virtuels</span><span class="o">-</span><span class="n">sous</span><span class="o">-</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">5</span><span class="o">-</span><span class="n">avec</span><span class="o">-</span><span class="n">base</span><span class="o">-</span><span class="n">de</span><span class="o">-</span><span class="n">donnees</span><span class="o">-</span><span class="n">MySQL</span><span class="w"> </span><span class="n">HTTP</span><span class="o">/</span><span class="mf">1.0</span><span class="w"> </span><span class="mi">1193</span><span class="w"></span>
</code></pre></div>
<p>On note ici l'utilisation de l'option "-F" de awk pour changer le motif du séparateur de champ, ce qui me permet d'avoir des champs avec espace.</p>
<p>Enfin, dernier exemple, trions maintenant les User-Agents :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@dev</span><span class="err">:</span><span class="o">/</span><span class="nf">var</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">httpd</span><span class="err">#</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="o">-</span><span class="n">F</span><span class="w"> </span><span class="ss">""" '{frequencies[$6]++;} END {for (field in frequencies) printf "</span><span class="o">%</span><span class="n">d</span><span class="err">\\</span><span class="n">t</span><span class="o">%</span><span class="n">s</span><span class="err">"</span><span class="w"> </span><span class="p">,</span><span class="w"> </span><span class="n">frequencies</span><span class="o">[</span><span class="n">field</span><span class="o">]</span><span class="p">,</span><span class="w"> </span><span class="n">field</span><span class="p">;</span><span class="err">}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">access</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">nr</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="mi">10539</span><span class="w"> </span><span class="n">Mozilla</span><span class="o">/</span><span class="mf">5.0</span><span class="w"> </span><span class="p">(</span><span class="n">Windows</span><span class="p">;</span><span class="w"> </span><span class="n">U</span><span class="p">;</span><span class="w"> </span><span class="n">Windows</span><span class="w"> </span><span class="n">NT</span><span class="w"> </span><span class="mf">5.1</span><span class="p">;</span><span class="w"> </span><span class="n">fr</span><span class="p">;</span><span class="w"> </span><span class="nl">rv</span><span class="p">:</span><span class="mf">1.8.1</span><span class="p">)</span><span class="w"> </span><span class="n">VoilaBot</span><span class="w"> </span><span class="n">BETA</span><span class="w"> </span><span class="mf">1.2</span><span class="w"> </span><span class="p">(</span><span class="n">support</span><span class="p">.</span><span class="n">voilabot</span><span class="nv">@orange</span><span class="o">-</span><span class="n">ftgroup</span><span class="p">.</span><span class="n">com</span><span class="p">)</span><span class="w"></span>
<span class="mi">6493</span><span class="w"> </span><span class="n">Mozilla</span><span class="o">/</span><span class="mf">4.0</span><span class="w"> </span><span class="p">(</span><span class="n">compatible</span><span class="p">;</span><span class="w"> </span><span class="n">MSIE</span><span class="w"> </span><span class="mf">4.01</span><span class="p">;</span><span class="w"> </span><span class="n">Windows</span><span class="w"> </span><span class="n">CE</span><span class="p">;</span><span class="w"> </span><span class="n">PPC</span><span class="p">;</span><span class="w"> </span><span class="mi">240</span><span class="n">x320</span><span class="p">;</span><span class="w"> </span><span class="n">SPV</span><span class="w"> </span><span class="n">M700</span><span class="p">;</span><span class="w"> </span><span class="n">OpVer</span><span class="w"> </span><span class="mf">19.123.2.733</span><span class="p">)</span><span class="w"> </span><span class="n">OrangeBot</span><span class="o">-</span><span class="n">Mobile</span><span class="w"> </span><span class="mf">2008.0</span><span class="w"> </span><span class="p">(</span><span class="n">mobilesearch</span><span class="p">.</span><span class="n">support</span><span class="nv">@orange</span><span class="o">-</span><span class="n">ftgroup</span><span class="p">.</span><span class="n">com</span><span class="p">)</span><span class="w"></span>
<span class="mi">4188</span><span class="w"> </span><span class="n">Mozilla</span><span class="o">/</span><span class="mf">5.0</span><span class="w"> </span><span class="p">(</span><span class="n">compatible</span><span class="p">;</span><span class="w"> </span><span class="n">Yahoo</span><span class="err">!</span><span class="w"> </span><span class="n">Slurp</span><span class="o">/</span><span class="mf">3.0</span><span class="p">;</span><span class="w"> </span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">help</span><span class="p">.</span><span class="n">yahoo</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">help</span><span class="o">/</span><span class="n">us</span><span class="o">/</span><span class="n">ysearch</span><span class="o">/</span><span class="n">slurp</span><span class="p">)</span><span class="w"></span>
<span class="mi">3269</span><span class="w"> </span><span class="n">msnbot</span><span class="o">/</span><span class="mf">2.0</span><span class="n">b</span><span class="w"> </span><span class="p">(</span><span class="o">+</span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="k">search</span><span class="p">.</span><span class="n">msn</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">msnbot</span><span class="p">.</span><span class="n">htm</span><span class="p">)</span><span class="w"></span>
<span class="mi">3017</span><span class="w"> </span><span class="n">Mozilla</span><span class="o">/</span><span class="mf">5.0</span><span class="w"> </span><span class="p">(</span><span class="n">compatible</span><span class="p">;</span><span class="w"> </span><span class="n">Googlebot</span><span class="o">/</span><span class="mf">2.1</span><span class="p">;</span><span class="w"> </span><span class="o">+</span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">google</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">bot</span><span class="p">.</span><span class="n">html</span><span class="p">)</span><span class="w"></span>
</code></pre></div>
<p>J'ai décidé cette fois-ci d'afficher le nombre d'occurrences à gauche, car le nombre de champs (séparés par un espace) n'est plus fixe dans le cas des User-Agents. Mais au moment d'écrire cette phrase, j'ai de nouveau parcouru <a href="http://netbsd.gw.com/cgi-bin/man-cgi?sort+.amd64+NetBSD-6.0" title=""sort">la page de manuel de sort</a> et j'ai pu voir qu'il est possible de spécifier le séparateur de champ (option -t). J'ai utilisé le caractère \$ pour séparer le nombre d'occurrences du libellé du User-Agent, suivi de 'tr' pour le remplacer par une tabulation :</p>
<div class="highlight"><pre><span></span><code><span class="n">awk</span><span class="w"> </span><span class="o">-</span><span class="n">F</span><span class="w"> </span><span class="ss">""" '{frequencies[$6]++;} END {for (field in frequencies) printf "</span><span class="o">%</span><span class="n">s</span><span class="err">$</span><span class="o">%</span><span class="n">d</span><span class="ss">" , field , frequencies[field];}' < ./access.log | sort -nr -t$ -k 2,2| tr $ "</span><span class="err">\\</span><span class="n">t</span><span class="err">"</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">5</span><span class="w"></span>
<span class="n">Mozilla</span><span class="o">/</span><span class="mf">5.0</span><span class="w"> </span><span class="p">(</span><span class="n">Windows</span><span class="p">;</span><span class="w"> </span><span class="n">U</span><span class="p">;</span><span class="w"> </span><span class="n">Windows</span><span class="w"> </span><span class="n">NT</span><span class="w"> </span><span class="mf">5.1</span><span class="p">;</span><span class="w"> </span><span class="n">fr</span><span class="p">;</span><span class="w"> </span><span class="nl">rv</span><span class="p">:</span><span class="mf">1.8.1</span><span class="p">)</span><span class="w"> </span><span class="n">VoilaBot</span><span class="w"> </span><span class="n">BETA</span><span class="w"> </span><span class="mf">1.2</span><span class="w"> </span><span class="p">(</span><span class="n">support</span><span class="p">.</span><span class="n">voilabot</span><span class="nv">@orange</span><span class="o">-</span><span class="n">ftgroup</span><span class="p">.</span><span class="n">com</span><span class="p">)</span><span class="w"> </span><span class="mi">10539</span><span class="w"></span>
<span class="n">Mozilla</span><span class="o">/</span><span class="mf">4.0</span><span class="w"> </span><span class="p">(</span><span class="n">compatible</span><span class="p">;</span><span class="w"> </span><span class="n">MSIE</span><span class="w"> </span><span class="mf">4.01</span><span class="p">;</span><span class="w"> </span><span class="n">Windows</span><span class="w"> </span><span class="n">CE</span><span class="p">;</span><span class="w"> </span><span class="n">PPC</span><span class="p">;</span><span class="w"> </span><span class="mi">240</span><span class="n">x320</span><span class="p">;</span><span class="w"> </span><span class="n">SPV</span><span class="w"> </span><span class="n">M700</span><span class="p">;</span><span class="w"> </span><span class="n">OpVer</span><span class="w"> </span><span class="mf">19.123.2.733</span><span class="p">)</span><span class="w"> </span><span class="n">OrangeBot</span><span class="o">-</span><span class="n">Mobile</span><span class="w"> </span><span class="mf">2008.0</span><span class="w"> </span><span class="p">(</span><span class="n">mobilesearch</span><span class="p">.</span><span class="n">support</span><span class="nv">@orange</span><span class="o">-</span><span class="n">ftgroup</span><span class="p">.</span><span class="n">com</span><span class="p">)</span><span class="w"> </span><span class="mi">6493</span><span class="w"></span>
<span class="n">Mozilla</span><span class="o">/</span><span class="mf">5.0</span><span class="w"> </span><span class="p">(</span><span class="n">compatible</span><span class="p">;</span><span class="w"> </span><span class="n">Yahoo</span><span class="err">!</span><span class="w"> </span><span class="n">Slurp</span><span class="o">/</span><span class="mf">3.0</span><span class="p">;</span><span class="w"> </span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">help</span><span class="p">.</span><span class="n">yahoo</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">help</span><span class="o">/</span><span class="n">us</span><span class="o">/</span><span class="n">ysearch</span><span class="o">/</span><span class="n">slurp</span><span class="p">)</span><span class="w"> </span><span class="mi">4188</span><span class="w"></span>
<span class="n">msnbot</span><span class="o">/</span><span class="mf">2.0</span><span class="n">b</span><span class="w"> </span><span class="p">(</span><span class="o">+</span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="k">search</span><span class="p">.</span><span class="n">msn</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">msnbot</span><span class="p">.</span><span class="n">htm</span><span class="p">)</span><span class="w"> </span><span class="mi">3269</span><span class="w"></span>
<span class="n">Mozilla</span><span class="o">/</span><span class="mf">5.0</span><span class="w"> </span><span class="p">(</span><span class="n">compatible</span><span class="p">;</span><span class="w"> </span><span class="n">Googlebot</span><span class="o">/</span><span class="mf">2.1</span><span class="p">;</span><span class="w"> </span><span class="o">+</span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">google</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">bot</span><span class="p">.</span><span class="n">html</span><span class="p">)</span><span class="w"> </span><span class="mi">3017</span><span class="w"></span>
</code></pre></div>
<p>Le choix du caractère de séparateur de champ est discutable, mais il ne change pas qu'après réflexion, l'affichage de la commande précédente me semble plus lisible. Et je pense qu'afficher le nombre d'occurences en permier sera plus lisible dans d'autres cas, comme le referer ou l'URL.</p>Couleurs dans le terminal2011-12-05T08:40:00+01:002011-12-05T08:40:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-12-05:/post/2011/12/05/couleurs-dans-le-terminal/<p>Pour beaucoup de gens, la vue d'un terminal, en général en texte blanc sur fond noir (mais aussi en noir sur fond blanc ou beige sur certaines distributions), peut s'avérer très peu attrayante. En ce qui me concerne je me suis accommodé et j'ai fini par apprécier le terminal, grâce …</p><p>Pour beaucoup de gens, la vue d'un terminal, en général en texte blanc sur fond noir (mais aussi en noir sur fond blanc ou beige sur certaines distributions), peut s'avérer très peu attrayante. En ce qui me concerne je me suis accommodé et j'ai fini par apprécier le terminal, grâce à quelques modifications cosmétiques apportant de la couleur. Je trouve ainsi mon environnement beaucoup plus lisible.</p>
<h2>Le prompt</h2>
<p>Dans bash (et probablement dans d'autres shells), il est possible de modifier l'apparence du prompt via la variable d'environnement <em>PS1</em>. Regardons quelle est la valeur de PS1 sur un système CentOS (les simples quotes visent à montrer qu'il y a un espace à la fin) :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@orgrimmar ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="ss">"PS1 vaut: '$PS1'"</span><span class="w"></span>
<span class="n">PS1</span><span class="w"> </span><span class="nl">vaut</span><span class="p">:</span><span class="w"> </span><span class="s1">'[\\u@\\h \\W]\\$ '</span><span class="w"></span>
</code></pre></div>
<p>Il est possible d'en modifier l'apparence avec de nombreux paramètres, tels que la couleur, certaines informations. Par exemple, j'ai choisi d'appliquer la personnalisation suivante sur tous mes environnements bash :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="ss">"PS1 vaut: '$PS1'"</span><span class="w"></span>
<span class="n">PS1</span><span class="w"> </span><span class="nl">vaut</span><span class="p">:</span><span class="w"> </span><span class="s1">'\\[\\]\\u\\[\\]@\\[\\]\\h\\[\\]:\\w\\[\\]\\$\\[\\] '</span><span class="w"></span>
</code></pre></div>
<p>Ce qui est gênant, c'est que si ma variable d'environnement possède des couleurs, leurs codes ne sont pas affichés mais directement interprétés. En réalité, ma variable PS1 vaut :</p>
<div class="highlight"><pre><span></span><code># récupartion depuis mon bashrc :
PS1=$'\\[\\E[01;32m\\]\\u\\[\\E[0m\\]@\\[\\E[01;36m\\]\\h\\[\\E[0m\\]:\\w\\[\\E[01;32m\\]\\$\\[\\E[0m\\] '
</code></pre></div>
<p>Le nom d'utilisateur et le signe "\$" sont verts, tandis que le nom d'hôte est bleu. J'ai réalisé une variante pour l'utilisateur root où le vert est remplacé par du rouge.</p>
<p>Pour essayer, rien de plus simple : il suffit d'exporter la variable d'environnement PS1 avec une nouvelle valeur :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@orgrimmar ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="ss">"PS1 vaut: '$PS1'"</span><span class="w"></span>
<span class="n">PS1</span><span class="w"> </span><span class="nl">vaut</span><span class="p">:</span><span class="w"> </span><span class="s1">'[\\u@\\h \\W]\\$ '</span><span class="w"></span>
<span class="o">[</span><span class="n">root@orgrimmar ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">PS1</span><span class="o">=</span><span class="err">$</span><span class="s1">'\\[\\E[01;32m\\]\\u\\[\\E[0m\\]@\\[\\E[01;36m\\]\\h\\[\\E[0m\\]:\\w\\[\\E[01;32m\\]\\$\\[\\E[0m\\] '</span><span class="w"></span>
<span class="n">root</span><span class="nv">@orgrimmar</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="ss">"PS1 vaut: '$PS1'"</span><span class="w"></span>
<span class="n">PS1</span><span class="w"> </span><span class="nl">vaut</span><span class="p">:</span><span class="w"> </span><span class="s1">'\\[\\]\\u\\[\\]@\\[\\]\\h\\[\\]:\\w\\[\\]\\$\\[\\] '</span><span class="w"></span>
</code></pre></div>
<p>Il est possible d'aller plus loin, comme de remplacer \\h par \\H pour obtenir le nom complet de la machine, d'insérer la date, d'afficher le prompt en gras... Vous trouverez chez <a href="http://www.cyberciti.biz/faq/bash-shell-change-the-color-of-my-shell-prompt-under-linux-or-unix/" title="Nixcraft">Nixcraft</a> les différents codes pour démarrer et stopper une couleur, ainsi que pour la mise en gras.</p>
<p>Si vos expérimentations amènent un résultat peu plaisant, deux possibilités : la première consiste à appliquer de nouveau l'ancienne valeur PS1, si vous avez copié son contenu ailleurs, ou d'aller le chercher par exemple dans /etc/bashrc ; la deuxième consiste tout simplement à fermer puis relancer votre terminal.</p>
<p>Une fois que votre nouveau prompt vous plaît, vous voulez rendre le changement définitif. Il est possible d'éditer son fichier <em>.bashrc</em>, <em>.bash_profile</em> ou <em>.profile</em> pour cela. Si vous souhaitez que ce changement soit effectif pour tous les utilisateurs, il est possible de modifier directement <em>/etc/profile</em> ou <em>/etc/bashrc</em>, mais je ne vous le recommande pas : il est possible de mal éditer le fichier et de supprimer accidentellement des commandes utiles, et donc de mettre en vrac son système.</p>
<p>Pour CentOS/RHEL/Fedora, j'ai pris l'habitude de créer un fichier nommé <em>/etc/profile.d/prompt.sh</em> : en effet, le fichier <em>/etc/profile</em> de ces distributions charge tous les .sh situés dans <em>/etc/profile.d</em>. Il devient donc aisé d'ajouter ou de retirer des personnalisations shell comme des alias, le prompt, et d'autres variables d'environnement qui affecteront tous les utilisateurs.</p>
<p>Pour NetBSD, j'ai choisi de créer un fichier <em>/usr/pkg/etc/bashrc</em> contenant ces personnalisations, et d'ajouter le contenu suivant dans <em>/etc/profile</em> (qui, par défaut, ne contient que des commentaires) :</p>
<div class="highlight"><pre><span></span><code>if [ "<span class="cp">${</span><span class="n">BASH_no</span><span class="cp">}</span>" != "no" ]; then
[ -r /usr/pkg/etc/bashrc ] <span class="err">&&</span> . /usr/pkg/etc/bashrc
fi
</code></pre></div>
<h2>De la couleur dans ls</h2>
<p>Selon votre système, cette option peut ne pas être disponible : cela fonctionne avec CentOS 4 et 5, mais pas avec NetBSD. Il s'agit tout simplement d'utiliser l'option <em>--color</em>, qui peut être complétée, par exemple <em>--color=auto</em> ou <em>--color=tty</em>. D'où viennent ces couleurs ? De la variable d'environnement LS_COLORS. On peut donc modifier cette variable pour afficher les couleurs différemment, et consulter la page de manuel de <a href="http://pwet.fr/man/linux/commandes/dircolors" title="dircolors">dircolors</a> pour plus de détails.</p>
<h2>Grep</h2>
<p>La commande <em>grep</em> possède une option <em>--color</em>, parfois activée par défaut dans un alias sur certaines distributions. Elle colore en rouge la chaîne de caractères recherchée, que ce soit sous CentOS ou NetBSD.</p>
<h2>Pages de manuel en couleur</h2>
<p><em>most</em> permet de visualiser un texte, comme <em>more</em> ou <em>less</em>. A la différence de ces deux derniers, <em>most</em> affiche les pages de manuel en couleur. Pour cela, vous pouvez utiliser la commande suivante :</p>
<div class="highlight"><pre><span></span><code>PAGER=most man <votrecommande>
</code></pre></div>
<p>Pour que ce soit définitif, exportez la variable d'environnement <em>PAGER=most</em>. Attention toutefois, vérifiez que vous n'avez pas un <em>PAGER=more</em> qui traîne quelque part. Concernant la disponibilité du package, on peut le trouver dans <a href="http://pkgsrc.se/misc/most" title=""most">pkgsrc</a> ainsi que dans <a href="http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/" title=""most">RPMForge</a>.</p>
<h2>Colorer ses fichiers de log</h2>
<p>Un outil très pratique pour avoir des fichiers de log en couleurs est <a href="http://freecode.com/projects/ccze" title="ccze">ccze</a>. Il m'arrive de l'utiliser de la manière suivante :</p>
<div class="highlight"><pre><span></span><code>tail -f /chemin/vers/mon/log/apache | ccze
</code></pre></div>
<p>Je peux aussi m'en servir sur un fichier qui n'est pas mis à jour en direct, en duo avec less :</p>
<div class="highlight"><pre><span></span><code>ccze -A < monfichierdelog | less -R
</code></pre></div>
<p>Ce petit bijou connaît de nombreux formats de fichiers de log, et les rend du coup plus agréables à lire. C'est disponible dans <a href="http://pkgsrc.se/sysutils/ccze" title=""ccze">pkgsrc</a> et dans <a href="http://download.fedora.redhat.com/pub/epel/6/x86_64/repoview/ccze.html" title=""ccze">EPEL</a></p>
<h2>Un top en couleur ?</h2>
<p><a href="http://htop.sourceforge.net/" title="htop">Htop</a> est une version “améliorée” de top qui, en plus d'afficher la couleur, affiche les taux d'occupation processeur et mémoire d'une manière un peu “graphique”. A noter cependant que cet outil est d'abord développé pour Linux, et qu'il faut, sous NetBSD, monter <em>/proc</em> avec l'option “linux” (celle-ci est cependant différente de la couche de compatibilité binaire linux). Htop est disponible dans <a href="http://pkgsrc.se/sysutils/htop" title=""htop">pkgsrc</a> et dans <a href="http://download.fedora.redhat.com/pub/epel/6/x86_64/repoview/htop.html" title=""htop">EPEL</a></p>
<h2>Coloration syntaxique avec VIm</h2>
<p>Vous trouvez <em>vi</em> trop morne et déprimant ? Installez <a href="http://www.vim.org/" title="VIm">VIm</a> et activez la coloration syntaxique ! Souvent, seul <em>vi</em> est installé. Côté pkgsrc, le package se nomme <a href="http://pkgsrc.se/editors/vim" title=""vim">vim</a> et a pour dépendance <a href="http://pkgsrc.se/editors/vim-share" title=""vim-share">vim-share</a>. Côté Red Hat, on installera <em>vim-enhanced</em> (dispo dans les dépôts de base). Une fois ceci fait, ajoutez dans votre répertoire <em>home</em> un fichier .vimrc contenant au moins :</p>
<div class="highlight"><pre><span></span><code>syn on
set nu
</code></pre></div>
<p>Ensuite, éditez un script shell, par exemple. Vous verrez la couleur et les numéros de ligne. Pour ceux qui comme moi on un fond noir ou sombre, on ajoutera la directive suivante à son <em>.vimrc</em> :</p>
<div class="highlight"><pre><span></span><code>set bg=dark
</code></pre></div>
<p>La coloration syntaxique s'adaptera ainsi au fond de votre terminal.</p>
<p>Et voilà ! C'est Noël sur votre shell :-)</p>
<h2>Commentaires</h2>
<h3>Le 13/12/2011 11:49 par <a href="http://daemontux.org">Zanko</a></h3>
<p>On peut avoir la couleur directement sous less avec quelques variables d’environnement, du style :
export LESS_TERMCAP_mb=$'\E[01;31m' # begin blinking
export LESS_TERMCAP_md=$'\E[01;38;5;33m' # begin bold
export LESS_TERMCAP_me=$'\E[0m' # end mode
export LESS_TERMCAP_se=$'\E[0m' # end standout-mode
export LESS_TERMCAP_so=$'\E[01;31;5;31m' # begin standout-mode - info box
export LESS_TERMCAP_ue=$'\E[0m' # end underline
export LESS_TERMCAP_us=$'\E[38;5;31m' # begin underline</p>Lancement de GNU Screen en arrière-plan2011-11-28T09:30:00+01:002011-11-28T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-11-28:/post/2011/11/28/lancement-de-gnu-screen-en-arriere-plan/<p>Les entrailles de GNU Screen (que j'abrègerai en <em>screen</em> par la suite) sont parfois difficiles à comprendre. L'histoire commence ainsi : je possède une machine NetBSD, un peu bruyante, que j'allume le matin au lever et que j'éteins le soir au coucher. J'utilise screen sur cette machine, et j'aimerais, par grosse …</p><p>Les entrailles de GNU Screen (que j'abrègerai en <em>screen</em> par la suite) sont parfois difficiles à comprendre. L'histoire commence ainsi : je possède une machine NetBSD, un peu bruyante, que j'allume le matin au lever et que j'éteins le soir au coucher. J'utilise screen sur cette machine, et j'aimerais, par grosse fénéantise, que ce dernier se lance au démarrage de ma machine, en mode détaché. De la sorte, il ne me reste qu'à lancer un bon vieux “screen -r” lorsque que je m'y connecte et mon comportement ne change pas d'autres machines allumées 24h/24 : je me connecte, je “screen -r” et je suis prêt.</p>
<p>Jusque-là rien de bien particulier : un petit tour dans la page de manuel m'apprend que cela est déjà possible :</p>
<div class="highlight"><pre><span></span><code>screen -d -m
</code></pre></div>
<p>Cette commande permet de faire en sorte qu'il démarre en mode détaché, et que c'est justement fait pour un éventuel script de démarrage. En bref, la paix dans le monde, mes amis :-)</p>
<p>Je me précipite donc sur \${EDITOR} et entame l'écriture épique d'un script shell qui va lancer screen en mode détaché sous l'identité de l'utilisateur que je suis, avec le fichier .screenrc qui convient. Le script fonctionne, le script fonctionne au démarrage de la machine (c'est mieux, hein ?), toujours la paix dans le monde, avec les oiseaux qui chantent, nous sommes dans un rêve :-)</p>
<p>Donc, plein d'illusions, je lance la commande screen -r . Et là, c'est le drame : le prompt de mon shell (bash) n'est pas coloré, et n'affiche pas le répertoire courant. Après avoir demandé conseil à mon moteur de recherche favori, je me rend compte que dans ce cas, screen a eu la bonne idée de remplacer la variable d'environnement PS1 (qui définit le prompt) par une valeur autre. D'où vient-elle ? Je ne le savais pas encore. J'ai essayé de redéfinir cette variable dans mon fichier de configuration .screenrc, sans succès. En désespoir de cause, je tente un “unset PS1”. Victoire ! J'ai mon prompt personnalisé ! je suis joie, bonheur, les oiseaux chantent, la paix dans le monde, tout ça tout ça...</p>
<p>Jusqu'à ce que j'édite un fichier texte. Et là, c'est le drame (à nouveau) : mon éditeur de texte, VIm, dispose d'une fonction de coloration syntaxique que j'active par défaut. C'est trèèèès pratique. J'active aussi la numérotation des lignes. Mais là, pas de couleur. Il s'agit pourtant d'un type de fichier connu. Je tente ma chance avec d'autres programmes disposant d'un affichage coloré, sans succès non plus. Après quelques bidouillages, je me rend compte qu'en changeant la variable d'environnement TERM de <em>screen</em> à <em>xterm-color</em>, j'obtiens à nouveau la couleur. En désespoir de cause j'ajoute “export TERM=xterm-color” au fichier /usr/pkg/etc/bashrc (ce qui m'évite de copier-coller un .bashrc dans le \$HOME de mon utilisateur et de root), je relance le script et là : couleur :-)</p>
<p>Avec le recul de l'écriture de ce billet, je me suis rendu compte que lorsque j'utilise <em>screen -d -m</em>, ce dernier charge mon fichier .profile (qui charge .shrc). Ces deux fichiers m'ont posé problème dans le passé : par exemple .profile contient deux exports qui entrent conflit avec mon bashrc, “export EDITOR=vi” et “export PAGER=more” (j'utilise vim et most à la place). J'ai aussi remarqué la ligne suivante dans le fichier <em>.shrc</em> :</p>
<div class="highlight"><pre><span></span><code><span class="k">export</span><span class="w"> </span><span class="n">PS1</span><span class="o">=</span><span class="s2">"$(whoami)@$(hostname -s)$ "</span><span class="w"></span>
</code></pre></div>
<p>Tiens, c'est marrant, c'est exactement le prompt que j'avais lors de mon premier problème... ;-)</p>
<p>Bref, ma solution n'est peut-être pas la plus élégante, mais au moins ça fonctionne. Mais comme on me l'a fait remarquer il y a presque deux mois, sur les systèmes Unix : There Is More Than One Way To Do It (<em>Il y a plus d'une façon de le faire</em>).</p>
<h2>Commentaires</h2>
<h3>Le 28/11/2011 10:50 par <a href="http://instinctive.eu/">Natacha</a></h3>
<p>Il y a plus d'une façon de faire, mais parfois certaines sont plus justes que d'autres… En l'occurrence, tricher sur le TERM risque de venir tout un jeu d'ennuis : tu fais croire aux applications qu'il faut utiliser les séquences d'échappement d'xterm-color alors que tu es dans screen, et les deux ne sont pas interchangeables.</p>
<p>Par exemple d'après le termcap que j'ai sous les yeux, screen envoit \033[4~ pour signaler à l'application que la touche Fin a été utilisée, chose que l'application ne va pas comprendre parce que xterm-color evoits \033OF. Donc je soupçonne que ce changement de TERM casse la touche Fin. Et dans l'autre sens, la séquence à envoyer à screen pour effacer l'écran est \033[H\033[J mais l'application qui croit qu'elle a affaire à un xterm enverra \033[H\033[2J à la place.</p>
<p>Si ça ne te poses pas de problème, tant mieux, mais ça fait une piste pour toutes les petites choses qui vont casser comme ça ;-)</p>
<h3>Le 28/11/2011 21:55 par Nils</h3>
<p>Ça ne me pose pas de problème pour le moment, surtout que je n'utilise pas souvent la touche Fin. Mais cela me forcera à trouver un moyen plus élégant et à écrire un autre billet :)</p>Ajouter des robots dans Awstats2011-11-21T09:30:00+01:002011-11-21T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-11-21:/post/2011/11/21/Ajouter-des-robots-dans-Awstats/<p>Aujourd'hui un nouvel épisode de mon outil de statistiques web du moment, Awstats. Souvenez-vous, nous avons déjà rencontré ce logiciel à trois reprises :</p>
<ul>
<li><a href="/post/2011/01/31/awstats">lors d'un premier billet</a> d'introduction et de configuration ;</li>
<li><a href="/post/2011/02/14/utilisation-des-plugins-awstats">pour activer des plugins</a> afin d'améliorer les statistiques ;</li>
<li><a href="/post/2011/02/28/ajouter-ses-sections-personnalisees-dans-awstats">mais aussi lors de l'ajout de sections personnalisées</a> spécifiques à votre …</li></ul><p>Aujourd'hui un nouvel épisode de mon outil de statistiques web du moment, Awstats. Souvenez-vous, nous avons déjà rencontré ce logiciel à trois reprises :</p>
<ul>
<li><a href="/post/2011/01/31/awstats">lors d'un premier billet</a> d'introduction et de configuration ;</li>
<li><a href="/post/2011/02/14/utilisation-des-plugins-awstats">pour activer des plugins</a> afin d'améliorer les statistiques ;</li>
<li><a href="/post/2011/02/28/ajouter-ses-sections-personnalisees-dans-awstats">mais aussi lors de l'ajout de sections personnalisées</a> spécifiques à votre site internet.</li>
</ul>
<p>Aujourd’hui attardons-nous sur une autre possibilité d'Awstats : la détection des robots et moteurs de recherches. Si vous avez déjà des statistiques en place, vous aurez noté que vous disposez d'une rubrique “Visiteurs Robots/Spiders” dans votre page. Awstats ne peut pas connaître tous les robots sur le marché, de nouveaux sont créés tandis que d'autres disparaissent. Certains sont dédiés à des moteurs de recherche, d'autres sont des logiciels téléchargeables, pour effectuer des recherches ou créer un aggrégateur de flux RSS. Lorsqu'Awstats repère un robot qu'il ne connait pas, il peut l'afficher de deux manières : “Unknown robot (identified by 'bot*')” ou bien “Unknown robot (identified by '*bot')”. Vous comprenez donc qu'il cherche juste le mot “bot” dans le <a href="https://fr.wikipedia.org/wiki/User-agent" title="User-agent">User-agent</a> laissé par votre visiteur dans les logs de votre serveur web.</p>
<p>Si vous regardez souvent les logs de votre serveur web (activité qui peut semble à première vue excentrique, mais Ô combien intéressante en réalité), vous trouverez sans doute un robot qui n'est pas connu d'Awstats. Ce billet prend l'exemple avec <a href="http://git.etoilebsd.net/cplanet/" title="cplanet">cplanet</a>, un aggrégateur RSS utilisé en particulier par un certain <a href="http://planet.etoilebsd.net/">planet BSD francophone</a>.</p>
<p>Awstats stocke les noms des robots qu'il connaît dans un fichier nommé “robots.pm”. Ce fichier, dans le cas d'une installation via pkgsrc sous NetBSD se trouve à l'endroit suivant : <em>/usr/pkg/awstats/cgi-bin/lib/robots.pm</em>. Effectuons-donc une copie de sauvegarde de ce fichier :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">cgi</span><span class="o">-</span><span class="n">bin</span><span class="o">/</span><span class="n">lib</span><span class="err">#</span><span class="w"> </span><span class="n">cp</span><span class="w"> </span><span class="o">-</span><span class="n">vp</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">bak</span><span class="w"></span>
<span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="w"> </span><span class="o">-></span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">bak</span><span class="w"></span>
</code></pre></div>
<p>Profitons-en pour copier la sauvegarde dans un autre fichier, que nous allons modifier :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">cgi</span><span class="o">-</span><span class="n">bin</span><span class="o">/</span><span class="n">lib</span><span class="err">#</span><span class="w"> </span><span class="n">cp</span><span class="w"> </span><span class="o">-</span><span class="n">vp</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">bak</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">custom</span><span class="w"></span>
<span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">bak</span><span class="w"> </span><span class="o">-></span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">custom</span><span class="w"></span>
</code></pre></div>
<p>Avant de modifier le fichier, jetons un oeil aux logs (Apache dans mon cas) :</p>
<div class="highlight"><pre><span></span><code><span class="mf">1.2.3.4</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="err">[</span><span class="mf">04</span><span class="o">/</span><span class="n">May</span><span class="o">/</span><span class="mf">2011</span><span class="p">:</span><span class="mf">16</span><span class="p">:</span><span class="mf">30</span><span class="p">:</span><span class="mf">48</span><span class="w"> </span><span class="o">+</span><span class="mf">0200</span><span class="err">]</span><span class="w"> </span><span class="s">"GET /feed/atom HTTP/1.1"</span><span class="w"> </span><span class="mf">200</span><span class="w"> </span><span class="mf">105441</span><span class="w"> </span><span class="s">"-"</span><span class="w"> </span><span class="s">"cplanet/0.6"</span><span class="w"></span>
</code></pre></div>
<p>Le User-agent de cplanet est donc : "cplanet/0.6". Maintenant éditons notre <em>robots.pm.custom</em>. En lisant les commentaires on se rend compte que le fichier est organisé en plusieurs listes. Il faut donc ajouter notre nouveau robot dans deux d'entres elles, <em>RobotsSearchIDOrder_list\<X></em> (où \<X> désigne un chiffre) et <em>RobotsHashIDLib</em>. J'ai choisi d'ajouter mon robot dans <em>RobotsSearchIDOrder_list2</em>, qui contient des robots peu connus. Je suis allé à la fin de cette liste mais je n'ai pas ajouté mon robot en toute fin de liste mais juste après un robot nommé “zeus”. Pourquoi ? Il s'avère que certains noms de robots sont des expressions régulières, et doivent être en fin ou en début de liste. Donc je ne souhaite pas les perturber.</p>
<p>Voici les lignes contenant “zeus” et cplanet (aux alentours de la ligne 965) :</p>
<div class="highlight"><pre><span></span><code>'zeus',
'cplanet',
</code></pre></div>
<p>Passons à la deuxième liste, qui commence aux alentours de la ligne 1000. Vers la ligne 1320, on peut lire le commentaire suivant : “Other robots reported by users”. Je suis donc à nouveau descendu jusqu'à retrouver “zeus” et j'ai ajouté de cette manière cplanet, juste en-dessous :</p>
<div class="highlight"><pre><span></span><code>'cplanet','<span class="nt"><a</span> <span class="na">href=</span><span class="s">"http://git.etoilebsd.net/cplanet/"</span> <span class="na">title=</span><span class="s">"A rss feed agregator that generate static html pages"</span> <span class="na">target=</span><span class="s">"_blank"</span><span class="nt">></span>CPlanet RSS agregator<span class="nt"></a></span>',
</code></pre></div>
<p>J'ai donc créé un identifiant pour mon robot, qui est en fait une chaîne de caractères basée sur le User-agent, et ai ajouté un lien vers l'URL du robot pour savoir d'où il vient, ainsi qu'un texte descriptif, en anglais. Notez bien le format de séparation, et que la virgule à la fin est <strong>obligatoire</strong>.</p>
<p>Maintenant que notre fichier personnalisé est prêt, reste à le mettre en production :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">cgi</span><span class="o">-</span><span class="n">bin</span><span class="o">/</span><span class="n">lib</span><span class="err">#</span><span class="w"> </span><span class="n">rm</span><span class="w"> </span><span class="o">-</span><span class="n">vf</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="k">ln</span><span class="w"> </span><span class="o">-</span><span class="n">sv</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">custom</span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="w"></span>
<span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="w"></span>
<span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="w"> </span><span class="o">-></span><span class="w"> </span><span class="n">robots</span><span class="p">.</span><span class="n">pm</span><span class="p">.</span><span class="n">custom</span><span class="w"></span>
</code></pre></div>
<p>Si jamais Awstats doit être mis à jour, celui-ci écrasera le lien symbolique. Il faudra donc vérifier (avec la commande diff par exemple) si le projet Awstats a mis à jour de son côté le fichier, et reporter nos modifications dans une copie du nouveau. Pensez d'ailleurs à proposer vos nouveaux robots sur le <a href="http://sourceforge.net/tracker/?group_id=13764&atid=363764">bug tracker d'Awstats sur Sourceforge</a></p>Installation de phpMyAdmin sur CentOS 6 - suite2011-10-17T09:30:00+02:002011-10-17T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-10-17:/post/2011/10/17/Installation-de-phpMyAdmin-sur-CentOS-6-suite/<h2>Résumé de l'épisode précédent</h2>
<p>Lors de mon précédent billet sur <a href="/post/2011/10/03/Installation-de-phpMyAdmin-sur-CentOS-6">l'installation et la configuration de phpMyAdmin sur CentOS 6</a>, nous avions obtenu une installation fonctionnelle, mais perfectible. Nous allons voir ensemble comment rendre l'installation plus confortable et tenter de la sécuriser un peu.</p>
<h2>Authentification par cookie</h2>
<p>Lors de la connexion …</p><h2>Résumé de l'épisode précédent</h2>
<p>Lors de mon précédent billet sur <a href="/post/2011/10/03/Installation-de-phpMyAdmin-sur-CentOS-6">l'installation et la configuration de phpMyAdmin sur CentOS 6</a>, nous avions obtenu une installation fonctionnelle, mais perfectible. Nous allons voir ensemble comment rendre l'installation plus confortable et tenter de la sécuriser un peu.</p>
<h2>Authentification par cookie</h2>
<p>Lors de la connexion à phpMyAdmin, c'est une authentification de type HTTP qui est envoyée. Sachant que nous n'avons pas encore activé HTTPS, les identifiants circulent en clair sur le réseau. De plus, à chaque fois qu'on ferme la fenêtre ou l'onglet du navigateur, il faut s'authentifier à nouveau. Le cookie devrait donc aider. Pour activer ce mécanisme, éditons le fichier de configuration de phpMyAdmin :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">vi</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">phpMyAdmin</span><span class="o">/</span><span class="n">config</span><span class="p">.</span><span class="n">inc</span><span class="p">.</span><span class="n">php</span><span class="w"></span>
</code></pre></div>
<p>A la ligne 41, on trouvera l'expression suivante :</p>
<div class="highlight"><pre><span></span><code>$cfg['Servers'][$i]['auth_type'] = 'http'; // Authentication method (config, http or cookie based)?
</code></pre></div>
<p>Il suffit donc de remplacer 'http' par 'cookie' puis d'enregistrer le fichier. Le paramètre 'config' est à manipuler avec la plus grande précaution, et nécessite de renseigner les identifiants dans les champs suivants, ce qui n'est pas du tout sécurisé à mon sens. Une fois la modification effectuée, une (jolie ?) page d'identification devrait apparaître en lieu et place de l'horrible notification du navigateur demandant le login et le mot de passe. En prime, il est possible de choisir la langue :-)</p>
<p>Maintenant, un message assez étrange risque d'apparaître lors de vos prochaines connexions, en bas de l'interface de phpMyAdmin : “Vous devez ajouter dans le fichier de configuration une phrase de passe secrète (blowfish_secret).” Allons donc éditer de nouveau le fichier de configuration, à la ligne 14 :</p>
<div class="highlight"><pre><span></span><code><span class="mh">$cf</span><span class="nv">g</span>[<span class="s1">'</span><span class="s">blowfish_secret</span><span class="s1">'</span>] <span class="o">=</span> <span class="s1">''</span><span class="c1">; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */</span>
</code></pre></div>
<p>Et entre les guillemets simple, on insère une phrase de passe. Quelques exemples :</p>
<ul>
<li>je vois un gnou faire de la bicyclette</li>
<li>je ne sais pas programmer en python (ou perl, java, c, ruby, ce que vous voulez)</li>
<li>aieruhgpauOUGYVaerhg 07856qorieghg (oui, l'aléatoire fonctionne aussi)</li>
</ul>
<p>Le but n'est pas de fournir une phrase intelligible ou facilement mémorisable, mais une suite de caractère assez longue pour chiffrer le mot de passe dans le cookie. Il ne sera pas nécessaire de réutiliser cette phrase de passe.</p>
<h2>HTTPS</h2>
<p>L'authentification par cookie apporte un mieux, mais celui-ci peut toujours être intercepté et rejoué par quelqu'un de malintentionné. De plus l'intercepteur pourra examiner le traffic et en retirer les commandes jouées, ou pourquoi pas le contenu des base de données. L'un des moyens d'empêcher cette interception est de chiffrer le trafic entre la machine cliente et le serveur hébergeant phpMyAdmin et MySQL. Pour cela nous allons activer mod_ssl dans Apache afin de naviguer en HTTPS dans phpMyAdmin.</p>
<p>Installons donc mod_ssl :</p>
<div class="highlight"><pre><span></span><code><span class="p">[</span><span class="n">root</span><span class="err">@</span><span class="n">crashtest</span><span class="w"> </span><span class="o">~</span><span class="p">]</span><span class="c1"># yum install mod_ssl</span><span class="w"></span>
<span class="n">Loaded</span><span class="w"> </span><span class="n">plugins</span><span class="p">:</span><span class="w"> </span><span class="n">fastestmirror</span><span class="w"></span>
<span class="n">Loading</span><span class="w"> </span><span class="n">mirror</span><span class="w"> </span><span class="n">speeds</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="n">cached</span><span class="w"> </span><span class="n">hostfile</span><span class="w"></span>
<span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">epel</span><span class="p">:</span><span class="w"> </span><span class="n">mirrors</span><span class="o">.</span><span class="n">ircam</span><span class="o">.</span><span class="n">fr</span><span class="w"></span>
<span class="n">Setting</span><span class="w"> </span><span class="n">up</span><span class="w"> </span><span class="n">Install</span><span class="w"> </span><span class="n">Process</span><span class="w"></span>
<span class="n">Resolving</span><span class="w"> </span><span class="n">Dependencies</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">mod_ssl</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">1</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Finished</span><span class="w"> </span><span class="n">Dependency</span><span class="w"> </span><span class="n">Resolution</span><span class="w"></span>
<span class="n">Dependencies</span><span class="w"> </span><span class="n">Resolved</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">Arch</span><span class="w"> </span><span class="n">Version</span><span class="w"> </span><span class="n">Repository</span><span class="w"> </span><span class="n">Size</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="n">Installing</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">mod_ssl</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mi">1</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">85</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="n">Transaction</span><span class="w"> </span><span class="n">Summary</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="n">Install</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">Package</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"></span>
<span class="n">Upgrade</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="n">Package</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"></span>
<span class="n">Total</span><span class="w"> </span><span class="n">download</span><span class="w"> </span><span class="n">size</span><span class="p">:</span><span class="w"> </span><span class="mi">85</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="n">Installed</span><span class="w"> </span><span class="n">size</span><span class="p">:</span><span class="w"> </span><span class="mi">183</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"> </span><span class="n">y</span><span class="w"></span>
<span class="n">Downloading</span><span class="w"> </span><span class="n">Packages</span><span class="p">:</span><span class="w"></span>
<span class="n">mod_ssl</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">85</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">rpm_check_debug</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">Transaction</span><span class="w"> </span><span class="n">Test</span><span class="w"></span>
<span class="n">Transaction</span><span class="w"> </span><span class="n">Test</span><span class="w"> </span><span class="n">Succeeded</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">Transaction</span><span class="w"></span>
<span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">:</span><span class="n">mod_ssl</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">1</span><span class="o">/</span><span class="mi">1</span><span class="w"></span>
<span class="n">Installed</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">mod_ssl</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">1</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"></span>
<span class="n">Complete</span><span class="o">!</span><span class="w"></span>
</code></pre></div>
<p>Relançons Apache :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="n">restart</span><span class="w"></span>
<span class="n">Arrêt</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
<span class="n">Démarrage</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Et rendons-nous sur phpMyAdmin, en HTTPS. Dans mon cas l'url est https://crashtest/phpmyadmin/ . Un message du navigateur signale alors que le certificat utilisé pour se connecter est auto-signé.</p>
<p>Il est courant d'accepter le certificat et de le mémoriser : à plus forte raison s'il s'agit d'une machine de tests ou de développement, il suffit de s'assurer que le certificat ne changera pas en le mémorisant dans le navigateur; si jamais ce message devait à nouveau s'afficher, soit vous avez réinstallé le serveur ou changé les certificats, soit un petit malin tente une attaque de type "homme du milieu" (<em>man in the middle</em> en anglais).</p>
<p>Il est aussi possible d'accepter le certificat sans pour autant le mémoriser, et (faire) créer les certificats adéquats, selon votre type d'organisation ; les grosses entreprises possèdent leur propre autorité de certification et la déploient sur leurs postes de travail. Si votre serveur est directement accessible depuis Internet, de nombreux prestataires proposent, gratuitement ou non, de générer un certificat qu'il vous faudra ensuite installer en lieu et place de ceux par défaut. Cela peut vous éviter de vérifier manuellement sur chaque nouvelle machine cliente qu'il s'agit du bon certificat.</p>
<p>La mise en œuvre détaillée d'un serveur HTTPS et d'une infrastructure de gestion de certificats SSL d'entreprise (appelée aussi PKI de l'anglais <em>Public Key Infrastructure</em>) ne fait pas partie des objectifs de ce billet, par conséquent elle est laissée en exercice au lecteur.</p>
<p>Notre serveur accepte donc les connexions HTTP en clair et les connexions HTTPS chiffrées.</p>
<h2>Pare-feu</h2>
<p>En plus de chiffrer des connexions, il est possible de les filtrer. Dans le précédent billet, nous avons vu qu'Apache peut interdire ou accepter certains clients suivant leur adresse IP. Il est possible, avec un pare-feu (<em>firewall</em> en anglais), de filtrer les connexions Apache comme MySQL ou SSH et d'effectuer un contrôle plus fin sur les connexions.</p>
<p>Sur un système GNU/Linux, en particulier CentOS, le pare-feu de référence est <a href="http://www.netfilter.org/">Netfilter</a> (qui fournit entre autres la commande <em><a href="http://www.netfilter.org/projects/iptables/index.html">iptables</a></em>). La plupart des autres projets de pare-feu pour GNU/Linux sont généralement des surcouches à Netfilter.</p>
<p><strong>Attention !</strong> il est très facile, lorsqu'on manipule des règles de filtrage de connexions réseau, de scier la branche sur laquelle on est assis. Si bloquer accidentellement les connexions réseau lorsqu'on est devant la machine n'est pas bien grave, couper la connexion SSH qu'on utilise oblige à se déplacer, couper le pare-feu une fois devant la machine, puis repartir à son poste et se reconnecter.</p>
<p>Pour éviter ce genre de désagrément, il est possible de planifier une tâche qui coupe le firewall, par exemple toutes les 10 minutes. Ainsi, dès qu'on se rend compte que la machine ne répond plus à rien sur le réseau, il ne reste qu'à attendre 10 minutes tout au plus pour que la machine soit à nouveau accessible. L'inconvénient est qu'il faut réussir à faire ses modifications en moins de 10 minutes ! Nous allons donc éditer la “crontab” :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">crontab</span><span class="w"> </span><span class="o">-</span><span class="n">e</span><span class="w"></span>
</code></pre></div>
<p>Il est fort probable qu'elle soit vide, puisqu'il s'agit de la crontab de root et que la machine est fraîchement installée. Ajoutons la ligne suivante :</p>
<div class="highlight"><pre><span></span><code>*/10 * * * * /etc/init.d/iptables stop > /dev/null 2>&1
</code></pre></div>
<p>Et voilà ! Toutes les 10 minutes, le pare-feu sera désactivé. Le temps d'effectuer une modification, et de la valider. Attention cependant, une fois que les changements seront validés, penser à effacer cette ligne, ou à la commenter. Pour plus d'information : <a href="http://manpagesfr.free.fr/man/man5/crontab.5.html">la page de manuel</a>. Une fois le garde-fou mis en place, passons aux choses sérieuses : définir les règles de filtrage à mettre en place, puis les mettre en place.</p>
<p>Afin de rester dans les clous de la distribution, nous n'allons pas créer un script de pare-feu personnalisé, mais utiliser le fichier déjà en place pour sauvegarder les règles. Ce fichier est <em>/etc/sysconfig/iptables</em>, mais comme indiqué en anglais en tête de ce fichier, il n'est pas recommandé de l'éditer manuellement. Nous allons donc lancer le pare-feu, ajouter des règles avec la commande <em>iptables</em>, vérifier leur bon fonctionnement, les sauvegarder, et vérifier la sauvegarde.</p>
<p>Lancement du pare-feu :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="k">start</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="n">Application</span><span class="w"> </span><span class="n">des</span><span class="w"> </span><span class="n">règles</span><span class="w"> </span><span class="n">du</span><span class="w"> </span><span class="n">pare</span><span class="o">-</span><span class="n">feu</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Vérification des règles actuellement activées :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="n">status</span><span class="w"></span>
<span class="nc">Table</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="k">filter</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"></span>
<span class="mi">1</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="n">RELATED</span><span class="p">,</span><span class="n">ESTABLISHED</span><span class="w"></span>
<span class="mi">2</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">icmp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"></span>
<span class="mi">3</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"></span>
<span class="mi">4</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">22</span><span class="w"></span>
<span class="mi">5</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">25</span><span class="w"></span>
<span class="mi">6</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="n">FORWARD</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"></span>
<span class="mi">1</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="k">OUTPUT</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"></span>
</code></pre></div>
<p>Et si on tente de se connecter à phpMyAdmin, cela ne fonctionne plus. Il faut donc accepter les connexions vers le port 80 (HTTP) et 443 (HTTPS). Nous allons insérer dans la chaine INPUT avant la règle numéro 5 (celle qui accepte le port 25 tcp) une règle acceptant le port 80 :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="o">-</span><span class="n">I</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="c1">--state NEW -m tcp -p tcp --dport 80 -j ACCEPT</span>
</code></pre></div>
<p>Si on se connecte à phpMyAdmin, cela fonctionne en HTTP, mais pas en HTTPS. Continuons, cette fois insérons notre règle avant la numéro 6 (décalage oblige du fait de notre insertion précédente) :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="o">-</span><span class="n">I</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="mi">6</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="c1">--state NEW -m tcp -p tcp --dport 443 -j ACCEPT</span>
</code></pre></div>
<p>Voilà, maintenant nous accédons à phpMyAdmin en HTTPS. Vérifions les règles en mémoire pour comparaison avec la situation précédente :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="n">status</span><span class="w"></span>
<span class="nc">Table</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="k">filter</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"></span>
<span class="mi">1</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="n">RELATED</span><span class="p">,</span><span class="n">ESTABLISHED</span><span class="w"></span>
<span class="mi">2</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">icmp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"></span>
<span class="mi">3</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"></span>
<span class="mi">4</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">22</span><span class="w"></span>
<span class="mi">5</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">80</span><span class="w"></span>
<span class="mi">6</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">443</span><span class="w"></span>
<span class="mi">7</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">25</span><span class="w"></span>
<span class="mi">8</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="n">FORWARD</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"></span>
<span class="mi">1</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="k">OUTPUT</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"></span>
</code></pre></div>
<p>A noter que la commande <em>iptables -L -n</em> donne le même résultat, et pourrait servir sur d'autres distributions Linux.A présent, sauvegardons notre configuration :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="k">save</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="n">Sauvegarde</span><span class="w"> </span><span class="n">des</span><span class="w"> </span><span class="n">règles</span><span class="w"> </span><span class="n">du</span><span class="w"> </span><span class="n">pare</span><span class="o">-</span><span class="n">feu</span><span class="w"> </span><span class="n">dans</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">sysconfig</span><span class="o">/</span><span class="n">iptables</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Vérifions la sauvegarde :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">cat</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">sysconfig</span><span class="o">/</span><span class="n">iptables</span><span class="w"></span>
<span class="err">#</span><span class="w"> </span><span class="n">Generated</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="n">iptables</span><span class="o">-</span><span class="k">save</span><span class="w"> </span><span class="n">v1</span><span class="mf">.4.7</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="n">Thu</span><span class="w"> </span><span class="n">Sep</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="mi">20</span><span class="err">:</span><span class="mi">34</span><span class="err">:</span><span class="mi">19</span><span class="w"> </span><span class="mi">2011</span><span class="w"></span>
<span class="o">*</span><span class="k">filter</span><span class="w"></span>
<span class="err">:</span><span class="k">INPUT</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="o">[</span><span class="n">0:0</span><span class="o">]</span><span class="w"></span>
<span class="err">:</span><span class="n">FORWARD</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="o">[</span><span class="n">0:0</span><span class="o">]</span><span class="w"></span>
<span class="err">:</span><span class="k">OUTPUT</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="o">[</span><span class="n">1118:858094</span><span class="o">]</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="o">--</span><span class="k">state</span><span class="w"> </span><span class="n">RELATED</span><span class="p">,</span><span class="n">ESTABLISHED</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">icmp</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">i</span><span class="w"> </span><span class="n">lo</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="o">--</span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="n">dport</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="o">--</span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="n">dport</span><span class="w"> </span><span class="mi">80</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="o">--</span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="n">dport</span><span class="w"> </span><span class="mi">443</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="o">--</span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="n">dport</span><span class="w"> </span><span class="mi">25</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="o">--</span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"></span>
<span class="o">-</span><span class="n">A</span><span class="w"> </span><span class="n">FORWARD</span><span class="w"> </span><span class="o">-</span><span class="n">j</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="o">--</span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"></span>
<span class="k">COMMIT</span><span class="w"></span>
<span class="err">#</span><span class="w"> </span><span class="n">Completed</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="n">Thu</span><span class="w"> </span><span class="n">Sep</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="mi">20</span><span class="err">:</span><span class="mi">34</span><span class="err">:</span><span class="mi">19</span><span class="w"> </span><span class="mi">2011</span><span class="w"></span>
</code></pre></div>
<p>On peut donc voir que les règles acceptant les ports 80 sont bien sauvegardées. La règle autorisant le port 25 n'est pas utile, elle fut ajoutée en exemple lors du billet sur une installation minimaliste de CentOS 6. Le retrait de cette règle est laissé en exercice au lecteur ;-)</p>
<p>Une fois les règles en place donnant satisfaction, il faut penser à retirer le garde-fou en éditant la crontab : on peut alors supprimer la ligne désactivant iptables, ou la mettre en commentaire en place le caractère "#" devant. Après le retrait du garde-fou, on peut activer le pare-feu au démarrage :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">iptables</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="k">on</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">iptables</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
</code></pre></div>
<h2>Base de données phpMyAdmin</h2>
<p>phpMyAdmin est maintenant un outil complet avec de nombreux paramètres. Certains peuvent être utilisés via le fichier de configuration, mais pour d'autres, une base de données est nécessaire. D'ailleurs, selon le paquet phpMyAdmin installé (une version à jour est arrivée pendant l'écriture des deux billets), vous pouvez avoir le message suivant en bas de l'interface : “Le stockage de configurations phpMyAdmin n'est pas complètement configuré, certaines fonctionnalités ont été désactivée. Pour en connaître la raison, cliquez ici.”Dans la version plus récente, cet avertissement a été retiré.</p>
<p>Utilisons phpMyAdmin pour créer un nouvel utilisateur dit “de contrôle” (via l'onglet “Privilèges”), et appelons-le tout simplement “phpmyadmin”. Le paramètre client est “Local”, et on génèrera le mot de passe aléatoirement. Pensez à copier ce mot de passe ailleurs, on va en avoir besoin un peu plus tard. Toujours dans l'interface de création de l'utilisateur, cochons l'option “Créer une base portant son nom et donner à cet utilisateur tous les privilèges sur cette base”. Enfin, cliquons sur le bouton du bas : “Créer un compte d'utilisateur”. Une autre manipulation est nécessaire car l'utilisateur de contrôle a besoin d'un peu plus de droits. Pour aller plus vite, rechargeons les privilèges puis cliquons sur l'onglet “SQL” et entrons le texte suivant dans le champ (j'espère que vous avez bien copié le mot de passe généré de tout à l'heure ;-)):</p>
<div class="highlight"><pre><span></span><code><span class="n">GRANT</span><span class="w"> </span><span class="n">USAGE</span><span class="w"> </span><span class="n">ON</span><span class="w"> </span><span class="n">mysql</span><span class="o">.*</span><span class="w"> </span><span class="n">TO</span><span class="w"> </span><span class="s1">'phpmyadmin'</span><span class="err">@</span><span class="s1">'localhost'</span><span class="w"> </span><span class="n">IDENTIFIED</span><span class="w"> </span><span class="n">BY</span><span class="w"> </span><span class="s1">'motdepassealeatoire'</span><span class="p">;</span><span class="w"></span>
<span class="n">GRANT</span><span class="w"> </span><span class="n">SELECT</span><span class="w"> </span><span class="p">(</span><span class="w"></span>
<span class="w"> </span><span class="n">Host</span><span class="p">,</span><span class="w"> </span><span class="n">User</span><span class="p">,</span><span class="w"> </span><span class="n">Select_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Insert_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Update_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Delete_priv</span><span class="p">,</span><span class="w"></span>
<span class="w"> </span><span class="n">Create_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Drop_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Reload_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Shutdown_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Process_priv</span><span class="p">,</span><span class="w"></span>
<span class="w"> </span><span class="n">File_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Grant_priv</span><span class="p">,</span><span class="w"> </span><span class="n">References_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Index_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Alter_priv</span><span class="p">,</span><span class="w"></span>
<span class="w"> </span><span class="n">Show_db_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Super_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Create_tmp_table_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Lock_tables_priv</span><span class="p">,</span><span class="w"></span>
<span class="w"> </span><span class="n">Execute_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Repl_slave_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Repl_client_priv</span><span class="w"></span>
<span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="n">ON</span><span class="w"> </span><span class="n">mysql</span><span class="o">.</span><span class="n">user</span><span class="w"> </span><span class="n">TO</span><span class="w"> </span><span class="s1">'phpmyadmin'</span><span class="err">@</span><span class="s1">'localhost'</span><span class="p">;</span><span class="w"></span>
<span class="n">GRANT</span><span class="w"> </span><span class="n">SELECT</span><span class="w"> </span><span class="n">ON</span><span class="w"> </span><span class="n">mysql</span><span class="o">.</span><span class="n">db</span><span class="w"> </span><span class="n">TO</span><span class="w"> </span><span class="s1">'phpmyadmin'</span><span class="err">@</span><span class="s1">'localhost'</span><span class="p">;</span><span class="w"></span>
<span class="n">GRANT</span><span class="w"> </span><span class="n">SELECT</span><span class="w"> </span><span class="n">ON</span><span class="w"> </span><span class="n">mysql</span><span class="o">.</span><span class="n">host</span><span class="w"> </span><span class="n">TO</span><span class="w"> </span><span class="s1">'phpmyadmin'</span><span class="err">@</span><span class="s1">'localhost'</span><span class="p">;</span><span class="w"></span>
<span class="n">GRANT</span><span class="w"> </span><span class="n">SELECT</span><span class="w"> </span><span class="p">(</span><span class="n">Host</span><span class="p">,</span><span class="w"> </span><span class="n">Db</span><span class="p">,</span><span class="w"> </span><span class="n">User</span><span class="p">,</span><span class="w"> </span><span class="n">Table_name</span><span class="p">,</span><span class="w"> </span><span class="n">Table_priv</span><span class="p">,</span><span class="w"> </span><span class="n">Column_priv</span><span class="p">)</span><span class="w"></span>
<span class="w"> </span><span class="n">ON</span><span class="w"> </span><span class="n">mysql</span><span class="o">.</span><span class="n">tables_priv</span><span class="w"> </span><span class="n">TO</span><span class="w"> </span><span class="s1">'phpmyadmin'</span><span class="err">@</span><span class="s1">'localhost'</span><span class="p">;</span><span class="w"></span>
</code></pre></div>
<p>Cliquons sur “Exécuter” et on nous signale que MySQL a retourné des résultat vides. Pensons à recharger les privilèges (dans l'onglet “Privilèges”Encore une chose. Il nous faut peupler la base de données créée pour phpMyAdmin. Pour cela, revenons dans le shell de notre serveur et utilisons le fichier SQL fourni par phpMyAdmin :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">mysql</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">phpMyAdmin</span><span class="o">/</span><span class="n">examples</span><span class="o">/</span><span class="n">create_tables</span><span class="p">.</span><span class="k">sql</span><span class="w"></span>
</code></pre></div>
<p>A noter que sur d'anciennes versions, le répertoire est /usr/share/phpMyAdmin/scripts/create_tables.sql .Maintenant éditons à nouveau le fichier de configuration de phpMyAdmin :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">vi</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">phpMyAdmin</span><span class="o">/</span><span class="n">config</span><span class="p">.</span><span class="n">inc</span><span class="p">.</span><span class="n">php</span><span class="w"></span>
</code></pre></div>
<p>Et renseignons aux lignes 34 et 36 l'utilisateur de contrôle et son mot de passe :</p>
<div class="highlight"><pre><span></span><code><span class="mh">$cf</span><span class="nv">g</span>[<span class="s1">'</span><span class="s">Servers</span><span class="s1">'</span>][$<span class="nv">i</span>][<span class="s1">'</span><span class="s">controluser</span><span class="s1">'</span>] <span class="o">=</span> <span class="s1">'</span><span class="s">phpmyadmin</span><span class="s1">'</span><span class="c1">; // MySQL control user settings</span>
<span class="o">//</span> <span class="ss">(</span><span class="nv">this</span> <span class="nv">user</span> <span class="nv">must</span> <span class="nv">have</span> <span class="nv">read</span><span class="o">-</span><span class="nv">only</span>
<span class="mh">$cf</span><span class="nv">g</span>[<span class="s1">'</span><span class="s">Servers</span><span class="s1">'</span>][$<span class="nv">i</span>][<span class="s1">'</span><span class="s">controlpass</span><span class="s1">'</span>] <span class="o">=</span> <span class="s1">'</span><span class="s">motdepassealeatoire</span><span class="s1">'</span><span class="c1">; // access to the "mysql/user"</span>
<span class="o">//</span> <span class="nv">and</span> <span class="s2">"</span><span class="s">mysql/db</span><span class="s2">"</span> <span class="nv">tables</span><span class="ss">)</span>.
<span class="o">//</span> <span class="nv">The</span> <span class="nv">controluser</span> <span class="nv">is</span> <span class="nv">also</span>
<span class="o">//</span> <span class="nv">used</span> <span class="k">for</span> <span class="nv">all</span> <span class="nv">relational</span>
<span class="o">//</span> <span class="nv">features</span> <span class="ss">(</span><span class="nv">pmadb</span><span class="ss">)</span>
</code></pre></div>
<p>Une fois le fichier enregistré et déconnecté puis reconnecté à phpMyAdmin, nous pouvons utiliser toutes les possibilités de cet outil !</p>
<h2>SELinux</h2>
<p>J'avoue ne pas être familier avec SELinux. Je me suis contenté d'éditer <em>/etc/sysconfig/selinux</em> et de passer le paramètre <em>SELINUX</em> à <em>enforcing</em>. Un reboot plus tard, SELinux est activé, httpd, mysqld sont lancés, et phpMyAdmin est accessible !</p>
<h2>Commentaires</h2>
<h3>Le 10/12/2011 17:19 par <a href="http://www.lapoussette.net">poussette</a></h3>
<p>Hello,bon nombre de remerciement pour ce super post que très sympathique.</p>Installation de phpMyAdmin sur CentOS 62011-10-03T09:30:00+02:002011-10-03T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-10-03:/post/2011/10/03/Installation-de-phpMyAdmin-sur-CentOS-6/<h2>Préambule</h2>
<p>Il y a un peu plus de deux ans, j'écrivais ce qui reste (à l'écriture de ce billet) le contenu phare de ce blog : <a href="/post/2008/05/17/installation-de-phpmyadmin-sur-CentOS-5">installation de phpMyAdmin sur CentOS 5</a>. C'est bien simple, c'est la raison pour laquelle une grande majorité des visiteurs atterrit ici. Ca en devient presque …</p><h2>Préambule</h2>
<p>Il y a un peu plus de deux ans, j'écrivais ce qui reste (à l'écriture de ce billet) le contenu phare de ce blog : <a href="/post/2008/05/17/installation-de-phpmyadmin-sur-CentOS-5">installation de phpMyAdmin sur CentOS 5</a>. C'est bien simple, c'est la raison pour laquelle une grande majorité des visiteurs atterrit ici. Ca en devient presque frustrant, d'ailleurs ;-) Bref, toujours est-il que depuis juillet, CentOS 6 est (enfin) disponible , il est donc temps de remettre ce petit tutoriel au goût du jour !</p>
<p><strong>Objectifs :</strong> installer et configurer un serveur de base de données MySQL avec une interface web d'administration pour pouvoir ensuite faire du développement ou installer facilement d'autres outils web utilisant ce type de base de données, comme un CMS ou un moteur de blog.</p>
<p><strong>Outils à disposition :</strong> que du libre, bien entendu ! Le système d'exploitation est <a href="http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.0">CentOS 6</a>, le serveur de base de données <a href="https://www.mysql.com/">MySQL</a> est disponible dans les dépôts de cette distribution, ainsi que le serveur web, <a href="https://httpd.apache.org/">Apache HTTP Server</a>. Le logiciel d'administration web est le très connu <a href="http://www.phpmyadmin.net/home_page/index.php">phpMyAdmin</a>, qu'on installera (avec ses prérequis) depuis le dépôt <a href="https://fedoraproject.org/wiki/EPEL">EPEL</a>. On supposera donc que la machine a accès à Internet (pour accéder aux dépôts).</p>
<p>Je ne vais pas décrire tout depuis l'installation de l'OS, mais pour s'assurer que les bases sont saines, j'ai effectué une installation ressemblant comme deux gouttes d'eau à mon billet précédent : <a href="/post/2011/08/08/Installation-minimaliste-d-une-CentOS-6">installation minimaliste d'une CentOS 6</a> (et je vais peut-être me calmer un peu sur l’auto-promotion ;-) ). Parmi les paramètres importants, notons la désactivation de SELinux.</p>
<p>Une dernière chose avant de rentrer dans le vif du sujet : pour plus de transparence, et aussi parce que les plus intéressés par ce billet sont probablement des débutants dans le monde de GNU/Linux et des logiciels libres, j'ai choisi d'afficher autant que faire se peut les résultats des commandes. <strong>Le billet est donc assez long, mais pas complexe pour autant !</strong> Je vous recommande cependant de lire ce billet en entier avant de taper la moindre commande sur votre machine. De toutes façons, vous utilisez une machine (virtuelle) de tests, hein ?</p>
<h2>Installation d'Apache, PHP et de phpMyAdmin</h2>
<p>Commençons par ajouter le dépôt EPEL à notre installation, de sorte à faciliter l'installation de toute la bande Apache, PHP, MySQL et phpMyAdmin :</p>
<div class="highlight"><pre><span></span><code><span class="p">[</span><span class="n">root</span><span class="err">@</span><span class="n">crashtest</span><span class="w"> </span><span class="o">~</span><span class="p">]</span><span class="c1"># rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm</span><span class="w"></span>
<span class="n">Récupération</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">download</span><span class="o">.</span><span class="n">fedoraproject</span><span class="o">.</span><span class="n">org</span><span class="o">/</span><span class="n">pub</span><span class="o">/</span><span class="n">epel</span><span class="o">/</span><span class="mi">6</span><span class="o">/</span><span class="n">i386</span><span class="o">/</span><span class="n">epel</span><span class="o">-</span><span class="n">release</span><span class="o">-</span><span class="mi">6</span><span class="o">-</span><span class="mf">5.</span><span class="n">noarch</span><span class="o">.</span><span class="n">rpm</span><span class="w"></span>
<span class="n">attention</span><span class="p">:</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">rpm</span><span class="o">-</span><span class="n">tmp</span><span class="o">.</span><span class="n">c1BYty</span><span class="p">:</span><span class="w"> </span><span class="n">Entête</span><span class="w"> </span><span class="n">V3</span><span class="w"> </span><span class="n">RSA</span><span class="o">/</span><span class="n">SHA256</span><span class="w"> </span><span class="n">Signature</span><span class="p">,</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">ID</span><span class="w"> </span><span class="mi">0608</span><span class="n">b895</span><span class="p">:</span><span class="w"> </span><span class="n">NOKEY</span><span class="w"></span>
<span class="n">Préparation</span><span class="o">...</span><span class="w"> </span><span class="p">(</span><span class="mi">100</span><span class="o">%</span><span class="p">)</span><span class="w"></span>
<span class="mi">1</span><span class="p">:</span><span class="n">epel</span><span class="o">-</span><span class="n">release</span><span class="w"> </span><span class="p">(</span><span class="mi">100</span><span class="o">%</span><span class="p">)</span><span class="w"></span>
</code></pre></div>
<p>Ensuite, c'est assez simple, grâce au jeu des dépendances, nous installons phpMyAdmin :</p>
<div class="highlight"><pre><span></span><code><span class="p">[</span><span class="n">root</span><span class="err">@</span><span class="n">crashtest</span><span class="w"> </span><span class="o">~</span><span class="p">]</span><span class="c1"># yum install phpmyadmin</span><span class="w"></span>
<span class="n">Loaded</span><span class="w"> </span><span class="n">plugins</span><span class="p">:</span><span class="w"> </span><span class="n">fastestmirror</span><span class="w"></span>
<span class="n">Determining</span><span class="w"> </span><span class="n">fastest</span><span class="w"> </span><span class="n">mirrors</span><span class="w"></span>
<span class="n">epel</span><span class="o">/</span><span class="n">metalink</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">12</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">epel</span><span class="p">:</span><span class="w"> </span><span class="n">mirrors</span><span class="o">.</span><span class="n">ircam</span><span class="o">.</span><span class="n">fr</span><span class="w"></span>
<span class="n">base</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">3.7</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">base</span><span class="o">/</span><span class="n">primary_db</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">4.2</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">epel</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">4.3</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">epel</span><span class="o">/</span><span class="n">primary_db</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">3.9</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">15</span><span class="w"> </span>
<span class="n">extras</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">951</span><span class="w"> </span><span class="n">B</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">extras</span><span class="o">/</span><span class="n">primary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">203</span><span class="w"> </span><span class="n">B</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">updates</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">3.5</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">updates</span><span class="o">/</span><span class="n">primary_db</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">3.3</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="n">Setting</span><span class="w"> </span><span class="n">up</span><span class="w"> </span><span class="n">Install</span><span class="w"> </span><span class="n">Process</span><span class="w"></span>
<span class="n">Resolving</span><span class="w"> </span><span class="n">Dependencies</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="w"> </span><span class="o">>=</span><span class="w"> </span><span class="mf">5.2</span><span class="o">.</span><span class="mi">0</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mbstring</span><span class="w"> </span><span class="o">>=</span><span class="w"> </span><span class="mf">5.2</span><span class="o">.</span><span class="mi">0</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="w"> </span><span class="o">>=</span><span class="w"> </span><span class="mf">5.2</span><span class="o">.</span><span class="mi">0</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="w"> </span><span class="o">>=</span><span class="w"> </span><span class="mf">5.2</span><span class="o">.</span><span class="mi">0</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="w"> </span><span class="o">>=</span><span class="w"> </span><span class="mf">5.2</span><span class="o">.</span><span class="mi">0</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">httpd</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="n">tools</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">mime</span><span class="o">.</span><span class="n">types</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="n">ldap</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libaprutil</span><span class="o">-</span><span class="mf">1.</span><span class="n">so</span><span class="o">.</span><span class="mi">0</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libapr</span><span class="o">-</span><span class="mf">1.</span><span class="n">so</span><span class="o">.</span><span class="mi">0</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">cli</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">common</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libpng12</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">0</span><span class="p">(</span><span class="n">PNG12_0</span><span class="p">)(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libpng12</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">0</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libjpeg</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">62</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libXpm</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">4</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libfreetype</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">6</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libX11</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">6</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mbstring</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libmcrypt</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">4</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">pdo</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">apr</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="n">ldap</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">freetype</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.3</span><span class="o">.</span><span class="mi">11</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">2</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="n">tools</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libX11</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="n">common</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libxcb</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">1</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libXpm</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">3.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libjpeg</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mi">6</span><span class="n">b</span><span class="o">-</span><span class="mf">46.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libmcrypt</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">9.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libpng</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">2</span><span class="p">:</span><span class="mf">1.2</span><span class="o">.</span><span class="mi">44</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">mailcap</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.1</span><span class="o">.</span><span class="mi">31</span><span class="o">-</span><span class="mf">1.1</span><span class="o">.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">cli</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">common</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">pdo</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="n">common</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libxcb</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">libXau</span><span class="o">.</span><span class="n">so</span><span class="o">.</span><span class="mi">6</span><span class="p">()(</span><span class="mi">64</span><span class="n">bit</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">libxcb</span><span class="o">-</span><span class="mf">1.5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">libXau</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.0</span><span class="o">.</span><span class="mi">5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Finished</span><span class="w"> </span><span class="n">Dependency</span><span class="w"> </span><span class="n">Resolution</span><span class="w"></span>
<span class="n">Dependencies</span><span class="w"> </span><span class="n">Resolved</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">Arch</span><span class="w"> </span><span class="n">Version</span><span class="w"> </span><span class="n">Repository</span><span class="w"> </span><span class="n">Size</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="n">Installing</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">phpMyAdmin</span><span class="w"> </span><span class="n">noarch</span><span class="w"> </span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">epel</span><span class="w"> </span><span class="mf">4.4</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="n">Installing</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">dependencies</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">apr</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">124</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">87</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="n">ldap</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">15</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">freetype</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">2.3</span><span class="o">.</span><span class="mi">11</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">2</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">359</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">811</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="n">tools</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">68</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libX11</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">582</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="n">common</span><span class="w"> </span><span class="n">noarch</span><span class="w"> </span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">188</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libXau</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.0</span><span class="o">.</span><span class="mi">5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libXpm</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">3.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">59</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libjpeg</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mi">6</span><span class="n">b</span><span class="o">-</span><span class="mf">46.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">134</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libmcrypt</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">2.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">9.</span><span class="n">el6</span><span class="w"> </span><span class="n">epel</span><span class="w"> </span><span class="mi">96</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libpng</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mi">2</span><span class="p">:</span><span class="mf">1.2</span><span class="o">.</span><span class="mi">44</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">180</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">libxcb</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">mailcap</span><span class="w"> </span><span class="n">noarch</span><span class="w"> </span><span class="mf">2.1</span><span class="o">.</span><span class="mi">31</span><span class="o">-</span><span class="mf">1.1</span><span class="o">.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">27</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mf">1.1</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">cli</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mf">2.2</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">common</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">516</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">103</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mbstring</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">504</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="w"> </span><span class="n">epel</span><span class="w"> </span><span class="mi">16</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">75</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">pdo</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">72</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="n">Transaction</span><span class="w"> </span><span class="n">Summary</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="n">Install</span><span class="w"> </span><span class="mi">24</span><span class="w"> </span><span class="n">Package</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"></span>
<span class="n">Upgrade</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="n">Package</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"></span>
<span class="n">Total</span><span class="w"> </span><span class="n">download</span><span class="w"> </span><span class="n">size</span><span class="p">:</span><span class="w"> </span><span class="mi">12</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="n">Installed</span><span class="w"> </span><span class="n">size</span><span class="p">:</span><span class="w"> </span><span class="mi">42</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"></span>
</code></pre></div>
<p>Comme on peut le voir, de nombreux autres logiciels viennent s'installer car phpMyAdmin en a besoin pour fonctionner, comme PHP et Apache HTTPD Server (paquets <em>httpd</em> et <em>apr-*</em>). Appuyons sur la touche y de notre clavier :</p>
<div class="highlight"><pre><span></span><code><span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"> </span><span class="n">y</span><span class="w"></span>
<span class="n">Downloading</span><span class="w"> </span><span class="n">Packages</span><span class="p">:</span><span class="w"></span>
<span class="p">(</span><span class="mi">1</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">124</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">2</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">87</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">3</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="n">ldap</span><span class="o">-</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">15</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">4</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">freetype</span><span class="o">-</span><span class="mf">2.3</span><span class="o">.</span><span class="mi">11</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">2.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">359</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">5</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">811</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">6</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="n">tools</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">68</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">7</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">582</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">8</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="n">common</span><span class="o">-</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">188</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">9</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libXau</span><span class="o">-</span><span class="mf">1.0</span><span class="o">.</span><span class="mi">5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">10</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libXpm</span><span class="o">-</span><span class="mf">3.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">59</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">11</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libjpeg</span><span class="o">-</span><span class="mi">6</span><span class="n">b</span><span class="o">-</span><span class="mf">46.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">134</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"></span>
<span class="p">(</span><span class="mi">12</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libmcrypt</span><span class="o">-</span><span class="mf">2.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">9.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">96</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">13</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libpng</span><span class="o">-</span><span class="mf">1.2</span><span class="o">.</span><span class="mi">44</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">180</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">14</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">libxcb</span><span class="o">-</span><span class="mf">1.5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">15</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">mailcap</span><span class="o">-</span><span class="mf">2.1</span><span class="o">.</span><span class="mi">31</span><span class="o">-</span><span class="mf">1.1</span><span class="o">.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">27</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">16</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">1.1</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">17</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">cli</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">2.2</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">18</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">common</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">516</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">19</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">103</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">20</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mbstring</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">504</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">21</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">16</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">22</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">75</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">23</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">pdo</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">72</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">24</span><span class="o">/</span><span class="mi">24</span><span class="p">):</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">4.4</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">18</span><span class="w"> </span>
<span class="o">--------------------------------------------------------------------------------</span><span class="w"></span>
<span class="n">Total</span><span class="w"> </span><span class="mi">574</span><span class="w"> </span><span class="n">kB</span><span class="o">/</span><span class="n">s</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">12</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">20</span><span class="w"> </span>
<span class="n">warning</span><span class="p">:</span><span class="w"> </span><span class="n">rpmts_HdrFromFdno</span><span class="p">:</span><span class="w"> </span><span class="n">Header</span><span class="w"> </span><span class="n">V3</span><span class="w"> </span><span class="n">RSA</span><span class="o">/</span><span class="n">SHA256</span><span class="w"> </span><span class="n">Signature</span><span class="p">,</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">ID</span><span class="w"> </span><span class="mi">0608</span><span class="n">b895</span><span class="p">:</span><span class="w"> </span><span class="n">NOKEY</span><span class="w"></span>
<span class="n">epel</span><span class="o">/</span><span class="n">gpgkey</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">3.2</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span><span class="o">...</span><span class="w"> </span>
<span class="n">Importing</span><span class="w"> </span><span class="n">GPG</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="mh">0x0608B895</span><span class="w"> </span><span class="s2">"EPEL (6) <epel@fedoraproject.org>"</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="o">/</span><span class="n">rpm</span><span class="o">-</span><span class="n">gpg</span><span class="o">/</span><span class="n">RPM</span><span class="o">-</span><span class="n">GPG</span><span class="o">-</span><span class="n">KEY</span><span class="o">-</span><span class="n">EPEL</span><span class="o">-</span><span class="mi">6</span><span class="w"></span>
<span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"> </span>
</code></pre></div>
<p>Autre interrogation intéressante : vous aurez remarqué que tout se déroule grâce à yum, et que nous avons installé un dépôt supplémentaire. Ce dépôt s'identifie via une clé GPG qu'il nous faut importer lors de sa première utilisation. Appuyons-donc sur y et continuons :</p>
<div class="highlight"><pre><span></span><code><span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"> </span><span class="n">y</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">rpm_check_debug</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">Transaction</span><span class="w"> </span><span class="n">Test</span><span class="w"></span>
<span class="n">Transaction</span><span class="w"> </span><span class="n">Test</span><span class="w"> </span><span class="n">Succeeded</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">Transaction</span><span class="w"></span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">common</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">1</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">2</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">3</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="n">ldap</span><span class="o">-</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">4</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="n">tools</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">5</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">pdo</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">6</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">7</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">cli</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">8</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mbstring</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">9</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">:</span><span class="n">libpng</span><span class="o">-</span><span class="mf">1.2</span><span class="o">.</span><span class="mi">44</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">10</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">freetype</span><span class="o">-</span><span class="mf">2.3</span><span class="o">.</span><span class="mi">11</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">2.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">11</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libjpeg</span><span class="o">-</span><span class="mi">6</span><span class="n">b</span><span class="o">-</span><span class="mf">46.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">12</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libmcrypt</span><span class="o">-</span><span class="mf">2.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">9.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">13</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libXau</span><span class="o">-</span><span class="mf">1.0</span><span class="o">.</span><span class="mi">5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">14</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libxcb</span><span class="o">-</span><span class="mf">1.5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">15</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">mailcap</span><span class="o">-</span><span class="mf">2.1</span><span class="o">.</span><span class="mi">31</span><span class="o">-</span><span class="mf">1.1</span><span class="o">.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">16</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">17</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">18</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">19</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="n">common</span><span class="o">-</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">20</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">21</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">libXpm</span><span class="o">-</span><span class="mf">3.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">22</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">-</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">23</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">-</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">24</span><span class="o">/</span><span class="mi">24</span><span class="w"> </span>
<span class="n">Installed</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">phpMyAdmin</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">3.4</span><span class="o">.</span><span class="mf">3.1</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span>
<span class="n">Dependency</span><span class="w"> </span><span class="n">Installed</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">apr</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">apr</span><span class="o">-</span><span class="n">util</span><span class="o">-</span><span class="n">ldap</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">.</span><span class="mi">9</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">freetype</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.3</span><span class="o">.</span><span class="mi">11</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">2</span><span class="w"> </span>
<span class="w"> </span><span class="n">httpd</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span>
<span class="w"> </span><span class="n">httpd</span><span class="o">-</span><span class="n">tools</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.2</span><span class="o">.</span><span class="mi">15</span><span class="o">-</span><span class="mf">5.</span><span class="n">el6</span><span class="o">.</span><span class="n">centos</span><span class="w"> </span>
<span class="w"> </span><span class="n">libX11</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libX11</span><span class="o">-</span><span class="n">common</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.3</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libXau</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.0</span><span class="o">.</span><span class="mi">5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libXpm</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">3.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">2.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libjpeg</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mi">6</span><span class="n">b</span><span class="o">-</span><span class="mf">46.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libmcrypt</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.5</span><span class="o">.</span><span class="mi">8</span><span class="o">-</span><span class="mf">9.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libpng</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">2</span><span class="p">:</span><span class="mf">1.2</span><span class="o">.</span><span class="mi">44</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">libxcb</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.5</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">mailcap</span><span class="o">.</span><span class="n">noarch</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">2.1</span><span class="o">.</span><span class="mi">31</span><span class="o">-</span><span class="mf">1.1</span><span class="o">.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">cli</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">common</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">gd</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mbstring</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mcrypt</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">mysql</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="w"> </span><span class="n">php</span><span class="o">-</span><span class="n">pdo</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.3</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="mf">6.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="n">Complete</span><span class="o">!</span><span class="w"></span>
</code></pre></div>
<p>Pensons à activer Apache au démarrage de la machine :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">httpd</span><span class="w"></span>
<span class="n">httpd</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="k">on</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">httpd</span><span class="w"></span>
<span class="n">httpd</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
</code></pre></div>
<p>Vous croyez que c'est fini ? Pourtant ce n'est que le début : nous n'avons toujours pas installé MySQL et il faut encore configurer le tout.</p>
<h2>Installation et configuration de MySQL</h2>
<p>Rien de très compliqué :</p>
<div class="highlight"><pre><span></span><code><span class="p">[</span><span class="n">root</span><span class="err">@</span><span class="n">crashtest</span><span class="w"> </span><span class="o">~</span><span class="p">]</span><span class="c1"># yum install mysql-server</span><span class="w"></span>
<span class="n">Loaded</span><span class="w"> </span><span class="n">plugins</span><span class="p">:</span><span class="w"> </span><span class="n">fastestmirror</span><span class="w"></span>
<span class="n">Loading</span><span class="w"> </span><span class="n">mirror</span><span class="w"> </span><span class="n">speeds</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="n">cached</span><span class="w"> </span><span class="n">hostfile</span><span class="w"></span>
<span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">epel</span><span class="p">:</span><span class="w"> </span><span class="n">mirrors</span><span class="o">.</span><span class="n">ircam</span><span class="o">.</span><span class="n">fr</span><span class="w"></span>
<span class="n">Setting</span><span class="w"> </span><span class="n">up</span><span class="w"> </span><span class="n">Install</span><span class="w"> </span><span class="n">Process</span><span class="w"></span>
<span class="n">Resolving</span><span class="w"> </span><span class="n">Dependencies</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBI</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBD</span><span class="o">-</span><span class="n">MySQL</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Processing</span><span class="w"> </span><span class="n">Dependency</span><span class="p">:</span><span class="w"> </span><span class="n">perl</span><span class="p">(</span><span class="n">DBI</span><span class="p">)</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">package</span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="n">transaction</span><span class="w"> </span><span class="n">check</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">mysql</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBD</span><span class="o">-</span><span class="n">MySQL</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">4.013</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">---></span><span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBI</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.609</span><span class="o">-</span><span class="mf">4.</span><span class="n">el6</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">updated</span><span class="w"></span>
<span class="o">--></span><span class="w"> </span><span class="n">Finished</span><span class="w"> </span><span class="n">Dependency</span><span class="w"> </span><span class="n">Resolution</span><span class="w"></span>
<span class="n">Dependencies</span><span class="w"> </span><span class="n">Resolved</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="w"> </span><span class="n">Package</span><span class="w"> </span><span class="n">Arch</span><span class="w"> </span><span class="n">Version</span><span class="w"> </span><span class="n">Repository</span><span class="w"> </span><span class="n">Size</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="n">Installing</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mf">8.1</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="n">Installing</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">dependencies</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">mysql</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">updates</span><span class="w"> </span><span class="mi">889</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBD</span><span class="o">-</span><span class="n">MySQL</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">4.013</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">134</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBI</span><span class="w"> </span><span class="n">x86_64</span><span class="w"> </span><span class="mf">1.609</span><span class="o">-</span><span class="mf">4.</span><span class="n">el6</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="mi">705</span><span class="w"> </span><span class="n">k</span><span class="w"></span>
<span class="n">Transaction</span><span class="w"> </span><span class="n">Summary</span><span class="w"></span>
<span class="o">================================================================================</span><span class="w"></span>
<span class="n">Install</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">Package</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"></span>
<span class="n">Upgrade</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="n">Package</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"></span>
<span class="n">Total</span><span class="w"> </span><span class="n">download</span><span class="w"> </span><span class="n">size</span><span class="p">:</span><span class="w"> </span><span class="mf">9.8</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="n">Installed</span><span class="w"> </span><span class="n">size</span><span class="p">:</span><span class="w"> </span><span class="mi">28</span><span class="w"> </span><span class="n">M</span><span class="w"></span>
<span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"></span>
</code></pre></div>
<p>Là encore, on nous demande une validation avant d'installer les logiciels.</p>
<div class="highlight"><pre><span></span><code><span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">ok</span><span class="w"> </span><span class="p">[</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">]:</span><span class="w"> </span><span class="n">y</span><span class="w"></span>
<span class="n">Downloading</span><span class="w"> </span><span class="n">Packages</span><span class="p">:</span><span class="w"></span>
<span class="p">(</span><span class="mi">1</span><span class="o">/</span><span class="mi">4</span><span class="p">):</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">889</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">2</span><span class="o">/</span><span class="mi">4</span><span class="p">):</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">8.1</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">3</span><span class="o">/</span><span class="mi">4</span><span class="p">):</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBD</span><span class="o">-</span><span class="n">MySQL</span><span class="o">-</span><span class="mf">4.013</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">134</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="p">(</span><span class="mi">4</span><span class="o">/</span><span class="mi">4</span><span class="p">):</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBI</span><span class="o">-</span><span class="mf">1.609</span><span class="o">-</span><span class="mf">4.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="o">.</span><span class="n">rpm</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">705</span><span class="w"> </span><span class="n">kB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="w"> </span>
<span class="o">--------------------------------------------------------------------------------</span><span class="w"></span>
<span class="n">Total</span><span class="w"> </span><span class="mf">8.4</span><span class="w"> </span><span class="n">MB</span><span class="o">/</span><span class="n">s</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mf">9.8</span><span class="w"> </span><span class="n">MB</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">01</span><span class="w"> </span>
<span class="n">Running</span><span class="w"> </span><span class="n">rpm_check_debug</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">Transaction</span><span class="w"> </span><span class="n">Test</span><span class="w"></span>
<span class="n">Transaction</span><span class="w"> </span><span class="n">Test</span><span class="w"> </span><span class="n">Succeeded</span><span class="w"></span>
<span class="n">Running</span><span class="w"> </span><span class="n">Transaction</span><span class="w"></span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBI</span><span class="o">-</span><span class="mf">1.609</span><span class="o">-</span><span class="mf">4.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">1</span><span class="o">/</span><span class="mi">4</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBD</span><span class="o">-</span><span class="n">MySQL</span><span class="o">-</span><span class="mf">4.013</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">2</span><span class="o">/</span><span class="mi">4</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">3</span><span class="o">/</span><span class="mi">4</span><span class="w"> </span>
<span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">-</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mf">1.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">4</span><span class="o">/</span><span class="mi">4</span><span class="w"> </span>
<span class="n">Installed</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span>
<span class="n">Dependency</span><span class="w"> </span><span class="n">Installed</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="n">mysql</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">5.1</span><span class="o">.</span><span class="mi">52</span><span class="o">-</span><span class="mf">1.</span><span class="n">el6_0</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBD</span><span class="o">-</span><span class="n">MySQL</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">4.013</span><span class="o">-</span><span class="mf">3.</span><span class="n">el6</span><span class="w"> </span>
<span class="w"> </span><span class="n">perl</span><span class="o">-</span><span class="n">DBI</span><span class="o">.</span><span class="n">x86_64</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="mf">1.609</span><span class="o">-</span><span class="mf">4.</span><span class="n">el6</span><span class="w"> </span>
<span class="n">Complete</span><span class="o">!</span><span class="w"></span>
</code></pre></div>
<p>Maintenant que MySQL est installé, démarrons-le :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">mysqld</span><span class="w"> </span><span class="k">start</span><span class="w"></span>
<span class="n">Initialisation</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">la</span><span class="w"> </span><span class="n">base</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">données</span><span class="w"> </span><span class="n">MySQL</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="n">Installing</span><span class="w"> </span><span class="n">MySQL</span><span class="w"> </span><span class="k">system</span><span class="w"> </span><span class="n">tables</span><span class="p">...</span><span class="w"></span>
<span class="n">OK</span><span class="w"></span>
<span class="n">Filling</span><span class="w"> </span><span class="n">help</span><span class="w"> </span><span class="n">tables</span><span class="p">...</span><span class="w"></span>
<span class="n">OK</span><span class="w"></span>
<span class="k">To</span><span class="w"> </span><span class="k">start</span><span class="w"> </span><span class="n">mysqld</span><span class="w"> </span><span class="k">at</span><span class="w"> </span><span class="n">boot</span><span class="w"> </span><span class="nc">time</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">have</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">copy</span><span class="w"></span>
<span class="n">support</span><span class="o">-</span><span class="n">files</span><span class="o">/</span><span class="n">mysql</span><span class="p">.</span><span class="n">server</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="nf">right</span><span class="w"> </span><span class="n">place</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="k">system</span><span class="w"></span>
<span class="n">PLEASE</span><span class="w"> </span><span class="n">REMEMBER</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="k">SET</span><span class="w"> </span><span class="n">A</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="n">THE</span><span class="w"> </span><span class="n">MySQL</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="err">!</span><span class="w"></span>
<span class="k">To</span><span class="w"> </span><span class="n">do</span><span class="w"> </span><span class="n">so</span><span class="p">,</span><span class="w"> </span><span class="k">start</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">server</span><span class="p">,</span><span class="w"> </span><span class="k">then</span><span class="w"> </span><span class="n">issue</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">following</span><span class="w"> </span><span class="nl">commands</span><span class="p">:</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqladmin</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="s1">'new-password'</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqladmin</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">-</span><span class="n">h</span><span class="w"> </span><span class="n">crashtest</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="s1">'new-password'</span><span class="w"></span>
<span class="n">Alternatively</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="nl">run</span><span class="p">:</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysql_secure_installation</span><span class="w"></span>
<span class="n">which</span><span class="w"> </span><span class="n">will</span><span class="w"> </span><span class="n">also</span><span class="w"> </span><span class="n">give</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">option</span><span class="w"> </span><span class="k">of</span><span class="w"> </span><span class="n">removing</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">test</span><span class="w"></span>
<span class="n">databases</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">anonymous</span><span class="w"> </span><span class="k">user</span><span class="w"> </span><span class="n">created</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="k">default</span><span class="p">.</span><span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="k">is</span><span class="w"></span>
<span class="n">strongly</span><span class="w"> </span><span class="n">recommended</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">production</span><span class="w"> </span><span class="n">servers</span><span class="p">.</span><span class="w"></span>
<span class="n">See</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">manual</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">more</span><span class="w"> </span><span class="n">instructions</span><span class="p">.</span><span class="w"></span>
<span class="n">You</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="k">start</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">MySQL</span><span class="w"> </span><span class="n">daemon</span><span class="w"> </span><span class="k">with</span><span class="err">:</span><span class="w"></span>
<span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqld_safe</span><span class="w"> </span><span class="o">&</span><span class="w"></span>
<span class="n">You</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="n">test</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">MySQL</span><span class="w"> </span><span class="n">daemon</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">test</span><span class="o">-</span><span class="n">run</span><span class="p">.</span><span class="n">pl</span><span class="w"></span>
<span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">mysql</span><span class="o">-</span><span class="n">test</span><span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="n">perl</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">test</span><span class="o">-</span><span class="n">run</span><span class="p">.</span><span class="n">pl</span><span class="w"></span>
<span class="n">Please</span><span class="w"> </span><span class="n">report</span><span class="w"> </span><span class="ow">any</span><span class="w"> </span><span class="n">problems</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqlbug</span><span class="w"> </span><span class="n">script</span><span class="err">!</span><span class="w"></span>
<span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
<span class="n">Démarrage</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">mysqld</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>MySQL nous informe donc que sans mot de passe administrateur, c'est un peu la fête du slip et qu'il faut absolument remédier à ça. Soyons donc civilisés, mais pas trop, car pour l'exemple, j'initialise le mot de passe root de MySQL à 'anotherhomepage' (le mot de passe en lui-même ne contient pas les guillemets simples) :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqladmin</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="s1">'anotherhomepage'</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqladmin</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">-</span><span class="n">h</span><span class="w"> </span><span class="n">crashtest</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="s1">'anotherhomepage'</span><span class="w"></span>
</code></pre></div>
<p>Activons MySQL au démarrage de la machine :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">mysqld</span><span class="w"></span>
<span class="n">mysqld</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="n">mysqld</span><span class="w"> </span><span class="k">on</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">mysqld</span><span class="w"></span>
<span class="n">mysqld</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
</code></pre></div>
<h2>Configurations supplémentaires</h2>
<p>Si vous avez effectué une installation identique à celle de mon précédent billet, vous aurez remarqué que le firewall est toujours actif, et que celui-ci n'accepte que du SSH et du SMTP :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">init</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">iptables</span><span class="w"> </span><span class="n">status</span><span class="w"></span>
<span class="nc">Table</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="k">filter</span><span class="w"></span>
<span class="n">Chain</span><span class="w"> </span><span class="k">INPUT</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"> </span>
<span class="mi">1</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="n">RELATED</span><span class="p">,</span><span class="n">ESTABLISHED</span><span class="w"> </span>
<span class="mi">2</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">icmp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span>
<span class="mi">3</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span>
<span class="mi">4</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">22</span><span class="w"> </span>
<span class="mi">5</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="nl">dpt</span><span class="p">:</span><span class="mi">25</span><span class="w"> </span>
<span class="mi">6</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"> </span>
<span class="n">Chain</span><span class="w"> </span><span class="n">FORWARD</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"> </span>
<span class="mi">1</span><span class="w"> </span><span class="n">REJECT</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="mf">0.0.0.0</span><span class="o">/</span><span class="mi">0</span><span class="w"> </span><span class="n">reject</span><span class="o">-</span><span class="k">with</span><span class="w"> </span><span class="n">icmp</span><span class="o">-</span><span class="k">host</span><span class="o">-</span><span class="n">prohibited</span><span class="w"> </span>
<span class="n">Chain</span><span class="w"> </span><span class="k">OUTPUT</span><span class="w"> </span><span class="p">(</span><span class="n">policy</span><span class="w"> </span><span class="n">ACCEPT</span><span class="p">)</span><span class="w"></span>
<span class="n">num</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="n">prot</span><span class="w"> </span><span class="n">opt</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">destination</span><span class="w"> </span>
<span class="n">Désactivons</span><span class="o">-</span><span class="n">le</span><span class="w"> </span><span class="err">:</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">init</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">iptables</span><span class="w"> </span><span class="n">stop</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="n">Suppression</span><span class="w"> </span><span class="n">des</span><span class="w"> </span><span class="n">règles</span><span class="w"> </span><span class="n">du</span><span class="w"> </span><span class="n">pare</span><span class="o">-</span><span class="n">feu</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="n">Configuration</span><span class="w"> </span><span class="n">des</span><span class="w"> </span><span class="n">chaînes</span><span class="w"> </span><span class="n">sur</span><span class="w"> </span><span class="n">la</span><span class="w"> </span><span class="n">politique</span><span class="w"> </span><span class="n">ACCEPT</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="k">filter</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="n">Déchargement</span><span class="w"> </span><span class="n">des</span><span class="w"> </span><span class="n">modules</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">iptables</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">marche</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="n">iptables</span><span class="w"> </span><span class="k">off</span><span class="w"></span>
<span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">chkconfig</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="w"> </span><span class="n">iptables</span><span class="w"></span>
<span class="n">iptables</span><span class="w"> </span><span class="mi">0</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">3</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">5</span><span class="err">:</span><span class="n">arrêt</span><span class="w"> </span><span class="mi">6</span><span class="err">:</span><span class="n">arrêt</span><span class="w"></span>
</code></pre></div>
<p>Il nous faut aussi effectuer une autre modification : l'autorisation des machines du réseau à accéder à phpMyAdmin. Pour cela il nous faut éditer le fichier “/etc/httpd/conf.d/phpMyAdmin.conf” avec votre éditeur de texte préféré, ou celui installé par défaut, très probablement vi. Dans ce fichier, nous voyons ceci :</p>
<div class="highlight"><pre><span></span><code><span class="nt"><Directory</span> <span class="err">/usr/share/phpMyAdmin</span><span class="nt">/></span>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
<span class="nt"></Directory></span>
<span class="nt"><Directory</span> <span class="err">/usr/share/phpMyAdmin/setup</span><span class="nt">/></span>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
<span class="nt"></Directory></span>
</code></pre></div>
<p>Deux possibilités : la première, ajoutez votre réseau ou vos machines dans les deux sections “Directory” après les directives “Allow” en ajoutant justement une directive de ce type. Par exemple, avec un réseau 10.1.1.0/24, ça donnerait :</p>
<div class="highlight"><pre><span></span><code>Allow from 10.1.1.0/24
</code></pre></div>
<p>Une autre possibilité, bien moins sécurisée mais sans doute plus confortable est de tout autoriser. Dans ce cas, les sections deviennent :</p>
<div class="highlight"><pre><span></span><code><span class="nt"><Directory</span> <span class="err">/usr/share/phpMyAdmin</span><span class="nt">/></span>
Order Deny,Allow
Allow from All
<span class="nt"></Directory></span>
<span class="nt"><Directory</span> <span class="err">/usr/share/phpMyAdmin/setup</span><span class="nt">/></span>
Order Deny,Allow
Allow from All
<span class="nt"></Directory></span>
</code></pre></div>
<p>Démarrons à présent le serveur web :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@crashtest ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="k">start</span><span class="w"></span>
<span class="n">Démarrage</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">httpd</span><span class="w"> </span><span class="err">:</span><span class="w"> </span><span class="o">[</span><span class="n"> OK </span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Il est à présent possible d'accéder à phpMyAdmin, dans mon cas via l'adresse “http://crashtest/phpmyadmin/”. Bien entendu, un identifiant et un mot de passe seront demandés. Il s'agit de ceux de MySQL (donc 'root' et 'anotherhomepage' dans mon cas).</p>
<p>On pourrait s'arrêter là. Mais ça serait dommage, pour plusieurs raisons :</p>
<ul>
<li>l'authentification se fait via HTTP, pas d'interface d'authentification un peu jolie qui utiliserait par exemple un cookie de session;</li>
<li>HTTPS n'est pas activé, et donc le mot de passe se retrouve en clair sur le réseau;</li>
<li>le pare-feu est désactivé, sans autre forme de procès (SELinux aussi, d'ailleurs);</li>
<li>phpMyAdmin dispose de fonctions supplémentaires qu'on peut activer en créant une base de données</li>
</ul>
<p>Ces points seront abordés dans <a href="/post/2011/10/17/Installation-de-phpMyAdmin-sur-CentOS-6-suite">un prochain billet</a>, bien entendu ;-)</p>Installation minimaliste d'une CentOS 62011-08-08T11:51:00+02:002011-08-08T11:51:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-08-08:/post/2011/08/08/Installation-minimaliste-d-une-CentOS-6/<p>Suite à un billet précédent <a href="/post/2011/06/20/Installation-d-un-domU-Xen-Enterprise-Linux-sur-un-dom0-NetBSD">sur l'installation d'un domU Enterprise Linux sur un dom0 NetBSD</a>, et à la sortie de <a href="http://lists.centos.org/pipermail/centos-announce/2011-July/017645.html">CentOS 6.0</a>, j'ai fait quelques essais d'installations de cette distribution.</p>
<p>Il n'y a pas d'énormes différences entre le billet cité et CentOS 6.0, juste quelques surprises. La première …</p><p>Suite à un billet précédent <a href="/post/2011/06/20/Installation-d-un-domU-Xen-Enterprise-Linux-sur-un-dom0-NetBSD">sur l'installation d'un domU Enterprise Linux sur un dom0 NetBSD</a>, et à la sortie de <a href="http://lists.centos.org/pipermail/centos-announce/2011-July/017645.html">CentOS 6.0</a>, j'ai fait quelques essais d'installations de cette distribution.</p>
<p>Il n'y a pas d'énormes différences entre le billet cité et CentOS 6.0, juste quelques surprises. La première est au niveau de l'installation en mode texte, qui perd en possibilités, il n'est par exemple plus possible de personnaliser son partitionnement ou la liste des packages. Il faudra préférer une installation via VNC, qui permet d'afficher l'interface graphique. Les limitations en mémoire de RHEL 6 sont d'ailleurs valable pour CentOS 6, attention donc à attribuer assez de mémoire vive, au moins lors de l'installation, pour obtenir l'interface graphique.</p>
<p>J'ai donc décidé de passer par Kickstart pour quelques installations, et là aussi, il y a quelques changements, comme par exemple certains champs optionnels devenus obligatoires. Voici donc un exemple de kickstart commenté pour une installation minimaliste (mais pas minimale) personnalisée :</p>
<div class="highlight"><pre><span></span><code><span class="cp"># Langue et zone horaire</span>
<span class="n">lang</span><span class="w"> </span><span class="n">fr_FR</span><span class="w"></span>
<span class="n">keyboard</span><span class="w"> </span><span class="n">fr</span><span class="w"> </span>
<span class="n">timezone</span><span class="w"> </span><span class="o">--</span><span class="n">utc</span><span class="w"> </span><span class="n">Europe</span><span class="o">/</span><span class="n">Paris</span><span class="w"></span>
<span class="cp"># J'utilise Xen, donc je shutdown pour modifier le noyau d'installation en pygrub</span>
<span class="n">shutdown</span><span class="w"></span>
<span class="n">text</span><span class="w"></span>
<span class="cp"># on peut chiffrer le mdp root</span>
<span class="n">rootpw</span><span class="w"> </span><span class="n">changemonmdprootsvp</span><span class="w"></span>
<span class="cp"># j'autorise quelques services du firewall, la configuration au premier boot mais pas de SELinux par contre </span>
<span class="n">firewall</span><span class="w"> </span><span class="o">--</span><span class="n">service</span><span class="o">=</span><span class="n">ssh</span><span class="w"> </span><span class="o">--</span><span class="n">service</span><span class="o">=</span><span class="n">smtp</span><span class="w"></span>
<span class="n">firstboot</span><span class="w"> </span><span class="o">--</span><span class="n">enable</span><span class="w"></span>
<span class="n">selinux</span><span class="w"> </span><span class="o">--</span><span class="n">disabled</span><span class="w"></span>
<span class="cp"># Configuration du réseau</span>
<span class="n">network</span><span class="w"> </span><span class="o">--</span><span class="n">device</span><span class="w"> </span><span class="n">eth0</span><span class="w"> </span><span class="o">--</span><span class="n">bootproto</span><span class="w"> </span><span class="n">dhcp</span><span class="w"></span>
<span class="cp"># Paramétrage du disque dur : bootloader et partitionnement. Attention, on efface tout !</span>
<span class="n">bootloader</span><span class="w"> </span><span class="o">--</span><span class="n">location</span><span class="o">=</span><span class="n">mbr</span><span class="w"> </span><span class="o">--</span><span class="n">driveorder</span><span class="o">=</span><span class="n">xvda</span><span class="w"></span>
<span class="n">authconfig</span><span class="w"> </span><span class="o">--</span><span class="n">enableshadow</span><span class="w"> </span><span class="o">--</span><span class="n">passalgo</span><span class="o">=</span><span class="n">sha512</span><span class="w"></span>
<span class="n">clearpart</span><span class="w"> </span><span class="o">--</span><span class="n">all</span><span class="w"> </span><span class="o">--</span><span class="n">initlabel</span><span class="w"> </span><span class="o">--</span><span class="n">drives</span><span class="o">=</span><span class="n">xvda</span><span class="w"></span>
<span class="n">part</span><span class="w"> </span><span class="o">/</span><span class="n">boot</span><span class="w"> </span><span class="o">--</span><span class="n">fstype</span><span class="w"> </span><span class="n">ext3</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="w"> </span><span class="mi">500</span><span class="w"> </span>
<span class="n">part</span><span class="w"> </span><span class="n">swap</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="w"> </span><span class="mi">512</span><span class="w"> </span>
<span class="n">part</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="o">--</span><span class="n">fstype</span><span class="w"> </span><span class="n">ext3</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="w"> </span><span class="mi">5000</span><span class="w"></span>
<span class="n">part</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="w"> </span><span class="o">--</span><span class="n">fstype</span><span class="w"> </span><span class="n">ext3</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="w"> </span><span class="mi">1200</span><span class="w"></span>
<span class="n">part</span><span class="w"> </span><span class="o">/</span><span class="n">var</span><span class="w"> </span><span class="o">--</span><span class="n">fstype</span><span class="w"> </span><span class="n">ext3</span><span class="w"> </span><span class="o">--</span><span class="n">size</span><span class="w"> </span><span class="mi">400</span><span class="w"> </span><span class="o">--</span><span class="n">grow</span><span class="w"></span>
<span class="cp"># On fait une installation par le réseau, pensez à modifier ces urls par celles qui vous correspondent</span>
<span class="cp"># De plus, les dépôts updates et extras sont ajoutés pour que le système soit à jour dès l'installation</span>
<span class="n">url</span><span class="w"> </span><span class="o">--</span><span class="n">url</span><span class="w"> </span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/CentOS/6/os/x86_64/</span>
<span class="n">repo</span><span class="w"> </span><span class="o">--</span><span class="n">name</span><span class="o">=</span><span class="n">updates</span><span class="w"> </span><span class="o">--</span><span class="n">baseurl</span><span class="o">=</span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/CentOS/6/updates/x86_64/</span>
<span class="n">repo</span><span class="w"> </span><span class="o">--</span><span class="n">name</span><span class="o">=</span><span class="n">extras</span><span class="w"> </span><span class="o">--</span><span class="n">baseurl</span><span class="o">=</span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/CentOS/6/extras/x86_64/</span>
<span class="cp"># C'est là qu'on s'amuse avec la liste des paquets.</span>
<span class="cp"># --nobase permet une installation très légère, mais il faut au moins le groupe @Core</span>
<span class="cp"># A noter que je refuse l'installation de nombreux firmwares matériels car je suis en VM.</span>
<span class="nf">%packages</span><span class="w"> </span><span class="o">--</span><span class="n">nobase</span><span class="w"></span>
<span class="err">@</span><span class="n">Core</span><span class="w"></span>
<span class="n">ntp</span><span class="w"></span>
<span class="n">openssh</span><span class="o">-</span><span class="n">clients</span><span class="w"></span>
<span class="n">wget</span><span class="w"></span>
<span class="n">vim</span><span class="o">-</span><span class="n">enhanced</span><span class="w"></span>
<span class="o">-</span><span class="n">b43</span><span class="o">-</span><span class="n">openfwwf</span><span class="w"></span>
<span class="o">-</span><span class="n">kernel</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">aic94xx</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">atmel</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">bfa</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ipw2100</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ipw2200</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ivtv</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl1000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl3945</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl4965</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl5000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl5150</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl6000</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">iwl6050</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">libertas</span><span class="o">-</span><span class="n">usb8388</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2100</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2200</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql23xx</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2400</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">ql2500</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">rt61pci</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">rt73usb</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">xorg</span><span class="o">-</span><span class="n">x11</span><span class="o">-</span><span class="n">drv</span><span class="o">-</span><span class="n">ati</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="o">-</span><span class="n">zd1211</span><span class="o">-</span><span class="n">firmware</span><span class="w"></span>
<span class="cp"># La post-installation me permet de récupérer et d'appliquer des configurations spécifiques</span>
<span class="cp"># Très pratique pour déboguer, l'option --log :)</span>
<span class="nf">%post</span><span class="w"> </span><span class="o">--</span><span class="n">log</span><span class="o">=/</span><span class="n">root</span><span class="o">/</span><span class="n">postinstall</span><span class="p">.</span><span class="n">log</span><span class="w"></span>
<span class="n">wget</span><span class="w"> </span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/cfg/c6postinstall/prompt.sh -O /etc/profile.d/prompt.sh</span>
<span class="n">wget</span><span class="w"> </span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/cfg/c6postinstall/CentOS-Base.repo -O /etc/yum.repos.d/CentOS-Base.repo</span>
<span class="n">wget</span><span class="w"> </span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/cfg/c6postinstall/ntp.conf -O /etc/ntp.conf</span>
<span class="n">wget</span><span class="w"> </span><span class="n">http</span><span class="o">:</span><span class="c1">//monmiroirlocal/pub/cfg/c6postinstall/main.cf -O /etc/postfix/main.cf</span>
<span class="n">chkconfig</span><span class="w"> </span><span class="n">ntpd</span><span class="w"> </span><span class="n">on</span><span class="w"></span>
<span class="n">chkconfig</span><span class="w"> </span><span class="n">postfix</span><span class="w"> </span><span class="n">on</span><span class="w"></span>
</code></pre></div>
<p>Avec ce genre d'installation, on tombe à moins de 200 paquets installés :)</p>Utilisation de nombreux domU en backend fichiers sur un dom0 NetBSD2011-06-30T14:35:00+02:002011-06-30T14:35:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-06-30:/post/2011/06/30/Utilisation-de-nombreux-domU-en-backend-fichiers-sur-un-dom0-NetBSD/<p>Oui, j'utilise des machines virtuelles Xen dans des fichiers. Pas de partition, pas de LVM, non. Un bon vieux fichier qu'on peut effacer sans regrets une fois son domU "jetable" inutile. Pour utiliser ces fichiers, et pour monter des fichiers en tant que disque de manière générale, NetBSD utilise le …</p><p>Oui, j'utilise des machines virtuelles Xen dans des fichiers. Pas de partition, pas de LVM, non. Un bon vieux fichier qu'on peut effacer sans regrets une fois son domU "jetable" inutile. Pour utiliser ces fichiers, et pour monter des fichiers en tant que disque de manière générale, NetBSD utilise le pilote <a href="http://netbsd.gw.com/cgi-bin/man-cgi?vnd+4.amd64+NetBSD-5.1">vnd (4)</a>. Et par défaut, il y a 4 fichiers spéciaux vnd. Et lorsqu'on désire lancer 42 machines virtuelles en même temps, chacune ayant besoin d'un fichier vnd pour monter son disque dur, on obient une erreur du genre :</p>
<div class="highlight"><pre><span></span><code><span class="n">Error</span><span class="o">:</span><span class="w"> </span><span class="n">Device</span><span class="w"> </span><span class="mi">51712</span><span class="w"> </span><span class="o">(</span><span class="n">vbd</span><span class="o">)</span><span class="w"> </span><span class="n">could</span><span class="w"> </span><span class="n">not</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">connected</span><span class="o">.</span><span class="w"> </span><span class="n">Hotplug</span><span class="w"> </span><span class="n">scripts</span><span class="w"> </span><span class="n">not</span><span class="w"> </span><span class="n">working</span><span class="o">.</span><span class="w"></span>
</code></pre></div>
<p>Alors on s'affole, on copie-colle le message dans un moteur de recherche bien connu, et on tombe sur <a href="http://mail-index.netbsd.org/port-xen/2009/08/27/msg005320.html">ce genre de chose</a> :</p>
<blockquote>
<p>How much /dev/vnd*d device do you have ? Maube you need to create more ?e.g.:cd /dev./MAKEDEV vnd4 vnd5 vnd6 vnd7 vnd8</p>
</blockquote>
<p>Donc on applique :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">xen</span><span class="err">#</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="w"></span>
<span class="n">root</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">/</span><span class="n">dev</span><span class="err">#</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">MAKEDEV</span><span class="w"> </span><span class="n">vnd4</span><span class="w"> </span><span class="n">vnd5</span><span class="w"> </span><span class="n">vnd6</span><span class="w"> </span><span class="n">vnd7</span><span class="w"> </span><span class="n">vnd8</span><span class="w"> </span><span class="n">vnd9</span><span class="w"> </span><span class="n">vnd10</span><span class="w"> </span><span class="n">vnd11</span><span class="w"> </span><span class="n">vnd12</span><span class="w"> </span><span class="n">vnd14</span><span class="w"> </span><span class="n">vnd15</span><span class="w"></span>
<span class="n">root</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">/</span><span class="n">dev</span><span class="err">#</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">xen</span><span class="w"></span>
<span class="n">root</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">xen</span><span class="err">#</span><span class="w"> </span><span class="n">xm</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="n">vmjetable1</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">xm</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="n">vmkikoo2</span><span class="w"> </span><span class="err">\\</span><span class="w"></span>
<span class="o">&&</span><span class="w"> </span><span class="n">xm</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="n">vmpipeau3</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">xm</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="n">vmdelire4</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">xm</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="n">encoreunevmjetable</span><span class="w"></span>
</code></pre></div>
<p>Maintenant, c'est la RAM qui va commencer à manquer... mais c'est un autre problème ;-)</p>Installation d'un domU Xen Enterprise Linux sur un dom0 NetBSD2011-06-20T09:30:00+02:002011-06-20T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-06-20:/post/2011/06/20/Installation-d-un-domU-Xen-Enterprise-Linux-sur-un-dom0-NetBSD/<p>Ces derniers temps je m'amuse à faire des installations par le réseau d'un peu tout et n'importe quoi. J'utilise principalement l'outil de virtualisation <a href="www.virtualbox.org" title="VirtualBox">Oracle VirtualBox</a>, mais il m'arrive aussi de faire joujou avec <a href="http://www.xen.org" title="Xen">Xen</a>. Avec un hôte (dom0) CentOS 5 (et sans doute toutes les distribution de type "Enterprise Linux …</p><p>Ces derniers temps je m'amuse à faire des installations par le réseau d'un peu tout et n'importe quoi. J'utilise principalement l'outil de virtualisation <a href="www.virtualbox.org" title="VirtualBox">Oracle VirtualBox</a>, mais il m'arrive aussi de faire joujou avec <a href="http://www.xen.org" title="Xen">Xen</a>. Avec un hôte (dom0) CentOS 5 (et sans doute toutes les distribution de type "Enterprise Linux" telles que Red Hat Enterprise Linux ou Scientific Linux), il est très facile de créer d'autres machines virtuelles (domU) Xen de même type grâce à la commande "virt-install". Avec un dom0 NetBSD cependant, point de commande de ce type. Voyons donc comment faire.</p>
<p>Sur un système Enterprise Linux 5, il est possible de trouver une image de noyau d'installation (et l'initrd approprié) spécifique à Xen, comme par exemple sur <a href="http://ftp.free.fr/mirrors/ftp.centos.org/5/os/x86_64/images/xen/" title=""Miroir">ce miroir pour CentOS 5 64 bits</a>.</p>
<p>Ce qui me paraît étrange, c'est avec Enterprise Linux 6, tout du moins avec <a href="http://www.scientificlinux.org/" title=""Scientific">Scientific Linux</a>. Le noyau 2.6.32 dispose à priori des <a href="https://secure.wikimedia.org/wikipedia/en/wiki/Paravirtualization#Linux_Paravirtualization_Support" title=""options">pv-ops</a>, mais SL6 dispose <a href="http://ftp.scientificlinux.org/linux/scientific/6/x86_64/os/images/" title=""FTP">d'un noyau et d'un initrd Xen</a>. Peut-être est-ce par soucis de compatibilité de chemins, car les fichiers font la même taille que dans le répertoire <em>pxeboot</em>. D'ailleurs, lors de ma synchronisation rsync avec le miroir officiel Scientific Linux, le répertoire xen n'apparaît pas. Et je n'en ai pas eu besoin :)</p>
<p>Une fois nos images de noyau et d'initrd en main, il nous reste à créer notre fichier de configuration de domU, mon exemple prend comme exemple de disque dur un fichier et une connexion réseau par bridge :</p>
<div class="highlight"><pre><span></span><code>name = "centosexample"
uuid = ""
maxmem = 512
memory = 512
kernel = "/srv/www/pub/CentOS/5/os/x86_64/images/xen/vmlinuz"
ramdisk = "/srv/www/pub/CentOS/5/os/x86_64/images/xen/initrd.img"
extra = "vnc"
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
vfb = [ ]
disk = [ "file:/srv/xen/images/disk/centosexample.img,xvda,w" ]
vif = [ "mac=00:16:3a:e2:12:34,bridge=bridge0" ]
</code></pre></div>
<p>Il est possible de faire l'installation en mode texte en supprimant la ligne "extra", et d'ajouter l'url d'un fichier kickstart dans la directive extra, qui devient donc :</p>
<div class="highlight"><pre><span></span><code>extra = "text ks=http://monserveur/pub/cfg/centos5_x86_64.cfg"
</code></pre></div>
<p>La commande "xm create -c centosexample" vous permet de lancer votre domU et de débuter l'installation. Une fois celle-ci faite et votre domU de nouveau éteint, il suffit de commenter les lignes "kernel" et "ramdisk" et de décommenter la ligne "bootloader". Vous pouvez alors démarrer votre domU sans que le noyau de celui-ci soit sur le disque dur du dom0 :)</p>
<p>Lors de mes tests, je me suis limité au partitionnement par défaut (qui utilise LVM), à un détail près : avec Scientific Linux 6, j'ai imposé ext3 à l'installeur. Une fois l'installation terminée, éteindre son domU (proprement de préférence) et modifier la configuration qui devient :</p>
<div class="highlight"><pre><span></span><code><span class="n">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"centosexample"</span><span class="w"></span>
<span class="n">uuid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">""</span><span class="w"></span>
<span class="n">maxmem</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">512</span><span class="w"></span>
<span class="n">memory</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">512</span><span class="w"></span>
<span class="n">bootloader</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"/usr/pkg/bin/pygrub"</span><span class="w"></span>
<span class="n">on_poweroff</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"destroy"</span><span class="w"></span>
<span class="n">on_reboot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"restart"</span><span class="w"></span>
<span class="n">on_crash</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"restart"</span><span class="w"></span>
<span class="n">vfb</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">]</span><span class="w"></span>
<span class="n">disk</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"file:/srv/xen/images/disk/centosexample.img,xvda,w"</span><span class="w"> </span><span class="p">]</span><span class="w"></span>
<span class="n">vif</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"mac=00:16:3a:e2:12:34,bridge=bridge0"</span><span class="w"> </span><span class="p">]</span><span class="w"></span>
</code></pre></div>
<p>J'ai donc remplacé le noyau et l'initrd d'installation par pygrub, qui me permet de démarrer mon domU sur le noyau et l'initrd installés. De plus, les mises à jour ne nécessitent pas de copier de nouveau le noyau et l'initrd sur le dom0.</p>
<p>Pour finir, si vous souhaitez installer un dom0 NetBSD, je ne peux que vous recommander <a href="http://blog.bsdsx.fr/post/xen_1">l'excellent billet de Bsdsx</a> !</p>Configuration d'une redondance DNS2011-05-02T09:30:00+02:002011-05-02T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-05-02:/post/2011/05/02/Configuration-d-une-redondance-DNS/<p><em>Je suis dans la situation suivante : j'ai une machine exécutant entre autres un serveur DHCP et un serveur DNS, et je souhaite réinstaller cette machine. Problème, si je la réinstalle, le DHCP et le DNS seront indisponibles. Il me faut donc redonder ces deux services pour ne pas perturber les …</em></p><p><em>Je suis dans la situation suivante : j'ai une machine exécutant entre autres un serveur DHCP et un serveur DNS, et je souhaite réinstaller cette machine. Problème, si je la réinstalle, le DHCP et le DNS seront indisponibles. Il me faut donc redonder ces deux services pour ne pas perturber les autres machines. Après <a href="/post/2011/04/25/Configuration-d-une-redondance-DHCP">la redondance DHCP</a>, ce billet aborde la redondance DNS. Ce billet, comme le précédent, n'aborde pas la configuration complète d'un serveur DNS mais détaille les options de configurations liées à la redondance</em></p>
<p>Une redondance basique dans un LAN est très facile à mettre en œuvre car il n'y a pas besoin de modifier quoi que ce soit chez un registrar. Il faudra cependant ajouter l'adresse IP du second serveur DNS dans la configuration de toutes les machines ayant une adresse IP statique, car celles-ci ne récupèrent pas la liste des serveurs DNS via DHCP. Une redondance DNS se compose généralement d'au moins deux serveurs : un serveur maître et un ou plusieurs serveurs esclaves. Toutes nos futures modifications dans le DNS s'effectueront sur le serveur maître et seront répliquées automatiquement vers le serveur esclave. Dans notre cas, le serveur maître utilise NetBSD 4.0 et le serveur esclave utilise NetBSD 5.1; dans les deux cas, ISC Bind est utilisé dans sa version embarquée avec l'OS, et configuré dans un chroot.</p>
<p>Sur notre serveur maître, configurons nos zones dans le fichier <em>/var/chroot/named/etc/named.conf</em> :</p>
<div class="highlight"><pre><span></span><code>zone "anotherhomepage.loc" IN {
type master;
file "anotherhomepage.loc";
allow-update { none; };
allow-query { any; };
allow-transfer { 10.13.37.11; };
};
zone "37.13.10.in-addr.arpa" IN {
type master;
file "anotherhomepage.loc.reverse";
allow-update { none; };
allow-query { any; };
allow-transfer { 10.13.37.11; };
};
</code></pre></div>
<p>Remarquons que nous autorisons le transfert vers 10.13.37.11 qui est le serveur esclave. Continuons dans le fichier de zone anotherhomepage.loc dont voici quelques extraits :</p>
<div class="highlight"><pre><span></span><code>$TTL 86400
@ IN SOA ns0.anotherhomepage.loc. nils.anotherhomepage.loc. (
2011042601 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ; Minimum TTL
)
; Name servers
anotherhomepage.loc. IN NS ns0
anotherhomepage.loc. IN NS ns1
; Mail servers
anotherhomepage.loc. IN MX 10 mail
; "A" entries
ns0 IN A 10.13.37.10
ns1 IN A 10.13.37.11
mail IN A 10.13.37.12
</code></pre></div>
<p>Notre serveur esclave est donc renseigné pour le DNS, voyons voir dans le DNS inverse, fichier de zone anotherhomepage.loc.reverse :</p>
<div class="highlight"><pre><span></span><code>$TTL 86400
@ IN SOA ns0.anotherhomepage.loc. nils.anotherhomepage.loc. (
2011042601 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ; Minimum TTL
)
IN NS ns0.anotherhomepage.loc.
IN NS ns1.anotherhomepage.loc.
IN MX 10 mail.anotherhomepage.loc.
10 IN PTR ns0.anotherhomepage.loc.
11 IN PTR ns1.anotherhomepage.loc.
12 IN PTR mail.anotherhomepage.loc.
</code></pre></div>
<p>Occupons-nous à présent de notre serveur esclave. De ce côté, un seul fichier à modifier, <em>/var/chroot/named/etc/named.conf</em>, car les autres seront transférés par les mises à jour de zone :</p>
<div class="highlight"><pre><span></span><code>zone "anotherhomepage.loc" IN {
type slave;
masters { 10.13.37.5; };
file "anotherhomepage.loc";
allow-update { 10.13.37.5; };
allow-query { any; };
allow-notify { 10.13.37.5; };
};
zone "37.13.10.in-addr.arpa" IN {
type slave;
masters { 10.13.37.10; };
file "anotherhomepage.loc.reverse";
allow-update { 10.13.37.10; };
allow-query { any; };
allow-notify { 10.13.37.10; };
};
</code></pre></div>
<p>Il ne reste maintenant qu'à vérifier notre configuration. Par défaut, les logs vont dans <em>/var/log/messages</em>. Vous pouvez définir un autre emplacement pour les logs, comme par exemple :</p>
<div class="highlight"><pre><span></span><code><span class="n">logging</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">channel</span><span class="w"> </span><span class="n">simple_log</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">file</span><span class="w"> </span><span class="s2">"/var/log/named/bind.log"</span><span class="w"> </span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">severity</span><span class="w"> </span><span class="n">info</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">print</span><span class="o">-</span><span class="n">time</span><span class="w"> </span><span class="n">yes</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">print</span><span class="o">-</span><span class="n">severity</span><span class="w"> </span><span class="n">yes</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">print</span><span class="o">-</span><span class="n">category</span><span class="w"> </span><span class="n">yes</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">};</span><span class="w"></span>
<span class="w"> </span><span class="n">category</span><span class="w"> </span><span class="n">default</span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">simple_log</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">};</span><span class="w"></span>
<span class="w"> </span><span class="n">category</span><span class="w"> </span><span class="n">queries</span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">simple_log</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">};</span><span class="w"></span>
<span class="p">};</span><span class="w"></span>
</code></pre></div>
<p>Cet exemple est à insérer dans votre <em>named.conf</em>.Incrémentons les numéros de série, effectuons une relance de bind sur le serveur esclave puis le serveur maître :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="err">@</span><span class="n">ns0</span><span class="p">:</span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">chroot</span><span class="o">/</span><span class="n">named</span><span class="o">/</span><span class="k">var</span><span class="c1"># /etc/rc.d/named reload</span><span class="w"></span>
<span class="n">Reloading</span><span class="w"> </span><span class="n">named</span><span class="w"> </span><span class="n">config</span><span class="w"> </span><span class="n">files</span><span class="o">.</span><span class="w"></span>
</code></pre></div>
<p>Regardons le résultat sur le serveur esclave pour la relance du serveur maître :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="err">@</span><span class="n">ns1</span><span class="p">:</span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">chroot</span><span class="o">/</span><span class="n">named</span><span class="o">/</span><span class="n">etc</span><span class="c1"># tail -f /var/chroot/named/var/log/named/bind.log</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">10.864</span><span class="w"> </span><span class="n">notify</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="c1">#64893: received notify for zone '37.13.10.in-addr.arpa'</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">10.923</span><span class="w"> </span><span class="n">general</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">zone</span><span class="w"> </span><span class="mf">37.13</span><span class="o">.</span><span class="mf">10.</span><span class="ow">in</span><span class="o">-</span><span class="n">addr</span><span class="o">.</span><span class="n">arpa</span><span class="o">/</span><span class="n">IN</span><span class="p">:</span><span class="w"> </span><span class="n">Transfer</span><span class="w"> </span><span class="n">started</span><span class="o">.</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">10.924</span><span class="w"> </span><span class="n">xfer</span><span class="o">-</span><span class="ow">in</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">transfer</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="s1">'37.13.10.in-addr.arpa/IN'</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="c1">#53: connected using 10.13.37.60#65525</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.335</span><span class="w"> </span><span class="n">general</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">zone</span><span class="w"> </span><span class="mf">37.13</span><span class="o">.</span><span class="mf">10.</span><span class="ow">in</span><span class="o">-</span><span class="n">addr</span><span class="o">.</span><span class="n">arpa</span><span class="o">/</span><span class="n">IN</span><span class="p">:</span><span class="w"> </span><span class="n">transferred</span><span class="w"> </span><span class="n">serial</span><span class="w"> </span><span class="mi">2011042601</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.336</span><span class="w"> </span><span class="n">xfer</span><span class="o">-</span><span class="ow">in</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">transfer</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="s1">'37.13.10.in-addr.arpa/IN'</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="c1">#53: Transfer completed: 1 messages, 258 records, 8672 bytes, 0.411 secs (21099 bytes/sec)</span><span class="w"></span>
<span class="mi">27</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.337</span><span class="w"> </span><span class="n">notify</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">zone</span><span class="w"> </span><span class="mf">37.13</span><span class="o">.</span><span class="mf">10.</span><span class="ow">in</span><span class="o">-</span><span class="n">addr</span><span class="o">.</span><span class="n">arpa</span><span class="o">/</span><span class="n">IN</span><span class="p">:</span><span class="w"> </span><span class="n">sending</span><span class="w"> </span><span class="n">notifies</span><span class="w"> </span><span class="p">(</span><span class="n">serial</span><span class="w"> </span><span class="mi">2011042601</span><span class="p">)</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.383</span><span class="w"> </span><span class="n">notify</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="c1">#64893: received notify for zone 'anotherhomepage.loc'</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.388</span><span class="w"> </span><span class="n">general</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">zone</span><span class="w"> </span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">loc</span><span class="o">/</span><span class="n">IN</span><span class="p">:</span><span class="w"> </span><span class="n">Transfer</span><span class="w"> </span><span class="n">started</span><span class="o">.</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.390</span><span class="w"> </span><span class="n">xfer</span><span class="o">-</span><span class="ow">in</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">transfer</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="s1">'anotherhomepage.loc/IN'</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="c1">#53: connected using 10.13.37.60#65524</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.654</span><span class="w"> </span><span class="n">general</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">zone</span><span class="w"> </span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">loc</span><span class="o">/</span><span class="n">IN</span><span class="p">:</span><span class="w"> </span><span class="n">transferred</span><span class="w"> </span><span class="n">serial</span><span class="w"> </span><span class="mi">2011042601</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.654</span><span class="w"> </span><span class="n">xfer</span><span class="o">-</span><span class="ow">in</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">transfer</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="s1">'anotherhomepage.loc/IN'</span><span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="c1">#53: Transfer completed: 1 messages, 268 records, 8464 bytes, 0.263 secs (32182 bytes/sec)</span><span class="w"></span>
<span class="mi">26</span><span class="o">-</span><span class="n">Apr</span><span class="o">-</span><span class="mi">2011</span><span class="w"> </span><span class="mi">19</span><span class="p">:</span><span class="mi">14</span><span class="p">:</span><span class="mf">11.657</span><span class="w"> </span><span class="n">notify</span><span class="p">:</span><span class="w"> </span><span class="n">info</span><span class="p">:</span><span class="w"> </span><span class="n">zone</span><span class="w"> </span><span class="n">anotherhomepage</span><span class="o">.</span><span class="n">loc</span><span class="o">/</span><span class="n">IN</span><span class="p">:</span><span class="w"> </span><span class="n">sending</span><span class="w"> </span><span class="n">notifies</span><span class="w"> </span><span class="p">(</span><span class="n">serial</span><span class="w"> </span><span class="mi">2011042601</span><span class="p">)</span><span class="w"></span>
</code></pre></div>
<p>Houra ! Les transferts ont eu lieu ! Maintenant, il reste à modifier dans notre serveur DHCP les adresses IP des serveurs DNS. Dans le cas d'ISC DHCP :</p>
<div class="highlight"><pre><span></span><code>option domain-name-servers 10.13.37.10, 10.13.37.11;
</code></pre></div>
<p>Notez que ce billet permet une redondance assez basique, et loin d'être totalement sécurisée : quelqu'un d'assez malin peut, en utilisant une attaque de type “<a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Man-in-the-middle">Man-in-the-middle</a>” peut appliquer des modifications au serveur esclave. Pour les personnes qui aimeraient corriger ce défaut, il faut se tourner vers <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/DNSSEC">DNSSEC</a>.</p>Configuration d'une redondance DHCP2011-04-25T09:30:00+02:002011-04-25T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-04-25:/post/2011/04/25/Configuration-d-une-redondance-DHCP/<p><em>Ce billet est basé sur l'excellent billet de <a href="http://www.madboa.com">Paul Heinlein</a> et publié avec son aimable autorisation. Le billet original se trouve <a href="http://www.madboa.com/geek/dhcp-failover/">ici</a></em>.</p>
<p>Je suis dans la situation suivante : j'ai une machine exécutant entre autres un serveur DHCP et un serveur DNS, et je souhaite réinstaller cette machine. Problème, si je …</p><p><em>Ce billet est basé sur l'excellent billet de <a href="http://www.madboa.com">Paul Heinlein</a> et publié avec son aimable autorisation. Le billet original se trouve <a href="http://www.madboa.com/geek/dhcp-failover/">ici</a></em>.</p>
<p>Je suis dans la situation suivante : j'ai une machine exécutant entre autres un serveur DHCP et un serveur DNS, et je souhaite réinstaller cette machine. Problème, si je la réinstalle, le DHCP et le DNS seront indisponibles. Il me faut donc redonder ces deux services pour ne pas perturber les autres machines. Ce billet ne porte cependant que sur DHCP.</p>
<p>Commençons par jeter un oeil à la configuration actuelle du serveur DHCP, elle ressemble un peu à ceci :</p>
<div class="highlight"><pre><span></span><code><span class="nt">ddns-domainname</span><span class="w"> </span><span class="s2">"anotherhomepage.loc"</span><span class="o">;</span><span class="w"></span>
<span class="nt">ddns-update-style</span><span class="w"> </span><span class="nt">none</span><span class="o">;</span><span class="w"></span>
<span class="nt">ddns-updates</span><span class="w"> </span><span class="nt">off</span><span class="o">;</span><span class="w"></span>
<span class="nt">ignore</span><span class="w"> </span><span class="nt">client-updates</span><span class="o">;</span><span class="w"></span>
<span class="nt">authoritative</span><span class="o">;</span><span class="w"></span>
<span class="nt">allow</span><span class="w"> </span><span class="nt">unknown-clients</span><span class="o">;</span><span class="w"></span>
<span class="nt">max-lease-time</span><span class="w"> </span><span class="nt">3600</span><span class="o">;</span><span class="w"></span>
<span class="nt">default-lease-time</span><span class="w"> </span><span class="nt">1800</span><span class="o">;</span><span class="w"></span>
<span class="nt">subnet</span><span class="w"> </span><span class="nt">10</span><span class="p">.</span><span class="nc">13</span><span class="p">.</span><span class="nc">37</span><span class="p">.</span><span class="nc">0</span><span class="w"> </span><span class="nt">netmask</span><span class="w"> </span><span class="nt">255</span><span class="p">.</span><span class="nc">255</span><span class="p">.</span><span class="nc">255</span><span class="p">.</span><span class="nc">0</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="err">pool</span><span class="w"> </span><span class="err">{</span><span class="w"></span>
<span class="w"> </span><span class="err">deny</span><span class="w"> </span><span class="err">dynamic</span><span class="w"> </span><span class="err">bootp</span><span class="w"> </span><span class="err">clients</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">range</span><span class="w"> </span><span class="err">10.13.37.200</span><span class="w"> </span><span class="err">10.13.37.249</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">domain-name-servers</span><span class="w"> </span><span class="err">10.13.37.5</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">domain-name</span><span class="w"> </span><span class="err">"anotherhomepage.loc"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">routers</span><span class="w"> </span><span class="err">10.13.37.254</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">broadcast-address</span><span class="w"> </span><span class="err">10.13.37.255</span><span class="p">;</span><span class="w"></span>
<span class="err">group</span><span class="w"> </span><span class="err">{</span><span class="w"></span>
<span class="err">use-host-decl-names</span><span class="w"> </span><span class="err">true</span><span class="w"> </span><span class="p">;</span><span class="w"></span>
<span class="err">#</span><span class="w"> </span><span class="err">Virtual</span><span class="w"> </span><span class="err">Machine</span><span class="w"> </span><span class="err">de</span><span class="w"> </span><span class="err">tests</span><span class="w"> </span><span class="err">PXE</span><span class="w"></span>
<span class="err">host</span><span class="w"> </span><span class="err">pxemachine</span><span class="w"> </span><span class="err">{</span><span class="w"></span>
<span class="w"> </span><span class="err">hardware</span><span class="w"> </span><span class="err">ethernet</span><span class="w"> </span><span class="err">08:00:27:</span><span class="n">d3</span><span class="p">:</span><span class="mi">8</span><span class="n">f</span><span class="o">:</span><span class="mi">2</span><span class="n">d</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">fixed-address</span><span class="w"> </span><span class="err">10.13.37.199</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">option</span><span class="w"> </span><span class="err">host-name</span><span class="w"> </span><span class="err">"pxemachine"</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="err">}</span><span class="w"></span>
<span class="err">}</span><span class="w"></span>
<span class="err">}</span><span class="w"></span>
</code></pre></div>
<p>On y trouve un pool, un groupe et une machine dans ce groupe avec une adresse IP fixée grâce à son adresse MAC : n'importe quelle machine se verra attribuer une adresse entre 10.13.37.200 et 10.13.37.249, mais la machine dont l'adresse MAC est <em>08:00:27:d3:8f:2d</em> se verra attribuer l'IP 10.13.37.199.</p>
<p>Que se passe-t-il si je stoppe le serveur DHCP ? Les clients n'ont plus d'IP, donc plus d'accès au réseau, ce qui peut s'avérer gênant. Recopions la configuration sur l'autre serveur puis modifions celle-ci, qui va maintenant ressembler à ça :</p>
<div class="highlight"><pre><span></span><code><span class="n">ddns</span><span class="o">-</span><span class="n">domainname</span><span class="w"> </span><span class="s2">"anotherhomepage.loc"</span><span class="p">;</span><span class="w"></span>
<span class="n">ddns</span><span class="o">-</span><span class="n">update</span><span class="o">-</span><span class="n">style</span><span class="w"> </span><span class="n">none</span><span class="p">;</span><span class="w"></span>
<span class="n">ddns</span><span class="o">-</span><span class="n">updates</span><span class="w"> </span><span class="n">off</span><span class="p">;</span><span class="w"></span>
<span class="n">ignore</span><span class="w"> </span><span class="n">client</span><span class="o">-</span><span class="n">updates</span><span class="p">;</span><span class="w"></span>
<span class="n">authoritative</span><span class="p">;</span><span class="w"></span>
<span class="n">allow</span><span class="w"> </span><span class="n">unknown</span><span class="o">-</span><span class="n">clients</span><span class="p">;</span><span class="w"></span>
<span class="nb">max</span><span class="o">-</span><span class="n">lease</span><span class="o">-</span><span class="n">time</span><span class="w"> </span><span class="mi">3600</span><span class="p">;</span><span class="w"></span>
<span class="n">default</span><span class="o">-</span><span class="n">lease</span><span class="o">-</span><span class="n">time</span><span class="w"> </span><span class="mi">1800</span><span class="p">;</span><span class="w"></span>
<span class="n">failover</span><span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="s2">"dhcp-failover"</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">primary</span><span class="p">;</span><span class="w"> </span><span class="c1"># declare this to be the primary server</span><span class="w"></span>
<span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">port</span><span class="w"> </span><span class="mi">647</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.60</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="n">port</span><span class="w"> </span><span class="mi">647</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">max</span><span class="o">-</span><span class="n">response</span><span class="o">-</span><span class="n">delay</span><span class="w"> </span><span class="mi">30</span><span class="p">;</span><span class="w"> </span>
<span class="w"> </span><span class="nb">max</span><span class="o">-</span><span class="n">unacked</span><span class="o">-</span><span class="n">updates</span><span class="w"> </span><span class="mi">10</span><span class="p">;</span><span class="w"> </span>
<span class="w"> </span><span class="nb">load</span><span class="w"> </span><span class="n">balance</span><span class="w"> </span><span class="nb">max</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="mi">3</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">mclt</span><span class="w"> </span><span class="mi">1800</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">split</span><span class="w"> </span><span class="mi">128</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="n">subnet</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.0</span><span class="w"> </span><span class="n">netmask</span><span class="w"> </span><span class="mf">255.255</span><span class="o">.</span><span class="mf">255.0</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">pool</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">failover</span><span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="s2">"dhcp-failover"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">deny</span><span class="w"> </span><span class="n">dynamic</span><span class="w"> </span><span class="n">bootp</span><span class="w"> </span><span class="n">clients</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">range</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.200</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.249</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">domain</span><span class="o">-</span><span class="n">name</span><span class="o">-</span><span class="n">servers</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">domain</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="s2">"anotherhomepage.loc"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">routers</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.254</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">broadcast</span><span class="o">-</span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.255</span><span class="p">;</span><span class="w"></span>
<span class="n">group</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="n">use</span><span class="o">-</span><span class="n">host</span><span class="o">-</span><span class="n">decl</span><span class="o">-</span><span class="n">names</span><span class="w"> </span><span class="bp">true</span><span class="w"> </span><span class="p">;</span><span class="w"></span>
<span class="c1"># Virtual Machine de tests PXE</span><span class="w"></span>
<span class="n">host</span><span class="w"> </span><span class="n">pxemachine</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">hardware</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="mi">08</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">27</span><span class="p">:</span><span class="n">d3</span><span class="p">:</span><span class="mi">8</span><span class="n">f</span><span class="p">:</span><span class="mi">2</span><span class="n">d</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">fixed</span><span class="o">-</span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.199</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">host</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="s2">"pxemachine"</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>
<p>Maintenant notre machine est serveur <strong>primaire</strong> DHCP et communique avec le serveur désigné après <em>peer address</em>. Allons d'ailleurs voir la nouvelle configuration du serveur secondaire :</p>
<div class="highlight"><pre><span></span><code><span class="n">ddns</span><span class="o">-</span><span class="n">domainname</span><span class="w"> </span><span class="s2">"anotherhomepage.loc"</span><span class="p">;</span><span class="w"></span>
<span class="n">ddns</span><span class="o">-</span><span class="n">update</span><span class="o">-</span><span class="n">style</span><span class="w"> </span><span class="n">none</span><span class="p">;</span><span class="w"></span>
<span class="n">ddns</span><span class="o">-</span><span class="n">updates</span><span class="w"> </span><span class="n">off</span><span class="p">;</span><span class="w"></span>
<span class="n">ignore</span><span class="w"> </span><span class="n">client</span><span class="o">-</span><span class="n">updates</span><span class="p">;</span><span class="w"></span>
<span class="n">authoritative</span><span class="p">;</span><span class="w"></span>
<span class="n">allow</span><span class="w"> </span><span class="n">unknown</span><span class="o">-</span><span class="n">clients</span><span class="p">;</span><span class="w"></span>
<span class="nb">max</span><span class="o">-</span><span class="n">lease</span><span class="o">-</span><span class="n">time</span><span class="w"> </span><span class="mi">3600</span><span class="p">;</span><span class="w"></span>
<span class="n">default</span><span class="o">-</span><span class="n">lease</span><span class="o">-</span><span class="n">time</span><span class="w"> </span><span class="mi">1800</span><span class="p">;</span><span class="w"></span>
<span class="n">failover</span><span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="s2">"dhcp-failover"</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">secondary</span><span class="p">;</span><span class="w"> </span><span class="c1"># declare this to be the secondary server</span><span class="w"></span>
<span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.60</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">port</span><span class="w"> </span><span class="mi">647</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="n">port</span><span class="w"> </span><span class="mi">647</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">max</span><span class="o">-</span><span class="n">response</span><span class="o">-</span><span class="n">delay</span><span class="w"> </span><span class="mi">30</span><span class="p">;</span><span class="w"> </span>
<span class="w"> </span><span class="nb">max</span><span class="o">-</span><span class="n">unacked</span><span class="o">-</span><span class="n">updates</span><span class="w"> </span><span class="mi">10</span><span class="p">;</span><span class="w"> </span>
<span class="w"> </span><span class="nb">load</span><span class="w"> </span><span class="n">balance</span><span class="w"> </span><span class="nb">max</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="mi">3</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">mclt</span><span class="w"> </span><span class="mi">1800</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">split</span><span class="w"> </span><span class="mi">128</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="n">subnet</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.0</span><span class="w"> </span><span class="n">netmask</span><span class="w"> </span><span class="mf">255.255</span><span class="o">.</span><span class="mf">255.0</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">pool</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">failover</span><span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="s2">"dhcp-failover"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">deny</span><span class="w"> </span><span class="n">dynamic</span><span class="w"> </span><span class="n">bootp</span><span class="w"> </span><span class="n">clients</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nb">range</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.200</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.249</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">domain</span><span class="o">-</span><span class="n">name</span><span class="o">-</span><span class="n">servers</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.5</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">domain</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="s2">"anotherhomepage.loc"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">routers</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.254</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">broadcast</span><span class="o">-</span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.255</span><span class="p">;</span><span class="w"></span>
<span class="n">group</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="n">use</span><span class="o">-</span><span class="n">host</span><span class="o">-</span><span class="n">decl</span><span class="o">-</span><span class="n">names</span><span class="w"> </span><span class="bp">true</span><span class="w"> </span><span class="p">;</span><span class="w"></span>
<span class="c1"># Virtual Machine de tests PXE</span><span class="w"></span>
<span class="n">host</span><span class="w"> </span><span class="n">pxemachine</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">hardware</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="mi">08</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">27</span><span class="p">:</span><span class="n">d3</span><span class="p">:</span><span class="mi">8</span><span class="n">f</span><span class="p">:</span><span class="mi">2</span><span class="n">d</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">fixed</span><span class="o">-</span><span class="n">address</span><span class="w"> </span><span class="mf">10.13</span><span class="o">.</span><span class="mf">37.199</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">option</span><span class="w"> </span><span class="n">host</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="s2">"pxemachine"</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>
<p>A noter que si vous utilisez un pare-feu sur vos machines, il faudra autoriser les ports 647/tcp et 647/udp qui permettent la communication entre les deux serveurs.</p>
<p><strong>Que se passe-t-il au démarrage et arrêt des serveurs ?</strong></p>
<p>Exemple dans les logs du serveur primaire, après ajout de la configuration, le serveur dhcp primaire est nommé <em>master-dhcp</em> et le secondaire <em>slave-dhcp</em> :</p>
<div class="highlight"><pre><span></span><code>Apr 20 22:28:30 master-dhcp dhcpd: Wrote 0 deleted host decls to leases file.
Apr 20 22:28:30 master-dhcp dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 20 22:28:30 master-dhcp dhcpd: Wrote 53 leases to leases file.
Apr 20 22:28:31 master-dhcp dhcpd: failover peer dhcp-failover: I move from communications-interrupted to startup
Apr 20 22:28:45 master-dhcp dhcpd: failover peer dhcp-failover: I move from startup to communications-interrupted
</code></pre></div>
<p>Démarrons maintenant DHCPD sur le serveur secondaire, et voyons le résultat sur le serveur primaire :</p>
<div class="highlight"><pre><span></span><code>Apr 20 22:30:29 master-dhcp dhcpd: failover peer dhcp-failover: peer moves from normal to normal
Apr 20 22:30:29 master-dhcp dhcpd: failover peer dhcp-failover: I move from communications-interrupted to normal
Apr 20 22:30:29 master-dhcp dhcpd: pool 80c3200 192.168.6/24 total 50 free 26 backup 24 lts -1
</code></pre></div>
<p>Et regardons les logs du serveur secondaire :</p>
<div class="highlight"><pre><span></span><code>Apr 20 22:30:28 slave-dhcp dhcpd: Wrote 0 deleted host decls to leases file.
Apr 20 22:30:29 slave-dhcp dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 20 22:30:29 slave-dhcp dhcpd: Wrote 50 leases to leases file.
Apr 20 22:30:29 slave-dhcp dhcpd: failover peer dhcp-failover: I move from normal to startup
Apr 20 22:30:29 slave-dhcp dhcpd: failover peer dhcp-failover: peer moves from normal to communications-interrupted
Apr 20 22:30:29 slave-dhcp dhcpd: failover peer dhcp-failover: I move from startup to normal
Apr 20 22:30:29 slave-dhcp dhcpd: failover peer dhcp-failover: peer moves from communications-interrupted to normal
Apr 20 22:30:29 slave-dhcp dhcpd: pool 7f7ffd8a5150 192.168.6/24 total 50 free 26 backup 24 lts 1
</code></pre></div>
<p>Si je stoppe le serveur primaire, on le voit dans les logs du serveur secondaire :</p>
<div class="highlight"><pre><span></span><code>Apr 20 22:32:08 slave-dhcp dhcpd: peer dhcp-failover: disconnected
Apr 20 22:32:08 slave-dhcp dhcpd: failover peer dhcp-failover: I move from normal to communications-interrupted
</code></pre></div>
<p>Et le redémarrage est aussi visible :</p>
<div class="highlight"><pre><span></span><code>Apr 20 22:32:40 slave-dhcp dhcpd: failover peer dhcp-failover: peer moves from normal to normal
Apr 20 22:32:40 slave-dhcp dhcpd: failover peer dhcp-failover: I move from communications-interrupted to normal
Apr 20 22:32:40 slave-dhcp dhcpd: pool 7f7ffd8a5150 192.168.6/24 total 50 free 26 backup 24 lts 1
</code></pre></div>
<p>Pour finir, cette configuration n'est possible que si les deux serveurs DHCP ont la même version d'ISC DHCP. Heureusement (?), de NetBSD 4.0 jusqu'à NetBSD 5.1 inclus, ISC DHCP est toujours en version 3.0.3 ;-)</p>Effectuer une netinstall de NetBSD 52011-04-18T09:30:00+02:002011-04-18T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-04-18:/post/2011/04/18/Effectuer-une-netinstall-de-NetBSD-5/<p>J'avais déjà rédigé <a href="/post/2010/01/20/Supprimer-ses-daily-outpout-dans-NetBSD">un petit tip pour NetBSDfr</a>, mais cette fois-ci je suis allé un peu plus loin : J'ai documenté l'installation par le réseau, incluant un démarrage PXE de NetBSD 5, pour i386 et amd64. Et c'est <a href="http://www.netbsdfr.org/wiki/doku.php?id=tips:netinstallnb5">sur le wiki NetBSDfr</a> que ça se passe.</p>
<p>Faites chauffer les cartes réseau …</p><p>J'avais déjà rédigé <a href="/post/2010/01/20/Supprimer-ses-daily-outpout-dans-NetBSD">un petit tip pour NetBSDfr</a>, mais cette fois-ci je suis allé un peu plus loin : J'ai documenté l'installation par le réseau, incluant un démarrage PXE de NetBSD 5, pour i386 et amd64. Et c'est <a href="http://www.netbsdfr.org/wiki/doku.php?id=tips:netinstallnb5">sur le wiki NetBSDfr</a> que ça se passe.</p>
<p>Faites chauffer les cartes réseau !</p>configuration basique pour bozohttpd2011-04-04T09:30:00+02:002011-04-04T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-04-04:/post/2011/04/04/configuration-basique-pour-bozohttpd/<p>NetBSD possède dans ses sets de base quelques logiciels intéressants pour un serveur : un serveur SSH, un serveur DNS, un serveur DHCP, même un serveur TFTP et celui qui m'intéresse plus particulièrement aujourd'hui, un serveur HTTP. Il ne s'agit pas, comme on pourrait s'y attendre, d'<a href="http://httpd.apache.org/">Apache HTTP Server</a>, mais …</p><p>NetBSD possède dans ses sets de base quelques logiciels intéressants pour un serveur : un serveur SSH, un serveur DNS, un serveur DHCP, même un serveur TFTP et celui qui m'intéresse plus particulièrement aujourd'hui, un serveur HTTP. Il ne s'agit pas, comme on pourrait s'y attendre, d'<a href="http://httpd.apache.org/">Apache HTTP Server</a>, mais de <a href="http://www.eterna.com.au/bozohttpd/">bozohttpd</a>, un serveur web peu connu mais particulièrement léger et à la configuration minimaliste, pour peu que le besoin le soit aussi. D'ailleurs c'est très simple, mon besoin est on ne peut plus simple : je désire créer un miroir local de distributions Linux et NetBSD et je ne souhaite pas y passer des heures à configurer un virtualhost. Autre avantage de bozohttpd dans ce cas précis, comme il est installé par défaut dans le système de base, pas besoin de l'installer. Ca fera toujours un paquet de moins à maintenir.</p>
<p>Une fois passée l'extase du "pas besoin de l'installer, c'est déjà fait", on se met à la recherche d'un fichier de configuration. Après la frustration d'être rentré bredouille, la page d'accueil du logiciel explique très simplement que "it has no configuration file by design". Il faut donc le configurer en le lançant avec différentes options. Un petit grep bien senti permet de voir comment ça va se passer :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="err">@</span><span class="n">arreat</span><span class="p">:</span><span class="o">~</span><span class="c1"># grep -i http /etc/defaults/rc.conf </span><span class="w"></span>
<span class="n">httpd</span><span class="o">=</span><span class="n">NO</span><span class="w"> </span><span class="n">httpd_flags</span><span class="o">=</span><span class="s2">""</span><span class="w"></span>
<span class="w"> </span><span class="n">httpd_wwwdir</span><span class="o">=</span><span class="s2">"/var/www"</span><span class="w"></span>
<span class="w"> </span><span class="n">httpd_wwwuser</span><span class="o">=</span><span class="s2">"_httpd"</span><span class="w"></span>
</code></pre></div>
<p>Il suffit donc de positionner les options dans la directive "httpd_flags" de son rc.conf, et éventuellement de changer "httpd_wwwdir" selon l'emplacement de ses fichiers.D'abord, copions ces options dans notre rc.conf :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">i</span><span class="w"> </span><span class="n">http</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">defaults</span><span class="o">/</span><span class="n">rc</span><span class="p">.</span><span class="n">conf</span><span class="w"> </span><span class="o">>></span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">rc</span><span class="p">.</span><span class="n">conf</span><span class="w"></span>
</code></pre></div>
<p>Ensuite, pour pouvoir lancer bozohttpd, on édite <em>/etc/rc.conf</em> et on passe <em>httpd=NO</em> à <em>httpd=YES</em>. Une fois l'édition terminée, on lance le serveur :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@arreat</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">rc</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">httpd</span><span class="w"> </span><span class="k">start</span><span class="w"></span>
</code></pre></div>
<p>Par défaut, bozohttpd cherche un fichier index.html dans "httpd_wwwdir", et affiche son numéro de version. Paranoïa oblige, je souhaite enlever le numéro de version, et comme je veux juste mettre à disposition un miroir local de logiciels, je me fiche qu'il n'y ait pas d'index dans les répertoires. Et pour finir, je change le répertoire de base :</p>
<div class="highlight"><pre><span></span><code>httpd=YES
httpd_flags="-X -S 'AHP Intranet'"
httpd_wwwdir="/srv/www"
httpd_wwwuser="_httpd"
</code></pre></div>
<p>L'option "-X" active le “directory indexing”, en clair, le listage des fichiers. L'option "-S" suivie d'une chaîne de caractère permet de substituer le nom réel du serveur à un nom personnalisé, ici "AHP Intranet". Une fois le service httpd relancé, j'obtiens ma liste de fichiers :-)</p>
<p>En bref, je n'ai pas eu à passer deux heures à configurer un virtual host, ni à retirer des modules, à tuner le nombre de processus. 10 minutes montre en main. Et pour plus d'options, la documentation peut être accédée via “man 8 httpd” ou <a href="http://www.eterna.com.au/bozohttpd/bozohttpd.8.html">sur le site de bozohttpd</a>.</p>Flasher son BIOS sans DOS ni Windows2011-03-28T09:30:00+02:002011-03-28T09:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-03-28:/post/2011/03/28/Flasher-son-BIOS-sans-DOS-ni-Windows/<p>Mettre à jour le <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Basic_Input_Output_System">BIOS</a> de sa carte mère, voilà une activité qui peut s'avérer exaspérante au possible : par le passé, cela se faisait en utilisant une <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Disquette">disquette</a> (voire deux), contenant un système <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/DOS">DOS</a> et deux fichiers, l'utilitaire de flashage et l'image du BIOS proprement dite.</p>
<p>Il fallait donc :- disposer …</p><p>Mettre à jour le <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Basic_Input_Output_System">BIOS</a> de sa carte mère, voilà une activité qui peut s'avérer exaspérante au possible : par le passé, cela se faisait en utilisant une <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Disquette">disquette</a> (voire deux), contenant un système <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/DOS">DOS</a> et deux fichiers, l'utilitaire de flashage et l'image du BIOS proprement dite.</p>
<p>Il fallait donc :- disposer d'un lecteur de disquettes en état de marche, ainsi que de disquettes elles-aussi en état de marche;- disposer d'un système d'exploitation DOS ou d'un système <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Microsoft_Windows">Windows</a>, lequel permettait de créer une disquette de démarrage DOS.</p>
<p>Cela doit faire quelques années qu'on ne vend plus d'ordinateurs équipés de lecteur de disquettes, aussi de nombreux constructeurs fournissent des outils fonctionnant directement sous Windows. Problème : la machine dont je souhaite mettre à jour le BIOS ne possède ni lecteur de disquette, ni de Windows, et pour couronner le tout, même pas de lecteur de <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/CD-ROM">CD-ROM</a>. Pour la petite histoire, le système d'exploitation de cette machine a été installé grâce à <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Preboot_Execution_Environment">PXE</a>, et j'avais aussi installé un autre en démarrant sur une clé USB.</p>
<p>Il me faut donc trouver un système capable d'exécuter des programmes DOS, et capable d'être démarré depuis le réseau ou une clé USB. Pour la première partie, c'est assez facile et archi-connu, il s'agit de <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/FreeDOS">FreeDOS</a>. Pour la deuxième partie, c'est en fait tout aussi facile : FreeDOS est fourni sous forme d'image ISO. Cette image peut être copiée sur clé USB grâce à l'utilitaire <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/UNetbootin">UNetbootin</a>. Il suffit, une fois FreeDOS installé sur la clé USB, de copier l'utilitaire de flashage et l'image du BIOS à la racine de cette clé USB.</p>
<p>Le démarrage d'un ordinateur sur clé USB peut s'avérer plus difficile que prévu : il faut s'assurer en regardant dans le BIOS que celui-ci accepte de démarrer sur USB (ce n'est pas le cas de vieilles machines). Il se peut aussi qu'une option sur le type de périphérique USB (ZIP, disque dur, etc...) soit à modifier, ou la taille (fixe, dynamique). Bref, même aujourd'hui, démarrer sur l'USB, ce n'est pas trivial.</p>
<p>Arrive ensuite le menu de démarrage. UNetbootin semble avoir son propre menu, qui m'affiche plusieurs entrées (qui ne mènent à rien), dont une nommée fdos et l'autre nommée freedos. Dans mon cas, c'est la première qui a fonctionné et qui m'a amené à l'écran de démarrage de FreeDOS. Là encore, je ne détaillerai pas les options, cela dépend vraiment de la machine.</p>
<p>Une fois le prompt obtenu, reste à retrouver l'utilitaire de flashage. On remarque que le prompt affiche "A:\\>". La clé USB est en fait en C: donc on tape :</p>
<div class="highlight"><pre><span></span><code>A:\\> C:
C:\\>
</code></pre></div>
<p>On peut lire le contenu du répertoire courant par la commande "dir", comme sous le vieux DOS de Microsoft. On peut donc vérifier que l'utilitaire de flashage est bien présent dans C: et aller vérifier dans les sous-dossiers si besoin. Ensuite, la commande varie selon les outils, mais lancer l'outil via un truc du genre :</p>
<div class="highlight"><pre><span></span><code>outildeflash.exe
</code></pre></div>
<p>ou alors :</p>
<div class="highlight"><pre><span></span><code>outildeflash.exe help
</code></pre></div>
<p>devrait aider à connaître la bonne syntaxe.</p>Ajouter ses sections personnalisées dans Awstats2011-02-28T09:30:00+01:002011-02-28T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-02-28:/post/2011/02/28/ajouter-ses-sections-personnalisees-dans-awstats/<p>Après la configuration de base et l'activation de plugins, amusons-nous maintenant à personnaliser nos statistiques avec les "Extra Sections". Avant toute chose, il convient de rappeler que comme certains plugins, ces ajouts ralentissent la vitesse d'exécution d'Awstats : sur des sites internet très visités, il peut s'avérer très utile d'avoir une …</p><p>Après la configuration de base et l'activation de plugins, amusons-nous maintenant à personnaliser nos statistiques avec les "Extra Sections". Avant toute chose, il convient de rappeler que comme certains plugins, ces ajouts ralentissent la vitesse d'exécution d'Awstats : sur des sites internet très visités, il peut s'avérer très utile d'avoir une centralisation des logs et de ne pas utiliser Awstats directement sur les serveurs web de production.</p>
<p>Il est possible, grâce à ces sections, d'ajouter des filtres. Pour un site marchand par exemple on peut trier les produits et lister les meilleures ventes selon les catégories. Il est aussi possible, pour un blog, de voir les hits sur les flux RSS et même de voir quel client RSS est utilisé. C'est ce que je vous propose dans la suite.</p>
<p>Chaque "Extra Section" s'ajoute dans Awstats à la fin du fichier de configuration. Si vous souhaitez utiliser les mêmes sections pour plusieurs fichiers de configuration, il est possible de faire de l'inclusion de fichiers. On peut par exemple créer un fichier /usr/pkg/etc/awstats/extra_sections.conf et écrire dans le fichier de configuration de notre site internet la directive :</p>
<div class="highlight"><pre><span></span><code><span class="k">Include</span> <span class="s2">"</span><span class="s">extra_sections.conf</span><span class="s2">"</span>
</code></pre></div>
<p>Cela peut s'avérer très pratique car les sections sont numérotées. La première section voit ses variables suffixées par le chiffre 1, la deuxième par le chiffre 2, ainsi de suite... Le copier-coller est donc à manier avec précaution, je n'ai jamais tenté d'avoir deux sections 1.</p>
<p>Détaillons à présent un premier exemple : je cherche à lister les visites sur mes flux RSS.</p>
<div class="highlight"><pre><span></span><code>ExtraSectionName1="Flux RSS / Atom"
ExtraSectionCodeFilter1="200 304"
ExtraSectionCondition1="URL,^\\/feed\\/.*"
ExtraSectionFirstColumnTitle1="Nom du flux"
ExtraSectionFirstColumnValues1="URL,^\\/feed\\/([\\w]+)\\/"
ExtraSectionStatTypes1=PHK
MaxNbOfExtra1=1000
MinHitExtra1=1
</code></pre></div>
<p>Cette section filtre donc les codes HTTP <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Liste_des_codes_HTTP#Succ.C3.A8s">200</a> et <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Liste_des_codes_HTTP#Redirection">304</a> ayant lieu dans le répertoires /feed/. J'affiche les URLs commençant par /feed/ pour les lister et enfin, j'indique le nombre de pages et le nombre de hits (qui dans ce cas de flux RSS ont la même valeur). Je décide de limiter le nombre d'entrée à 1000 et estime le nombre minimum de hits pour apparaître dans les stats à 1. Il est possible d'adapter simplement cet exemple à d'autres URLs.</p>
<p>Passons au deuxième exemple :</p>
<div class="highlight"><pre><span></span><code>ExtraSectionName2="Lecteurs de RSS"
ExtraSectionCodeFilter2="200 304"
ExtraSectionCondition2="URL,^\\/feed\\/.*"
ExtraSectionFirstColumnTitle2="logiciel"
ExtraSectionFirstColumnValues2="UA,^([^\\/]*)"
ExtraSectionStatTypes2=PHBL
MaxNbOfExtra2=1000
MinHitExtra2=1
</code></pre></div>
<p>Cette fois-ci je ne liste pas l'URL mais le "User Agent" qui a fait la requête sur /feed/, ce qui me permet de lister les clients RSS utilisés. Enfin, je ne me contente pas seulement de lister les hits (H) et les pages (P), mais aussi la bande passante (B) et les dernières visites (L). On peut filtrer sur de nombreux critères, les voici :</p>
<ul>
<li>URL</li>
<li>URLWITHQUERY</li>
<li>QUERY_STRING</li>
<li>REFERER</li>
<li>UA</li>
<li>HOSTINLOG</li>
<li>HOST</li>
<li>VHOST</li>
</ul>
<p>La documentation d'Awstats possède une <a href="http://awstats.sourceforge.net/docs/awstats_extra.html">page consacrée aux Extra Sections</a> dont je vous recommande la lecture. De même, un site nommé <a href="http://www.internetofficer.com/awstats/">Internet Officer</a> possède de nombreux exemples en rapport avec Google. Il est bien pratique, pour débuter avec les Extra Sections, de partir d'exemples fonctionnels proches (plus ou moins) du résultat qu'on souhaite obtenir. Enfin, le fichier de configuration d'Awstats reste en soi une excellente documentation grâce à la qualité des commentaires déjà présents.</p>Utilisation des plugins Awstats2011-02-14T09:30:00+01:002011-02-14T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-02-14:/post/2011/02/14/utilisation-des-plugins-awstats/<p>Nous avons vu dans un précédent billet comment mettre en oeuvre la génération de statistiques de visites avec <a href="http://awstats.sourceforge.net/">Awstats</a>. Nous allons maintenant enrichir et améliorer ces statistiques, avec dans un premier temps l'utilisation de plugins. Le prérequis pour ce billet est bien entendu d'avoir configuré Awstats et de posséder les …</p><p>Nous avons vu dans un précédent billet comment mettre en oeuvre la génération de statistiques de visites avec <a href="http://awstats.sourceforge.net/">Awstats</a>. Nous allons maintenant enrichir et améliorer ces statistiques, avec dans un premier temps l'utilisation de plugins. Le prérequis pour ce billet est bien entendu d'avoir configuré Awstats et de posséder les modules Perl suivants : URI::Escape, Storable et Geo::IP.</p>
<h2>Décoder correctement les phrases clés et les mots clés</h2>
<p>Awstats permet de voir quels mots clés et quelles phrases clés ont été utilisés dans un moteur de recherche pour arriver sur votre site. Mais avec les jeux de caractères, Awstats peut avoir du mal à décoder les chaînes de caractères. Pour remédier à cela, il suffit d'activer le plugin decodeutfkeys dans notre fichier de configuration :</p>
<div class="highlight"><pre><span></span><code>LoadPlugin="decodeutfkeys"
</code></pre></div>
<h2>Accélération des recherches DNS</h2>
<p>Dans notre configuration précédente, Awstats est paramétré pour faire une recherche DNS inverse des IP des visiteurs, ce qui peut prendre du temps. Il est donc possible de créer un fichier de cache pour accélérer ces recherches et éviter de faire 36 fois la même requête DNS. Pour cela, on active le plugin hashfiles :</p>
<div class="highlight"><pre><span></span><code>LoadPlugin="hashfiles"
</code></pre></div>
<h2>Géolocalisation des visiteurs</h2>
<p>Il peut s'avérer très intéressant de savoir d'où viennent vos visiteurs selon le thème ou la langue du site : par exemple, un site rédigé en Français a dans le top 10 de ses visiteurs une adresse IP russe, une brésilienne et une chinoise (pays choisis au hasard). Si on regarde dans les logs, on se rend compte que 90% de leurs requêtes terminent en 404 ;) On va donc activer le plugin GeoIP :</p>
<div class="highlight"><pre><span></span><code><span class="n">LoadPlugin</span><span class="o">=</span><span class="s2">"geoip GEOIP_STANDARD /var/www/awstats/GeoIP.dat</span>
<span class="n">LoadPlugin</span><span class="o">=</span><span class="s2">"geoip_city_maxmind GEOIP_STANDARD /var/www/awstats/GeoLiteCity.dat"</span><span class="w"></span>
</code></pre></div>
<p>On remarque que dans le cas de GeoIP, il est nécessaire de disposer d'une base de données associant des plages d'adresses IP à un pays d'appartenance. Le fournisseur le plus connu pour ce type de bases de données est <a href="http://www.maxmind.com/app/ip-locate">Maxmind</a>, qui propose des solutions gratuites et payantes. Deux bases sont disponibles gratuitement, <a href="http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz">celle des pays</a> et <a href="http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz">celle des villes</a>. Ensuite, il reste à placer ces fichiers (décompressés) dans un répertoire accessible à Awstats; personnellement je le met au même endroit que les données de statistiques, donc /var/www/awstats ou /var/lib/awstats selon qu'on est sous NetBSD ou Linux. Les bases de données sont mises à jour chaque mois, pensez donc à régulièrement télécharger les nouvelles versions.</p>
<p>[Attention]{.underline} : ce type de traitement entraîne un ralentissement de la vitesse d'exécution d'Awstats, sur des gros sites cela peut très vite devenir gênant pour la carge CPU et mémoire de votre serveur.</p>
<h2>Autres infos sur les IP des visiteurs</h2>
<p>Plutôt que de copier-coller les IP de vos visiteurs dans un service de <a href="https://secure.wikimedia.org/wikipedia/fr/wiki/Whois">whois</a>, il est possible d'utiliser le client whois d'Awstats via le plugin hostinfo :</p>
<div class="highlight"><pre><span></span><code>LoadPlugin="hostinfo"
</code></pre></div>
<h2>Au prochain épisode...</h2>
<p>Nous avons maintenant quelques détails de plus sur nos visiteurs grâce aux plugins, il nous reste maintenant à mieux comprendre les visites via les directives "ExtraSection", qui fera l'objet d'un prochain billet... :)</p>Logrotate dans pkgsrc : ça marche chez toi ?2011-02-09T09:30:00+01:002011-02-09T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-02-09:/post/2011/02/09/Logrotate-dans-pkgsrc/<p>Il y a quelques mois maintenant, je me suis inscrit au projet <a href="http://pkgsrc-wip.sourceforge.net/" title="pkgsrc-wip">pkgsrc-wip</a> chez Sourceforge, dans le but de mettre à jour <a href="https://fedorahosted.org/logrotate/" title="Logrotate">Logrotate</a>. Le résultat est maintenant utilisable : il y a un makefile et des patches, tout ça compile sans accrocs sous NetBSD 5.0.2 et 5.1 (en …</p><p>Il y a quelques mois maintenant, je me suis inscrit au projet <a href="http://pkgsrc-wip.sourceforge.net/" title="pkgsrc-wip">pkgsrc-wip</a> chez Sourceforge, dans le but de mettre à jour <a href="https://fedorahosted.org/logrotate/" title="Logrotate">Logrotate</a>. Le résultat est maintenant utilisable : il y a un makefile et des patches, tout ça compile sans accrocs sous NetBSD 5.0.2 et 5.1 (en amd64 du moins), bref de mon côté c'est au poil :)</p>
<p>Je n'ai pas forcément testé intensivement le paquet binaire, donc je lance ce léger appel à tests, si jamais ça intéresse quelqu'un. Comme <a href="http://sourceforge.net/blog/update-on-services/">Le CVS de pkgsrc-wip</a> est actuellement indisponible, vous pouvez télécharger le Makefile et les patches dans une archive <a href="http://media.anotherhomepage.org/pkgsrc/wip/logrotate-wip.tgz">ici</a>. Compilez, faites tourner les logs, merci d'avance !</p>Awstats2011-01-31T09:30:00+01:002011-01-31T09:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2011-01-31:/post/2011/01/31/awstats/<h2>Qu'est-ce qu'Awstats ? A quoi sert-il ?</h2>
<p><a href="http://awstats.sourceforge.net/">Awstats</a> est un outil web de statistiques pour un serveur web, FTP ou mail. Il permet donc de voir, pour un site internet par exemple, s'il y a beaucoup de visites, quelles sont les pages les plus visitées, quelle quantité de données est transférée, et …</p><h2>Qu'est-ce qu'Awstats ? A quoi sert-il ?</h2>
<p><a href="http://awstats.sourceforge.net/">Awstats</a> est un outil web de statistiques pour un serveur web, FTP ou mail. Il permet donc de voir, pour un site internet par exemple, s'il y a beaucoup de visites, quelles sont les pages les plus visitées, quelle quantité de données est transférée, et "qui" vient le plus souvent visiter son site. Awstats est un logiciel libre, sous licence GNU GPL. Il peut être appelé dynamiquement, générer des pages HTML de statistiques, ou, grâce à des contributions externes de créer des fichiers PDF. Autre détail qui a son importance : Awstats se base sur les fichiers de log de votre serveur, il n'est donc pas à ma connaissance compatible avec les hébergements mutualisés.</p>
<h2>De quoi ai-je besoin pour le faire fonctionner ?</h2>
<p>Awstats a avant tout besoin de <a href="http://www.perl.org/">Perl</a> ! Ensuite, selon votre besoin ou vos désirs, il faut que votre serveur web puisse exécuter des scripts CGI. Dans le cas d'Apache donc, pas besoin de <a href="http://perl.apache.org/">mod_perl</a> pour afficher vos statistiques Awstats, mais il faudra activer <a href="http://httpd.apache.org/docs/2.2/mod/mod_cgi.html">mod_cgi</a> si vous souhaitez afficher dynamiquement les statistiques.</p>
<p>De plus, selon les fonctionnalités que vous souhaiterez activer, il est nécessaire d'avoir quelques modules Perl. Si vous souhaitez suivre ces billets, il peut être de bon ton d'installer les modules Perl suivants : URI::Escape, Storable, Geo::IP (et non Geo::IPfree) et Net::XWhois . Concernant NetBSD, j'ai installé les paquets suivants :</p>
<ul>
<li>p5-Business-ISBN</li>
<li>p5-Business-ISBN</li>
<li>p5-Geo-IP</li>
<li>p5-MIME-Base64</li>
<li>p5-Net-XWhois</li>
<li>p5-Test-Simple</li>
<li>p5-URI</li>
</ul>
<h2>Installation</h2>
<p>Awstats est généralement fourni dans les paquets de votre distribution Linux ou BSD favorite. Si ce n'est pas dans les dépôts officiels, il est fort probable que des dépôts alternatifs soient disponibles. Ainsi, pour RHEL et ses clones tels que CentOS, vous pouvez utiliser le dépôt <a href="http://fedoraproject.org/wiki/EPEL">EPEL</a>. Si vous ne connaissez aucun dépôt ou que ceux-ci fournissent une version trop ancienne, vous pouvez utiliser <a href="http://awstats.sourceforge.net/#DOWNLOAD">l'archive disponible sur le site d'Awstats</a>. Point non négligeable : comme il s'agit d'un programme Perl, nul besoin de le compiler, ce qui est fort appréciable !</p>
<p>Pour la suite : tous les exemples et codes proviennent d'une machine NetBSD 5, et Awstats est installé grâce au paquet disponible sur pkgsrc.</p>
<h2>Première configuration</h2>
<p>Nous avons donc installé Awstats. Avant de configurer Awstats</p>
<p>La configuration se situe dans <em>/usr/pkg/etc/awstats/' et on y trouve déjà un fichier :</em> awstats.model.conf''. Copions ce modèle et éditons-le :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">awstats</span><span class="err">#</span><span class="w"> </span><span class="n">cp</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">awstats</span><span class="p">.</span><span class="n">model</span><span class="p">.</span><span class="n">conf</span><span class="w"> </span><span class="n">awstats</span><span class="p">.</span><span class="n">blog</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">conf</span><span class="w"></span>
<span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">awstats</span><span class="err">#</span><span class="w"> </span><span class="n">vi</span><span class="w"> </span><span class="n">awstats</span><span class="p">.</span><span class="n">blog</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">conf</span><span class="w"></span>
</code></pre></div>
<p>Examinons maintenant la configuration, nous allons renseigner :</p>
<ul>
<li>l'emplacement du fichier de logs</li>
<li>le nom (dns) du site web, ainsi que ses alias</li>
<li>renseigner les pages d'index</li>
<li>exclure Awstats des statistiques</li>
<li>exclure notre adresse IP des statistiques</li>
<li>et bien d'autres trucs encore !</li>
</ul>
<p>Attention :</p>
<ul>
<li>je n'affiche par la suite que les options que j'ai modifiées par rapport au modèle</li>
<li>ma configuration date un peu : mon fichier a été créé à l'époque d'Awstats 6.6, et de nouvelles options ont fait leur apparition</li>
</ul>
<div class="highlight"><pre><span></span><code><span class="c1"># Emplacement du fichier de log</span><span class="w"></span>
<span class="n">LogFile</span><span class="o">=</span><span class="s2">"/var/log/httpd/blog-access.log"</span><span class="w"></span>
<span class="c1"># Nom DNS de notre site internet</span><span class="w"></span>
<span class="n">SiteDomain</span><span class="o">=</span><span class="s2">"blog.anotherhomepage.org"</span><span class="w"></span>
<span class="c1"># Autres noms DNS possibles, ou adresse IP directement</span><span class="w"></span>
<span class="n">HostAliases</span><span class="o">=</span><span class="s2">"localhost 127.0.0.1 www.blog.anotherhomepage.org 188.40.96.170"</span><span class="w"></span>
<span class="c1"># Faire une recherche inverse DNS sur les IP des visiteurs, cela permet d'avoir une meilleure visibilité en voyant</span><span class="w"></span>
<span class="c1"># les DNS inversedes FAI, mais attention : sur un gros site, cela peut énormément ralentir Awstats !</span><span class="w"></span>
<span class="c1"># Si vous avez un doute, mettez cette valeur à 0</span><span class="w"></span>
<span class="n">DNSLookup</span><span class="o">=</span><span class="mi">1</span><span class="w"></span>
<span class="c1"># Localisation des bases de données des statistiques, ici le chemin NetBSD !</span><span class="w"></span>
<span class="c1"># Sous GNU/Linux, le chemin est généralement /var/lib/awstats</span><span class="w"></span>
<span class="n">DirData</span><span class="o">=</span><span class="s2">"/var/www/awstats"</span><span class="w"></span>
<span class="c1"># Localisation du GCI appelé par notre page de statistiques (awstats.pl)</span><span class="w"></span>
<span class="n">DirCgi</span><span class="o">=</span><span class="s2">"/awstats"</span><span class="w"></span>
<span class="c1"># ...</span><span class="w"></span>
<span class="n">DirIcons</span><span class="o">=</span><span class="s2">"/awstats/icon"</span><span class="w"></span>
<span class="c1"># Awstats peut proposer de mettre à jour en direct les statistiques via un bouton.</span><span class="w"></span>
<span class="c1"># C'est risqué, donc on désactive</span><span class="w"></span>
<span class="n">EnableLockForUpdate</span><span class="o">=</span><span class="mi">1</span><span class="w"></span>
<span class="c1"># Je préfère générer la page web en XHTML plutôt qu'en HTML</span><span class="w"></span>
<span class="n">BuildReportFormat</span><span class="o">=</span><span class="n">xhtml</span><span class="w"></span>
<span class="c1"># C'est toujours bien les sauvegardes :)</span><span class="w"></span>
<span class="n">KeepBackupOfHistoricFiles</span><span class="o">=</span><span class="mi">1</span><span class="w"></span>
<span class="c1"># Page d'index par défaut</span><span class="w"></span>
<span class="n">DefaultFile</span><span class="o">=</span><span class="s2">"index.html index.php"</span><span class="w"></span>
<span class="c1"># On peut s'exclure des visites : si on est en IP fixe, mieux vaut exclure son IP</span><span class="w"></span>
<span class="c1"># ainsi que celle du serveur et la boucle locale</span><span class="w"></span>
<span class="n">SkipHosts</span><span class="o">=</span><span class="s2">"127.0.0.1 188.40.96.170"</span><span class="w"></span>
<span class="c1"># Ici j'exclue des statistiques le panneau d'admin de Dotclear, le répertoire des thèmes et quelques fichiers</span><span class="w"></span>
<span class="c1"># en rapport avec un plugin</span><span class="w"></span>
<span class="n">SkipFiles</span><span class="o">=</span><span class="s2">"REGEX[^</span><span class="se">\\</span><span class="s2">/admin] REGEX[^</span><span class="se">\\</span><span class="s2">/awstats] REGEX[^</span><span class="se">\\</span><span class="s2">/themes] /?pf=partager2/img/delicious.png /?pf=partager2/img/digg.png /?pf=partager2/img/yahoomyweb.png /?pf=partager2/img/wikio.gif /?pf=partager2/img/sprite_partager2.png"</span><span class="w"></span>
<span class="c1"># Si vous avez des URL de type http://monsite.com/kikoo.php?variable=valeur</span><span class="w"></span>
<span class="c1"># vous pouvez différencier les requêtes selon ce que vaut "valeur"</span><span class="w"></span>
<span class="c1"># Mieux vaut faire de même pour votre referrer ;)</span><span class="w"></span>
<span class="n">URLWithQuery</span><span class="o">=</span><span class="mi">1</span><span class="w"></span>
<span class="n">URLWithQueryWithoutFollowingParameters</span><span class="o">=</span><span class="s2">"PHPSESSID jsessionid"</span><span class="w"></span>
<span class="n">URLReferrerWithQuery</span><span class="o">=</span><span class="mi">1</span><span class="w"></span>
<span class="c1"># Je suis un peu parano sur les bord, je cherche à voir si des vers tentent d'accéder à mon site</span><span class="w"></span>
<span class="n">LevelForWormsDetection</span><span class="o">=</span><span class="mi">2</span><span class="w"></span>
<span class="c1"># Awstats affiche le top 10, sauf si on va dans le détail, où il affiche le top 1000 par défaut</span><span class="w"></span>
<span class="c1"># Moi j'en veux encore plus ! (mais la page est plus longue à charger)</span><span class="w"></span>
<span class="n">MaxRowsInHTMLOutput</span><span class="o">=</span><span class="mi">2000</span><span class="w"></span>
<span class="c1"># Je force la langue en Français, mais vous n'êtes pas obligé d'en faire autant</span><span class="w"></span>
<span class="n">Lang</span><span class="o">=</span><span class="s2">"fr"</span><span class="w"></span>
<span class="c1"># J'affiche les stats sur les vilains vers qui polluent le Net</span><span class="w"></span>
<span class="n">ShowWormsStats</span><span class="o">=</span><span class="n">HBL</span><span class="w"></span>
</code></pre></div>
<h2>Génération des statistiques de visites</h2>
<p>Pour lancer la génération des statistiques, la commande est la suivante :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">perl</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">awstats</span><span class="p">.</span><span class="n">pl</span><span class="w"> </span><span class="c1">--config=blog.anotherhomepage.org --update</span>
</code></pre></div>
<h2>Affichage des statistiques de visites**Par défaut, la configuration suivante existe pour Apache :</h2>
<div class="highlight"><pre><span></span><code>root@vhost:~# cat /usr/pkg/etc/httpd/conf.d/awstats.conf
Alias /awstats/icon/ /usr/pkg/awstats/icon/
Alias /awstats/css/ /usr/pkg/awstats/css/
Alias /awstats/js/ /usr/pkg/awstats/js/
Alias /awstats/ /usr/pkg/awstats/cgi-bin/
<span class="nt"><Location</span> <span class="err">/awstats</span><span class="nt">/></span>
DirectoryIndex awstats.pl
Options ExecCGI FollowSymLinks
AddHandler cgi-script .pl
AddHandler cgi-script .cgi
order allow,deny
allow from all
<span class="nt"></Location></span>
</code></pre></div>
<p>Sous NetBSD, les fichiers .conf présents dans <em>/usr/pkg/etc/httpd/conf.d/</em> sont automatiquement inclus dans votre configuration, ce qui ajoute un certain confort. A noter que de cette manière, vos statistiques sont accessibles au monde entier ! Vous pouvez utiliser un fichier htaccess ou les directives Allow avec votre IP si vous êtes en IP fixe pour restreindre l'accès aux statistiques.</p>
<h2>Automatisation, multiplication et gestion de la rotation des logs</h2>
<p>Tout ça c'est bien, mais une fois qu'on a 2-3 sites internet qui tournent, on ne va pas se connecter chaque jour sur notre serveur pour lancer une mise à jour par site. Il est possible de remédier à cela grâce à un utilitaire fourni avec Awstats : awstats_updateall.pl permet de mettre à jour tous les sites configurés en une seule commande ! En utilisation dans une crontab, tout est automatisé :) Exemple :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">crontab</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">i</span><span class="w"> </span><span class="n">awstats</span><span class="w"></span>
<span class="err">#</span><span class="w"> </span><span class="n">Awstats</span><span class="w"> </span><span class="err">:</span><span class="w"></span>
<span class="mi">10</span><span class="w"> </span><span class="mi">0</span><span class="o">-</span><span class="mi">23</span><span class="o">/</span><span class="mi">4</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">perl</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">awstats_updateall</span><span class="p">.</span><span class="n">pl</span><span class="w"> </span><span class="n">now</span><span class="w"> </span><span class="o">-</span><span class="n">awstatsprog</span><span class="o">=/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">cgi</span><span class="o">-</span><span class="n">bin</span><span class="o">/</span><span class="n">awstats</span><span class="p">.</span><span class="n">pl</span><span class="w"> </span><span class="o">-</span><span class="n">configdir</span><span class="o">=/</span><span class="n">usr</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"></span>
</code></pre></div>
<p>Et voici nos statistiques mises à jour toutes les quatre heures, à la dixième minute (00h10, 4h10, 8h10...)</p>
<p>Si vous effectuez une rotation de vos logs avec <a href="https://fedorahosted.org/logrotate/">logrotate</a>, le plus intelligent est encore d'ajouter votre mise à jour de statistiques dans la configuration de logrotate, comme le détaille <a href="http://awstats.sourceforge.net/docs/awstats_faq.html#ROTATE">la FAQ d'Awstats</a>.</p>
<h2>Au prochain épisode...</h2>
<p>Cette configuration basique et fonctionnelle permet d'avoir des statistiques intéressantes, mais nous pouvons aller plus loin, comme par exemple avec la géolocalisation d'adresses IP et l'utilisation d'autres plugins, et même aller jusqu'à créer nos propres filtres pour avoir des statistiques sur certaines parties du site par exemple.</p>
<h2>Commentaires</h2>
<h3>Le 16/02/2011 11:49 par <a href="http://www.evazone.fr">M@T D.</a></h3>
<p>"Autre détail qui a son importance : Awstats se base sur les fichiers de log de votre serveur, il n'est donc pas à ma connaissance compatible avec les hébergements mutualisés" > Oui et non... Mutualisé au sens strict, avec un prestataire qui te fourni l'espace web (et donc pas d'accès sur admin sur la machine), je suis d'accord.</p>
<p>Mais si c'est un serveur que tu administres, rien ne t'empêche de splitter les fichiers de logs Apache (access et error) pour chaque VirtualHost, de créer plusieurs fichiers de conf awstat, et d'ordonnancer plusieurs tâches Cron pour obtenir des stats propres à chaque site.</p>
<p>;-)</p>
<h3>Le 16/02/2011 19:48 par Nils</h3>
<p>Je n'ai jamais vu de prestataire fournir un hébergement mutualisé où tu peux administrer ton serveur. En général quand tu as un accès administrateur à l'OS, tu es sois sur du VPS (Virtual Private Server), soit sur du RPS (Real Private Server, qui a juste de l'espace disque sur un SAN), soit un véritable serveur dédié. Et pour moi il s'agit d'une question de bon sens de séparer l'access_log de l'error_log et bien entendu d'avoir un couple de log par virtual host.</p>
<p>Pourquoi ordonnancer plusieurs tâches cron quand on a awstats_updateall.pl comme je l'ai indiqué ?</p>
<h3>Le 22/02/2011 13:50 par <a href="http://www.evazone.fr">M@T D.</a></h3>
<p>Si je te dis que je considère que je fais de l'hébergement mutualisé chez moi... Tu comprends mieux mon point de vu ?
Au sens, strict du terme, je suis tout à fait d'accord avec toi ;-)</p>
<p>Sinon, j'avais pas vu la partie sur awstats_updateall.pl... Effectivement, très pratique.</p>Reconstruction d'un RAID 1 logiciel sous Linux2010-09-01T11:42:00+02:002010-09-01T11:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2010-09-01:/post/2010/09/01/Reconstruction-d-un-RAID-1-logiciel-sous-Linux/<p>Depuis maintenant plus d'un an, lors de l'achat de ma machine actuelle de bureau, j'ai décidé de configurer mes disques durs en <a href="http://fr.wikipedia.org/wiki/RAID_%28informatique%29#RAID_1_:_Disques_en_miroir">RAID 1</a>. Cela n'évite pas d'avoir un besoin de sauvegarde, mais ça aide beaucoup au niveau de la conscience. Et c'est quand l'un des disques ralentit tout le …</p><p>Depuis maintenant plus d'un an, lors de l'achat de ma machine actuelle de bureau, j'ai décidé de configurer mes disques durs en <a href="http://fr.wikipedia.org/wiki/RAID_%28informatique%29#RAID_1_:_Disques_en_miroir">RAID 1</a>. Cela n'évite pas d'avoir un besoin de sauvegarde, mais ça aide beaucoup au niveau de la conscience. Et c'est quand l'un des disques ralentit tout le système, et émet un "clac" bien sonore à chaque écriture qu'on se dit que bon, c'était vraiment une bonne idée, le RAID.</p>
<p>Donc, on retire le disque, l'OS couine un peu et envoie des mails parce que mon raid est dégradé. Et ensuite, on court acheter un disque dur. J'ai choisi d'acheter le même modèle que le défectueux, et de même capacité. Je rebranche le nouveau disque dans la machine à la place de l'ancien, je démarre, reçois à nouveau un mail...</p>
<p>Et ensuite? Il faut recréer les partitions, et les ajouter au raid pour que la reconstruction se fasse. Pour une raison que j'ignore, lors de l'installation, <a href="http://fedoraproject.org/">Fedora 12</a> n'a pas alloué un nombre entiers de cylindres à mes partitions (je suis depuis passé à la 13). Du coup, tenter de recréer les partitions est une véritable galère... Je pense l'espace d'un instant à cloner mon disque avec dd. Le problème, c'est que les disques durs ayant une capacité d'un téra-octet, je ne suis pas couché.</p>
<p>La solution vient de chez <a href="https://support.ikoula.com/index.php?mod_id=2&id=1997&kb_rating=yes">Ikoula</a>, et consiste à utiliser <a href="http://www.delafond.org/traducmanfr/man/man8/sfdisk.8.html">sfdisk</a> pour reproduire la table des partitions, et ensuite ajouter les partitions au RAID. Petite différence toutefois, il m'a fallu réclamer à sfdisk de forcer l'écriture de la table, sans doute à cause de cette histoire de cylindres :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@bloodhoof ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">sfdisk</span><span class="w"> </span><span class="c1">--dump /dev/sda | sfdisk --force /dev/sdb </span>
</code></pre></div>
<p>Je dispose de deux arrays RAID, donc pour les reconstruire :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@bloodhoof ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">mdadm</span><span class="w"> </span><span class="o">--</span><span class="n">manage</span><span class="w"> </span><span class="o">--</span><span class="k">add</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">md0</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">sdb1</span><span class="w"></span>
<span class="o">[</span><span class="n">root@bloodhoof ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">mdadm</span><span class="w"> </span><span class="c1">--manage --add /dev/md1 /dev/sdb3 </span>
</code></pre></div>
<p>Trois heures plus tard, le RAID est reconstruit ! Je peux à nouveau dormir tranquille.</p>
<h2>Commentaires</h2>
<h3>Le 01/09/2010 14:00 par <a href="http://www.evazone.fr">M@T D.</a></h3>
<p>C'est en parti pour ça que je suis passé d'un serveur home made (Debian) à un
NAS QNAP...</p>
<p>Car même en ayant fait des essais de panne fictive, dans l'urgence d'un disque HS sur mon RAID5, je n'aurais pas supporté de galérer pour trouver la solution qui va bien (avec la crainte de tout effacer dans une manip' foireuse).</p>
<p>Bref, j'ai perdu un degré non négligeable de liberté avec mon NAS, mais pour ce genre de problématique... C'est du clicodrome, et même encore plus simple avec le pilotage par l'écran LCD.</p>
<p>;-)</p>
<h3>Le 01/09/2010 17:10 par Nils</h3>
<p>A mon sens ça n'a pas été si galère que ça, si je n'avais pas trouvé la solution à base de sfdisk j'aurais cloné le disque avec dd. Resynchroniser le RAID c'est deux commandes (une par array) triviales. Niveau clickodrôme, il y a un outil qui me semblait pouvoir le faire dans Fedora mais j'avoue que j'avais beaucoup moins de craintes avec mdadm.</p>Saines lectures pour l'été2010-07-26T16:24:00+02:002010-07-26T16:24:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2010-07-26:/post/2010/07/26/Saines-lectures-pour-l-été/<p>C'est l'été ! Parfois il est bon d'arrêter deux minutes les manipulations sur nos machines, d'aller faire un tour dans un espace vert ou à la plage, et de sortir un livre... sur nos sujet favoris, bien sûr !</p>
<p>Voici donc, en vrac, quelques pages web, livres, documentations, gratuits ou non, qui …</p><p>C'est l'été ! Parfois il est bon d'arrêter deux minutes les manipulations sur nos machines, d'aller faire un tour dans un espace vert ou à la plage, et de sortir un livre... sur nos sujet favoris, bien sûr !</p>
<p>Voici donc, en vrac, quelques pages web, livres, documentations, gratuits ou non, qui valent le coup d'être lus, en papier ou sur vos tablettes/netbook/PDA :</p>
<ul>
<li>Disponible en PDF, <a href="http://ftacademy.org/materials/fsm/2">GNU/Linux Advanced Administration</a></li>
<li><a href="http://www.haypocalc.com/wiki/Bash">Apprendre Bash</a>, cela fait partie de mes marque-pages quand j'ai un trou de mémoire au milieu d'un script</li>
<li><a href="http://www.gnulinuxmag.com/">Linux Magazine</a>, l'incontournable ! A noter que le hors-série de cet été étant consacré à Python, ceux qui veulent s'y (re)mettre peuvent trouver <a href="http://www.inforef.be/swi/python.htm">un cours Python</a></li>
<li><a href="http://www.debian.org/doc/manuals/securing-debian-howto/securing-debian-howto.fr.pdf">Le manuel de sécurisation de Debian</a>, merci <a href="http://forums.quebecos.com/showthread.php?tid=5519">QuébecOS</a> !</li>
<li>Quand c'est accessible, une belle collection d'astuces en PDF chez <a href="http://www.cyberciti.biz/tips/nixcraft-faq-pdf-collection-now-available-to-all.html">NixCraft</a></li>
<li>Depuis le début de l'année, <a href="http://bsdmag.org/">BSD Magazine</a> est disponible gratuitement sous forme de fichier PDF : <a href="http://bsdmag.org/magazine/1267-openbsd">le numéro de Juillet</a> se concentre sur OpenBSD, avec en particulier un article sur la création de firewall avec <a href="http://www.openbsd.org/faq/pf/fr/index.html">PF</a> et <a href="http://www.fwbuilder.org/">Firewall Builder</a></li>
</ul>
<p>Bonnes vacances pour ceux qui y sont !</p>Dédé le clown et son copain le live-cd2010-05-25T16:30:00+02:002010-05-25T16:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2010-05-25:/post/2010/05/25/Dédé-et-son-copain-le-live-cd/<p>C'est l'histoire de Dédé le clown, ou plutôt de <a href="http://fr.wikipedia.org/wiki/Dd_%28Unix%29">dd</a> le clone, qui rend bien service lorsqu'on a des sueurs froides... Mais qu'est-ce que dd ? Depuis la page de manuel, on peut lire : "convert and copy a file". C'est tellement simple qu'on se dit que ce n'est pas très puissant …</p><p>C'est l'histoire de Dédé le clown, ou plutôt de <a href="http://fr.wikipedia.org/wiki/Dd_%28Unix%29">dd</a> le clone, qui rend bien service lorsqu'on a des sueurs froides... Mais qu'est-ce que dd ? Depuis la page de manuel, on peut lire : "convert and copy a file". C'est tellement simple qu'on se dit que ce n'est pas très puissant, mais on se met à créer des fichiers d'image disque, ou cloner des disques durs entiers, on comprend que parfois les énoncés les plus court peuvent être très complet ! La page wikipédia de dd en Français contient quelques exemples utiles, mais <a href="http://en.wikipedia.org/wiki/Dd_%28Unix%29">la page anglophone</a> en contient encore plus !</p>
<p>Imaginons maintenant la situation : vous possédez deux machines, identiques. Vous installez la première et désirez installer la seconde à l'identique, il suffit de cloner le disque dur à l'aide de dd et de copier votre clone, toujours à l'aide de dd, sur la seconde machine. Une autre situation, que je ne vous souhaite pas : vous disposez de deux machines identiques toujours, mais l'OS de l'une d'entre elles se trouve endommagés (imaginez par exemple, 3/4 des fichiers de /boot disparus, idem dans /lib et à quelques autres endroits). Ajoutons à cela là contrainte que vous ne pouvez pas éteindre la machine encore en marche, et que le temps presse. Pas besoin de chercher deux heures un outil de clonage, il est installé sur votre linux adoré : dd. Récupérons un disque dur USB dont la capacité excède celle du disque local. Voici comment on clone le disque dur :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@machinequimarche ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">dd</span><span class="w"> </span><span class="n">bs</span><span class="o">=</span><span class="mi">1</span><span class="n">M</span><span class="w"> </span><span class="k">if</span><span class="o">=/</span><span class="n">dev</span><span class="o">/</span><span class="n">sda</span><span class="w"> </span><span class="k">of</span><span class="o">=/</span><span class="n">media</span><span class="o">/</span><span class="n">usb</span><span class="o">/</span><span class="n">machine1</span><span class="p">.</span><span class="n">img</span><span class="w"></span>
</code></pre></div>
<p>Je pars du principe que le disque dur s'appelle /dev/sda et que le disque USB est monté sous /media/usb/, mais cela peut différer selon la situation de chacun. On notera que l'option "bs=1M" (copier par blocs de 1 Méga-octet) rend la copie plus rapide. J'aurais bien tenté des blocs encore plus grands mais la copie s'est avérée déjà bien rapide.</p>
<p>Une fois la copie terminée (environ une bonne heure pour 70Go de disque, sachant qu'il y avait du raid 1 matériel sur du SCSI 10000 tours...), reste à se rendre devant la deuxième machine, de démarrer celle-ci sur un live-cd contenant lui aussi dd (n'importe quel live-cd de distriubtion Linux devrait l'avoir), et copier dans l'autre sens :</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">root@machinequimarchepas ~</span><span class="o">]</span><span class="err">#</span><span class="w"> </span><span class="n">dd</span><span class="w"> </span><span class="n">bs</span><span class="o">=</span><span class="mi">1</span><span class="n">M</span><span class="w"> </span><span class="k">if</span><span class="o">=/</span><span class="n">media</span><span class="o">/</span><span class="n">usb</span><span class="o">/</span><span class="n">machine1</span><span class="p">.</span><span class="n">img</span><span class="w"> </span><span class="k">of</span><span class="o">=/</span><span class="n">dev</span><span class="o">/</span><span class="n">sda</span><span class="w"></span>
</code></pre></div>
<p>Bien sûr, on a au préalable monté le disque USB ;) Une fois la copie terminée, le disque démonté, je recommande de monter les partitions du disque local (/dev/sda pour mon cas), et d'aller modifier les noms d'hôte, les adresses IP et autres configurations particulières qu'on pourrait trouver dans /etc, sinon la mise en réseau de la machine risquerait d'être problématique. Dans le cas d'une RHEL/CentOS/Fedora, on pensera à modifier :</p>
<ul>
<li>/etc/hosts</li>
<li>/etc/sysconfig/network</li>
<li>/etc/sysconfig/network-scripts/ifcf-* (selon vos configurations, plusieurs cartes réseau, bonding...)</li>
<li>/etc/sysconfig/iptables-config si vous sauvegardez ici votre firewall, sinon regardez votre script de firewall</li>
</ul>
<p>Autre chose, surtout pour les utilisateurs des distributions sus-cités : le mode rescue n'est disponible que sur le CD1 ou DVD1, mais pas dans le boot.iso ou tout autre média de net-install. Ce mode permet de démarrer sur un système live minimaliste permettant de monter les partitions du système, de monter un disque dur usb (si vous le branchez avant de booter pour du RHEL4), et bien sûr, d'accéder à dd :)</p>Nombre d'occurences d'un champ dans un fichier2010-03-01T12:30:00+01:002010-03-01T12:30:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2010-03-01:/post/2010/03/01/Nombre-d-occurences-d-un-champ-dans-un-fichier/<p>Après la coloration d'un grep pour une histoire de cron, voici un autre cas sympathique : je souhaitais savoir qui faisait le plus de requêtes sur un serveur web (Apache), avec un classement. Un genre de top 5 ou top 10 des plus gros requêteurs de pages sur le dit serveur …</p><p>Après la coloration d'un grep pour une histoire de cron, voici un autre cas sympathique : je souhaitais savoir qui faisait le plus de requêtes sur un serveur web (Apache), avec un classement. Un genre de top 5 ou top 10 des plus gros requêteurs de pages sur le dit serveur, en somme. J'ai cherché du côté de <a href="http://fr.wikipedia.org/wiki/Awk">Awk</a>, qui permet de manipuler à loisir les sorties de programmes et autres fichiers textes.</p>
<p>Comme je ne suis pas très doué en Awk, j'ai demandé à mon moteur de recherche favori (qui n'est plus Goo... d'ailleurs) comment obtenir le nombre d'occurrences d'une chaîne de caractères. La réponse se trouvait <a href="http://www.commentcamarche.net/forum/affich-8588796-awk-nombre-d-occurrences-d-un-mot">là</a>. Par contre pour faire mon top 10, il me fallait ensuite trier la liste obtenue en utilisant le nombre d'occurrences comme critère. Après quelques pipelines et autres awk hasardeux, j'en suis venu à ça :</p>
<div class="highlight"><pre><span></span><code><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$1]++;} END {for (ip in frequencies) printf "%d\\t%s" , frequencies[ip] , ip;}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="o">/</span><span class="n">mon</span><span class="o">/</span><span class="n">fichier</span><span class="o">/</span><span class="n">de</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">apache</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">gr</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">10</span><span class="w"></span>
</code></pre></div>
<p>Grâce à Awk, j'obtiens une sortie avec d'abord le nombre de requêtes, puis l'adresse ip. J'envoie ensuite cette sortie dans sort, dont l'option -g permet de faire des tris sur des nombres et l'option -r permet d'inverser le tri. Pour finir, head me permet de limiter mon classement aux 10 meilleurs. Cette ligne ne me satisfait pas complètement, car j'ai d'abord le nombre de requêtes, puis l'adresse IP. j'aurais aimé trouver une solution élégante mais tout ce que j'ai pu faire c'est invoquer à nouveau awk après le sort. Si quelqu'un a une idée, je suis preneur ;-)</p>
<h2>Commentaires</h2>
<h3>Le 01/03/2010 16:27 par <a href="http://www.sakana.fr/blog/">Stéphane</a></h3>
<p>Hello,</p>
<p>Eh oui, je lis toujours tes billets :-D</p>
<p>Pour le coup d'avoir d'abord l'IP puis le nbr de requêtes, tu peux inverser dans ton printf pour avoir l'affichage désiré, puis trier par le 2e champs avec un sort -gr -k 2,2 (je peux pas tester là, mais ça devrait à peu près coller je crois).</p>
<p>À plus !</p>
<p>Stéphane</p>
<h3>Le 02/03/2010 08:54 par Nils</h3>
<p>Effectivement, c'est bien cela ! La commande complète devient : </p>
<div class="highlight"><pre><span></span><code><span class="n">awk</span><span class="w"> </span><span class="s1">'{frequencies[$1]++;} END {for (ip in frequencies) printf "%s\t%d\n" , ip , frequencies[ip];}'</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="o">/</span><span class="n">mon</span><span class="o">/</span><span class="n">fichier</span><span class="o">/</span><span class="n">de</span><span class="o">/</span><span class="nf">log</span><span class="o">/</span><span class="n">apache</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sort</span><span class="w"> </span><span class="o">-</span><span class="n">gr</span><span class="w"> </span><span class="o">-</span><span class="n">k</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">head</span><span class="w"> </span><span class="o">-</span><span class="mi">10</span><span class="w"></span>
</code></pre></div>
<p>Merci !</p>
<h3>Le 02/03/2010 12:46 par <a href="http://www.sakana.fr/blog/">Stéphane</a></h3>
<p>Bah de rien !</p>
<p>Tiens, une alternative ... Speciale dédicace, Nils :-)</p>
<p>http://www.sakana.fr/blog/2010/03/02/perl-counting-occurences-of-ip-addresses-in-apache-logs/</p>
<p>A+
Stéphane</p>Recherche colorée dans les logs avec perl2010-02-13T12:35:00+01:002010-02-13T12:35:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2010-02-13:/post/2010/02/13/Recherche-colorée-dans-les-logs-avec-perl/<p>Voici un petit one-liner assez sympathique, dont on m'avait parlé dans la semaine et sur lequel <a href="http://www.karlesnine.com/post/2008/05/20/Tail-mais-en-couleur">je suis tombé par hasard</a> en cherchant autre chose. Le principe est d'afficher dans une autre couleur un texte donné dans une recherche, comme par exemple une erreur précise dans un fichier de logs …</p><p>Voici un petit one-liner assez sympathique, dont on m'avait parlé dans la semaine et sur lequel <a href="http://www.karlesnine.com/post/2008/05/20/Tail-mais-en-couleur">je suis tombé par hasard</a> en cherchant autre chose. Le principe est d'afficher dans une autre couleur un texte donné dans une recherche, comme par exemple une erreur précise dans un fichier de logs. Sur une machine j'ai des problèmes avec cron, je l'utilise donc de la manière suivante :</p>
<p><code>root@lolcathost:~# tail -f /var/log/syslog | perl -pe 's/cron/\\e[1;31m$&\\e[0m/ig'</code></p>
<p>On remarque une différence avec le lien indiqué plus haut, j'ai mis "/ig" à la fin au lieu de "/g". Pourquoi? J'avais besoin de faire la recherche sans tenir compte de la casse, et j'ai trouvé l'option suite à une <a href="http://www.mindflip.com/inet/perl/regex.html">rapide recherche</a>. Je devrais vraiment me mettre à perl, ça me semble vraiment efficace et pratique :-)</p>
<p>Pour ceux qui pensent que j'ai fait une faute de frappe dans la recopie du prompt, je leur recommande d'aller voir <a href="http://sam.linuxfr.org/517">ici</a>.</p>
<h2>Commentaires</h2>
<h3>Le 25/04/2010 10:46 par <a href="http://www.karlesnine.com">karles</a></h3>
<p>Plus simple encore "grep --color" met en couleur la chaine recherché. Pour toute la ligne le one-liner en perl reste le plus efficace.</p>
<p>Karles</p>Supprimer ses daily outpout dans NetBSD2010-01-20T23:59:00+01:002010-01-20T23:59:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2010-01-20:/post/2010/01/20/Supprimer-ses-daily-outpout-dans-NetBSD/<p>Il m'arrive d'écrire ailleurs qu'ici. Ma dernière contribution à l'extérieur explique comment supprimer les mails journaliers "daily output" de NetBSD sans pour autant supprimer les envois de mail "security output" envoyés si un problème de sécurité est détecté sur le système. Au lieu de tout recopier, je préfère mettre <a href="http://www.netbsdfr.org/wiki/doku.php?id=tips:dailyoutput">un …</a></p><p>Il m'arrive d'écrire ailleurs qu'ici. Ma dernière contribution à l'extérieur explique comment supprimer les mails journaliers "daily output" de NetBSD sans pour autant supprimer les envois de mail "security output" envoyés si un problème de sécurité est détecté sur le système. Au lieu de tout recopier, je préfère mettre <a href="http://www.netbsdfr.org/wiki/doku.php?id=tips:dailyoutput">un lien</a>.</p>
<p>Bonne lecture !</p>Coloration syntaxique de fichiers de configuration Apache sous Vim2009-11-13T10:35:00+01:002009-11-13T10:35:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2009-11-13:/post/2009/11/13/Coloration-syntaxique-de-fichiers-de-configuration-Apache-sous-Vim/<p>Une petite astuce qui peut s'avérer pratique si comme moi on apprécie beaucoup la coloration syntaxique de Vim. Je scinde mes virtual hosts en plusieurs fichiers de configuration, en général un par domaine. Or, contrairement au reste des fichiers de configuration classiques d'Apache, et des fichiers de configuration d'applications web …</p><p>Une petite astuce qui peut s'avérer pratique si comme moi on apprécie beaucoup la coloration syntaxique de Vim. Je scinde mes virtual hosts en plusieurs fichiers de configuration, en général un par domaine. Or, contrairement au reste des fichiers de configuration classiques d'Apache, et des fichiers de configuration d'applications web (comme phpMyAdmin, Cacti ou Nagios), mes fichiers de virtual hosts ne sont pas colorés. J'ai remarqué que le fichier de configuration Apache de phpMyAdmin sous NetBSD possédait l'en-tête suivante :</p>
<div class="highlight"><pre><span></span><code><span class="o">#</span><span class="w"> </span><span class="p">$</span><span class="nv">NetBSD</span><span class="o">:</span><span class="w"> </span><span class="nv">phpmyadmin</span><span class="o">.</span><span class="nv">conf</span><span class="p">,</span><span class="nv">v</span><span class="w"> </span><span class="mf">1.3</span><span class="w"> </span><span class="mi">2008</span><span class="o">/</span><span class="mi">05</span><span class="o">/</span><span class="mi">03</span><span class="w"> </span><span class="mi">10</span><span class="o">:</span><span class="mi">46</span><span class="o">:</span><span class="mi">28</span><span class="w"> </span><span class="nv">adrianp</span><span class="w"> </span><span class="nv">Exp</span><span class="w"> </span><span class="p">$</span><span class="w"></span>
<span class="o">#</span><span class="w"></span>
<span class="o">#</span><span class="w"> </span><span class="nv">phpmyadmin</span><span class="w"> </span><span class="nv">configuration</span><span class="w"> </span><span class="nv">file</span><span class="w"> </span><span class="nv">fragment</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="nv">Apache</span><span class="w"></span>
</code></pre></div>
<p>J'ai donc ajouté à mon fichier de virtual host l'en-tête suivante :</p>
<div class="highlight"><pre><span></span><code># <span class="nv">Another</span> <span class="nv">Home</span> <span class="nv">Page</span> <span class="nv">configuration</span> <span class="nv">file</span> <span class="nv">fragment</span> <span class="k">for</span> <span class="nv">Apache</span>
</code></pre></div>
<p>Et voici mon fichier tout coloré ! A noter qu'au préalable, j'avais activé la coloration syntaxique. Voici un fichier de configuration basique de Vim pour la coloration syntaxique à enregistrer dans <em>\~/.vimrc</em> :</p>
<div class="highlight"><pre><span></span><code>syntax on
set bg=dark
</code></pre></div>
<p>Si vous utilisez un terminal à fond blanc/clair, remplacez <em>dark</em> par <em>light</em>.</p>Utilisation transparente d'une passerelle SSH2009-11-09T11:56:00+01:002009-11-09T11:56:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2009-11-09:/post/2009/11/09/Utilisation-transparente-d-une-passerelle-SSH/<p>Ou comment rebondir sans même le faire exprès !</p>
<p>J'aime beaucoup OpenSSH. C'est un très bon logiciel, au-delà des capacités de chiffrement ou de son système de transfert de fichiers. Tunnels et commandes automatisées, authentification par clés, tout est bon dans le poisson ! Comme mon billet en 3 étapes m'a semblé …</p><p>Ou comment rebondir sans même le faire exprès !</p>
<p>J'aime beaucoup OpenSSH. C'est un très bon logiciel, au-delà des capacités de chiffrement ou de son système de transfert de fichiers. Tunnels et commandes automatisées, authentification par clés, tout est bon dans le poisson ! Comme mon billet en 3 étapes m'a semblé clair, je continue sur l'organisation énoncé - possibilités - mise en œuvre.</p>
<h2>C'est quoi ton problème ?</h2>
<p>Imaginons une zone réseau (au hasard une <a href="http://fr.wikipedia.org/wiki/Zone_d%C3%A9militaris%C3%A9e">DMZ</a>) dans laquelle il y a une ou plusieurs machines, possédant toutes un serveur OpenSSH. Une seule machine peut accéder à ce réseau, cette "passerelle" servant de rebond pour accéder aux autres serveurs en SSH. Au bout d'un certain nombre de fois, il devient rébarbatif d'avoir à se connecter d'abord à la "passerelle" puis à se connecter au serveur pour y faire les manipulations désirées. Il faudrait automatiser le rebond pour qu'il se fasse tout seul, en quelque sorte.</p>
<h2>Et t'as quoi comme solution ?</h2>
<p>Il en existe plusieurs. Celle que je décris ici est celle qui me convient le mieux, mais peut ne pas vous satisfaire. Ne la considérez donc pas comme LA solution.Le principe est d'utiliser le fichier de configuration "utilisateur" d'OpenSSH (<em>\~/.ssh/config</em>)pour automatiser le rebond via la directive "ProxyCommand". Commençons d'abord par lister les logiciels nécessaires : il nous suffit d'une machine avec un client OpenSSH (disponible sur tous les unix normalement, et sous Windows avec Cygwin), et sur la machine "passerelle", en plus du serveur OpenSSH, il nous faut le client et Netcat. Notez que dans mon cas :</p>
<ul>
<li>le client est sous NetBSD 5.0.1</li>
<li>la passerelle est sous CentOS 5.4</li>
<li>les serveurs accédés sous sous l'un des deux OS mentionnés ci-dessus</li>
<li>j'ai reproduit ce système avec des RHEL 4</li>
</ul>
<p>La commande de l'outil Netcat est "nc", vérifions donc que les commandes sont disponibles, d'abord le client :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@client</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">ssh</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">ssh</span><span class="w"></span>
</code></pre></div>
<p>Et puis la passerelle :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@passerelle</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">ssh</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">ssh</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@passerelle</span><span class="err">:</span><span class="o">~</span><span class="err">#</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">nc</span><span class="w"></span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">nc</span><span class="w"></span>
</code></pre></div>
<p>Le chemin n'est pas forcément le même selon l'OS utilisé, l'important c'est que les outils soient installés.</p>
<h2>On passe à l'action ?</h2>
<p>Rentrons à présent dans le vif du sujet. La configuration ne se fait que depuis la machine cliente, commençons par configurer un accès vers la passerelle. Pour cela, il faut créer un fichier <em>\~/.ssh/config</em>, et l'éditer avec le logiciel qui vous conviendra le mieux : dans mon cas, il s'agit de Vim. N'oublions pas de créer le répertoire .ssh/ s'il n'existe pas :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@client</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="o">~</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@client</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="p">.</span><span class="n">ssh</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@client</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">chmod</span><span class="w"> </span><span class="mi">600</span><span class="w"> </span><span class="p">.</span><span class="n">ssh</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@client</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">cd</span><span class="w"> </span><span class="p">.</span><span class="n">ssh</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@tomb</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">ssh</span><span class="err">$</span><span class="w"> </span><span class="n">touch</span><span class="w"> </span><span class="n">config</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@tomb</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">ssh</span><span class="err">$</span><span class="w"> </span><span class="n">chmod</span><span class="w"> </span><span class="mi">644</span><span class="w"> </span><span class="n">config</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@tomb</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">ssh</span><span class="err">$</span><span class="w"> </span><span class="n">vim</span><span class="w"> </span><span class="n">config</span><span class="w"></span>
</code></pre></div>
<p>Note : les droits sont très importants ! La configuration pour la passerelle est la suivante :</p>
<div class="highlight"><pre><span></span><code>Host passerelle
Hostname lenomouladresseipdelapasserelle
Port 22
Protocol 2
User nils
ProxyCommand none
</code></pre></div>
<p>On remarque que cette configuration n'a pour but que de simplifier les connexions vers la machine passerelle, il devient ainsi aisé de taper <em>ssh passerelle</em> au lieu de <em>ssh nils\@lenomouladresseipdelapasserelle</em> (et le numéro de port si votre serveur OpenSSH n'écoute pas sur le port 22). Passons à la configuration pour accéder au serveur nommé <em>serveurdmz1</em>, qu'on ajoute à la suite du fichier config en cours d'édition :</p>
<div class="highlight"><pre><span></span><code><span class="k">Host</span><span class="w"> </span><span class="n">serveurdmz1</span><span class="w"></span>
<span class="w"> </span><span class="n">Hostname</span><span class="w"> </span><span class="n">lenomouladresseipduserveurdepuislapasserelle</span><span class="w"></span>
<span class="w"> </span><span class="n">Port</span><span class="w"> </span><span class="mi">22</span><span class="w"></span>
<span class="w"> </span><span class="n">Protocol</span><span class="w"> </span><span class="mi">2</span><span class="w"></span>
<span class="w"> </span><span class="k">User</span><span class="w"> </span><span class="n">nils</span><span class="w"></span>
<span class="w"> </span><span class="n">ProxyCommand</span><span class="w"> </span><span class="n">ssh</span><span class="w"> </span><span class="n">nils</span><span class="nv">@passerelle</span><span class="w"> </span><span class="ss">"nc %h %p"</span><span class="w"></span>
</code></pre></div>
<p>On remarque que la directive ProxyCommand utilise directement le nom <em>passerelle</em>, grâce à la configuration précédente. On sauvegarde et on quitte (sous Vi/Vim : Echap puis ZZ). Maintenant on teste le résultat :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@client</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">ssh</span><span class="w"> </span><span class="n">serveurdmz1</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@passerelle</span><span class="s1">'s password:</span>
<span class="s1">nils@serveurdmz1'</span><span class="n">s</span><span class="w"> </span><span class="nl">password</span><span class="p">:</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@serveurdmz1</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"></span>
</code></pre></div>
<p>Ce résultat peut différer légèrement, je ne poste pas les acceptations de clés pour les premières connexions. Il suffit maintenant de répéter le deuxième bloc pour chaque serveur de votre "DMZ".</p>
<h2>Observations et améliorations possibles</h2>
<p>Après ce premier essai, on remarque qu'il y a encore de la place pour l'automatisation, en particulier le mot de passe de la passerelle qui est réclamé. Ceci peut être résolu par l'utilisation de clés de chiffrement, comme l'explique très bien <a href="http://linux-attitude.fr/post/Connexion-sans-mot-de-passe">Peck</a>.</p>
<p>Une autre remarque, si on se connecte à deux, trois serveurs : en tapant la commande <em>who</em> sur la passerelle, on voit qu'on est connecté une fois sur la passerelle pour chaque connexion vers un serveur en DMZ. Par exemple, si j'ai un shell sur la passerelle et un shell sur 3 serveurs en DMZ, la commande <em>who</em> sur la passerelle montrera que l'utilisateur nils est connecté 4 fois ! Cela peut s'avérer gênant pour certains. Pour ceux-là, il est préférable de changer de méthode, et de créer un tunnel socks puis d'utiliser ce tunnel pour accéder aux serveurs en DMZ (via la directive <em>ProxyCommand</em>), ou d'essayer de <a href="http://linux-attitude.fr/post/Un-tien-vaut-mieux-que-deux-connexions">mutualiser les connexions</a>. A noter un inconvénient du tunnel socks : il faut d'abord ouvrir le tunnel (et donc un shell) avant de pouvoir se connecter aux serveurs en DMZ.</p>
<h2>Commentaires</h2>
<h3>Le 19/04/2010 11:23 par Flo</h3>
<p>Bonjour,
Une petite question, que signifie le "nc %h %p" ?</p>
<h3>Le 20/04/2010 14:51 par Nils</h3>
<p>Comme indiqué dans le billet, nc est en fait l'outil Netcat. Les options <code>%hi</code> et <code>%pi</code> ne sont pas des options de Netcat mais de la directive <code>ProxyCommand</code>. Elles permettent de passer les arguments du nom d'hôte et du port de la machine de destination à Netcat. Ce qui fait que lorsque tu tapes <code>ssh serveurdmz1</code>, tu obtiens fonctionnellement le même résultat que <code>ssh nils@passerelle "ssh nils@serveurdmz1"</code>. Pour plus d'informations, on peut se référer à la page de manuel <code>ssh_config</code>.</p>Transfert de fichier simple et sécurisé : sftp en chroot2009-10-04T09:33:00+02:002009-10-04T09:33:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2009-10-04:/post/2009/10/04/Transfert-de-fichier-simple-et-sécurisé-:-sftp-en-chroot/<p>Meurs, FTP, meurs !</p>
<h2>C'est quoi ton problème ?</h2>
<p>Comme beaucoup de gens, pour transférer des fichiers sur un serveur web, j'utilise souvent <a href="http://fr.wikipedia.org/wiki/File_Transfer_Protocol">FTP</a>. Ce protocole possède plusieurs inconvénients :</p>
<ul>
<li>il faut ouvrir plusieurs ports dans le pare-feu, au moins deux (connexion de contrôle et de données)</li>
<li>le mot de passe transite en …</li></ul><p>Meurs, FTP, meurs !</p>
<h2>C'est quoi ton problème ?</h2>
<p>Comme beaucoup de gens, pour transférer des fichiers sur un serveur web, j'utilise souvent <a href="http://fr.wikipedia.org/wiki/File_Transfer_Protocol">FTP</a>. Ce protocole possède plusieurs inconvénients :</p>
<ul>
<li>il faut ouvrir plusieurs ports dans le pare-feu, au moins deux (connexion de contrôle et de données)</li>
<li>le mot de passe transite en clair sur le réseau, et même si on utilise <a href="http://fr.wikipedia.org/wiki/FTPS">FTPS</a>, qui chiffre la partie authentification, tous les clients et serveurs ne le supportent pas ou de manière boguée (voir chez <a href="http://forum.filezilla-project.org/viewtopic.php?f=2&t=7688">FileZilla</a> pour une explication)</li>
<li>les données transitent en clair (mince, le fichier config.php de mon appli avec les codes d'accès à la base de données...)</li>
<li>gestion du NAT catastrophique (du moins avec <a href="http://vsftpd.beasts.org/">Vsftpd</a>)</li>
</ul>
<p>Du coup, je cherche depuis plusieurs mois à éradiquer FTP de mes machines. Ce qui m'intéresse, c'est de pouvoir enfermer les utilisateurs dans une cage, de sorte qu'ils n'aient accès qu'à leurs données et pas à celles des autres, encore moins les autres fichiers et répertoires du serveurs. On appelle ceci un <a href="http://fr.wikipedia.org/wiki/Chroot">chroot</a>. Je faisais déjà ceci avec Vsftpd, j'espérais donc le faire avec la solution de remplacement. D'ailleurs, cette solution de remplacement était déjà toute trouvée : je désirais utiliser le serveur SFTP contenu dans le très bon logiciel <a href="http://www.openssh.com/fr/index.html">OpenSSH</a>. Maintenant, il me fallait réussir à créer des utilisateurs en leur empêchant d'avoir accès au shell, et en les confinant dans un chroot.</p>
<h2>Et t'as quoi comme solution ?</h2>
<p>Pour enlever l'accès au shell, très facile : tout système Unix qui se respecte possède soit un exécutable nommé <em>false</em>, soit un autre nommé <em>nologin</em>. D'ailleurs ce dernier est très simpliste, regardons sur, au hasard, un système NetBSD 5.0.1 :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@tomb</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">cat</span><span class="w"> </span><span class="o">/</span><span class="n">sbin</span><span class="o">/</span><span class="n">nologin</span><span class="w"> </span>
<span class="err">#!</span><span class="w"> </span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">sh</span><span class="w"></span>
<span class="n">echo</span><span class="w"> </span><span class="ss">"This account is currently not available."</span><span class="w"></span>
<span class="k">exit</span><span class="w"> </span><span class="mi">1</span><span class="w"></span>
</code></pre></div>
<p>Il suffit donc de remplacer le shell de l'utilisateur par le chemin vers nologin, et cette question est résolue.</p>
<p>Pour créer et maintenir un chroot, c'est une autre paire de manches. Dans Vsftpd c'était assez simple, et j'espérais trouver aussi simple. De nombreuses pages sur <a href="http://sublimation.org/scponly/wiki/index.php/Main_Page">Scponly</a> ou <a href="http://pizzashack.org/rssh/">rssh</a> expliquent comment faire un chroot pour un utilisateur n'ayant accès qu'à sftp ou scp, mais le jour où il faut mettre à jour l'OS, voire le migrer vers une version majeure plus récente (ou pourquoi pas en changer, comme passer d'un Linux à un BSD ou inversement, ou tout simplement changer de distribution Linux), le chroot doit être maintenu à jour. Et ça, je trouve que c'est totalement contre-productif, en tous cas du point de vue du sysadmin fainéant que nous avons tous en nous ;)</p>
<p>Et là, la lumière est arrivée, par <a href="http://undeadly.org/cgi?action=article&sid=20080220110039">ici</a>. Depuis la version 4.8, OpenSSH permet de créer des chroot, et n'oblige pas à recréer tout un environnement quand il s'agit de sftp. Exactement ce dont j'ai besoin ! Maintenant, reste à savoir quels systèmes disposent d'au moins OpenSSH 4.8.</p>
<p>Une petite liste non-exhaustive des systèmes chanceux :</p>
<ul>
<li>NetBSD 5.0.1</li>
<li>FreeBSD 7.2</li>
<li>Debian Lenny</li>
<li>Mac OS 10.5.8</li>
</ul>
<p>Une autre liste, mais de systèmes moins chanceux :</p>
<ul>
<li>CentOS 3,4,5.X</li>
<li>RHEL 3,4,5.X</li>
<li>Debian Etch</li>
</ul>
<p>Si votre système unix libre (ou pas, d'ailleurs, puisque j'ai listé Mac OS X) comporte OpenSSH, vous pouvez vérifier sa version par :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ssh</span><span class="w"> </span><span class="o">-</span><span class="n">V</span><span class="w"></span>
<span class="n">OpenSSH_5</span><span class="mf">.1</span><span class="n">p1</span><span class="p">,</span><span class="w"> </span><span class="n">OpenSSL</span><span class="w"> </span><span class="mf">0.9.7</span><span class="n">l</span><span class="w"> </span><span class="mi">28</span><span class="w"> </span><span class="n">Sep</span><span class="w"> </span><span class="mi">2006</span><span class="w"></span>
</code></pre></div>
<p>(exemple pris sur un mac) En utilisant sshd au lieu de ssh, ça sera sans doute plus représentatif, mais l'option -V n'existe pas sur le serveur. La réponse retournée donnera quand même la version. Exemple, toujours sur le même mac :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">sshd</span><span class="w"> </span><span class="o">-</span><span class="n">V</span><span class="w"></span>
<span class="nl">sshd</span><span class="p">:</span><span class="w"> </span><span class="n">illegal</span><span class="w"> </span><span class="k">option</span><span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="n">V</span><span class="w"></span>
<span class="n">OpenSSH_5</span><span class="mf">.1</span><span class="n">p1</span><span class="p">,</span><span class="w"> </span><span class="n">OpenSSL</span><span class="w"> </span><span class="mf">0.9.7</span><span class="n">l</span><span class="w"> </span><span class="mi">28</span><span class="w"> </span><span class="n">Sep</span><span class="w"> </span><span class="mi">2006</span><span class="w"></span>
<span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">sshd</span><span class="w"> </span><span class="o">[</span><span class="n">-46DdeiqTt</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-b bits</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-C connection_spec</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-f config_file</span><span class="o">]</span><span class="w"></span>
<span class="w"> </span><span class="o">[</span><span class="n">-g login_grace_time</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-h host_key_file</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-k key_gen_time</span><span class="o">]</span><span class="w"></span>
<span class="w"> </span><span class="o">[</span><span class="n">-o option</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-p port</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">-u len</span><span class="o">]</span><span class="w"></span>
</code></pre></div>
<p>Si votre système ne possède pas un OpenSSH assez récent, plusieurs possibilités s'offrent à nous :</p>
<ul>
<li>changer de système</li>
<li>mettre à jour vers la dernière version majeure si celle-ci possède une version assez récente</li>
<li>installer sa propre version d'OpenSSH ou récupérer le paquet qu'aurait fait quelqu'un de généreux</li>
</ul>
<p>La dernière solution est assez documentée pour CentOS et RHEL, pour faire ses propres RPM, mais j'ai décidé de ne pas la suivre, car cela pose le problème des mises à jour : de la même manière que maintenir un chroot ne me satisfait pas, passer mon temps à guetter les nouvelles versions d'OpenSSH pour compiler un paquet ne me plait pas plus. La deuxième solution s'avère sans doute la moins gênante selon les applications en production. De mon côté, j'ai choisi la première : migration de serveur dédié oblige, j'en ai profité pour élargir mes horizons dans le monde des unix libres et depuis quelques mois, ce blog tourne sous NetBSD. C'est donc avec cet OS que je vais décrire la manipulation de création de chroot.</p>
<h2>On passe à l'action ?</h2>
<p>Je pars du principe dorénavant que nous avons un système avec un OpenSSH 4.8 ou supérieur, que le serveur sshd est activé, que nous avons deux utilisateurs : root, et notre utilisateur habituel avec lequel nous faisons tout ce qui n'a pas besoin d'être fait en root. Le but est d'avoir un ou plusieurs utilisateurs supplémentaires, enfermés dans un répertoire défini, sans shell, et pouvant accéder à ce réperoire en sftp. On pourra, en supplément, faire en sorte que l'utilisateur accède à son compte sftp avec une clé (et éventuellement une phrase de passe) plutôt qu'un mot de passe.</p>
<p>Cela va se faire en modifiant dans un premier temps le fichier de configuration <em>/etc/ssh/sshd_config</em> (en tant que root, et le chemin peut varier selon le système). Cherchons la ligne contenant <em>sftp-server</em>, pour NetBSD elle ressemble à ceci :</p>
<div class="highlight"><pre><span></span><code>Subsystem sftp /usr/libexec/sftp-server
</code></pre></div>
<p>On constate que le serveur sftp est un programme externe. Nous allons le remplacer par le sous-système sftp de sshd :</p>
<div class="highlight"><pre><span></span><code>Subsystem sftp internal-sftp
</code></pre></div>
<p>J'ai donc remplacé <em>/usr/libexec/sftp-server</em> par <em>internal-sftp</em>. Allons ensuite à la fin du fichier, et ajoutons les directives suivantes :</p>
<div class="highlight"><pre><span></span><code>Match Group wwwusers
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
</code></pre></div>
<p>Cela signifie que pour les utilisateurs du groupe <em>wwwusers</em>, je les emprisonne dans leur répertoire home, je les oblige à utiliser le sftp interne, et je les empêche d'utiliser les différentes techniques de forwarding habituellement à disposition avec sshd. j'aurais pu les chrooter ailleurs, d'autres sites indiquent par exemple <em>/chroot/%u</em>, où <em>%u</em> désigne le nom de l'utilisateur. Une fois ces modifications effectuées, il ne reste qu'à redémarrer le serveur ssh et à créer le groupe et les utilisateurs.</p>
<p>Petit aparté concernant NetBSD 5.01 : j'ai remarqué un bug sur cette version, qui doit aussi être présent dans la 5.0; il ne faut surtout rien ajouter au fichier de configuration <em>/etc/ssh/sshd_config</em> après cette directive, pas même un commentaire ! Si cela venait à arriver, la directive que nous venons d'ajouter serait tout simplement ignorée.</p>
<p>Créons le groupe :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#groupadd</span><span class="w"> </span><span class="n">wwwusers</span><span class="w"></span>
</code></pre></div>
<p>Créons ensuite un utilisateur nommé test :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#useradd</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="o">-</span><span class="n">g</span><span class="w"> </span><span class="n">wwwusers</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="o">/</span><span class="n">sbin</span><span class="o">/</span><span class="n">nologin</span><span class="w"> </span><span class="n">test</span><span class="w"></span>
</code></pre></div>
<p>Attribuons un mot de passe à cet utilisateur :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#passwd</span><span class="w"> </span><span class="n">test</span><span class="w"></span>
<span class="n">Changing</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">test</span><span class="p">.</span><span class="w"></span>
<span class="k">New</span><span class="w"> </span><span class="nl">Password</span><span class="p">:</span><span class="w"></span>
<span class="n">Retype</span><span class="w"> </span><span class="k">New</span><span class="w"> </span><span class="nl">Password</span><span class="p">:</span><span class="w"></span>
</code></pre></div>
<p>(le mot de passe est tapé en aveugle, bien entendu). Ensuite, assurons-nous que le répertoire home de l'utilisateur appartient non pas à l'utilisateur mais à root, avec des permissions en 755. Si ce n'est pas le cas, on y remédie de cette manière :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#chown</span><span class="w"> </span><span class="nl">root</span><span class="p">:</span><span class="n">wheel</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"></span>
<span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#chmod</span><span class="w"> </span><span class="mi">755</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"></span>
</code></pre></div>
<p>On notera que pour les OS Linux, on indique <em>root:root</em> par rapport à NetBSD qui n'a pas de groupe <em>root</em> mais un groupe <em>wheel</em>. A ne pas oublier aussi, seul <em>/home/test</em> appartient à root, pas les fichiers et répertoires à l'intérieur (i.e. pas de chmod/chown -R)</p>
<p>Depuis une autre machine, vérifions que nous pouvons nous connecter en sftp :</p>
<div class="highlight"><pre><span></span><code><span class="n">sftp</span><span class="w"> </span><span class="n">test</span><span class="nv">@vhost</span><span class="w"></span>
<span class="n">Connecting</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">vhost</span><span class="p">...</span><span class="w"></span>
<span class="nl">Password</span><span class="p">:</span><span class="w"></span>
<span class="n">sftp</span><span class="o">></span><span class="w"> </span><span class="n">ls</span><span class="w"></span>
<span class="n">sftp</span><span class="o">></span><span class="w"> </span><span class="n">pwd</span><span class="w"></span>
<span class="n">Remote</span><span class="w"> </span><span class="n">working</span><span class="w"> </span><span class="nl">directory</span><span class="p">:</span><span class="w"> </span><span class="o">/</span><span class="w"></span>
</code></pre></div>
<p>Ici, on remarque que je me suis déjà connecté à cette machine avant, puisqu'on ne me réclame pas d'accepter de clé. On remarque aussi qu'on est directement dans le répertoire / et qu'il n'y a rien, la commande <em>pwd</em> indique <em>/</em> et pas <em>/home/test</em>. Si on crée dans ce répertoire un deuxième <em>/home/test</em>, sftp nous y emmènera directement dedans. De plus, on note qu'on ne peut pas créer ou ajouter de répertoire/fichier (normal, le répertoire appartient à root). Créons donc, sur le serveur, le second “home” de l'utilisateur :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#cd</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"></span>
<span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"></span>
<span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">chown</span><span class="w"> </span><span class="o">-</span><span class="n">R</span><span class="w"> </span><span class="nl">test</span><span class="p">:</span><span class="n">wwwusers</span><span class="w"> </span><span class="n">home</span><span class="w"></span>
<span class="n">root</span><span class="nv">@vhost</span><span class="err">:</span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">chmod</span><span class="w"> </span><span class="mi">755</span><span class="w"> </span><span class="n">home</span><span class="w"></span>
</code></pre></div>
<p>Reconnectons-nous à notre serveur sftp :</p>
<div class="highlight"><pre><span></span><code><span class="n">sftp</span><span class="w"> </span><span class="n">test</span><span class="nv">@vhost</span><span class="w"></span>
<span class="n">Connecting</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">vhost</span><span class="p">...</span><span class="w"></span>
<span class="nl">Password</span><span class="p">:</span><span class="w"></span>
<span class="n">sftp</span><span class="o">></span><span class="w"> </span><span class="n">ls</span><span class="w"></span>
<span class="n">sftp</span><span class="o">></span><span class="w"> </span><span class="n">pwd</span><span class="w"></span>
<span class="n">Remote</span><span class="w"> </span><span class="n">working</span><span class="w"> </span><span class="nl">directory</span><span class="p">:</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">test</span><span class="o">/</span><span class="w"></span>
</code></pre></div>
<p>Je peux maintenant créer des répertoires, envoyer des fichiers, en rapatrier d'autres. Mission accomplie !</p>Deux sites pour bien commencer l'année2009-01-30T13:44:00+01:002009-01-30T13:44:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2009-01-30:/post/2009/01/30/Deux-sites-pour-bien-commencer-l-année/<p>Oui, ce blog vit encore :-)</p>
<p>Je commence l'année 2009 en douceur, histoire de ne pas me faire mal aux doigts sur le clavier.Ca ne m'empêche pas de faire quelques bricolages que j'aimerais bientôt relater dans ces pages. Et donc, durant quelques recherches, je suis tombé sur un site assez …</p><p>Oui, ce blog vit encore :-)</p>
<p>Je commence l'année 2009 en douceur, histoire de ne pas me faire mal aux doigts sur le clavier.Ca ne m'empêche pas de faire quelques bricolages que j'aimerais bientôt relater dans ces pages. Et donc, durant quelques recherches, je suis tombé sur un site assez sympathique : <a href="https://calomel.org/">Calomel.org</a>. Il y a pas mal de choses intéressantes, les titres font baver : "DNS Spoof "how to", "Network Speed and Performance Guide". Bref, que du bonheur :-)</p>
<p>Un autre site qui n'est pas nouveau, mais qui change d'adresse et fait peau neuve : <a href="http://irp.nain-t.net/doku.php">L'internet rapide et permanent</a>.</p>
<h2>Commentaires</h2>
<h3>Le 31/01/2009 13:10 par <a href="http://www.sakana.fr/blog/">Stephane</a></h3>
<p>Hello,</p>
<p>J'avais pas vu que t'avais changé de thème ... j'aime bien !!</p>
<p>Stéphane</p>Pourquoi faire simple quand on peut faire compliqué?2008-11-26T19:35:00+01:002008-11-26T19:35:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-11-26:/post/2008/11/26/Pourquoi-faire-simple-quand-on-peut-faire-compliqué/<p>Dans pas mal de tutoriaux <a href="http://awstats.sourceforge.net/">Awstats</a>, on parle de la possibilité de d'exécuter la commande de mise à jour dans une crontab.On a par exemple :</p>
<div class="highlight"><pre><span></span><code><span class="mf">0</span><span class="w"> </span><span class="mf">0</span><span class="o">-</span><span class="mf">23</span><span class="o">/</span><span class="mf">2</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">perl</span><span class="w"> </span><span class="o">/</span><span class="n">var</span><span class="o">/</span><span class="n">www</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">awstats</span><span class="mf">.</span><span class="n">pl</span><span class="w"> </span><span class="o">-</span><span class="n">config</span><span class="o">=</span><span class="n">blog</span><span class="mf">.</span><span class="n">anotherhomepage</span><span class="mf">.</span><span class="ow">or</span><span class="n">g</span><span class="w"> </span><span class="o">-</span><span class="n">update</span><span class="w"></span>
</code></pre></div>
<p>Cet exemple met à jour la base awstats …</p><p>Dans pas mal de tutoriaux <a href="http://awstats.sourceforge.net/">Awstats</a>, on parle de la possibilité de d'exécuter la commande de mise à jour dans une crontab.On a par exemple :</p>
<div class="highlight"><pre><span></span><code><span class="mf">0</span><span class="w"> </span><span class="mf">0</span><span class="o">-</span><span class="mf">23</span><span class="o">/</span><span class="mf">2</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">perl</span><span class="w"> </span><span class="o">/</span><span class="n">var</span><span class="o">/</span><span class="n">www</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">awstats</span><span class="mf">.</span><span class="n">pl</span><span class="w"> </span><span class="o">-</span><span class="n">config</span><span class="o">=</span><span class="n">blog</span><span class="mf">.</span><span class="n">anotherhomepage</span><span class="mf">.</span><span class="ow">or</span><span class="n">g</span><span class="w"> </span><span class="o">-</span><span class="n">update</span><span class="w"></span>
</code></pre></div>
<p>Cet exemple met à jour la base awstats de blog.anotherhomepage.org toutes les deux heures. Quand on a un seul hôte sur son serveur, c'est amplement suffisant. Oui, mais je n'ai pas que le blog. J'ai aussi la section téléchargements, le webmail, le blog de Vlad, de Dinou, et d'autres trucs. Pour le moment, c'est 9 fichiers de configuration Awstats (excepté le modèle) qui doivent être mis à jour régulièrement. Et à chaque nouveau site, c'est une configuration à écrire, et à ajouter dans la crontab.</p>
<p>Alors certes un coup de sed et un copier-coller dans la crontab, c'est pas la mort, mais pourquoi faire les deux quand on peut économiser des lignes dans la crontab? Tout simplement en utilisant awstats_updateall.pl :</p>
<div class="highlight"><pre><span></span><code><span class="o">-----</span><span class="w"> </span><span class="n">awstats_updateall</span><span class="w"> </span><span class="mf">1.0</span><span class="w"> </span><span class="p">(</span><span class="n">build</span><span class="w"> </span><span class="mf">1.15</span><span class="p">)</span><span class="w"> </span><span class="p">(</span><span class="n">c</span><span class="p">)</span><span class="w"> </span><span class="n">Laurent</span><span class="w"> </span><span class="n">Destailleur</span><span class="w"> </span><span class="o">-----</span><span class="w"></span>
<span class="n">awstats_updateall</span><span class="w"> </span><span class="n">launches</span><span class="w"> </span><span class="k">update</span><span class="w"> </span><span class="n">process</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="n">AWStats</span><span class="w"> </span><span class="n">config</span><span class="w"> </span><span class="n">files</span><span class="w"> </span><span class="p">(</span><span class="ow">except</span><span class="w"></span>
<span class="n">awstats</span><span class="p">.</span><span class="n">model</span><span class="p">.</span><span class="n">conf</span><span class="p">)</span><span class="w"> </span><span class="k">found</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">particular</span><span class="w"> </span><span class="n">directory</span><span class="p">,</span><span class="w"> </span><span class="n">so</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="n">easily</span><span class="w"> </span><span class="n">setup</span><span class="w"> </span><span class="n">a</span><span class="w"></span>
<span class="n">cron</span><span class="o">/</span><span class="n">scheduler</span><span class="w"> </span><span class="n">job</span><span class="p">.</span><span class="w"> </span><span class="n">The</span><span class="w"> </span><span class="n">scanned</span><span class="w"> </span><span class="n">directory</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="k">default</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">awstats</span><span class="p">.</span><span class="w"></span>
<span class="k">Usage</span><span class="err">:</span><span class="w"> </span><span class="n">awstats_updateall</span><span class="p">.</span><span class="n">pl</span><span class="w"> </span><span class="n">now</span><span class="w"> </span><span class="o">[</span><span class="n">options</span><span class="o">]</span><span class="w"></span>
<span class="k">Where</span><span class="w"> </span><span class="n">options</span><span class="w"> </span><span class="k">are</span><span class="err">:</span><span class="w"></span>
<span class="w"> </span><span class="o">-</span><span class="n">awstatsprog</span><span class="o">=</span><span class="n">pathtoawstatspl</span><span class="w"></span>
<span class="w"> </span><span class="o">-</span><span class="n">configdir</span><span class="o">=</span><span class="n">directorytoscan</span><span class="w"></span>
<span class="w"> </span><span class="o">-</span><span class="n">excludeconf</span><span class="o">=</span><span class="n">conftoexclude</span><span class="o">[</span><span class="n">,conftoexclude2,...</span><span class="o">]</span><span class="w"> </span><span class="p">(</span><span class="nl">Note</span><span class="p">:</span><span class="w"> </span><span class="n">awstats</span><span class="p">.</span><span class="n">model</span><span class="p">.</span><span class="n">conf</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">always</span><span class="w"> </span><span class="n">excluded</span><span class="p">)</span><span class="w"></span>
</code></pre></div>
<p>Donc, pour transformer 9 lignes de crontab en une, j'ai inséré dans la crontab :</p>
<div class="highlight"><pre><span></span><code><span class="mf">15</span><span class="w"> </span><span class="mf">0</span><span class="o">-</span><span class="mf">23</span><span class="o">/</span><span class="mf">2</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">perl</span><span class="w"> </span><span class="o">/</span><span class="nb">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">awstats_updateall</span><span class="mf">.</span><span class="n">pl</span><span class="w"> </span><span class="n">now</span><span class="w"> </span><span class="o">-</span><span class="n">awstatsprog</span><span class="o">=/</span><span class="n">var</span><span class="o">/</span><span class="n">www</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="n">awstats</span><span class="mf">.</span><span class="n">pl</span><span class="w"> </span><span class="o">-</span><span class="n">configdir</span><span class="o">=/</span><span class="n">etc</span><span class="o">/</span><span class="n">awstats</span><span class="o">/</span><span class="w"></span>
</code></pre></div>
<p>On pensera à remplacer "/usr/bin/awstats_updateall.pl" par la localisation du script, et on fera de même pour "/var/www/awstats/awstats.pl".</p>
<p>Comment ai-je pu faire avant? ;-)</p>
<h2>Commentaires</h2>
<h3>Le 01/12/2008 17:00 par <a href="http://www.evazone.fr">M@T D.</a></h3>
<p>Effectivement... Ca peut-être interessant...</p>
<p>Et sinon, tu n'aurrais pas une commande shell en stock qui permettrai de mettre à jour un vieux AWSTAT d'un coup les yeux fermés ?</p>SSL à l'arrache !2008-07-19T15:42:00+02:002008-07-19T15:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-07-19:/post/2008/07/19/SSL-a-l-arrache/<p>Vite fait, mal fait.</p>
<p>Que ceux qui veulent comprendre aillent sur des pages plus complètes, ici je fais juste une petite récap.Alors genre, on a un serveur sur laquelle on veut mettre du HTTPS ou du FTP-SSL. Pas envie d'avoir un "dummy certificate" et pas envie de passer 2 …</p><p>Vite fait, mal fait.</p>
<p>Que ceux qui veulent comprendre aillent sur des pages plus complètes, ici je fais juste une petite récap.Alors genre, on a un serveur sur laquelle on veut mettre du HTTPS ou du FTP-SSL. Pas envie d'avoir un "dummy certificate" et pas envie de passer 2 heures sur le sujet. Donc on copie-colle, on répond Yes à tout et c'est torché.</p>
<p>D'abord, openssl.cnf. Il se trouve, selon les distributions, quelque part sous <em>/etc</em>. Sur ma CentOS 5, il est dans "/etc/pki/tls". On fait un petit vi dessus, et on met :</p>
<div class="highlight"><pre><span></span><code><span class="nv">dir</span> <span class="o">=</span> <span class="o">/</span><span class="nv">etc</span><span class="o">/</span><span class="nv">pki</span><span class="o">/</span><span class="nv">CA</span> # <span class="nv">Where</span> <span class="nv">everything</span> <span class="nv">is</span> <span class="nv">kept</span>
<span class="nv">certs</span> <span class="o">=</span> <span class="mh">$d</span><span class="nv">ir</span><span class="o">/</span><span class="nv">certs</span> # <span class="nv">Where</span> <span class="nv">the</span> <span class="nv">issued</span> <span class="nv">certs</span> <span class="nv">are</span> <span class="nv">kept</span>
<span class="nv">crl_dir</span> <span class="o">=</span> <span class="mh">$d</span><span class="nv">ir</span><span class="o">/</span><span class="nv">crl</span> # <span class="nv">Where</span> <span class="nv">the</span> <span class="nv">issued</span> <span class="nv">crl</span> <span class="nv">are</span> <span class="nv">kept</span>
<span class="nv">database</span> <span class="o">=</span> <span class="mh">$d</span><span class="nv">ir</span><span class="o">/</span><span class="nv">index</span>.<span class="nv">txt</span> # <span class="nv">database</span> <span class="nv">index</span> <span class="nv">file</span>.
<span class="nv">new_certs_dir</span> <span class="o">=</span> <span class="mh">$d</span><span class="nv">ir</span><span class="o">/</span><span class="nv">newcerts</span> # <span class="nv">default</span> <span class="nv">place</span> <span class="k">for</span> <span class="nv">new</span> <span class="nv">certs</span>.
</code></pre></div>
<p>Un peu plus bas, on modifie la durée de vie du certificat :</p>
<div class="highlight"><pre><span></span><code><span class="nv">default_days</span> <span class="o">=</span> <span class="mi">3650</span> # <span class="nv">how</span> <span class="nv">long</span> <span class="nv">to</span> <span class="nv">certify</span> <span class="k">for</span>
</code></pre></div>
<p>Et pour être encore plus feignasse :</p>
<div class="highlight"><pre><span></span><code><span class="k">[ req_distinguished_name ]</span><span class="w"></span>
<span class="na">countryName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Country Name (2 letter code)</span><span class="w"></span>
<span class="na">countryName_default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">FR</span><span class="w"></span>
<span class="na">countryName_min</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">2</span><span class="w"></span>
<span class="na">countryName_max</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">2</span><span class="w"></span>
<span class="na">stateOrProvinceName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">State or Province Name (full name)</span><span class="w"></span>
<span class="na">stateOrProvinceName_default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Ile de France</span><span class="w"></span>
<span class="na">localityName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Locality Name (eg, city)</span><span class="w"></span>
<span class="na">localityName_default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Paris</span><span class="w"></span>
<span class="na">0.organizationName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Organization Name (eg, company)</span><span class="w"></span>
<span class="na">0.organizationName_default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Another Home Page</span><span class="w"></span>
<span class="na">organizationalUnitName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Organizational Unit Name (eg, section)</span><span class="w"></span>
<span class="na">organizationalUnitName_default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">admin</span><span class="w"></span>
<span class="na">commonName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Common Name (eg, your name or your server\\'s hostname)</span><span class="w"></span>
<span class="na">commonName_max</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">64</span><span class="w"></span>
<span class="na">emailAddress</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">Email Address</span><span class="w"></span>
<span class="na">emailAddress_max</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">64</span><span class="w"></span>
</code></pre></div>
<p>OpenSSL peut faire des alias DNS pour un même certificat, alors on ajoute ça à la fin :</p>
<div class="highlight"><pre><span></span><code><span class="k">[ALIASES]</span><span class="w"></span>
<span class="na">DNS.1</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">www.anotherhomepage.org</span><span class="w"></span>
<span class="na">DNS.2</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">mail.anotherhomepage.org</span><span class="w"></span>
</code></pre></div>
<p>Ensuite, on crée les répertoires et fichiers qui vont bien :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#cd</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="w"> </span>
<span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="w"> </span><span class="n">#mkdir</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="n">CA</span><span class="o">/</span><span class="n">newcerts</span><span class="w"> </span>
<span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="w"> </span><span class="n">#touch</span><span class="w"> </span><span class="n">CA</span><span class="o">/</span><span class="k">index</span><span class="p">.</span><span class="n">txt</span><span class="w"> </span>
<span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="w"> </span><span class="n">#echo</span><span class="w"> </span><span class="mi">01</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="n">CA</span><span class="o">/</span><span class="n">serial</span><span class="w"> </span>
</code></pre></div>
<p>Allez, on génère tout certificat de l'autorité, certificat serveur, clés...:</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="w"> </span><span class="n">#cd</span><span class="w"> </span><span class="n">CA</span><span class="w"></span>
<span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="o">/</span><span class="n">CA</span><span class="w"> </span><span class="n">#openssl</span><span class="w"> </span><span class="n">req</span><span class="w"> </span><span class="o">-</span><span class="n">nodes</span><span class="w"> </span><span class="o">-</span><span class="k">new</span><span class="w"> </span><span class="o">-</span><span class="n">x509</span><span class="w"> </span><span class="o">-</span><span class="n">keyout</span><span class="w"> </span><span class="n">thunderbluff</span><span class="o">-</span><span class="n">ca</span><span class="p">.</span><span class="k">key</span><span class="w"> </span><span class="o">-</span><span class="k">out</span><span class="w"> </span><span class="n">thunderbluff</span><span class="o">-</span><span class="n">ca</span><span class="p">.</span><span class="n">crt</span><span class="w"></span>
<span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="o">/</span><span class="n">CA</span><span class="w"> </span><span class="n">#openssl</span><span class="w"> </span><span class="n">req</span><span class="w"> </span><span class="o">-</span><span class="n">nodes</span><span class="w"> </span><span class="o">-</span><span class="k">new</span><span class="w"> </span><span class="o">-</span><span class="n">keyout</span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="k">key</span><span class="w"> </span><span class="o">-</span><span class="k">out</span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="n">csr</span><span class="w"></span>
<span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="o">/</span><span class="n">CA</span><span class="w"> </span><span class="n">#openssl</span><span class="w"> </span><span class="n">ca</span><span class="w"> </span><span class="o">-</span><span class="n">cert</span><span class="w"> </span><span class="n">aaron</span><span class="o">-</span><span class="n">ca</span><span class="p">.</span><span class="n">crt</span><span class="w"> </span><span class="o">-</span><span class="n">keyfile</span><span class="w"> </span><span class="n">thunderbluff</span><span class="o">-</span><span class="n">ca</span><span class="p">.</span><span class="k">key</span><span class="w"> </span><span class="o">-</span><span class="k">out</span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="n">crt</span><span class="w"> </span><span class="o">-</span><span class="ow">in</span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="n">csr</span><span class="w"></span>
</code></pre></div>
<p>Et puis pour Vsftpd ça peut aider :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@thunderbluff</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pki</span><span class="o">/</span><span class="n">CA</span><span class="w"> </span><span class="n">#cat</span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="k">key</span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="n">crt</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="n">thunderbluff</span><span class="p">.</span><span class="n">pem</span><span class="w"></span>
</code></pre></div>
<p>Emballez c'est pesé !</p>Script de gestion d'utilisateurs pour Vsftpd et MySQL v0.12008-06-22T14:45:00+02:002008-06-22T14:45:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-06-22:/post/2008/06/22/Script-de-gestion-dutilisateurs-pour-Vsftpd-et-MySQL/<p>attention, utilisez à vos risques et périls !</p>
<p>J'ai créé un script qui permet d'ajouter, de retirer ou de modifier le mot de passe d'un utilisateur virtuel pour la configuration <a href="/post/2008/06/20/Utilisateurs-virtuels-sous-CentOS-5-avec-base-de-donnees-MySQL">Vsftpd+MySQL</a> dont j'ai déjà fait part sur ce blog. Ce script est assez basique et limité dans ses fonctions comme …</p><p>attention, utilisez à vos risques et périls !</p>
<p>J'ai créé un script qui permet d'ajouter, de retirer ou de modifier le mot de passe d'un utilisateur virtuel pour la configuration <a href="/post/2008/06/20/Utilisateurs-virtuels-sous-CentOS-5-avec-base-de-donnees-MySQL">Vsftpd+MySQL</a> dont j'ai déjà fait part sur ce blog. Ce script est assez basique et limité dans ses fonctions comme dans son utilisation.</p>
<p>Il ne permet pour le moment que 3 choses :</p>
<ul>
<li>créer un utilisateur</li>
<li>modifier le mot de passe d'un utilisateur</li>
<li>effacer un utilisateur, avec en option la possibilité d'effacer ou de garder le répertoire de cet utilisateur</li>
</ul>
<p>Les limitations :</p>
<ul>
<li>il n'est pas possible de définir un home particulier pour chaque utilisateur, il faudra créer le fichier dans le user_config_dir avec la bonne option soi-même, valable pour la création comme pour la modification et l'effacement</li>
<li>les options n'acceptent pas d'être dans le désordre, il faut donc les taper comme indiqué dans l'aide (option --help)</li>
<li>on ne peut modifier que le mot de passe, pas le nom du compte utilisateur</li>
<li>...</li>
</ul>
<p>Voilà, ceux qui veulent s'amuser avec, c'est le fichier <a href="https://blog.anotherhomepage.org/public/vsftpd_mysql/sqlftp_01.sh.gz">sqlftp_01.sh.gz</a> qu'il suffit de décompresser, et de rendre exécutable.</p>Utilisateurs virtuels sous CentOS 5 avec base de données MySQL2008-06-20T10:30:00+02:002008-06-20T10:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-06-20:/post/2008/06/20/Utilisateurs-virtuels-sous-CentOS-5-avec-base-de-donnees-MySQL/<p><code>convert\_to\_centos5\_fr.sh --url howtoforge.com</code></p>
<p>Depuis quelques temps j'essayais sans succès de faire des utilisateurs virtuels avec <a href="http://vsftpd.beasts.org/">Vsftpd</a>, mon logiciel de serveur ftp favori, sous CentOS 5. Alors oui, la db au format Berkeley, ça marche, mais je trouve ça casse-pieds à maintenir. Et puis pour changer …</p><p><code>convert\_to\_centos5\_fr.sh --url howtoforge.com</code></p>
<p>Depuis quelques temps j'essayais sans succès de faire des utilisateurs virtuels avec <a href="http://vsftpd.beasts.org/">Vsftpd</a>, mon logiciel de serveur ftp favori, sous CentOS 5. Alors oui, la db au format Berkeley, ça marche, mais je trouve ça casse-pieds à maintenir. Et puis pour changer le mot de passe, galère. J'avais vu qu'il était possible d'utiliser <a href="http://www-fr.mysql.com/">MySQL</a> comme base pour les utilisateurs et leurs mots de passe. Je me met en quête d'un how-to pour CentOS, sans succès. J'adapte donc <a href="http://www.howtoforge.com/vsftpd_mysql_debian_etch">ce how-to</a> de Howtoforge pour CentOS.</p>
<p>Commençons par l'installation des paquets qui vont bien. En supposant que vous ayez, comme moi, une CentOS 5 minimaliste mais à jour, ça se passe comme ceci :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">yum</span><span class="w"> </span><span class="o">-</span><span class="n">y</span><span class="w"> </span><span class="n">install</span><span class="w"> </span><span class="n">vsftpd</span><span class="w"> </span><span class="n">mysql</span><span class="o">-</span><span class="n">server</span><span class="w"></span>
</code></pre></div>
<p>Ensuite, soit on ajoute à ses dépôts le dépôt extras en mode testing (et là je vous encourage à faire très attention, et de n'activer que les noms des paquets nécessaires), soit on installe "à la main" le paquet <a href="http://pam-mysql.sourceforge.net/">pam-mysql</a>, qui permettra à vsftpd de dialoguer avec MySQL. Le RPM est disponible sur <a href="http://rpm.pbone.net/index.php3/stat/4/idpl/6192385/com/pam_mysql-0.7-0.5.rc1.el5.kb.2.i386.rpm.html">Pbone</a>.Moi j'ai fait :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">wget</span><span class="w"> </span><span class="nl">ftp</span><span class="p">:</span><span class="o">//</span><span class="n">ftp</span><span class="p">.</span><span class="n">pbone</span><span class="p">.</span><span class="n">net</span><span class="o">/</span><span class="n">mirror</span><span class="o">/</span><span class="n">centos</span><span class="p">.</span><span class="n">karan</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">el5</span><span class="o">/</span><span class="n">extras</span><span class="o">/</span><span class="n">testing</span><span class="o">/</span><span class="n">i386</span><span class="o">/</span><span class="n">RPMS</span><span class="o">/</span><span class="n">pam_mysql</span><span class="o">-</span><span class="mf">0.7</span><span class="o">-</span><span class="mf">0.5</span><span class="p">.</span><span class="n">rc1</span><span class="p">.</span><span class="n">el5</span><span class="p">.</span><span class="n">kb</span><span class="mf">.2</span><span class="p">.</span><span class="n">i386</span><span class="p">.</span><span class="n">rpm</span><span class="w"></span>
</code></pre></div>
<p>puis :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">rpm</span><span class="w"> </span><span class="o">-</span><span class="n">ivh</span><span class="w"> </span><span class="n">pam_mysql</span><span class="o">-</span><span class="mf">0.7</span><span class="o">-</span><span class="mf">0.5</span><span class="p">.</span><span class="n">rc1</span><span class="p">.</span><span class="n">el5</span><span class="p">.</span><span class="n">kb</span><span class="mf">.2</span><span class="p">.</span><span class="n">i386</span><span class="p">.</span><span class="n">rpm</span><span class="w"></span>
</code></pre></div>
<p>Une fois les logiciels qui vont bien installés, on peut avoir envie de gérer MySQL via phpMyAdmin, pour celà je vous renvoie à <a href="/post/2008/05/17/installation-de-phpmyadmin-sur-CentOS-5">un autre billet qui en parle</a>.</p>
<p>Commençons par MySQL, pour respecter l'ordre originel du howto. Une fois celui-ci installé, on configure le mot de passe de root :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">mysqld</span><span class="w"> </span><span class="k">start</span><span class="w"></span>
</code></pre></div>
<p>MySQL indique les commandes pour changer le mot de passe de root pour MySQL, en indiquant quel est le nom d'hôte MySQL de la machine (détail très important !)</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqladmin</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="s1">'changemoi'</span><span class="w"></span>
<span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">mysqladmin</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">-</span><span class="n">h</span><span class="w"> </span><span class="n">tristram</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">loc</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="s1">'changemoi'</span><span class="w"></span>
</code></pre></div>
<p>(on voit donc que la machine servant à ce howto se nomme tristram.anotherhomepage.loc)Ensuite on se connecte à MySQL :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">mysql</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"></span>
</code></pre></div>
<p>On crée la base de données et son utilisateur, <em>vsftpd</em> et mot de passe <em>ftpdpass</em> :</p>
<div class="highlight"><pre><span></span><code>mysql> CREATE DATABASE vsftpd;
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost' IDENTIFIED BY 'ftpdpass';
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost.localdomain' IDENTIFIED BY 'ftpdpass';
mysql> FLUSH PRIVILEGES;
</code></pre></div>
<p>Ensuite on créé le schéma (on est toujours dans le shell de MySQL) :</p>
<div class="highlight"><pre><span></span><code><span class="n">mysql</span><span class="o">></span><span class="w"> </span><span class="k">USE</span><span class="w"> </span><span class="n">vsftpd</span><span class="p">;</span><span class="w"></span>
<span class="n">mysql</span><span class="o">></span><span class="w"> </span><span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n n-Quoted">`accounts`</span><span class="w"> </span><span class="p">(</span><span class="w"></span>
<span class="n n-Quoted">`id`</span><span class="w"> </span><span class="kt">INT</span><span class="w"> </span><span class="k">NOT</span><span class="w"> </span><span class="no">NULL</span><span class="w"> </span><span class="k">AUTO_INCREMENT</span><span class="w"> </span><span class="k">PRIMARY</span><span class="w"> </span><span class="k">KEY</span><span class="w"> </span><span class="p">,</span><span class="w"></span>
<span class="n n-Quoted">`username`</span><span class="w"> </span><span class="kt">VARCHAR</span><span class="p">(</span><span class="w"> </span><span class="mi">30</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="k">NOT</span><span class="w"> </span><span class="no">NULL</span><span class="w"> </span><span class="p">,</span><span class="w"></span>
<span class="n n-Quoted">`pass`</span><span class="w"> </span><span class="kt">VARCHAR</span><span class="p">(</span><span class="w"> </span><span class="mi">50</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="k">NOT</span><span class="w"> </span><span class="no">NULL</span><span class="w"> </span><span class="p">,</span><span class="w"></span>
<span class="k">UNIQUE</span><span class="w"> </span><span class="p">(</span><span class="w"></span>
<span class="n n-Quoted">`username`</span><span class="w"></span>
<span class="p">)</span><span class="w"></span>
<span class="p">)</span><span class="w"> </span><span class="k">ENGINE</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">MYISAM</span><span class="w"> </span><span class="p">;</span><span class="w"></span>
</code></pre></div>
<p>Et on quitte MySQL :</p>
<div class="highlight"><pre><span></span><code>mysql> quit;
</code></pre></div>
<p>On créée l'utilisateur virtuel pour accéder aux comptes ; sous CentOS 5, le groupe de l'utilisateur <em>nobody</em> est <em>nobody</em>, avec comme gid 99 (vu dans <em>/etc/groups</em>) :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">useradd</span><span class="w"> </span><span class="c1">--home /home/vsftpd --gid 99 -m --shell /sbin/nologin vsftpd</span>
</code></pre></div>
<p>On note aussi que pour empêcher un compte d'avoir un shell, on met plutôt <em>/sbin/nologin</em>.</p>
<p>Passons à Vsftpd. Sauvegardons la configuration par défaut et ajoutons la nôtre :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">cp</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">vsftpd</span><span class="p">.</span><span class="n">conf</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">vsftpd</span><span class="p">.</span><span class="n">conf_orig</span><span class="w"></span>
<span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">cat</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">vsftpd</span><span class="p">.</span><span class="n">conf</span><span class="w"></span>
<span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">vi</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">vsftpd</span><span class="p">.</span><span class="n">conf</span><span class="w"></span>
</code></pre></div>
<p>Le fichier <em>vsftpd.conf</em> est le suivant ( les options sont expliquées en anglais <a href="http://vsftpd.beasts.org/vsftpd_conf.html">sur le site de vsftpd</a>) :</p>
<div class="highlight"><pre><span></span><code><span class="n">listen</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">anonymous_enable</span><span class="o">=</span><span class="n">NO</span><span class="w"></span>
<span class="n">local_enable</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">write_enable</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">local_umask</span><span class="o">=</span><span class="mi">022</span><span class="w"></span>
<span class="n">dirmessage_enable</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">xferlog_enable</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">connect_from_port_20</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">nopriv_user</span><span class="o">=</span><span class="n">vsftpd</span><span class="w"></span>
<span class="n">chroot_local_user</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">secure_chroot_dir</span><span class="o">=/</span><span class="k">var</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">vsftpd</span><span class="w"></span>
<span class="n">pam_service_name</span><span class="o">=</span><span class="n">vsftpd</span><span class="w"></span>
<span class="n">guest_enable</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">guest_username</span><span class="o">=</span><span class="n">vsftpd</span><span class="w"></span>
<span class="n">local_root</span><span class="o">=/</span><span class="n">home</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/$</span><span class="n">USER</span><span class="w"></span>
<span class="n">user_sub_token</span><span class="o">=$</span><span class="n">USER</span><span class="w"></span>
<span class="n">virtual_use_local_privs</span><span class="o">=</span><span class="n">YES</span><span class="w"></span>
<span class="n">user_config_dir</span><span class="o">=/</span><span class="n">etc</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">user_conf</span><span class="w"></span>
</code></pre></div>
<p>Une première différence avec celui de Howtoforge, je n'ai pas mis l'option <em>rsa_cert_file=/etc/ssl/certs/vsftpd.pem</em>, je verrai ça pour un autre billet. Une autre différence est l'endroit où je stocke les configurations personnalisées par utilisateur : comme il y a un répertoire <em>/etc/vsftpd</em>, j'ai créé un sous-répertoire <em>user_conf</em> :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">user_conf</span><span class="w"></span>
</code></pre></div>
<p>Cette possibilité est bien entendue totalement optionnelle.</p>
<p>Il nous faut maintenant configurer pam, qui va permettre à vsftpd d'aller chercher les utilisateurs dans la base mysql plutôt que dans les utilisateurs système, stockés dans <em>/etc/passwd</em> et <em>/etc/shadow</em>. Comme avec Vsftpd, on sauvegarde l'ancien et on en crée un tout neuf :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">cp</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pam</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">vsftpd</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pam</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">vsftpd_orig</span><span class="w"></span>
<span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">cat</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="k">null</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pam</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">vsftpd</span><span class="w"></span>
<span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">vi</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">pam</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">vsftpd</span><span class="w"></span>
</code></pre></div>
<p>Le contenu de ce fichier est le suivant :</p>
<div class="highlight"><pre><span></span><code>auth required pam_mysql.so user=vsftpd passwd=ftpdpass host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=3
account required pam_mysql.so user=vsftpd passwd=ftpdpass host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=3
</code></pre></div>
<p>La différence avec la version howtoforge est que j'ai changé l'algorithme de hash du mot de passe. Au lieu d'utiliser la fonction PASSWORD(), je vais utiliser MD5(). Je reviendrai sur ce qui a motivé ce choix après. Pour le moment, relançons Vsftpd :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">vsftpd</span><span class="w"> </span><span class="n">restart</span><span class="w"></span>
</code></pre></div>
<p>Et maintenant, créons notre premier utilisateur dans MySQL :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">mysql</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"></span>
</code></pre></div>
<p>Nous sommes dans le shell MySQL :</p>
<div class="highlight"><pre><span></span><code>mysql> USE vsftpd;
mysql> INSERT INTO accounts (username, pass) VALUES('testuser', MD5('secret'));
mysql> quit;
</code></pre></div>
<p>Le répertoire de l'utilisateur testuser est <em>/home/vsftpd/testuser</em>, mais Vsftpd ne peut pas le créer automatiquement pour nous, faisons-le à la main, en prenant soin qu'il appartient bien à vsftpd :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">testuser</span><span class="w"></span>
<span class="n">root</span><span class="nv">@tristram</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">chown</span><span class="w"> </span><span class="nl">vsftpd</span><span class="p">:</span><span class="n">nobody</span><span class="w"> </span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">vsftpd</span><span class="o">/</span><span class="n">testuser</span><span class="w"></span>
</code></pre></div>
<p>Connectons-nous à notre serveur FTP en utilisant Filezilla sous Windows, Konqueror ou gFTP (ou bien en ligne de commande, ftp ou lftp) sous Linux/BSD, ou encore Cyberduck sous Mac OS X. Ca marche? Parfait :-)</p>
<p>Maintenant le pourquoi du comment que j'ai mis 3 au lieu de 2 et MD5 au lieu de PASSWORD : tout simplement parce que ça ne fonctionne pas sous CentOS 5. L'explication vient du fichier README de pam-mysql, dispo là : <em>/usr/share/doc/pam_mysql-0.7/README</em></p>
<blockquote>
<p>The method to encrypt the user's password:</p>
<p>0 (or "plain") = No encryption. Passwords stored in plaintext.HIGHLY DISCOURAGED.</p>
<p>1 (or "Y") = Use crypt(3) function.</p>
<p>2 (or "mysql") = Use MySQL PASSWORD() function. It is possiblethat the encryption function used by PAM-MySQLis different from that of the MySQL server, asPAM-MySQL uses the function defined in MySQL'sC-client API instead of using PASSWORD() SQL functionin the query.</p>
<p>3 (or "md5") = Use plain hex MD5.</p>
<p>4 (or "sha1") = Use plain hex SHA1.</p>
</blockquote>
<p>La fonction PASSWORD de MySQL et celle de pam-mysql ne renvoient donc pas le même hash de mot de passe. Dommage, hein? J'ai aussi essayé l'option 0, mais elle ne m'intéressait pas. Je n'ai pas encore essayé la fonction crypt ni la fonction sha1 pour vérifier si elles fonctionnent, mais il n'y a pas de raison ;)</p>
<p>Il ne reste à présent qu'à créer une page php ou un script shell qui permette de créer, modifier et effacer les utilisateurs.</p>
<h2>Commentaires</h2>
<h3>Le 25/01/2011 15:45 par jennifer</h3>
<p>Merci pour le tuto ca fonctionne nikel juste un petit oubli de votre part il faut créer le fichier vsftpd dans /var/run/ sinon il affiche un message d'erreur suite au chemin défini pour "secure_chroot_dir=/var/run/vsftpd" dans le fichier de configuration vsftpd.conf lors du lancement du ftp.</p>Installation de mod_gnutls sur CentOS 52008-05-24T10:30:00+02:002008-05-24T10:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-05-24:/post/2008/05/24/Installation-de-mod_gnutls-sur-CentOS-5/<p>petit lien à garder sous le coude au cas où</p>
<p>Il y a quelques jours je voulais mettre plusieurs sites Internet en <a href="http://fr.wikipedia.org/wiki/Http#HTTPS">HTTPS</a>, sur le même serveur dédié. Or, ceci n'est (presque) pas possible en utilisant <a href="http://www.modssl.org/">mod_ssl</a> avec <a href="http://httpd.apache.org/">Apache</a>. Toutefois, ceci est rendu possible via l'utilisation de <a href="http://www.outoforder.cc/projects/apache/mod_gnutls/">mod_gnutls …</a></p><p>petit lien à garder sous le coude au cas où</p>
<p>Il y a quelques jours je voulais mettre plusieurs sites Internet en <a href="http://fr.wikipedia.org/wiki/Http#HTTPS">HTTPS</a>, sur le même serveur dédié. Or, ceci n'est (presque) pas possible en utilisant <a href="http://www.modssl.org/">mod_ssl</a> avec <a href="http://httpd.apache.org/">Apache</a>. Toutefois, ceci est rendu possible via l'utilisation de <a href="http://www.outoforder.cc/projects/apache/mod_gnutls/">mod_gnutls</a>. Pour ceux qui ont CentOS 5, voici <a href="http://www.hughesjr.com/content/view/20/29/">un petit lien</a> pour l'installer facilement. je crois que mod_gnutls est aussi disponible pour Mandriva. Sinon, il reste à compiler les sources ;-)</p>
<p><strong>Mise à jour</strong> : certains auront pu remarquer que des liens de ce billet ne fonctionnent plus, et que les dernières versions de mod_gnutls nécessitent une version de gnutls plus récente que celle livrée sur CentOS. La petite astuce ne fonctionne donc plus vraiment, sauf à utiliser une autre distribution ou à installer un gnutls plus récent. Un ami s'y est essayé il y a quelques temps sous Gentoo, un ebuild étant disponible.</p>
<h2>Commentaires</h2>
<h3>Le 30/08/2011 00:55 par <a href="http://fakessh.eu">fakessh @</a></h3>
<p>j ai dernierement package les dernieres versions de gnutls et mod_gnutls</p>
<p>je fournis les rpm source sur la page de mon blog
recompiler les rpm et bonnes mises à jour</p>
<p>http://fakessh.eu/2011/08/28/last-release-gnutls-et-mod_gnutls-pour-centos-5-6/</p>installation de phpmyadmin sur CentOS 52008-05-18T10:30:00+02:002008-05-18T10:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-05-18:/post/2008/05/18/installation-de-phpmyadmin-sur-CentOS-5/<p><code>yum install --enablerepo=extras,rpmforge httpd php phpmyadmin php-mbstring php-mcrypt</code></p>
<p><em>Mise à jour du 03/10/2011 : si vous êtes sur CentOS 6, voici <a href="/post/2011/10/03/Installation-de-phpMyAdmin-sur-CentOS-6">une version à jour de ce tutoriel</a></em></p>
<p>Je voulais me monter un petit serveur MySQL et comme je suis une feignasse, j'aime utiliser <a href="http://www.phpmyadmin.net">phpMyAdmin</a>.je me …</p><p><code>yum install --enablerepo=extras,rpmforge httpd php phpmyadmin php-mbstring php-mcrypt</code></p>
<p><em>Mise à jour du 03/10/2011 : si vous êtes sur CentOS 6, voici <a href="/post/2011/10/03/Installation-de-phpMyAdmin-sur-CentOS-6">une version à jour de ce tutoriel</a></em></p>
<p>Je voulais me monter un petit serveur MySQL et comme je suis une feignasse, j'aime utiliser <a href="http://www.phpmyadmin.net">phpMyAdmin</a>.je me fais comme à mon habitude une installation minimaliste, incluant toutefois le dépôt <a href="https://rpmrepo.org/RPMforge">RPMforge</a> (dont on note la nouvelle url). Pour ajouter le dépôt RPMForge, il suffit d'installer le RPM du dépôt, <a href="http://dag.wieers.com/rpm/packages/rpmforge-release/">qu'on sélectionne ici selon son architecture</a>. On s'assure ensuite que par facilité, le fichier <em>/etc/yum.repos.d/rpmforge.repo</em> contient bien la ligne :</p>
<div class="highlight"><pre><span></span><code>enabled = 1
</code></pre></div>
<p>(c'est moche mais ça marche)</p>
<p>J'installe ensuite mon bazar :</p>
<div class="highlight"><pre><span></span><code>yum install httpd phpmyadmin
</code></pre></div>
<p>C'est bien la première fois que je reproche un truc à un paquet RPMforge, là ce que je reproche au paquet phpmyadmin, c'est de ne pas avoir en dépendance php, chose que je peux aussi reprocher au paquet php-mysql, ou alors j'ai pas tout compris. Allez, on installe PHP :</p>
<div class="highlight"><pre><span></span><code>yum install php
</code></pre></div>
<p>D'autres trucs sont nécessaires pour phpmyadmin, php-mbstring (pas de problème, c'est dans le dépôt base), mais aussi php-mcrypt (et là, il faut activer le dépôt extras, que j'avais désactivé) :</p>
<div class="highlight"><pre><span></span><code>yum install --enablerepo=extras php-mcrypt php-mbstring
</code></pre></div>
<p>Ensuite, on édite le fichier <em>/usr/share/phpmyadmin/config.inc.php</em>, plus exactement à la ligne 17 :</p>
<div class="highlight"><pre><span></span><code><span class="mh">$cf</span><span class="nv">g</span>[<span class="s1">'</span><span class="s">blowfish_secret</span><span class="s1">'</span>] <span class="o">=</span> <span class="s1">''</span><span class="c1">; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ </span>
</code></pre></div>
<p>Et on remplit la variable avec un truc bien débile :</p>
<div class="highlight"><pre><span></span><code><span class="mh">$cf</span><span class="nv">g</span>[<span class="s1">'</span><span class="s">blowfish_secret</span><span class="s1">'</span>] <span class="o">=</span> <span class="s1">'</span><span class="s">kikoolol</span><span class="s1">'</span><span class="c1">; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ </span>
</code></pre></div>
<p>Si le serveur MySQL est sur la même machine, s'assurer qu'il est lancé et qu'on connait le mot de passe pour s'y connecter (par défaut, il n'y a pas de mot de passe pour root sur MySQL). Si le serveur est sur une autre machine, on modifie la ligne 31 :</p>
<div class="highlight"><pre><span></span><code>$cfg['Servers'][$i]['host'] = 'localhost';
</code></pre></div>
<p>on remplace "localhost" par l'adresse IP ou le nom de la machine.</p>
<p>Mais ce n'est pas fini ! Il faut encore accéder à phpMyAdmin. Pour celà, on édite aussi le fichier <em>/etc/httpd/conf.d/phpmyadmin.conf</em>, la ligne 8 contient :</p>
<div class="highlight"><pre><span></span><code>Allow from 127.0.0.1
</code></pre></div>
<p>On peut ajouter son adresse IP à la suite de la ligne, comme par exemple :</p>
<div class="highlight"><pre><span></span><code>Allow from 127.0.0.1 192.168.1.2
</code></pre></div>
<p>ou alors, ouvrir son phpMyAdmin au monde entier, mais c'est <strong>mal</strong> !</p>
<p><code>Allow from all</code></p>
<p>On notera en fin de fichier les urls possibles pour accéder à notre logiciel, on peut même ajouter à la ligne suivante par exemple :</p>
<p><code>Alias /kikoolol/ /usr/share/phpmyadmin</code></p>
<p>On lance Apache :</p>
<p><code>service httpd start</code></p>
<p>Et éventuellement MySQL :</p>
<p><code>service mysqld start</code></p>
<p>Voilà, c'est fini, on peut accéder à phpMyAdmin grâce à l'adresse : http://nomduserveur/phpmyadmin, ou http://nomduserveur/phpMyAdmin ou http://nomduserveur/mysqladmin (voire même http://nomduserveur/kikoolol pour les comiques :))</p>
<h2>Commentaires</h2>
<h3>Le 26/08/2008 20:44 par mongo</h3>
<p>Tres cool le tuto. Mais apparamment ca ne marche pas aussi simplement avec centos 5.2. J'ai le massage suivant qui resiste a ce tuto (erreur 403): You don't have permission to access /phpmyadmin/ on this server.</p>
<h3>Le 12/03/2009 11:01 par Stef</h3>
<p>Merci pour ce super tuto ;) ça m'a vachement bien aidé !</p>
<p>Et euh j'ai pareil.. erreur 403.. il suffit de lancer firefox entant que root et ça fonctionne ;)</p>
<h3>Le 23/03/2009 21:51 par Nils</h3>
<p>Je vous rappelle qu'il y a un paragraphe sur les autorisations, il faut penser à modifier la directive Allow de /etc/httpd/conf.d/phpmyadmin.conf ;)</p>
<h3>Le 15/04/2009 04:49 par kadahowa</h3>
<p>bien fait le tuto.
pour les gens qui n'ont pas pu acceder a phpmyadmin il faut changer les droit de permission du group.
et ça va marcher c'est tester et ça marche.
le seul probleme c'est j connais pas le mot de pass et le login de mon serveur mysql.
on voulant installer centos j ai cocher server donc j ai pas pu savoir quelle mot de passe et login a fait .
donc si quelqu'un sait, qu il me fille la reponse :>
merci.</p>
<h3>Le 16/04/2009 20:34 par Nils</h3>
<p>Pourrais-tu être plus précis sur "les droits de permissions du groupe" ?
Sous CentOS, par défaut, il n'y a pas de mot de passe à l'utilisateur root sur MySQL. Il te faut donc te connecter, et une fois dans le shell MySQL, tu peux changer le mot de passe. Tu peux aussi faire cela via phpMyAdmin.</p>
<h3>Le 22/04/2009 21:41 par HAZTIKA</h3>
<p>Bonjour
J'essaie de suivre ton tuto mais après : yum install --enablerepo=extras php-mcrypt php-mbstring
je vais dans le dossier /usr/share et je ne trouve pas le fichier config.inc.php que tu as indiqué ( /usr/share/phpmyadmin/config.inc.php ) , je ne trouve même pas le dossier phpmyadmin/ dans /usr/share
et j'ai aussi vérifier dans /etc/httpd/conf.d/ et je ne trouve pas le fichier phpmyadmin.conf
j'ai un centos 5.2, merci de ton aide</p>
<h3>Le 24/04/2009 19:46 par Nils</h3>
<p>@HAZTIKA : il faut d'abord installer le dépôt RPMForge, c'est expliqué entre autres <a href="http://wiki.centos.org/AdditionalResources/Repositories/RPMForge#head-20e1f65f19ccf2f5fbf5adb30dbaf5ea963a64ae">ici</a>. Une fois ce dépôt installé (et activé), tu peux utiliser yum pour installer phpmyadmin et suivre le reste du billet, tu devrais alors trouver les fichiers.</p>
<h3>Le 05/06/2010 10:54 par Zerana</h3>
<p>Cool, ton tulo</p>Session de débug DNS2008-05-12T10:30:00+02:002008-05-12T10:30:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-05-12:/post/2008/05/12/session-de-debug-DNS/<p>pour un site ami</p>
<p>J'ai eu à donner un petit coup de main pour le serveur DNS de <a href="http://www.quebecos.com">QuebecOS</a>, j'en profite donc pour ajouter quelques petites choses qui m'ont aidées à faire du débug de configuration DNS utilisant <a href="http://www.isc.org/index.pl?/sw/bind/index.php">Bind</a>:</p>
<div class="highlight"><pre><span></span><code> logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
</code></pre></div>
<p>dans …</p><p>pour un site ami</p>
<p>J'ai eu à donner un petit coup de main pour le serveur DNS de <a href="http://www.quebecos.com">QuebecOS</a>, j'en profite donc pour ajouter quelques petites choses qui m'ont aidées à faire du débug de configuration DNS utilisant <a href="http://www.isc.org/index.pl?/sw/bind/index.php">Bind</a>:</p>
<div class="highlight"><pre><span></span><code> logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
</code></pre></div>
<p>dans le fichier named.conf est assez pratique lorsqu'on veut voir si le serveur se lance correctement.</p>
<p>Sinon un site assez sympa pour voir si la configuration est correcte, <a href="http://www.intodns.com">IntoDNS</a> : on donne son nom de domaine et il regarde ce que rend le serveur à ses requêtes; presque tout y passe, on peut même y lire si notre configuration respecte les bonnes pratiques. A garder sous la main en plus des bons vieux nslookup et dig.</p>Créer un miroir CentOS pour les updates2008-03-23T14:55:00+01:002008-03-23T14:55:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-03-23:/post/2008/03/23/Creer-un-miroir-CentOS-pour-les-updates/<p>Et tu sync, et tu sync, et tu wget</p>
<p>Hier, j'ai commencé à me dire que ça serait sympa de rendre encore plus rapide mes installations de machines virtuelles CentOS 5. Donc, avant d'attaquer le trifouillage de mes kickstarts afin d'appliquer mes configurations de manière automatique, j'en suis venu à …</p><p>Et tu sync, et tu sync, et tu wget</p>
<p>Hier, j'ai commencé à me dire que ça serait sympa de rendre encore plus rapide mes installations de machines virtuelles CentOS 5. Donc, avant d'attaquer le trifouillage de mes kickstarts afin d'appliquer mes configurations de manière automatique, j'en suis venu à la conclusion qu'avoir le dépôt des mises à jour en local serait plus rapide que de devoir tout récupérer sur Internet.</p>
<p>Donc, il me faut me synchroniser avec un miroir. Comme je suis chez Free, j'ai voulu utiliser leur miroir. Oui mais, ce n'est qu'un miroir FTP. Et la plupart des scripts de synchronisation de miroir utilisent <a href="http://rsync.samba.org/">rsync</a>. Je me suis donc rabattu sur le miroir de <a href="http://www.ipsl.jussieu.fr/">l'IPSL Jussieu</a> qui possède un mirroir <a href="http://distrib-coffee.ipsl.jussieu.fr/pub/linux/">http</a>, <a href="ftp://distrib-coffee.ipsl.jussieu.fr/pub/linux/">ftp</a> et <a href="rsync://distrib-coffee.ipsl.jussieu.fr/pub/linux/">rsync</a>. Génial ! Quelques instants plus tard, j'adapte <a href="http://lists.centos.org/pipermail/centos-mirror/2005-April/000936.html">ce script</a> qui donne ceci :</p>
<div class="highlight"><pre><span></span><code><span class="ch">#!/bin/bash</span>
<span class="c1">#################################################################################</span>
<span class="c1"># #</span>
<span class="c1"># CentOS mirror syncer #</span>
<span class="c1"># Comes from : #</span>
<span class="c1"># #</span>
<span class="c1"># http://lists.centos.org/pipermail/centos-mirror/2005-April/000936.html #</span>
<span class="c1"># http://wiki.monserveurperso.com/wakka.php?wiki=MirroringFTP #</span>
<span class="c1"># man wget #</span>
<span class="c1"># #</span>
<span class="c1">#################################################################################</span>
<span class="nv">RSYNC</span><span class="o">=</span><span class="sb">`</span>which rsync<span class="sb">`</span>
<span class="nv">RSYNC_OPTS</span><span class="o">=</span><span class="s2">"-aHv --delete --bwlimit=512 "</span>
<span class="nv">CHOWN</span><span class="o">=</span><span class="sb">`</span>which chown<span class="sb">`</span>
<span class="nv">CHMOD</span><span class="o">=</span><span class="sb">`</span>which chmod<span class="sb">`</span>
<span class="nv">MIRROR</span><span class="o">=</span><span class="s2">"rsync://distrib-coffee.ipsl.jussieu.fr/pub/linux/centos/5/updates/i386/"</span>
<span class="nv">LOCAL</span><span class="o">=</span><span class="s2">"/home/ftp/mirrors/centos/5/updates/i386/"</span>
<span class="nv">PIDFILE</span><span class="o">=</span><span class="s2">"/var/run/centosmirror.pid"</span>
<span class="c1"># Don't run it twice...</span>
<span class="k">if</span> <span class="o">[</span> -f <span class="s2">"</span><span class="nv">$PIDFILE</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
<span class="nv">RUNPID</span><span class="o">=</span><span class="sb">`</span>cat <span class="nv">$PIDFILE</span><span class="sb">`</span>
<span class="k">if</span> ps -p <span class="nv">$RUNPID</span><span class="p">;</span> <span class="k">then</span>
<span class="nb">echo</span> <span class="s2">"CentOS Mirror is already running..."</span>
<span class="nb">exit</span> <span class="m">1</span>
<span class="k">else</span>
<span class="nb">echo</span> <span class="s2">"CentOS Mirror pid found but process dead, cleaning up"</span>
rm -f <span class="nv">$PIDFILE</span>
<span class="k">fi</span>
<span class="k">else</span>
<span class="nb">echo</span> <span class="s2">"No CentOS Mirror Process Detected"</span>
<span class="k">fi</span>
<span class="nb">echo</span> <span class="nv">$$</span> > <span class="nv">$PIDFILE</span>
<span class="nb">echo</span> -n <span class="s2">"CentOS Mirror Started at "</span>
date
<span class="c1"># Download, set up rights</span>
<span class="nv">$RSYNC</span> <span class="nv">$RSYNC_OPTS</span> <span class="nv">$MIRROR</span> <span class="nv">$LOCAL</span>
<span class="nv">$CHOWN</span> -R apache:apache <span class="nv">$LOCAL</span>
<span class="nv">$CHMOD</span> -R <span class="m">755</span> <span class="nv">$LOCAL</span>
<span class="nb">echo</span> -n <span class="s2">"CentOS Mirror Ended at "</span>
date
rm -f <span class="nv">$PIDFILE</span>
</code></pre></div>
<p>Ca, c'était la version rsync. Et si on est derrière un proxy, et qu'on ne peut pas faire du rsync? Pour le moment je me suis concentré sur ftp, mais ce script devrait tourner pour http :</p>
<div class="highlight"><pre><span></span><code><span class="ch">#!/bin/bash</span>
<span class="c1">#################################################################################</span>
<span class="c1"># #</span>
<span class="c1"># CentOS mirror syncer #</span>
<span class="c1"># Comes from : #</span>
<span class="c1"># #</span>
<span class="c1"># http://lists.centos.org/pipermail/centos-mirror/2005-April/000936.html #</span>
<span class="c1"># http://wiki.monserveurperso.com/wakka.php?wiki=MirroringFTP #</span>
<span class="c1"># man wget #</span>
<span class="c1"># #</span>
<span class="c1">#################################################################################</span>
<span class="c1"># Variables</span>
<span class="nv">WGET</span><span class="o">=</span><span class="sb">`</span>which wget<span class="sb">`</span>
<span class="nv">WGET_OPTS</span><span class="o">=</span><span class="s2">"-m --limit-rate=512k -nH --cut-dir 5"</span>
<span class="nv">CHOWN</span><span class="o">=</span><span class="sb">`</span>which chown<span class="sb">`</span>
<span class="nv">CHMOD</span><span class="o">=</span><span class="sb">`</span>which chmod<span class="sb">`</span>
<span class="nv">MIRROR</span><span class="o">=</span><span class="s2">"ftp://ftp.free.fr/mirrors/ftp.centos.org/5/updates/i386/*"</span>
<span class="nv">LOCAL</span><span class="o">=</span><span class="s2">"/home/ftp/mirrors/centos/5/updates/i386/"</span>
<span class="nv">PIDFILE</span><span class="o">=</span><span class="s2">"/var/run/centosmirror.pid"</span>
<span class="c1"># Don't run it twice...</span>
<span class="k">if</span> <span class="o">[</span> -f <span class="s2">"</span><span class="nv">$PIDFILE</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
<span class="nv">RUNPID</span><span class="o">=</span><span class="sb">`</span>cat <span class="nv">$PIDFILE</span><span class="sb">`</span>
<span class="k">if</span> ps -p <span class="nv">$RUNPID</span><span class="p">;</span> <span class="k">then</span>
<span class="nb">echo</span> <span class="s2">"CentOS Mirror is already running..."</span>
<span class="nb">exit</span> <span class="m">1</span>
<span class="k">else</span>
<span class="nb">echo</span> <span class="s2">"CentOS Mirror pid found but process dead, cleaning up"</span>
rm -f <span class="nv">$PIDFILE</span>
<span class="k">fi</span>
<span class="k">else</span>
<span class="nb">echo</span> <span class="s2">"No CentOS Mirror Process Detected"</span>
<span class="k">fi</span>
<span class="nb">echo</span> <span class="nv">$$</span> > <span class="nv">$PIDFILE</span>
<span class="c1"># wget + ftp = .listing files</span>
find <span class="nv">$LOCAL</span> -name <span class="s2">".listing"</span> -delete
<span class="nb">echo</span> -n <span class="s2">"CentOS Mirror Started at "</span>
date
<span class="c1"># Download, set up rights</span>
<span class="nv">$WGET</span> <span class="nv">$WGET_OPTS</span> <span class="nv">$MIRROR</span> -P <span class="nv">$LOCAL</span>
<span class="nv">$CHOWN</span> -R apache:apache <span class="nv">$LOCAL</span>
<span class="nv">$CHMOD</span> -R <span class="m">755</span> <span class="nv">$LOCAL</span>
<span class="nb">echo</span> -n <span class="s2">"CentOS Mirror Ended at "</span>
date
rm -f <span class="nv">$PIDFILE</span>
find <span class="nv">$LOCAL</span> -name <span class="s2">".listing"</span> -delete
</code></pre></div>
<p>On remarquera que c'est grosso modo la même chose, la version wget générant des fichiers .listing pour le téléchargement récursif, je les efface avant et après coup, au cas où.Comme mon miroir est aussi dispo en http, je rend le tout accessible pour l'utilisateur apache. Ce dernier script reste cependant à améliorer, car contrairement à rsync, il n'efface pas les fichiers présents en local mais disparus du miroir distant.</p>Forcer openssh à ouvrir un terminal2008-03-05T20:56:00+01:002008-03-05T20:56:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-03-05:/post/2008/03/05/forcer-openssh-a-ouvrir-un-tty-pour-su-c/<p>Ces jours-ci, j'en apprend des trucs marrants !</p>
<p>L'autre jour, je voulais faire la feignasse : plutôt que de me connecter en ssh, devenir root puis taper une commande (un bête mkdir je crois), et ce sur 5-6 serveurs, je me suis demandé si je ne pouvais pas faire tout ça en …</p><p>Ces jours-ci, j'en apprend des trucs marrants !</p>
<p>L'autre jour, je voulais faire la feignasse : plutôt que de me connecter en ssh, devenir root puis taper une commande (un bête mkdir je crois), et ce sur 5-6 serveurs, je me suis demandé si je ne pouvais pas faire tout ça en une fois, au moins disons une commande par bécane, quitte à juste taper les mots de passe ensuite. Et bien c'est possible !</p>
<p>D'abord, on regarde la page de manuel de ssh, et on voit qu'on peut donner une commande en argument pour juste exécuter cette commande :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ssh</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">uname</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="err">'</span><span class="n">s</span><span class="w"> </span><span class="nl">password</span><span class="p">:</span><span class="w"> </span>
<span class="n">Linux</span><span class="w"></span>
</code></pre></div>
<p>Ensuite on se dit qu'on rajouterait bien des arguments à notre commande, donc on rajoute des guillemets :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ssh</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="ss">"/bin/uname -sp"</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="err">'</span><span class="n">s</span><span class="w"> </span><span class="nl">password</span><span class="p">:</span><span class="w"> </span>
<span class="n">Linux</span><span class="w"> </span><span class="n">i686</span><span class="w"></span>
</code></pre></div>
<p>Pour s'amuser, disons qu'on veut faire un truc en tant que root. On peut, si on ne dispose pas de sudo, utiliser "su -c" pour ne taper qu'une commande en tant que root, sous réserve de connaître le mot de passe. Mais si on le fait, on se heurte à un message d'erreur :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ssh</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="ss">"su -c whoami"</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="err">'</span><span class="n">s</span><span class="w"> </span><span class="nl">password</span><span class="p">:</span><span class="w"> </span>
<span class="n">standard</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">must</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">tty</span><span class="w"></span>
</code></pre></div>
<p>Et là, c'est le drame... comment ouvre-t-on un tty? Un retour dans la page de manuel (merci <a href="http://www.sakana.fr/blog/">Stéphane</a> !) nous apprend que l'option "-t" force ssh à ouvrir un tty. Allez, on recommence :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ssh</span><span class="w"> </span><span class="o">-</span><span class="n">t</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="ss">"su -c whoami"</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="err">'</span><span class="n">s</span><span class="w"> </span><span class="nl">password</span><span class="p">:</span><span class="w"> </span>
<span class="nl">Password</span><span class="p">:</span><span class="w"> </span>
<span class="n">root</span><span class="w"></span>
<span class="k">Connection</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="n">closed</span><span class="p">.</span><span class="w"></span>
</code></pre></div>
<p>On remarquera que cette fois-ci, on me demande 2 mots de passe : le mot de passe de nils (utilisateur implicite du fait que je suis connecté en tant que nils sur darkmoon), et le mot de passe de root. Le tty est ensuite refermé avec le ssh.</p>
<p>On pourrait bien entendu se passer de taper les mots de passe en utilisant une authentification par clés pour ssh et sudo pour les commandes qui le nécessitent. Ensuite, si on désire faire ceci sur plusieurs machines d'affilée, rien n'empêche d'imbriquer tout ça dans une boucle for. Si la commande lancée après le "su -c" nécessite des arguments, alors on peut utiliser les guillemets simples :</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ssh</span><span class="w"> </span><span class="o">-</span><span class="n">t</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="ss">"su -c 'whoami --help'"</span><span class="w"></span>
<span class="n">nils</span><span class="nv">@www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="err">'</span><span class="n">s</span><span class="w"> </span><span class="nl">password</span><span class="p">:</span><span class="w"> </span>
<span class="nl">Password</span><span class="p">:</span><span class="w"> </span>
<span class="k">Usage</span><span class="err">:</span><span class="w"> </span><span class="n">whoami</span><span class="w"> </span><span class="o">[</span><span class="n">OPTION</span><span class="o">]</span><span class="p">...</span><span class="w"></span>
<span class="k">Print</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">user</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">associated</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">current</span><span class="w"> </span><span class="n">effective</span><span class="w"> </span><span class="k">user</span><span class="w"> </span><span class="n">ID</span><span class="p">.</span><span class="w"></span>
<span class="n">Same</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">-</span><span class="n">un</span><span class="p">.</span><span class="w"></span>
<span class="w"> </span><span class="o">--</span><span class="n">help</span><span class="w"> </span><span class="n">display</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">help</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="k">exit</span><span class="w"></span>
<span class="w"> </span><span class="o">--</span><span class="n">version</span><span class="w"> </span><span class="k">output</span><span class="w"> </span><span class="n">version</span><span class="w"> </span><span class="n">information</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="k">exit</span><span class="w"></span>
<span class="n">Report</span><span class="w"> </span><span class="n">bugs</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="o"><</span><span class="n">bug</span><span class="o">-</span><span class="n">coreutils</span><span class="nv">@gnu</span><span class="p">.</span><span class="n">org</span><span class="o">></span><span class="p">.</span><span class="w"></span>
<span class="k">Connection</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="n">anotherhomepage</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="n">closed</span><span class="p">.</span><span class="w"></span>
</code></pre></div>
<h2>Commentaires</h2>
<h3>Le 20/03/2008 23:27 par pierre fauquembergue</h3>
<p>Sinon, plus simple il y a cssh ( pour cluster ssh ), ca change la vie !</p>fichue option de fdisk2008-02-21T19:52:00+01:002008-02-21T19:52:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-02-21:/post/2008/02/21/fichue-option-de-fdisk/<p>genre, pas très harmonieux tout ça</p>
<p>Je range ce billet dans "Linux et Logiciels libres" mais ça pourrait aller dans "Humeur"; lorsque je lance fdisk en mode interactif, voilà comment cela se passe :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@lutgholein</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#fdisk</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda</span><span class="w"></span>
<span class="n">Le</span><span class="w"> </span><span class="n">nombre</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">cylindres</span><span class="w"> </span><span class="n">pour</span><span class="w"> </span><span class="n">ce</span><span class="w"> </span><span class="n">disque</span><span class="w"> </span><span class="n">est</span><span class="w"> </span><span class="n">initialisé</span><span class="w"> </span><span class="n">à</span><span class="w"> </span><span class="mf">36483.</span><span class="w"></span>
<span class="n">Il …</span></code></pre></div><p>genre, pas très harmonieux tout ça</p>
<p>Je range ce billet dans "Linux et Logiciels libres" mais ça pourrait aller dans "Humeur"; lorsque je lance fdisk en mode interactif, voilà comment cela se passe :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@lutgholein</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#fdisk</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda</span><span class="w"></span>
<span class="n">Le</span><span class="w"> </span><span class="n">nombre</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">cylindres</span><span class="w"> </span><span class="n">pour</span><span class="w"> </span><span class="n">ce</span><span class="w"> </span><span class="n">disque</span><span class="w"> </span><span class="n">est</span><span class="w"> </span><span class="n">initialisé</span><span class="w"> </span><span class="n">à</span><span class="w"> </span><span class="mf">36483.</span><span class="w"></span>
<span class="n">Il</span><span class="w"> </span><span class="n">n</span><span class="s1">'y a rien d''incorrect avec cela, mais c'</span><span class="n">est</span><span class="w"> </span><span class="n">plus</span><span class="w"> </span><span class="n">grand</span><span class="w"> </span><span class="n">que</span><span class="w"> </span><span class="mi">1024</span><span class="p">,</span><span class="w"></span>
<span class="n">et</span><span class="w"> </span><span class="n">cela</span><span class="w"> </span><span class="n">pourrait</span><span class="w"> </span><span class="n">causer</span><span class="w"> </span><span class="n">des</span><span class="w"> </span><span class="n">problèmes</span><span class="w"> </span><span class="n">en</span><span class="w"> </span><span class="n">fonction</span><span class="w"> </span><span class="n">pour</span><span class="w"> </span><span class="n">certaines</span><span class="w"> </span><span class="nl">configurations</span><span class="p">:</span><span class="w"></span>
<span class="mi">1</span><span class="p">)</span><span class="w"> </span><span class="n">logiciels</span><span class="w"> </span><span class="n">qui</span><span class="w"> </span><span class="n">sont</span><span class="w"> </span><span class="n">exécutés</span><span class="w"> </span><span class="n">à</span><span class="w"> </span><span class="n">l</span><span class="s1">'amorçage (i.e., vieilles versions de LILO)</span>
<span class="s1">2) logiciels d'</span><span class="n">amorçage</span><span class="w"> </span><span class="n">et</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="n">partitionnement</span><span class="w"> </span><span class="n">pour</span><span class="w"> </span><span class="n">d</span><span class="s1">'autres SE</span>
<span class="s1"> (i.e., DOS FDISK, OS/2 FDISK)</span>
<span class="s1">Commande (m pour l'</span><span class="n">aide</span><span class="p">)</span><span class="err">:</span><span class="w"> </span><span class="n">p</span><span class="w"></span>
<span class="n">Disque</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="nl">hda</span><span class="p">:</span><span class="w"> </span><span class="mf">300.0</span><span class="w"> </span><span class="k">Go</span><span class="p">,</span><span class="w"> </span><span class="mi">300090728448</span><span class="w"> </span><span class="n">octets</span><span class="w"></span>
<span class="mi">255</span><span class="w"> </span><span class="n">heads</span><span class="p">,</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="n">sectors</span><span class="o">/</span><span class="n">track</span><span class="p">,</span><span class="w"> </span><span class="mi">36483</span><span class="w"> </span><span class="n">cylinders</span><span class="w"></span>
<span class="n">Unités</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">cylindres</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="mi">16065</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="mi">512</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">8225280</span><span class="w"> </span><span class="n">octets</span><span class="w"></span>
<span class="n">Périphérique</span><span class="w"> </span><span class="n">Amorce</span><span class="w"> </span><span class="n">Début</span><span class="w"> </span><span class="n">Fin</span><span class="w"> </span><span class="n">Blocs</span><span class="w"> </span><span class="n">Id</span><span class="w"> </span><span class="n">Système</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda1</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="mi">12</span><span class="w"> </span><span class="mi">96358</span><span class="o">+</span><span class="w"> </span><span class="mi">83</span><span class="w"> </span><span class="n">Linux</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda2</span><span class="w"> </span><span class="mi">13</span><span class="w"> </span><span class="mi">152</span><span class="w"> </span><span class="mi">1124550</span><span class="w"> </span><span class="mi">82</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">swap</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="n">Solaris</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda4</span><span class="w"> </span><span class="mi">153</span><span class="w"> </span><span class="mi">36483</span><span class="w"> </span><span class="mi">291828757</span><span class="o">+</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="n">Extended</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda5</span><span class="w"> </span><span class="mi">153</span><span class="w"> </span><span class="mi">1197</span><span class="w"> </span><span class="mi">8393931</span><span class="w"> </span><span class="mi">83</span><span class="w"> </span><span class="n">Linux</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda6</span><span class="w"> </span><span class="mi">1198</span><span class="w"> </span><span class="mi">9964</span><span class="w"> </span><span class="mi">70420896</span><span class="w"> </span><span class="mi">8</span><span class="n">e</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">LVM</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda7</span><span class="w"> </span><span class="mi">9965</span><span class="w"> </span><span class="mi">36483</span><span class="w"> </span><span class="mi">213013836</span><span class="w"> </span><span class="mi">8</span><span class="n">e</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">LVM</span><span class="w"></span>
<span class="n">Commande</span><span class="w"> </span><span class="p">(</span><span class="n">m</span><span class="w"> </span><span class="n">pour</span><span class="w"> </span><span class="n">l</span><span class="err">'</span><span class="n">aide</span><span class="p">)</span><span class="err">:</span><span class="w"></span>
</code></pre></div>
<p>On voit bien qu'on utilise la lettre "p" pour "print", afficher la table des partitions. Si par contre je veux juste afficher la table des partitions sans rien faire d'autre, en mode non-interactif, on lance fdisk de cette manière :</p>
<div class="highlight"><pre><span></span><code><span class="n">root</span><span class="nv">@lutgholein</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="n">#fdisk</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda</span><span class="w"></span>
<span class="n">Disque</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="nl">hda</span><span class="p">:</span><span class="w"> </span><span class="mf">300.0</span><span class="w"> </span><span class="k">Go</span><span class="p">,</span><span class="w"> </span><span class="mi">300090728448</span><span class="w"> </span><span class="n">octets</span><span class="w"></span>
<span class="mi">255</span><span class="w"> </span><span class="n">heads</span><span class="p">,</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="n">sectors</span><span class="o">/</span><span class="n">track</span><span class="p">,</span><span class="w"> </span><span class="mi">36483</span><span class="w"> </span><span class="n">cylinders</span><span class="w"></span>
<span class="n">Unités</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">cylindres</span><span class="w"> </span><span class="n">de</span><span class="w"> </span><span class="mi">16065</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="mi">512</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">8225280</span><span class="w"> </span><span class="n">octets</span><span class="w"></span>
<span class="n">Périphérique</span><span class="w"> </span><span class="n">Amorce</span><span class="w"> </span><span class="n">Début</span><span class="w"> </span><span class="n">Fin</span><span class="w"> </span><span class="n">Blocs</span><span class="w"> </span><span class="n">Id</span><span class="w"> </span><span class="n">Système</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda1</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="mi">12</span><span class="w"> </span><span class="mi">96358</span><span class="o">+</span><span class="w"> </span><span class="mi">83</span><span class="w"> </span><span class="n">Linux</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda2</span><span class="w"> </span><span class="mi">13</span><span class="w"> </span><span class="mi">152</span><span class="w"> </span><span class="mi">1124550</span><span class="w"> </span><span class="mi">82</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">swap</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="n">Solaris</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda4</span><span class="w"> </span><span class="mi">153</span><span class="w"> </span><span class="mi">36483</span><span class="w"> </span><span class="mi">291828757</span><span class="o">+</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="n">Extended</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda5</span><span class="w"> </span><span class="mi">153</span><span class="w"> </span><span class="mi">1197</span><span class="w"> </span><span class="mi">8393931</span><span class="w"> </span><span class="mi">83</span><span class="w"> </span><span class="n">Linux</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda6</span><span class="w"> </span><span class="mi">1198</span><span class="w"> </span><span class="mi">9964</span><span class="w"> </span><span class="mi">70420896</span><span class="w"> </span><span class="mi">8</span><span class="n">e</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">LVM</span><span class="w"></span>
<span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">hda7</span><span class="w"> </span><span class="mi">9965</span><span class="w"> </span><span class="mi">36483</span><span class="w"> </span><span class="mi">213013836</span><span class="w"> </span><span class="mi">8</span><span class="n">e</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">LVM</span><span class="w"></span>
</code></pre></div>
<p>Donc on a "l" pour "list", lister. Ok, les deux se valent, mais c'est quand même casse-pied, je tente régulièrement des fdisk -p /dev/nomdudisque et me prend un message d'erreur dans la figure ! C 'est casse-pied au possible !</p>
<p>Et pour couronner le tout, le fdisk de l'OS à la Pomme se comporte d'une autre manière !</p>
<div class="highlight"><pre><span></span><code><span class="n">nils</span><span class="nv">@darkmoon</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">sudo</span><span class="w"> </span><span class="n">fdisk</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">disk0</span><span class="w"></span>
<span class="nl">Password</span><span class="p">:</span><span class="w"></span>
<span class="k">Disk</span><span class="err">:</span><span class="w"> </span><span class="o">/</span><span class="n">dev</span><span class="o">/</span><span class="n">disk0</span><span class="w"> </span><span class="nl">geometry</span><span class="p">:</span><span class="w"> </span><span class="mi">14593</span><span class="o">/</span><span class="mi">255</span><span class="o">/</span><span class="mi">63</span><span class="w"> </span><span class="o">[</span><span class="n">234441648 sectors</span><span class="o">]</span><span class="w"></span>
<span class="nl">Signature</span><span class="p">:</span><span class="w"> </span><span class="mh">0xAA55</span><span class="w"></span>
<span class="w"> </span><span class="n">Starting</span><span class="w"> </span><span class="n">Ending</span><span class="w"></span>
<span class="w"> </span><span class="err">#:</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="n">cyl</span><span class="w"> </span><span class="n">hd</span><span class="w"> </span><span class="n">sec</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">cyl</span><span class="w"> </span><span class="n">hd</span><span class="w"> </span><span class="n">sec</span><span class="w"> </span><span class="o">[</span><span class="n"> start - size</span><span class="o">]</span><span class="w"></span>
<span class="o">------------------------------------------------------------------------</span><span class="w"></span>
<span class="w"> </span><span class="mi">1</span><span class="err">:</span><span class="w"> </span><span class="n">EE</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">[</span><span class="n"> 1 - 409639</span><span class="o">]</span><span class="w"> </span><span class="o"><</span><span class="k">Unknown</span><span class="w"> </span><span class="n">ID</span><span class="o">></span><span class="w"></span>
<span class="w"> </span><span class="mi">2</span><span class="err">:</span><span class="w"> </span><span class="n">AF</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">[</span><span class="n"> 409640 - 62652416</span><span class="o">]</span><span class="w"> </span><span class="n">HFS</span><span class="o">+</span><span class="w"> </span>
<span class="o">*</span><span class="mi">3</span><span class="err">:</span><span class="w"> </span><span class="mi">07</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">[</span><span class="n"> 63328230 - 62460720</span><span class="o">]</span><span class="w"> </span><span class="n">HPFS</span><span class="o">/</span><span class="n">QNX</span><span class="o">/</span><span class="n">AUX</span><span class="w"></span>
<span class="w"> </span><span class="mi">4</span><span class="err">:</span><span class="w"> </span><span class="mi">83</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">1023</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="o">[</span><span class="n"> 125788950 - 30716280</span><span class="o">]</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="n">files</span><span class="o">*</span><span class="w"></span>
</code></pre></div>
<p>Quelle embrouille ;-)</p>Gestion de fichiers de grande taille sur Apache2008-01-28T23:19:00+01:002008-01-28T23:19:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-01-28:/post/2008/01/28/Gestion-de-fichiers-de-grande-taille-sur-Apache/<p>en fait le souci n'est pas forcément d'Apache</p>
<p>Il y a quelques temps j'utilisais Apache 2.0 et je crois qu'il ne pouvait pas gérer la présence de fichiers de plus de 2Go (il peut m'arriver d'héberger ce genre de fichiers sur <a href="http://downloads.anotherhomepage.org">Downloads.Anotherhomepage</a>, comme par exemple mirrorer les images …</p><p>en fait le souci n'est pas forcément d'Apache</p>
<p>Il y a quelques temps j'utilisais Apache 2.0 et je crois qu'il ne pouvait pas gérer la présence de fichiers de plus de 2Go (il peut m'arriver d'héberger ce genre de fichiers sur <a href="http://downloads.anotherhomepage.org">Downloads.Anotherhomepage</a>, comme par exemple mirrorer les images iso de <a href="http://kaella.linux-azur.org/index.php#telechargement">Kaella</a>). Maintenant, j'utilise Apache 2.2 et si avec mon petit Firefox adoré je vais voir si l'iso DVD est présente sur le miroir Anotherhomepage, on remarquera que non :( Or, la blague, c'est que si je connais l'url, <a href="http://www.gossamer-threads.com/lists/apache/users/304079#304079">je peux la télécharger via wget</a>.</p>
<p>Dingue, n'est-ce pas?</p>RPMforge2008-01-19T22:40:00+01:002008-01-19T22:40:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2008-01-19:/post/2008/01/19/RPMforge/<p>un dépôt qu'il est bien</p>
<p>Oui, il y a des dépôts tierce-partie pour les distribs Red Hat, telles que RHEL, CentOS et Fedora. Un que j'apprécie beaucoup c'est <a href="http://rpmforge.net/">RPMforge</a>. Il contient entre autres, <a href="http://htop.sourceforge.net/">Htop</a> et <a href="http://www.nagios.org/">Nagios</a>, ce qui fait que j'aime bien l'installer sur une machine CentOS ou Fedora (htop …</p><p>un dépôt qu'il est bien</p>
<p>Oui, il y a des dépôts tierce-partie pour les distribs Red Hat, telles que RHEL, CentOS et Fedora. Un que j'apprécie beaucoup c'est <a href="http://rpmforge.net/">RPMforge</a>. Il contient entre autres, <a href="http://htop.sourceforge.net/">Htop</a> et <a href="http://www.nagios.org/">Nagios</a>, ce qui fait que j'aime bien l'installer sur une machine CentOS ou Fedora (htop c'est vraiment du confort face à top). Pour l'installer, c'est très simple : il suffit d'aller récupérer le RPM qui installe le dépôt dans yum, ce qui évite de rajouter le dépôt à la main dans la configuration de ce dernier. Pour trouver le rpm "rpmforge-release", c'est <a href="http://dag.wieers.com/rpm/packages/rpmforge-release/">ici</a>. On l'installe via un bon vieux rpm -ivh, on fait un petit yum update, et c'est parti !</p>Installation et configuration d'un serveur dédié OpenArena 0.7.12007-11-28T23:37:00+01:002007-11-28T23:37:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-11-28:/post/2007/11/28/Installation-et-configuration-dun-serveur-dedie-OpenArena-071/<p>(marche aussi pour Quake 3 Arena)</p>
<p>Amusons-nous un peu avec Open Arena, un First Person Shooter basé sur le moteur libéré sous GPL du génialissime Quake 3 Arena. Mais pour bien s'amuser, mieux vaut être plusieurs. Comme héberger soi-même la partie c'est lourd, utilisons une machine dédiée.</p>
<p>D'abord, on récupère …</p><p>(marche aussi pour Quake 3 Arena)</p>
<p>Amusons-nous un peu avec Open Arena, un First Person Shooter basé sur le moteur libéré sous GPL du génialissime Quake 3 Arena. Mais pour bien s'amuser, mieux vaut être plusieurs. Comme héberger soi-même la partie c'est lourd, utilisons une machine dédiée.</p>
<p>D'abord, on récupère OA 0.7.0 et le patch 0.7.1 soit via le site officiel, soit via votre gestionnaire de paquets favoris (à ma connaissance, Ubuntu et Fedora n'ont pas de version à jour dans leur dépôts, mais cela a pu changer depuis que j'ai vérifié. Aucun problème avec une Mandriva 2008), soit via mon miroir perso <a href="http://downloads.anotherhomepage.org/">http://downloads.anotherhomepage.org/</a> , rubrique Programs. On récupèrera optionnellement le mod OSP 1.03.</p>
<p>On décompresse les archives, à la racine de son répertoire home. Pour un utilisateur "quakeur" sur une machine "campgrounds", cela donne comme arborescence :</p>
<div class="highlight"><pre><span></span><code><span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">pwd</span><span class="w"></span>
<span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">quakeur</span><span class="w"></span>
<span class="err">$</span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">hlF</span><span class="w"> </span><span class="n">openarena</span><span class="o">/</span><span class="w"></span>
<span class="n">total</span><span class="w"> </span><span class="mi">11</span><span class="n">M</span><span class="w"></span>
<span class="n">drwxr</span><span class="o">-</span><span class="n">xr</span><span class="o">-</span><span class="n">x</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">4</span><span class="p">,</span><span class="mi">0</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="mi">20</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">baseoa</span><span class="o">/</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">6</span><span class="p">,</span><span class="mi">8</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">07</span><span class="err">:</span><span class="mi">09</span><span class="w"> </span><span class="n">CHANGES</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">18</span><span class="n">K</span><span class="w"> </span><span class="mi">2006</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">10</span><span class="w"> </span><span class="mi">17</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">COPYING</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">1</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">03</span><span class="err">:</span><span class="mi">56</span><span class="w"> </span><span class="n">CREDITS</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">765</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">ioq3ded</span><span class="p">.</span><span class="n">i386</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">877</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">ioq3ded</span><span class="p">.</span><span class="n">x86_64</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="mi">6</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">ioquake3</span><span class="p">.</span><span class="n">i386</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="mi">6</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">ioquake3</span><span class="o">-</span><span class="n">smp</span><span class="p">.</span><span class="n">i386</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="mi">8</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">ioquake3</span><span class="o">-</span><span class="n">smp</span><span class="p">.</span><span class="n">x86_64</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="mi">8</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">ioquake3</span><span class="p">.</span><span class="n">x86_64</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">16</span><span class="n">K</span><span class="w"> </span><span class="mi">2006</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">26</span><span class="w"> </span><span class="mi">05</span><span class="err">:</span><span class="mi">25</span><span class="w"> </span><span class="n">libogg</span><span class="o">-</span><span class="mf">0.</span><span class="n">dll</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">154</span><span class="n">K</span><span class="w"> </span><span class="mi">2006</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">26</span><span class="w"> </span><span class="mi">05</span><span class="err">:</span><span class="mi">25</span><span class="w"> </span><span class="n">libvorbis</span><span class="o">-</span><span class="mf">0.</span><span class="n">dll</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">29</span><span class="n">K</span><span class="w"> </span><span class="mi">2006</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">26</span><span class="w"> </span><span class="mi">05</span><span class="err">:</span><span class="mi">25</span><span class="w"> </span><span class="n">libvorbisfile</span><span class="o">-</span><span class="mf">3.</span><span class="n">dll</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">64</span><span class="w"> </span><span class="mi">2006</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">25</span><span class="w"> </span><span class="mi">18</span><span class="err">:</span><span class="mi">35</span><span class="w"> </span><span class="n">LINUXNOTES</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="mi">0</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">openarena</span><span class="p">.</span><span class="n">exe</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="mi">4</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">09</span><span class="err">:</span><span class="mi">50</span><span class="w"> </span><span class="n">README</span><span class="o">*</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">hlF</span><span class="w"> </span><span class="n">openarena</span><span class="o">/</span><span class="n">baseoa</span><span class="o">/</span><span class="w"></span>
<span class="n">total</span><span class="w"> </span><span class="mi">261</span><span class="n">M</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">30</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">41</span><span class="w"> </span><span class="n">pak0</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">27</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">38</span><span class="w"> </span><span class="n">pak1</span><span class="o">-</span><span class="n">maps</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">23</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">43</span><span class="w"> </span><span class="n">pak2</span><span class="o">-</span><span class="n">players</span><span class="o">-</span><span class="n">mature</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">65</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">46</span><span class="w"> </span><span class="n">pak2</span><span class="o">-</span><span class="n">players</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">25</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">47</span><span class="w"> </span><span class="n">pak3</span><span class="o">-</span><span class="n">music</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">67</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">48</span><span class="w"> </span><span class="n">pak4</span><span class="o">-</span><span class="n">textures</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">117</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">49</span><span class="w"> </span><span class="n">pak5</span><span class="o">-</span><span class="n">TA</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">16</span><span class="n">M</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">07</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="mi">08</span><span class="err">:</span><span class="mi">49</span><span class="w"> </span><span class="n">pak6</span><span class="o">-</span><span class="n">misc</span><span class="p">.</span><span class="n">pk3</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="c1">--r-- 1 quakeur quakeur 12M 2007-08-08 14:36 pak7-patch.pk3</span>
</code></pre></div>
<p>2 choses : la première, le zip contient les binaires 32 et 64 bits x86 pour Linux, mais aussi un binaire 32 bits pour Windows. On peut optionnellement dégager ce dernier ainsi que les dll, vu qu'ils ne serviront pas, je pars du postulat qu'on tourne sous un OS propre, voire terreux, mais pas sale.</p>
<p>La seconde, c'est l'endroit où se situe le fichier du patch 0.7.1 : on vérifiera bien que le fichier pak7-patch.pk3 est dans \~/openarena/baseoa/ .</p>
<p>ensuite, il faut se faire un fichier de configuration. OpenArena étant basé sur le moteur libre de Quake 3 Arena, tout bon tuto qui se respecte pour ce bon vieux Q3A est à peu près valide pour OA. Voici ma configuration, utilisée pour la micro lan-party des JM2L 2007 (téléchargeable <a href="http://downloads.anotherhomepage.org/Programs/openarena/ffa.cfg">ici</a>):</p>
<div class="highlight"><pre><span></span><code><span class="sr">//</span><span class="n">Fichier</span> <span class="n">de</span> <span class="n">config</span> <span class="n">server</span> <span class="n">OA</span><span class="p">,</span> <span class="n">chaque</span> <span class="n">commentaire</span> <span class="n">commence</span> <span class="n">par</span> <span class="s">"//"</span> <span class="n">et</span> <span class="n">dure</span> <span class="n">jusqu</span><span class="s">'à la fin de la ligne.</span>
<span class="s"> //on met gametype à 0 pour Free for All (chacun pour sa pomme) </span>
<span class="s"> g_gametype 0</span>
<span class="s"> //Free For All Settings </span>
<span class="s"> //Limite de frag. Au-delà, on change de map. Pour enlever la limite, mettre à 0</span>
<span class="s"> fraglimit 20</span>
<span class="s"> //Limite de temps. Au-delà, on change de map. Pour enlever la limite, mettre à 0</span>
<span class="s"> timelimit 10</span>
<span class="s"> //Nombre max de n00bz sur le serveur</span>
<span class="s"> sv_maxclients 8</span>
<span class="s"> //Nom qui apparait dans l'</span><span class="n">interface</span> <span class="n">de</span> <span class="n">recherche</span>
<span class="n">sv_hostname</span> <span class="s">"Open Arena JM2L FFA Server"</span>
<span class="sr">//</span><span class="n">Message</span> <span class="n">du</span> <span class="n">jour</span> <span class="p">(</span><span class="n">Message</span> <span class="n">of</span> <span class="n">the</span> <span class="n">day</span><span class="p">)</span><span class="o">.</span> <span class="n">Optionnel</span>
<span class="n">set</span> <span class="n">g_motd</span> <span class="s">"JM2L Open Arena serveur, amusez-vous bien !"</span>
<span class="sr">//</span><span class="n">On</span> <span class="n">peut</span> <span class="n">réclamer</span> <span class="n">un</span> <span class="n">mot</span> <span class="n">de</span> <span class="n">passe</span> <span class="n">à</span> <span class="n">l</span><span class="s">'entrée du servur 1="je veux un mot de passe", 0="je m'</span><span class="n">en</span> <span class="n">cogne</span><span class="s">" (Défaut: 0)</span>
<span class="s"> sv_privateClients 0</span>
<span class="s"> //Si t'as mis 1 à la valeur précédente, indique ici ton mot de passe (on commente si c'est 0)</span>
<span class="s"> //sv_privatePassword ""</span>
<span class="s"> //Mot de passe de la console d'admin</span>
<span class="s"> rconpassword "</span><span class="n">lamepassword</span><span class="s">"</span>
<span class="s"> //Sorte d'anti-triche qui vérifie l'intégrité des fichiers pak 1=activé, 0=désactivé (Défaut: 1)</span>
<span class="s"> sv_pure 1</span>
<span class="s"> //Rafraîchissement max des n00bz qui viennent jouer, on recommande une valeur de 8000 à 10000 Max: 25000 </span>
<span class="s"> //(Défaut: 0)</span>
<span class="s"> sv_maxRate 10000</span>
<span class="s"> //Sélection des map, dans quel ordre, et ensuite on charge la première map</span>
<span class="s"> set d1 "</span><span class="nb">map</span> <span class="n">oa_rpg3dm2</span><span class="p">;</span> <span class="n">set</span> <span class="n">nextmap</span> <span class="n">vstr</span> <span class="n">d2</span><span class="s">"</span>
<span class="s"> set d2 "</span><span class="nb">map</span> <span class="n">q3dm6ish</span><span class="p">;</span> <span class="n">set</span> <span class="n">nextmap</span> <span class="n">vstr</span> <span class="n">d3</span><span class="s">"</span>
<span class="s"> set d3 "</span><span class="nb">map</span> <span class="n">oa_dm1</span> <span class="p">;</span> <span class="n">set</span> <span class="n">nextmap</span> <span class="n">vstr</span> <span class="n">d4</span><span class="s">"</span>
<span class="s"> set d4 "</span><span class="nb">map</span> <span class="n">fan</span><span class="p">;</span> <span class="n">set</span> <span class="n">nextmap</span> <span class="n">vstr</span> <span class="n">d5</span><span class="s">"</span>
<span class="s"> set d5 "</span><span class="nb">map</span> <span class="n">suspended</span> <span class="p">;</span> <span class="n">set</span> <span class="n">nextmap</span> <span class="n">vstr</span> <span class="n">d1</span><span class="s">"</span>
<span class="s"> vstr d1</span>
<span class="s"> //temps de réapparition (respawn) des armes en secondes. S'il y a plein de n00bz sur le serveur,</span>
<span class="s"> // mieux vaut augmenter la valeur (Défaut: 5)</span>
<span class="s"> set g_weaponrespawn 5</span>
<span class="s"> //Possibilité de voter 1=oui, 0=non (Défaut: 1)</span>
<span class="s"> set g_allowvote 1</span>
<span class="s"> //multiple de puissance du quad damage </span>
<span class="s"> //(Défaut: 3. donc un coup de roquette fait 3 fois plus de dégâts quand on a le quad damage)</span>
<span class="s"> set g_quadfactor 3</span>
<span class="s"> //variable nécessairement à 1 pour les clients qui veulent enregistrer la partie, </span>
<span class="s"> //mais cela ralentit légèrement le jeu (Défaut: 0)</span>
<span class="s"> set g_syncronousClients 0</span>
<span class="s"> //petites infos parfois utiles</span>
<span class="s"> sets "</span><span class="n">Administrator</span><span class="s">" "</span><span class="n">r00t</span><span class="s">"</span>
<span class="s"> sets "</span><span class="n">Email</span><span class="s">" "</span><span class="n">mail</span><span class="nv">@domain</span><span class="o">.</span><span class="n">tld</span><span class="s">"</span>
<span class="s"> sets "</span><span class="n">URL</span><span class="s">" "</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">domain</span><span class="o">.</span><span class="n">tld</span><span class="s">"</span>
<span class="s"> sets "</span><span class="n">Location</span><span class="s">" "</span><span class="n">au</span> <span class="n">fond</span> <span class="n">à</span> <span class="n">droite</span><span class="s">"</span>
<span class="s"> sets "</span><span class="n">CPU</span><span class="s">" "</span><span class="n">Quadri</span> <span class="n">Xeon</span><span class="s">"</span>
<span class="s"> // Si on utilise un pack de maps persos, il faut en faire profiter les autres :))</span>
<span class="s"> //sets "</span><span class="n">mappack</span><span class="s">" "</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">myserver</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">mappack</span><span class="o">.</span><span class="n">zip</span><span class="s">"</span>
<span class="s">// --- bots ---</span>
<span class="s">seta bot_enable "</span><span class="mi">1</span><span class="s">" // Activer les bots : 1 = activé, 0 = désactivé</span>
<span class="s">seta bot_minplayers "</span><span class="mi">3</span><span class="s">" // Nombre minimum de n00bz pour que les bots se barrent</span>
<span class="s">seta bot_nochat "</span><span class="mi">1</span><span class="err">"</span> <span class="sr">//</span> <span class="n">Les</span> <span class="n">bots</span> <span class="n">peuvent</span> <span class="n">parler</span><span class="o">.</span> <span class="mi">1</span> <span class="o">=</span> <span class="n">ils</span> <span class="n">peuvent</span> <span class="n">faire</span> <span class="n">les</span> <span class="n">piplettes</span><span class="p">,</span> <span class="mi">0</span> <span class="o">=</span> <span class="n">ils</span> <span class="n">la</span> <span class="n">bouclent</span>
<span class="sr">//</span> <span class="n">End</span> <span class="n">of</span> <span class="n">file</span><span class="o">.</span>
</code></pre></div>
<p>Ce fichier, appelons-le ffa.cfg (puisque c'est un serveur Free For All) et plaçons-le dans notre répertoire de configuration OA (le jeu fonctionne dans un mode plus ou moins chrooté, alors mieux vaut qu'il puisse trouver la config) :</p>
<div class="highlight"><pre><span></span><code><span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">pwd</span><span class="w"></span>
<span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">quakeur</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">cd</span><span class="w"> </span><span class="p">.</span><span class="n">openarena</span><span class="o">/</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">openarena</span><span class="w"> </span><span class="err">$</span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">hlF</span><span class="w"></span>
<span class="n">total</span><span class="w"> </span><span class="mi">4</span><span class="p">,</span><span class="mi">0</span><span class="n">K</span><span class="w"></span>
<span class="n">drwxr</span><span class="o">-</span><span class="n">xr</span><span class="o">-</span><span class="n">x</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">4</span><span class="p">,</span><span class="mi">0</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="mi">22</span><span class="err">:</span><span class="mi">19</span><span class="w"> </span><span class="n">baseoa</span><span class="o">/</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">openarena</span><span class="w"> </span><span class="err">$</span><span class="n">cd</span><span class="w"> </span><span class="n">baseoa</span><span class="o">/</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">openarena</span><span class="o">/</span><span class="n">baseoa</span><span class="w"> </span><span class="err">$</span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">hlF</span><span class="w"></span>
<span class="n">total</span><span class="w"> </span><span class="mi">88</span><span class="n">K</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">75</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="mi">22</span><span class="err">:</span><span class="mi">28</span><span class="w"> </span><span class="n">games</span><span class="p">.</span><span class="nf">log</span><span class="w"></span>
<span class="o">-</span><span class="n">rwxr</span><span class="o">-</span><span class="n">xr</span><span class="o">-</span><span class="n">x</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="mi">1</span><span class="n">K</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="mi">21</span><span class="err">:</span><span class="mi">00</span><span class="w"> </span><span class="n">ffa</span><span class="p">.</span><span class="n">cfg</span><span class="o">*</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">956</span><span class="w"> </span><span class="mi">2007</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="mi">22</span><span class="err">:</span><span class="mi">20</span><span class="w"> </span><span class="n">q3config</span><span class="p">.</span><span class="n">cfg</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~/</span><span class="p">.</span><span class="n">openarena</span><span class="o">/</span><span class="n">baseoa</span><span class="w"> </span><span class="err">$</span><span class="w"></span>
</code></pre></div>
<p>les fichiers games.log et q3config.cfg peuvent ne pas exister, ils seront créés après un premier lancement du jeu. A la rigueur, selon la quantité de mémoire vive de votre serveur dédié, il peut être bien de positionner la variable com_hunkMegs à la quantité de mémoire vive que vous désirez allouer.</p>
<p>Et maintenant? Et bien on lance le serveur :</p>
<div class="highlight"><pre><span></span><code><span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="n">cd</span><span class="w"> </span><span class="n">openarena</span><span class="o">/</span><span class="w"></span>
<span class="n">quakeur</span><span class="nv">@campgrounds</span><span class="err">:</span><span class="o">~</span><span class="w"> </span><span class="err">$</span><span class="p">.</span><span class="o">/</span><span class="n">ioq3ded</span><span class="p">.</span><span class="n">i386</span><span class="w"> </span><span class="o">+</span><span class="k">set</span><span class="w"> </span><span class="n">dedicated</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">+</span><span class="k">set</span><span class="w"> </span><span class="n">net_ip</span><span class="w"> </span><span class="mf">192.168.0.3</span><span class="w"> </span><span class="o">+</span><span class="k">set</span><span class="w"> </span><span class="n">net_port</span><span class="w"> </span><span class="mi">27960</span><span class="w"> </span><span class="o">+</span><span class="k">set</span><span class="w"> </span><span class="n">g_log</span><span class="w"> </span><span class="n">games</span><span class="p">.</span><span class="nf">log</span><span class="w"> </span><span class="o">+</span><span class="k">exec</span><span class="w"> </span><span class="n">ffa</span><span class="p">.</span><span class="n">cfg</span><span class="w"></span>
</code></pre></div>
<p>Spécifier l'adresse IP est une bonne chose si vous avez de multiples interfaces réseau, mais c'est optionnel. Idem pour le port, mis par défaut à 27960 si ma mémoire est bonne (utile si on a un monstre de puissance et qu'on fait tourner plusieurs instances du jeu avec des confs différentes). Il est possible, si on utilise un mod, d'ajouter l'option +set fs_game nomdumod , sachant que le répertoire du mod doit être dans le répertoire de configuration (je ne comprend pas pourquoi, mais ça marche comme ça chez moi :/). Le fichier de config, et celui de log seront aussi dans ce répertoire :</p>
<div class="highlight"><pre><span></span><code><span class="n">quakeur</span><span class="err">@</span><span class="n">campgrounds</span><span class="p">:</span><span class="o">~/.</span><span class="n">openarena</span><span class="o">/</span><span class="n">baseoa</span><span class="w"> </span><span class="o">$</span><span class="n">cd</span><span class="w"> </span><span class="n">osp</span><span class="o">/</span><span class="w"></span>
<span class="n">quakeur</span><span class="err">@</span><span class="n">campgrounds</span><span class="p">:</span><span class="o">~/.</span><span class="n">openarena</span><span class="o">/</span><span class="n">baseoa</span><span class="o">/</span><span class="n">osp</span><span class="w"> </span><span class="o">$$</span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">hlF</span><span class="w"></span>
<span class="n">total</span><span class="w"> </span><span class="mi">92240</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">738</span><span class="n">B</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="mi">1</span><span class="n">v1</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">20</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">680</span><span class="n">B</span><span class="w"> </span><span class="mi">17</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">Docs</span><span class="o">/</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">3</span><span class="n">K</span><span class="w"> </span><span class="mi">28</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">INSTALL</span><span class="o">.</span><span class="n">txt</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">348</span><span class="n">K</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">jan</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">OSP</span><span class="w"> </span><span class="n">Config</span><span class="w"> </span><span class="n">Generator</span><span class="o">.</span><span class="n">exe</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">2</span><span class="n">K</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">OSP</span><span class="w"> </span><span class="n">Match</span><span class="w"> </span><span class="n">Quick</span><span class="w"> </span><span class="n">Start</span><span class="o">.</span><span class="n">txt</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">12</span><span class="n">K</span><span class="w"> </span><span class="mi">16</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">README</span><span class="o">.</span><span class="n">txt</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">27</span><span class="n">K</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">VoodooStats</span><span class="o">-</span><span class="n">ReadME</span><span class="o">.</span><span class="n">txt</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">9</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">306</span><span class="n">B</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">cfg</span><span class="o">-</span><span class="n">DefaultModeReference</span><span class="o">/</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">136</span><span class="n">B</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">cfg</span><span class="o">-</span><span class="n">GfxExample</span><span class="o">/</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">8</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">272</span><span class="n">B</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">cfg</span><span class="o">-</span><span class="n">maps</span><span class="o">/</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">762</span><span class="n">B</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">clanarena</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="n">K</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">ctf</span><span class="o">-</span><span class="n">public</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">736</span><span class="n">B</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">ctf</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">30</span><span class="n">B</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="n">mar</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">description</span><span class="o">.</span><span class="n">txt</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">738</span><span class="n">B</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">ffa</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">1</span><span class="n">K</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">filters</span><span class="o">.</span><span class="n">txt</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">885</span><span class="n">B</span><span class="w"> </span><span class="mi">16</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">freezetag</span><span class="o">-</span><span class="n">vanilla</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">856</span><span class="n">B</span><span class="w"> </span><span class="mi">16</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">freezetag</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">96</span><span class="n">K</span><span class="w"> </span><span class="mi">10</span><span class="w"> </span><span class="n">nov</span><span class="w"> </span><span class="mi">15</span><span class="p">:</span><span class="mi">26</span><span class="w"> </span><span class="n">games</span><span class="o">.</span><span class="n">log</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">728</span><span class="n">B</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">instagib</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">136</span><span class="n">B</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">locs</span><span class="o">/</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">10</span><span class="n">K</span><span class="w"> </span><span class="mi">11</span><span class="w"> </span><span class="n">nov</span><span class="w"> </span><span class="mi">16</span><span class="p">:</span><span class="mi">09</span><span class="w"> </span><span class="n">q3config</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">49</span><span class="n">B</span><span class="w"> </span><span class="mi">9</span><span class="w"> </span><span class="n">nov</span><span class="w"> </span><span class="mi">22</span><span class="p">:</span><span class="mi">01</span><span class="w"> </span><span class="n">q3history</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-------</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">167</span><span class="n">B</span><span class="w"> </span><span class="mi">11</span><span class="w"> </span><span class="n">nov</span><span class="w"> </span><span class="mi">16</span><span class="p">:</span><span class="mi">09</span><span class="w"> </span><span class="n">q3key</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">3</span><span class="n">K</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2000</span><span class="w"> </span><span class="n">spectool</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">760</span><span class="n">B</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">team</span><span class="o">.</span><span class="n">cfg</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">102</span><span class="n">B</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">vm</span><span class="o">/</span><span class="w"></span>
<span class="n">drwxrwxrwx</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">476</span><span class="n">B</span><span class="w"> </span><span class="mi">23</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">voodoo</span><span class="o">/</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">35</span><span class="n">M</span><span class="w"> </span><span class="mi">14</span><span class="w"> </span><span class="n">déc</span><span class="w"> </span><span class="mi">2001</span><span class="w"> </span><span class="n">zz</span><span class="o">-</span><span class="n">osp</span><span class="o">-</span><span class="n">pak0</span><span class="o">.</span><span class="n">pk3</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">8</span><span class="n">M</span><span class="w"> </span><span class="mi">31</span><span class="w"> </span><span class="n">jan</span><span class="w"> </span><span class="mi">2002</span><span class="w"> </span><span class="n">zz</span><span class="o">-</span><span class="n">osp</span><span class="o">-</span><span class="n">pak1</span><span class="o">.</span><span class="n">pk3</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">162</span><span class="n">K</span><span class="w"> </span><span class="mi">17</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">zz</span><span class="o">-</span><span class="n">osp</span><span class="o">-</span><span class="n">pak2</span><span class="o">.</span><span class="n">pk3</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">158</span><span class="n">K</span><span class="w"> </span><span class="mi">28</span><span class="w"> </span><span class="n">fév</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">zz</span><span class="o">-</span><span class="n">osp</span><span class="o">-</span><span class="n">pak3</span><span class="o">.</span><span class="n">pk3</span><span class="w"></span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="n">quakeur</span><span class="w"> </span><span class="mi">239</span><span class="n">K</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">mar</span><span class="w"> </span><span class="mi">2003</span><span class="w"> </span><span class="n">zz</span><span class="o">-</span><span class="n">osp</span><span class="o">-</span><span class="n">server3a</span><span class="o">.</span><span class="n">pk3</span><span class="w"></span>
<span class="n">quakeur</span><span class="err">@</span><span class="n">campgrounds</span><span class="p">:</span><span class="o">~/.</span><span class="n">openarena</span><span class="o">/</span><span class="n">baseoa</span><span class="w"> </span><span class="o">$</span><span class="w"></span>
</code></pre></div>
<p>On note la présence d'un fichier ffa.cfg, d'un q3config.cfg, d'un games.log et de plein d'autres fichiers très intéressants à lire si on souhaite approfondir le sujet (connaissance de l'anglais obligatoire). Le fichier "OSP Config Generator.exe" permet, sous Windows, de générer des fichiers de configuration en mode graphique. Je ne l'ai pas testé sous wine.</p>
<p>Pour plus d'informations :</p>
<p><a href="http://planetquake.gamespy.com/View.php?view=Guides.Detail&id=47&game=4">Planet Quake sur Gamespy</a></p>
<p><a href="http://faq.tuxfamily.org/Game:OpenArena/Fr">FAQ TuxFamily sur OpenArena</a></p>
<p><a href="http://openarena.wikia.com/wiki/Servers">Wiki Open Arena</a></p>
<p><a href="http://www.sp1r1t.org/networks/q3_install/q3_linux_server_howto.php">Une autre doc très bien faite</a></p>
<p>GLHF !</p>Monter une partition via FTP en utilisant Fuse et curlftpfs2007-11-25T20:44:00+01:002007-11-25T20:44:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-11-25:/post/2007/11/25/Monter-une-partition-via-FTP-en-utilisant-Fuse-et-ftpfs/<p>manipulation sous CentOS 5 et Mandriva 2008</p>
<p>Je possède une freebox v5, avec un boitier HD contenant un disque dur de 40Go. Mais, lorsqu'on n'est pas un grand amateur de télévision, et surtout qu'on enregistre pas de programme via ce boitier, il est peu utile (pourquoi déplacer mes films sur …</p><p>manipulation sous CentOS 5 et Mandriva 2008</p>
<p>Je possède une freebox v5, avec un boitier HD contenant un disque dur de 40Go. Mais, lorsqu'on n'est pas un grand amateur de télévision, et surtout qu'on enregistre pas de programme via ce boitier, il est peu utile (pourquoi déplacer mes films sur le boitier HD puisque je peux les regarder en local?). Mais quand même, 40Go qui dorment, c'est rageant.</p>
<p>Alors m'est venue une idée "halakon" : et si je tentais d'accéder à ce disque comme à une partition de mon disque dur? L'idée semble séduisante, mais il y a un hic : le disque dur de la freebox n'est accessible qu'en ftp. Qu'à cela ne tienne, je prend mon moteur de recherches favori pour voir si des gens ont déjà tenté de monter un système de fichiers en ftp, comme on le ferait en NFS ou via Samba (SMB,CIFS). Et mon moteur de recherche favori (c'est long pour désigner G***, non?) me désigne une url chez <a href="http://www.coagul.org/article.php3?id_article=466">Coagul</a>, me présentant le projet <a href="http://fuse.sourceforge.net/">Fuse</a>, dont le but est :</p>
<blockquote>
<p>faciliter le développement de nouveaux programmes permettant de monter toutes sortes de systèmes de fichiers distants (ssh, ftp, webdav,...)</p>
</blockquote>
<p>On remarque donc qu'il existe un logiciel pour monter une partition via ftp : curlftps (je parie qu'il s'appuie sur le logiciel curl, semblable à wget ;) ). La documentation Coagul est très claire et pour les explications, je m'arrête là sinon ça serait moins bien (ou alors je plagie :p ). Mais... mais aptitude ça ne le fait pas trop pour ma CentOS ou ma Mandriva (le premier qui me dit installe). Voyons donc comment s'y prendre avec des rpms :)</p>
<p>Pour CentOS 5 : première chose à faire (si ce n'est pas déjà fait), ajouter à yum le dépôt <a href="http://rpmforge.net/user/faq/">RPMforge</a>, cela peut se faire simplement en installant <a href="http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm">ce RPM</a>, puis en tapant en tant que root la commande <code>yum update</code>. Une fois que c'est fait, il ne reste plus qu'à installer fuse et curlftpfs en tapant en tant que root "yum install curlftpfs" (fuse viendra avec en dépendance). Pour le reste, c'est tout pareil que chez Coagul : modprobe, curlftpfs ou même fstab.</p>
<p>Pour Mandriva : là aussi il faut ajouter un dépôt, celui des contributions. Si on n'est pas déjà passé par la case <a href="http://easyurpmi.zarb.org/?language=fr">Easy urpmi</a>, il en est encore temps ! une fois le dépôt contrib ajouté (pour les pressés, un petit <code>urpmi.addmedia contrib ftp://ftp.lip6.fr/pub/linux/distributions/Mandrakelinux/official/2008.0/i586/media/contrib/release with media_info/hdlist.cz</code> en tant que root sous Mandriva 2008 devrait faire l'affaire), on installe curlftpfs par la commande <code>urpmi curlftpfs</code>, fuse vient aussi en tant que dépendance. Idem que pour CentOS, modprobe et compagnie sont très bien expliqués chez Coagul.</p>
<p>Bon, après tout ça, et avoir monté son ftpfs sur sa freebox HD avec frénésie, on se rend compte que c'est pas une idée extra, ou alors que curlftpfs marche pas top : j'ai personnellement eu des soucis dès que j'ai voulu faire de l'écriture, genre effacer un fichier. Pour savoir si c'est le serveur ftp intégré qui est mal fait, j'ai monté un serveur ftp sur une de mes machines avec vsftpd. Et le résultat reste le même.</p>
<p>Moralité : c'est pas maintenant que je vais exploiter les 40Go de la freebox HD :(</p>
<p>PS : si les dépôts (médias) ne sont pas configurés sous Mandriva, se référer au <a href="http://wiki.mandriva.com/fr/Urpmi">wiki Mandriva</a>.</p>quelques modifications invisibles mais qui donnent satisfaction2007-10-29T23:22:00+01:002007-10-29T23:22:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-10-29:/post/2007/10/29/quelques-modifications-invisibles-mais-qui-donnent-satisfaction/<p>de quoi dire que mon blog respecte les standards...</p>
<p>Je me suis rendu compte, en postant mon billet sur Serj Tankian plus tôt dans la soirée, que les vidéos flash plus ou moins embarquées dans les pages web le sont avec un code non valide quant aux recommandations du <a href="http://www.w3.org/">W3C …</a></p><p>de quoi dire que mon blog respecte les standards...</p>
<p>Je me suis rendu compte, en postant mon billet sur Serj Tankian plus tôt dans la soirée, que les vidéos flash plus ou moins embarquées dans les pages web le sont avec un code non valide quant aux recommandations du <a href="http://www.w3.org/">W3C</a>. Une fois le code inutile enlevé, je me suis rendu compte qu'il restait une erreur. Cette erreur venait du fait que la manière suivante n'es pas correcte pour le validateur XHTML :</p>
<div class="highlight"><pre><span></span><code><html lang="fr">
</code></pre></div>
<p>Je jette un coup d'oeil dans le thème par défaut de Dotclear, et me rend compte qu'il s'agit en fait de :</p>
<div class="highlight"><pre><span></span><code><span class="x"><html lang="</span><span class="cp">{{</span><span class="nv">tpl</span><span class="o">:</span><span class="nv">BlogLanguage</span><span class="cp">}}</span><span class="x">"></span>
</code></pre></div>
<p>Je suis donc la recommandation du W3C qui me propose de mettre :</p>
<div class="highlight"><pre><span></span><code><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
</code></pre></div>
<p>je met donc, pour pouvoir récupérer les valeurs correctement, je met ça :</p>
<div class="highlight"><pre><span></span><code><span class="x"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="</span><span class="cp">{{</span><span class="nv">tpl</span><span class="o">:</span><span class="nv">BlogLanguage</span><span class="cp">}}</span><span class="x">" lang="</span><span class="cp">{{</span><span class="nv">tpl</span><span class="o">:</span><span class="nv">BlogLanguage</span><span class="cp">}}</span><span class="x">"></span>
</code></pre></div>
<p>Maintenant, la question à 1 million : où fait-on ces modifications? Et bien, ça dépend. Il y a 2 cas de figure. Le premier, c'est si on utilise le thème par défaut ou que le thème utilisé ne possède pas de fichier home.html ni de post.html; dans ce cas, il faudra éditer ceux du thème par défaut. La ligne à modifier est la ligne 3 je crois.Le 2e cas de figure, c'est si le thème possède ces fichiers : on modifie alors les fichiers correspondant dans le répertoire du thème.</p>streaming sur son réseau local en quelques minutes2007-09-12T23:12:00+02:002007-09-12T23:12:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-09-12:/post/2007/09/12/streaming-sur-son-reseau-local-en-quelques-minutes/<p>genre, vouloir mater un film dans son lit, avec le film situé sur le disque dur de son ordinateur de bureau</p>
<p>Voici la situation : j'ai un laptop, avec un espace disque limité, et pas envie d'avoir un disque dur usb qui risque de trop chauffer sur le lit... (comment ça …</p><p>genre, vouloir mater un film dans son lit, avec le film situé sur le disque dur de son ordinateur de bureau</p>
<p>Voici la situation : j'ai un laptop, avec un espace disque limité, et pas envie d'avoir un disque dur usb qui risque de trop chauffer sur le lit... (comment ça je quitte jamais mon lit?)</p>
<p>La solution que j'ai utilisé pendant quelques temps était le partage réseau. Je lisais directement les vidéos depuis un partage SMB/CIFS. Parfois, il m'arrivait de copier le fichier directement le fichier sur mon disque local.</p>
<p>Je suis passé à une autre méthode : le streaming, ou plutôt en bon français la lecture en continu. Cela me permet d'éviter de monter un partage réseau, ou de copier le fichier sur mon disque local (donc je ne remplis pas mon disque inutilement). On peut faire cette manipulation très simplement avec <a href="http://www.videolan.org">VLC</a>. Histoire d'être vraiment efficace en minimisant les déplacements du lit vers le bureau, chargeons-nous de contrôler le stream depuis le laptop, idéalement via un clickodrome ou une interface web.</p>
<p>Pour cette manipulation, il nous faut :- un ordinateur fixe avec VLC d'installé (avec un maximum de codecs, sans oublier les pages HTML pour l'interface web); l'OS importe peu, mais dans cet exemple il fonctionne sous Mandriva Linux 2007.1- un ordinateur fixe, lui aussi avec VLC dessus. Encore une fois, l'OS importe peu, mais dans cet exemple il fonctionne sous Mac OS X 10.4.10- les ports 8080 et 8081 libres et ouverts sur l'ordinateur fixe- un réseau local qui fonctionne, par exemple : ethernet, wifi, pigeon voyageur (bon d'accord celui-là c'est pour déconner !)</p>
<p>Sur l'ordinateur de bureau, on se trouve un répertoire avec des vidéos dedans. Si vous n'avez pas de vidéo sur votre ordinateur, vous pouvez utiliser des fichiers audios. Si vous n'en avez pas non plus, sachez qu'il y a plein d'endroits où on en télécharge gratuitement et légalement (ce billet ne traite pas le problème du contenu \^\^ ). Ensuite, il suffit de lire la documentation disponible sur le <a href="http://wiki.videolan.org/Documentation:Streaming_HowTo/Easy_Streaming">wiki</a> de VLC, anglophone certes, mais en images. Il suffit donc de suivre les images et de lire un peu (ou de faire traduire par un outil sur le web). On en profitera pour le régler en streaming http sur le port 8080. Oui, mais... mais là c'est graphique, faut être sur l'ordinateur de bureau pour mettre sa playlist, et ça, c'est pas bien parce qu'il faut se lever. On remarque alors qu'on peut lancer VLC depuis la ligne de commande, et qu'il y a <a href="http://wiki.videolan.org/Documentation:Streaming_HowTo/Command_Line_Examples">plein d'exemples</a> ! Si j'essaie l'une d'entre elles pour streamer ma vidéo en http, cela donne ceci :</p>
<p><code>vlc -vvv Digital_Underground.tv_-_Episode_0005.avi --sout '#standard{access=http,mux=ogg,dst=nastymachine.anotherhomepage.loc:8080}'</code></p>
<p>On remarquera vite que "-vvv" rend le truc très bavard, le truc .avi c'est la vidéo, tandis que "--sout" permet de manipuler la sortie. On l'envoie donc via "access=http", le nom de la machine étant nastymachine.anotherhomepage.loc, et on stream tout ça sur le port 8080.</p>
<p>Si jamais on essaie ceci en ssh depuis le laptop (minimiser les déplacements !), on se rend vite compte d'un problème : ça foire, parce que VLC ne sait pas où s'afficher (Error: Unable to initialize gtk, is DISPLAY set properly?). A partir de là, soit on fait un export DISPLAY (perso, j'aime pas), soit on utilise l'interface web de VLC, qui est abordée dans <a href="http://www.videolan.org/doc/vlc-user-guide/fr/ch05.html">le guide utilisateur</a>.</p>
<p>Je relance donc ma vidéo dans mon ssh, de cette manière :</p>
<p><code>vlc -vvv Digital_Underground.tv_-_Episode_0005.avi --sout '#standard{access=http,mux=ogg,dst=nastymachine.anotherhomepage.loc:8080}' -I http --http-src /usr/share/vlc/http/ --http-host nastymachine.anotherhomepage.loc:8081</code></p>
<p>Ici, on rajoute le type d'interface (-I http), on indique où sont situées les pages HTML (le chemin est celui de ma Mandriva, il n'est sans doute pas le même sur d'autres distribs), et on spécifie le nom d'hôte et le port. Une fois ceci fait, on prend notre Firefox adoré pour se rendre sur http://nastymachine:8081 pour contrôler VLC. Les paranoïaques pourront toujours lancer l'interface en https (à eux de fournir clés et certificats), les amateurs de web 2.0 pourront trouver ou créer une nouvelle interface web, et la tester en spécifiant le chemin dans la commande.</p>
<p>Il est possible de transcoder la vidéo avant de la diffuser, le choix du format de diffusion est possible, et au lieu du http, on peut faire du rtp. Le wiki de VLC est très bien fait, une bonne documentation que je recommande.</p>
<p>Je tiens à préciser qu'il ne faut pas manger gras en regardant un film, je ne saurais être tenu pour responsable de prises de poids suite au manque d'exercice occasionné par les manipulations décrites ici. Pensez aussi à éteindre votre laptop et à le poser sur un endroit stable si vous sentez que vous vous endormez ;)</p>Dédé, part deux2007-08-26T19:48:00+02:002007-08-26T19:48:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-08-26:/post/2007/08/26/Dede-part-deux/<p>Après l'effacement, la copie.</p>
<p>Dans un précédent billet j'expliquais qu'il était possible d'utiliser dd pour écrire du vide ou des valeurs aléatoire sur un disque dur afin d'en effacer son contenu. Grâce à dd, il est aussi possible de cloner une partition ou un disque entier vers un autre. En …</p><p>Après l'effacement, la copie.</p>
<p>Dans un précédent billet j'expliquais qu'il était possible d'utiliser dd pour écrire du vide ou des valeurs aléatoire sur un disque dur afin d'en effacer son contenu. Grâce à dd, il est aussi possible de cloner une partition ou un disque entier vers un autre. En utilisant un live-cd, avec /dev/hda comme disque à cloner et /dev/hdb comme futur clone, la commande pour exécuter la copie est :</p>
<p><code>dd if=/dev/hda of=/dev/hdb</code></p>
<p>Bien sûr, aucun contrôle de copie n'est fait et même les espaces vides sont copiés. Donc si vous clonez un disque de 80 Go rempli à moitié, ce n'est pas 40 Go qui seront copiés mais bel et bien 80. A titre d'information, la copie d'un disque IDE de 80 Go a duré environ 2h50 (disque dur IDE, la machine est un pentium 3 1GHz avec un chipset i815e et 512Mo de mémoire vive pc133).</p>
<p>Il faut penser à s'assurer que le futur clone dispose d'assez d'espace disque pour ce genre de manoeuvre. On n'oublie pas non plus que les données du futur clone seront détruites. Tant qu'on y est dans les précautions, dd ne fait aucune vérification, donc il faut vérifier les données après coup, et les partitions doivent être démontées pour cette opération, de l'utilité d'avoir un live-cd ou un disque supplémentaire avec un système dessus. Pour ce qui est du live-cd, n'importe lequel peut convenir, du system rescue cd à Kaella en passant par Ubuntu ou Mandriva One.</p>
<p>Si le futur clone est plus grand, il est possible de créer une partition avec l'espace restant. Mais si on utilise LVM, il est possible de rajouter toute ou partie de cet espace à des partitions existantes. Ainsi, après clonage d'un disque de 80 Go sur un disque de 300 Go, j'ai pu agrandir la partition /home sans problème. Pour plus de détails concernant LVM, je recommande l'explication de <a href="http://lea-linux.org/cached/index/Leapro-pro_sys-lvm.html#">Léa-Linux</a>.</p>nettoyage par le vide2007-06-28T15:05:00+02:002007-06-28T15:05:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-06-28:/post/2007/06/28/nettoyage-par-le-vide/<p>plutôt nettoyage par l'aléatoire, mais au final il n'y a plus grand-chose de toute façon...</p>
<p>J'aime, lorsque je rend une ressource comme un disque dur, la rendre propre. On m'attribue une machine pour un travail, et si j'y pense, je formatte le disque avant de quitter ce travail. Jusqu'alors, pour …</p><p>plutôt nettoyage par l'aléatoire, mais au final il n'y a plus grand-chose de toute façon...</p>
<p>J'aime, lorsque je rend une ressource comme un disque dur, la rendre propre. On m'attribue une machine pour un travail, et si j'y pense, je formatte le disque avant de quitter ce travail. Jusqu'alors, pour faire un formattage bas-niveau, j'utilisais loformat, une application DOS qui fait des écritures/réécritures successives de 0 et de 1, en vérifiant ce qu'elle a écrit pour faire un formattage bas-niveau. En fait, le besoin est surtout d'empêcher de retrouver les fichiers et leur contenu (au hasard comme ça le fichier /etc/shadow \^\^).</p>
<p>Sous Linux, il y a deux moyens :le premier, utiliser dd. Ca donne quelque chose comme ceci :</p>
<div class="highlight"><pre><span></span><code><span class="nv">dd</span> <span class="k">if</span><span class="o">=/</span><span class="nv">dev</span><span class="o">/</span><span class="nv">zero</span> <span class="nv">of</span><span class="o">=/</span><span class="nv">dev</span><span class="o">/</span><span class="nv">hda</span>
</code></pre></div>
<p>Plus d'infos à <a href="http://linuxgazette.net/issue37/tag/38.html">cette adresse</a>.</p>
<p>L'avantage c'est que c'est un outil dispo sur n'importe quel Linux. L'inconvénient c'est que ça n'écrit que des 0 sur le disque, et ça ne vérifie pas... il se peut qu'il reste quelque chose. On voit clairement que ce n'est pas fait pour faire le ménage.</p>
<p>L'autre moyen, c'est shred. Shred permet de réécrire le contenu d'un fichier avec des données aléatoires. Shred peut ensuite réécrire le fichier avec uniquement des 0, ou réécrire autant de fois qu'on le désire. Exemple :</p>
<div class="highlight"><pre><span></span><code>shred -z -n 40 -v /dev/hda
</code></pre></div>
<p>Dans cette exemple, j'ajoute une écriture avec que des 0 (-z), je vais faire avant 40 écritures aléatoires (-n 40, la valeur par défaut est 25), je le fais de manière verbeuse (-v) sur le fichier /dev/hda (sous Unix, tout est fichier ;) je peux donc aussi faire un shred sur /home/nils/unfilm.avi en effaçant ensuite le fichier via l'option -u).</p>
<p>Niveau avantages, comme dd, c'est dispo sur n'importe quel système Linux (shred fait partie du paquet core-utils !), c'est fait pour faire le ménage, les options le montrent bien. Ce qui est dommage, par contre c'est qu'il ne semble pas vérifier ce qu'il écrit (donc c'est vraiment que pour faire le vide, pour faire de la vérification de disque on réutilisera loformat ou les outils constructeurs comme SeaTool ou Maxblast). Autres inconvénients inhérent à tous les outils du genre, ça prend 100% du CPU et c'est un peu lent.</p>
<p>J'allais oublier : bien entendu lorsqu'on fait cela sur un disque entier, on pense à ne pas utiliser les données de ce disque, dont l'OS qui pourrait être dessus. N'importe quel live-cd pourra donc convenir, personnellement j'utilise le <a href="http://www.sysresccd.org/Page_Principale">system rescue CD</a>.</p>Beryl, bi-écran et Nvidia part 32007-05-30T10:18:00+02:002007-05-30T10:18:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-05-30:/post/2007/05/30/Beryl-bi-ecran-et-Nvidia-part-3/<p>Changement de carte graphique</p>
<p>J'ai changé de carte graphique, je suis passé d'une Geforce FX5700VE à une Geforce 6800. On pourrait penser que ça ne change rien, mais en fait j'ai eu un changement d'importance : l'écran sur le port VGA (D-SUB) n'est plus vu en CRT-0 mais en CRT-1. C'est …</p><p>Changement de carte graphique</p>
<p>J'ai changé de carte graphique, je suis passé d'une Geforce FX5700VE à une Geforce 6800. On pourrait penser que ça ne change rien, mais en fait j'ai eu un changement d'importance : l'écran sur le port VGA (D-SUB) n'est plus vu en CRT-0 mais en CRT-1. C'est gênant parce que si j'applique le fichier de conf de la partie précédente de cette série de billets, Xorg plante lamentablement en se plaignant que ma conf n'est pas applicable à mon matériel (faudra que je remette la config "cassée" pour donner le message d'erreur exact).</p>
<p>Je ne sais pas si c'est valable pour toutes les cartes depuis la série 6, mais au cas où, le mieux à faire est en général de vérifier les ports grâce à l'outil nvidia-settings. C'est grâce à ça que j'ai vu que mon moniteur cathodique était répertorié en CRT-1.</p>Beryl, bi-écran et Nvidia part 22007-05-21T23:09:00+02:002007-05-21T23:09:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-05-21:/post/2007/05/21/Beryl-bi-ecran-et-Nvidia-part-2/<p>Le fichier pour Mandriva 2007 Spring</p>
<p>Dans un billet précédent j'indiquais mon fichier de configuration xorg.conf pour profiter du bi-écran, de l'accélération 3D matérielle et de Beryl avec ma carte vidéo Nvidia et Mandriva 2007. La 2007.1 Spring ayant fait quelques modifications entre autres dans les chemins des …</p><p>Le fichier pour Mandriva 2007 Spring</p>
<p>Dans un billet précédent j'indiquais mon fichier de configuration xorg.conf pour profiter du bi-écran, de l'accélération 3D matérielle et de Beryl avec ma carte vidéo Nvidia et Mandriva 2007. La 2007.1 Spring ayant fait quelques modifications entre autres dans les chemins des pilotes, le fichier n'est plus trop à jour, voici donc celui que j'ai refait pour 2007.1 Spring :</p>
<div class="highlight"><pre><span></span><code><span class="nv">Section</span> <span class="s2">"Files"</span>
<span class="nv">ModulePath</span> <span class="s2">"/usr/lib/xorg/modules/extensions/nvidia97xx"</span>
<span class="nv">ModulePath</span> <span class="s2">"/usr/lib/xorg/modules"</span>
<span class="s s-Atom">#</span> <span class="s s-Atom">font</span> <span class="s s-Atom">server</span> <span class="s s-Atom">independent</span> <span class="s s-Atom">of</span> <span class="s s-Atom">the</span> <span class="nv">X</span> <span class="s s-Atom">server</span> <span class="s s-Atom">to</span> <span class="s s-Atom">render</span> <span class="s s-Atom">fonts</span><span class="p">.</span>
<span class="nv">FontPath</span> <span class="s2">"unix/:-1"</span>
<span class="s s-Atom">#</span> <span class="s s-Atom">minimal</span> <span class="s s-Atom">fonts</span> <span class="s s-Atom">to</span> <span class="s s-Atom">allow</span> <span class="nv">X</span> <span class="s s-Atom">to</span> <span class="s s-Atom">run</span> <span class="s s-Atom">without</span> <span class="s s-Atom">xfs</span>
<span class="nv">FontPath</span> <span class="s2">"/usr/share/fonts/misc:unscaled"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Extensions"</span>
<span class="nv">Option</span> <span class="s2">"Composite"</span>
<span class="nv">Option</span> <span class="s2">"RENDER"</span> <span class="s2">"Enable"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"ServerFlags"</span>
<span class="s s-Atom">#</span><span class="nv">DontZap</span> <span class="s s-Atom">#</span> <span class="s s-Atom">disable</span> <span class="o"><</span><span class="nv">Crtl</span><span class="s s-Atom">><</span><span class="nv">Alt</span><span class="s s-Atom">><</span><span class="nv">BS</span><span class="o">></span> <span class="p">(</span><span class="s s-Atom">server</span> <span class="s s-Atom">abort</span><span class="p">)</span>
<span class="nv">AllowMouseOpenFail</span> <span class="s s-Atom">#</span> <span class="s s-Atom">allows</span> <span class="s s-Atom">the</span> <span class="s s-Atom">server</span> <span class="s s-Atom">to</span> <span class="s s-Atom">start</span> <span class="s s-Atom">up</span> <span class="s s-Atom">even</span> <span class="s s-Atom">if</span> <span class="s s-Atom">the</span> <span class="s s-Atom">mouse</span> <span class="s s-Atom">does</span> <span class="o">not</span> <span class="s s-Atom">work</span>
<span class="s s-Atom">#</span><span class="nv">DontZoom</span> <span class="s s-Atom">#</span> <span class="s s-Atom">disable</span> <span class="o"><</span><span class="nv">Crtl</span><span class="s s-Atom">><</span><span class="nv">Alt</span><span class="s s-Atom">><</span><span class="nv">KP_</span><span class="s s-Atom">+>/<</span><span class="nv">KP_</span><span class="s s-Atom">-></span> <span class="p">(</span><span class="s s-Atom">resolution</span> <span class="s s-Atom">switching</span><span class="p">)</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Module"</span>
<span class="nv">Load</span> <span class="s2">"dbe"</span> <span class="s s-Atom">#</span> <span class="nv">Double</span><span class="o">-</span><span class="nv">Buffering</span> <span class="nv">Extension</span>
<span class="nv">Load</span> <span class="s2">"v4l"</span> <span class="s s-Atom">#</span> <span class="nv">Video</span> <span class="s s-Atom">for</span> <span class="nv">Linux</span>
<span class="nv">Load</span> <span class="s2">"extmod"</span>
<span class="nv">Load</span> <span class="s2">"type1"</span>
<span class="nv">Load</span> <span class="s2">"freetype"</span>
<span class="nv">Load</span> <span class="s2">"glx"</span> <span class="s s-Atom">#</span> <span class="mi">3</span><span class="nv">D</span> <span class="s s-Atom">layer</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"InputDevice"</span>
<span class="nv">Identifier</span> <span class="s2">"Keyboard1"</span>
<span class="nv">Driver</span> <span class="s2">"kbd"</span>
<span class="nv">Option</span> <span class="s2">"XkbModel"</span> <span class="s2">"microsoftmult"</span>
<span class="nv">Option</span> <span class="s2">"XkbLayout"</span> <span class="s2">"fr"</span>
<span class="nv">Option</span> <span class="s2">"XkbOptions"</span> <span class="s2">"compose:rwin"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"InputDevice"</span>
<span class="nv">Identifier</span> <span class="s2">"Mouse1"</span>
<span class="nv">Driver</span> <span class="s2">"mouse"</span>
<span class="nv">Option</span> <span class="s2">"Protocol"</span> <span class="s2">"ExplorerPS/2"</span>
<span class="nv">Option</span> <span class="s2">"Device"</span> <span class="s2">"/dev/mouse"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Monitor"</span>
<span class="nv">Identifier</span> <span class="s2">"monitor1"</span>
<span class="nv">VendorName</span> <span class="s2">"BenQ"</span>
<span class="nv">ModelName</span> <span class="s2">"BenQ FP71E"</span>
<span class="nv">HorizSync</span> <span class="mi">31</span><span class="o">-</span><span class="mf">83.0</span>
<span class="nv">VertRefresh</span> <span class="mf">56.0</span><span class="o">-</span><span class="mf">76.0</span>
<span class="s s-Atom">#</span> <span class="nv">TV</span> <span class="s s-Atom">fullscreen</span> <span class="s s-Atom">mode</span> <span class="s s-Atom">or</span> <span class="nv">DVD</span> <span class="s s-Atom">fullscreen</span> <span class="s s-Atom">output</span><span class="p">.</span>
<span class="s s-Atom">#</span> <span class="mi">768</span><span class="s s-Atom">x576</span> <span class="s s-Atom">@</span> <span class="mi">79</span> <span class="nv">Hz</span><span class="p">,</span> <span class="mi">50</span> <span class="s s-Atom">kHz</span> <span class="s s-Atom">hsync</span>
<span class="nv">ModeLine</span> <span class="s2">"768x576"</span> <span class="mf">50.00</span> <span class="mi">768</span> <span class="mi">832</span> <span class="mi">846</span> <span class="mi">1000</span> <span class="mi">576</span> <span class="mi">590</span> <span class="mi">595</span> <span class="mi">630</span>
<span class="s s-Atom">#</span> <span class="mi">768</span><span class="s s-Atom">x576</span> <span class="s s-Atom">@</span> <span class="mi">100</span> <span class="nv">Hz</span><span class="p">,</span> <span class="mf">61.6</span> <span class="s s-Atom">kHz</span> <span class="s s-Atom">hsync</span>
<span class="nv">ModeLine</span> <span class="s2">"768x576"</span> <span class="mf">63.07</span> <span class="mi">768</span> <span class="mi">800</span> <span class="mi">960</span> <span class="mi">1024</span> <span class="mi">576</span> <span class="mi">578</span> <span class="mi">590</span> <span class="mi">616</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Device"</span>
<span class="nv">Identifier</span> <span class="s2">"device1"</span>
<span class="nv">VendorName</span> <span class="s2">"nVidia Corporation"</span>
<span class="nv">BoardName</span> <span class="s2">"NVIDIA GeForce FX - GeForce 7950"</span>
<span class="nv">Driver</span> <span class="s2">"nvidia"</span>
<span class="nv">Option</span> <span class="s2">"DPMS"</span>
<span class="nv">Option</span> <span class="s2">"AddARGBGLXVisuals"</span>
<span class="nv">Option</span> <span class="s2">"RenderAccel"</span> <span class="s2">"True"</span>
<span class="nv">Option</span> <span class="s2">"DisableGLXRootClipping"</span> <span class="s2">"true"</span>
<span class="nv">Option</span> <span class="s2">"BackStoring"</span> <span class="s2">"True"</span>
<span class="nv">Option</span> <span class="s2">"Metamodes"</span> <span class="s2">"DFP-0: 1280x1024 +0+0, CRT-0: 1280x1024 +1280+0 ; 1024x768 +0+0, 1024x768 +1024+0 ; 800x600 +0+0, 800x600 +800+0 ; 640x480 +0+0, 640x480 +640+0 ;"</span>
<span class="nv">Option</span> <span class="s2">"SecondMonitorVertRefresh"</span> <span class="s2">"50-120"</span>
<span class="nv">Option</span> <span class="s2">"ConnectedMonitor"</span> <span class="s2">"DFP-0, CRT-0"</span>
<span class="nv">Option</span> <span class="s2">"TwinViewOrientation"</span> <span class="s2">"CRT-0 RightOf DFP-0"</span>
<span class="nv">Option</span> <span class="s2">"Twinview"</span> <span class="s2">"true"</span>
<span class="nv">Option</span> <span class="s2">"SecondMonitorHorizSync"</span> <span class="s2">"30-70"</span>
<span class="nv">Option</span> <span class="s2">"IgnoreEDID"</span> <span class="s2">"0"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Screen"</span>
<span class="nv">Identifier</span> <span class="s2">"screen1"</span>
<span class="nv">Device</span> <span class="s2">"device1"</span>
<span class="nv">Monitor</span> <span class="s2">"monitor1"</span>
<span class="nv">DefaultColorDepth</span> <span class="mi">24</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">8</span>
<span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">EndSubsection</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">15</span>
<span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">EndSubsection</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">16</span>
<span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">EndSubsection</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">24</span>
<span class="s s-Atom">#</span><span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">Virtual</span> <span class="mi">2560</span> <span class="mi">1024</span>
<span class="nv">EndSubsection</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"ServerLayout"</span>
<span class="nv">Identifier</span> <span class="s2">"layout1"</span>
<span class="nv">InputDevice</span> <span class="s2">"Keyboard1"</span> <span class="s2">"CoreKeyboard"</span>
<span class="nv">InputDevice</span> <span class="s2">"Mouse1"</span> <span class="s2">"CorePointer"</span>
<span class="nv">Screen</span> <span class="s2">"screen1"</span>
<span class="nv">EndSection</span>
</code></pre></div>
<p>Comme je suis une grosse feignasse, je n'ai pas remis les commentaires. Allez voir dans le billet précédent :)</p>code PhpMyVisites dans un forum Punbb et portail Puntal2007-04-11T17:33:00+02:002007-04-11T17:33:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-04-11:/post/2007/04/11/72-code-phpmyvisites-dans-un-forum-punbb-et-portail-puntal/<p>petit pense-bête</p>
<p>Ayant mis à jour <a href="http://www.mandinux.info/forum/">un forum Punbb</a> il y a peu, et que ce forum est couplé à PhpMyVisites pour comptabiliser les visites, ça serait bien que je ne perde pas 2 heures à chaque fois pour retrouver où coller le code, je le note ici. En plus …</p><p>petit pense-bête</p>
<p>Ayant mis à jour <a href="http://www.mandinux.info/forum/">un forum Punbb</a> il y a peu, et que ce forum est couplé à PhpMyVisites pour comptabiliser les visites, ça serait bien que je ne perde pas 2 heures à chaque fois pour retrouver où coller le code, je le note ici. En plus, ça pourrait servir à d'autres :) Mais bon, c'est certain, à la prochaine mise à jour, j'irai chercher encore l'info sur Google. Pourvu que ce billet ait un bon pagerank ;)</p>
<p>Sinon, pour le code PhpMyVisites, en fait il faut le mettre dans /chemin/vers/forum/footer.php. Pour la version française de Punbb, il y aura, aux environs de la ligne 110 :</p>
<blockquote>
<p>Traduction par \<a href="http://www.punbb.fr/">punbb.fr\</a>\</p></p>
</blockquote>
<p>Il suffit d'insérer le code entre \</a> et \</p>. C'est aussi simple que ça.</p>
<p>Ensuite, pour Puntal, le code doit être inséré dans /chemin/vers/portail/inc/footer.php. Toujours pour la version française, on trouvera, aux alentours de la ligne 74 :</p>
<blockquote>
<p>\<p class="conr">Propulsé par \<a href="http://www.forx.fr/puntal/">Puntal\</a> © 2005 \<a href="http://www.forx.fr/">Vincent Garnier - forx.fr\</a>\</p></p>
</blockquote>
<p>Toujours pareil, le code se glisse entre \</a> et \</p>.</p>
<p>En espérant que ça serve à quelqu'un :)</p>
<h2>Commentaires</h2>
<h3>Le 25 mai 2008, 02:04 par PapaLoco</h3>
<p>Merci Nils pour ton tuyeau ... ça vient de me servir ;o)</p>FreeBSD et NetBSD en domU dans Xen2007-03-21T12:26:00+01:002007-03-21T12:26:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-03-21:/post/2007/03/21/70-freebsd-et-netbsd-en-domu-dans-xen/<p>je repasserai plus tard...</p>
<p>Bon, après la cohabitation Xen/VMware, j'ai voulu essayer des BSD en virtuel sur ma FC6 xenifiée... et juste à cause de ce PAE de merde, je ne peux pas les installer. Donc soit j'ai le PAE sur tous les noyaux des OS que je virtualise …</p><p>je repasserai plus tard...</p>
<p>Bon, après la cohabitation Xen/VMware, j'ai voulu essayer des BSD en virtuel sur ma FC6 xenifiée... et juste à cause de ce PAE de merde, je ne peux pas les installer. Donc soit j'ai le PAE sur tous les noyaux des OS que je virtualise, soit aucun. Et comme j'ai grave la flemme de recompiler le noyau de ma FC6 pour enlever PAE, bein FreeBSD et NetBSD en domU, pour le moment, j'oublie. Dommage, les tutos étaient simple.</p>Quand on veut juste lire un document MS Office...2007-03-20T23:44:00+01:002007-03-20T23:44:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-03-20:/post/2007/03/20/69-quand-on-veut-juste-lire-un-document-ms-office/<p>et qu'on ne veut pas sortir l'artillerie lourde, que ce soit un Windows émulé/virtualisé ou OOo</p>
<p>Et bein on utilise les visionneuses MS Office ! Et comme on est sous Linux, on utilise Wine :) C'est fou comme wine et Word Viewer c'est plus rapide qu'Open Office. Attention, je ne dénigre …</p><p>et qu'on ne veut pas sortir l'artillerie lourde, que ce soit un Windows émulé/virtualisé ou OOo</p>
<p>Et bein on utilise les visionneuses MS Office ! Et comme on est sous Linux, on utilise Wine :) C'est fou comme wine et Word Viewer c'est plus rapide qu'Open Office. Attention, je ne dénigre pas le travail de l'équipe d'Open Office, c'est une suite bureautique que j'apprécie et que j'utilise, lorsque je dois éditer des documents.</p>
<p>Je trouve que c'est un peu lourd s'il s'agit juste d'afficher un document. Alors je me demandais si les visionneuses Office pouvaient s'installer via <a href="http://www.winehq.org">Wine</a>, qui n'est pas un émulateur même si ça en a l'air. 2,5 secondes de recherche plus tard (sur G... pour ne pas le nommer), je tombe sur <a href="http://appdb.winehq.org/appview.php?iVersionId=5376&iTestingId=6383">ceci</a>, qui me dit qu'en fait il est fort probable que ça marche. Je m'assure via un coup d'urpmi que ma Mandriva possède un wine un peu à jour (0.9.32) et je reproduis le mini-tuto de bas de page.</p>
<p>Comme le tuto, je n'ai pas essayé de documents imagés, je verrai à l'usage. Par contre, c'est dommage, il n'est pas possible d'imprimer (limitation causée par Wine). Mais bon, ça ira, je veux juste lire rapido un .doc ou un .ppt (oui, c'est aussi sensé marcher pour la visionneuse Pauvre Point, que j'ai installée mais pas testée).</p>Faire cohabiter Xen et VMware2007-02-09T19:22:00+01:002007-02-09T19:22:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-02-09:/post/2007/02/09/66-faire-cohabiter-xen-et-vmware/<p>On repassera plus tard</p>
<p><a href="http://blog.vodkamelone.de/archives/122-Fun-with-vmware-server.html">VMware et Xen ne sont pas compatibles</a>. Je suis 'achement déçu, parce qu'au boulot on envisageait avec espoir cette cohabitation. Le souci c'est que notre machine ne possède pas les instructions de virtualisation dans ses processeurs (Intel VT ou AMD Pacifica), du coup pour virtualiser des …</p><p>On repassera plus tard</p>
<p><a href="http://blog.vodkamelone.de/archives/122-Fun-with-vmware-server.html">VMware et Xen ne sont pas compatibles</a>. Je suis 'achement déçu, parce qu'au boulot on envisageait avec espoir cette cohabitation. Le souci c'est que notre machine ne possède pas les instructions de virtualisation dans ses processeurs (Intel VT ou AMD Pacifica), du coup pour virtualiser des Windows, ça va être galère...</p>
<p>EDIT : <a href="http://lists.xensource.com/archives/html/xen-users/2006-09/msg00805.html">La balle est dans le camp de VMware</a></p>Beryl, bi-écran et Nvidia2007-02-04T19:06:00+01:002007-02-04T19:06:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-02-04:/post/2007/02/04/65-beryl-et-le-bi-ecran/<p>Sisi, c'est possible (sur un air connu)</p>
<p>J'ai eu un peu de mal, mais c'est passé. J'ai reconfiguré mon bi-écran, et j'ai pu lancer <a href="http://www.beryl-project.org/">Beryl</a>. Je me suis inspiré de ma configuration existance, que j'ai légèrement modifiée, sinon, pas d'effet 3D :( D'ailleurs c'est grâce à un topic du <a href="http://forum.club.mandriva.com/viewtopic.php?t=59821&highlight=">forum du …</a></p><p>Sisi, c'est possible (sur un air connu)</p>
<p>J'ai eu un peu de mal, mais c'est passé. J'ai reconfiguré mon bi-écran, et j'ai pu lancer <a href="http://www.beryl-project.org/">Beryl</a>. Je me suis inspiré de ma configuration existance, que j'ai légèrement modifiée, sinon, pas d'effet 3D :( D'ailleurs c'est grâce à un topic du <a href="http://forum.club.mandriva.com/viewtopic.php?t=59821&highlight=">forum du club Mandriva</a> que j'ai obtenu les petites options qui font toute la différence pour Beryl.</p>
<p>Voici donc Ze fichier xorg.conf :</p>
<div class="highlight"><pre><span></span><code><span class="nv">Section</span> <span class="s2">"Files"</span>
<span class="s s-Atom">#</span> <span class="s s-Atom">font</span> <span class="s s-Atom">server</span> <span class="s s-Atom">independent</span> <span class="s s-Atom">of</span> <span class="s s-Atom">the</span> <span class="nv">X</span> <span class="s s-Atom">server</span> <span class="s s-Atom">to</span> <span class="s s-Atom">render</span> <span class="s s-Atom">fonts</span><span class="p">.</span>
<span class="nv">FontPath</span> <span class="s2">"unix/:-1"</span>
<span class="s s-Atom">#</span> <span class="s s-Atom">minimal</span> <span class="s s-Atom">fonts</span> <span class="s s-Atom">to</span> <span class="s s-Atom">allow</span> <span class="nv">X</span> <span class="s s-Atom">to</span> <span class="s s-Atom">run</span> <span class="s s-Atom">without</span> <span class="s s-Atom">xfs</span>
<span class="nv">FontPath</span> <span class="s2">"/usr/share/fonts/misc:unscaled"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Extensions"</span>
<span class="nv">Option</span> <span class="s2">"Composite"</span> <span class="s2">"Enable"</span>
<span class="nv">Option</span> <span class="s2">"RENDER"</span> <span class="s2">"Enable"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"ServerFlags"</span>
<span class="s s-Atom">#</span><span class="nv">DontZap</span> <span class="s s-Atom">#</span> <span class="s s-Atom">disable</span> <span class="o"><</span><span class="nv">Crtl</span><span class="s s-Atom">><</span><span class="nv">Alt</span><span class="s s-Atom">><</span><span class="nv">BS</span><span class="o">></span> <span class="p">(</span><span class="s s-Atom">server</span> <span class="s s-Atom">abort</span><span class="p">)</span>
<span class="nv">AllowMouseOpenFail</span> <span class="s s-Atom">#</span> <span class="s s-Atom">allows</span> <span class="s s-Atom">the</span> <span class="s s-Atom">server</span> <span class="s s-Atom">to</span> <span class="s s-Atom">start</span> <span class="s s-Atom">up</span> <span class="s s-Atom">even</span> <span class="s s-Atom">if</span> <span class="s s-Atom">the</span> <span class="s s-Atom">mouse</span> <span class="s s-Atom">does</span> <span class="o">not</span> <span class="s s-Atom">work</span>
<span class="s s-Atom">#</span><span class="nv">DontZoom</span> <span class="s s-Atom">#</span> <span class="s s-Atom">disable</span> <span class="o"><</span><span class="nv">Crtl</span><span class="s s-Atom">><</span><span class="nv">Alt</span><span class="s s-Atom">><</span><span class="nv">KP_</span><span class="s s-Atom">+>/<</span><span class="nv">KP_</span><span class="s s-Atom">-></span> <span class="p">(</span><span class="s s-Atom">resolution</span> <span class="s s-Atom">switching</span><span class="p">)</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Module"</span>
<span class="nv">Load</span> <span class="s2">"dbe"</span> <span class="s s-Atom">#</span> <span class="nv">Double</span><span class="o">-</span><span class="nv">Buffering</span> <span class="nv">Extension</span>
<span class="nv">Load</span> <span class="s2">"v4l"</span> <span class="s s-Atom">#</span> <span class="nv">Video</span> <span class="s s-Atom">for</span> <span class="nv">Linux</span>
<span class="nv">Load</span> <span class="s2">"extmod"</span>
<span class="nv">Load</span> <span class="s2">"type1"</span>
<span class="nv">Load</span> <span class="s2">"freetype"</span>
<span class="nv">Load</span> <span class="s2">"/usr/lib/xorg/modules/extensions/nvidia/libglx.so"</span>
<span class="s s-Atom">#</span><span class="nv">Load</span> <span class="s2">"glx"</span> <span class="s s-Atom">#</span> <span class="mi">3</span><span class="nv">D</span> <span class="s s-Atom">layer</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"InputDevice"</span>
<span class="nv">Identifier</span> <span class="s2">"Keyboard1"</span>
<span class="nv">Driver</span> <span class="s2">"kbd"</span>
<span class="nv">Option</span> <span class="s2">"XkbModel"</span> <span class="s2">"microsoftmult"</span>
<span class="nv">Option</span> <span class="s2">"XkbLayout"</span> <span class="s2">"fr"</span>
<span class="nv">Option</span> <span class="s2">"XkbOptions"</span> <span class="s2">"compose:rwin"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"InputDevice"</span>
<span class="nv">Identifier</span> <span class="s2">"Mouse1"</span>
<span class="nv">Driver</span> <span class="s2">"mouse"</span>
<span class="nv">Option</span> <span class="s2">"Protocol"</span> <span class="s2">"ExplorerPS/2"</span>
<span class="nv">Option</span> <span class="s2">"Device"</span> <span class="s2">"/dev/mouse"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Monitor"</span>
<span class="nv">Identifier</span> <span class="s2">"monitor1"</span>
<span class="nv">VendorName</span> <span class="s2">"BenQ"</span>
<span class="nv">ModelName</span> <span class="s2">"BenQ FP71E"</span>
<span class="nv">HorizSync</span> <span class="mi">31</span><span class="o">-</span><span class="mf">83.0</span>
<span class="nv">VertRefresh</span> <span class="mf">56.0</span><span class="o">-</span><span class="mf">76.0</span>
<span class="s s-Atom">#</span> <span class="nv">TV</span> <span class="s s-Atom">fullscreen</span> <span class="s s-Atom">mode</span> <span class="s s-Atom">or</span> <span class="nv">DVD</span> <span class="s s-Atom">fullscreen</span> <span class="s s-Atom">output</span><span class="p">.</span>
<span class="s s-Atom">#</span> <span class="mi">768</span><span class="s s-Atom">x576</span> <span class="s s-Atom">@</span> <span class="mi">79</span> <span class="nv">Hz</span><span class="p">,</span> <span class="mi">50</span> <span class="s s-Atom">kHz</span> <span class="s s-Atom">hsync</span>
<span class="nv">ModeLine</span> <span class="s2">"768x576"</span> <span class="mf">50.00</span> <span class="mi">768</span> <span class="mi">832</span> <span class="mi">846</span> <span class="mi">1000</span> <span class="mi">576</span> <span class="mi">590</span> <span class="mi">595</span> <span class="mi">630</span>
<span class="s s-Atom">#</span> <span class="mi">768</span><span class="s s-Atom">x576</span> <span class="s s-Atom">@</span> <span class="mi">100</span> <span class="nv">Hz</span><span class="p">,</span> <span class="mf">61.6</span> <span class="s s-Atom">kHz</span> <span class="s s-Atom">hsync</span>
<span class="nv">ModeLine</span> <span class="s2">"768x576"</span> <span class="mf">63.07</span> <span class="mi">768</span> <span class="mi">800</span> <span class="mi">960</span> <span class="mi">1024</span> <span class="mi">576</span> <span class="mi">578</span> <span class="mi">590</span> <span class="mi">616</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Device"</span>
<span class="nv">Identifier</span> <span class="s2">"device1"</span>
<span class="nv">VendorName</span> <span class="s2">"nVidia Corp."</span>
<span class="nv">BoardName</span> <span class="s2">"NVIDIA GeForce FX (generic)"</span>
<span class="nv">Driver</span> <span class="s2">"nvidia"</span>
<span class="nv">Option</span> <span class="s2">"DPMS"</span>
<span class="nv">Option</span> <span class="s2">"RenderAccel"</span> <span class="s2">"True"</span>
<span class="nv">Option</span> <span class="s2">"DisableGLXRootClipping"</span> <span class="s2">"true"</span>
<span class="nv">Option</span> <span class="s2">"BackStoring"</span> <span class="s2">"True"</span>
<span class="nv">Option</span> <span class="s2">"MetaModes"</span> <span class="s2">"DFP-0: 1280x1024 +0+0, CRT-0: 1280x1024 +1280+0 ; 1024x768, 1024x768 ; 800x600, 800x600 ; 640x480, 640x480 ;"</span>
<span class="nv">Option</span> <span class="s2">"SecondMonitorVertRefresh"</span> <span class="s2">"50-120"</span>
<span class="nv">Option</span> <span class="s2">"ConnectedMonitor"</span> <span class="s2">"DFP-0, CRT-0"</span>
<span class="nv">Option</span> <span class="s2">"TwinViewOrientation"</span> <span class="s2">"CRT-0 RightOf DFP-0"</span>
<span class="nv">Option</span> <span class="s2">"AllowGLXWithComposite"</span> <span class="s2">"true"</span>
<span class="nv">Option</span> <span class="s2">"TwinView"</span> <span class="s2">"true"</span>
<span class="nv">Option</span> <span class="s2">"SecondMonitorHorizSync"</span> <span class="s2">"30-70"</span>
<span class="nv">Option</span> <span class="s2">"IgnoreEDID"</span> <span class="s2">"0"</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"Screen"</span>
<span class="nv">Identifier</span> <span class="s2">"screen1"</span>
<span class="nv">Device</span> <span class="s2">"device1"</span>
<span class="nv">Monitor</span> <span class="s2">"monitor1"</span>
<span class="nv">DefaultColorDepth</span> <span class="mi">24</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">8</span>
<span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">EndSubsection</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">15</span>
<span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">EndSubsection</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">16</span>
<span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">EndSubsection</span>
<span class="nv">Subsection</span> <span class="s2">"Display"</span>
<span class="nv">Depth</span> <span class="mi">24</span>
<span class="s s-Atom">#</span><span class="nv">Modes</span> <span class="s2">"1280x1024"</span> <span class="s2">"1152x864"</span> <span class="s2">"1024x768"</span> <span class="s2">"832x624"</span> <span class="s2">"800x600"</span> <span class="s2">"640x480"</span> <span class="s2">"480x360"</span> <span class="s2">"320x240"</span>
<span class="nv">Virtual</span> <span class="mi">2560</span> <span class="mi">1024</span>
<span class="nv">EndSubsection</span>
<span class="nv">Option</span> <span class="s2">"AddARGBGLXVisuals"</span> <span class="s2">"True"</span> <span class="s s-Atom">#</span> <span class="nv">Necessaire</span> <span class="s s-Atom">pour</span> <span class="nv">Beryl</span>
<span class="nv">EndSection</span>
<span class="nv">Section</span> <span class="s2">"ServerLayout"</span>
<span class="nv">Identifier</span> <span class="s2">"layout1"</span>
<span class="nv">InputDevice</span> <span class="s2">"Keyboard1"</span> <span class="s2">"CoreKeyboard"</span>
<span class="nv">InputDevice</span> <span class="s2">"Mouse1"</span> <span class="s2">"CorePointer"</span>
<span class="nv">Screen</span> <span class="s2">"screen1"</span>
<span class="nv">EndSection</span>
</code></pre></div>
<p>Pour information, je possède une carte vidéo Nvidia Geforce FX 5700 VE, j'ai un écran plat BenQ et un cathodique Packard Bell. Le cathodique est à droite, le plat à gauche.</p>Songbird : bientôt le firefox des lecteurs de musique?2007-01-29T12:37:00+01:002007-01-29T12:37:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2007-01-29:/post/2007/01/29/64-songbird-bientot-le-firefox-des-lecteurs-de-musique/<p>Faut dire qu'il y avait comme un manque...</p>
<p>Songbird est un logiciel de lecture audio, orienté bibliothèque, basé sur XUL (Firefox) et VLC. J'avais essayé la première version diffusée, 0.1, puis une pré 0.2. Depuis deux mois environ, une 0.2.1 est disponible, mais je ne l'ai …</p><p>Faut dire qu'il y avait comme un manque...</p>
<p>Songbird est un logiciel de lecture audio, orienté bibliothèque, basé sur XUL (Firefox) et VLC. J'avais essayé la première version diffusée, 0.1, puis une pré 0.2. Depuis deux mois environ, une 0.2.1 est disponible, mais je ne l'ai installée que depuis moins de deux semaines. Ca commence à être un peu utilisable, mais pas trop, genre les chansons ne sont pas dans l'ordre dans l'album (sisi j'ai mis les tag mp3 pour que tout soit dans l'ordre). Mais si comme moi en ce moment vous êtes plus souvent à écouter des streams que de la musique en local, ce n'est pas gênant.</p>
<p>Tout ça pour dire que Songbird, ça commence à devenir bien. Et que ça va pas tarder à être au niveau d'iTunes et d'Amarok. Parce que bon, soyons sérieux une minute, gtkpod et rythmbox c'est un peu 25000 niveaux en dessous niveau interface. Je rêvais d'un bon lecteur de musique pour Gnome, Songbird est en train d'en faire une réalité.</p>
<p><a href="http://www.songbirdnest.com">Songbirdnest : le site de Songbird</a></p>
<h2>Commentaires</h2>
<h3>Le 01/02/2007 14:28 par <a href="http://ashux.over-blog.com">Ash</a></h3>
<p>Salut!
J'avais testé songbird fut un temps... Bon, c'était pas très stable (certains
titres sortaient avec un etrange son "digitalisé", genre Jean Michel Jarre
après le reveillon), l'application s'arretait subitement et autres déboires
traditionnelles de versions dites "de test".
Néanmoins, l'interface a la itunes en noir m'avait séduit (c'est vrai que
rythmbox a coté...) et le concept aussi.
Donc je m'envais de ce pas voir ce qui se passe chez ce volatile sonore...
@+</p>Dotclear 2 Beta 42006-12-30T19:02:00+01:002006-12-30T19:02:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-12-30:/post/2006/12/30/60-dotclear-2-beta-4/<p>Le père Noël est passé chez Dotclear :)</p>
<p>J'ai essayé en local <a href="http://www.dotclear.net/log/post/2006/12/26/Dotclear-2-beta-4-et-documentation">Dotclear 2 Beta 4</a> hier, et j'avoue que je le trouve tellement bien que j'envisage de mettre à jour le blog avant que la finale ne sorte. Sincèrement, ça a l'air vraiment pas mal. La dernière fois que j'avais …</p><p>Le père Noël est passé chez Dotclear :)</p>
<p>J'ai essayé en local <a href="http://www.dotclear.net/log/post/2006/12/26/Dotclear-2-beta-4-et-documentation">Dotclear 2 Beta 4</a> hier, et j'avoue que je le trouve tellement bien que j'envisage de mettre à jour le blog avant que la finale ne sorte. Sincèrement, ça a l'air vraiment pas mal. La dernière fois que j'avais essayé une beta de Dotclear 2, il n'était pas possible de mettre à jour depuis la 1.2. Maintenant c'est possible, via <a href="http://doc.dotclear.net/2.0/administration/mise_a_jour">une extension d'import/export</a>. D'ailleurs j'ai pu voir plusieurs blogs fonctionner avec cette version, je n'ai pas vu de problèmes extérieurs. Cela ne veut pas dire qu'il n'y a pas de problèmes et que la version finale est imminente, mais cela reste une bonne nouvelle :-)</p>
<p>Du côté des thèmes, j'ai eu l'occasion d'essayer <a href="http://www.campingclairdelune.fr/tests/?gallery/dotclear/themes-dc-2/dotunes#gallery">DoTunes</a>, qui donne une interface type iTunes. J'aurais aimé essayé <a href="http://www.campingclairdelune.fr/tests/?gallery/dotclear/themes-dc-2/black_and_white#gallery">Black & White</a>, mais il n'est pas disponible au téléchargement :-( . Cependant les thèmes sont déjà nombreux et de qualité, et rien ne m'empêche de contacter l'auteur pour l'obtenir.</p>Astuce du jour : logcheck2006-09-01T09:35:00+02:002006-09-01T09:35:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-09-01:/post/2006/09/01/56-astuce-du-jour-logcheck/<p>ou comment ne pas se faire pourrir sa boite mail</p>
<p>Voilà, hier j'ai installé logcheck et comme un con j'ai laissé la configuration par défaut. Résultat des courses, un mail toutes les heures pour m'informer de ce qui se passe sur mon serveur... Je suis un peu parano sur les …</p><p>ou comment ne pas se faire pourrir sa boite mail</p>
<p>Voilà, hier j'ai installé logcheck et comme un con j'ai laissé la configuration par défaut. Résultat des courses, un mail toutes les heures pour m'informer de ce qui se passe sur mon serveur... Je suis un peu parano sur les bords, mais point trop n'en faut. Après quelques recherches, je me suis rendu compte que logcheck avait une entrée cron qui se trouve dans /etc/cron.d/logcheck, et qui lui disait d'envoyer le rapport chaque heure. J'ai modifié la commande pour qu'il envoie ça un peu moins souvent. Je poste l'astuce, des fois que ça serve à quelqu'un...</p>Kjukebox : l'ancêtre d'Amarok et de bien d'autres logiciels2006-08-30T22:00:00+02:002006-08-30T22:00:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-08-30:/post/2006/08/30/55-kjukebox-l-ancetre-d-amarok-et-de-bien-d-autres-logiciels/<p>Un logiciel en avance sur son temps... il y a plusieurs années</p>
<p>Il y a plusieurs années de cela, quand j'ai découvert GNU/Linux, j'ai été impressionné par un logiciel de lecture de musique nommé Kjukebox. Je le trouvais plus complet et plus intégré à KDE qu'un autre logiciel que …</p><p>Un logiciel en avance sur son temps... il y a plusieurs années</p>
<p>Il y a plusieurs années de cela, quand j'ai découvert GNU/Linux, j'ai été impressionné par un logiciel de lecture de musique nommé Kjukebox. Je le trouvais plus complet et plus intégré à KDE qu'un autre logiciel que j'utilisais (et que j'utilise toujours de temps en temps) : Xmms. Aujourd'hui, la plupart des lecteurs de musique du marché fonctionnent avec un système de bibliothèque musicale : iTunes, Winamp, Windows Media Player, Amarok et le très attendu Songbird ne demandent qu'à scanner vos disques durs à la recherche de musique à indexer. Là où Kjukebox possédait une fonction aujourd'hui totalement disparue, c'est le fait de posséder 2 lecteurs simultanés. Bien sûr, à l'époque le graphisme de KDE 1 était loin de KDE 3, mais on s'y faisait assez vite. Cela fait partie des logiciels morts que je n'oublierai pas :) </p>
<p>Pour lire une description de Kjukebox, c'est <a href="http://chl.be/glmf/www.linuxmag-france.org/old/lm7/kjukebox.html">ici</a>, et pour avoir une impression d'écran, c'est <a href="http://de.kde.org/appmonth/2000/kjukebox/main.html">là</a> (attention, commentaires en allemand).</p>L'internaute essaie Linux2006-08-22T15:31:00+02:002006-08-22T15:31:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-08-22:/post/2006/08/22/52-l-internaute-essaie-linux/<p>Et l'internaute essaie Mandriva One :)</p>
<p>On m'a relayé <a href="http://www.linternaute.com/hightech/micro/linux/index.shtml">un article de l'internaute consacré à la découverte de Linux</a>. Après lecture des 3 parties, j'avoue que c'est un article plutôt bon (forcément, il est positif et prêche un converti), bien qu'il présente quelques erreurs. La partie du matériel requis est légèrement …</p><p>Et l'internaute essaie Mandriva One :)</p>
<p>On m'a relayé <a href="http://www.linternaute.com/hightech/micro/linux/index.shtml">un article de l'internaute consacré à la découverte de Linux</a>. Après lecture des 3 parties, j'avoue que c'est un article plutôt bon (forcément, il est positif et prêche un converti), bien qu'il présente quelques erreurs. La partie du matériel requis est légèrement fausse je trouve, et j'aimerais savoir quelle machine leur a donné du fil a retordre. Quoi qu'il en soit, l'installation que j'ai faite de Mandriva One sur l'ordinateur de mon père s'est bien passée en entrant au démarrage l'option noapic. Mais j'admet qu'il faut connaître l'astuce...</p>Synergy : pas tout à fait KVM, mais pas VNC2006-08-11T15:38:00+02:002006-08-11T15:38:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-08-11:/post/2006/08/11/48-synergy-pas-tout-a-fait-kvm-mais-pas-vnc/<p>un super soft pour ceux qui comme moi, ont plusieurs machines et plusieurs écrans</p>
<p>Vous avez plusieurs écrans, claviers, souris? Vous ne pouvez pas utiliser de KVM parce que vous avez un laptop ou un imac? Alors <a href="http://synergy2.sourceforge.net/">Synergy</a> est fait pour vous ! </p>
<p>J'ai essayé ce matin ce logiciel, je peux …</p><p>un super soft pour ceux qui comme moi, ont plusieurs machines et plusieurs écrans</p>
<p>Vous avez plusieurs écrans, claviers, souris? Vous ne pouvez pas utiliser de KVM parce que vous avez un laptop ou un imac? Alors <a href="http://synergy2.sourceforge.net/">Synergy</a> est fait pour vous ! </p>
<p>J'ai essayé ce matin ce logiciel, je peux à présent utiliser le clavier et la souris (ou trackpad) de mon ibook sur mon ordinateur Linux, sans perte de puissance, sans grosse consommation mémoire, et avec le tunnel ssh, je ne me fais pas sniffer les frappes clavier ! </p>
<p>Je ne sais pas encore ce que ça va donner mais j'ai hâte d'essayer avec mon ordinateur personnel en bi-écran. </p>
<p>Pour ceux qui ne sont pas convaincus, une démo pas super claire mais sympa est celle de <a href="http://www.hak5.org/archives/130">Hak.5</a>.</p>Dotclear 1.2.42006-04-16T14:42:00+02:002006-04-16T14:42:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-04-16:/post/2006/04/16/36-dotclear-124/<p>Mettez à jour votre blog</p>
<p>Quelques jours après sa sortie, je viens de mettre à jour mon blog, qui est à présent propulsé par Dotclear 1.2.4. Les nouveautés ne sont pas vraiment visibles, que ce soit pour le bloggueur ou le lecteur. Il s'agit principalement d'une mise à …</p><p>Mettez à jour votre blog</p>
<p>Quelques jours après sa sortie, je viens de mettre à jour mon blog, qui est à présent propulsé par Dotclear 1.2.4. Les nouveautés ne sont pas vraiment visibles, que ce soit pour le bloggueur ou le lecteur. Il s'agit principalement d'une mise à jour de sécurité comme vous pourrez le lire sur <a href="http://www.dotclear.net">le site officiel de Dotclear</a>. On notera aussi la sortie d'une nouvelle version de <a href="http://www.vanschklift.com/blog/index.php?p=51">Spamplemousse</a>, qui passe en version 0.1.4. </p>
<p>Cependant, j'hésite à rouvrir les trackbacks... bon allez je vais voir si le nouveau Spamplemousse est efficace.</p>
<p>N'oubliez pas de suivre à la lettre les documentations pour <a href="http://petit.dotclear.net/pages/2005/05/13/86-obligatoire-importante-et-incontournable-la-sauvegarde">sauvegarder votre blog</a> et <a href="http://www.dotclear.net/trac/wiki/DotClear/fr/Installer/MiseAjour">le mettre à jour</a>.</p>DRM : clé pour le succès grand public de Linux ?2006-04-07T18:18:00+02:002006-04-07T18:18:00+02:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-04-07:/post/2006/04/07/34-drm-cle-pour-le-succes-grand-public-de-linux/<p>Mon petit commentaire sur un article de Clubic...</p>
<p>Clubic publie ce jour un article sur <a href="http://www.clubic.com/actualite-33597-drm-cle-pour-le-succes-grand-public-de-linux.html">Linux et les DRM</a>. Il y a des fois je me demande si l'industrie comprend ce que c'est que Linux et le logicel libre, et je pense à deux choses précisément. </p>
<p>D'abord, le mode d'organisation …</p><p>Mon petit commentaire sur un article de Clubic...</p>
<p>Clubic publie ce jour un article sur <a href="http://www.clubic.com/actualite-33597-drm-cle-pour-le-succes-grand-public-de-linux.html">Linux et les DRM</a>. Il y a des fois je me demande si l'industrie comprend ce que c'est que Linux et le logicel libre, et je pense à deux choses précisément. </p>
<p>D'abord, le mode d'organisation : je m'inscris sur le site www.exemple.com qui me propose de la musique, des clips et des films avec des DRM. Il me faut donc de quoi reconnaître ce DRM. Et cela, quel que soit le système d'exploitation. Là où ça coince, c'est que le site en question est prêt à faire de quoi lire son DRM sous Windows, sous OS X à la rigueur, mais pas sous Linux. On attend la communauté, of course. Elle a bon dos, cette communauté, parce que lorsqu'un membre fait du reverse-engineering pour apporter une compatibilité Linux (ou autre système libre, comme les BSD et les distributions d'OpenSolaris), il se fait matraquer pour l'exemple. D'ailleurs, en parlant d'exemple, je crois que c'est ce bon vieux DVDJon qui avait programmé un client Linux pour l'iTMS d'Apple, Apple qui a bien entendu fait en sorte que ce logiciel devienne vite incompatible avec leur plateforme de vente en ligne de musique. Que serait-il arrivé si Apple avait fait une version d'iTunes pour Linux? Certes, le rapport coût de développement/augmentation des ventes sur l'iTMS ne sera pas aussi grand que pour OS X/Windows, mais au moins il y aura un support Linux. </p>
<p>Et Linux aussi il a bon dos : <em>Linux sera relégué aux serveurs et aux ordinateurs professionnels tant qu'il ne proposera pas les technologies multimédias demandées par les consommateurs</em> selon Jeff Ayars de Real Networks. Pourquoi est-ce qu'une technologie faite pour le multimédia irait se loger dans le coeur même du système d'exploitation? Le codec MP3, il est dans le kernel? Même sans lire le code source du noyau Linux, je crois pouvoir répondre non. Et de toute façon, pour le multimédia, je ne vois pas l'intérêt de plonger dans les basses coûches du système... (cela dit peut-être que le DRM à plus bas niveau est utile, mais en tout cas pas pour de la musique). </p>
<p>Donc, je crois que l'industrie ne sait pas ce qu'elle veut, ou alors qu'elle est à la solde de quelques gros qui ne voient pas d'un bon oeil l'arrivée de logiciels libres dans les foyers des utilisateurs lambda. Soyons sérieux un instant, un coup on veut pas que la communauté fasse du reverse engineering, un coup on veut que Linux supporte les DRM. Si ça ce n'est pas prendre la communauté pour une bande de moutons qu'on peut balader comme on veut, alors je n'ai rien compris (cela dit la probabilité est grande...); mais je ne demande qu'à comprendre, hein.</p>Ma mule dans toute sa splendeur2006-03-01T23:34:00+01:002006-03-01T23:34:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-03-01:/post/2006/03/01/27-ma-mule-dans-toute-sa-splendeur/<p>par les logiciels libres, et pour les logiciels libres</p>
<p><em>Edit de 2021 : l'image "aMule uploade des distributions Linux" a été hélas perdue.</em></p>
<p>Je suis ravi de pouvoir décharger un peu les miroirs FTP :D</p>Transférer Dotclear de Free à 1and12006-01-12T13:39:00+01:002006-01-12T13:39:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2006-01-12:/post/2006/01/12/14-transferer-dotclear-de-free-a-1and1/<p>Attention à vos bases de données !De nombreux blogueurs utilisant <a href="http://www.dotclear.net">Dotclear</a> chez Free on saisi la chance que leur offrait <a href="http://www.1and1.fr">1and1</a>, offre qui a pris fin au 4 janvier. Cette offre, alléchante, consiste en :</p>
<ul>
<li>un hébergement web de 2000 Mo;</li>
<li>PHP 4, MySQL 4 (base limitée à 100Mo);</li>
<li>un nom …</li></ul><p>Attention à vos bases de données !De nombreux blogueurs utilisant <a href="http://www.dotclear.net">Dotclear</a> chez Free on saisi la chance que leur offrait <a href="http://www.1and1.fr">1and1</a>, offre qui a pris fin au 4 janvier. Cette offre, alléchante, consiste en :</p>
<ul>
<li>un hébergement web de 2000 Mo;</li>
<li>PHP 4, MySQL 4 (base limitée à 100Mo);</li>
<li>un nom de domaine en .info avec sous-domaines possibles;</li>
<li>accès SSH;</li>
<li>500 comptes mail POP/IMAP;</li>
<li>traffic limité (je ne me souviens plus de la limite);</li>
<li>tarif : gratuit pendant 3 ans.</li>
</ul>
<p>En clair, l'affaire de l'année 2005 ! </p>
<p>Mais (oui, il y a un mais, sinon ce n'est pas drôle), certains utilisateurs auront remarqué qu'une fois migré de Free à 1and1, il n'est plus possible d'ajouter un billet, un commentaire ou un lien sans obtenir une erreur du type :</p>
<div class="highlight"><pre><span></span><code><span class="s2">"</span><span class="s">MySQL : 1062 - Duplicate entry '0' for key 1</span><span class="s2">"</span>
</code></pre></div>
<p>Cela est provoqué par le fait que certains champs des tables de Dotclear devraient être en "auto_increment". L'export de la base de données n'a pas mémorisé ces incrémentations automatiques. Si vous avez encore vos tables intactes chez Free, le plus simple reste encore de modifier les fonctions d'exportation pour obtenir ces attributs aux champs concernés. Par précaution, pensez à exporter la base en mode compatibilité "MYSQL40", car Free utilise MySQL 4.1 et 1and1 MySQL 4.0. <a href="http://asi.insa-rouen.fr/~lfallet/informatique/bdd/bdd.php">Ce tutoriel</a> pourrait aussi être utile. Si comme moi vous vous êtes empressés de vider vos bases de données chez Free, il y a encore un espoir. Il suffit d'aller rajouter via phpMyAdmin les attributs "auto_increment" dans les bons champs. En l'occurence :\</p>
<ul>
<li>table "dc_comment", champ "comment_id" pour les commentaires</li>
<li>table "dc_post", champ "post_id" pour les billets</li>
<li>table "dc_link", champ "link_id" pour les liens</li>
<li>table "dc_categorie", champ "cat_id" pour les catégories (ajouté le 06/02/2005)</li>
<li>j'en suspecte d'autres, je les rajouterai ici au fur et à mesure</li>
</ul>
<p>En cas de problème, n'oublions pas que le site de Dotclear est doté d'un <a href="http://www.dotclear.net/forum">forum</a>, et que quelques problèmes ont déjà été relevés, passez donc voir si celui-ci n'a pas été résolu ;)</p>
<h2>Commentaires</h2>
<h3>Le 15/03/2006 10:14 par <a href="http://jmax.blog@free.fr">jMax</a></h3>
<p>Merci pour cette info qui m'a permis de chercher du bon côté...</p>
<p>et de me rendre compte qu'il y a aussi le champ ping_id dans dc_ping</p>Journée de démonstration et d'installation de logiciels libres2005-12-14T14:45:00+01:002005-12-14T14:45:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2005-12-14:/post/2005/12/14/8-journee-de-demonstration-et-d-installation-de-logiciels-libres/<p>Venez samedi 17 décembre 2005 à la MJC D'Etoile sur Rhône ! </p>
<p>Une journée dédiée à la découverte des logiciels libres est organisée par l'association <a href="http://www.g3l.org">G3L</a>. Vous pourrez venir voir des démonstrations de logiciels libres mais vous pourrez aussi venir vous faire installer GNU/Linux sur votre machine, et posez des …</p><p>Venez samedi 17 décembre 2005 à la MJC D'Etoile sur Rhône ! </p>
<p>Une journée dédiée à la découverte des logiciels libres est organisée par l'association <a href="http://www.g3l.org">G3L</a>. Vous pourrez venir voir des démonstrations de logiciels libres mais vous pourrez aussi venir vous faire installer GNU/Linux sur votre machine, et posez des questions à ce sujet. </p>
<p>Pour vous y rendre, le plan est <a href="http://www.g3l.org/modules/tinycontent/content/plan_acces.pdf">ici</a>. Plus d'informations <a href="http://www.g3l.org/modules/tinycontent/index.php?id=25">sur la page dédiée à l'évènement</a>. </p>
<p><img alt="Affiche de la journée de découverte des logiciels libres à Etoile sur Rhône" src="http://www.g3l.org/modules/tinycontent/content/affiches/2005-12-17-affiche-reduite.png"></p>Mandriva Linux 2006 Free dans les bacs !2005-11-14T15:52:00+01:002005-11-14T15:52:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2005-11-14:/post/2005/11/14/3-mandriva-linux-2006-free-dans-les-bacs/<p>Ou plutôt sur les bons miroirs FTPOn a failli attendre ! Un mois après <a href="http://frontal2.mandriva.com/fr/company/press/pr/mandriva_releases_2006_convergence_products_extends_innovation">la version Club</a>, Mandriva Linux 2006 Free débarque sur les serveurs FTP publics, prête à être téléchargée. Les plus impatients auront déjà profité de la net-install, grâce à une petite image ISO de 12Mo qui permet de …</p><p>Ou plutôt sur les bons miroirs FTPOn a failli attendre ! Un mois après <a href="http://frontal2.mandriva.com/fr/company/press/pr/mandriva_releases_2006_convergence_products_extends_innovation">la version Club</a>, Mandriva Linux 2006 Free débarque sur les serveurs FTP publics, prête à être téléchargée. Les plus impatients auront déjà profité de la net-install, grâce à une petite image ISO de 12Mo qui permet de télécharger les paquets RPM. Ouioui, braves gens, c'est que les RPMs sont déjà dispo depuis un mois ! </p>
<p>Cette version, contrairement au PowerPacks, est entièrement redistribuable, vous pouvez en faire cadeau à qui vous voulez, c'est gratuit et c'est libre ! Je tiens à préciser que si vous trouvez les PowerPacks sans être membre du club, vous êtes dans l'illégalité, du fait des applications commerciales incluses, et dont la redisitribution n'est pas libre. </p>
<p>Enfin bref, téléchargez, installez, et pensez à mettre à jour (ouioui, des updates sont déjà disponibles), quelques mirroirs : </p>
<ul>
<li><a href="ftp://ftp.free.fr/mirrors/ftp.mandriva.com/MandrivaLinux/official/iso/2006.0">mirroir Free.fr (Paris)</a> </li>
<li><a href="ftp://linux.ups-tlse.fr/Mandrakelinux/official/iso/2006.0">mirroir FTP Toulousain</a> </li>
<li><a href="ftp://ftp.ciril.fr/pub/linux/mandrakelinu...cial/iso/2006.0">mirroir Ciril (Nancy)</a> </li>
</ul>
<p>L'info sur quelques sites : </p>
<p><a href="http://www.pcinpact.com/actu/news/Mandriva_2006_disponible_gratuitement_en_ISO_CD_et.htm">PCINpact</a><br>
<a href="http://mandinux.free.fr/forums/index.php?showtopic=761">Mandinux</a></p>Flock, nouveau navigateur web?2005-11-14T00:41:00+01:002005-11-14T00:41:00+01:00Nils Ratuszniktag:blog.anotherhomepage.org,2005-11-14:/post/2005/11/14/2-flock-nouveau-navigateur-web/<p>Elle est où la nouveauté?On avait pas connu ça depuis Firefox. Un nouveau navigateur web. Enfin, un navigateur web qui naît des cendres d'un autres. Pas sûr non plus, Firefox est tout ce qu'il y a de plus vivant. Son nom est Flock. Ce nom m'embête pas, mais il …</p><p>Elle est où la nouveauté?On avait pas connu ça depuis Firefox. Un nouveau navigateur web. Enfin, un navigateur web qui naît des cendres d'un autres. Pas sûr non plus, Firefox est tout ce qu'il y a de plus vivant. Son nom est Flock. Ce nom m'embête pas, mais il y a déjà une application nommée Flock sur mon système Linux, c'est gênant. </p>
<p>Revenons à nos moutons. J'ai commencé à tester ce navigateur, disponible pour le moment en préversion. A l'heure où j'écris ce billet, la version actuelle est la 0.4.10. Bon, c'est inévitable, on va le comparer à Firefox. Pourquoi? Tout simplement parce Flock est basé sur Firefox. Ce n'est pas un fork, du moins ça n'en a pas la prétention. Il semble d'ailleurs que les contributions à Flock pourraient devenir des contributions à Firefox. </p>
<p>Bon alors, si c'est basé sur Firefox, qu'est-ce que ça a de mieux ou de différent? D'abord, le look. Autant le thème par défaut de Firefox me branche moyen (ça m'a permis d'aller fureter durant des heures sur les pages de thèmes chez Mozilla pour trouver ze thème qui déchire tout), autant le thème par défaut de Flock ne me donne pas envie de changer, du moins pas dans les prochains jours. Je trouve qu'il se marie plutôt bien avec les interfaces de type Aqua (Mac OS X pour les non-initiés) dont je suis, il faut l'avouer, friand. Je crois qu'on peut le dire, Flock, au démarrage, il a de la gueule, son logo et son interface donnent envie de s'en servir. </p>
<p>Mais ce n'est pas tout. Flock c'est un navigateur social, et ça se voit dans son comportement : quand j'ai voulu enregister un signet/marque-page/favori (rayer les mentions inutiles), il m'a proposé d'aller le mettre chez <a href="http://del.icio.us">Del.icio.us</a>, Ze site de partage de liens, du moins le principal. Je n'ai pas eu l'occasion de vérifier, mais il semble que, social pour social, Flock aide aussi les gens à faire leur blog sur <a href="http://wordpress.com/">Wordpress</a> (pas de bol, j'ai pris Dotclear), ou de partager leurs images sur <a href="http://www.flickr.com/">Flickr</a>. Que de choses à tester, pour moi, resté au navigateur qui à la rigueur m'affiche la météo, arrête les pop-ups (de moins en moins, hélas) et me propose une recherche sur Google ou Wikipédia. Ca fait un choc, et une fois de temps en temps, ça ne fait pas de mal. </p>
<p>Je n'ai pas vérifié, mais il semble que pour peu qu'on cherche, il est possible d'ajouter à Firefox des extensions qui permettront d'en faire autant, et avec la maturité d'un logiciel qui a déjà passé la 1.0. Je dirais même que je trouve Flock un peu buggé pour le moment, ses fonctions d'import de signets ne sont pas au point. Pourtant, ça marche chez les copains de chez Mozilla. </p>
<p>Alors quoi? Pétard mouillé ou réelle innovation? Je crois qu'il faut voir sur le long terme. Même si je trouve Flock moins abouti que Firefox lorsque j'ai commencé à m'en servir (0.6), je trouve qu'il a du potentiel. On pourrait assister, à la sortie de Windows Vista, à une guerre des navigateurs comme on en avait pas vu depuis Netscape. Ca pourrait se résumer ainsi : </p>
<ul>
<li>IE 7 Pour les habitués du monde Microsoft, et avec un poil dans la main (j'appelle au troll, mais je prend quand même le risque); </li>
<li>Safari : c'est déjà un choc d'acheter un Mac, alors mieux vaut avoir un navigateur déjà installé (poil dans la main 2, mais en mieux, Acid2 inside); </li>
<li>Mozilla Firefox : le navigateur "à la carte", prenez-moi, et remplissez-moi d'extensions. Attention toutefois au changement de version; </li>
<li>SeaMonkey : feu Mozilla, "la suite Internet", qui suit la suite bureautique. Et après, on fait la suite multimédia? </li>
<li>Flock : le navigateur social, pour la génération "Real TV" qui veut qu'on sache tout de sa vie, et qui la montre sur le net (bande de voyeurs !). </li>
</ul>
<p>La fondation Mozilla aurait-elle d'ores et déjà rempli sa mission? Apporter de l'innovation et du choix. Je n'en suis pas si sûr, sur nos 5 valeureux guerriers, 3 se sont fourni chez le motoriste Gecko. le vainqueur n'est peut-être pas celui qu'on croit...\
Pour tester : <a href="http://www.flock.com">www.flock.com</a></p>