AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : blog
blog

Table des matières

4 billet(s) pour janvier 2026

AWX sur K8S Kind - partage de fichier pour les blob - Execution pods2026/01/26 10:15Jean-Baptiste
Notes rsh rcp2026/01/21 18:08Jean-Baptiste
Git - Duplication d'un dépôt2026/01/19 10:22Jean-Baptiste
Exemple simple de conf Nagios2026/01/14 10:07Jean-Baptiste

Notes Kernel Linux

Voir :

Check running kernel version on the machine 

inxi -zv8 | grep Kernel
uname -r

FIXME

2025/03/24 15:06
,

Voir :

Bash Les bonnes pratiques

Faire des tests unitaires avec bats

Les pièges

rm -rf $var1/$var2

Si $var1 et $var2 sont vides on un un jolie

Solution : nounset 

#! /bin/bash
set -o nounset

et quand nécessaire utiliser 

[ -z "${foo:-}" ]

Don’t use: 

  cd "${foo}"
  [...]
  cd ..

but 

  (
    cd "${foo}"
    [...]
  )

Voir https://bertvv.github.io/cheat-sheets/Bash.html

Les forks bombes

.bashrc newgrp

Solution ulimit

Voir

Les tubes nommés (pipes)

Source : https://blog.g3rt.nl/retain-exit-status-code-through-pipe.html

FIXME : traduire en Français

How to retain exit status codes through pipes in Bash scripts

Suppose you have a line 

mysqldump | pigz

in your script. Then the exit status code will be of gzip, rather than mysqldump, while the most likely process to fail here is mysqldump.

To fix this, add this at the top of your bash scripts: 

set -o pipefail

Arrêt du script lors de la moindre erreur

Voir http://redsymbol.net/articles/unofficial-bash-strict-mode/ 

set -euo pipefail
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'

if $? SC2181

Source : https://www.shellcheck.net/wiki/SC2181

Code problématique 

make mytarget
 
if [ $? -ne 0 ]
then
  echo "Build failed"
fi

Code Correct 

if ! make mytarget;
then
  echo "Build failed"
fi

Test

https://github.com/chriscool/sharness

Conventions de nommage

Environment variables or shell variables introduced by the operating system, shell startup scripts, or the shell itself, etc., are usually all in CAPITALS1.

To prevent your variables from conflicting with these variables, it is a good practice to use lower_case variable names.

Autres

A la place de mkdir, privilégier install -d 

#mkdir /tmp/plop
install -d /tmp/plop

Préférer un unlink à rm pour supprimer un lien symbolique

2025/03/24 15:06
, ,

Notes Kerberos

Alternatives :

Introductions

Voir 

KDC
Centre de Distribution des Clefs
	AS : Service d'Authentification
		TGT : Ticket-Granting Ticket
	TGS : Service d'emmision de tickets (Ticket-Granting Service)

Pincipal :
Compte utilisateur
Mais aussi de maniere plus large egalement compte pour identifier un service sur un serveur. Avec le SSO, vous prouvez votre identité une seule fois à Kerberos et celui-ci transmet votre TGT aux autres services ou machines comme preuve de votre identité.

NTP doit être OK.

Avec le SSO, vous prouvez votre identité une seule fois à Kerberos et celui-ci transmet votre TGT aux autres services ou machines comme preuve de votre identité.

Web SSO

apt-get source nginx-light
sudo apt-get build-dep nginx-light
sudo apt-get install krb5-multidev libkrb5-dev
 
tar xf nginx_1.9.4.orig.tar.gz
cd nginx-1.9.4
 
git clone https://github.com/stnoonan/spnego-http-auth-nginx-module
 
#./configure --add-module=spnego-http-auth-nginx-module --with-http_ssl_module
./configure --add-module=spnego-http-auth-nginx-module --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_gzip_static_module --without-http_browser_module --without-http_geo_module --without-http_limit_req_module --without-http_limit_conn_module --without-http_memcached_module --without-http_referer_module --without-http_scgi_module --without-http_split_clients_module --without-http_ssi_module --without-http_userid_module --without-http_uwsgi_module --add-module=../debian/modules/nginx-echo
 
make -j $(nproc)
 
sudo make install
 
#ln -s /usr/local/nginx/sbin/nginx /usr/sbin/
ln -s /usr/share/nginx/sbin/nginx /usr/sbin/nginx
$ ldd /usr/local/nginx/sbin/nginx |grep -i krb
	libgssapi_krb5.so.2 => /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 (0x00007f7ebcffd000)
	libkrb5.so.3 => /usr/lib/x86_64-linux-gnu/libkrb5.so.3 (0x00007f7ebcd25000)
	libkrb5support.so.0 => /usr/lib/x86_64-linux-gnu/libkrb5support.so.0 (0x00007f7ebba4e000)
$ nginx -V
nginx version: nginx/1.9.4
built by gcc 5.2.1 20151010 (Debian 5.2.1-22) 
built with LibreSSL 2.1 (running with OpenSSL 1.0.2d 9 Jul 2015)
TLS SNI support enabled
configure arguments: --add-module=spnego-http-auth-nginx-module --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_gzip_static_module --without-http_browser_module --without-http_geo_module --without-http_limit_req_module --without-http_limit_conn_module --without-http_memcached_module --without-http_referer_module --without-http_scgi_module --without-http_split_clients_module --without-http_ssi_module --without-http_userid_module --without-http_uwsgi_module --add-module=../debian/modules/nginx-echo

https://www.cowley.tech/blog/2014/06/17/new-linux-active-directory-integration/ 

apt-get install realmd
2025/03/24 15:06
,

Notes kdump

Voir :

/etc/default/grub 

#GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb crashkernel=128M"
cp -p /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak
grub2-mkconfig > /boot/grub2/grub.cfg

/etc/kdump.conf 

default reboot
reboot
systemctl status kdump

Autres

Serveur 

fence_kdump -o off --nodename=node1

Client 

/usr/libexec/fence_kdump_send -i 5 -c 1 node1

Test

Crash 

echo 1 > /proc/sys/kernel/sysrq
echo c > /proc/sysrq-trigger
ls -lrt /var/crash/
2025/03/24 15:06
, ,

Notes KDE

apt-get remove libkdepim4 libkdepimdbusinterfaces4
 
 
cp /usr/share/autostart/* ~/.kde/Autostart/
 
> ~/.kde/Autostart/kaddressbookmigrator.desktop
> ~/.kde/Autostart/konqy_preload.desktop
> ~/.kde/Autostart/korgac.desktop
> ~/.kde/Autostart/nepomukbaloomigrator.desktop
> ~/.kde/Autostart/nepomukserver.desktop
 
sed -i -e 's/StartServer=true/StartServer=false/' ~/.config/akonadi/akonadiserverrc
 
sudo akonadictl stop
 
sed -i -e 's/Autostart=true/Autostart=false/' -e 's/Enabled=true/Enabled=false/' ~/.kde/share/config/korgacrc
sed -i -e 's/EnableAutostart=true/EnableAutostart=false/' ~/.kde/share/config/kaddressbookmigratorrc
 
tar czvf akonadi.tar.gz ~/.config/akonadi/ ~/.local/share/akonadi/ .kde/share/config/akonadi*
rm -rf ~/.config/akonadi/ ~/.local/share/akonadi/ .kde/share/config/akonadi*

Theme application GTK

apt-get install gtk2-engines-oxygen gtk3-engines-oxygen
apt-get install kde-config-gtk-style
apt-get install kde-gtk-config-style
apt-get install kde-config-gtk-style
apt-get install xsettings-kde

~/.config/akonadi/akonadiserverrc 

StartServer=false
2025/03/24 15:06

<< Billets récents | Anciens billets >>

blog.txt · Dernière modification : de 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki