woody's home

While improving GNOME’s servers Nagios Notifications,  I ended up working on a nice way to notify the relevant folks through GTalk in case something could go wrong on any of the hosted services. Looking around on the web, I found Seth Vidal’s script, modified it to suit my needs and made it working with GTalk, here’s the result:

#!/usr/bin/python -tt

import warnings
warnings.simplefilter("ignore")

import xmpp
from xmpp.protocol import Message

from optparse import OptionParser
import ConfigParser
import sys
import os

parser = OptionParser()
opts, args = parser.parse_args()

if len(args) < 1:
    print "xmppsend message [to whom, multiple args]"
    sys.exit(1)

msg = args[0]

msg = msg.replace('\\n', '\n')

# Connect to the server
c  =  xmpp.Client('gmail.com')
c.connect( ( 'talk.google.com', 5223 ) )

# Authenticate to the server
jid  =  xmpp.protocol.JID( 'example@gmail.com' )
c.auth( jid.getNode( ), 'yourgmailpassword' )

if len(args) < 2:
    r = c.getRoster()
    for user in r.keys():
        if user == username:
            continue
        c.send(Message(user, '%s' % msg))
else:
    for user in args[1:]:
        c.send(Message(user, '%s' % msg))

I, then, added the command definitions on the relevant Nagios configuration file:

define command{
        command_name    host-notify-by-xmpp
        command_line    /home/user/bin/xmppsend "Host '$HOSTALIAS$' is $HOSTSTATE$ - Info : $HOSTOUTPUT$" $CONTACTPAGER$
        }

define command{
        command_name    notify-by-xmpp
        command_line    /home/user/bin/xmppsend "$NOTIFICATIONTYPE$ $HOSTNAME$ $SERVICEDESC$ $SERVICESTATE$ $SERVICEOUTPUT$ $LONGDATETIME$" $CONTACTPAGER$
        }

And in the end on contacts.cfg:

define contact {
        contact_name    admin
        use             generic-contact
        alias           Full Name
        email           example@gmail.com
        pager           example@gmail.com
        service_notification_commands   notify-by-xmpp
        host_notification_commands      host-notify-by-xmpp
}

When done just reload the configuration files with:

sudo /etc/init.d/nagios3 reload

Enjoy your new XMPP Nagios notifications!

Update: if you don’t want the script to store your username or password, you can use the following modified script together with a nice config file like this one:

[xmpp_nagios]
username=example@gmail.com
password=yourgmailpassword

Then you can invoke xmppsend this way:

xmppsend -a config.ini

I’ve been playing with Puppet lately both on my home network and within the Fedora’s Infrastructure team and I thought some of the work I did might be useful for anyone out there being stuck with a Puppet’s manifest or an ERB template.

Snippet #1: Make sure the user ‘foo’ is alwais created with its own home directory, password, shell, and full name.

class users {
    users::add { "foo":
        username        => 'foo',
        comment         => 'Foo's Full Name',
        shell           => '/bin/bash',
        password_hash   => 'pwd_hash_as_you_can_see_in_/etc/shadow'
    }

define users::add($username, $comment, $shell, $password_hash) {
    user { $username:
        ensure => 'present',
        home   => "/home/${username}",
        comment => $comment,
        shell  => $shell,
        managehome => 'true',
        password => $password_hash,
    }
  }
}

Snippet #2: Make sure the user ‘foo’ gets added into /etc/sudoers.

class sudoers {

file { "/etc/sudoers":
      owner   => "root",
      group   => "root",
      mode    => "440",
     }
}

augeas { "addfootosudoers":
  context => "/files/etc/sudoers",
  changes => [
    "set spec[user = 'foo']/user foo",
    "set spec[user = 'foo']/host_group/host ALL",
    "set spec[user = 'foo']/host_group/command ALL",
    "set spec[user = 'foo']/host_group/command/runas_user ALL",
  ],
}

Snippet #3: Make sure that openssh-server is: installed, running on Port 222 and accepting RSA authentications only.

class openssh-server {

  package { "openssh-server":
      ensure => "installed",
  }

    service { "ssh":
        ensure    => running,
        hasstatus => true,
        require   => Package["openssh-server"],
    }

augeas { "sshd_config":
  context => "/files/etc/ssh/sshd_config",
    changes => [
    "set PermitRootLogin no",
    "set RSAAuthentication yes",
    "set PubkeyAuthentication yes",
    "set AuthorizedKeysFile	%h/.ssh/authorized_keys",
    "set PasswordAuthentication no",
    "set Port 222",
  ],
 }
}

Snippet #4: Don’t apply a specific IPTABLES rule if an host is tagged as ‘staging’ in the relevant node file.

On templates/iptables.erb:

# Allow unlimited traffic on eth0
-A INPUT -i eth0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT

# Allow unlimited traffic from trusted IP addresses
-A INPUT -s 192.168.1.1/24 -j ACCEPT

<% if environment == "production" %>

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

<% unless defined?(staging).nil? %>
-A INPUT -s X.X.X.X -j REJECT --reject-with icmp-host-prohibited
<% end -%>

<% end -%>

On the manifest file:

class iptables {
    package { iptables:
        ensure => installed;
    }

    service { "iptables":
        ensure    => running,
        hasstatus => true,
        require   => Package["iptables"],
    }

    file { "/etc/sysconfig/iptables":
        owner   => "root",
        group   => "root",
        mode    => 644,
        content => template("iptables/iptables.erb"),
        notify  => Service["iptables"],
    }
}

That’s all for now!

A few days ago I blogged about my main computer’s configuration files and desktop’s appearance and today I managed to add a few little tweaks to those, they are:

• Google’s contacts list integrated into Mutt
• a cleaner and nicer Login screen

Curious to know how you can easily integrate your Google’s contacts into Mutt? Well, you should be able to achieve that within a few minutes after reading this small HowTo:

1. Download and install goobook as explained here.

2. Setup a .goobookrc file into your Home directory. It should look like this:

3. Add the relevant configuration bits into your /etc/Muttrc file:

set query_command="goobook query '%s'"
bind editor <Tab> complete-query
macro index,pager a "<pipe-message>goobook add<return>" "Add sender's address to your Google contacts"

4. Your configuration should be good to go now, so here’s a few examples on goobook’s usage within Mutt:

• Use TAB if you want to auto-complete a mail address when specifying the To: field.
• Use the A key if you want to add sender’s address to your Google contacts.
• Use the Q key for querying your contacts list.

We can now move on on customizing your Login Screen running GDM3. Let’s begin with a screenshoot:

I definitely love it, it’s clear and clean and most of all it has everything I need, no extra toolbars or menus. If you agree with me, open up the /etc/gdm3/greeter.gconf-defaults file and do the needed changes. This is how your greeter.gconf-defaults file should look like:

/desktop/gnome/background/picture_filename      /path/to/your/dusty-bg/file # dusty's background can be downloaded here.
/desktop/gnome/interface/gtk_theme              Darklooks # this is my main theme, feel free to adapt that to your needs.
/apps/gdm/simple-greeter/logo_icon_name         debian-swirl # this is the default on Debian's systems.
/desktop/gnome/sound/event_sounds               false # I don't like hearing any sound when when I am prompted to insert my user's details on the Login Screen.
/apps/gdm/simple-greeter/disable_user_list      true # users list will be disabled, you won't be able to select your username from a list but you'll have to insert that yourself.
/apps/metacity/general/compositing_manager      false # default, no need to change this.
/apps/gnome-power-manager/ui/icon_policy        never # default, no need to change this.

We are close to the end but we are missing an important detail: how can you safely remove bottom’s toolbar and menus for a clearer and cleaner Login Screen? Open up the /var/lib/gdm3/.gconf.mandatory/%gconf-tree.xml file, search for the <dir name=”general”> section and apply the following change:

- <entry name="compositing_manager" mtime="1315580582" type="bool" value="false"/>
+ <entry name="compositing_manager" mtime="1315580582" type="bool" value="true"/>

But what if you prefer keeping the toolbar as it is, but you definitely don’t like seeing the Accessibility icon appearing on your Login Screen? On the same file as above, search for the <dir name=”accessibility”> section and modify the following string as it follows:

- <entry name="enable" mtime="1315580582" type="bool" value="true"/>
+ <entry name="enable" mtime="1315580582" type="bool" value="false"/>

See you on my next blog post and don’t forget to have a look at my GitHub’s repository! Oh…and follow me on Twitter!

I bought a new PC a few weeks ago and I then decided to renew a bit my Desktop, my Mutt and my Irssi setup. I’ve been spending several hours cleaning up old scripts, logs and configuration files but the result definitely seems to reward me the right way. But here they come a few screenshots:

Desktop

Irssi

Mutt

If you liked all the above and would like to reproduce everything yourself, you should consider having a look at my GitHub’s repository. See you on the next blog post!

I’ve actually spent a few hours searching around for a good backup solution for my mailbox until I decided to stick with getmail.  What you’ll be able to achieve after reading this HowTo and deploying the following setup is:

1. A full backup of your e-mail DATA in the Mbox format. (yes, Gmail’s labels / folders as well)
2. Prevent getmail to mark all mails as read after delivering them. (this was a pretty bad issue since getmail was marking all my mails as read even if I did not access my e-mail at all)
3. Keep your backups up-to-date with the latest content from your mailbox. (by default getmail grabs all the DATA from your mailbox and fills up the Mbox / Maildir content keeping deleted mails. So let’s say I deleted a mail two days ago, well it’ll still appear on today’s backups. This behaviour is definitely unwanted)

I’ll now move to explain a few details about my new configuration but before moving to tweak getmail’s main config file, please do the following change on  _retrieverbases.py* :

return self._getmsgpartbyid(msgid, ‘(RFC822)’)

to

return self._getmsgpartbyid(msgid, ‘(BODY.PEEK[])’)

When done grab the following getmailrc and adapt it to your needs**:

[retriever]
type = SimpleIMAPSSLRetriever ## or SimplePOP3SSLRetriever.
server = imap.gmail.com ## or pop.gmail.com for POP3.
username = example@gmail.com
password = password

## so-called Gmail’s labels should be listed one by one here  for getmail to retrieve mail from them successfully.

mailboxes = (“INBOX”, “[Gmail]/Sent mail”,
“ubuntu”, “gnome/example”, “linux/example”)

[destination]
type = Mboxrd
path = ~/.getmail/backup.mbox

[options]
delivered_to = false ## No delivered_to header added automatically.
received = false ## No received header added automatically.
verbose = 2 ## getmail will print messages about each of its actions.

When done we should go ahead setting up getmail’s directories and config file:

mkdir $HOME/.getmail

cp $HOME/getmailrc $HOME/.getmail/

## Adapt $HOME/getmailrc to whatever dir you put that file into.

But…pretty much all the remaining work will be done by a small shell script I wrote:

#!/bin/sh

WORKDIR=$HOME/.getmail
date=`date “+%d-%m-%Y_%H:%M”`

if [ ! -f  $WORKDIR/backup.mbox ]
then
touch $WORKDIR/backup.mbox
fi

getmail > $WORKDIR/getmail.log
OUT=$?
if [ $OUT -eq 0 ]
then
mkdir -p $WORKDIR/backups/ && { mv $WORKDIR/backup.mbox $WORKDIR/backups/backup_$date.mbox ;}
else [ $OUT -eq 1 ]
exit 1
fi

## Cleanup older than 3 days backups
find $WORKDIR/backups/* -mtime +3 -exec rm {} ;
cd $WORKDIR && { rm -rf oldmail-* ;}

This script will:

1. Run getmail using the getmailrc config file you previously worked on.
2. If the above command will be successful, it’ll create a backups dir into $HOME/.getmail and move the latest Mbox file there appending a date and time to its name. (by doing this we are sure next getmail run will happen on an empty backup.mbox file, thus it will just contain the latest content from your mailbox)
3. It’ll re-create a backup.mbox file on $HOME/.getmail to avoid the next getmail run to fail.
4. In the end, it’ll clean up older than 3 days backups to avoid a too crowded backups folder. (it removes the oldmail file as well since it is useless in our case)

In the end set up a cronjob that will run the above script and generate the backups for you every one hour:

0 * * * * $HOME/.getmail/getmail_run.sh > /dev/null

Feel free to let me know if you’ve encountered any issue while following the above HowTo. Enjoy!

* /usr/share/getmail4/getmailcore/_retrieverbases.py on line 901.

** More documentation about the getmailrc file and syntax can be found on getmail’s documentation page.

After several months of contributions I decided to leave the Fedora community. I’ve been thinking about it for quite some time (after Fedora’s Board elections held around one month ago) before taking my decision. Many things during these months made me lose my enthusiasm and willingness to help out: everything started when I proposed the JustFedora Planet back in February 2011. Many “contributors” started a real campaign against me made of several blog posts and accusations, where the main topic alwais resumed the fact Planet JustFedora was a sort of freedom’s privation. I never had that in mind when proposing such sub-planet. I just wanted to collect all Fedora-related blog posts and place them in a single planet, where contributors and users could read and enjoy the latest news or informations about their beloved distribution.

I just went over that event and kept contributing. A few months later while cleaning up Fedora’s mailing lists I got attacked by a certain “Bob” arguing I was doing things the wrong way, a very long and tumultuos IRC conversation followed but I didn’t give up: I was pretty much sure the Fedora community could still give me more gratifications and happiness, but something had to be changed, something obviously wasn’t going the right way and I decided to commit myself for the big change.

At the same time the situation within the Italian community was getting worsen every day: contributors and ambassadors were divided and fighting themselves, they just wanted their local community to prevail against the other: they just didn’t realize Fedora wasn’t going to benefit from that behaviour.

I then decided to run for the upcoming Fedora Board’s elections, I prepared my nomination and I wrote a small statement about what I wanted to see change in Fedora and why, I answered community-asked questions, I went to the Town Hall meeting and I spent some time answering contributors questions about my view of Fedora’s future and community. The elections went through and when the results appeared I found myself being very disappointed not really about the results themselves but about certain candidates behaviour. Many of them didn’t take a single minute to write up some basic answers to the Fedora 16′s Questionnaire, many of them did not even attend the Town Hall meeting at all and no single e-mail reached my inbox announcing the impossibility to attend the meeting or answering the questions. If you can’t find the time to answer a few questions or attend a meeting, how do you expect working successfully on the Board? How do you expect community people to trust and respect you and your work if you disrespect them?

At this point, I felt so sad and I disappointed that I decided to just leave the Fedora community. I had great times with Paul Frields, Peter Borsa and all the Fedora’s Infrastructure Team and I definitely hope to stay in touch with them as long as I can, thanks guys for the support and for the awesome collaboration.

Update: as of today, 23 December 2011, I’m back contributing to the Fedora project, I decided to forget all the issues and just focus on what made me happy and enthusiast during the past year spent working on Fedora. Nice to see you guys again!

Since some time I’ve been thinking about a possible way to delete my Gmail’s Trash & Spam folders content automatically without having to bother doing it manually every single time I wanted to check my mail and clean it up. (I love keeping everything in place and having my Trash&Spam folders empty as they should be makes me pretty happy)

A few years ago when Mutt was my main mail client I had the need to filter my mail through IMAP and while googling around for that I found out a great piece of software: imapfilter. Today while analyzing the above quoted issue I suddenly told myself: “Hey, but why don’t you use your dear and old friend imapfilter to fulfil your needs?”

After a few minutes I came up with a small lua script that was doing exactly what I wanted: my Trash&Spam folders are no longer crowded and I finally don’t have to delete mails twice! But here they come a few details about my script:

options.timeout = 120
options.subscribe = true

account = IMAP {
 server = 'imap.gmail.com',
 username = 'example@gmail.com',
 password = 'password',
 ssl = 'ssl3'
 }

trash = account['[Gmail]/Trash']:is_undeleted()
account['[Gmail]/Trash']:delete_messages(trash)

spam = account['[Gmail]/Spam']:is_unanswered()
account['[Gmail]/Spam']:delete_messages(spam)

The script does two things:

1. It checks whether a mail is not marked as “deleted” (moving an e-mail into the Trash does not mark it as “to be deleted” automatically) already and removes it.
2. It checks whether a mail on the Spam folder has been answered (I never had to answer a single e-mail contained into my Spam folder)  and if not removes it.

Using the above script is really easy (you should run imapfilter on interactive mode first to generate Gmail’s certificates, do that before having cron to run the script for you or otherwise it’ll just hang), just make sure to have imapfilter installed on your system and then run it through cron every half an hour or less depending on your needs:

crontab -e

*/30 * * * * imapfilter -c /home/user/imapfilter.lua >> /home/user/imapfilter.log

Please also remember to setup appropriate permissions on the config file since it contains your Gmail’s password and most of all make sure that your Spam folder is visible through IMAP (this option can be found on the label menu available under your Gmail’s settings) otherwise imapfilter will just report an error.

Enjoy!

Today we had a great Town Hall meeting kindly hosted and moderated by Kevin Fenzi (nirik). We received a lot of interesting and nice questions by the contributors and developers that were attending:

1. What do you feel needs to be improved in the Fedora Community? How can you’re being on the Board improve the Community?
2. Do you think that too many issues in Fedora are referred directly to the Board, and if so, how would you like to see this improved?
3. Tell us something about what you like doing that isn’t computer or fedora related. What do you like doing for fun?
4. What do you plan to do about the issues of polish? Specifically, shipping with minor issues that with recent releases have been hurting the Fedora name.
5. What are the plans for mobile devices, such as phones, tablets, ‘pads’, etc.? What are the chances of working on a ‘spin’ for such emerging technologies?
6. The board has discussed working on “goals” over the next term. (a) do you think these goals should be focused on helping “us” (people already in the community) or our “target audience”? (b) what goals would you like to see fedora achieve?
7. Is anyone in favor the board doing more of its business in public view? I mean like all of it that actually can be?
8. What do you plan to do to address operator abuse in #fedora? 2. What penalties will there be for operators when it’s deemed that they are abusing their authority or swaying from Fedora’s values?
9. What can be done to bring Fedora to lead market share amonsgt Linux desktops? What can be done to take market share from Microsoft Windows?
10. How do you measure the success of the Fedora Project as a whole?
11. Recently we’ve seen an influx in new users with questions as well as new volunteers with skills (and no idea where to make use of them). What should we do to better facilitate community engagement?
12. How do the candidates feel that they are viewed by the general population of new Fedora users as representatives of Fedora, and do they set an example of model behavior? If so how?

If any of the above questions do cover a topic you are interested in, please take a few minutes to read candidates answers and discussions by looking at the meeting’s log. Enjoy!

If you are not subscribed to the fedora-announce mailing list but you are still interested in having a look at my responses about community-asked questions, here they are:

• What will you be able to accomplish by being elected, that you would not otherwise be able to do as a contributor?

(As you will notice by reading the list right down here) Being a single contributor makes achieving these points impossible since changing how localized communities should work, improving our CoC and enforcing its rules and re-thinking Board’s role in our community is something that must be discussed and voted within the Board and its members.

• What are your top three priorities as a board member?

If elected, I will mainly try to focus on:

1. Improving Fedora’s localization putting a great effort on introducing a form of formalization for specific localized communities having all the needed requirements to gain the “blessing” of Official local community for a certain country or language / dialect. This means pursuing one main objective, which is making Fedora Ambassadors and contributors not fighting each other but acting together as a community. Having two-three or even four websites / local communities just for the Italian or French langs is simply the wrong way to achieve the result of having a Fedora community together again. Ambassadors and contributors of a specific country or lang should focus on establishing *one* strong and trusted localized community, they should throw away the idea of multiple support websites, we need to put together everyone again, act as a team, Fedora together should be our motto. (the specific requirements to gain the above formalization will be written up by me and presented to the Board for a discussion, so expect more news to come about this point if my candidature will be accepted)
2. Re-thinking what the Fedora Board should be within the Fedora community. It should represent the community and all its members, if a single or multiple members are having a specific problem, from the bigger to the smaller one, the Board must deal with them to find a valid solution, nothing and no one should be left behind. The Board, in the end, should be the main reference point for everyone wanting to propose a new idea or just willing to costructively complain about something not working in the right way. Discussing problems, respecting everyone’s ideas and opinions and finding a good consensus / common solutions for everyone is alwais the way to go to improve the relationships between community members, contributors and developers.
3. Improving our Code of Conduct, finding a good way to enforce members respecting it and remembering which values should be found behind a community (respect between members and their ideas, costructive discussions, decisions taken with general consensus etc.) is the latest point but it’s definitely not the less important on my list. As I stated in my candicacy, I’ve been negatively impressed by the behaviour of some community members in two occasions: while introducing JustFedora’s Planet and while working on another Infrastructure duty. Criticizing without valid motivations just for the sake of doing so seemed to be the common rule on both of the above cases. I would like to remember everyone that this is *not* the best behaviour for an Open Source community, we need to act together as a single team, we don’t have to fight each other but we have to cooperate finding common solutions, discussing, criticizing *costructively* and helping our community coming out from the current situation.

• Who do you think Fedora is for today? Who should it be for?

Fedora is about innovation, but as you may all know, innovation might take in several problems especially for new comers or people switching from a Microsoft OS. Most of the people I know do have a lot of problems to simply open up a computer, writing a mail or working on a document; I would like to see Fedora (but generally Linux based OSs) available to use to everyone: from developers to complete newbies. I would like to work making the idea of Linux being usable by a restricted circle of people changing and I’m sure the arrival of GNOME 3 will definitely help us out on achieving our goal. (It’s user-friendly but innovative interface it’s simply superb)

• Where do you see Fedora in five years? How do you think we’ll get there?

An innovative Fedora but at the same time a distribution easy to use by any of us out there, an awesome cloud service available to everyone, a package manager made easier to learn and understand by newcomers, a GNOME 3 improved, stronger, robust and a gnome-shell completely ready and fully integrated on Fedora is what I would like to see happening within five years.

• What will you do to ensure that Fedora remains at the forefront of innovation in the GNU/Linux space?

I will try to do my best to give a warm welcome to new ideas and projects within Fedora, I’ll listen, discuss with as many contributors and developers willing to propose something new and innovative that could benefit our beloved distribution. I would like to link this answer with the third point of the first answer I gave on the questionnaire: new ideas are strictly related to my vision of innovation, everyone should be free to propose something new without having to worry about receiving personal insults or complaints: this is unfortunately missing in our community. (is our community really prepared for new ideas yet?)