Archive for the ‘How To’ Category

I’ve found many tutorials on how to accomplish this on Debian/Ubuntu systems, but not RHEL.

You have to have at least a minimal installation with the EPEL repository enabled.

Install packages

yum install -y git{,web,-daemon,olite} httpd xinetd

Setup Gitolite
Copy your public ssh-key to /tmp and allow gitolite to read it

cp ~/.ssh/id_rsa.pub /tmp/$LOGNAME.pub && chmod 644 /tmp/$LOGNAME.pub

Change to the gitolite user and run gl-setup

sudo -u gitolite -i
gl-setup /tmp/$LOGNAME.pub

Alter the base permissons of the repos and fix what we already have. In /var/lib/gitolite/.gitolite.rc change:
$GL_WILDREPOS to 1; and
$REPO_UMASK to 0027

chmod g+r /var/lib/gitolite/projects.list
chmod g+rx /var/lib/gitolite/repositories

Change the group of the apache user to allow it access to the gitolite repositories

usermod -a -G gitolite apache

Configure git-daemon to only export repositories with a git-daemon-export-ok file inside (created by added R permissions to daemon)
/etc/xinetd.d/git:

# default: off
# description: The git dæmon allows git repositories to be exported using \
# the git:// protocol.
service git {
disable = no
socket_type = stream
wait = no
user = nobody
group = gitolite
server = /usr/libexec/git-core/git-daemon
server_args = --base-path=/var/lib/gitolite/repositories --syslog --inetd --verbose
log_on_failure += USERID }

Configure /etc/gitweb.conf to point to the right projectroot and project_list (the only 2 lines you actually need are here)

our $projectroot = "/var/lib/gitolite/repositories";
our $projects_list = "/var/lib/gitolite/projects.list";

Make the services persistant (survive a reboot):

chkconfig httpd on
chkconfig xinetd on
service httpd start
service xinetd start

To allow access to gitweb or gitdaemon in the config file, do something like this in your gitolite.conf:

repo    webtest
        R       =   daemon gitweb
        RW+     =   admin

If you need to add these perms to a wildcard repo, you can use the setperm admin command:

echo "READERS gitweb daemon" | ssh gitolite@host setperms path/to/wildrepo

Check it with:

ssh gitolite@host getperms path/to/wildrepo
Advertisements

Handy Splunk Searches

Posted: June 29, 2011 in How To

The idea of this post is only to keep track of the Splunk searches that I use frequently that are generic enough to just work on other systems without too much tinkering. For example, your sourcetype might be different.

  • Check for SUDO activity
    sourcetype="syslog" sudo | rex field=_raw "sudo: (?<user>.*):" | search user!="pam_unix(sudo:auth)" | table user COMMAND

I’ve had problems in the past, where I’ve had so many NAT configurations to get into various machines in my small, home network. Using the ssh ProxyCommand, you can use a single exposed machine to forward your ssh sessions onto any machine in your network.

(more…)

I had a problem installing the tun/tap adapter for openVPN on my windows 7 machines. Windows complains about the driver not being digitally signed. I don’t care about this so I switched it off by doing this:

Hit your windows key and type cmd in the ‘Search Programs and Files Box’, now instead of just hitting ENTER, use CTRL+SHIFT ENTER to run as Administrator. Type the following into the cmd prompt and reboot.

bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
bcdedit.exe -set TESTSIGNING ON

Done!

Performing many tasks can take some time, and we know that XenServer can deal with a few of these operations at once. I had some issues, but finally have a one-liner that is suitable (using xargs again :-))

xe vm-list is-control-domain=false power-state=running --minimal | 
    tr -d [:cntrl:] | 
    xargs -d, -n1 -P5 -I '{}' xe vm-param-list uuid='{}'

You notice that I strip all control characters out with tr. This is to get rid of a strange line break that xargs will process even when running -r.