Installing OMD on CentOS is a simple process but will result in a mod_python error on later CentOS 7 installations.
Dig around in the OMD Apache logs and there is a good chance you will find the following:
[Sun Aug 14 12:27:27.736000 2016] [:error] [pid 1526] make_obcallback: could not import mod_python.apache.\n
Traceback (most recent call last):
File "/omd/versions/1.30/lib/python/mod_python/apache.py", line 29, in <module>
File "/usr/lib64/python2.7/cgi.py", line 50, in
File "/usr/lib64/python2.7/mimetools.py", line 6, in
File "/usr/lib64/python2.7/tempfile.py", line 35, in
from random import Random as _Random
File "/usr/lib64/python2.7/random.py", line 49, in
import hashlib as _hashlib
File "/omd/versions/1.30/lib/python/hashlib.py", line 115, in
TypeError: 'frozenset' object is not callable
It took some searching and translating of German posts but I tracked down the error to the hashlib Python module. The version that ships with OMD 1.3 does not work with the updated Python in CentOS 7.2+.
The fix is as simple as replacing the hashlib module that ships with OMD with those that shipped with CentOS.
- Backup the existing version of hashlib in /opt/omd/versions/1.30/lib/python.
cp ./hashlib* ~/omd-backup
- Copying the hashlib.py module from /usr/lib64/python to /opt/omd/versions/1.30/lib/python.
cp /usr/lib64/python2.7/hashlib.py* .
I’ve recently delved in to the world of Puppet to manage some CentOS servers. In the process I noticed something. The /etc/puppet directory is owned by root:root but puppet runs as the user puppet. What does this mean? A couple of things:
- To edit the manifests or modules I either have to be root or constantly be typing sudo (annoying).
- For the puppetmaster process, which runs as puppet:puppet to access the files, the manifest and modules must be world readable. This means a lot of information is visible to the world, encrypted or not.
- I can’t use my favorite editor to edit files over ssh. (I know, a personal gripe, but valid in my books.)
So I’m trying an experiment that I hope will secure the data a bit more and make editing the files more hastle free.
- Recursively changed the group of /etc/puppet to puppet.
- Put myself in the puppet group. I can now edit the files without being root. (See newgrp(1).)
- I’ll slowly begin to set the Other permission bits to 0, hiding the files and their contents from prying eyes.
Test your Docker image builds on multiple Linux distributions.
Why? It seems things behave differently on different distos. Here is a situation I just ran into.
I have been working on a new Docker image for an up coming post. The post uses CentOS and I generally use CentOS on my servers so I naturally built the image on a CentOS host. Once everything was way I wanted it I committed the changes to Github and had Dockerhub pull and build the image. To my surprise the build failed with the error
Could not find 'which' command, make sure it's available first before continuing installation.
I went back to my CentOS host and built the image again. No errors. On a hunch, I created an Ubuntu VM to build the image. Bingo! While the image built cleanly on CentOS, under Ubuntu it would fail with the error above.
While the fix was as simple as explicitly installing the
which package as part of the build process, it showed me two things.
- Don’t assume your images build on all Linux distributions.
- Don’t assume Docker behaves the same on all Linux Distributions.
Happy image building!
Based on the Puppet-lint Plugins list available at the Puppet Community site, I’ve added the gem command line and Gemfile commands for easy installation.
- Check relative class name inclusions.
gem install puppet-lint-absolute_classname-check
- Check if paths to the template() function are relative.
gem install puppet-lint-absolute_template_path
- Check for alias parameters in resources.
gem install puppet-lint-alias-check
gem 'puppet-lint-alias-check', :require => false
- Check that the appends operator (+=) is not used (removed in Puppet 4.0.0).
gem install puppet-lint-appends-check
gem 'puppet-lint-appends-check', :require => false
- Check for types and class names that begin with digits.
gem install puppet-lint-classes_and_types_beginning_with_digits-check
gem 'puppet-lint-classes_and_types_beginning_with_digits-check', :require => false
- Check for variables assigned to the empty string.
gem install puppet-lint-classes_and_types_beginning_with_digits-check
gem 'puppet-lint-empty_string-check', :require => false
- Check the ensure attribute on file resources.
gem install puppet-lint-file_ensure-check
gem 'puppet-lint-file_ensure-check', :require => false
- Check file rights when providing a source.
gem install puppet-lint-file_source_rights-check
gem 'puppet-lint-file_source_rights-check', :require => false
- Check if puppet:/// is used instead of file().
gem install puppet-lint-fileserver-check
- Ensure that your manifests have no global resources.
gem install puppet-lint-global_resource-check
- Check for unquoted numbers with leading zero.
gem install puppet-lint-leading_zero-check
gem 'puppet-lint-leading_zero-check', :require =>; false
- Extends puppet-lint to ensure that your variables are not numeric.
gem install puppet-lint-numericvariable
- Check the ensure attribute on package resources.
gem install puppet-lint-package_ensure-check
- Check that validates all parameters are documented.
gem install puppet-lint-param-docs
- Check if resources exist outside of a class or defined type.
gem install puppet-lint-resource_outside_class-check
- Ensure that the reference syntax follows Puppet 4 style.
gem install puppet-lint-resource_reference_syntax
- Check that a node definition declares only a role, a role class does not have any param and only declares profiles, and a profiles class can declare anything but a role. gem install puppet-lint-roles_and_profiles-check
gem install puppet-lint-roles_and_profiles-check
- Checks puppet manifests for security related problems.
gem install puppet-lint-security-plugins
- Check that spaceship operator is called with a tag.
gem install puppet-lint-spaceship_operator_without_tag-check
gem 'puppet-lint-spaceship_operator_without_tag-check', :require => false
- Ensure that your manifests follow a strict indentation pattern.
gem install puppet-lint-strict_indent-check
- Check for missing trailing commas.
gem install puppet-lint-trailing_comma-check
gem 'puppet-lint-trailing_comma-check', :require => false
- Ensure that your manifest files end with newlines.
gem install puppet-lint-trailing_newline-check
- Check for undef in function calls.
gem install puppet-lint-undef_in_function-check
- Check that selectors and case statements cases are quoted.
gem install puppet-lint-unquoted_string-check
gem 'puppet-lint-unquoted_string-check', :require => false
- Check that manifest files contain only US ASCII.
gem install puppet-lint-usascii_format-check
- Ensure that your variables are all lower case.
gem install puppet-lint-variable_contains_upcase
- Check for versions compared as numbers.
gem install puppet-lint-version_comparison-check
gem 'puppet-lint-version_comparison-check', :require => false
- Check for vim comment (modeline) as the last line in a manifest.
gem install puppet-lint-vim_modeline-check