Chrome Remote Beta Notes –

Coming soon,
- an RPM
- better fully functional init script.
- you tell me..

Share

How to get Chrome-Remote-Desktop (BETA) working under Fedora

**** My work on this has paused. 9-5 job. Gonna pick this back up as time permits.
Last I had the app listening and had just modified pam to fix failed logins. Everything was working with the exception of X errors on connection. I’m pretty sure it’s due to my session in the pam file.

Download the Debain package – https://support.google.com/chrome/answer/1649523?hl=en

Convert the deb package to an RPM **
Ok so the –force, I’m not saying it’s a good idea. Just that it works.

 
[root@localhost Downloads]# alien -r chrome-remote-desktop_current_amd64.deb 
Warning: Skipping conversion of scripts in package chrome-remote-desktop: postinst postrm preinst prerm
Warning: Use the --scripts parameter to include the scripts.
chrome-remote-desktop-35.0.1916.17-2.x86_64.rpm generated
[root@localhost Downloads]# yum localinstall chrome-remote-desktop-35.0.1916.17-2.x86_64.rpm 
Loaded plugins: langpacks, refresh-packagekit
Examining chrome-remote-desktop-35.0.1916.17-2.x86_64.rpm: chrome-remote-desktop-35.0.1916.17-2.x86_64
Marking chrome-remote-desktop-35.0.1916.17-2.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package chrome-remote-desktop.x86_64 0:35.0.1916.17-2 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================
 Package                      Arch          Version                Repository                                           Size
=============================================================================================================================
Installing:
 chrome-remote-desktop        x86_64        35.0.1916.17-2         /chrome-remote-desktop-35.0.1916.17-2.x86_64         28 M

Transaction Summary
=============================================================================================================================
Install  1 Package

Total size: 28 M
Installed size: 28 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test


Transaction check error:
  file / from install of chrome-remote-desktop-35.0.1916.17-2.x86_64 conflicts with file from package filesystem-3.2-19.fc20.x86_64
  file /etc/init.d from install of chrome-remote-desktop-35.0.1916.17-2.x86_64 conflicts with file from package chkconfig-1.3.60-4.fc20.x86_64

Error Summary
-------------

Now you can force the RPM…. yes we all know these dangers but here we go
Also add the python-psutils and xorg-x11-server-Xvfb package

[root@localhost Downloads]# rpm -Uvh --force chrome-remote-desktop-35.0.1916.17-2.x86_64.rpm
yum install python-psutil xorg-x11-server-Xvfb

Create a group for yourself and add yourself to the group

[root@localhost Downloads]# groupadd chrome-remote-desktop
[root@localhost Downloads]# usermod -G chrome-remote-desktop mwells
[root@localhost Downloads]# chkconfig chrome-remote-desktop on

Now lets get rid of that ugly debian init script

#!/bin/bash

### BEGIN INIT INFO
# Provides:             chrome-remote-desktop
# Required-Start:       $remote_fs $syslog
# Required-Stop:        $remote_fs $syslog
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description:    Chrome Remote Desktop service
### END INIT INFO

# /etc/init.d/chrome-remote-desktop: Start and stop Chrome Remote Desktop host daemon.

HOST_PATH=/opt/google/chrome-remote-desktop/chrome-remote-desktop

# Group of users for which Chrome Remote Desktop is enabled. Users are added
# to that group when they start the host for the first time.
CHROME_REMOTING_GROUP=chrome-remote-desktop

test -x $HOST_PATH || exit 0

. /lib/lsb/init-functions

if [ "$(whoami)" = "root" ]; then
  # Extract list of users in the chrome-remoting group.
  USERS=$(getent group $CHROME_REMOTING_GROUP |
          awk -F ':' '{ gsub(",", " ", $4); print $4 }')
else
  USERS=$(whoami)
fi

# Tries to wait for 10 seconds until specified command exits and then kills it.
run_with_timeout() {
  "$@" &
  pid=$!
  local time_left=10
  while [ $time_left -gt 0 ]; do
    (kill -0 $pid 2>/dev/null) || return `wait $pid`
    sleep 1
    time_left=$((time_left - 1))
  done
  (kill -0 $pid 2>/dev/null) || return `wait $pid`

  echo command \"$@\" has timed out >&2
  kill $pid
  return 1
}

# Usage: daemon [--login] user program [args...]
#   --login:
#     Run program in a clean login shell. This requires backgrounding, since
#     the user's .profile or .login script might be run, which might contain
#     blocking commands.
daemon() {
  login_options=""
  if [ "$1" = "--login" ]; then
    login_options="-b -i"
    shift
  fi

  user=$1
  shift

  set +e
  if [ "$(whoami)" = "$user" ]; then
    "$@"
  else
    sudo -u "$user" $login_options "$@"
  fi
}

do_start() {
  echo -n $"Starting Chrome Remote Desktop host for $1..."
  daemon --login $1 "$HOST_PATH" --start
  retval=$?
}

do_stop() {
  echo -n $"Stopping Chrome Remote Desktop host for $1..."
  killproc $1 "$HOST_PATH" --stop
  retval=$?
}

do_reload() {
  echo -n $"Reloading Chrome Remote Desktop host configuration for $1..."
  daemon $1 "$HOST_PATH" --reload
  retval=$?
}

do_restart() {
  echo -n $"Restarting Chrome Remote Desktop host for $1..."
  daemon $1 "$HOST_PATH" --stop
  daemon --login $1 "$HOST_PATH" --start
  retval=$?
}

for_each_user() {
  for user in $USERS; do
    $1 $user
  done
}

case "$1" in
  start)
    for_each_user do_start
    ;;

  stop)
    for_each_user do_stop
    ;;

  reload|force-reload)
    for_each_user do_reload
    ;;

  restart)
    for_each_user do_restart
    ;;

  *)
    log_success_msg "Usage: /etc/init.d/chrome-remote-desktop" \
        "{start|stop|reload|force-reload|restart}"
    exit 1
esac

exit 0

Now we need to worry about pam
echo “#%PAM-1.0
auth include password-auth
account required pam_nologin.so
account include password-auth
session include password-auth
” > /etc/pam.d/chrome-remote-desktop

As you !!!

21:01:11-mwells@Oracle:~$ echo "exec /usr/bin/icewm-session" > ~/.chrome-remote-desktop-session 

And finally start the service up.

[root@localhost Downloads]# service chrome-remote-desktop start

Enable remote connections
Open the Chrome Remote Desktop web app.
Click “Enable remote connections.”
Enter a PIN and re-type the PIN. Then click OK.
Dismiss the confirmation dialog.

** credit – ljv5555 in the following post for getting this started; awesome start.

https://productforums.google.com/forum/#!topic/chrome/wrkrUAIxWOw

Ansible IPA Server Playbook V1

So this is my first “real” playbook. Right now it should be clear that it’s in V1, that said….
it works.

In this iteration of the playbook you would modify the vars to match what you need. I’ve also pointed directly to one host via IP address.
So as I said, version 1 and I’ll grow it from there.
Things to come
– logic to ensure the /etc/hosts is setup properly

 
192.168.122.135	ipa.example.com	ipa

– playbook for replica setup and install
– just some general ‘more goodness’

So I’m asking, comment away. What needs to be done? I’m really new with Ansible so let me know.
In general it’s really two commands and that’s a base setup. But I thought it was fun to do and started me farther down the path of Ansible.

---
- hosts: 192.168.122.135
  sudo: False
  user: root
  name: Define IPA Server
  vars:
   - servername: ipa.example.com
   - domain: example.com
   - adminpassword: password1
   - directorypassword: password1
   - realm: example.com
   - dnsforwarder: 8.8.8.8

  tasks:
    - name: Install IPA RPMs, this may take some time
      yum: pkg={{ item }} state=latest
      with_items:
          - ipa-server
          - bind
          - bind-dyndb-ldap
    - name: IPA Server Is Installing, this will certainly take time
      shell: ipa-server-install -a {{ adminpassword }} --hostname={{ servername }} -r {{ realm }} -p {{ directorypassword }} -n {{ domain }} --setup-dns --forwarrder={{ dnsforwarder }} -U

    - name: Firewall is being configured
      shell: lokkit -p 53:tcp -p 80:tcp -p 88:tcp -p 123:tcp -p 389:tcp -p 443:tcp -p 464:tcp -p 636:tcp -p 749:tcp -p 953:tcp -p 7389:tcp -p 7390:tcp -p 9180:tcp -p 9443:tcp -p 9444:tcp -p 9445:tcp -p 9710:tcp -p 53:udp -p 123:udp -p 464:udp

Personal Red Hat Licenses


Cisco Anyconnect with a Chromebook

Ok all, I wanted to post how I now use my chromebook (non-pixel) to connect to my work Cisco Anyconnect VPN.

In developer mode. Install crouton, this is mainly to get the chroot environment.

Open a shell and ‘enter-chroot’
# Install the following items

apt-get install network-manager network-manager-openconnect
apt-get install vpnc uml-utilities

My bash script to connect each time. Once you edit it

#!/bin/bash
### Edit this section for your VPN Setup
SSLVpn="ssl.example.com"
SearchDomain="example.com"
DNSServer="192.168.1.1"   
# Below the 192.168.1.1 is a static example of an internal DNS Server
###
if [ ! -f /dev/net/tun ]; then
        tunctl -t tap1 -f /dev/net/tun 
fi
mknod /dev/net/tun0 c 10 200
cp /etc/resolv.conf ~/.resolv.conf
echo "nameserver ${DNSServer}" > /etc/resolv.conf
echo "search ${SearchExample}" >> /etc/resolv.conf
cat ~/.resolv.conf >> /etc/resolv.conf
openconnect -s /etc/vpnc/vpnc-script ${SSLVpn}
cat ~/.resolv.conf > /etc/resolv.conf
rm /dev/net/tun0

When you’re done, just ctrl+c out and your done.
edit: I was getting some strange errors and had to a little more of a brute force on tun0. SO…. I added the create and delete on tun0.

How to – Nagios and Pushover alerts

First and foremost some great credit to Jedda Wignall from (http://jedda.me) for the notify_by_pushover.sh script. Drop by his site and say thanks.

This is just my implementation of that script and nagios setup in order to get alerts in my notification panel on my Android phone, tablet and iDevices (of which I have none.)

01. Purchase Pushover from your app store; links can be found here – https://pushover.net/
02. Download the notify_by_pushover.sh script. Can be found here – http://jedda.me/tag/pushover/
03. Login to pushover.net and copy off your “Your User Key” for later use
04. Click “Edit” that’s next to “Your Applications”
05. Then select “Create New Application”
06. Name the application Nagios or maybe your Nagios Server name
07. The type will be “website”
08. You can leave the URL blank and upload an Icon for your Nagios server
09. Accept the EULA and click “Create Application”
10. Copy off your “API Token/Key” for later use
11. On your device(s) open and login to the pushover app
12 Copy the “notify_by_pushover.sh” to the Nagios server; I copied mine to “/usr/lib64/nagios/plugins/notify_by_pushover.sh”
13. Ensure that the file is owned by your Nagios user

# chmod 755 /usr/lib64/nagios/plugins/notify_by_pushover.sh
# chown nagios:nagios /usr/lib64/nagios/plugins/notify_by_pushover.sh
# restorecon /usr/lib64/nagios/plugins/notify_by_pushover.sh

14. Modify your Nagios templates file to add the “generic-pushover” template

define contact {
        name generic-pushover
        host_notifications_enabled      1
        service_notifications_enabled   1
        host_notification_period        24x7
        service_notification_period     24x7
        host_notification_options       d,r
        service_notification_options    c,r
        host_notification_commands      notify-host-pushover
        service_notification_commands   notify-service-pushover
        can_submit_commands             1
        retain_status_information       1
        retain_nonstatus_information    1
        register
}

15. Now add command definitions to enable the notification to leave

# 'notify-host-pushover' command definition
define command {
  command_name    notify-host-pushover
   command_line    /usr/lib64/nagios/plugins/notify_by_pushover.sh -u $CONTACTADDRESS1$ -a $CONTACTADDRESS2$ -c 'persistent' -w 'siren' -t "Nagios" -m "$NOTIFICATIONTYPE$ Host $HOSTNAME$ $HOSTSTATE$"
}

# 'notify-service-pushover' command definition
define command {
  command_name   notify-service-pushover
  command_line   /usr/lib64/nagios/plugins/notify_by_pushover.sh -u $CONTACTADDRESS1$ -a $CONTACTADDRESS2$ -c 'persistent' -w 'siren' -t "Nagios" -m "$HOSTNAME$ $SERVICEDESC$ : $SERVICESTATE$ Additional info: $SERVICEOUTPUT$"
}

16. Now finally add some information to your contact information. I added a new stanza with Pushover information. Also since Nagios has a limited set of options it can use within contacts I used the “address1” and “address2” attributes.

define contact{
        use			generic-pushover
        contact_name		matt_wells_pushover
        alias				Matt Wells Pushover
        contactgroups		pushover-it
        address1			zxcvbnmUSERKEYmnbvcxz
        address2			poiuytrewqAPIKEYqwertyuiop
}

You should be done now! Enjoy your alerts.
Some items to note. I selected the “persistent” alarm when critical and the “siren” when warning. You can change those to anything you see fit.
Also I’ve toyed with the idea of adding links to the alerts but haven’t really done much with that yet.

Git activity

Master IPTables

These are some awesome videos for iptables; I really enjoyed them and if you as well make sure you tell the guys over at Linux Journal.
I find embedded videos annoying so I’m just putting these links up.

Mastering IPTables by Linux Journal

http://www.linuxjournal.com/

IPTables Episode one

IPTables Episode two

IPTables Episode three

IPA Link from Red Hat

This is just a great video and link to the Enterprise IPA Server.
Red Hat IPA Server