orx57 RSS

🔒
❌ À propos de FreshRSS
Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hierFedora Magazine

Submissions now open for the Fedora 26 supplemental wallpapers

Par Sirko Kemter

Each release, the Fedora Design team works with the community on a set of 16 additional wallpapers. Users can install and use these to supplement the standard wallpaper. Submissions are now open for the Fedora 26 Supplemental Wallpapers, and will remain open until March 22, 2017

You always wanted to start contributing to Fedora but don’t know how? Contributing a supplemental wallpaper is one of the easiest way to start as a Fedora Contributor.

What exactly are the supplemental wallpapers?

Supplemental wallpapers are the non-default wallpapers provided with Fedora. Each release, the Fedora Design team works with the community on a set of 16 additional wallpapers. Users can install and use these to supplement the standard wallpaper.

Dates and deadlines

The submission phase opens January 30 2017 and ends March 22 at 23:59 UTC.

Important note, submissions during the last hours can in certain circumstances not get into the election, if there is no time to do the legal research.

The legal research is done by hand and very time consuming, so please help by following the guidelines correctly and submit only work that has the correct license.

The voting will open automatically 23 March 2017 and will be open until April 6 2017 at 23:59 UTC

How to contribute to this package

Fedora uses for the submission the application Nuancier for managing the submissions and the voting process.

For an submission you need an Fedora account. If you have none, you have to create one before here. For being allowed to vote, you must have membership in another group as cla_done or cla_fpca.

For inspiration you can look to former submissions and the  previous winners. Here are some of the last election:

Fedora 25 wallpaper - Droplet On Pebble Fedora 25 wallpaper -Winter in Bohemia Fedora 26 wallpaper - Cherry Blossom Fedora 25 wallpaper - Zen Fedora 25 wallpaper - Matterhorn Fedora 25 wallpaper - Milky Way over the Mang Fedora 25 wallpaper - Raindrop Fedora 25 wallpaper - Manhattan Fedora 25 wallpaper - Grytviken Fedora 25 wallpaper - Forrest Path Fedora 25 wallpaper - Soft Blue Fedora 25 wallpaper - Caion Do Xingo Fedora 25 wallpaper - Chihuly Fedora 25 wallpaper - color Fedora 25 wallpaper - Poetry The Bois de Vincennes

The number of submissions a contributor can make is limited. A participant can only upload two submissions to Nuancier. In case you submit multiple versions of the same image, the team will choose one version of it and accept it as one submission, and deny the other one.

Submissions which was submitted already before and was not selected get rejected. Starting with this election also creations which have not an essential height get rejected.

Denied submissions also count, so if you make two contributions and both are rejected, you cannot submit more. Use your best judgment for your submissions.

Badges

You can also earn badges for contributing. One badge is for an accepted submission. Another badge is if your submission is a chosen wallpaper. A third is awarded if you participate in the voting process. You have to claim this badge during the voting process, as it is not granted automatically.

Regulations for Submissions

Subject matter

  • Must not contain brand names or trademarks of any kind (including Fedora itself).
  • Must not contain material that is inappropriate, offensive, indecent, obscene, hateful, tortuous, defamatory, slanderous or libelous.
    • No sexually explicit or provocative subject matter.
    • No images of weapons or violent imagery.
    • No alcohol, smoking, or drug use imagery.
  • Must not contain material that promotes bigotry, racism, hatred or harm against any group or individual or promotes discrimination based on race, gender, religion, nationality, disability, sexual orientation or age.
  • Must not contain material that is unlawful, in violation of or contrary to the laws or regulations in the jurisdiction where the work is created
  • No religious, political, or nationalist imagery (including flags).
  • No images of hats, particularly fedoras.
    • This is a matter of respect for our primary sponsor, Red Hat, Inc., and is not negotiable. Of course, passive appearance of hats, such as those upon heads in a crowd, are allowed.
  • No version numbers. End users might prefer to continue to use an older theme, or use the latest theme in their older version of Fedora. To enable that choice, do not use any version numbers within the Fedora artwork.
  • No text. Text should not be used in the background because the artwork is intended for a global audience and to be reused by derivative distributions.
  • Should not contain images of people (contemporary, historical, or fictional).
  • Should not contain images of pets or captive / mistreated animals.

 Technical requirements

  • Submitted wallpapers must use a format that can be read by software available in Fedora Package Collection. Preferred image formats is PNG.
  • Originals for landscape formats must be a minimum of 1600 pixels wide and 1200 pixels high. The larger the better. Photographic submissions should be made at the highest resolution the camera is capable of.
  • Submitted wallpapers should be provided in a 16 x 9 aspect ratio if possible.
  • No watermarks, signatures, photographer or creator names, or messages may be included in any part of the work.

Other requirements

  • Submissions must not contain material that violates or infringes anothers rights, including but not limited to privacy, publicity or intellectual property rights, or that constitutes copyright infringement.
  • If your submissions include or derive from artwork created by other people, please make sure the license of the original work you incorporate is compatible with Fedora and that you are not violating any of the provisions of its license.
  • Make sure you provide attribution to artists that license their work with a CC Attribution clause.
  • Submission should have the consent and approval of the author or creator
  • Submissions are thereby licensed to the public for reuse under CC-BY-SA unless another accepted approved liberal open source license.
    See a list of approved licenses for Fedora.
  • Note that we can not accept NC (no commercial use) or ND (no derrivatives) submissions!

Using the YubiKey4 with Fedora

Par lmacken

A YubiKey is a hardware authentication device that can be used for various one-time password (OTP) and authentication methods. This article explains some of the ways to use the the YubiKey4 with Fedora. Other versions may be incompatible or require additional configuration.

What is a YubiKey?

From the Yubico site: “A YubiKey is a small device that you register with a service or site that supports two-factor authentication. Two-factor authentication means that each time you log in, the service will request proof that you have your YubiKey in addition to your regular username and password. Phishing, malware, and other attack methods don’t work because they would need both your physical key and your passwords to breach your accounts.”

Two-factor authentication with the Yubico Authenticator tool

The Yubico Authenticator tool lets you generate OATH one-time password codes with your YubiKey. It can store up to 32 OATH event-based HOTP and time-based TOTP credentials on the device itself, which makes it easy to use across multiple computers. The software is freely available in Fedora in the `yubioath-desktop` package, and also provides a yubioath-cli command-line tool. If you desire the gui version after install invoke yubioath-gui.

Using the Yubico Authenticator for two-factor authentication

Using the Yubico Authenticator for two-factor authentication with the YubiKey

GPG smartcard for SSH authentication

The YubiKey4 contains an OpenPGP smartcard applet, which lets you import and GPG keys on the hardware. You can also use these keys for SSH authentication to remote machines with the `gpg-agent`. This allows you to use GPG and SSH without storing any private keys on your computer at all.

You’ll first want to go through the “Importing Keys” instructions for setting up your GPG keys. Then there is a great guide created by a number of Fedora contributors for configuring GPG and GNOME to use your YubiKey as a GPG smartcard for SSH authentication.

FIDO Universal 2nd Factor

U2F is an open authentication standard that enables internet users to securely access any number of online services, with one single device, instantly and with no drivers or client software needed.

Fedora ships the `pam-u2f` package which provides an easy way to integrate the Yubikey (or other U2F-compliant authenticators) into your existing user authentication infrastructure.

Authentication with PAM

You can use your YubiKey to log in to your Fedora machines by configuring PAM with the pam_yubico module. There are detailed instructions for how to do this on the Fedora Wiki.

Other resources


PulseAudio 10.0 now available for Fedora 25

Par Ryan Lerch

Earlier this month, PulseAudio 10.0 was released. It’s now available from the official Fedora repositories for all users running Fedora 25. PulseAudio is the default sound server in Fedora. That makes it the primary piece of software responsible for sound on your Fedora system. Version 10.0 is the latest major release from the PA team. It has many bugfixes and enhancements since the 9.0 release in mid-2016.

Fixes and improvements

PulseAudio 10.0 has improved support for Bluetooth profiles. It can now switch automatically between the the A2DP profile typically used for music, and the HSP profile used for telephony and VOIP. It now also stores different volume level settings for the A2DP and HSP bluetooth profiles.

There’s also has better support for USB connected surround sound devices. If you plugged in a device like this previously, it wouldn’t work. Version 10 now should allow these devices to work normally.

Other improvements and bugfixes in version 10 include:

  • The new module-allow-passthrough module prioritizes pass-through streams.
  • pulseaudio.socket is always started first if systemd is used to start PulseAudio.
  • Compatibility issues with OpenSSL 1.1.0 are fixed.

For a full changelog and detailed descriptions of changes in version 10.0, read the Release Notes.

Found a bug?

As with any software, there are probably still bugs in PulseAudio. Therefore, if you run into one, you might find this Fedora wiki page useful. As that page suggests, you should file bugs upstream and not in Fedora. That way they’ll get noticed by the people best situated to fix them. Any fixes make their way back down to Fedora in stable updates later.


FCAIC in the House, part II

Par Brian (bex) Exelbierd

As you may remember from part I, I became the cake-man (that’s FCAIC or Fedora Community Action and Impact Coordinator) about three months ago.  It has been an exciting adventure moving from an engineering role into one where I work as a kind of “Community Manager” or “Community Lead” that thinks about users and contributors as mechanics of keeping the project running smoothly. I’m writing today to update you on what I’ve been working on relative to my goals and to invite you to help me make it all even better. I’d also like to share some ideas about where to go from here.

How’d I do?

I listed four goals in part I:

Get to know the community

As I mentioned before, this is a never-ending goal. I keep meeting amazing people focused on areas of the project which were not on my contribution radar before I became FCAIC. Passionate, intelligent and helpful people with real insights and experience have helped me so much in my first few months. I look forward to continuing to rely on them and hope that my contributions back have been helpful to them too.

As part of this goal I attended both FUDCon LATAM and FUDCon APAC. These two events were held at local universities in Puno, Peru and Phnom Penh, Cambodia. It was great to see how our contributors break down Fedora for these kinds of audiences. I also learned a lot about LATAM and APAC and how they fit into Fedora. As an American living in the Czech Republic I had a fairly good appreciation for NA and EMEA and I was glad to expand my knowledge.

I’ve discovered there are some challenges in all of our regions and that we need to make sure we are doing the right things. Some of it is just resourcing and some of it is working through culture on all sides to get people talking.

In the next few months I will be at DevConf.cz and FOSDEM. Fedora will have a strong presence at both conferences and I am looking forward to interacting with our Ambassadors and other attending contributors. I will be focused on several activities, including contributing to the Diversity FAD taking place during DevConf.cz and other meetings around Fedora topics. At FOSDEM I have the fantastic opportunity to help make the Distributions devroom happen with the world-famous Brian Stinson from CentOS.

If you’re going to be near me, let me know so we can meet and say “hello.” I’ll endeavor to keep my travel schedule on the Fedora vacation calendar so you can find me when I’m not at home.

Budget.Next

As you know, Budget.Next is the project to change the way Fedora manages money. I’ve been working hard with the regional treasurers and credit card holders (Neville Cross (Yn1v), Mohd Izhar Firdaus Ismail (izhar), Abdel G. Martinez L. (potty), Zacharias Mitzelos (mitzie), Joerg Simon (jsimon), and Andrew Ward (award3535)) to put together a system that will meet our needs. Without data we can’t make decisions. Data has been inconsistent in the project and the regions and we have worked together to fix this. More details will be posted in a longer article on the Fedora Community Blog later, however, the short version is that we have:

  1. Built a data storage system using ledger, a plain text accounting system that has been packaged in Fedora for a while.
  2. Start writing of some basic reports to show the overall data and position for our project and the regions.
  3. Start rebuilding the budget website to display all the information.

I am sure we have a lot of lessons to discover as we move through this fiscal year, but I am very excited about having data on demand and being able to move the conversation forward from discussing numbers to discussing impact. Together we can make this process seamless and a model for other organizations that want to be transparent about their finances.

I am also working with the Council on our reimbursement policies and methods and looking at ways to improve our use of sponsored travel.

Interested in helping out? Feel free to contact me right now. On the technical side, I’d love some help from folks interested in Ruby, AsciiDoc, Jenkins, testing (CI – Continuous Integration) and automated deployments (CD – Continuous Deployment). On the policy and procedure side, let me know about ideas and help me draft a great way forward for us. This is a great project for new contributors and junior coders or system administrators.

FOSCo (and FAmSCo)

The Fedora Ambassador Steering Committee (FAmSCo) has just recently had an election welcoming in lots of new members. We didn’t accomplish the goals related to creating an Outreach Steering Committee (FOSCo), but that’s OK. Working with the members of the previous FAmSCo has taught me a lot about Ambassadors. I am excited to work with the new FAmSCo to support them as they look at ways to make our Ambassadors program stronger.

Fedora Docs publishing

Our documentation reboot work continues. The documentation team has decided to move to AsciiDoc and modular writing.

We haven’t fully resolved the tooling, so there are still at least two proposals in motion. I am working on a proposal to use AsciiBinder as our main docs engine for the next few releases. I’ve been talking to the upstream and they are excited by the project. I’ve been shamelessly using my work on the budget website to help model this.

There is also some exciting work going on in figuring out modular writing with work being driven by several folks, including Shaun McCance and Petr Bokoc. What is modular writing? It is a way of putting together discrete text into larger units that answer user stories. Confused? You won’t be after reading this fantastic explanation by Petr.

I’m still working toward my personal goal of us having a new publication solution by Fedora 26.

Interested in helping out? Get involved with the Docs Project or feel free to contact me right now. On the technical side, I’d love some help from folks interested in format conversions (DocBook->AsciiDoc – think perl, python, bash, etc.), ruby, AsciiDoc, Jenkins, testing (CI – Continuous Integration) and automated deployments (CD – Continuous Deployment). We also need help on the writing side with modular writing and general updates.

What’s next?

For the next few months, I’d like to focus on the following:

  • Get to know the community
  • Budget.Next
  • FAmSCo and FOSCo
  • Fedora Docs Publishing
  • Events
  • Packaging

So my four goals from last quarter are still ongoing efforts. That’s cool, some, like getting to know the community will hopefully never end! To these goals, I am adding:

Events

Flock 2017 bidding has opened and I am looking forward to helping make that event happen. If you’re in North America, get your bids in now!

I’ve started a pair of conversations on the council-discuss mailing list about Flock and FUDCon. We have lots of opportunities and we need to figure out how to best use our people and resources to accomplish our goals. Please join in and let everyone know how we can make our events work even better for us in the future.

Packaging

No major initiatives here, my interest here is personally focused. The situation is that I have never packaged anything in Fedora before. That is a huge area of activity for us, so I am putting together my first package submission, bringing DayJournal to Fedora. I’ve been receiving amazing feedback from Igor Gnatenko and Neal Gompa in my packaging ticket and I hope to reach completion and approval soon.

So there you have it. Let me know if I’ve missed anything. Let me know if you have input into what I’m doing or want to help. And by all means let me know what we can work on together. I can’t do it all alone (and I don’t want too!) and I can’t even help with everything I want to, but I want to make sure my work is helping the community move forward.

Read more over at the Fedora Magazine where this was originally posted.


Configure your Fedora system to use sudo

Par Paul W. Frields

The sudo command makes it easier to manage your Fedora system. Certain commands in Fedora expect to be run only by a privileged user or administrator. The sudo command lets you run a command as if you’re the administrator, known as root.

Unlike some other methods, it also offers some key features:

  • Keeps a log when someone uses sudo to run a command
  • Supports automatic command line completion
  • Allows sharing of privileges without sharing the root password

Set up during installation

If you are installing Fedora, you can configure this function in advance. In the installer, when you set up a normal user account, check the option for Make this user administrator:

User administrator (sudo) option enabled in installer

Behind the scenes, this option sets up the user so they can use sudo when they login. This is a time saver for installations like laptops. They typically have a single user who owns the system.

Set up after installation

If you’ve already installed your system, don’t worry. You can still configure this option. First, open a terminal if needed. Use this command to verify your user account name:

$ id
uid=1000(john) gid=1000(john) groups=1000(john) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

In this example, your account name is john. Next, use this command to assume privileges of root, the system administrator. Enter the password for root at the prompt.

su -

Next run this command to add your username to the special wheel group. This group is already set up to provide sudo access:

usermod -a -G wheel john

You can check the results using the id command:

# id
uid=1000(john) gid=1000(john) groups=1000(john),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Using sudo

You must logout, and then login, to inherit the group membership change. Once you do, you can issue a command like this:

sudo <command>

You are asked for your account password, not the password for root. The command then runs, as if you were the system administrator. If you want to start an interactive root shell, use this command:

sudo -i

 


Inkscape 0.92 available in Fedora

Par Ryan Lerch

Earlier this month, the Inkscape project released version 0.92 of the Inkscape vector graphics editor. Inkscape 0.92 is now also available for download from the official Fedora repositories for Fedora 24 and Fedora 25. If you already have Inkscape installed, you will receive the updated version when you next update with DNF or the Software Application.

Inkscape is a versatile, feature rich vector graphics editor that can be used for a wide range of tasks, including UI mockups, icons, logos, digital illustration. Inkscape uses the Scalable Vector Graphics (SVG) format as the primary source filetype, which is getting more and more popular as a format for vector graphics on the web. Inkscape can also export to a wide range of different formats, including PNG and PDF.

What’s new in Inkscape 0.92

Despite the seemingly small version number bump from the previous 0.91 release of Inkscape,  Inkscape 0.92 provides a range of new features and bugfixes, including mesh gradients, improved support for the SVG2 and CSS3 specs, brand new path effects, and the new Object dialog managment of objects. The Inkscape 0.92 Release Notes has a full list and descriptions of all the new features and bugfixes.

Mesh Gradients

The flagship new feature in this updated version of Inkscape is support for creating and editing gradient meshes. In previous versions of Inkscape, creating complex shading involved multiple objects with gradients and blurs applied. With gradient meshes in Inkscape, it is now possible to create more complex shading effects with a single gradient.

A single inkscape rectangle object with a mesh gradient applied

With mesh gradients it is also possible now to create single, detailed conical gradients, which can be used to simulate shiny metal discs, or create a colorwheel:

 

Objects Dialog

Inkscape 0.92 also introduces a new objects dialog that will be useful for artists that have complicated drawings with many objects, grouped in many ways. This new dialog provides a tree view of all the objects in the document, allowing you to drill down and find the specific element you want to work on:

 

Be sure to check out the Release Notes and the Release Announcement for more details on these and the many other features in this new version of Inkscape.

Save

Save

Save

Save

Save

Save

Save


Improve your sleep by using Redshift on Fedora

Par novel

The blue light emitted by most electronic devices, is known for having a negative impact on our sleep. We could simply quit using each of our electronic devices after dark, as an attempt to improve our sleep. However, since that is not really convenient for most of us, a better way is to adjusts the color temperature of your screen according to your surroundings. One of the most popular ways to achieve this is with the Redshift utility. Jon Lund Steffensen , the creator of Redshift, describes his program in the following way:

Redshift adjusts the color temperature of your screen according to your surroundings. This may help your eyes hurt less if you are working in front of the screen at night.

The Redshift utility only works in the X11 session on Fedora Workstation. So if you’re using Fedora 24, Redshift will work with the default login session. However, on Fedora 25, the default session at login is Wayland, so you will have to use the GNOME shell extension instead. Note, too that the GNOME Shell extension also works with X11 sessions.

Redshift utility

Installation

Redshift is in the Fedora’s repos, and thus, all we have to do to install is run this command:

sudo dnf install redshift

The package also provides a GUI. To use this, install redshift-gtk instead. Remember, though, that the utility only works on X11 sessions.

Using the Redshift utility

Run the utility from the command line with a command like the following:

redshift -l 23.6980:133.8807 -t 5600:3400

In the above command, the -l 23.6980:133.8807 means we are informing Redshift that our current location is 23.6980° S, 133.8807° E. The -t 5600:3400 declares that during the day you want a colour temperature of 5600, and 3400 at night.

The temperature is proportional to the amount of blue light emitted: a lower temperature, implies a lower amount of blue light.  I prefer to use 5600K (6500K is neutral daylight) during the day, and 3400K at night (anything lower makes me feel like I’m staring at a tomato), but feel free to experiment with it.

If you don’t specify a location, Redshift attempts to use the Geoclue method in order to determine your location coordinates. If this method doesn’t work, you could use multiple websites and online maps to find the coordinates.

screenshot1

Don’t forget to set Redshift as an autostart command, and to check Jon’s website for more information.

Redshift GNOME Shell extension

The utility does not work when running the Wayland display server (which is standard in Fedora 25). Fortunately, there is a handy GNOME Shell extension that will do the same job. To install, run the the following commands:

sudo dnf copr enable mystro256/gnome-redshift
sudo dnf install gnome-shell-extension-redshift

After installing from the COPR repo, log out and log back in of your Fedora Workstation, then enable it in the GNOME Tweak tool. For more information, check the gnome-redshift copr repo, or the github repo.

After enabling the extension, a little sun (or moon) icon appears in the top right of your GNOME shell. The extension also provides a settings dialog to tweak the times of the redshift and the temperature.

screenshot-from-2017-01-18-15-21-47

 

Relative software

F.lux

Redshift could be seen as the open-source variant of F.lux. There is a linux version of F.lux now. You could consider using it if you don’t mind using closed-source software, or if Redshift doesn’t work properly.

Twilight for Android

Twilight is similar to Redshift, but for Android. It makes reading on your smartphone or tablet late at night more comfortable.

Redshift plasmoid

This is the Redshift GUI version for KDE. You can find more information on github.

 

 

 

 

 

 

 

 

 

Save

Save

Save

Save

Save

Save


Use Docker remotely on Atomic Host

Par Trishna Guha

Atomic Host from Project Atomic is a lightweight container based OS that can run Linux containers. It’s been optimized to use as a container run-time system for cloud environments. For instance, it can host a Docker daemon and containers. At times, you may want to run docker commands on that host and manage the server from elsewhere. This article shows you how to remotely access the Docker daemon of the Fedora Atomic Host, which you can download here. The entire process is automated by Ansible — which is a great tool when it comes to automating everything.

A note on security

We’ll secure the Docker daemon with TLS, since we’re connecting via the network. This process requires a client certificate and server certificate. The OpenSSL package is used to to create the certificate keys for establishing a TLS connection. Here, the Atomic Host is running the daemon, and our local Fedora Workstation acts as a client.

Before you follow these steps, note that any process on the client that can access the TLS certs now has full root access on the server. Thus, the client can do anything it wants to do on the server. Therefore, we need to give cert access only to the specific client host that can be trusted. You should copy the client certificates only to a client host completely under your control. Even in that case, client machine security is critical.

However, this method is only one way to remotely access the daemon. Orchestration tools often provide more secure controls. The simple method below works for personal experimenting, but may not be appropriate for an open network.

Getting the Ansible role

Chris Houseknecht wrote an Ansible role that creates all the certs required. This way you don’t need to run openssl commands manually. These are provided in an Ansible role repository. Clone it to your present working host.

$ mkdir docker-remote-access
$ cd docker-remote-access
$ git clone https://github.com/ansible/role-secure-docker-daemon.git

Create config files

Next, you must create an Ansible configuration file, inventory and playbook file to setup the client and daemon. The following instructions create client and server certs on the Atomic Host. Then, they fetch the client certs to the local machine. Finally, they configure the daemon and client so they talk to each other.

Here is the directory structure you need. Create each of the files below as shown.

$ tree docker-remote-access/
docker-remote-access/
├── ansible.cfg
├── inventory
├── remote-access.yml
└── role-secure-docker-daemon

ansible.cfg

 $ vim ansible.cfg
[defaults]
inventory=inventory

inventory

 $ vim inventory
[daemonhost]
'IP_OF_ATOMIC_HOST' ansible_ssh_private_key_file='PRIVATE_KEY_FILE'

Replace IP_OF_ATOMIC_HOST in the inventory file with the IP of your Atomic Host. Replace PRIVATE_KEY_FILE with the location of the SSH private key file on your local system.

remote-access.yml

$ vim remote-access.yml
---
- name: Docker Client Set up
  hosts: daemonhost
  gather_facts: no
  tasks:
    - name: Make ~/.docker directory for docker certs
      local_action: file path='~/.docker' state='directory'

    - name: Add Environment variables to ~/.bashrc
      local_action: lineinfile dest='~/.bashrc' line='export DOCKER_TLS_VERIFY=1\nexport DOCKER_CERT_PATH=~/.docker/\nexport DOCKER_HOST=tcp://{{ inventory_hostname }}:2376\n' state='present'

    - name: Source ~/.bashrc file
      local_action: shell source ~/.bashrc

- name: Docker Daemon Set up
  hosts: daemonhost
  gather_facts: no
  remote_user: fedora
  become: yes
  become_method: sudo
  become_user: root
  roles:
    - role: role-secure-docker-daemon
      dds_host: "{{ inventory_hostname }}"
      dds_server_cert_path: /etc/docker
      dds_restart_docker: no
  tasks:
    - name: fetch ca.pem from daemon host
      fetch:
        src: /root/.docker/ca.pem
        dest: ~/.docker/
        fail_on_missing: yes
        flat: yes
    - name: fetch cert.pem from daemon host
      fetch:
        src: /root/.docker/cert.pem
        dest: ~/.docker/
        fail_on_missing: yes
        flat: yes
    - name: fetch key.pem from daemon host
      fetch:
        src: /root/.docker/key.pem
        dest: ~/.docker/
        fail_on_missing: yes
        flat: yes
    - name: Remove Environment variable OPTIONS from /etc/sysconfig/docker
      lineinfile:
        dest: /etc/sysconfig/docker
        regexp: '^OPTIONS'
        state: absent

    - name: Modify Environment variable OPTIONS in /etc/sysconfig/docker
      lineinfile:
        dest: /etc/sysconfig/docker
        line: "OPTIONS='--selinux-enabled --log-driver=journald --tlsverify --tlscacert=/etc/docker/ca.pem --tlscert=/etc/docker/server-cert.pem --tlskey=/etc/docker/server-key.pem -H=0.0.0.0:2376 -H=unix:///var/run/docker.sock'"
        state: present

    - name: Remove client certs from daemon host
      file:
        path: /root/.docker
        state: absent

    - name: Reload Docker daemon
      command: systemctl daemon-reload
    - name: Restart Docker daemon
      command: systemctl restart docker.service

Access the remote Atomic Host

Now, run the Ansible playbook:

$ ansible-playbook remote-access.yml

Make sure that the tcp port 2376 is opened on your Atomic Host. If you’re using Openstack, add TCP port 2376 in your security rule. If you’re using AWS, add it to your security group.

Now, a docker command run as a regular user on your workstation talks to the daemon of the Atomic host, and executes the command there. You don’t need to manually ssh or issue a command on your Atomic host. This allows you to launch containerized applications remotely and easily, yet securely.

If you want to clone the playbook and the config file, there is a git repository available here.

docker-daemon


Image courtesy of Axel Ahoi — originally posted to Unsplash.


How to install Apache web server on Fedora

Par Paul W. Frields

One of the most common uses for any Linux system is as a web server. By far the most prevalent and famous web server is Apache. Apache is readily available in Fedora in pre-packaged form. You can use it to host content and applications for free anywhere you have a server.

Installing Apache

First, install the software packages for the Apache server. The recommended way to install the server is in a group of related packages.

su -c 'dnf group install "Web Server"'

This command installs the entire Web Server package group. The group includes other commonly used tools such as:

  • PHP and Perl support
  • The squid caching proxy
  • Documentation
  • Traffic analysis tools

If for some reason you don’t want these helpful packages, you can install the web server by itself. Use this command:

su -c 'dnf install httpd'

The web server package, httpd, depends on some other packages. They must be installed for the web server to function. This command installs those dependencies.

Configuring the system

Next, you may need to configure the system so other computers can contact the web server. You can skip this step if you only want to test a web server on the same computer you’re on.

Fedora systems have a protective firewall by default. Therefore, you must open specific service ports in that firewall to let other computers connect. To open the specific firewall ports for the web server, run these commands:

su -c 'firewall-cmd --add-service=http --add-service=https --permanent'
su -c 'firewall-cmd --reload'

The two service ports opened are:

  • http — Port 80, used for standard, non-secure web communications
  • https — Port 443, used for secure web communications

Also note the reload command makes these services active. Therefore, if you haven’t made other firewall changes permanent, those changes are lost when you reload. If you only want to open these services temporarily, use this command:

su -c 'firewall-cmd --add-service=http --add-service=https'

Testing the web server

Open a web browser on your system. Go to http://localhost and a web page like this appears:

Apache web server test page on Fedora

Apache web server test page on Fedora

This page confirms your web server is running correctly.

Now what?

The next steps are entirely up to you. Here is one article with ideas for what to do with your new web server.


Image courtesy of Markus Spiske — originally posted to Unsplash.


Help FreeOrion come to Fedora

Par Link Dupont

Last month, Fedora Magazine published an article on how to compile and install FreeOrion. That article sparked some interest in open-source gaming on Fedora, and now FreeOrion is coming to Fedora.

Installing FreeOrion

FreeOrion is currently available in the fedora-updates-testing repositories for Fedora 24 and 25. To install it, temporarily enable the “testing” repository with dnf:

dnf --enablerepo=updates-testing install freeorion

Once installed, you can launch the app either from withing GNOME Shell or by running freeorion in Terminal.

Help Wanted

Bodhi is Fedora’s package update system. Fedora packagers stage new versions of their packages in Bodhi. This gives adventurous users the chance to test out upcoming versions of packages before they land in fedora-updates. Providing feedback doesn’t require a Fedora Account; simply fill out the form on each update page with your feedback.

Feedback consists of comments, and either a positive or negative “karma” vote. Once a package has received enough positive karma, the submitter can push the package to the stable repositories, making it available to all Fedora users.

Don’t stop with FreeOrion! Providing feedback to testing packages in Bodhi is a great way to get started contributing to Fedora on your own time. It helps packagers and improves the overall quality of packages that land in the stable updates repository.


❌