document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-28 23:20:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2 from LCTT/master

Browse Source 
Update Repository
This commit is contained in:
joeren 2014-08-27 18:36:02 +08:00
commit 4b0f6d1f05
34 changed files with 1558 additions and 295 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
translated/tech/20140624 Super Pi Brothers.md → published/20140624 Super Pi Brothers.md
View File

@ -1,23 +1,27 @@
超级树莓派兄弟
================================================================================
我已经不象以前那样玩那么多游戏了。虽然之前我当然花费了生命里的无数时间在任天堂SNES或是之后在我电脑上的第一人称射击游戏只在Linux下谢谢如今我更愿意把空余时间花在我累积起来的许多其他非游戏爱好上。但是最近我发现自己又抹掉了Wii手柄上的灰尘这样就可以玩一玩我重新购买的NES和SNES游戏了。不过问题是这些游戏需要用到一些特别的控制器而且我已经有一个修改过的SNES控制器可以通过USB连接。这已经有足够的理由让我去寻找一个更合适的方案。当然我也可以简单地接上三个甚至四个手柄然后在客厅里面堆满游戏。但是我已经习惯于把我的CD和DVD都提取成文件然后在中心媒体服务器上挑选着听或是看。所以如果每次我想换游戏的时候不用起身去翻游戏卡带那就完美了。当然这意味着得使用模拟器。尽管之前我在一个改动过的Xbox上成功过不过可惜它已经不在我手上了。然后我觉得一定有什么人已经在树莓派上实现过这种平台结果是肯定的在简单地搜索和一些命令之后我在一个剩下的树莓派上搭起来一个完美的怀旧游戏中心。
我已经不象以前那样玩那么多游戏了。虽然之前我当然花费了生命里的无数时间在任天堂SNES或是之后在我电脑上的第一人称射击游戏只在Linux下谢谢如今我更愿意把空余时间花在我累积起来的许多其他非游戏爱好上。
但是最近我发现自己又抹掉了Wii手柄上的灰尘这样就可以玩一玩我重新购买的NES和SNES游戏了。不过问题是这些游戏需要用到一些特别的控制器而且我已经有一个修改过的SNES控制器可以通过USB连接。这已经有足够的理由让我去寻找一个更合适的方案。
当然我也可以简单地接上三个甚至四个手柄然后在客厅里面堆满游戏。但是我已经习惯于把我的CD和DVD都提取成文件然后在中心媒体服务器上挑选着听或是看。所以如果每次我想换游戏的时候不用起身去翻游戏卡带那就完美了。
当然这意味着得使用模拟器。尽管之前我在一个改动过的Xbox上成功过不过可惜它已经不在我手上了。然后我觉得一定有什么人已经在树莓派上实现过这种平台结果是肯定的在简单地搜索和一些命令之后我在一个剩下的树莓派上搭起来一个完美的怀旧游戏中心。
树莓派项目的一个优点是有大量的用户在使用相同的硬件。对我来说这意味着我不用完整地参考别人的指引再根据自己的需求做出必要的改动而只需要简单地完全按照别人的指导做就行了。在我这件事情上我找到了RetroPie项目它把你安装时需要用到的所有命令都包到了一个单一的大脚本中。在执行完后你就完整地安装并配置好了RetroArch它集成了所有的主流模拟器以及一个统一的配置方式再加上一个在树莓派上开机启动的EmulationStation图形界面通过它可以只用手柄就能方便地定位到你想玩的游戏。
### 安装RetroPie ###
在安装RetroPie之前你可能需要确认一下你的Raspbian版本树莓派默认的Linux发行版这也是这个项目假设你在用的是不是最新的包括有没有新的固件。这只需要几个通用的`apt`命令。虽然,在这一步里你当然可以接个键盘到树莓派上,不过我觉得用`ssh`登录到树莓派上更方便。之后直接复制和粘贴下面的命令:
在安装RetroPie之前你可能需要确认一下你的Raspbian版本树莓派默认的Linux发行版这也是这个项目假设你在用的是不是最新的包括有没有新的固件。这只需要几个通用的`apt`命令。虽然,在这一步里你可以接个键盘到树莓派上,不过我觉得用`ssh`登录到树莓派上更方便。之后直接复制和粘贴下面的命令:
$ sudo apt-get update
$ sudo apt-get -y upgrade
现在树莓派已经更新到最新了再确认一下是否安装了git和dialog然后可以通过git来下载RetroPie
$ sudo apt-get -y install git dialog
$ cd
$ git clone --depth=0
↪git://github.com/petrockblog/RetroPie-Setup.git
$ git clone --depth=0 git://github.com/petrockblog/RetroPie-Setup.git
执行完上边的命令后会创建一个RetroPie-Setup目录里面有主要的安装脚本。之后你只需要进去这个目录并运行安装脚本
@ -29,9 +33,9 @@
![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/medium-350px-centered/u1002061/11576f1.png)
#### 图1. RetroPie安装菜单 ####
*图1. RetroPie安装菜单*
在vanilla Raspbian固件版本中这一步会需要很长时间因为有大量不同的包需要下载和安装。在安装完成之后返回在RetroPie安装主界面中在主菜单里选择SETUP在之后的二级菜单里你可以调整设置例如是否开机启动EmulationStation推荐打开以及是否允许欢迎界面。在我这里我两个都允许了因为我希望这个设备是一个独立的模拟游戏机。不过你需要了解的是如果你确实允许了EmulationStation开机自动启动你仍然可以ssh登录到机器上然后执行原始的RetroPie安装配置脚本来改变这个设置。
在vanilla Raspbian固件版本中这一步会需要很长时间因为有大量不同的包需要下载和安装。在安装完成之后返回在RetroPie安装主界面中在主菜单里选择SETUP在之后的二级菜单里你可以调整设置例如是否开机启动EmulationStation推荐打开以及是否允许欢迎界面。在我这里我两个都允许了因为我希望这个设备是一个独立的模拟游戏机。不过你需要了解的是即便你打开了EmulationStation开机自动启动你仍然可以ssh登录到机器上然后执行原始的RetroPie安装配置脚本来改变这个设置。
### 添加ROM ###
@ -46,11 +50,11 @@
### EmulationStation ###
重启完之后,当看到EmulationStation界面时应该会很高兴之后它会提示你设定控制杆游戏手柄或键盘按键这样就可以控制EmulationStation菜单了。不过注意一下这并不会影响手柄在游戏里的按键定义只是用于控制EmulationStation菜单的。在设定完手柄后你应该可以按下向右或向左方向键来切换不同的模拟器菜单了。在我这里我将会在游戏里用到手柄上的所有按钮所以我特别将另一个键盘上的键映射到菜单功能这样在我玩完一个游戏后不用重启树莓派就可以退出来。
重启完之后,你会很高兴地看到EmulationStation界面之后它会提示你设定控制杆游戏手柄或键盘按键这样就可以控制EmulationStation菜单了。不过注意一下这并不会影响手柄在游戏里的按键定义只是用于控制EmulationStation菜单的。在设定完手柄后你应该可以按下向右或向左方向键来切换不同的模拟器菜单了。在我这里我将会在游戏里用到手柄上的所有按钮所以我特别将另一个键盘上的键映射到菜单功能这样在我玩完一个游戏后不用重启树莓派就可以退出来。
EmulationStation只会显示已经侦测到ROM的模拟器所以如果你还没有拷贝ROM的话得先做这件事情然后可能还得重启一下才会有效果。而且默认情况下你的手柄没有为任何游戏做配置但是如果你在EmulationStation里一直按向右键足够多次以后会弹出输入设定界面你可以在里面映射手柄按键。有一个亮点是当你设定好按键后它会相应地应用到其他模拟器中。
就是这些了。在这之后,你可以浏览你收藏的各种游戏,然后按下绑定到确定的那个按键开始游戏。一开始我还担心树莓派可能不够强劲来玩我的游戏,但是直到现在,我试过地所有游戏都可以完美地运行。
就是这些了。在这之后,你可以浏览你收藏的各种游戏,然后按下绑定到确定的那个按键开始游戏。一开始我还担心树莓派可能不够强劲来玩我的游戏,但是直到现在,我试过地所有游戏都可以完美地运行。
### 资源 ###
@ -62,7 +66,7 @@ RetroPie安装文档[https://github.com/petrockblog/RetroPie-Setup][2]
via: http://www.linuxjournal.com/content/super-pi-brothers
译者:[zpl1025](https://github.com/zpl1025) 校对:[校对者ID](https://github.com/校对者ID)
译者:[zpl1025](https://github.com/zpl1025) 校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

26
translated/tech/20140714 Test read or write speed of usb and ssd drives with dd command on Linux.md → published/20140714 Test read or write speed of usb and ssd drives with dd command on Linux.md
View File

@ -2,17 +2,17 @@ Linux系统中使用 DD 命令测试 USB 和 SSD 硬盘的读写速度
================================================================================
### 磁盘驱动器速度 ###
磁盘驱动器的速度是以一个单位时间内读写数据量的多少来衡量的。DD 命令是一个简单的命令行工具,它可用对磁盘进行任意数据块的读取和写入,同时可以度量读取写入的速度。
磁盘驱动器的速度是以一个单位时间内读写数据量的多少来衡量的。DD 命令是一个简单的命令行工具,它可用对磁盘进行任意数据块的读取和写入,同时可以度量读取写入的速度。
在这篇文章中,我们将会使用 DD 命令来测试 USB 和 SSD 磁盘的读取和写入速度。
数据传输速度不但取决于驱动盘本身,而且还与连接的接口有关。比如, USB 2.0 端口的最大传输速度是 35 兆字节/秒,所以如果您把一个支持高速传输的 USB 3.0 驱动盘插入 USB 2.0 端口的话,它实际的传输速度将是 2.0 端口的下限。
数据传输速度不但取决于驱动盘本身,而且还与连接的接口有关。比如, USB 2.0 端口的最大传输速度是 35 兆字节/秒,所以如果您把一个支持高速传输的 USB 3.0 驱动盘插入 USB 2.0 端口的话,它实际的传输速度将是 2.0 端口的下限。
这对于 SSD 也是一样的。 SSD 连接的 SATA 端口有不同的类型。平均是 375 兆字节/秒的 SATA 2.0 端口理论上最大传输速度是 3 Gbit/秒,而 SATA 3.0 是这个速度的两倍。
### 测试方法 ###
挂载上驱动盘,终端进入此盘目录下。然后使用 DD 命令,首先写入固定大小块的一个文件,接着读取这个文件。
挂载上驱动盘,终端进入此盘目录下。然后使用 DD 命令,首先写入固定大小块的一个文件,接着读取这个文件。
DD 命令通用语法格式如下:
@ -22,11 +22,11 @@ DD 命令通用语法格式如下:
### 固态硬盘 ###
我们使用的是一块“三星 Evo 120G” 的固态硬盘。它性价比很高,很适合刚开始用固态硬盘的用户,也是我的第一块固态硬盘,并且在市场上表现的也非常不错
我们使用的是一块“三星 Evo 120G” 的固态硬盘。它性价比很高,很适合刚开始用固态硬盘的用户,也是我的第一块固态硬盘,并且也是市场上效果最好的固态硬盘之一
这次实验中,我们把硬盘接在 SATA 2.0 端口上。
#### 写入速度 ####
#### 写入速度 ####
首先让我们写入固态硬盘
@ -35,7 +35,7 @@ DD 命令通用语法格式如下:
1024+0 records out
1073741824 bytes (1.1 GB) copied, 4.82364 s, 223 MB/s
的大小实际上是相当大的。你可以尝试用更小的尺寸如 64 K甚至是 4K 的。
的大小实际上是相当大的。你可以尝试用更小的尺寸如 64K 甚至是 4K 的。
#### 读取速度 ####
@ -52,7 +52,7 @@ DD 命令通用语法格式如下:
165118+0 records out
676323328 bytes (676 MB) copied, 3.0114 s, 225 MB/s
在 Arch Linux 的维基页上有一整页的关于从同的厂商如英特尔、三星、Sandisk 等提供的各类固态硬盘的读/写速度的信息。点击如下的 url 可得到得到想着信息。
在 Arch Linux 的维基页上有一整页的关于不同的厂商如英特尔、三星、Sandisk 等提供的各类固态硬盘 读/写速度的信息。点击如下的 url 可以查看相关信息。
[https://wiki.archlinux.org/index.php/SSD_Benchmarking][1]
@ -60,7 +60,7 @@ DD 命令通用语法格式如下:
此次实验我们会测量普通的 USB/随身笔的读写速度。驱动盘都是接入标准的 USB 2.0 端口的。首先用的是一个 4GB 大小的 sony USB 驱动盘,随后用的是一个 16GB 大小的 strontium 驱动盘。
首先把驱动盘插入端口,并挂载上,使其可读。然后从命令行下面进入挂载的文件目录下。
首先把驱动盘插入端口,并挂载上,使其可读。然后从命令行下面进入挂载的文件目录下。
#### Sony 4GB - 写入 ####
@ -75,11 +75,11 @@ DD 命令通用语法格式如下:
#### Sony 4GB - 读取 ####
把相同的文件读取回来,测试速度。首先运行如下命令清除内存缓存
把相同的文件读取回来,测试速度。首先运行如下命令清除内存缓存
$ sudo sh -c "sync && echo 3 > /proc/sys/vm/drop_caches"
现在就可以使用 DD 命令来读取文件了
现在就可以使用 DD 命令来读取文件了
# dd if=./largefile of=/dev/null bs=8k
8000+0 records in
@ -92,7 +92,7 @@ DD 命令通用语法格式如下:
上面实验中, USB 驱动盘插入USB 2.0 端口,读取的速度达到了 24.7兆字节/秒,这是很不错的读速度。但写入速度就不敢恭维了。
下面让我们用 Strontium 的 16GB 的驱动盘来做相同的实验。虽然 Strontium 的 USB 驱动盘很稳定,但它也是一款很便宜的品牌。
下面让我们用 16GB 的 Strontium 驱动盘来做相同的实验。虽然 Strontium 的 USB 驱动盘很稳定,但它也是一款很便宜的品牌。
#### Strontium 16gb 盘写入速度 ####
@ -136,4 +136,4 @@ via: http://www.binarytides.com/linux-test-drive-speed/
[1]:http://wiki.archlinux.org/index.php/SSD_Benchmarking
[2]:http://en.wikipedia.org/wiki/USB
[e]:m00n.silv3r@gmail.com
[g]:http://plus.google.com/117145272367995638274/posts
[g]:http://plus.google.com/117145272367995638274/posts

16
translated/tech/20140718 Linux Kernel Testing and Debugging 4.md → published/20140718 Linux Kernel Testing and Debugging 4.md
View File

@ -1,4 +1,4 @@
Linux 内核测试和调试 - 4
Linux 内核测试和调试4
================================================================================
### 自动测试工具 ###
@ -38,11 +38,11 @@ Linux 内核本身包含很多调试功能,比如 kmemcheck 和 kmemleak。
#### kmemcheck ####
> kmemcheck 是一个动态检查工具可以检测出一些未被初始化的内存LCTT内核态使用这些内存可能会造成系统崩溃并发出警告。它的功能与 Valgrind 类似,只是 Valgrind 运行在用户态,而 kmemchecke 运行在内核态。编译内核时加上 CONFIG_KMEMCHECK 选项打开 kmemcheck 调试功能。你可以阅读 Documentation/kmemcheck.txt 来学习如何配置使用这个功能,以及如何看懂调试结果。
> kmemcheck 是一个动态检查工具可以检测出一些未被初始化的内存LCTT内核态使用这些内存可能会造成系统崩溃并发出警告。它的功能与 Valgrind 类似,只是 Valgrind 运行在用户态,而 kmemchecke 运行在内核态。编译内核时加上 `CONFIG_KMEMCHECK` 选项打开 kmemcheck 调试功能。你可以阅读 Documentation/kmemcheck.txt 来学习如何配置使用这个功能,以及如何看懂调试结果。
#### kmemleak ####
> kmemleak 通过类似于垃圾收集器的功能来检测内核是否有内存泄漏问题。而 kmemleak 与垃圾收集器的不同之处在于前者不会释放孤儿目标LCTT不会再被使用的、应该被释放而没被释放的内存区域而是将它们打印到 /sys/kernel/debug/kmemleak 文件中。用户态的 Valgrind 也有一个类似的功能,使用 --leak-check 选项可以检测并报错内存泄漏问题,但并不释放这个孤儿内存。编译内核时使用 CONFIG_DEBUG_KMEMLEAK 选项打开 kmemcleak 调试功能。阅读 Documentation/kmemleak.txt 来学习怎么使用这个工具并读懂调试结果。
> kmemleak 通过类似于垃圾收集器的功能来检测内核是否有内存泄漏问题。而 kmemleak 与垃圾收集器的不同之处在于前者不会释放孤儿目标LCTT不会再被使用的、应该被释放而没被释放的内存区域而是将它们打印到 /sys/kernel/debug/kmemleak 文件中。用户态的 Valgrind 也有一个类似的功能,使用 --leak-check 选项可以检测并报错内存泄漏问题,但并不释放这个孤儿内存。编译内核时使用 `CONFIG_DEBUG_KMEMLEAK` 选项打开 kmemcleak 调试功能。阅读 Documentation/kmemleak.txt 来学习怎么使用这个工具并读懂调试结果。
### 内核调试接口 ###
@ -54,13 +54,13 @@ Linux 内核通过配置选项、调试用的 API、接口和框架来支持动
### 调试的 API ###
调试 API 的一个很好的例子是 DMA-debug用来调试驱动是否错误使用了 DMA 提供的 API。它会跟踪每个设备的映射关系检测程序有没有试图为一些根本不存在的映射执行“取消映射”操作检测代码建立 DMA 映射后可能产生的“映射丢失”的错误。内核配置选项 CONFIG_HAVE_DMA_APT_DEBUG 和 CONFIG_DMA_API_DEBUG 可以为内核提供这个功能。其中CONFIG_DMA_API_DEBUG 选项启用后,内核调用 DMA 的 API 的同时也会调用 Debug-dma 接口。举例来说,当一个驱动调用 dma_map_page() 函数来映射一个 DMA 缓存时dma_map_page() 会调用debug_dma_map_page() 函数来跟踪这个缓存,直到驱动调用 dma_unmap_page() 来取消映射。详细内容请参考[使用 DMA 调试 API 检测潜在的数据污染和内存泄漏问题][3]。
调试 API 的一个很好的例子是 DMA-debug用来调试驱动是否错误使用了 DMA 提供的 API。它会跟踪每个设备的映射关系检测程序有没有试图为一些根本不存在的映射执行“取消映射”操作检测代码建立 DMA 映射后可能产生的“映射丢失”的错误。内核配置选项 `CONFIG_HAVE_DMA_APT_DEBUG``CONFIG_DMA_API_DEBUG` 可以为内核提供这个功能。其中,`CONFIG_DMA_API_DEBUG` 选项启用后,内核调用 DMA 的 API 的同时也会调用 Debug-dma 接口。举例来说,当一个驱动调用 `dma_map_page()` 函数来映射一个 DMA 缓存时,`dma_map_page()` 会调用`debug_dma_map_page()` 函数来跟踪这个缓存,直到驱动调用 `dma_unmap_page()` 来取消映射。详细内容请参考[使用 DMA 调试 API 检测潜在的数据污染和内存泄漏问题][3]。
### 动态调试 ###
动态调试功能就是你可以决定在程序运行过程中是否要 pr_debug(), dev_dbg(), print_hex_dump_debug(), print_hex_dump_bytes() 这些函数正常运行起来。什么意思?当程序运行过程中出现错误时,你可以指定程序打印有针对性的、详细的调试信息。这功能牛逼极了,我们不再需要为了添加调试代码定位一个问题,而重新编译安装内核。你可以指定 CONDIF_DYNAMIC_DEBUG 选项打开动态调试功能,然后通过 /sys/kernel/debug/dynamic_debug/control 接口指定要打印哪些调试日志。下面分别列出代码级别和模块级别打印日志的操作方法:
动态调试功能就是你可以决定在程序运行过程中是否要 `pr_debug()`, `dev_dbg()`, `print_hex_dump_debug()`, `print_hex_dump_bytes()` 这些函数正常运行起来。什么意思?当程序运行过程中出现错误时,你可以指定程序打印有针对性的、详细的调试信息。这功能牛逼极了,我们不再需要为了添加调试代码定位一个问题,而重新编译安装内核。你可以指定 `CONDIF_DYNAMIC_DEBUG` 选项打开动态调试功能,然后通过 `/sys/kernel/debug/dynamic_debug/control` 接口指定要打印哪些调试日志。下面分别列出代码级别和模块级别打印日志的操作方法:
让 kernel/power/suspend.c 源码第340行的 pr_debug() 函数打印日志:
让 kernel/power/suspend.c 源码第340行的 `pr_debug()` 函数打印日志:
echo 'file suspend.c line 340 +p' > /sys/kernel/debug/dynamic_debug/control
@ -72,7 +72,7 @@ Linux 内核通过配置选项、调试用的 API、接口和框架来支持动
> 编辑 /etc/modprobe.d/modname.conf 文件(没有这个文件就创建一个),添加 dyndbg='plmft' 选项。然而对于哪些通过 initramfs 加载的驱动来说这个配置基本无效LCTT免费奉送点比较高级的知识哈。系统启动时需要先让 initramfs 挂载一个虚拟的文件系统,然后再挂载启动盘上的真实文件系统。这个虚拟文件系统里面的文件是 initramfs 自己提供的,也就是说你在真实的文件系统下面配置了 /etc/modprobe.d/modname.conf 这个文件initramfs 是压根不去理会的。站在内核驱动的角度看:如果内核驱动在 initramfs 过程中被加载到内核,这个驱动读取到的 /etc/modprobe.d/modname.conf 是 initramfs 提供的,而不是你编辑的那个。所以会有上述“写了配置文件后重启依然无效”的结论)。对于这种刁民,呃,刁驱动,我们需要修改 grub 配置文件,在 kernel 那一行添加 module.dyndbg='plmft' 参数,这样你的驱动就可以开机启动动态调试功能了。
想打印更详细的调试信息,可以使用 dynamic_debug.verbose=1 选项。参考 Documentation/dynamic-debug-howto.txt 文件获取更多信息。
想打印更详细的调试信息,可以使用 `dynamic_debug.verbose=1` 选项。参考 Documentation/dynamic-debug-howto.txt 文件获取更多信息。
### 设置追踪点 ###
@ -135,7 +135,7 @@ Linux 内核通过配置选项、调试用的 API、接口和框架来支持动
via:http://www.linuxjournal.com/content/linux-kernel-testing-and-debugging?page=0,3
译者:[bazz2](https://github.com/bazz2) 校对:[校对者ID](https://github.com/校对者ID)
译者:[bazz2](https://github.com/bazz2) 校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

4
translated/tech/20140718 Linux Kernel Testing and Debugging 5.md → published/20140718 Linux Kernel Testing and Debugging 5.md
View File

@ -1,4 +1,4 @@
Linux 内核测试和调试 - 5
Linux 内核测试和调试5
================================================================================
### 仿真环境下进行 Linux 电源管理子系统测试 ###
@ -85,6 +85,6 @@ git bisect 是一个非常有用非常强大的工具,用于将 git 上的一
via: http://www.linuxjournal.com/content/linux-kernel-testing-and-debugging?page=0,4
译者:[bazz2](https://github.com/bazz2) 校对:[校对者ID](https://github.com/校对者ID)
译者:[bazz2](https://github.com/bazz2) 校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

6
translated/tech/20140718 Linux Kernel Testing and Debugging 6.md → published/20140718 Linux Kernel Testing and Debugging 6.md
View File

@ -1,4 +1,4 @@
Linux 内核的测试和调试 - 6
Linux 内核的测试和调试6
================================================================================
### Linux 内核补丁测试 ###
@ -12,7 +12,7 @@ Linux 内核的测试和调试 - 6
如果你对你的补丁测试结果感到很满意,你就可以提交补丁了。请确保提交 commit 的信息要描述得非常清楚。要让内核维护者和其他开发者看懂补丁所修改的内容,这一点非常重要。生成补丁后,执行 scripts/checkpatch.pl 脚本,找到 checkpatch 是产生的错误或警告(如果有的话),修复它们。重新生成补丁,直到补丁通过这个脚本的测试。重新测试这个补丁。将本补丁用于其他的内核源码上,保证不会有冲突产生。
现在你做好提交补丁的准备了。先运行 scriptst/get_maintainer.pl 来确认你应该把补丁发给哪个内核维护者。注意不要以附件形式发送补丁,而是以纯文本形式粘贴在邮件里面。确保你的邮件客户端可以发送纯文本信息,你可以试试给自己发送一份补丁邮件来测试你的邮件客户端的功能。收到自己的邮件后,运行 checkpatch 命令并给自己的内核源码打上你的补丁。如果这两部都能通过,你就可以给 Linux 邮箱列表发送补丁了。使用 git send-email 命令是提交补丁最安全的方式,可以避免你的邮箱的兼容性问题。你的 .gitconfig 文件里面需要配置好有效的 smtp 服务器,详细操作参考 git 的帮助文档。
现在你做好提交补丁的准备了。先运行 `scriptst/get_maintainer.pl` 来确认你应该把补丁发给哪个内核维护者。注意不要以附件形式发送补丁,而是以纯文本形式粘贴在邮件里面。确保你的邮件客户端可以发送纯文本信息,你可以试试给自己发送一份补丁邮件来测试你的邮件客户端的功能。收到自己的邮件后,运行 checkpatch 命令并给自己的内核源码打上你的补丁。如果这两部都能通过,你就可以给 Linux 邮箱列表发送补丁了。使用 git send-email 命令是提交补丁最安全的方式,可以避免你的邮箱的兼容性问题。你的 .gitconfig 文件里面需要配置好有效的 smtp 服务器,详细操作参考 git 的帮助文档。
更多提交补丁的规矩,请参考下面的资料:
@ -111,7 +111,7 @@ Shuah Khan 是三星公司开源组的高级 Linux 内核开发工程师。
via: http://www.linuxjournal.com/content/linux-kernel-testing-and-debugging?page=0,5
译者:[bazz2](https://github.com/bazz2) 校对:[校对者ID](https://github.com/校对者ID)
译者:[bazz2](https://github.com/bazz2) 校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

10
translated/news/20140722 Budgie Desktop 5.1 Is a Superb New Desktop Environment for Conservative Users.md → published/20140722 Budgie Desktop 5.1 Is a Superb New Desktop Environment for Conservative Users.md
View File

@ -1,14 +1,14 @@
Budgie桌面5.1 对保守的用户来说是一个极好的新桌面环境
Budgie桌面5.1 :给保守用户的超好桌面环境
================================================================================
![](http://i1-news.softpedia-static.com/images/news2/Budgie-Desktop-5-1-Is-a-Superb-New-Desktop-Environment-For-Conservative-Users-451477-2.jpg)
**Evolve OS的开发者Ikey Doherty制作了这款叫做Budgie Desktop的新桌面环境并且发布了它的新版本。**
Evolve OS还没有发布但开发者正积极地进行关于它的工作。系统中并没有采用一个现有的桌面环境,他决定最好还是制作一个自己的。这个桌面基于GNOME并用了不少GNOME的包但它看起来却截然不同。事实上它使用了与MATE和Cinnamon桌面相同的模式尽管Budgie似乎更有现代感更优美一些。
Evolve OS还没有发布但开发者正积极地进行关于它的工作。系统中并没有采用任何现有的桌面环境,他们决定最好还是制作一个自己的。这个桌面基于GNOME并用了不少GNOME的包但它看起来却截然不同。事实上它使用了与MATE和Cinnamon桌面相同的模式尽管Budgie似乎更有现代感更优美一些。
有趣的是,桌面这个关键的技术部分却先于其将要服务的操作系统发布了,但是潜在的用户完全不必惊讶。由此也出现了可用于Ubuntu 14.04 LTS 和Ubuntu 14.10的[PPA][1]但这不是官方的。Arch Linux用户也将还会在AUR库中发现新的桌面环境。
有趣的是,桌面这个关键的技术部分却先于其将要服务的操作系统发布了,但是对此感兴趣的用户完全不必惊讶。由此也出现了可用于Ubuntu 14.04 LTS 和Ubuntu 14.10的[PPA][1]但这不是官方的。Arch Linux用户也将还会在AUR库中发现新的桌面环境。
“从V4版本以来几乎所有的改变都与面板有关。它已被使用Vala语言重写这降低了维护开销也大大降低了新贡献者进入的门槛。所以如果你使用OBS的话当你希望是今天在OBS上获取到更新或者对Evolve OS用户你已经安装了更新你将只能感觉到很小的视觉差异。我的想法是不去改变外观而是重写代码来使它更好些。”
“从V4版本以来几乎所有的改变都与面板有关。它已被使用Vala语言重写这降低了维护开销也大大降低了新贡献者进入的门槛。所以如果你使用OBS的话当你希望是今天在OBS上获取到更新或者对Evolve OS用户你已经安装了更新你将只能感觉到很小的视觉差异。我的想法是不去改变外观而是重写代码来使它更好些。”
“将它重写成Vala语言的程序付出了很多努力但马上就会见到成效。将来桌面整个都将会用Vala重写成为第二次写——第二次我们会做的更好”Ikey Doherty在发布[公告][2]中这样说。
@ -30,7 +30,7 @@ via: http://news.softpedia.com/news/Budgie-Desktop-5-1-Is-a-Superb-New-Desktop-E
原文作者:[Silviu Stahie][a]
译者:[linuhap](https://github.com/linuhap) 校对:[校对者ID](https://github.com/校对者ID)
译者:[linuhap](https://github.com/linuhap) 校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

18
translated/tech/20140723 How to configure chroot SFTP in Linux.md → published/20140723 How to configure chroot SFTP in Linux.md
View File

@ -1,12 +1,12 @@
Linux中为SFTP配置chroot环境
Linux 中为非 SSH 用户配置 SFTP 环境
================================================================================
在**某些环境**中,系统管理员想要允许极少数用户传输文件到Linux盒子中而非ssh。要实现这一目的,我们可以使用**SFTP**并为其构建chroot环境。
在**某些环境**中,系统管理员想要允许极少数用户在可以传输文件到Linux机器中但是不允许使用 SSH。要实现这一目的,我们可以使用**SFTP**并为其构建chroot环境。
### SFTP & chroot背景 ###
**SFTP**是**SSH文件传输协议SSH File Transfer protocol或安全文件传输协议Secure File Transfer Protocol**,它提供了任何可信数据流下的文件访问、文件传输以及文件管理功能。当我们为SFTP配置chroot环境后只有被许可的用户可以访问并被限制到它们的**家目录**中,或者我们可以这么说:被许可的用户将处于牢笼环境中,在此环境中它们甚至不能切换它们的目录。
**SFTP**是**SSH文件传输协议SSH File Transfer protocol或安全文件传输协议Secure File Transfer Protocol**它提供了可信数据流下的文件访问、文件传输以及文件管理功能。当我们为SFTP配置chroot环境后只有被许可的用户可以访问并被限制到他们的**家目录**中,换言之:被许可的用户将处于牢笼环境中,在此环境中它们甚至不能切换它们的目录。
在本文中,我们将配置**RHEL 6.X** & **CentOS 6.X中的SFTP Chroot环境**。我们开启一个用户帐号‘**Jack**该用户将被允许在Linux盒子上传输文件但没有ssh访问权限。
在本文中,我们将配置**RHEL 6.X** **CentOS 6.X中的SFTP Chroot环境**。我们开启一个用户帐号‘**Jack**该用户将被允许在Linux机器上传输文件但没有ssh访问权限。
### 步骤1 创建组 ###
@ -14,7 +14,7 @@
### 步骤2 分配附属组(sftp_users)给用户 ###
如果用户在系统上不存在,使用以下命令创建:
如果用户在系统上不存在,使用以下命令创建 LCTT 译注:这里给用户指定了一个不能登录的 shell以防止通过 ssh 登录)
[root@localhost ~]# useradd -G sftp_users -s /sbin/nologin jack
[root@localhost ~]# passwd jack
@ -23,7 +23,7 @@
[root@localhost ~]# usermod G sftp_users -s /sbin/nologin jack
**注意**:如果你想要修改用户的**默认家目录**那么在useradd和usermod命令中使用**-d**’选项,并设置**合适的权限**。
**注意**:如果你想要修改用户的**默认家目录**,那么可以在useradd和usermod命令中使用**-d**’选项,并设置**合适的权限**。
### 步骤3 现在编辑配置文件 “/etc/ssh/sshd_config” ###
@ -33,7 +33,7 @@
Subsystem sftp internal-sftp
# add Below lines at the end of file
Match Group sftp_users
Match Group sftp_users
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory %h
@ -42,7 +42,7 @@
#### 此处: ####
- **Match Group sftp_users** 该参数指定以下的行将仅仅匹配sftp_users组中的用户
- **ChrootDirectory %h** 该参数指定用户验证后用于chroot环境的路径默认的用户家目录。对于Jack该路径就是/home/jack。
- **ChrootDirectory %h** 该参数指定用户验证后用于chroot环境的路径默认的用户家目录。对于用户 Jack该路径就是/home/jack。
- **ForceCommand internal-sftp** 该参数强制执行内部sftp并忽略任何~/.ssh/rc文件中的命令。
重启ssh服务
@ -82,7 +82,7 @@ via: http://www.linuxtechi.com/configure-chroot-sftp-in-linux/
原文作者:[Pradeep Kumar][a]
译者:[GOLinux](https://github.com/GOLinux) 校对:[校对者ID](https://github.com/校对者ID)
译者:[GOLinux](https://github.com/GOLinux) 校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

4
translated/tech/20140729 Linux FAQs with Answers--How to check which fonts are used in a PDF document.md → published/20140729 Linux FAQs with Answers--How to check which fonts are used in a PDF document.md
View File

@ -1,4 +1,4 @@
Linux常见问题及答案——如何检查PDF文档中使用了哪种字体
Linux有问必答如何检查PDF中使用了哪种字体
================================================================================
>**问题**我想要知道PDF文件中使用了什么字体或者嵌入了什么字体。Linux中有工具可以检查PDF文档中使用了哪种字体吗
@ -34,6 +34,6 @@ Linux常见问题及答案——如何检查PDF文档中使用了哪种字体
via: http://ask.xmodulo.com/check-which-fonts-are-used-pdf-document.html
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

0
translated/tech/20140730 How to use variables in shell Scripting.md → published/20140730 How to use variables in shell Scripting.md
View File

17
translated/talk/20140731 Top 10 Free Linux Games.md → published/20140731 Top 10 Free Linux Games.md
View File

@ -1,4 +1,4 @@
排名前十的 Linux 免费游戏
10大 Linux 免费游戏
================================================================================
假如当你考虑从 Windows 平台迁移至 Linux 平台时,“我能在 Linux 平台上游戏吗?”这类疑问正困扰着你,那么对此这有一个答案就是 ———— “快去 Linux 平台吧!”。感谢开源组织一直以来坚持不懈为 Linux 操作系统开发不同类型的游戏,还有从不缺乏好的商业游戏,并且在 Linux 平台下游戏时的乐趣完全不亚于其他几个平台(比如 Windows 平台)的在线数字发行平台 ———— Steam。
@ -15,6 +15,7 @@
《军团要塞 2》已经收到了许多称赞性评论与大奖这主要跟它充满艺术的表现手法、游戏的平衡性、幽默感以及图像风格有关。与其他游戏如使命召唤、半条命采取极度真实的画面不同这款游戏的设定看起来像是把卡通元素带进了世界中。
** 游戏介绍 **:和原版游戏一样,《军团要塞 2》围绕两支相互对立的队伍进行红队可信赖的拆迁队与蓝队建筑者联合团体两队都为了以战斗为基础的主要目标相互竞争。
玩家可以选择九种角色,分别是侦察兵、士兵、火焰兵、爆破兵、重装兵、工程师、医疗兵、狙击手和间谍,每一个角色都有其独特的武器、优势与弱点。
#### 系统需求: ####
@ -61,7 +62,7 @@
![](http://mylinuxbook.com/wp-content/uploads/2014/07/Dota-2.jpg)
《Dota 2》《Dota》的续作是一款由 Valve 公司开发的多人在线战术竞技类Multiplayer Online Battle ArenaMOBA电子游戏。《DOTA 2》发行时就完全免费于 2013 年 7 月 9 日发行 Windows 版,于 2013 年 7 月 18 日发行 Linux 版,并且只能通过 Valve 的在线数字发行平台 Steam 进行游戏。Dota 2 因为其令人愉悦的游戏体验和大幅提高的游戏品质得到了电子游戏评论家的热烈称赞。尽管 Dota 2 也因为其陡峭的学习曲线受到批评。
《Dota 2》《Dota》的续作是一款由 Valve 公司开发的多人在线战术竞技类Multiplayer Online Battle ArenaMOBA电子游戏。《DOTA 2》发行时就完全免费于 2013 年 7 月 9 日发行 Windows 版,于 2013 年 7 月 18 日发行 Linux 版,并且只能通过 Valve 的在线数字发行平台 Steam 进行游戏。Dota 2 因为其令人愉悦的游戏体验和大幅提高的游戏品质得到了电子游戏评论家的热烈称赞。尽管 Dota 2 也因为其陡峭的学习曲线受到批评。
** 游戏介绍 **:每一场标准的 Dota 2 比赛都是独立的,同时由 2 支相互敌对的团体参与,天辉和夜魇,每个团队均由 5 名玩家组成。每个团队占据地图的一角作为大本营每个团队的大本营上均有一座被称作“远古神迹”的建筑存在。为了赢得游戏任意一方团队必须摧毁对方的远古神迹。Dota 2 中有 9 种游戏模式与 107 个英雄可供挑选。每名玩家控制一位英雄,通过升级、获取物品、收集金币还有击败敌对团队以获取胜利。
@ -113,7 +114,7 @@
《Urban Terror》缩写作 UrT是一款由 FrozenSand 开发的免费多人 FPS 电子游戏。游戏于 2007 年作为免费独立游戏发行,使用 ioquake3某游戏引擎项目作为一个纯净基础包向更多的图像和音频特性提供改进支持作为引擎。
正如这款官方游戏格言‘现实的乐趣’所述,它是一个包很好的产品同时安装简便、画质优良、依赖需求少并且游戏非常平衡这些特色使这款游戏成为了独一无二的、令人享受并且吸引人的游戏。2007 年的 Mod DB 上Urban Terror 被提名为年度 Mod 奖。
正如这款官方游戏格言‘现实的乐趣’所述,它是一个包很好的产品同时安装简便、画质优良、依赖需求少并且游戏非常平衡这些特色使这款游戏成为了独一无二的、令人享受并且吸引人的游戏。2007 年的 Mod DB 上Urban Terror 被提名为年度 Mod 奖。
** 游戏介绍 **:这款游戏被标为“好莱坞战术射击游戏”,具有多种游戏的混合元素,例如:《雷神之锤 III 竞技场》、《虚幻竞技场》以及《反恐精英》。这款 Mod 通过一系列改变使得游戏更加真实,比如武器和现实中的类似,具有后坐力,射击时精准度会下降,并且当弹药库用完时需要重新填装。伤害同样现实化了,比如伤口需要包扎,腿伤或脚伤会拖慢玩家的速度。
@ -262,9 +263,9 @@
《Tremulous》是一款免费开源的游戏包含有团队 FPS 模式与即时战略元素。游戏由 Dark Legion Development 在 ioquake2 游戏引擎的基础上开发,于 2005 年 8 月 11 日发行。尽管游戏的起源是雷神 3 的一个 mod但最后却独立出来了。
《Tremulous》荣获了 Mod Database 举办的 2006 年 “年度 Mod” 颁奖典礼中的 “玩家评选的年度最佳独立游戏” 奖项,同时也获得了 Planet Quake 网站玩家投票的第一个“以雷神引擎开的基于 GPL 协议的最佳免费游戏”。
《Tremulous》荣获了 Mod Database 举办的 2006 年 “年度 Mod” 颁奖典礼中的 “玩家评选的年度最佳独立游戏” 奖项,同时也获得了 Planet Quake 网站玩家投票的第一个“以雷神引擎开的基于 GPL 协议的最佳免费游戏”。
** 游戏介绍 **:游戏背景可推测设定在未来,在那个时代人类与蜘蛛外形的外星人进行战斗。玩家可以在两个仅有的种族,人类与外星人,中选择自己的种族,每个种族的玩家都可以像即时战略游戏一样在游戏中进行建筑。其中最重要的建筑是重生点,重生点允许死亡的队友重新加入游戏。
** 游戏介绍 **:游戏背景可推测设定在未来,在那个时代人类与蜘蛛外形的外星人进行战斗。玩家可以在两个仅有的种族——人类与外星人——中选择自己的种族,每个种族的玩家都可以像即时战略游戏一样在游戏中进行建筑。其中最重要的建筑是重生点,重生点允许死亡的队友重新加入游戏。
#### 系统需求: ####
@ -349,9 +350,9 @@
![](http://mylinuxbook.com/wp-content/uploads/2014/07/open-arena.jpg)
《开放竞技场》是一款开源的多人 FPS 类游戏,基于由 id tech 3 引擎 fork 的 ioquake3 开发而来。游戏由 OpenArena 团队开发,并且遵守 GPLv2GNU General Public License V2.0协议。游戏官方网站的下载版本包括 GNU/LinuxMicrosoft Windows 以及 Mac OS X 操作系统的对应版,同样支持诸如 Debian、Gentoo、Fedora、Arch、Mandriva 还有 Ubuntu 等 Linux 发行版。开放竞技场是一款可以离线或者在线进行的免费游戏,玩家也可以自己架设局域网或者 Internet 服务器。
《开放竞技场》是一款开源的多人 FPS 类游戏,基于由 id tech 3 引擎 fork 的 ioquake3 开发而来。游戏由 OpenArena 团队开发,并且遵守 GPLv2协议。游戏官方网站的下载版本包括 GNU/LinuxMicrosoft Windows 以及 Mac OS X 操作系统的对应版,同样支持诸如 Debian、Gentoo、Fedora、Arch、Mandriva 还有 Ubuntu 等 Linux 发行版。开放竞技场是一款可以离线或者在线进行的免费游戏,玩家也可以自己架设局域网或者 Internet 服务器。
** 游戏介绍 **:《开放竞技场》几乎和《雷神 III 竞技场》一样:通过杀敌得分获得游戏胜利,在不同的场景下可以使用一系列为平衡游戏所设计的武器。每场竞赛都有其独特的“竞技场”,地图上玩家们互相残杀;游戏包含多种游戏类型:死亡竞赛、锦标赛、团队死亡竞赛,还有夺旗模式。由于暴力以及成人因素,这款游戏并不适于 17 岁以下的孩子。
** 游戏介绍 **:《开放竞技场》几乎和《雷神 III 竞技场》一样:通过杀敌得分获得游戏胜利,在不同的场景下可以使用一系列为平衡游戏所设计的武器。每场竞赛都有其独特的“竞技场”,地图上玩家们互相残杀;游戏包含多种游戏类型:死亡竞赛、锦标赛、团队死亡竞赛,还有夺旗模式。由于暴力以及成人因素,这款游戏由于其暴力程度并不适于 17 岁以下的孩子。
#### 系统需求: ####
@ -478,7 +479,7 @@ via: http://mylinuxbook.com/top-10-free-linux-games/
作者:[Himanshu Arora][a]
译者:[SteveArcher](https://github.com/SteveArcher)
校对:[校对者ID](https://github.com/校对者ID)
校对:[ wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

0
translated/tech/20140807 Linux FAQs with Answers--How to fix 'fatal error--jsoncpp or json or json.h--No such file or directory'.md → published/20140807 Linux FAQs with Answers--How to fix 'fatal error--jsoncpp or json or json.h--No such file or directory'.md
View File

24
translated/tech/20140818 How To Schedule A Shutdown In Ubuntu 14.04 [Quick Tip].md → published/20140818 How To Schedule A Shutdown In Ubuntu 14.04 [Quick Tip].md
View File

@ -1,31 +1,31 @@
如何安排你的Ubuntu 14.04自动关机[快速技巧]
[快速技巧]如何设定你的 Ubuntu 14.04 自动关机
===
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2014/08/Schedule_Shutdown_Ubuntu.jpeg)
当你系统还在运行某些程序的时候,无法关闭计算机但是你又不能让计算机跑个一整夜可能你会发现你曾面临相似的处境因为刚刚提到的问题你需要在Ubuntu或者其余Linux系统下安排计算机关机
当你系统还在运行某些程序的时候,无法关闭计算机但是你又不能让计算机跑一整夜可能你会发现你曾面临相似的处境你需要在Ubuntu或者其它Linux系统下设定计算机自动关机。
在这篇文章中我们就来看看如何使用GUI或者在CLI下安排你的Ubuntu关机
在这篇文章中我们就来看看如何使用GUI或者在CLI下设定你的Ubuntu关机.
### 使用EasyShutdown安排你的Ubuntu关机 ###
### 使用EasyShutdown设定你的Ubuntu关机 ###
EasyShutdown是一个轻量级的应用程序它提供给你简洁的GUI你可以很容易就能安排你的Ubuntu关机。你可以在[EasyShutdown的launchpad页面下载.deb文件][1]。只要双击它就可以安装了。默认情况下它会打开Ubuntu Software Center
EasyShutdown是一个轻量级的应用程序它提供给你简洁的GUI你可以很容易就能设定你的Ubuntu关机。你可以在[EasyShutdown的launchpad页面下载.deb文件][1]。只要双击它就可以安装了。默认情况下它会打开Ubuntu Software Center
安装完成从Unity Dash启动它。界面非常简单你只需要提供你想关机的时间就可以了。举个例子如果你想在03:30 AM关机像下那样操作:
安装完成从Unity Dash启动它。界面非常简单你只需要提供你想关机的时间就可以了。举个例子如果你想在03:30 AM关机像下那样操作:
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2014/08/Schedule_Shudown_Ubuntu.jpeg)
请注意EasyShutdown并没有后台程序或者系统托盘所以你必须让它一直运行否则将不能正常工作。但EasyShutdown的优点是它会在你安排关机时间的前一分钟通知你那样你就可以选择停止它
请注意EasyShutdown并没有后台程序或者系统托盘所以你必须让它一直运行否则将不能正常工作。但EasyShutdown的优点是它会在你安排关机时间的前一分钟通知你那样你就可以选择停止它
### 使用命令行安排Ubuntu关机 ###
### 使用命令行设定Ubuntu关机 ###
使用命令行选项来**安排Ubuntu关机**同样很简单。你要做的就是使用“shutdown”命令。举个例子想在03:30 AM关机你可以使用下面的命令
sudo shutdown -h 03:30
sudo shutdown -h 03:30
注意,你必须一直运行这个命令。所以要么保持这个终端,要么在后台运行
注意,你必须一直运行这个命令。所以要么保持这个终端,要么在后台运行
我希望这些快速技巧可以帮助你们,学会如何安排Ubuntu或者其余Linux系统比如Linux Mint自动关机。欢迎你们提出问题或者建议
我希望这些快速技巧可以帮助您学会如何设定Ubuntu或者其余Linux系统自动关机比如Linux Mint。如有问题或者建议欢迎您随时提出。
---
@ -33,7 +33,7 @@ via: http://itsfoss.com/schedule-shutdown-ubuntu/
作者:[Abhishek][a]
译者:[su-kaiyao](https://github.com/su-kaiyao)
校对:[校对者ID](https://github.com/校对者ID)
校对:[Caroline](https://github.com/carolinewuyan)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

41
sources/news/20140826 Munich Council--LiMux Demise Has Been Greatly Exaggerated.md Normal file
View File

@ -0,0 +1,41 @@
[sailing]
Munich Council: LiMux Demise Has Been Greatly Exaggerated
================================================================================
![LiMux Munich City Councils Official OS](http://www.omgubuntu.co.uk/wp-content/uploads/2014/07/limux-4-kde-desktop.jpg)
LiMux Munich City Councils Official OS
A Munich city council spokesman has attempted to clarify the reasons behind its [plan to re-examine the role of open-source][1] software in local government IT systems.
The response comes after numerous German media outlets revealed that the citys incoming mayor has asked for a report into the use of LiMux, the open-source Linux distribution used by more than 80% of municipalities.
Reports quoted an unnamed city official, who claimed employees were suffering from having to use open-source software. Others called it an expensive failure, with the deputy mayor, Josef Schmid, saying the move was driven by ideology, not financial prudence.
With Munich often viewed as the poster child for large Linux migrations, news of the potential renege quickly went viral. Now council spokesman Stefan Hauf has attempted to bring clarity to the situation.
### Plans for the future ###
Hauf confirms that the citys new mayor has requested a review of the citys IT systems, including its choice of operating systems. But the report is not, as implied in earlier reports, solely tasked with deciding whether to return to using Microsoft Windows.
**“Its about the organisation, the costs, performance and the usability and satisfaction of the users,”** [Techrepublic][2] quote him as saying.
**“[It's about gathering the] facts so we can decide and make a proposal for the city council how to proceed in future.”**
Hauf also confirms that council staff have, and do, complain about LiMux, but that the majority of issues stem from compatibility issues in OpenOffice, something a potential switch to LibreOffice could solve.
So is Munich about to switch back to Windows? As we said in our original coverage: its just too early to say, but its not being ruled out.
No final date for the reports recommendations is yet set, and any binding decision on Munichs IT infrastructure will need to be made by its elected members, the majority of whom are said to support the LiMux initiative.
--------------------------------------------------------------------------------
via: http://www.omgubuntu.co.uk/2014/08/munich-council-say-talk-limux-demise-greatly-exaggerated
作者:[Joey-Elijah Sneddon][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:https://plus.google.com/117485690627814051450/?rel=author
[1]:http://www.omgubuntu.co.uk/2014/08/munich-city-linux-switching-back-windows
[2]:http://www.techrepublic.com/article/no-munich-isnt-about-to-ditch-free-software-and-move-back-to-windows/

41
sources/news/Munich Council- LiMux Demise Has Been Greatly Exaggerated.md Normal file
View File

@ -0,0 +1,41 @@
慕尼黑市议会称: LiMux 项目的死讯被过分夸大了
================================================================================
![LiMux 慕尼黑市议会的官方操作系统](http://www.omgubuntu.co.uk/wp-content/uploads/2014/07/limux-4-kde-desktop.jpg)
LiMux - 慕尼黑市议会的官方操作系统
慕尼黑市议会的新闻发言人试图澄清其[计划重新审视当地政府 IT 系统使用的所有开源软件][1]的背后原因。
大量德国媒体披露,“慕尼黑市新任市长要求提交一份关于 LiMux 使用率的报告”LiMux是一个在该市超过 80% 的市政府部门中使用的开源 Linux 发行版 ,慕尼黑市议会新闻发言人正是针对这条新闻所做的反应。
该报告引用了一位不愿透露姓名的市政府官员的话,他声称政府雇员在使用开源软件时“非常痛苦”,还有人人称其为“昂贵的失败”。副市长 Josef Schmid 说,(更换到开源系统)这件事是“意识形态驱使的”,并非理性的财务行为。
过去被看成是大规模迁移 Linux 的典范的慕尼黑市,如今这个背道而驰的新闻迅速像病毒一样扩散开来。现在市议会的新闻发言人 Stefan Hauf 正试着澄清这件事。
### “未来计划” ###
Hauf 确认了新任市长要求重新审查城市 IT 系统以及操作系统选择的事,但这份报告的目的并不像之前报道中暗示的那样仅仅是为了决定什么时候退回到 Microsoft Windows。
**“这是有关机构、经费、性能和可用性以及用户满意度的事,”** [Techrepublic][2] 引用了他的言辞。
**“(这仅仅是在收集)现实情况,为我们决定市议会今后该如何处理提供依据。”**
Hauf 同时也确认了市议会员工的确抱怨过 LiMux但是主要集中在 OpenOffice 的兼容性问题上,有些问题只要换到 LibreOffice 就能解决。
那么,慕尼黑市会用回 Windows 吗?正如我们在之前的报道中所说:不能排除这种可能,但是现在下结论还太早。
目前该报告所建议的截止日期还没定,任何和慕尼黑 IT 基础设施相关的决定都需要由他们自己投票决定,主流选民目前抱有“支持” LiMux 的态度。
--------------------------------------------------------------------------------
via: http://www.omgubuntu.co.uk/2014/08/munich-council-say-talk-limux-demise-greatly-exaggerated
作者:[Joey-Elijah Sneddon][a]
译者:[sailing](https://github.com/sailing)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:https://plus.google.com/117485690627814051450/?rel=author
[1]:http://www.omgubuntu.co.uk/2014/08/munich-city-linux-switching-back-windows
[2]:http://www.techrepublic.com/article/no-munich-isnt-about-to-ditch-free-software-and-move-back-to-windows/

1
sources/talk/20140819 KDE Plasma 5--For those Linux users undecided on the kernel' s future.md
View File

@ -1,3 +1,4 @@
[Translating by SteveArcher]
KDE Plasma 5—For those Linux users undecided on the kernels future
================================================================================
> Review—new release straddles traditional desktop needs, long term multi-device plans.

67
sources/talk/20140825 China Will Change The Way All Software Is Bought And Sold.md Normal file
View File

@ -0,0 +1,67 @@
China Will Change The Way All Software Is Bought And Sold
================================================================================
![](http://a5.files.readwrite.com/image/upload/c_fill,h_900,q_70,w_1600/MTE5NDg0MDYyMzQ4MzE0MTI3.jpg)
> It's all about open source.
**China doesn't need you. Not your software. Not your** programmers. Not anything you have to offer.
China mints over 100,000 new software engineers each year. Those engineers are writing an incredible volume of great software. What software China doesn't develop, it pirates, to the tune of 77% of all software used in China as of 2012. For Western technology vendors already struggling to meet the challenges of open source and cloud, China just made things harder.
Much harder.
China is challenging the way Western firms make money in China and everywhere else. For those companies that manage to figure out how to do business in China, their future looks very, very bright.
### Resisting China ###
Not everyone wants to play along, of course. Microsoft, for example, has opted to [use U.S. state attorneys general to block Chinese firms][1] from doing business in their states unless they pay for their Microsoft licenses. It's clever, and it may generate billions of dollars for Microsoft, but it ultimately feels like Microsoft is trying to fit a square peg in a round hole.
China, quite simply, doesn't think about IP in the same way that Microsoft does.
As [I've noted][2], "like their Indian counterparts, Chinese enterprises seem inclined to pay for complex, proprietary enterprise software that's more advanced than domestic firms have yet developed." But this won't last, as China's software industry is in warp speed and showing no signs of slowing. China pirates until it can build its own.
But even then, it charges for software differently than in the U.S. Software is either delivered in appliances, the cloud or firms simply charge for support. None of these things can be pirated.
And each, not surprisingly, is how companies make money with open source.
### Open Sourcing China ###
As captured in [J. Aaron Farr's report][3] on open source in China, Hu Ke, an analyst for CCID, notes that "China's open source communities are relatively small and don't have much influence. There is a lack of big projects, few participants, and little money."
That's the bad news.
The good news is that companies like Huawei view open source as a strategic priority. For example, while [Huawei's open source page][4] is outdated and weak, it belies what's actually going on in the technology behemoth. In conversations with the company and with consultants engaged with it, they cite a great deal of knowledge about open source within Huawei, though still a decided lack of know-how when it comes to engaging with open-source communities.
That isn't likely to last.
For one thing, Chinese biggest Web companies actively embrace open source, a sign of what's to come. Talk to anyone at Baidu, Alibaba, Weibo and you'll discover that their software stacks are open source, top to bottom, running on homegrown hardware, not Western name brands.
In other words, exactly like in the United States and Western Europe.
Take a look at [what software the industry's hottest startups use today][5] and you'll get a good sense of what China's mainstream enterprises will use tomorrow, just as is happening in the Western world. And, not surprisingly, much of it is open source.
### Selling To China ###
All of which means the future of China's software industry will necessarily look nothing like the history of the U.S. software industry. There won't be companies making billions of dollars selling proprietary shelfware. Intellectual property, in the Western sense, simply won't factor into China's tech economy.
Instead, vendors will need to find a way to sell something other than software. Cloud services will succeed. Hardware appliances will, too. Ditto support and consulting services (though at lower margins). Basically, China's software industry will look like an industry filled with open source and no easy, proprietary crutches.
Lead image by [hackNY.org][6]
--------------------------------------------------------------------------------
via: http://readwrite.com/2014/08/12/china-opensource-software-ip-programmers-united-states
作者:[Matt Asay][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://readwrite.com/author/matt-asay
[1]:http://readwrite.com/2014/03/17/microsoft-anti-piracy-strategy-china
[2]:http://readwrite.com/2014/04/11/india-starts-paying-for-software-china-it
[3]:http://cdn.oreillystatic.com/en/assets/1/event/12/Open%20Source%20in%20China%20Presentation%201.pdf
[4]:http://huawei.com/en/about-huawei/Partner/openathuawei/index.htm
[5]:http://codingvc.com/which-technologies-do-startups-use-an-exploration-of-angellist-data
[6]:https://www.flickr.com/photos/hackny/8675057448/

31
sources/talk/20140826 Linus Torvalds Promotes Linux for Desktops, Embedded Computing.md Normal file
View File

@ -0,0 +1,31 @@
Linus Torvalds Promotes Linux for Desktops, Embedded Computing
================================================================================
> Linux kernel developer and open source leader Linus Torvalds spoke recently about the future of desktop Linux and Linux for embedded devices.
![](http://thevarguy.com/site-files/thevarguy.com/files/imagecache/medium_img/uploads/2014/08/linus-torvalds-1.jpg)
What's the future of Linux for desktop computers and embedded devices? That's a question up for debate, but Linux founder and open source superstar Linus Torvalds provided some intriguing viewpoints in a discussion at the [Linux Foundation's][1] recent LinuxCon event.
As the guy who wrote the first Linux kernel code and shared it publicly over the Internet back in 1991, Torvalds is without doubt among the most famous developers of open source software—or any software, really—alive today. And while Torvalds is only one individual among many thousands of people and organizations guiding the development of Linux, his opinions tend to be influential with the open source community, and his role as a lead kernel developer places him in a powerful position for deciding which features and code make it into the operating system.
So it's worth paying attention when Torvalds says, "I still want the desktop," as he [did last week][2] at LinuxCon. It's a sign that he still sees a future for Linux as an operating system for powering personal PCs, even though desktop Linux market share has remained minuscule and relatively flat for more than a decade, and most of the commercial activity around Linux these days involves servers or Android-powered mobile hardware.
But, Torvalds added, ensuring a strong future for desktop Linux means solving an "infrastructure problem" that stems, he seems to believe, from the broader open source software ecosystem and the hardware world. It's not the core Linux code itself that's at issue, and making the channel friendly for desktop Linux is a feat Torvalds and his fellow kernel developers probably have little power to achieve on their own. That's up to app developers, hardware manufacturers and other parties who have the power to deliver computing platforms based on Linux that people will readily use.
On the other hand, Torvalds also mentioned a hope that kernel developers might streamline the Linux code for embedded devices—a task that might be at odds in some ways with making the kernel more desktop-friendly. But that's not necessarily the case, and at any rate, given that Linux is designed to be so modular, there's no reason a single kernel code base can't meet the needs of desktop users and embedded developers equally well, depending on which chunks they choose to use.
As a longtime desktop Linux user who would also like to see more Linux-powered embedded devices, I'm hoping Torvalds's aspirations in both regards will be realized, and that I will one day be able to do everything I need using only Linux, whether it's on a desktop computer, a mobile phone, the car or anywhere else.
--------------------------------------------------------------------------------
via: http://thevarguy.com/open-source-application-software-companies/082514/linus-torvalds-promotes-linux-desktops-and-embedded-compu
作者:[Christopher Tozzi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://thevarguy.com/author/christopher-tozzi
[1]:http://linuxfoundation.org/
[2]:http://www.eweek.com/enterprise-apps/linux-founder-linus-torvalds-still-wants-the-desktop.html

41
sources/talk/20140826 Linus Torvalds Started a Revolution on August 25 1991 Happy Birthday Linux.md Normal file
View File

@ -0,0 +1,41 @@
Linus Torvalds Started a Revolution on August 25, 1991. Happy Birthday, Linux!
================================================================================
![Linus Torvalds](http://i1-news.softpedia-static.com/images/news2/Linus-Torvalds-Started-a-Revolution-on-August-25-1991-Happy-Birthday-Linux-456212-2.jpg)
Linus Torvalds
**The Linux project has just turned 23 and it's now the biggest collaborative endeavor in the world, with thousands of people working on it.**
Back in 1991, a young programmer called Linus Torvalds wanted to make a free operating system that wasn't going to be as big as the GNU project and that was just a hobby. He started something that would turn out to be the most successful operating system on the planet, but no one would have been able to guess it back then.
Linus Torvalds sent an email on August 25, 1991, asking for help in testing his new operating system. Things haven't changed all that much in the meantime and he still sends emails about new Linux releases, although back then it wasn't called like that.
"I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I'd like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things). I've currently ported bash(1.08) and gcc(1.40), and things seem to work."
"This implies that I'll get something practical within a few months, and I'd like to know what features most people would want. Any suggestions are welcome, but I won't promise I'll implement them :-) PS. Yes - it's free of any minix code, and it has a multi-threaded fs. It is NOT protable (uses 386 task switching etc), and it probably never will support anything other than AT-harddisks, as that's all I have :-(. " [wrote][1] Linus Torvalds.
This is the entire mails that started it all, although it's interesting to see how things have evolved since then. The Linux operating system caught on, especially on the server market, but the power of Linux also extended in other areas.
In fact, it's hard to find any technology that hasn't been influenced by a Linus OS. Phones, TVs, fridges, minicomputers, consoles, tablets, and basically everything that has a chip in it is capable of running Linux or it already has some sort of Linux-based OS installed on it.
Linux is omnipresent on billions of devices and its influence is growing each year on an exponential basis. You might think that Linus is also the wealthiest man on the planet, but remember, Linux is free software and anyone can use it, modify it, and make money of it. He didn't do it for the money.
Linus Torvalds started a revolution in 1991, but it hasn't ended. In fact, you could say that it's just getting started.
> Happy Anniversary, Linux! Please join us in celebrating 23 years of the free OS that has changed the world. [pic.twitter.com/mTVApV85gD][2]
>
> — The Linux Foundation (@linuxfoundation) [August 25, 2014][3]
--------------------------------------------------------------------------------
via: http://news.softpedia.com/news/Linus-Torvalds-Started-a-Revolution-on-August-25-1991-Happy-Birthday-Linux-456212.shtml
作者:[Silviu Stahie][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://news.softpedia.com/editors/browse/silviu-stahie
[1]:https://groups.google.com/forum/#!original/comp.os.minix/dlNtH7RRrGA/SwRavCzVE7gJ
[2]:http://t.co/mTVApV85gD
[3]:https://twitter.com/linuxfoundation/statuses/503799441900314624

51
sources/talk/20140826 Linus Torvalds is my hero, says 13 year old Zachary DuPont.md Normal file
View File

@ -0,0 +1,51 @@
Linus Torvalds is my hero, says 13 year old Zachary DuPont
================================================================================
![](http://www.themukt.com/wp-content/uploads/2014/08/Linus_torvalds_zach_1.jpg)
Zachary DuPon is a 6th grader who will turn 13 years old soon. He used to be an Arch Linux user and is looking forward to installing Gentoo Linux soon.
The story of Zach goes like this his school organized a project where students were asked to write a letter to their heroes, while most kids wrote to celebrities, Zach wrote to the real hero of the modern technology world Linus Torvalds.
Since Linus works from home he doesnt disclose his work address, so Zachs letter went to The Linux Foundation, which scans all letters before sending them to Linus. When the foundation saw this letter they contacted Zachs school and, being as generous as they are, invited him to LinuxCon so that he could meet his hero in person.
Jim Zemlin, the executive director of the Linux Foundation, introduced Zach to the crowd right after the keynote panel discussion. Zach met Linus and got his Linux Bible signed by the father of Linux; he also received a signed copy of Linus own book [Just for Fun: The Story of an Accidental Revolutionary][1]
![Linus Torvalds signing a book for Zachary DuPont](http://www.themukt.com/wp-content/uploads/2014/08/Linus_torvalds_zach_1.jpg)
Linus Torvalds signing a book for Zachary DuPont
![The DuPont family](http://www.themukt.com/wp-content/uploads/2014/08/zachary_dupont_family.jpg)
The DuPont family
![Swapnil Bhartiya with Zachary DuPont](http://www.themukt.com/wp-content/uploads/2014/08/swapnil_zach.jpg)
Swapnil Bhartiya with Zachary DuPont
I didnt want to miss this opportunity so I approached the DuPont family as soon as they finished talking to Linus and arranged this video interview. I am a father of a 2 year old son and as a father, I was truly amazed how confident, articulate and clear Zach is in his thoughts.
Instead of me telling you what all we discussed, I am offering you this video interview.
Youtube 视频,发布的时候不行改成一个链接吧
<iframe scrolling="no" frameborder="0" allowfullscreen="" mozallowfullscreen="" webkitallowfullscreen="" src="//www.youtube-nocookie.com/embed/pHK5mfLdmRs?autoplay=0" class="arve-inner"></iframe>
Here is some trivia from the interview:
- He used Arch Linux once
- He plans to contribute once he becomes good at programming
- He hasnt filed any bug reports and thinks he should. He also said that he didnt come across any bugs
- He is not a huge fan of WINE
- He likes KDEs Plasma desktop, but it doesnt work well on his Gateway machine
- He is a Debian GNU/Linux user with XFCE desktop environment
Linus may be Zachs hero, but Zach is the hero of the entire GNU/Linux and Free Software community, who continues to remind us that our future is in great hands.
--------------------------------------------------------------------------------
via: http://www.themukt.com/2014/08/24/linus-torvalds-hero-says-13-years-old-zachary-dupont/
作者:[wapnil Bhartiya][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.themukt.com/author/swapnil_bhartiya/
[1]:http://www.amazon.com/gp/product/0066620732/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=0066620732&linkCode=as2&tag=muktware-20&linkId=HBKEBIFVZQC35GGK

198
sources/tech/20140808 How to install Puppet server and client on CentOS and RHEL.md
View File

@ -1,198 +0,0 @@
[sailing]
How to install Puppet server and client on CentOS and RHEL
================================================================================
As a system administrator acquires more and more systems to manage, automation of mundane tasks gets quite important. Many administrators adopted the way of writing custom scripts, that are simulating complex orchestration software. Unfortunately, scripts get obsolete, people who developed them leave, and without an enormous level of maintenance, after some time these scripts will end up unusable. It is certainly more desirable to share a system that everyone can use, and invest in tools that can be used regardless of one's employer. For that we have several systems available, and in this howto you will learn how to use one of them - Puppet.
### What is Puppet? ###
Puppet is an automation software for IT system administrators and consultants. It allows you to automate repetitive tasks such as the installation of applications and services, patch management, and deployments. Configuration for all resources are stored in so called "manifests", that can be applied to multiple machines or just a single server. If you would like to know more information, The Puppet Labs site has a more complete description of [what Puppet is and how it works][1].
### What are we going to achieve in this tutorial? ###
We will install and configure a Puppet server, and set up some basic configuration for our client servers. You will discover how to write and manage Puppet manifests and how to push it into your servers.
### Prerequisites ###
Since Puppet is not in basic CentOS or RHEL distribution repositories, we have to add a custom repository provided by Puppet Labs. On all servers in which you want to use Puppet, install the repository by executing following command (RPM file name can change with new release):
**On CentOS/RHEL 6.5:**
# rpm -ivh https://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-10.noarch.rpm
**On CentOS/RHEL 7:**
# rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-10.noarch.rpm
### Server Installation ###
Install the package "puppet-server" on the server you want to use as a master.
# yum install puppet-server
When the installation is done, set the Puppet server to automatically start on boot and turn it on.
# chkconfig puppetmaster on
# service puppetmaster start
Now when we have the server working, we need to make sure that it is reachable from our network.
On CentOS/RHEL 6, where iptables is used as firewall, add following line into section ":OUTPUT ACCEPT" of /etc/sysconfig/iptables.
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 8140 -j ACCEPT
To apply this change, it's necessary to restart iptables.
# service iptables restart
On CentOS/RHEL 7, where firewalld is used, the same thing can be achieved by:
# firewall-cmd --permanent --zone=public --add-port=8140/tcp
# firewall-cmd --reload
### Client Installation ###
Install the Puppet client package on your client nodes by executing the following:
# yum install puppet
When the installation finishes, make sure that Puppet will start after boot.
# chkconfig puppet on
Your Puppet client nodes have to know where the Puppet master server is located. The best practice for this is to use a DNS server, where you can configure the Puppet domain name. If you don't have a DNS server running, you can use the /etc/hosts file, by simply adding the following line:
> 1.2.3.4 server.your.domain
> 2.3.4.5 client-node.your.domain
1.2.3.4 corresponds to the IP address of your Puppet master server, "server.your.domain" is the domain name of your master server (the default is usually the server's hostname), "client-node.your.domain" is your client node. This hosts file should be configured accordingly on all involved servers (both Puppet master and clients).
When you are done with these settings, we need to show the Puppet client what is its master. By default Puppet looks for a server called "puppet", but this setting is usually inappropriate for your network configuration, therefore we will exchange it for the proper FQDN of the Puppet master server. Open the file /etc/sysconfig/puppet and change the "PUPPET_SERVER" value to your Puppet master server domain name specified in /etc/hosts:
> PUPPET_SERVER=server.your.domain
The master server name also has to be defined in the section "[agent]" of /etc/puppet/puppet.conf:
> server=server.your.domain
Now you can start your Puppet client:
# service puppet start
We need to force our client to check in with the Puppet master by using:
# puppet agent --test
You should see something like the following output. Don't panic, this is desired as the server is still not verified on the Puppet master server.
> Exiting; no certificate found and waitforcert is disabled
Go back to your puppet master server and check certificate verification requests:
# puppet cert list
You should see a list of all the servers that requested a certificate signing from your puppet master. Find the hostname of your client server and sign it using the following command (client-node is the domain name of your client node):
# puppet cert sign client-node
At this point you have a working Puppet client and server. Congratulations! However, right now there is nothing for the Puppet master to instruct the client to do. So, let's create some basic manifest and set our client node to install basic utilities.
Connect back to your Puppet server and make sure the directory /etc/puppet/manifests exists.
# mkdir -p /etc/puppet/manifests
Now create the manifest file /etc/puppet/manifests/site.pp with the following content
node 'client-node' {
include custom_utils
}
class custom_utils {
package { ["nmap","telnet","vim-enhanced","traceroute"]:
ensure => latest,
allow_virtual => false,
}
}
and restart the puppetmaster service.
# service puppetmaster restart
The default refresh interval of the client configuration is 30 minutes, if you want to force the application of your changes manually, execute the following command on your client node:
# puppet agent -t
If you would like to change the default client refresh interval, add:
> runinterval = <yourtime>
to the "[agent]" section of /etc/puppet/puppet.conf on your client node. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). Note that a runinterval of 0 means "run continuously" rather than "never run".
### Tips & Tricks ###
#### 1. Debugging ####
It can happen from time to time that you will submit a wrong configuration and you have to debug where the Puppet failed. For that you will always start with either checking logs in /var/log/puppet/ or running the agent manually to see the output:
# puppet agent -t
By default "-t" activates verbose mode, so it allows you to see the output of Puppet. This command also has several parameters that might help you identify your problem a bit more. The first useful option is:
# puppet agent -t --debug
Debug shows you basically all steps that Puppet goes through during its runtime. It can be really useful during debug of really complicated rules. Another parameter you might find really useful is:
# puppet agent -t --noop
This option sets puppet in so called dry-run mode, where no changes are performed. Puppet only writes what it would do on the screen but nothing is written on the disk.
#### 2. Modules ####
After some time you find yourself in the situation where you will want to have more complicated manifests. But before you will sit down and start to program them, you should invest some time and browse [https://forge.puppetlabs.com][2]. Forge is a repository of the Puppet community modules and it's very likely that you find the solution for your problem already made there. If not, feel free to write your own and submit it, so other people can benefit from the Puppet modularity.
Now, let's assume that you have already found a module that would fix your problem. How to install it into the system? It is actually quite easy, because Puppet already contains an interface to download modules directly. Simply type the following command:
# puppet module install <module_name> --version 0.0.0
<module_name> is the name of your chosen module, the version is optional (if not specified then the latest release is taken). If you don't remember the name of the module you want to install, you can try to find it by using module search:
# puppet module search <search_string>
As a result you will get a list of all modules that contain your search string.
# puppet module search apache
----------
Notice: Searching https://forgeapi.puppetlabs.com ...
NAME DESCRIPTION AUTHOR KEYWORDS
example42-apache Puppet module for apache @example42 example42, apache
puppetlabs-apache Puppet module for Apache @puppetlabs apache web httpd centos rhel ssl wsgi proxy
theforeman-apache Apache HTTP server configuration @theforeman foreman apache httpd DEPRECATED
And if you would like to see what modules you already installed, type:
# puppet module list
### Summary ###
By now, you should have a fully functional Puppet master that is delivering basic configuration to one or more client servers. At this point feel free to add more settings into your configuration to adapt it to your infrastructure. Don't worry about experimenting with Puppet and you will see that it can be a genuine lifesaver.
Puppet labs is trying to maintain a top quality documentation for their projects, so if you would like to learn more about Puppet and its configuration, I strongly recommend visiting the Puppet project page at [http://docs.puppetlabs.com][3].
If you have any questions feel free to post them in the comments and I will do my best to answer and advise.
--------------------------------------------------------------------------------
via: http://xmodulo.com/2014/08/install-puppet-server-client-centos-rhel.html
作者:[Jaroslav Štěpánek][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/jaroslav
[1]:https://puppetlabs.com/puppet/what-is-puppet/
[2]:https://forge.puppetlabs.com/
[3]:http://docs.puppetlabs.com/

1
sources/tech/20140813 How to remove file metadata on Linux.md
View File

@ -1,3 +1,4 @@
[translating by KayGuoWhu]
How to remove file metadata on Linux
================================================================================
A typical data file often has associated "metadata" which is descriptive information about the file, represented in the form of a set of name-value pairs. Common metadata include creator's name, tools used to generate the file, file creation/update date, location of creation, editing history, etc. EXIF (images), RDF (web resources), DOI (digital documents) are some of popular metadata standards.

3
sources/tech/20140815 How to manage a WiFi connection from the command line.md
View File

@ -1,3 +1,4 @@
(translating by runningwater)
How to manage a WiFi connection from the command line
================================================================================
Whenever you install a new Linux distribution on a computer, it is in general recommended that you connect to the internet via a wired connection. There are two main reasons for this: one, your wireless adapter may not have the right driver loaded; second, if you are installing from the command line, managing WiFi is scary. I always tried to avoid dealing with WiFi over the command line. But in the Linux world, there is no place for fear. If you do not know how to do something, that is the only reason you need to go ahead and learn it. So I forced myself to learn how to manage a WiFi connection from the command line on Linux.
@ -67,7 +68,7 @@ What other ways would you recommend to connect via WiFi from the command line? P
via: http://xmodulo.com/2014/08/manage-wifi-connection-command-line.html
作者:[Adrien Brochard][a]
译者:[译者ID](https://github.com/译者ID)
译者:[runningwater](https://github.com/runningwater)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

49
sources/tech/20140825 Linux FAQs with Answers--How to enable Nux Dextop repository on CentOS or RHEL.md Normal file
View File

@ -0,0 +1,49 @@
Linux FAQs with Answers--How to enable Nux Dextop repository on CentOS or RHEL
================================================================================
> **Question**: I would like to install a RPM package which is available only in Nux Dextop repository. How can I set up Nux Dextop repository on CentOS or RHEL?
[Nux Dextop][1] is a third-party RPM repository which contains many popular desktop and multimedia related packages (e.g., Ardour, Shutter, etc) for CentOS, RHEL and ScientificLinux. Currently, Nux Dextop repository is available for CentOS/RHEL 6 and 7.
To enable Nux Dextop repository on CentOS or RHEL, follow the instructions below.
First of all, understand that Nux Dextop is designed to coexist with EPEL repository. So you need to [enable EPEL][2] in order to use Nux Dextop repo.
After enabling EPEL, go ahead and install Nux Dextop repository with rpm command as follows.
On CentOS/RHEL 6.*:
$ sudo rpm -Uvh http://li.nux.ro/download/nux/dextop/el6/x86_64/nux-dextop-release-0-2.el6.nux.noarch.rpm
On CentOS/RHEL 7:
$ sudo rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm
Now verify that Nux Dextop repository is successfully installed:
$ yum repolist
![](https://farm6.staticflickr.com/5574/14790031847_90b4a829d7_z.jpg)
### For Repoforge/RPMforge Users ###
According to the author, Nux Dextop is known to cause conflicts with other third-party RPM repos such as Repoforge and ATrpms. Therefore, if you enabled any third-party repos other than EPEL, it is highly recommend you set Nux Dextop repository to "default off" state. That is, open /etc/yum.repos.d/nux-dextop.repo with a text editor, and change "enabled=1" to "enabled=0" under nux-desktop.
$ sudo vi /etc/yum.repos.d/nux-dextop.repo
![](https://farm6.staticflickr.com/5560/14789955930_f8711b3581_z.jpg)
Then whenever you want to install a package from Nux Dextop repo, explicitly enable the repo as follows.
$ sudo yum --enablerepo=nux-dextop install <package-name>
--------------------------------------------------------------------------------
via: http://ask.xmodulo.com/enable-nux-dextop-repository-centos-rhel.html
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://li.nux.ro/download/nux/dextop/
[2]:http://xmodulo.com/2013/03/how-to-set-up-epel-repository-on-centos.html

50
sources/tech/20140825 Linux FAQs with Answers--How to fix 'failed to run aclocal--No such file or directory'.md Normal file
View File

@ -0,0 +1,50 @@
Linux FAQs with Answers--How to fix “failed to run aclocal: No such file or directory”
================================================================================
> **Question**: I am trying to build a program on Linux. The development release of the program comes with "autogen.sh" script. When I run it to create configure script, however, I am getting the following error:
>
> Can't exec "aclocal": No such file or directory at /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
> autoreconf: failed to run aclocal: No such file or directory
>
> How can I fix this problem?
The development release of a program source code often comes with autogen.sh which is used to prepare a build process, including verifying program functionality and generating configure script. This autogen.sh script then relies on autoreconf to invoke autoconf, automake, aclocal and other related tools.
The missing aclocal is part of automake package. Thus, to fix this error, install the following package.
On Debian, Ubuntu or Linux Mint:
$ sudo apt-get install automake
On CentOS, Fedora or RHEL:
$ sudo yum install automake
--------------------------------------------------------------------------------
via: http://ask.xmodulo.com/fix-failed-to-run-aclocal.html
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:
[2]:
[3]:
[4]:
[5]:
[6]:
[7]:
[8]:
[9]:
[10]:
[11]:
[12]:
[13]:
[14]:
[15]:
[16]:
[17]:
[18]:
[19]:
[20]:

23
sources/tech/20140825 Linux FAQs with Answers--How to install Shutter on CentOS.md Normal file
View File

@ -0,0 +1,23 @@
Linux FAQs with Answers--How to install Shutter on CentOS
================================================================================
> **Question**: I would like to try out Shutter screenshot program on my CentOS desktop. However, when I tried to install Shutter with yum, it says "No package shutter available." How can I install Shutter on CentOS?
[Shutter][1] is an open-source (GPLv3) screenshot tool for Linux desktop. It is packed with a number of user-friendly features, making it one of the most powerful screenshot programs in Linux. With Shutter, you can capture a screenshot of a rectangular area, a window, an entire desktop screen, or even a web page at any arbitrary URL. Besides, it also allows you to edit a captured screenshot with a built-in image editor, apply different effects, export to different image formats (svg, pdf, ps), or upload to public image hosts or FTP sites.
Shutter is not available as a pre-built package on CentOS (as of version 7). Fortunately, there exists a third-party RPM repository called Nux Dextop, which offers Shutter package. So [enable Nux Dextop repository][2] on CentOS. Then use the following command to install Shutter.
$ sudo yum --enablerepo=nux-dextop install shutter
![](https://farm4.staticflickr.com/3876/14986638615_6501a68527_z.jpg)
--------------------------------------------------------------------------------
via: http://ask.xmodulo.com/install-shutter-centos.html
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://shutter-project.org/
[2]:http://ask.xmodulo.com/enable-nux-dextop-repository-centos-rhel.html

22
sources/tech/20140825 Linux FAQs with Answers--How to show a MAC learning table of Linux bridge.md Normal file
View File

@ -0,0 +1,22 @@
Linux FAQs with Answers--How to show a MAC learning table of Linux bridge
================================================================================
> **Question**: I would like to check MAC address learning status of a Linux bridge that I created with brctl tool. How can I view the MAC learning table (or forwarding table) of a Linux bridge?
A Linux bridge is software implementation of a network bridge, which is part of Linux kernel. Similar to hardware bridge, Linux bridge maintains a layer-2 forwarding table (also known as MAC learning table, forwarding database, or just FDB), which keeps track of what MAC addresses are associated with which ports. When a bridge receives a packet (with source MAC address X) at port N, it records in FDB that MAC address X is reachable from port N. That way, later when a bridge needs to forward a packet destined to address X, it knows where to forward the packet from FDB lookup. Building a FDB is often called "MAC learning" or just "learning" process.
You can check the current forwarding table or MAC learning table of a Linux bridge using the following command.
$ sudo brctl showmacs <bridge-name>
![](https://farm4.staticflickr.com/3856/14963353726_8971873948_z.jpg)
This command will show a list of all learned MAC addresses along with their associated port number. Each entry has a corresponding aging timer attached to it, so that the forwarding entries get refreshed after some time, making the MAC learning table up-to-date.
--------------------------------------------------------------------------------
via: http://ask.xmodulo.com/show-mac-learning-table-linux-bridge.html
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

151
sources/tech/20140825 Linux Terminal--speedtest_cli checks your real bandwidth speed.md Normal file
View File

@ -0,0 +1,151 @@
[su-kaiyao]翻译中
Linux Terminal: speedtest_cli checks your real bandwidth speed.
================================================================================
![](http://www.speedtest.net/result/3700218352.png)
Whats your upload and download speed at home (or in your office) ?
Are you really sure that you get what do you pay for to your ISP ?
To test the speed of our internet connection There are several internet services such as SpeedTest a web service that is available both from Web browsers and mobile application.
Now you can easily check it also with speedtest_cli a command line interface for testing internet [bandwidth][1] using [speedtest.net][2]. In this way you can do the test also on servers that dont have a Browser or a graphical interface.
### Installation ###
speedtest_cli its just a python script, so its really easy to install and use it, and you have different ways to do it:
#### 1) pip / easy_install ####
Open a terminal and give the command:
pip install speedtest-cli
or
easy_install speedtest-cli
#### 2) Github ####
To install directly from github you can use these commands:
pip install git+https://github.com/sivel/speedtest-cli.git
or
git clone https://github.com/sivel/speedtest-cli.git
python speedtest-cli/setup.py install
#### 3) As Ubuntu/Debian or Mint package ####
The [package][3] is available on the getdeb repository, you can easily add it with these steps:
- Install the [getdeb package][4].
Or
- Configure the repository manually:
Go to System-Administration-Software Sources, Third-Party Software tab, Add:
deb http://archive.getdeb.net/ubuntu trusty-getdeb apps
Add the repository GPG key, open a terminal window and type:
wget -q -O- http://archive.getdeb.net/getdeb-archive.key | sudo apt-key add -
And now you can install the speedtest-cli package with the commands:
sudo apt-get update
sudo apt-get install python-speedtest-cli
#### 4) Just download (Like the way it used to be) ####
As last option, just download the python script where you prefer and run it from there:
wget -O speedtest-cli https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py
chmod +x speedtest-cli
or
curl -o speedtest-cli https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py
chmod +x speedtest-cli
### Basic Usage ###
You can simply run the command speedtest_cli.py without any option and youll get a report on the terminal of your bandwidth speed, this is the output of my crappy Italian Adsl:
$ ./speedtest_cli.py
Retrieving speedtest.net configuration...
Retrieving speedtest.net server list...
Testing from Telecom Italia (87.13.73.66)...
Selecting best server based on latency...
Hosted by LepidaSpA (Bologna) [12.20 km]: 104.347 ms
Testing download speed........................................
Download: 6.35 Mbits/s
Testing upload speed..................................................
Upload: 0.34 Mbits/s
So this is the basic usage, and its good enough to know how great (or bad) is your connection, but maybe you want to share this information with your friends, to do this just use the option share
./speedtest_cli.py --share
Retrieving speedtest.net configuration...
Retrieving speedtest.net server list...
Testing from Telecom Italia (87.13.73.66)...
Selecting best server based on latency...
Hosted by LepidaSpA (Bologna) [12.20 km]: 93.778 ms
Testing download speed........................................
Download: 6.20 Mbits/s
Testing upload speed..................................................
Upload: 0.33 Mbits/s
Share results: http://www.speedtest.net/result/3700218352.png
This will produce an image similar to this one (but I hope for you with better values):
![](http://www.speedtest.net/result/3700218352.png)
Another interesting option its the list that shows a list of speedtest.net servers sorted by distance, these are my results:
Retrieving speedtest.net configuration...
Retrieving speedtest.net server list...
2872) LepidaSpA (Bologna, Italy) [12.20 km]
1561) MYNETWAY S.R.L. (Cesena, Italy) [80.97 km]
2710) ReteIVO by D.t.s. Srl (Florence, Italy) [90.90 km]
4826) Inteplanet Srl (Verona, Italy) [100.45 km]
3998) Wolnext srl (Verona, Italy) [100.45 km]
2957) Wifiweb s.r.l. (Altavilla Vicentina, Italy) [103.11 km]
3103) E4A s.r.l. (Vicenza, Italy) [107.17 km]
3804) Interplanet Srl (Vicenza, Italy) [107.17 km]
1014) NTRnet (Vicenza, Italy) [107.17 km]
3679) Hynet s r l (Vicenza, Italy) [107.17 km]
3745) Comeser Srl (Fidenza, Italy) [114.00 km]
5011) Welcomeitalia spa (Massarosa, Italy) [119.26 km]
2864) ReteIVO by D.t.s. Srl (Massa, Italy) [120.92 km]
2918) ReteIVO by D.t.s. Srl (Arezzo, Italy) [129.79 km]
...
Now that I know the ID of the servers that are located near my location I can pick up a specific server with the option server, so to chose the server located at Florence (ID 2710) I can use the command:
./speedtest_cli.py --server 2710
Retrieving speedtest.net configuration...
Retrieving speedtest.net server list...
Testing from Telecom Italia (87.13.73.66)...
Hosted by ReteIVO by D.t.s. Srl (Florence) [90.90 km]: 106.505 ms
Testing download speed........................................
Download: 6.18 Mbits/s
Testing upload speed..................................................
Upload: 0.35 Mbits/s
Article sponsored by [Asapy Programming Company][5]
--------------------------------------------------------------------------------
via: http://linuxaria.com/howto/linux-terminal-speedtest_cli-checks-your-real-bandwidth-speed
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://linuxaria.com/article/tool-command-line-bandwidth-linux
[2]:http://linuxaria.com/howto/speedtest.net
[3]:http://www.getdeb.net/
[4]:http://archive.getdeb.net/install_deb/getdeb-repository_0.1-1~getdeb1_all.deb
[5]:http://www.asapy.com/

122
sources/tech/20140826 20 Postfix Interview Questions and Answers.md Normal file
View File

@ -0,0 +1,122 @@
20 Postfix Interview Questions & Answers
================================================================================
### Q:1 What is postfix and default port used for postfix ? ###
Ans: Postfix is a open source MTA (Mail Transfer agent) which is used to route & deliver emails. Postfix is the alternate of widely used Sendmail MTA. Default port for postfix is 25.
### Q:2 What is the difference between Postfix & Sendmail ? ###
Ans: Postfix uses a modular approach and is composed of multiple independent executables. Sendmail has a more monolithic design utilizing a single always running daemon.
### Q:3 What is MTA and its role in mailing system ? ###
Ans: MTA Stands for Mail Transfer Agent.MTA receives and delivers email. Determines message routing and possible address rewriting. Locally delivered messages are handed off to an MDA for final delivery. Examples Qmail, Postfix, Sendmail
### Q:4 What is MDA ? ###
Ans: MDA stands for Mail Delivery Agent. MDA is a Program that handles final delivery of messages for a system's local recipients. MDAs can often filter or categorize messages upon delivery. An MDA might also determine that a message must be forwarded to another email address. Example Procmail
### Q:5 What is MUA ? ###
Ans: MUA stands for Mail User Agent. MUA is aEmail client software used to compose, send, and retrieve email messages. Sends messages through an MTA. Retrieves messages from a mail store either directly or through a POP/ IMAP server. Examples Outlook, Thunderbird, Evolution.
### Q:6 What is the use of postmaster account in Mailserver ? ###
Ans: An email administrator is commonly referred to as a postmaster. An individual with postmaster responsibilities makes sure that the mail system is working correctly, makes configuration changes, and adds/removes email accounts, among other things. You must have a postmaster alias at all domains for which you handle email that directs messages to the correct person or persons .
### Q:7 What are the important daemons in postfix ? ###
Ans : Below are the lists of impportant daemons in postfix mail server :
- **master** :The master daemon is the brain of the Postfix mail system. It spawns all other daemons.
- **smtpd**: The smtpd daemon (server) handles incoming connections.
- **smtp** :The smtp client handles outgoing connections.
- **qmgr** :The qmgr-Daemon is the heart of the Postfix mail system. It processes and controls all messages in the mail queues.
- **local** : The local program is Postfix own local delivery agent. It stores messages in mailboxes.
### Q:8 What are the configuration files of postfix server ? ###
Ans: There are two main Configuration files of postfix :
- **/etc/postfix/main.cf** : This file holds global configuration options. They will be applied to all instances of a daemon, unless they are overridden in master.cf
- **/etc/postfix/master.cf** : This file defines runtime environment for daemons attached to services. Runtime behavior defined in main.cf may be overridden by setting service specific options.
### Q:9 How to restart the postfix service & make it enable across reboot ? ###
Ans: Use this command to restart service “ Service postfix restart” and to make the service persist across the reboot, use the command “ chkconfig postfix on”
### Q:10 How to check the mail's queue in postfix ? ###
Ans: Postfix maintains two queues, the pending mails queue, and the deferred mail queue,the deferred mail queue has the mail that has soft-fail and should be retried (Temporary failure), Postfix retries the deferred queue on set intervals (configurable, and by default 5 minutes)
To display the list of queued mails :
# postqueue -p
To Save the output of above command :
# postqueue -p > /mnt/queue-backup.txt
Tell Postfix to process the Queue now
# postqueue -f
### Q:11 How to delete mails from the queue in postfix ? ###
Ans: Use below command to delete all queued mails
# postsuper -d ALL
To delete only deferred mails from queue , use below command
# postsuper -d ALL deferred
### Q:12 How to check postfix configuration from the command line ? ###
Ans: Using the command 'postconf -n' we can see current configuration of postfix excluding the lines which are commented.
### Q:13 Which command is used to see live mail logs in postfix ? ###
Ans: Use the command 'tail -f /var/log/maillog' or 'tailf /var/log/maillog'
### Q:14 How to send a test mail from command line ? ###
Ans: Use the below command to send a test mail from postfix itself :
# echo "Test mail from postfix" | mail -s "Plz ignore" info@something.com
### Q:15 What is an Open mail relay ? ###
Ans: An open mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users.This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular because of their exploitation by spammers and worms.
### Q:16 What is relay host in postfix ? ###
Ans: Relay host is the smtp address , if mentioned in postfix config file , then all the incoming mails be relayed through smtp server.
### Q:17 What is Greylisting ? ###
Ans: Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate the originating server will, after a delay, try again and, if sufficient time has elapsed, the email will be accepted.
### Q:18 What is the importance of SPF records in mail servers ? ###
Ans: SPF (Sender Policy Framework) is a system to help domain owners specify the servers which are supposed to send mail from their domain. The aim is that other mail systems can then check to make sure the server sending email from that domain is authorized to do so reducing the chance of email 'spoofing', phishing schemes and spam!
### Q:19 What is the use of Domain Keys(DKIM) in mail servers ? ###
Ans: DomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender and the message integrity. The DomainKeys specification has adopted aspects of Identified Internet Mail to create an enhanced protocol called DomainKeys Identified Mail (DKIM).
### Q:20 What is the role of Anti-Spam SMTP Proxy (ASSP) in mail server ? ###
Ans: ASSP is a gateway server which is install in front of your MTA and implements auto-whitelists, self learning Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other filter methods
--------------------------------------------------------------------------------
via: http://www.linuxtechi.com/postfix-interview-questions-answers/
作者:[Pradeep Kumar][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.linuxtechi.com/author/pradeep/

99
sources/tech/20140826 How to configure SNMPv3 on ubuntu 14.04 server.md Normal file
View File

@ -0,0 +1,99 @@
How to configure SNMPv3 on ubuntu 14.04 server
================================================================================
Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices on IP networks". Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more.It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.[2]
SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.
### Why you want to use SNMPv3 ###
Although SNMPv3 makes no changes to the protocol aside from the addition of cryptographic security, it looks much different due to new textual conventions, concepts, and terminology.
SNMPv3 primarily added security and remote configuration enhancements to SNMP.
Security has been the biggest weakness of SNMP since the beginning. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent.[1] Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used.
SNMPv3 provides important security features:
Confidentiality -- Encryption of packets to prevent snooping by an unauthorized source.
Integrity -- Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism.
Authentication -- to verify that the message is from a valid source.
### Install SNMP server and client in ubuntu ###
Open the terminal and run the following command
sudo apt-get install snmpd snmp
After installation you need to do the following changes.
### Configuring SNMPv3 in Ubuntu ###
Get access to the daemon from the outside.
The default installation only provides access to the daemon for localhost. In order to get access from the outside open the file /etc/default/snmpd in your favorite editor
sudo vi /etc/default/snmpd
Change the following line
From
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /var/run/snmpd.pid'
to
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
and restart snmpd
sudo /etc/init.d/snmpd restart
### Define SNMPv3 users, authentication and encryption parameters ###
SNMPv3 can be used in a number of ways depending on the “securityLevel” configuration parameter:
noAuthNoPriv -- No authorisation and no encryption, basically no security at all!
authNoPriv -- Authorisation is required but collected data sent over the network is not encrypted.
authPriv -- The strongest form. Authorisation required and everything sent over the network is encrypted.
The snmpd configuration settings are all saved in a file called /etc/snmp/snmpd.conf. Open this file in your editor as in:
sudo vi /etc/snmp/snmpd.conf
Add the following lines to the end of the file:
#
createUser user1
createUser user2 MD5 user2password
createUser user3 MD5 user3password DES user3encryption
#
rouser user1 noauth 1.3.6.1.2.1.1
rouser user2 auth 1.3.6.1.2.1
rwuser user3 priv 1.3.6.1.2.1
Note:- If you want to use your own username/password combinations you need to note that the password and encryption phrases should have a length of at least 8 characters
Also you need to do the following change so that snmp can listen for connections on all interfaces
From
#agentAddress udp:161,udp6:[::1]:161
to
agentAddress udp:161,udp6:[::1]:161
Save your modified snmpd.conf file and restart the daemon with:
sudo /etc/init.d/snmpd restart
--------------------------------------------------------------------------------
via: http://www.ubuntugeek.com/how-to-configure-snmpv3-on-ubuntu-14-04-server.html
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

466
sources/tech/20140826 Linux Tutorial--Install Ansible Configuration Management And IT Automation Tool.md Normal file
View File

@ -0,0 +1,466 @@
Linux Tutorial: Install Ansible Configuration Management And IT Automation Tool
================================================================================
![](http://s0.cyberciti.org/uploads/cms/2014/08/ansible_core_circle.png)
Today I will be talking about ansible, a powerful configuration management solution written in python. There are many configuration management solutions available, all with pros and cons, ansible stands apart from many of them for its simplicity. What makes ansible different than many of the most popular configuration management systems is that its agent-less, no need to setup agents on every node you want to control. Plus, this has the benefit of being able to control you entire infrastructure from more than one place, if needed. That last point's validity, of being a benefit, may be debatable but I find it as a positive in most cases. Enough talk, lets get started with Ansible installation and configuration on a RHEL/CentOS, and Debian/Ubuntu based systems.
### Prerequisites ###
1. Distro: RHEL/CentOS/Debian/Ubuntu Linux
1. Jinja2: A modern and designer friendly templating language for Python.
1. PyYAML: A YAML parser and emitter for the Python programming language.
1. parmiko: Native Python SSHv2 protocol library.
1. httplib2: A comprehensive HTTP client library.
1. Most of the actions listed in this post are written with the assumption that they will be executed by the root user running the bash or any other modern shell.
How Ansible works
Ansible tool uses no agents. It requires no additional custom security infrastructure, so its easy to deploy. All you need is ssh client and server:
+----------------------+ +---------------+
|Linux/Unix workstation| SSH | file_server1 |
|with Ansible |<------------------>| db_server2 | Unix/Linux servers
+----------------------+ Modules | proxy_server3 | in local/remote
192.168.1.100 +---------------+ data centers
Where,
1. 192.168.1.100 - Install Ansible on your local workstation/server.
1. file_server1..proxy_server3 - Use 192.168.1.100 and Ansible to automates configuration management of all servers.
1. SSH - Setup ssh keys between 192.168.1.100 and local/remote servers.
### Ansible Installation Tutorial ###
Installation of ansible is a breeze, many distributions have a package available in their 3rd party repos which can easily be installed, a quick alternative is to just pip install it or grab the latest copy from github. To install using your package manager, on [RHEL/CentOS Linux based systems you will most likely need the EPEL repo][1] then:
#### Install ansible on a RHEL/CentOS Linux based system ####
Type the following [yum command][2]:
$ sudo yum install ansible
#### Install ansible on a Debian/Ubuntu Linux based system ####
Type the following [apt-get command][3]:
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible
#### Install ansible using pip ####
The [pip command is a tool for installing and managing Python packages][4], such as those found in the Python Package Index. The following method works on Linux and Unix-like systems:
$ sudo pip install ansible
#### Install the latest version of ansible using source code ####
You can install the latest version from github as follows:
$ cd ~
$ git clone git://github.com/ansible/ansible.git
$ cd ./ansible
$ source ./hacking/env-setup
When running ansible from a git checkout, one thing to remember is that you will need to setup your environment everytime you want to use it, or you can add it to your bash rc file:
# ADD TO BASH RC
$ echo "export ANSIBLE_HOSTS=~/ansible_hosts" >> ~/.bashrc
$ echo "source ~/ansible/hacking/env-setup" >> ~/.bashrc
The hosts file for ansible is basically a list of hosts that ansible is able to perform work on. By default ansible looks for the hosts file at /etc/ansible/hosts, but there are ways to override that which can be handy if you are working with multiple installs or have several different clients for whose datacenters you are responsible for. You can pass the hosts file on the command line using the -i option:
$ ansible all -m shell -a "hostname" --ask-pass -i /etc/some/other/dir/ansible_hosts
My preference however is to use and environment variable, this can be useful if source a different file when starting work for a specific client. The environment variable is $ANSIBLE_HOSTS, and can be set as follows:
$ export ANSIBLE_HOSTS=~/ansible_hosts
Once all requirements are installed and you have you hosts file setup you can give it a test run. For a quick test I put 127.0.0.1 into the ansible hosts file as follow:
$ echo "127.0.0.1" > ~/ansible_hosts
Now lets test with a quick ping:
$ ansible all -m ping
OR ask for the ssh password:
$ ansible all -m ping --ask-pass
I have run across a problem a few times regarding initial setup, it is highly recommended you setup keys for ansible to use but in the previous test we used --ask-pass, on some machines you will need [to install sshpass][5] or add a -c paramiko like so:
$ ansible all -m ping --ask-pass -c paramiko
Or you [can install sshpass][6], however sshpass is not always available in the standard repos so paramiko can be easier.
### Setup SSH Keys ###
Now that we have gotten the configuration, and other simple stuff, out of the way lets move onto doing something productive. Alot of the power of ansible lies in playbooks, which are basically scripted ansible runs (for the most part), but we will start with some one liners before we build out a playbook. Lets start with creating and configuring keys so we can avoid the -c and --ask-pass options:
$ ssh-keygen -t rsa
Sample outputs:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mike/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mike/.ssh/id_rsa.
Your public key has been saved in /home/mike/.ssh/id_rsa.pub.
The key fingerprint is:
94:a0:19:02:ba:25:23:7f:ee:6c:fb:e8:38:b4:f2:42 mike@ultrabook.linuxdork.com
The key's randomart image is:
+--[ RSA 2048]----+
|... . . |
|. . + . . |
|= . o o |
|.* . |
|. . . S |
| E.o |
|.. .. |
|o o+.. |
| +o+*o. |
+-----------------+
Now obviously there are plenty of ways to put this in place on the remote machine but since we are using ansible, lets use that:
$ ansible all -m copy -a "src=/home/mike/.ssh/id_rsa.pub dest=/tmp/id_rsa.pub" --ask-pass -c paramiko
Sample outputs:
SSH password:
127.0.0.1 | success >> {
"changed": true,
"dest": "/tmp/id_rsa.pub",
"gid": 100,
"group": "users",
"md5sum": "bafd3fce6b8a33cf1de415af432774b4",
"mode": "0644",
"owner": "mike",
"size": 410,
"src": "/home/mike/.ansible/tmp/ansible-tmp-1407008170.46-208759459189201/source",
"state": "file",
"uid": 1000
}
Next, add the public key in remote server, enter:
$ ansible all -m shell -a "cat /tmp/id_rsa.pub >> /root/.ssh/authorized_keys" --ask-pass -c paramiko
Sample outputs:
SSH password:
127.0.0.1 | FAILED | rc=1 >>
/bin/sh: /root/.ssh/authorized_keys: Permission denied
Whoops, we want to be able to run things as root, so lets add a -u option:
$ ansible all -m shell -a "cat /tmp/id_rsa.pub >> /root/.ssh/authorized_keys" --ask-pass -c paramiko -u root
Sample outputs:
SSH password:
127.0.0.1 | success | rc=0 >>
Please note, I wanted to demonstrate a file transfer using ansible, there is however a more built in way for managing keys using ansible:
$ ansible all -m authorized_key -a "user=mike key='{{ lookup('file', '/home/mike/.ssh/id_rsa.pub') }}' path=/home/mike/.ssh/authorized_keys manage_dir=no" --ask-pass -c paramiko
Sample outputs:
SSH password:
127.0.0.1 | success >> {
"changed": true,
"gid": 100,
"group": "users",
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCq+Z8/usprXk0aCAPyP0TGylm2MKbmEsHePUOd7p5DO1QQTHak+9gwdoJJavy0yoUdi+C+autKjvuuS+vGb8+I+8mFNu5CvKiZzIpMjZvrZMhHRdNud7GuEanusTEJfi1pUd3NA2iXhl4a6S9a/4G2mKyf7QQSzI4Z5ddudUXd9yHmo9Yt48/ASOJLHIcYfSsswOm8ux1UnyeHqgpdIVONVFsKKuSNSvZBVl3bXzhkhjxz8RMiBGIubJDBuKwZqNSJkOlPWYN76btxMCDVm07O7vNChpf0cmWEfM3pXKPBq/UBxyG2MgoCGkIRGOtJ8UjC/daadBUuxg92/u01VNEB mike@ultrabook.linuxdork.com",
"key_options": null,
"keyfile": "/home/mike/.ssh/authorized_keys",
"manage_dir": false,
"mode": "0600",
"owner": "mike",
"path": "/home/mike/.ssh/authorized_keys",
"size": 410,
"state": "file",
"uid": 1000,
"unique": false,
"user": "mike"
}
Now that the keys are in place lets try running an arbitrary command like hostname and hope we don't get prompted for a password
$ ansible all -m shell -a "hostname" -u root
Sample outputs:
127.0.0.1 | success | rc=0 >>
Success!!! Now that we can run commands as root and not be bothered by using a password we are in a good place to easily configure any and all hosts in the ansible hosts file. Let's remove the key from /tmp:
$ ansible all -m file -a "dest=/tmp/id_rsa.pub state=absent" -u root
Sample outputs:
127.0.0.1 | success >> {
"changed": true,
"path": "/tmp/id_rsa.pub",
"state": "absent"
}
Next, I'm going to make sure we have a few packages installed and on the latest version and we will move on to something a little more complicated:
$ ansible all -m zypper -a "name=apache2 state=latest" -u root
Sample outputs:
127.0.0.1 | success >> {
"changed": false,
"name": "apache2",
"state": "latest"
}
Alright, the key we placed in /tmp is now absent and we have the latest version of apache installed. This brings me to the next point, something that makes ansible very flexible and gives more power to playbooks, many may have noticed the -m zypper in the previous commands. Now unless you use openSuse or Suse enterpise you may not be familiar with zypper, it is basically the equivalent of yum in the suse world. In all of the examples above I have only had one machine in my hosts file, and while everything but the last command should work on any standard *nix systems with standard ssh configs, this leads to a problem. What if we had multiple machine types that we wanted to manage? Well this is where playbooks, and the configurability of ansible really shines. First lets modify our hosts file a little, here goes:
$ cat ~/ansible_hosts
Sample outputs:
[RHELBased]
10.50.1.33
10.50.1.47
[SUSEBased]
127.0.0.1
First, we create some groups of servers, and give them some meaningful tags. Then we create a playbook that will do different things for the different kinds of servers. You might notice the similarity between the yaml data structures and the command line instructions we ran earlier. Basically the -m is a module, and -a is for module args. In the YAML representation you put the module then :, and finally the args.
---
- hosts: SUSEBased
remote_user: root
tasks:
- zypper: name=apache2 state=latest
- hosts: RHELBased
remote_user: root
tasks:
- yum: name=httpd state=latest
Now that we have a simple playbook, we can run it as follows:
$ ansible-playbook testPlaybook.yaml -f 10
Sample outputs:
PLAY [SUSEBased] **************************************************************
GATHERING FACTS ***************************************************************
ok: [127.0.0.1]
TASK: [zypper name=apache2 state=latest] **************************************
ok: [127.0.0.1]
PLAY [RHELBased] **************************************************************
GATHERING FACTS ***************************************************************
ok: [10.50.1.33]
ok: [10.50.1.47]
TASK: [yum name=httpd state=latest] *******************************************
changed: [10.50.1.33]
changed: [10.50.1.47]
PLAY RECAP ********************************************************************
10.50.1.33 : ok=2 changed=1 unreachable=0 failed=0
10.50.1.47 : ok=2 changed=1 unreachable=0 failed=0
127.0.0.1 : ok=2 changed=0 unreachable=0 failed=0
Now you will notice that you will see output from each machine that ansible contacted. The -f is what lets ansible run on multiple hosts in parallel. Instead of using all, or a name of a host group, on the command line you can put this passwords for the ask-pass prompt into the playbook. While we no longer need the --ask-pass since we have ssh keys setup, it comes in handy when setting up new machines, and even new machines can run from a playbook. To demonstrate this lets convert our earlier key example into a playbook:
---
- hosts: SUSEBased
remote_user: mike
sudo: yes
tasks:
- authorized_key: user=root key="{{ lookup('file', '/home/mike/.ssh/id_rsa.pub') }}" path=/root/.ssh/authorized_keys manage_dir=no
- hosts: RHELBased
remote_user: mdonlon
sudo: yes
tasks:
- authorized_key: user=root key="{{ lookup('file', '/home/mike/.ssh/id_rsa.pub') }}" path=/root/.ssh/authorized_keys manage_dir=no
Now there are plenty of other options here that could be done, for example having the keys dropped during a kickstart, or via some other kind of process involved with bringing up machines on the hosting of your choice, but this can be used in pretty much any situation assuming ssh is setup to accept a password. One thing to think about before writing out too many playbooks, version control can save you a lot of time. Machines need to change over time, you don't need to re-write a playbook every time a machine changes, just update the pertinent bits and commit the changes. Another benefit of this ties into what I said earlier about being able to manage the entire infrastructure from multiple places. You can easily git clone your playbook repo onto a new machine and be completely setup to manage everything in a repetitive manner.
#### Real world ansible example ####
I know a lot of people make great use of services like pastebin, and a lot of companies for obvious reasons setup their own internal instance of something similar. Recently, I came across a newish application called showterm and coincidentally I was asked to setup an internal instance of it for a client. I will spare you the details of this app, but you can google showterm if interested. So for a reasonable real world example I will attempt to setup a showterm server, and configure the needed app on the client to use it. In the process we will need a database server as well. So here goes, lets start with the client configuration.
---
- hosts: showtermClients
remote_user: root
tasks:
- yum: name=rubygems state=latest
- yum: name=ruby-devel state=latest
- yum: name=gcc state=latest
- gem: name=showterm state=latest user_install=no
That was easy, lets move on to the main server:
---
- hosts: showtermServers
remote_user: root
tasks:
- name: ensure packages are installed
yum: name={{item}} state=latest
with_items:
- postgresql
- postgresql-server
- postgresql-devel
- python-psycopg2
- git
- ruby21
- ruby21-passenger
- name: showterm server from github
git: repo=https://github.com/ConradIrwin/showterm.io dest=/root/showterm
- name: Initdb
command: service postgresql initdb
creates=/var/lib/pgsql/data/postgresql.conf
- name: Start PostgreSQL and enable at boot
service: name=postgresql
enabled=yes
state=started
- gem: name=pg state=latest user_install=no
handlers:
- name: restart postgresql
service: name=postgresql state=restarted
- hosts: showtermServers
remote_user: root
sudo: yes
sudo_user: postgres
vars:
dbname: showterm
dbuser: showterm
dbpassword: showtermpassword
tasks:
- name: create db
postgresql_db: name={{dbname}}
- name: create user with ALL priv
postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL
- hosts: showtermServers
remote_user: root
tasks:
- name: database.yml
template: src=database.yml dest=/root/showterm/config/database.yml
- hosts: showtermServers
remote_user: root
tasks:
- name: run bundle install
shell: bundle install
args:
chdir: /root/showterm
- hosts: showtermServers
remote_user: root
tasks:
- name: run rake db tasks
shell: 'bundle exec rake db:create db:migrate db:seed'
args:
chdir: /root/showterm
- hosts: showtermServers
remote_user: root
tasks:
- name: apache config
template: src=showterm.conf dest=/etc/httpd/conf.d/showterm.conf
Not so bad, now keeping in mind that this is a somewhat random and obscure app that we can now install in a consistent fashion on any number of machines, this is where the benefits of configuration management really come to light. Also, in most cases the declarative syntax almost speaks for itself and wiki pages need not go into as much detail, although a wiki page with too much detail is never a bad thing in my opinion.
### Expanding Configuration ###
We have not touched on everything here, Ansible has many options for configuring you setup. You can do things like embedding variables in your hosts file, so that Ansible will interpolate them on the remote nodes, eg.
[RHELBased]
10.50.1.33 http_port=443
10.50.1.47 http_port=80 ansible_ssh_user=mdonlon
[SUSEBased]
127.0.0.1 http_port=443
While this is really handy for quick configurations, you can also layer variables across multiple files in yaml format. In you hosts file path you can make two sub directories named group_vars and host_vars. Any files in those paths that match the name of the group of hosts, or a host name in your hosts file will be interpolated at run time. So the previous example would look like this:
ultrabook:/etc/ansible # pwd
/etc/ansible
ultrabook:/etc/ansible # tree
.
├── group_vars
│ ├── RHELBased
│ └── SUSEBased
├── hosts
└── host_vars
├── 10.50.1.33
└── 10.50.1.47
----------
2 directories, 5 files
ultrabook:/etc/ansible # cat hosts
[RHELBased]
10.50.1.33
10.50.1.47
----------
[SUSEBased]
127.0.0.1
ultrabook:/etc/ansible # cat group_vars/RHELBased
ultrabook:/etc/ansible # cat group_vars/SUSEBased
---
http_port: 443
ultrabook:/etc/ansible # cat host_vars/10.50.1.33
---
http_port: 443
ultrabook:/etc/ansible # cat host_vars/10.50.1.47
---
http_port:80
ansible_ssh_user: mdonlon
### Refining Playbooks ###
There are many ways to organize playbooks as well. In the previous examples we used a single file, and everything is really simplified. One way of organizing things that is commonly used is creating roles. Basically you load a main file as your playbook, and that then imports all the data from the extra files, the extra files are organized as roles. For example if you have a wordpress site, you need a web head, and a database. The web head will have a web server, the app code, and any needed modules. The database is sometimes ran on the same host and some times ran on remote hosts, and this is where roles really shine. You make a directory, and small playbook for each role. In this case we can have an apache role, mysql role, wordpress role, mod_php, and php roles. The big advantage to this is that not every role has to be applied on one server, in this case mysql could be applied to a separate machine. This also allows for code re-use, for example you apache role could be used with python apps and php apps alike. Demonstrating this is a little beyond the scope of this article, and there are many different ways of doing thing, I would recommend searching for ansible playbook examples. There are many people contributing code on github, and I am sure various other sites.
### Modules ###
All of the work being done behind the scenes in ansible is driven by modules. Ansible has an excellent library of built in modules that do things like package installation, transferring files, and everything we have done in this article. But for some people this will not be suitable for their setup, ansible has a means of adding your own modules. One great thing about the API provided by Ansible is that you are not restricted to the language it was written in, Python, you can use any language really. Ansible modules work by passing around JSON data structures, so as long as you can build a JSON data structure in your language of choice, which I am pretty sure any scripting language can do, you can begin coding something right away. There is much documentation on the Ansible site, about how the module interface works, and many examples of modules on github as well. Keep in mind that some obscure languages may not have great support, but that would only be because not enough people are contributing code in that language, try it out and publish your results somewhere!
### Conclusion ###
In conclusion, there are many systems around for configuration management, I hope this article shows the ease of setup for ansible which I believe is one of its strongest points. Please keep in mind that I was trying to show a lot of different ways to do things, and not everything above may be considered best practice in your private infrastructure, or the coding world abroad. Here are some more links to take you knowledge of ansible to the next level:
- [Ansible project][7] home page.
- [Ansible project documentation][8].
- [Multistage environments with Ansible][9].
--------------------------------------------------------------------------------
via: http://www.cyberciti.biz/python-tutorials/linux-tutorial-install-ansible-configuration-management-and-it-automation-tool/
作者:[Nix Craft][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.cyberciti.biz/tips/about-us
[1]:http://www.cyberciti.biz/faq/fedora-sl-centos-redhat6-enable-epel-repo/
[2]:http://www.cyberciti.biz/faq/rhel-centos-fedora-linux-yum-command-howto/
[3]:http://www.cyberciti.biz/tips/linux-debian-package-management-cheat-sheet.html
[4]:http://www.cyberciti.biz/faq/debian-ubuntu-centos-rhel-linux-install-pipclient/
[5]:http://www.cyberciti.biz/faq/noninteractive-shell-script-ssh-password-provider/
[6]:http://www.cyberciti.biz/faq/noninteractive-shell-script-ssh-password-provider/
[7]:http://www.ansible.com/
[8]:http://docs.ansible.com/
[9]:http://rosstuck.com/multistage-environments-with-ansible/

30
translated/tech/20140711 How to Install Lightweight Budgie Desktop in Ubuntu 14.04.md
View File

@ -1,16 +1,17 @@
怎样在ubuntu 14.04上安装轻量级的Budgie桌面
================================================================================
**如果你在推特上关注了我们,你可能看见了我们最近分享的一张截图,和这张截图一起的还有对它所展示的桌面进行命名的邀请。 **
你猜对了吗? 答案就是budgie —— 一种为基于openSUSE 的linux发行版Evolve OS所设计但不仅仅只能用于 Evolve OS的简易桌面环境。
**如果你在推特上关注了我们,你可能看见了我们最近分享的一张截图,和这张截图一起的还有对它所展示的桌面进行命名的邀请。**
你猜对了吗? 答案就是[Budgie][1] —— 一种为基于openSUSE 的linux发行版Evolve OS所设计、但不仅仅只能用于 Evolve OS的简易桌面环境。
![](http://www.omgubuntu.co.uk/wp-content/uploads/2014/07/BsCvTxJIcAAPjUR.png-large.png)
我们第一次描写Budgie是在三月份当时我们被它的整洁小巧的美感灵活的架构还有重复使用在当今大多数发行版中所使用的GNOME 3.10 成熟技术中的公共部分和标堆栈的决定所折服。
我们第一次提到Budgie是在三月份当时我们被它的整洁、小巧的美感、灵活的架构还有再次使用在当今大多数发行版中所使用的GNOME 3.10 成熟技术中的公共部分和标堆栈的决定所折服。
我对此项目的领导者LKey Doherty所作出的开发选择非常佩服。无可否认另起炉灶有它的优点但决定从上游的项目获取帮助将可以整个项目进展得更快无论是在发展方面更轻的技术负担还是在用户可使用方面更容易在其它发行版上运行
我对此项目的领导者Ikey Doherty所作出的开发选择非常佩服。无可否认另起炉灶有它的优点但决定从上游的项目获取帮助将可以整个项目进展得更快无论是在发展方面更轻的技术负担还是在用户可使用方面更容易在其它发行版上运行
政治因素选择除外这款桌面以干净小巧向谷歌Chrome OS的Ash桌面表示敬意。如果你不介意有些许粗糙的边缘那它值得你玩玩。那么怎样在Ubuntu安装Budgie呢
除了政治因素选择以外这款桌面干净、小巧向谷歌Chrome OS的Ash桌面致敬。如果你不介意有些许粗糙的边缘那它值得你玩玩。那么怎样在Ubuntu安装Budgie呢
###非官方的PPA是不正式的 ###
@ -18,37 +19,38 @@
但如果你很懒想不费周折就在Ubuntu 14.04 LTS或者一个基于它的发行版运行Budgie那么你可以通过比较容易的途径来实现。
添加一个非官方的Unofficial PPA刷新你的软件源然后进行安装。几分钟后在这个家庭中你将有一位名叫Bob的新叔叔并且有一个新的桌面可以玩耍。
只要添加一个**非官方的PPA**,刷新你的软件源然后进行安装。几分钟后在这个家庭中你将有一位[名叫Bob][2]的新叔叔,并且有一个新的桌面可以玩耍。
###添加Budgie PPA ###
将以下命令复制进一个打开的终端窗口,在提示过后输入你的密码(如果需要的话)
将以下命令复制进一个打开的终端窗口,在提示过后输入你的密码(如果需要的话):
sudo add-apt-repository ppa:sukso96100/budgie-desktop
sudo apt-get update && sudo apt-get install budgie-desktop
### 登入Budgie会话 ###
安装完成后你就可以在Unity欢迎界面的会话选择器中选择Budgie会话了。(别忘了以后要把选择项改回到稳定的桌面环境)
安装完成后你就可以在Unity欢迎界面的会话选择器中选择“Budgie”了。(别忘了以后要把选择项改回到稳定的桌面环境)
### 注意 ###
**budgie是不稳定不完善的它在Ubuntu上也没有被正式支持。它正在积极开发中缺少一些特性包括(但不仅仅只有这些):不支持网络管理,没有音量控制小程序(键盘工作良好),没有通知系统,无法将应用程序“固定”在任务栏。**
**budgie是不稳定、不完善的并且它在Ubuntu上也没有被正式支持。**它正在积极开发中,功能还仍然有些缺失,包括但不仅限于:不支持网络管理,没有音量控制小程序(键盘按键工作良好),没有通知系统,无法将应用程序“固定”在任务栏。
它对UBUNTU的叠加滚动条一些GTK主题的支持也不是很好而且在使用upstart的发行版例如ubuntu即使它正在改变之中中会话管理器例如注销重启等等将无法工作。
它对UBUNTU的叠加滚动条一些GTK主题的支持也不是很好而且在使用upstart的发行版例如ubuntu[即使它正在改变之中][3])中会话管理器(例如,注销,重启等等)将无法工作。
一个应变方法是:禁用叠加滚动条,设置一个默认主题,通过在终端中使用以下命名来退出会话
一个应变方法是:禁用叠加滚动条,设置一个默认主题,通过在终端中使用以下命名来退出会话
gnome-session-quit
想着脑海中所有的这些警告,我建议想使用稳定的,可靠的系统的人现在暂时不要使用它。
脑海中有了上述这些警告后,我得建议那些自己的理智倾向于使用稳定、可靠的系统的人现在暂时不要使用它。
**而剩下那些狂热的业余爱好者们呢好吧请在下面留言告诉我们你觉得它如何。我给Bob让路。**
而作为狂热一族的业余体验呢请在下面评论让我们了解你的想法。我将退出而让Bob来接手。
--------------------------------------------------------------------------------
via: http://www.omgubuntu.co.uk/2014/07/install-budgie-evolve-os-desktop-ubuntu-14-04
译者:[Love-xuan](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
译者:[Love-xuan](https://github.com/Love-xuan) 校对:[reinoir](https://github.com/reinoi)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

6
translated/tech/20140714 Linux slabtop command--Display Kernel Slab Cache Information.md
View File

@ -1,7 +1,7 @@
Linux slabtop命令——显示内核片缓存信息
================================================================================
Linux内核需要为临时对象如任务或者设备结构和节点分配内存缓存分配器管理着这些对象类型的缓存。现代Linux内核部署了该缓存分配器以持有缓存称之为片。不同类型的片缓存由片分配器维护。本文集中讨论slabtop命令该命令显示了实时内核片缓存信息。
Linux内核需要为临时对象如任务或者设备结构和节点分配内存缓存分配器管理着这些类型对象的缓存。现代Linux内核部署了该缓存分配器以持有缓存称之为片。不同类型的片缓存由片分配器维护。本文集中讨论slabtop命令该命令显示了实时内核片缓存信息。
### 1. 命令用法: ###
@ -12,7 +12,7 @@ Linux内核需要为临时对象如任务或者设备结构和节点分配内存
你可以在前面设置“sudo”来运行该命令默认输出见下图
![Slabtop default output](http://linoxide.com/wp-content/uploads/2014/07/002.slabtop_output.png)
要退出slabtop只需敲q就像在top命令中那样。
### 2. Slabtop选项 ###
@ -31,7 +31,7 @@ Linux内核需要为临时对象如任务或者设备结构和节点分配内存
#### 2.3 输出一次: ####
-o或--once选项不会刷新输出它仅仅将一次输出结果丢给STDOUT然后退出。
-o或--once选项不会刷新输出它仅仅将一次输出结果丢给STDOUT然后退出。
![Output once and exit](http://linoxide.com/wp-content/uploads/2014/07/005.slabtop_output_once.png)

14
translated/tech/20140716 Linux FAQs with Answers--How to define PATH environment variable for sudo commands.md
View File

@ -1,23 +1,23 @@
Linux 常见问题(有答案的哦)-- 如何为sudo命令定义PATH环境变量
Linux有问必答——如何为sudo命令定义PATH环境变量
================================================================================
>**问题**:我安装了一个程序到/usr/local/bin目录下这个程序需要root权限才能执行当我用sudo去执行它时收到"sudo: XXXXX: command not found"的错误提示,不知道为什么/usr/local/bin没有被包含到PATH环境变量下面来我该如何解决这个问题
当你使用sudo去执行一个程序时处于安全的考虑这个程序将在一个新的、最小化的环境中执行也就是说诸如PATH这样的环境变量在sudo命令下已经被重置成默认状态了。
所以当一个刚初始化的PATH变量中不包含你所要运行的程序所在的目录你就会得到"command not found"的错误提示。
当你使用sudo去执行一个程序时处于安全的考虑这个程序将在一个新的、最小化的环境中执行也就是说诸如PATH这样的环境变量在sudo命令下已经被重置成默认状态了。所以当一个刚初始化的PATH变量中不包含你所要运行的程序所在的目录用sudo去执行你就会得到"command not found"的错误提示。
为了改变PATH在sudo会话中的初始值打开/etc/sudoers文件并编辑找到"secure_path"一行,"secure_path"中包含的路径就将在sudo会话中的PATH变量中生效。
要想改变PATH在sudo会话中的初始值用文本编辑器打开/etc/sudoers文件找到"secure_path"一行当你执行sudo 命令时,"secure_path"中包含的路径将被当做默认PATH变量使用。
添加所需要的路径(如 /usr/local/bin到"secure_path"下,在开篇所遇见的问题就将迎刃而解。
添加所需要的路径(如 /usr/local/bin到"secure_path"下,在开篇所遇见的问题就将迎刃而解。
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
这个修改会即刻生效。
--------------------------------------------------------------------------------
via: http://ask.xmodulo.com/define-path-environment-variable-sudo-commands.html
译者:[nd0104](https://github.com/nd0104) 校对:[校对者ID](https://github.com/校对者ID)
译者:[nd0104](https://github.com/nd0104) 校对:[Caroline](https://github.com/carolinewuyan)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

197
translated/tech/20140808 How to install Puppet server and client on CentOS and RHEL.md Normal file
View File

@ -0,0 +1,197 @@
在 CentOS 和 RHEL 上安装 Puppet 服务器和客户端
================================================================================
当手中有相当多的机器需要管理的时候自动化处理冗余又无聊的任务对系统管理员来说就很重要了。很多管理员习惯了自己写脚本模拟复杂软件之间的调度。不幸的是脚本会过时脚本的作者会离职如果不花费巨大精力来维护这些脚本的话它们早晚会一点儿用也没有。如果能有一个系统任何人都可以使用、安装工具不论其受雇于何人那真是太期待了。目前已有几种系统可以解决这类需求这篇教程将介绍其中之一——Puppet——的使用方法。
### Puppet 是什么? ###
Puppet 是一款为 IT 系统管理员和顾问设计的自动化软件你可以用它自动化地完成诸如安装应用程序和服务、补丁管理和部署等工作。所有资源的相关配置都以“manifests”的方式保存单台机器或者多台机器都可以使用。如果你想了解更多内容Puppet 实验室的网站上有关于 [Puppet 及其工作原理][1]的更详细的介绍。
### 本教程要做些什么? ###
在这篇教程里,我们将一起安装配置一个 Puppet 服务器,然后在我们的客户端服务器(译注:这里的“客户端服务器”指需要部署业务逻辑的服务器)上完成一些基本配置。
### 准备工作 ###
由于 Puppet 不是 CentOS 或 RHEL 发行版的基本仓库,所以我们得手动添加 Puppet 实验室提供的自定义仓库。在所有你想使用 Puppet 的地方执行以下命令安装这个仓库(版本不同,对应的 RPM 文件名可能略有不同)。
**对于 CentOS/RHEL 6.5:**
# rpm -ivh https://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-10.noarch.rpm
**对于 CentOS/RHEL 7:**
# rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-10.noarch.rpm
### 安装服务器端 ###
在你打算用作 master 的服务器上安装 "puppet-server" 包。
# yum install puppet-server
安装完成后,设置 Puppet 服务器开机自动启动,然后启动它。
# chkconfig puppetmaster on
# service puppetmaster start
现在服务器已经运行起来了,我们试试看我们的网络能不能访问到它。
对于使用 iptables 当做防火墙的 CentOS/RHEL 6`/etc/sysconfig/iptables` 文件的 `OUTPUT ACCEPT` 小节里添加下面这一行。
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 8140 -j ACCEPT
重新启动 iptables 服务让刚才的修改生效。
# service iptables restart
在安装了防火墙的 CentOS/RHEL 7 上,我们这么做:
# firewall-cmd --permanent --zone=public --add-port=8140/tcp
# firewall-cmd --reload
### 安装客户端 ###
执行下面的命令,在客户端节点安装 Puppet 客户端。
# yum install puppet
安装完成后,确保 Puppet 会随开机自动启动。
# chkconfig puppet on
Puppet 客户端需要知道 Puppet master 服务器的地址。最佳方案是使用 DNS 服务器解析 Puppet master 服务器地址。如果你没有 DNS 服务器,在 `/etc/hosts` 里添加下面这几行也可以:
> 1.2.3.4 server.your.domain
> 2.3.4.5 client-node.your.domain
1.2.3.4 对应你的 Puppet master 服务器 IP 地址“server.your.domain”是你的 master 服务器域名(默认通常是服务器的 hostname“client-node.your.domain”是你的客户端节点。包括 Puppet master 和客户端,所有相关的服务器都要在 hosts 文件里配置。
完成这些设置之后,我们要让 Puppet 客户端知道它的 master 是谁。默认情况下Puppet 会查找名为“puppet”的服务器但通常这并不符合你网络环境的真实情况所以我们要改成 Pupper master 服务器的完整域名。打开文件 `/etc/sysconfig/puppet`,把 `PUPPET_SERVER` 变量的值改成你在 `/etc/hosts` 文件里指定的 Puppet master 服务器的域名。
> PUPPET_SERVER=server.your.domain
master 服务器名也要在 `/etc/puppet/puppet.conf` 文件的“[agent]”小节里事先定义好。
> server=server.your.domain
现在可以启动 Puppet 客户端了:
# service puppet start
强制我们的客户端在 Puppet master 服务器上登记:
# puppet agent --test
你会看到类似于下面的输出。别怕,这是正常现象,因为服务器还没有在 Puppet master 服务器上验证过。
> Exiting; no certificate found and waitforcert is disabled
返回 Puppet master 服务器,检查证书验证请求:
# puppet cert list
你应该能看到一个列出了所有向 Puppet master 服务器发起证书签名请求的服务器。找到你客户端服务器的 hostname 然后使用下面的命令签名client-node 是你客户端节点的域名):
# puppet cert sign client-node
到此为止 Puppet 客户端和服务器都正常工作了。恭喜你!但是,现在 Puppet master 没有任何要客户端做的事儿。好吧,我们来创建一些基本的 manifest 文件然后让我们的客户端节点安装一些基本工具。
回到你的 Puppet 服务器,确保目录 `/etc/puppet/manifests` 存在。
# mkdir -p /etc/puppet/manifests
创建 manifest 文件 `/etc/puppet/manifests/site.pp`,内容如下
node 'client-node' {
include custom_utils
}
class custom_utils {
package { ["nmap","telnet","vim-enhanced","traceroute"]:
ensure => latest,
allow_virtual => false,
}
}
然后重新启动 puppetmaster 服务。
# service puppetmaster restart
客户端默认每 30 分钟更新一次配置,如果你希望你的修改能强制生效,就在客户端执行如下命令:
# puppet agent -t
如果你需要修改客户端的默认刷新时间,编辑客户端节点的 `/etc/puppet/puppet.conf` 文件中“[agent]”小节,增加下面这一行:
> runinterval = <yourtime>
这个选项的值可以是秒(格式比如 30 或者 30s分钟30m小时6h2d以及年5y。值得注意的是0 意味着“立即执行”而不是“从不执行”。
### 提示和技巧 ###
#### 1. 调试 ####
你免不了会提交错误的配置,然后不得不通过调试判断问题出现在哪儿。一般来说,你要么通过查看日志文件 `/var/log/puppet` 着手解决问题,要么手动执行查看输出:
# puppet agent -t
使用“-t”选项你可以看到 Puppet 的详细输出。这条命令还有额外的选项可以帮你定位问题。首先要介绍的选项是:
# puppet agent -t --debug
Debug 选项会显示 Puppet 本次运行时的差不多每一个步骤,这在调试非常复杂的问题时很有用。另一个很有用的选项是:
# puppet agent -t --noop
这个选项让 puppet 工作在 dry-run译注空转模式不会对真实环境产生影响模式下不会应用任何修改。Puppet 只会把其工作内容输出到屏幕上,不会写到磁盘里去。
#### 2. 模块 ####
有时候你需要更复杂的 manifest 文件,在你着手编写它们之前,你有必要花点儿时间浏览一下 [https://forge.puppetlabs.com][2]。Forge 是一个集合了 Puppet 模块的社区,你的问题很可能已经有人解答过了,你能在那儿找到解决问题的模块。如果找不到,那就自己写一个然后提交上去,其他人也能从中获益。
现在,假设你已经找到了一个模块能解决你的问题。怎么把它安装到你的系统中去呢?非常简单,因为 Puppet 已经有了可以直接下载模块的用户界面,只需要执行下面的命令:
# puppet module install <module_name> --version 0.0.0
<module_name> 是你选择的模块的名字,版本号可选(如果没有指定版本号,默认使用最新的版本)。如果你不记得想安装的模块的名字了,试试下面的命令搜索模块:
# puppet module search <search_string>
你会得到一个包含 search_string 的列表。
# puppet module search apache
----------
Notice: Searching https://forgeapi.puppetlabs.com ...
NAME DESCRIPTION AUTHOR KEYWORDS
example42-apache Puppet module for apache @example42 example42, apache
puppetlabs-apache Puppet module for Apache @puppetlabs apache web httpd centos rhel ssl wsgi proxy
theforeman-apache Apache HTTP server configuration @theforeman foreman apache httpd DEPRECATED
如果你想查看已经安装了哪些模块,键入:
# puppet module list
### 总结 ###
到目前为止,你应该有了功能完整的可以向一个或多个客户端服务器推送基本配置的 Puppet master 服务器。你可以自己随便加点儿配置适配你自己的网络环境。不必为试用 Puppet 担心,你会发现,它会拯救你的生活。
Puppet 实验室正在试着维护一个质量上乘的项目文档,所以如果你想学点儿关于 Puppet 相关的配置,我强烈推荐你访问 Puppet 项目的主页 [http://docs.puppetlabs.com][3]。
如果你有任何问题,敬请在文章下方评论,我会尽我所能回答你并给你建议。
--------------------------------------------------------------------------------
via: http://xmodulo.com/2014/08/install-puppet-server-client-centos-rhel.html
作者:[Jaroslav Štěpánek][a]
译者:[sailing](https://github.com/sailing)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/jaroslav
[1]:https://puppetlabs.com/puppet/what-is-puppet/
[2]:https://forge.puppetlabs.com/
[3]:http://docs.puppetlabs.com/