Blog Archives

GLPI 9.1.2 fix inline images KB

First make the stored images visible in the GLPI output

In %glpiroot%/lib/htmlawed/htmlawed.php add ‘; src: data’ in line 47

output

If there where any previous inline images stored, these should now be visible in the KB. If you have images stored, but they still do not turn up, you might need to replace the ‘denied’ string stored in the glpi database. Use the SQL below to achieve this.

update glpi_knowbaseitems set answer = REPLACE(answer, 'denied:', '');
Second make inserting inline HTML images possible (within the WYSIWYG)
In %glpiroot%/inc/html.class.php file on rule 3917 add the paste plugin by adding the paste plugin and adding the paste option to the editor. Review and alter your code to reflect the snippet below:
$js = "tinyMCE.init({
language: '$language',
browser_spellcheck: true,
mode: 'exact',
elements: '$name',
relative_urls: false,
remove_script_host: false,
entity_encoding: 'raw',
menubar: false,
statusbar: false,
skin: 'light',
plugins: [
'table directionality searchreplace paste',
'tabfocus autoresize link image',
'code fullscreen textcolor colorpicker',
'paste'
],
toolbar: 'styleselect | bold italic | forecolor backcolor | bullist numlist outdent indent | table link image | code fullscreen | paste',
paste_data_images: true,
});
";
After this you should again be able to past inline HTML images into GLPI KB articles.
TIP: Use the open source Greenshot screenshot tool that supports pasting inline HTML natively.

Oracle Enterprise Linux 6.x networking

Lately I got many questions regarding the network configuration of Oracle Enterprise Linux 6 (Red Hat Enterprise Linux 6).
Enough to write a little article about it.

It seems that some of the network configuration was altered in OEL6. The reason as far as I know is the implementation of the NetworkManager daemon. I don’t know why they are using CamelCase for the daemon name, but mind that. Even though the NetworkManager should make the configuration as painless as possible (at least thats what the manual page said), it seems to actually make the configuration more of a pain for some.

Below I will cover some topics in an effort to get you going and remove the pain ūüôā

Configuring eth0 for manual operation

  • Step 1: disable the NetworkManager daemon
    service NetworkManager stop
  • Step 2: remove the NetworkManager from Init (start-up)
    chkconfig --level 2345 NetworkManager off
  • Step 3: open the ifcfg-eth0 config file (alter the suffix ‘eth0’ to match the adapter of your choice)
    vi /etc/sysconfig/network-scripts/ifcfg-eth0
  • Step 4: Alter the following to match your environment…
    DEVICE=eth0
    TYPE=Ethernet
    HWADDR={Your MAC address here}
    ONBOOT=yes
    NM_CONTROLLED=no
    BOOTPROTO=static
    IPADDR=192.168.1.10
    #PREFIX=24    [can be used alternativly to NETMASK=]
    NETMASK=255.255.255.0
    NETWORK=192.168.1.0
    BROADCAST=192.168.1.255
    GATEWAY=192.168.1.1
    
  • Step 5: Write/close the configuration file¬†(:wq in vi)
  • Step 6: Restart the network service
    service network restart
  • TIP 0: Obviously match the configuration above to match your home network.
  • TIP 1: NetworkManager is not always present in which case you can obviously skip step 1 – 2.
  • TIP 2: There are reports that NETMASK=xxx.xxx.xxx.xxx is actually more stable then PREFIX=xx notation.
    My advice, use NETMASK= which is also better understood by non networking guys.
  • TIP 3: Not sure about the correct NETWORK, NETMASK, BROADCAST or PREFIX¬†settings, give ipcalc a try:
    ipcalc --netmask {IPADDR}
    ipcalc --prefix {IPADDR} {NETMASK}
    ipcalc --broadcast {IPADDR} {NETMASK}
    ipcalc --network {IPADDR} {NETMASK}
    

Configuring DNS

DNS always seems to be a bugger and a hard one to understand. Do note that DNS is JUST A IP PHONEBOOK. Nothing fancy there. Also there are various ways of configuring DNS. One way is by adding the DNS configuration in the ifcfg-suffix configuration file with the DNS1=ip.ip.ip.ip DNS2=ip.ip.ip.ip keywords.¬†As an¬†effect, the networking service will update the appropriate¬†configuration files.¬†To¬†be frank,¬†I find this to be confusing and do not like duplicate configurations everywhere in my -has to be clean- environment. My advice is to configure the DNS is the appropriate files directly like this…

  • Step 1: Edit¬†the¬†resolve.conf where DNS is configured.
    vi /etc/resolv.conf
  • Step 2: Add or Alter the following to match your environment
    search mydomain.home
    nameserver 192.168.1.1
    nameserver 8.8.8.8
    
  • Step 3: Test to see if name resolution works
    nslookup
    set debug
    www.google.com
    
  • TIP 1: Linux actually tries to find the ip in the /etc/hosts file first. If you know the hostnamename and FQDN to an certain IP and it can be classified as static. Consider using the hostsfile instead of a centralized DNS. This will boost performance if the name is resolved often. If multiple systems use and depend on a machine reference, use centralized DNS in order to lighten the administrative tasks.
    vi /etc/hosts
  • TIP 2: Experiencing slow log on times or slow application performance? A faulty DNS configuration might just be the¬†cause. A quick way to test this is by¬†temp. disabling DNS all together. This can be done by editing the /etc/nsswitch.conf file.
    vi /etc/nsswitch.conf
    • alter the line
      hosts:     files dns
    • to the line
      hosts: files
    • write the file and test if the performance has improved.
  • The reason for this is that DNS is often used to register user logon or session information based on the visitors IP address. Examples are the ssh daemon, ftp servers, webservers, linux logon, etc.

STATIC ROUTES

In some case you want linux to use alternative routes to access certain Linux resources. The way to go in these cases are creating routes. In most cases you want these to be presistant in which case ‘route add –‘ wont suffice. In our example we will create two new routes. On describing a route to a specific host, the other describing the route to a specific network. Alter the example to match your needs.

  • STEP 1: Create a new file called static-routes in the¬†/etc/sysconfig/ directory
    vi /etc/sysconfig/static-routes
  • STEP 2: Add the following, obviously matching your specific needs
    any net 192.168.2.0/24 gw 192.168.1.254 metric 1
    any host 192.168.2.254 gw 192.168.1.254 metric 1
  • STEP 3: Restart the network service
    service network restart
  • TIP 1: SIOCADDRT: No such process means the designated gateway doesnt exsist on any known interface. (typo?)
  • TIP 2: view the route information usint the route command
  • TIP 3: use the ipcalc –prefix {IPADDR} {NETMASK} command to determin the right /prefix for your environment.
  • TIP 4: In older environments the ifup-routes is used, this shscript still exsists in the /etc/sysconfig/network-scripts/ifup-routes

Locate my mac address

The ifcfg-eth# config allows you to configure the specific mac address to guarantee the IP is bound to the right adapter. In virtualized environments this might save you a lot of trouble in the situation where the virtualized domain is altered. On the other hand it might cause trouble when the staticly configured MAC is migrated in virtual environments. Either case, you might want to know the MAC linux sees belonging to an certain adapter. You can find the MAC address in the following location:

 cat /sys/class/net/eth0/address

Obviously you need to alter eth0 in the path to match the adapter you are looking for. Not sure? The change directory to /sys/class/net and perform a list to see all discovered and registered adapters.

IPTables (Linux firewall)

By default IPtables (which is the linux firewall) is enabled. You can view the running configuration by checking the service status like this.

 service iptables status

You can simply turn the firewall off by modifying and applying steps 1-2 of the first configuring eth0 instruction. This will reduce the security of your linux platform significantly. My advice, add the ports you need for your services and let IPtables protect you. The easiest way is by simply editing the iptables configuration file.

 vi /etc/sysconfig/iptables 

Adding a port is as easy as copy/pasting the always present firewall rule that allowes port 22 (ssh). Copy past it and alter the -p (protocol) -dport (destination port) to match your needs. For example, allowing HTTP/HTTPS.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

afterward restart iptables

service iptables restart

TIP: If you are experimenting with IPv6 (then your Instant COOL!), mind that the ipv6 firewall is called ip6tables and the configuration is called the same. The basic iptables doesnt handle ipv6 at all.

TIP: If you are using ipv6 code your IPv4 ip to ease administration. Example:

ipv4: 192.168.10.1/32
ipv6: 2001::0192:0168:0010:0001/64
Then route on the nibble of choice.

Additional questions?

Just post it below and maybe ill respond in due time ūüôā

Extract all content to disk from a SPS2007 content DB using PHP

Today I ran into a problem. We needed to migrate a huge amount of data from an old SharePoint 2007 content database without the availability of the MOSS front-end. All i had was the database and a corrupted sharepoint install that wasnt going to help me allot.

To overcome this problem I decided to write a little PHP application that would do this task for me. I allready had WAMP setup on my desktop, so i figured this to be the quickest route. Then i figured, maybe other people face this problem as well. So here it is, the code, and some helpers to get you going.


<?php
/**
* @name           : index.php - MSSql Content connector
* @Author        : Chris Gralike
* @version        :
* @copyright ¬†¬† ¬†: WETFYWTDWI - what ever ** you want to do with it, no guarantees ūüôā
*¬† This script ONLY READS the database tables, so dont give it more permissions ūüôā
*/

// What to search for in the directory structure.
$search = '';
// Where too put the files
$createdir = './Downloaded';
// What server too connect to.
$ServerName = 'amisnt05.amis.local';
// Database connection parameters.
$connectionInfo = array('Database' => 'MOSS_PROD_WSS_Content_WebApp02',
'UID' => 'php_login',
'PWD' => 'welcome12345678');
// This can be a very long task to complete, so disable the timelimit.
set_time_limit(0);
// Create a connection
$conn = sqlsrv_connect($ServerName, $connectionInfo)
or die( print_r( sqlsrv_errors(), true));

// The SQL statment to query the AllDocs tables.
$tsql = "SELECT dbo.AllDocs.Id,
dbo.AllDocs.SetupPath,
dbo.AllDocs.LeafName,
dbo.AllDocs.DirName,
dbo.AllDocs.SetupPath,
dbo.AllDocs.Extension,
dbo.AllDocs.ExtensionForFile,
dbo.AllDocStreams.Id as StreamId,
dbo.AllDocStreams.Content
FROM dbo.AllDocs
RIGHT OUTER JOIN dbo.AllDocStreams ON dbo.AllDocs.Id = dbo.AllDocStreams.Id
WHERE AllDocs.DirName LIKE '%{$search}%'
AND AllDocs.SetupPath IS NULL
AND AllDocs.Extension != ''
";
// The result set
$result = sqlsrv_query($conn, $tsql);

// Process the results
while($row = sqlsrv_fetch_array($result,  SQLSRV_FETCH_ASSOC)){
// When create is true, then it will create the folders in
// in the foreach
$create = false;
$dirptr = $createdir;

// Find the folders and recreate them starting from the searchstring.
$folders = explode('/', $row['DirName']);
foreach ($folders as $val){
if($val == $search || $create == true || empty($search)){
$create = true;
$dirptr .= '/'.$val;
if(!is_dir($dirptr)){
mkdir($dirptr);
echo "INFO: created $dirptr <br/>";
}else{
echo "WARN: skipping $dirptr allready exists. <br />";
}
}
}

// Recreate the file
$filepath = $dirptr.'/'.$row['LeafName'];
if(!is_file($filepath)){
touch($filepath);
}
if($fp = fopen($filepath,'w')){
fwrite($fp, $row['Content']);
echo "INFO: file {$row['LeafName']} written. <br />";
}else{
echo "ERROR: file {$row['LeafName']} could not be written in $filepath. <br />";
}
fclose($fp);
}
// Close the database connection.
sqlsrv_close($conn);
?>

Simply configure the first vars in the script and run the file. It might take a huge while before you get some output.

TIP: Use the $search to narrow down the query a bit.
It searches the DirName (I.e. Site\DocLib\Folder\SubFolder\)

The output will look like this.

INFO: created ./Downloaded/SearchCenter
INFO: created ./Downloaded/SearchCenter/Pages
INFO: file facetedsearch.aspx written.
WARN: skipping ./Downloaded/SearchCenter allready exists.
WARN: skipping ./Downloaded/SearchCenter/Pages allready exists.
INFO: file resultskeyword.aspx written.

ANY THOUGHTS, OR NEED SOME HELP?
Then please leave a comment ūüôā

WARNING!: YOU NEED THE Microsoft MSSQL DRIVER FOR PHP, not the old php equivalent.
here are some tips on where to get it. My version was php 5.3.8

First off, mssql isnt supported out of the box anymore. when using PHP 5.2 and up, you need to get the Microsoft for PHP driver. Check this site for more information : http://sqlsrvphp.codeplex.com/

Its a bit of an hassle ill give you that.
Challenge: I needed 1.5hours to find the correct Lib,Install,Coding info and get it working.

Basically it requires you to download the native client, the drivers and an correct update of the php.ini your wamp instance is using.

Tip: Use <?php phpinfo() ?> to find the right version for your PHP compilation.
Search for : PHP Extension Build : API20090626,TS,VC9

DIFFERENT SHAREPOINT VERSION?!

Be sure to verify the SQL query inside the $tsql=” var and alter it accordingly. The other part should be pretty straight forward.

Shared : Always redirect to root script.

This script is intended to redirect people back to the root application when manually browsing to hidden application folders. i.e.
/inc/ should never show an index, so we install an index.html / index.php. This script will redirect people back to ./ no matter what the path.

&lt;?php
// No matter where you are, always redirect back to root
$r = '';
$d = (count(explode('/', dirname($_SERVER['SCRIPT_NAME']))) -1);
for($l = 1; $l &lt;= $d; $l++){$r .= '../';}
header('location:'.$r);
?&gt;

Windows update error?!?

Hi guys,

Uptill reacently we start getting messages in our client system logs stating something like;
The Automatic Updates service terminated with the following error: The class is configured to run as a security id different from the caller. 

To be honost, we tried different aproaches and researched different angles on this issue. Found articles about BITS and other security stuff, but none realy helped. The following is true in our envirnoment.

1. We dont use WSUS.
2. We have a Native 2003 Domain
3. We use Windows XP servicepack 2
4. We do use network policies but for some illusive buisness requirements we dont enforce updates (developers…. )

Here are some things that where true on the issue.
1. We couldnt start or stop the windows update service (wuauserv.dll / wuaueng.dll) and got an access denied message.
2. We couldnt register the various dlls into windows.
3. We couldnt rewrite the BITS entries also getting an access denied message.
4. We couldnt enable “interactive” mode in the security>logon tab of the service getting… Yea an access denied message.

“Update on this Issue”

The problem was somewhat illusive to us, but we found the problem! ūüôā

 The behaviour as described above is caused when a network policy is used to enforce the service configuration (Windows Update Service) itself.

In the Machine portion of a GPO you can browse down to : Computer Configuration >Windows Settings > Security > System Services. Here you can configure various aspects of the winows services, like force the messanger service to be disabled. In our case the Windows Update Service was¬†forced to be Automatic and with thus (check the permisssions button) the rights on that service…

Just remove the policy from the Windows Update service service and control the update service using the aprop. policies found under : Computer Configuration > Administrative templates > Windows Components > Windows Update instead.

This should fix the Id¬†is other then caller issue¬†ūüėČ

Just use the “gpupdate /force” command on the clients that realy need some updates,¬†and or wait till the next logon, or 90¬†Minutes (default gpo refresh time)…

Gl & Rgrds, Chris