RHEL – Arsenick Blog

Use multiple monitor and full screen with Citrix receiver on Linux

Hi, here’s a quick post with the instruction I used to fix this. My employer give access to different ressources via Citrix. One of them was starting full screen and using my 3 monitor. The other one was starting in a windows 1024×768 ..

I assume you already have installed citrix reciever ( located in /opt/Citrix/ICAClient/ ) and everything is already working.. So here’s how I fixed the multiple monitor thing.

Create a new script:

$ sudo vim /opt/Citrix/ICAClient/xdg-open-wfica.sh

Put this content in it:

#!/bin/sh
FILEA=$1 ; sed -i 's/DesiredVRES.*/DesiredVRES=4294967295/' $FILEA ; sed -i 's/DesiredHRES.*/DesiredHRES=4294967295/' $FILEA ; export WFICA_OPTS="-span a" ; /opt/Citrix/ICAClient/wfica -span h -icaroot /opt/Citrix/ICAClient $FILEA

Change the permissions

$ sudo chmod +x /opt/Citrix/ICAClient/xdg-open-wfica.sh

Allright, now you can try if this work!

$ /opt/Citrix/ICAClient/xdg-open-wfica.sh /path/to/your/launch.ica

The session should start on all your monitor. There’s nothing really complex here, we are just replacing the DesiredVRES and DesiredHRES the Citrix server preset in the .ica file…

Now if you want to launch all the ica file using this script you can just modify the .desktop entry and point the Exec= to the script we just created and add %f at the end which is the variable referencing the filename.

$ cat /usr/share/applications/wfica.desktop
[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
Name=Citrix Receiver Engine
StartupWMClass=Wfica
NoDisplay=true
MimeType=application/x-ica;
Categories=Application;Network;X-Red-Hat-Base;X-SuSE-Core-Internet;
Icon=/opt/Citrix/ICAClient/icons/manager.png
TryExec=/opt/Citrix/ICAClient/wfica
Exec=/opt/Citrix/ICAClient/xdg-open-wfica.sh %f

I’m not sure if this is necessary, but if it doesn,t work yet, try it:

sudo update-desktop-database && sudo update-mime-database /usr/share/mime

So after that you should be able to doublecheck an .ica file in your nautilus or maybe open it right in firefox. I wanted to use xdg-open in forefox to open the file directly but I’m using the snap version of firefox and there seems to have a problem opening files..

This is far from perfect, I don’t have a lot of time and I wanted to work quick so it might be a bit dirty, but it’s a good start.

Hope this will help!

How to install webpasswordsafe 1.3 WAR on Centos 6

Here’s a quick howto on installing web password safe on CentOS 6 with tomcat.

Prerequiste:

You’ll need to have JAVA setup correctly with JCE installed and I assume that Tomcat is already installed. You can consult both documentation I wrote :

Howto install JDK 7 with JCE

Howto install Tomcat 7 on centos 6

I will describe the steps I took, feel free to tell me if there’s something to fix, it’s possible your setup is slightly different..

Install your CentOS with at least those package/group @Base, mysql-server2 and mysql-connector-java.noarch
- Don’t forget to run mysql_secure_installation and change the root password..

Not sure on this one, because my system is kickstarted and automatically added to the repo, but you’ll probably need the EPEL repository ( rpm -Uhv http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm )

Download the webpasswordsafe war on google code: https://code.google.com/p/webpasswordsafe/downloads/list

Now we’ll copy the MySQL JDBC driver to our Tomcat Install if it’s not already done:

# ls -lah /opt/apache-tomcat-7.0.53/lib/*mysql*

If you see a file there, skip the copy, you already have the JDBC driver installed.

# cp /usr/share/java/mysql-connector-java.jar /opt/apache-tomcat-7.0.53/lib/

Now we will create the database needed by passwordsafe and the user it will use to connect, plus the permission.

# mysql -u root -p
 mysql> create database webpasswordsafe;
 mysql> create user wps@localhost identified by 'PUT_A_SAFE_PASSWORD_HERE';
 mysql> grant all privileges on webpasswordsafe.* to wps@localhost;
 mysql> grant usage on webpasswordsafe.* to wps@localhost;
 mysql> flush privileges;
 mysql> exit

Now we will deploy the WAR for the first time, and configure some settings:

Stop tomcat if it run:

# /etc/init.d/tomcat-webpasswordsafe stop

Copy the WAR in the webapp directory of your tomcat install and we will rename it:

# cp -ar webpasswordsafe-sample-1.3.war /opt/webpasswordsafe/catalina_base/webapps/
# mv webpasswordsafe-sample-1.3.war webpasswordsafe-1.3.war

Start Tomcat:

# /etc/init.d/tomcat-webpasswordsafe start

Now let’s configure few basics settings:

Set a new secret key at encryptor.jasypt.password

# cd /opt/webpasswordsafe/catalina_base/webapps/webpasswordsafe-1.3
# vim WEB-INF/encryption.properties

Edit the config to access the database:

# vim WEB-INF/jdbc.properties
 set db user key
 jdbc.username=wps
 jdbc.password=HERE_YOU_PASTE_THE_NOT_SO_SAFE_PASSWORD_YOU_PROBABLY_CHOOSE

 uncomment mysql config:
 # MySQL/MariaDB settings
 hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect
 jdbc.driverClassName=com.mysql.jdbc.Driver
 jdbc.url=jdbc:mysql://localhost:3306/webpasswordsafe
 jdbc.validationQuery=select 1

Now restart Tomcat and we’ll see if everything work:

# /etc/init.d/tomcat-webpasswordsafe restart

Normally at this point you should be able to access the web interface via http://your-hostname-or-ip:8080/webpasswordsafe-1.3/

If you are using the default LocalAuthenticator the user/pass are: admin/admin

That’s it for the install, check the Admin Guide for more informations regarding all the different options available in the config files.. I will probably add another post to cinfigure the LDAP connector and other features.

Be sure to setup a SSL connection if you want to use this in production… You don’t want to access your password manager via http… You are gonna store all your password there, doublecheck EVERYTHING, root password, MySQL, SSL, ensure that you have the minimum service running on this host, iptables and SELinux enabled could be a great idea.

Note:

Here’s the admin documentation http://webpasswordsafe.googlecode.com/svn/trunk/docs/AdministratorGuide.html
Thanks to Jonathon who posted the steps he took to install webpassword safe on debian in the group. ( https://groups.google.com/d/msg/webpasswordsafe/IUTko0NGuv4/UANDeTbFnsEJ )

Howto install java JDK 7 on CentOS 6 with Java Cryptography Extension (JCE) enabled ready for Tomcat

This installation of java is for people who want to install java and use it with tomcat or any other app that don’t require the java bin to be in the $PATH…

Download the latest JDK 7 release: http://java.sun.com/javase/downloads/index.jsp

If you need to install the JCE, download it: Other Downloads -> Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. If you don’t know what JCE is, the chance are you won’t need it..

Untar the archive and move it to /opt

# tar -xzvf jdk-7u51-linux-x64.gz

# mv jdk-7u51-linux-x64 /opt/

If you downloaded the JCE, unzip it. We’ll need to overwrite the default file. We’ll backup the file before..

# mv /opt/jdk1.7.0_51/jre/lib/security/local_policy.jar /opt/jdk1.7.0_51/jre/lib/security/local_policy.jar.orig

# mv /opt/jdk1.7.0_51/jre/lib/security/US_export_policy.jar /opt/jdk1.7.0_51/jre/lib/security/US_export_policy.jar.orig

# unzip UnlimitedJCEPolicyJDK7.zip

# cp UnlimitedJCEPolicy/*.jar /opt/jdk1.7.0_51/jre/lib/security/

And voila!

Howto Install Tomcat 7 clean on Centos 6

Prerequisite: you need to have a working copy of Java installed. See my post about installing Java on CentOS 6 Here.

You’ll see that Tomcat is installed in /opt and every single application will use it’s own catalina_home, this is in place to separate different install and simplify the update process, same thing for java, if a single war don’t support a new version of tomcat, you can upgrade by application, changing only the symbolic link..

The user will use uid 5007, it’s a standard uid of the tomcat user where I work.

useradd -u 5007 -s /sbin/nologin -c "Tomcat" _tomcat

Download the latest tarball and extract it to /opt

tar xzvf apache-tomcat-7.0.53.tar.gz -C /opt
ln -s /opt/apache-tomcat-7.0.53 /opt/tomcat-webpasswordsafe

We will now create the catalina_home base config

cd /opt
mkdir -p webpasswordsafe/catalina_base
cd webpasswordsafe/catalina_base
mkdir bin conf logs webapps work temp
chown _tomcat logs webapps work temp

Now we’ll create setenv.sh where the java_home will be set:

vim /opt/webpasswordsafe/catalina_base/bin/setenv.sh

Point the JAVA_HOME variable to your java home, if you have followed my howto on java it should look like this…

JAVA_HOME=/opt/java-webpasswordsafe

Copy the server.xml and web.xml to our catalina_base, the default should be ok:

cp /opt/apache-tomcat-7.0.53/conf/server.xml /opt/webpasswordsafe/catalina_base/conf/

cp /opt/apache-tomcat-7.0.53/conf/web.xml /opt/webpasswordsafe/catalina_base/conf/

We will now give the files the right ownership:

chmod -R 644 /opt/webpasswordsafe/catalina_base/conf/*
chown -R _tomcat._tomcat /opt/webpasswordsafe/catalina_base/

Create the init script used to start tomcat.

You’ll have to adjust the variable CATALINA_BASE, CATALINA_HOME and SVC_SCRIPT to reflect your installation if it’s not the same as mine.

vim /etc/init.d/tomcat-webpasswordsafe

#!/bin/bash
#
# Init file for buildserver tomcat
#
# chkconfig: 35 99 10
# description: BuildServer Tomcat
#

# source function library
. /etc/rc.d/init.d/functions

RETVAL=0
prog="tomcat pour le gestionnaire de password"

SVC_SCRIPT=/opt/tomcat-webpasswordsafe/bin/catalina.sh
SVC_START_ARGS="start"
SVC_STOP_ARGS="stop"
SVC_USER="_tomcat"

ECHO=/bin/echo
SUDO=/usr/bin/sudo
RUNUSER=/sbin/runuser

# Toute la config et les apps sont deployees dans ce repertoire
export CATALINA_BASE=/opt/webpasswordsafe/catalina_base
# Le repertoire ou tomcat est vraiment installe
export CATALINA_HOME=/opt/tomcat-webpasswordsafe


start()
{
 $ECHO -n $"Starting $prog: "
 # On utilise runuser au lieu de daemon() car daemon clear l'environnement... need CATALINA_*
 $RUNUSER -s /bin/bash -m -c "$SVC_SCRIPT $SVC_START_ARGS" "$SVC_USER" && success || failure
 RETVAL=$?
}

stop()
{
 $ECHO -n $"Stopping $prog: "
 $SVC_SCRIPT $SVC_STOP_ARGS && success || failure
 RETVAL=$?
}


case "$1" in
 start)
 start
 ;;
 stop)
 stop
 ;;
 restart)
 stop
 start
 ;;
 *)
 echo $"Usage: $0 {start|stop|restart}"
 RETVAL=1
esac
exit $RETVAL

Give the right permissions to the files:

chmod +x /etc/init.d/tomcat-webpasswordsafe

Enable the service to start at boot:

chkconfig tomcat-webpasswordsafe on

Let’s try this!

Start tomcat with the init script we’ve just created:

/etc/init.d/tomcat-passwordsafe start

You can take a look at the log to see if everything is ok.

tail -f /opt/webpasswordsafe/catalina_base/logs/catalina.out

If you see something similar to INFO: Server startup in 33397 ms, your installation is fine you can go ahead and put your war file in the webapp directory in catalina_home.

Let me know what you think and if you have problem I’ll be glad to help you, but this is pretty straight forward!

Howto update / change hostname of a system using RHEL/Centos in RHN, Satellite or Spacewalk

Today I had to update a system profile in RHN. The system is a RHEL 4 and was added to RHN few years ago and the hostname had changed since then. You can change the system name in RHN but you cannot change the hostname or the ipaddress. I just wanted to share with everyone how to update the RHN profile of a host.

Once your hostname is changed, you just have to execute this command:

# up2date --hardware

If you are using spacewalk and CentosOS6/RHEL6 you’ll see that up2date is not there anymore. You’ll need to have the rhn tool installed and sync the profile with:

# rhn-profile-sync

And voila, you should see the updated hostname on RHN/Spacewalk/Satellite.

@++

Rate this:

Rate this:

Rate this:

Rate this:

Rate this: