Sysadmin adventures: local DNS and more!

Source

It's 4am, Adam's still up, and we're not in a validation crunch...so that must mean he's got his amateur sysadmin hat on! My latest 'little' project: setting up local DNS resolution for my network, and rationalizing a few hostnames and IP addresses so internal and external hostnames match and there aren't ugly gaps in my IP ranges. All done and (fingers crossed) working, now. This machine is now www.happyassassin.net to me as well as you; formerly it was webserver.localdomain on the inside, which was just silly. ;) And I only have loopback entries in my static hosts files now. Much rejoicing, etc etc. In the end the only really tricky bit was getting hostnames set by DHCP, which is a bit of lily-gilding really, but what the hell, I wanted to make it work. Still can't do it on my desktop, NM doesn't seem to be co-operating, but it's working on all the servers at least, which still use network.service: [root@www ~]# hostname www [root@www ~]# hostname -f www.happyassassin.net whee! This is just a prelude to the REAL fun times, tomorrow or whenever I get a few spare hours, when I'm planning to set up an LDAP server and convert all my services to use it for authentication. I may set up happyassassin accounts (which, currently, means mail and owncloud, pretty much) for some of my family, so I'd probably better have a more sane auth setup than 'everything uses its own auth database'... ...although now I think about it, maybe just pam_userdb would do the job sufficiently. Hmm. Have to think a bit. ANYHOO, the above also reminded me to trumpet my latest triumph: after finally fixing CalDAV a few weeks back, I managed to fix CardDAV too. Somewhere I found log output which gave me the idea that the problem might be the UIDs of the contacts in my owncloud contact list; I think I'd populated it by syncing things across from Google in some crazy way, and when I downloaded a few as .vcfs and looked at them, the UIDs for the contacts were really messy, with all kinds of weird characters in there, % signs and lord knows what else. So I just wiped the whole contact list and re-imported the latest state from Google, this time by logging into contacts.google.com, downloading the entire address book as a .vcf, and uploading that to Owncloud. This got me a rather cleaner set of contacts in Owncloud, and now syncing with CardDAV works! From all my clients! So finally - until something breaks again - I have perfect CalDAV and CardDAV sync from multiple Linux and Android clients against my own server. I've wiped my Google contacts and calendar again. Take that, tentacle. Except of course the tentacle has ten backups of it, but sigh... Oh, yeah, and just for an encore I set owncloud to use an NFS share from my NAS as the storage space for user files, so now I have more than, like, 6GB of space in my 'cloud' (each of my server VMs itself has pretty limited disk space). Tweak, tweak, tweak...

Comments

Pieter wrote on 2013-09-22 12:31:
Since you are on a roll now why not try FreeIPA? A quick install in a VM and you're off.
Chris Smart wrote on 2013-09-22 23:47:
Nice. I was going to mention FreeIPA also. Out of curiosity, what clients are you using for your owncloud CalDAV and CardDAV synchronising on Android and Linux? -c
adamw wrote on 2013-09-23 00:14:
People keep suggesting freeipa, but I'm really not sure it's actually what I want. I have precisely one user who's actually in a position to join the domain freeipa would give me: me, when I'm at home. And all the shinies (and complexity) that freeipa would give that user aren't really much use to me - I can live without SSO and centralized password management for my own user, really. The thing I'm possibly doing is letting members of my family who are based elsewhere use my mail and cloud services. They will never, ever be on my private network. They'll never be able to join the domain directly. They'll only ever be accessing the servers externally. FreeIPA just doesn't feel like it does much for me, in that case. Reading through the FreeIPA docs I keep getting the feeling it's just not the thing I'm looking for. I've been poking around my config all morning, and I think there's a much simpler setup that would work. I already have postfix using dovecot's SASL on my mail server, so if I can get owncloud's IMAP authentication working, that'll really get me where I want to be: effectively dovecot will ultimately be my 'identity server', any user's account for dovecot purposes (so, as things stand, a real user account on my mail server box, but in theory, I could set up virtual users with dovecot) would be their account for all my services. Now, if I could just get owncloud IMAP auth to *work*...
nanonyme wrote on 2013-09-23 06:53:
Hi, is there any further documentation on how to accomplish the outcome of theses sysadmin adventures? I probably don't have enough time to play around with these but it'd be interested to read how things get done.
bochecha wrote on 2013-09-23 08:02:
> I’ve been poking around my config all morning, and I think there’s a much simpler setup that would work. I already have postfix using dovecot’s SASL on my mail server, [...] That's what my email provider (best friend, self-hosted) is doing as well, and he's found a way to do it for Jabber as well. (I think he's using Prosody, like you). No idea about Owncloud though, but that seems like the easiest way.
Samuel Sieb wrote on 2013-09-28 00:50:
I'm curious what your issue is with DHCP hostnames. I set up a whole school that way. Maybe the difference is that my hostnames are static and were set from DHCP during install. Maybe you're running into that issue discussed on either the devel or test mailing list about transient vs permanent hostnames.