25 October 2009

Stop updating packages as often

When managing computer administration, there is a big trap to avoid: update the packages as soon as they are available.

Stop polling for incoming e-mails

Unfortunately, it seems there are lots of us (computer users) polling for incoming e-mails very, very often; like if a very important thing might be received and to be answered almost immediately.

18 September 2009

Help ! rpm or yum freezes

Sometimes, rpm, yum or even other commands are freezing without message to understand why (e.g. for yum, just after the message "Running Transaction Test").

28 July 2009

19 July 2009

Master your installed tools

Sometimes, we use tools from so long time that we don't know/care/remember where it comes from.
It is particularly true for system tools (e.g. mount, fsck, tune2fs, ls...).

Create a specific user for MySQL Database backup

For security reasons, it is interesting to create a specific user for MySQL Database backup with the less privileges possible.
In fact, only LOCK TABLES and SELECT privileges are requested to use mysqldump.

14 July 2009

Manage SMART disks

Modern hard disks (from ATA-3 and SCSI-3) provide built-in system called SMART (for Self-Monitoring, Analysis and Reporting Technology).

smartmontools provides two utility programs (smartctl and smartd) to control and monitor storage systems using SMART.

It can be installed in RedHat-like systems using yum (yum install smartmontools).

To get "general" Info like device model number, serial number, firmware version... (e.g. /dev/sda):
smartctl -i /dev/sda

To get Health Status of a device - for instance for predicting its own failure within the next 24 hours (e.g. /dev/sda):
smartctl -H /dev/sda

To get SMART Attributes of a device (e.g. /dev/sda):
smartctl -A /dev/sda

To get SMART Capabilities of a device (e.g. /dev/sda):
smartctl -c /dev/sda

To get error information of a device (e.g. /dev/sda):
smartctl -l error /dev/sda

To get all those information and even more about a device (e.g. /dev/sda):
smartctl -a /dev/sda


The smartctl command allows launching some tests.
For instance to launch a short test:
smartctl -t short /dev/sda

To get progress and result information:
smartctl -l selftest /dev/sda


See smartctl MAN page for further information.

Remount a read-only mounted partition

In some cases (kind of maintenance mode for instance), partitions can be read-only mounted, and the situation stays the same after operations (like fsck) and reboot.

For instance, it can happen if the system is wrongly configured, forcing the fsch of unknown (or removed) devices.

To leave such end-less situation, it is possible to remount a read-only mounted partition, which can not be umounted (like /), to update configuration and then get a working boot:
mount -n -o remount,rw /mountPoint

The -n option allows to request the mount without attempting to write on the disk (which is obviously not possible on read-only mounted partition).
The -o option allows updating mount options (same syntax than when mounting the partition the "first" time)

6 April 2009

Install 64 bits Java plug-in for Opera 64 bits under GNU/Linux

Since SUN jdk 6 update 10, a new generation plug-in is provided.
This is an article with giving lots of information.
To install it under Opera 64 bit, add the [jdk_installation_dir]/jre/lib/amd64/ under the plug-ins path definition (Tools-> preferences-> advanced-> contents-> plug-ins options-> change path-> add). The corresponding library is libnpjp2.so.

You can check your installation with this site applet.

13 March 2009

Install VMWare-server v1.x under kernel 2.6.27 or 2.6.28

To install VMWare-server v1.x under kernel 2.6.27 or 2.6.28, use the following patch (the vmware-any-any-update115 does not work from this kernel version).

For x86_64 architecture, there may be a lock problem while launching VMware-server, ending with following final error message:
vmware: xcb_lock.c :77 : _XGetXCBBuffer: L'assertion « ((int) ((xcb_req) - (dpy->request)) >= 0) » a échoué.

To solve this issue, install the gtk-nodoka-engine.i386 package (and needed packages).

2 March 2009

Install Windows after GNU/Linux on the same hard disk

There can be various issues when attempting to install Windows on which is installed a GNU/Linux distribution.
One of the more subtle is hardware detection problem which can occur after the first second while Windows installation CD is booting (See this interesting post which gives some explanations in specific cases).

It can be the case if there is a dedicated boot partition for GNU/Linux.
The solution is to temporarily delete the partition, perform the Windows installation, restore the partition, and finally restore the MBR.

Those are some instructions to help you solving this issue.
The variables of this example are:
- /dev/sda the main hard disk,
- /dev/sdaN the boot partition (ext3) before deletion (corresponds to hd0,N-1 for bootloader)
- CF and CL the first and last cylinders of the /dev/sdaN partition (given by fdisk -l)
- /dev/sdaM the boot partition after restore (corresponds to hd0,M-1 for bootloader)
- grub as bootloader

Instructions:
- backup your /boot/grub/grub.conf
- backup your boot partition into a file
dd if=/dev/sdaN of=/tmp/boot.bin
- temporarily delete the partition
fdisk /dev/sda
d (to delete partition)
select the partition number (N in this instance)
- perform the Windows installation
- boot with a GNU/Linux Rescue or Live CD of your choice
- restore the partition
fdisk /dev/sda
n (to add new partition)
specify CF and CL as first and last cylinders

- use fdisk -l to identify the new partition number, in case it has changed (M in our case)
- format it
mkfs.ext3 -L boot /dev/sdaM
- restore your boot partition
dd if=/tmp/boot.bin of=/dev/sdaM
- remove/rename the /boot folder of the launched GNU/Linux Rescue or Live CD instance
- mount your boot partition
mkdir /boot
mount -t ext3 /dev/sdaM /boot
- edit the /boot/grub/grub.conf file to replace hd0,N-1 by hd0,M-1
- restore the MBR

Restore Master Boot Record (MBR) with grub

In case your MBR is broken, those are some instructions to help you restore it.

The variables of this example are:
- /dev/sda the master hard disk,
- /dev/sdaM the ext3 boot partition (corresponds to hd0,M-1 for bootloader)
- grub as bootloader

Instructions:
- boot with a GNU/Linux Rescue or Live CD of your choice
- remove/rename the /boot folder of the launched GNU/Linux Rescue or Live CD instance
- mount your boot partition
mkdir /boot
mount -t ext3 /dev/sdaM /boot
- restore the MBR
grub
root (hd0,M-1)
setup (hd0,M-1)
quit
grub-install /dev/sda

24 January 2009

Make some of your log files rotate and compress

logrotate is a very useful and powerful tool.

To make some of your log files to be rotated and compressed, create a new configuration file into the logrotate "include" directory (usually /etc/logrotate.d), and add the rotate/compress rule:

/var/log/XXX.log {
rotate 3
weekly
compress
size 1M
create 0640 myUser myGroup
}


In this example, the log will go through three weekly rotations before being removed. There can be rotations if the size exceeds 1MB.
Rotated files will be compressed.
New empty file (after rotation) will be created with "0640" mode, and myUser:myGroup ownership.

18 January 2009

Replace courier-imap by dovecot for emails server under GNU/Linux

The courier-imap package, and linked packages, have been replaced by dovecot from Fedora 8 (or earlier).
Anyway, it's still possible to maintain mailboxes part of your full and secured GNU/Linux emails server, compiling the source code of courier-imap.

If you still want to benefit from up-to-date package, using yum or if you want a more secured system, you should migrate to dovecot.

To begin, there is a tool allowing to migrate "metadata" from courier-imap to dovecot.

This is how to configure dovecot editing the /etc/dovecot.conf file, according to the configuration of the full and secured GNU/Linux emails server:
- define clearly what protocols you want to avoid wasting resources and potential security hole (See this post for equivalent for courier)
protocols = pop3 pop3s

- define the certificate and the key to use (can be the same of the smtp server)
ssl_cert_file = /etc/postfix/smtpd.cert
ssl_key_file = /etc/postfix/smtpd.key

- define the mail location
mail_location = maildir:/home/vmail/%d/%n

- define the mail UID, GID and the privileged group:
mail_uid = 5000
mail_gid = 5000
mail_privileged_group = vmail

- comment the imap or pop3 begin/end line according to your needs

- specify pop3 UIDL format for it to be compatible with the existing courier metadat
pop3_uidl_format = %u-%v

- specify the mechanisms into the auth default part
mechanisms = plain login

- comment all lines corresponding to auth you do not want (like for pam for instance)

- specify path of ONE specific file (you will create) to request the SQL database to get password and user information in the same request (optimization) (respect the order which is important, "userdb prefetch" must be before "userdb sq" part)
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb prefetch {
}
userdb sql {
args = /etc/dovecot-mysql.conf
}

- create a file with SQL query and connect information (/etc/dovecot-mysql.conf), replacing mail, admin and XXX with your corresponding databse name, privileged user login and password (default_pass_scheme is very important and must be defined according to the function used when adding password to database; in this case it correspond to the ENCRYPT function):
## /etc/dovecot-mysql.conf contents ##
driver = mysql
default_pass_scheme = CRYPT
connect = host=localhost dbname=mail user=admin password=XXX

# Extended request allowing to get password and all user information at same time.
password_query = SELECT password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 AS userdb_uid, 5000 AS userdb_gid, concat('dirsize:storage=',quota) AS userdb_quota FROM users WHERE email = '%u'

# Used only for deliver (see LDA).
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=',quota) AS quota FROM users WHERE email ='%u'
## /etc/dovecot-mysql.conf contents ##

- (facultative) activate debug information in case something goes wrong
mail_debug = yes
auth_debug = yes
auth_debug_passwords = yes

- restart the dovecot service
service dovecot restart

- attempts to connect to your imap/pop server with your favorite email client, checking the log file (default is /var/log/maillog)

- (facultative) disabled debug information if no more needed

Upgrade GNU/Linux Fedora from 8 to 9, then 10 (with yum)

To upgrade GNU/Linux Fedora from 8 to 9, then 10, there is no problem.
It is easier than previous upgrade, and there is less kind of issue.

The principle is globally the same when upgrading from Fedora core N to Fedora core N+1 (see this post), from Fedora core 6 to Fedora 7 then 8 (see this post), or from Fedora 7 to Fedora 8 (see this post).
In addition, the recommendations of Fedora project have greatly evolved and seem now complete.

Upgrade from Fedora 8 to Fedora 9:
- do not forget to clean all the yum metadata with yum clean all,
- upgrade the Fedora release:
rpm -Uvh ftp://download.fedora.redhat.com/pub/fedora/linux/updates/9/i386.newkey/fedora-release-*.noarch.rpm
- upgrade your repository if needed (N.B.: livna has now merged into RPM fusion)
- remove and reinstall thunderbird to avoid specific issue.

Upgrade from Fedora 9 to Fedora 10:
- do not forget to clean all the yum metadata with yum clean all,
- upgrade the Fedora release:
rpm -Uvh ftp://download.fedora.redhat.com/pub/fedora/linux/releases/10/Fedora/i386/os/Packages/fedora-release-*.noarch.rpm
- Be careful if you have RAID, there is an important issue which may prevent the OS from booting properly

Ensure there is no dependencies problem like explained into this post.

Then, you should perform a great configuration files merging campaign to ensure having the up to date functionalities while keeping your own specific configuration (globally the XXX.conf and XXX.conf.rpmnew files).

Have a quick look on installed packages providing services

Sometimes, it is interesting to have a quick look on installed packages providing services to check if there is possibility to clean unused packages, or to disable (temporary or not) services which are not used and which are so wasting resources.

To get information about installed packages providing services (excluding inet and xinet) which are NEVER started (and so may be removed):
for service in $( chkconfig --list |grep "1:" |grep -v "on" |awk '{print $1}' ); do rpm -qi "$( rpm -qf /etc/init.d/$service )"; done |less

Important:
- some packages provide several services so it can appear several times with this simple command
- before removing such a package, it is important to ensure it is not providing something you need (libraries, tools, various files ...)
- you may use something else than "on" according to your OS language


To get information about installed packages providing services (excluding inet and xinet) which are started (and so using resources):
for service in $( chkconfig --list |grep "5:on" |awk '{print $1}' ); do rpm -qi "$( rpm -qf /etc/init.d/$service )"; done |less

Important:
- some packages provide several services so it can appear several times with this simple command
- you can perform this check with every runlevel replacing "5" by anything else
- you may use something else than "on" according to your OS language