When managing computer administration, there is a big trap to avoid: update the packages as soon as they are available.
25 October 2009
Stop polling for incoming e-mails
Unfortunately, it seems there are lots of us (computer users) polling for incoming e-mails very, very often; like if a very important thing might be received and to be answered almost immediately.
18 September 2009
Help ! rpm or yum freezes
Sometimes, rpm, yum or even other commands are freezing without message to understand why (e.g. for yum, just after the message "Running Transaction Test").
28 July 2009
Compile LZO, TUN and OpenVPN under Solaris 64bits (revised)
(This post is a revision of this one for Solaris 64bits, and in accordance with new source code versions).
19 July 2009
Master your installed tools
Sometimes, we use tools from so long time that we don't know/care/remember where it comes from.
It is particularly true for system tools (e.g. mount, fsck, tune2fs, ls...).
It is particularly true for system tools (e.g. mount, fsck, tune2fs, ls...).
Create a specific user for MySQL Database backup
For security reasons, it is interesting to create a specific user for MySQL Database backup with the less privileges possible.
In fact, only LOCK TABLES and SELECT privileges are requested to use mysqldump.
In fact, only LOCK TABLES and SELECT privileges are requested to use mysqldump.
14 July 2009
Manage SMART disks
Modern hard disks (from ATA-3 and SCSI-3) provide built-in system called SMART (for Self-Monitoring, Analysis and Reporting Technology).
smartmontools provides two utility programs (smartctl and smartd) to control and monitor storage systems using SMART.
It can be installed in RedHat-like systems using yum (yum install smartmontools).
To get "general" Info like device model number, serial number, firmware version... (e.g. /dev/sda):
smartctl -i /dev/sda
To get Health Status of a device - for instance for predicting its own failure within the next 24 hours (e.g. /dev/sda):
smartctl -H /dev/sda
To get SMART Attributes of a device (e.g. /dev/sda):
smartctl -A /dev/sda
To get SMART Capabilities of a device (e.g. /dev/sda):
smartctl -c /dev/sda
To get error information of a device (e.g. /dev/sda):
smartctl -l error /dev/sda
To get all those information and even more about a device (e.g. /dev/sda):
smartctl -a /dev/sda
The smartctl command allows launching some tests.
For instance to launch a short test:
smartctl -t short /dev/sda
To get progress and result information:
smartctl -l selftest /dev/sda
See smartctl MAN page for further information.
smartmontools provides two utility programs (smartctl and smartd) to control and monitor storage systems using SMART.
It can be installed in RedHat-like systems using yum (yum install smartmontools).
To get "general" Info like device model number, serial number, firmware version... (e.g. /dev/sda):
smartctl -i /dev/sda
To get Health Status of a device - for instance for predicting its own failure within the next 24 hours (e.g. /dev/sda):
smartctl -H /dev/sda
To get SMART Attributes of a device (e.g. /dev/sda):
smartctl -A /dev/sda
To get SMART Capabilities of a device (e.g. /dev/sda):
smartctl -c /dev/sda
To get error information of a device (e.g. /dev/sda):
smartctl -l error /dev/sda
To get all those information and even more about a device (e.g. /dev/sda):
smartctl -a /dev/sda
The smartctl command allows launching some tests.
For instance to launch a short test:
smartctl -t short /dev/sda
To get progress and result information:
smartctl -l selftest /dev/sda
See smartctl MAN page for further information.
Remount a read-only mounted partition
In some cases (kind of maintenance mode for instance), partitions can be read-only mounted, and the situation stays the same after operations (like fsck) and reboot.
For instance, it can happen if the system is wrongly configured, forcing the fsch of unknown (or removed) devices.
To leave such end-less situation, it is possible to remount a read-only mounted partition, which can not be umounted (like /), to update configuration and then get a working boot:
mount -n -o remount,rw /mountPoint
The -n option allows to request the mount without attempting to write on the disk (which is obviously not possible on read-only mounted partition).
The -o option allows updating mount options (same syntax than when mounting the partition the "first" time)
For instance, it can happen if the system is wrongly configured, forcing the fsch of unknown (or removed) devices.
To leave such end-less situation, it is possible to remount a read-only mounted partition, which can not be umounted (like /), to update configuration and then get a working boot:
mount -n -o remount,rw /mountPoint
The -n option allows to request the mount without attempting to write on the disk (which is obviously not possible on read-only mounted partition).
The -o option allows updating mount options (same syntax than when mounting the partition the "first" time)
6 April 2009
Install 64 bits Java plug-in for Opera 64 bits under GNU/Linux
Since SUN jdk 6 update 10, a new generation plug-in is provided.
This is an article with giving lots of information.
To install it under Opera 64 bit, add the [jdk_installation_dir]/jre/lib/amd64/ under the plug-ins path definition (Tools-> preferences-> advanced-> contents-> plug-ins options-> change path-> add). The corresponding library is libnpjp2.so.
You can check your installation with this site applet.
This is an article with giving lots of information.
To install it under Opera 64 bit, add the [jdk_installation_dir]/jre/lib/amd64/ under the plug-ins path definition (Tools-> preferences-> advanced-> contents-> plug-ins options-> change path-> add). The corresponding library is libnpjp2.so.
You can check your installation with this site applet.
13 March 2009
Install VMWare-server v1.x under kernel 2.6.27 or 2.6.28
To install VMWare-server v1.x under kernel 2.6.27 or 2.6.28, use the following patch (the vmware-any-any-update115 does not work from this kernel version).
For x86_64 architecture, there may be a lock problem while launching VMware-server, ending with following final error message:
vmware: xcb_lock.c :77 : _XGetXCBBuffer: L'assertion « ((int) ((xcb_req) - (dpy->request)) >= 0) » a échoué.
To solve this issue, install the gtk-nodoka-engine.i386 package (and needed packages).
For x86_64 architecture, there may be a lock problem while launching VMware-server, ending with following final error message:
vmware: xcb_lock.c :77 : _XGetXCBBuffer: L'assertion « ((int) ((xcb_req) - (dpy->request)) >= 0) » a échoué.
To solve this issue, install the gtk-nodoka-engine.i386 package (and needed packages).
2 March 2009
Install Windows after GNU/Linux on the same hard disk
There can be various issues when attempting to install Windows on which is installed a GNU/Linux distribution.
One of the more subtle is hardware detection problem which can occur after the first second while Windows installation CD is booting (See this interesting post which gives some explanations in specific cases).
It can be the case if there is a dedicated boot partition for GNU/Linux.
The solution is to temporarily delete the partition, perform the Windows installation, restore the partition, and finally restore the MBR.
Those are some instructions to help you solving this issue.
The variables of this example are:
- /dev/sda the main hard disk,
- /dev/sdaN the boot partition (ext3) before deletion (corresponds to hd0,N-1 for bootloader)
- CF and CL the first and last cylinders of the /dev/sdaN partition (given by fdisk -l)
- /dev/sdaM the boot partition after restore (corresponds to hd0,M-1 for bootloader)
- grub as bootloader
Instructions:
- backup your /boot/grub/grub.conf
- backup your boot partition into a file
dd if=/dev/sdaN of=/tmp/boot.bin
- temporarily delete the partition
fdisk /dev/sda
d (to delete partition)
select the partition number (N in this instance)
- perform the Windows installation
- boot with a GNU/Linux Rescue or Live CD of your choice
- restore the partition
fdisk /dev/sda
n (to add new partition)
specify CF and CL as first and last cylinders
- use fdisk -l to identify the new partition number, in case it has changed (M in our case)
- format it
mkfs.ext3 -L boot /dev/sdaM
- restore your boot partition
dd if=/tmp/boot.bin of=/dev/sdaM
- remove/rename the /boot folder of the launched GNU/Linux Rescue or Live CD instance
- mount your boot partition
mkdir /boot
mount -t ext3 /dev/sdaM /boot
- edit the /boot/grub/grub.conf file to replace hd0,N-1 by hd0,M-1
- restore the MBR
One of the more subtle is hardware detection problem which can occur after the first second while Windows installation CD is booting (See this interesting post which gives some explanations in specific cases).
It can be the case if there is a dedicated boot partition for GNU/Linux.
The solution is to temporarily delete the partition, perform the Windows installation, restore the partition, and finally restore the MBR.
Those are some instructions to help you solving this issue.
The variables of this example are:
- /dev/sda the main hard disk,
- /dev/sdaN the boot partition (ext3) before deletion (corresponds to hd0,N-1 for bootloader)
- CF and CL the first and last cylinders of the /dev/sdaN partition (given by fdisk -l)
- /dev/sdaM the boot partition after restore (corresponds to hd0,M-1 for bootloader)
- grub as bootloader
Instructions:
- backup your /boot/grub/grub.conf
- backup your boot partition into a file
dd if=/dev/sdaN of=/tmp/boot.bin
- temporarily delete the partition
fdisk /dev/sda
d (to delete partition)
select the partition number (N in this instance)
- perform the Windows installation
- boot with a GNU/Linux Rescue or Live CD of your choice
- restore the partition
fdisk /dev/sda
n (to add new partition)
specify CF and CL as first and last cylinders
- use fdisk -l to identify the new partition number, in case it has changed (M in our case)
- format it
mkfs.ext3 -L boot /dev/sdaM
- restore your boot partition
dd if=/tmp/boot.bin of=/dev/sdaM
- remove/rename the /boot folder of the launched GNU/Linux Rescue or Live CD instance
- mount your boot partition
mkdir /boot
mount -t ext3 /dev/sdaM /boot
- edit the /boot/grub/grub.conf file to replace hd0,N-1 by hd0,M-1
- restore the MBR
Restore Master Boot Record (MBR) with grub
In case your MBR is broken, those are some instructions to help you restore it.
The variables of this example are:
- /dev/sda the master hard disk,
- /dev/sdaM the ext3 boot partition (corresponds to hd0,M-1 for bootloader)
- grub as bootloader
Instructions:
- boot with a GNU/Linux Rescue or Live CD of your choice
- remove/rename the /boot folder of the launched GNU/Linux Rescue or Live CD instance
- mount your boot partition
mkdir /boot
mount -t ext3 /dev/sdaM /boot
- restore the MBR
grub
root (hd0,M-1)
setup (hd0,M-1)
quit
grub-install /dev/sda
The variables of this example are:
- /dev/sda the master hard disk,
- /dev/sdaM the ext3 boot partition (corresponds to hd0,M-1 for bootloader)
- grub as bootloader
Instructions:
- boot with a GNU/Linux Rescue or Live CD of your choice
- remove/rename the /boot folder of the launched GNU/Linux Rescue or Live CD instance
- mount your boot partition
mkdir /boot
mount -t ext3 /dev/sdaM /boot
- restore the MBR
grub
root (hd0,M-1)
setup (hd0,M-1)
quit
grub-install /dev/sda
24 January 2009
Make some of your log files rotate and compress
logrotate is a very useful and powerful tool.
To make some of your log files to be rotated and compressed, create a new configuration file into the logrotate "include" directory (usually /etc/logrotate.d), and add the rotate/compress rule:
rotate 3
weekly
compress
size 1M
create 0640 myUser myGroup
}
In this example, the log will go through three weekly rotations before being removed. There can be rotations if the size exceeds 1MB.
Rotated files will be compressed.
New empty file (after rotation) will be created with "0640" mode, and myUser:myGroup ownership.
18 January 2009
Replace courier-imap by dovecot for emails server under GNU/Linux
The courier-imap package, and linked packages, have been replaced by dovecot from Fedora 8 (or earlier).
Anyway, it's still possible to maintain mailboxes part of your full and secured GNU/Linux emails server, compiling the source code of courier-imap.
If you still want to benefit from up-to-date package, using yum or if you want a more secured system, you should migrate to dovecot.
To begin, there is a tool allowing to migrate "metadata" from courier-imap to dovecot.
This is how to configure dovecot editing the /etc/dovecot.conf file, according to the configuration of the full and secured GNU/Linux emails server:
- define clearly what protocols you want to avoid wasting resources and potential security hole (See this post for equivalent for courier)
protocols = pop3 pop3s
- define the certificate and the key to use (can be the same of the smtp server)
ssl_cert_file = /etc/postfix/smtpd.cert
ssl_key_file = /etc/postfix/smtpd.key
- define the mail location
mail_location = maildir:/home/vmail/%d/%n
- define the mail UID, GID and the privileged group:
mail_uid = 5000
mail_gid = 5000
mail_privileged_group = vmail
- comment the imap or pop3 begin/end line according to your needs
- specify pop3 UIDL format for it to be compatible with the existing courier metadat
pop3_uidl_format = %u-%v
- specify the mechanisms into the auth default part
mechanisms = plain login
- comment all lines corresponding to auth you do not want (like for pam for instance)
- specify path of ONE specific file (you will create) to request the SQL database to get password and user information in the same request (optimization) (respect the order which is important, "userdb prefetch" must be before "userdb sq" part)
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb prefetch {
}
userdb sql {
args = /etc/dovecot-mysql.conf
}
- create a file with SQL query and connect information (/etc/dovecot-mysql.conf), replacing mail, admin and XXX with your corresponding databse name, privileged user login and password (default_pass_scheme is very important and must be defined according to the function used when adding password to database; in this case it correspond to the ENCRYPT function):
## /etc/dovecot-mysql.conf contents ##
driver = mysql
default_pass_scheme = CRYPT
connect = host=localhost dbname=mail user=admin password=XXX
# Extended request allowing to get password and all user information at same time.
password_query = SELECT password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 AS userdb_uid, 5000 AS userdb_gid, concat('dirsize:storage=',quota) AS userdb_quota FROM users WHERE email = '%u'
# Used only for deliver (see LDA).
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=',quota) AS quota FROM users WHERE email ='%u'
## /etc/dovecot-mysql.conf contents ##
- (facultative) activate debug information in case something goes wrong
mail_debug = yes
auth_debug = yes
auth_debug_passwords = yes
- restart the dovecot service
service dovecot restart
- attempts to connect to your imap/pop server with your favorite email client, checking the log file (default is /var/log/maillog)
- (facultative) disabled debug information if no more needed
Anyway, it's still possible to maintain mailboxes part of your full and secured GNU/Linux emails server, compiling the source code of courier-imap.
If you still want to benefit from up-to-date package, using yum or if you want a more secured system, you should migrate to dovecot.
To begin, there is a tool allowing to migrate "metadata" from courier-imap to dovecot.
This is how to configure dovecot editing the /etc/dovecot.conf file, according to the configuration of the full and secured GNU/Linux emails server:
- define clearly what protocols you want to avoid wasting resources and potential security hole (See this post for equivalent for courier)
protocols = pop3 pop3s
- define the certificate and the key to use (can be the same of the smtp server)
ssl_cert_file = /etc/postfix/smtpd.cert
ssl_key_file = /etc/postfix/smtpd.key
- define the mail location
mail_location = maildir:/home/vmail/%d/%n
- define the mail UID, GID and the privileged group:
mail_uid = 5000
mail_gid = 5000
mail_privileged_group = vmail
- comment the imap or pop3 begin/end line according to your needs
- specify pop3 UIDL format for it to be compatible with the existing courier metadat
pop3_uidl_format = %u-%v
- specify the mechanisms into the auth default part
mechanisms = plain login
- comment all lines corresponding to auth you do not want (like for pam for instance)
- specify path of ONE specific file (you will create) to request the SQL database to get password and user information in the same request (optimization) (respect the order which is important, "userdb prefetch" must be before "userdb sq" part)
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb prefetch {
}
userdb sql {
args = /etc/dovecot-mysql.conf
}
- create a file with SQL query and connect information (/etc/dovecot-mysql.conf), replacing mail, admin and XXX with your corresponding databse name, privileged user login and password (default_pass_scheme is very important and must be defined according to the function used when adding password to database; in this case it correspond to the ENCRYPT function):
## /etc/dovecot-mysql.conf contents ##
driver = mysql
default_pass_scheme = CRYPT
connect = host=localhost dbname=mail user=admin password=XXX
# Extended request allowing to get password and all user information at same time.
password_query = SELECT password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 AS userdb_uid, 5000 AS userdb_gid, concat('dirsize:storage=',quota) AS userdb_quota FROM users WHERE email = '%u'
# Used only for deliver (see LDA).
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=',quota) AS quota FROM users WHERE email ='%u'
## /etc/dovecot-mysql.conf contents ##
- (facultative) activate debug information in case something goes wrong
mail_debug = yes
auth_debug = yes
auth_debug_passwords = yes
- restart the dovecot service
service dovecot restart
- attempts to connect to your imap/pop server with your favorite email client, checking the log file (default is /var/log/maillog)
- (facultative) disabled debug information if no more needed
Upgrade GNU/Linux Fedora from 8 to 9, then 10 (with yum)
To upgrade GNU/Linux Fedora from 8 to 9, then 10, there is no problem.
It is easier than previous upgrade, and there is less kind of issue.
The principle is globally the same when upgrading from Fedora core N to Fedora core N+1 (see this post), from Fedora core 6 to Fedora 7 then 8 (see this post), or from Fedora 7 to Fedora 8 (see this post).
In addition, the recommendations of Fedora project have greatly evolved and seem now complete.
Upgrade from Fedora 8 to Fedora 9:
- do not forget to clean all the yum metadata with yum clean all,
- upgrade the Fedora release:
- upgrade your repository if needed (N.B.: livna has now merged into RPM fusion)
- remove and reinstall thunderbird to avoid specific issue.
Upgrade from Fedora 9 to Fedora 10:
- do not forget to clean all the yum metadata with yum clean all,
- upgrade the Fedora release:
rpm -Uvh
- Be careful if you have RAID, there is an important issue which may prevent the OS from booting properly
Ensure there is no dependencies problem like explained into this post.
Then, you should perform a great configuration files merging campaign to ensure having the up to date functionalities while keeping your own specific configuration (globally the XXX.conf and XXX.conf.rpmnew files).
It is easier than previous upgrade, and there is less kind of issue.
The principle is globally the same when upgrading from Fedora core N to Fedora core N+1 (see this post), from Fedora core 6 to Fedora 7 then 8 (see this post), or from Fedora 7 to Fedora 8 (see this post).
In addition, the recommendations of Fedora project have greatly evolved and seem now complete.
Upgrade from Fedora 8 to Fedora 9:
- do not forget to clean all the yum metadata with yum clean all,
- upgrade the Fedora release:
rpm -Uvh ftp://download.fedora.redhat.com/pub/fedora/linux/updates/9/i386.newkey/fedora-release-*.noarch.rpm- upgrade your repository if needed (N.B.: livna has now merged into RPM fusion)
- remove and reinstall thunderbird to avoid specific issue.
Upgrade from Fedora 9 to Fedora 10:
- do not forget to clean all the yum metadata with yum clean all,
- upgrade the Fedora release:
rpm -Uvh
ftp://download.fedora.redhat.com/pub/fedora/linux/releases/10/Fedora/i386/os/Packages/fedora-release-*.noarch.rpm- Be careful if you have RAID, there is an important issue which may prevent the OS from booting properly
Ensure there is no dependencies problem like explained into this post.
Then, you should perform a great configuration files merging campaign to ensure having the up to date functionalities while keeping your own specific configuration (globally the XXX.conf and XXX.conf.rpmnew files).
Have a quick look on installed packages providing services
Sometimes, it is interesting to have a quick look on installed packages providing services to check if there is possibility to clean unused packages, or to disable (temporary or not) services which are not used and which are so wasting resources.
To get information about installed packages providing services (excluding inet and xinet) which are NEVER started (and so may be removed):
for service in $( chkconfig --list |grep "1:" |grep -v "on" |awk '{print $1}' ); do rpm -qi "$( rpm -qf /etc/init.d/$service )"; done |less
Important:
- some packages provide several services so it can appear several times with this simple command
- before removing such a package, it is important to ensure it is not providing something you need (libraries, tools, various files ...)
- you may use something else than "on" according to your OS language
To get information about installed packages providing services (excluding inet and xinet) which are started (and so using resources):
for service in $( chkconfig --list |grep "5:on" |awk '{print $1}' ); do rpm -qi "$( rpm -qf /etc/init.d/$service )"; done |less
Important:
- some packages provide several services so it can appear several times with this simple command
- you can perform this check with every runlevel replacing "5" by anything else
- you may use something else than "on" according to your OS language
To get information about installed packages providing services (excluding inet and xinet) which are NEVER started (and so may be removed):
for service in $( chkconfig --list |grep "1:" |grep -v "on" |awk '{print $1}' ); do rpm -qi "$( rpm -qf /etc/init.d/$service )"; done |less
Important:
- some packages provide several services so it can appear several times with this simple command
- before removing such a package, it is important to ensure it is not providing something you need (libraries, tools, various files ...)
- you may use something else than "on" according to your OS language
To get information about installed packages providing services (excluding inet and xinet) which are started (and so using resources):
for service in $( chkconfig --list |grep "5:on" |awk '{print $1}' ); do rpm -qi "$( rpm -qf /etc/init.d/$service )"; done |less
Important:
- some packages provide several services so it can appear several times with this simple command
- you can perform this check with every runlevel replacing "5" by anything else
- you may use something else than "on" according to your OS language
Subscribe to:
Posts (Atom)