Posts Tagged Linux

Path to building Nginx Mainline RPMs for Fedora & CentOS

Or: How I spent an afternoon doing a deep dive into the RPM spec and solving a problem for myself

tl;dr – Nginx Mainline packages are being built for Fedora & CentOS at

My webserver’s running nginx 1.4.7, a version that hasn’t gotten non-bugfix attention since March 2013, according to the changelog. Oddly enough for a Fedora package, the version in koji is the stable branch – something that makes sense for CentOS/EPEL since that’s a long term support release, but not for Fedora. Doubly annoying was the fact that the packages for Fedora 20 (because Fedora 21 isn’t supported on OpenVZ yet) was one step behind the official stable – 1.4 instead of 1.6.
If I wanted mainline on Fedora, I was going to have to build it from source.
Read the rest of this entry »

, ,

1 Comment

Dual-booting with Dropbox

Or, how to not waste your hard drive space when you’ve got dropbox installed on two OSes on the same drive.

Read the rest of this entry »


No Comments

Why I’m becoming increasingly disillusioned with SELinux

My history with SELinux is a… varied one.

I first remember using it back in Fedora Core 6. I soon gave up on it, the labeling wasn’t consistent and I didn’t have the time nor inclination to relabel everything, especially when a quick one work change in a config file fixed all my problems.

The next time I used it was probably in F10. I ended up disabling it then, for much the same reasons.

Then I got onto F12/13 for my home server, and disabled SELinux again pretty darn quickly, after neither samba nor Apache liked it.

I can’t remember if I ever disabled it on my testing server which was running F15. But when I upgraded the server to F16Beta, I quickly rediscovered SELinux. Mainly because I’d get errors like this one:

avc:  denied  { read } for  pid=1868 comm="dhclient-script" name="ifcfg-br0" dev=dm-4 ino=10894 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

As far as I can tell, that’s SELinux denying the default network setup script from running. br0 is my custom xen bridge, I’ll admit, but it was working fine in F15, and even F16B until a new update came out sometime on or about Oct 20, breaking the network script.SELinux probably lasted the longest on F16B so far, because, for the most part, it worked perfectlyfine until, well, it just didn’t work.

  1. Sudo -i just  didn’t work. I spent about 30 minutes trying to hunt down what was causing the problems – checking /etc/groups, running visudo, the whole shebang. Everything said “Yes, I should be allowed to use sudo!” But sudo would perpetually tell me “User kyl191 is not in the sudoers file. This incident will be reported.”, and it was. My root terminal would get an extra line reading “You hve new mail” after any command was run.
  2. Starting up VMs just outright didn’t work, SELinux blocked access to the disk, but it was never relayed back to xen – Xen would just die with the exception “Cannot find bootloader”. That was my first inkling that SELinux is still in force.
  3. Last straw, SELinux killed my networking setup when it did…. something after an update that was published on/around Oct 21.

Some will argue that my ifcfg-br0 script is in the wrong context, so of course it would fail. To that my only response is “So…what context should I use then?” I’ve got no clue, and I’m sorry, but I’m not about to spend time looking for a list of contexts, and trying to apply them to each and every file I encounter in such a situation.

I’ve trying to write documentation for the Xen project. On my testing server, I’m not going to bother enabling SELinux because it gives me strange errors. For prod servers, I might use it if there was a VM for each service, otherwise the resulting mish-mash of programs tend to lead to unexpected results.

, ,

No Comments

Upgrading to Fedora 16 Beta with yum

So… I saw that Fedora 16 was out in Beta. I decided to try out the supposed Xen dom0 capability, using my old 1U. It had Fedora 15 installed, but nothing on it, so I just decided to blow it all away.

To start, I went and downloaded the Live CD. First problem: I grabbed the x64 version. NOT the i686 version which my 1U needs. Took out the ‘rhgb’ option in the boot line, wondering why it wasn’t starting up, only to be greeted with “This machine requires an i386 kernel, while this kernel is x86_64.”

And that was Derp 1 of the day.

Ok… so do a preupgrade or similar. Reboot into Fedora 15, ssh in. I completely forget about preupgrade, and jump straight to upgrading with yum. A few package upgrade errors where “libnih” can’t find dependencies, easily fixed by doing a “yum provides libnih” followed by “yum erase libnih” and repeat for the packages with errors.

So I’m merrily following the “official upgrade using yum guide“, and I run into another error. This time it’s more serious. Having just followed the instructions to wipe out grub, the bootloader, to my horror I find I can’t install grub2, the new bootloader.

And this is derp 2 of the day: I don’t narrow down the cause. I see “Cannot retrieve metalink for repository: fedora”, and immediately think “Oh, crud, because of the yum upgrade, it can’t determine the release version! And I can’t reboot because the frakkin’ bootloader’s not there!”

Except, it wasn’t a problem with the repo files. The system’s DNS resolving went down. I have no clue why, but I’m just thankful that my SSH session remained open. Add the IPs for and to /etc/hosts, and grub2 downloads & installs.

So far so good.

/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg was taking a suspiciously long time, though, it’s giving messages similar to the ones in this bug. But it seems to be smart enough to test what kernels can support Xen, though it’s not too smart about Xen itself – It has 3 menu entries for Xen, using ‘xen.gz’, ‘xen-4.gz’ and ‘xen-4.1.gz’, all of which are symlinked to ‘xen-4.1.1.gz’. Which itself has an entry. So now I’ve got multiple entries for Xen all pointing to the same Xen install.

As for the grub2-install, using /dev/mapper/pdc_dbijaaabh as the boot drive failed. Using /sbin/grub2-install /dev/disk/by-id/ata-ST3160812A_5LS9P57M also didn’t work.

But, it boots! Still using legacy grub (didn’t wipe out the bootsector, thank god), but, IT BOOTS! 😀

(Also, I’m getting memory errors in dmesg and /var/log/messages. Yay. But that’s a hardware problem, and this system only has to live for another 8 months anyway.)

, , ,

No Comments

Sharing Resources

Or how I’m designing a system such that my stuff doesn’t get mixed up with the family’s docs, but both reside in the same disk. Read the rest of this entry »

, ,

No Comments

Creating a new RAID 6 drive & attaching it to a Xen VM

I have 4 2TB drives in my NAS. They are split into 2 partitions, 500GB and the remaining ~1.5TB. The 1.5TB partitions were used in a RAID5 for media – music, backups of DVDs, etc. The remaining 500GB partitions were supposed to be for crucial documents, stuff that warranted double protection against disk failure.

Except for the past year, I never got around to creating the RAID6. That changed today.

Read the rest of this entry »

, ,

No Comments

When a yum update kills itself…

There’s a bunch of clean up to do.

New kernel isn’t working properly – boot from old one.

Try yum update again, get an error message about an existing transaction.

Have yum-utils already installed, so yum-complete-transactions is a command away.

Even after repeating it multiple times, yum still complains about broken packages.

Turns out yum died in the middle of cleanup, so old packages were still in the rpmDB.

Discovery of the day: package-cleanup –cleandupes will fix that error, even though the list of packages to remove looks very scary.

, ,

No Comments