Fedora 15: a NFSv4 to glusterfs migration HOW-TO
by Dr. Michael J. Chudobiak
As detailed in another thread, we upgraded a few test machines on our
LAN to Fedora 15 (with gnome-shell and firefox), with user folders
served from a NFSv4 server (F14 originally, then F15).
It just didn't work. The F15 desktops would freeze frequently. And
worse, this would freeze ALL desktops on the LAN intermittently, as the
NFS server struggled with client flakiness.
When it did work, Firefox would lose authenticated logins randomly,
presumably due to corruption of its cookies.sqlite file. sqlite and NFS
seems to be a nightmare, for both NFSv3 and NFSv4.
Moving from a NFSv4 server to a glusterfs server solved all of these
problems, and sped up boot times significantly too. glusterfs looks
intimidating at first, because of all its fancy replicating features and
what-not, but it turns out to be trivially easy to set up a simple
server than will replace 95% of the NFS installations out there.
Luckily, you can easily point both the NFS daemon and the glusterfs
daemon at the same export folder, so you can migrate clients slowly over
time.
This HOW-TO is intended to document the process. There are other similar
HOW-TOs out there, but they are all a little out-of-date or don't show
how to enable locking correctly, which is critical for Firefox.
In this example, we export the server's /fileserver folder, and mount it
on /fileserver on the clients. In my server, /fileserver was already
being served by the NFSv4 server, which is fine.
--------------------------------------------
1. On the server:
- yum install glusterfs-server
--------------------------------------------
2. On each client:
- yum install glusterfs-fuse
- mkdir /etc/glusterfs/
- mkdir /fileserver
--------------------------------------------
3. On the server, edit the volume configuration file
(/etc/glusterfs/glusterfsd.vol) so that it looks like this:
volume raw
type storage/posix
option directory /fileserver
end-volume
volume brick
type features/posix-locks
subvolumes raw
end-volume
volume server
type protocol/server
option transport-type tcp
subvolumes brick
option auth.addr.brick.allow *
end-volume
The first stanza selects the basic folder to export.
The second stanza adds file locking to it. This is required to support
Firefox, and some other applications.
The third stanza authorizes everyone to access this file-locked export
over the network.
There is also a /etc/glusterfs/glusterfsd.vol file on the system, for
configuring the management interface. For this simple installation it
does not need to be modified.
--------------------------------------------
4. Restart the server services:
- service glusterd restart
- service glusterfsd restart
I believe the first service is a management service, and the second is
the actual file-export service.
--------------------------------------------
--------------------------------------------
5. On the client, create the /etc/glusterfs/glusterfs.vol configuration
file, which should look like this:
volume client
type protocol/client
option transport-type tcp
option remote-host 192.168.0.3 # use YOUR server IP here
option remote-subvolume brick
end-volume
--------------------------------------------
6. On the client, add this line to the end of /etc/rc.d/rc.local:
mount -t glusterfs /etc/glusterfs/glusterfs.vol /fileserver
--------------------------------------------
7. On the client, reboot, and check /var/log/messages for errors. On one
machine, we had an selinux problem that was flagged in the logs. We had
to manually create the logging file using:
touch /var/log/glusterfs/fileserver.log; reboot
--------------------------------------------
8. On the client, see if you can access the files in /fileserver. If
not, read the /var/log/glusterfs/* files on both the client and the server.
At this point, everything should work!
Weird things and gotchas:
A. You need the file-locking option to make Firefox work properly.
B. LibreOffice wouldn't start on one system, until we did:
rm ~/.libreoffice
rm ~/.openoffice.org
C. selinux prevented the creation of log files on one client, which
prevented the filesystem from mouting. The manual fix noted above fixed
that.
D. This HOWTO mounts the glusterfs from /etc/rc.d/rc.local, which is the
last step in the boot process. In theory, you can mount it from
/etc/fstab or using autofs. However, we found that autofs mounting just
didn't work - not sure why. fstab mounting didn't work either - I
suspect it occurred too early in the boot process. /etc needs to be up
and running so glusterfs can read the config file, and I don't think the
current init/systemd files handle this correctly. There are some Debian
bug reports about this that you can google.
I hope this is useful to someone, and that we can finally drive a stake
through the heart of NFS...
- Mike
9 years, 4 months
kadischi post failed -- Reposted here -- iptables always started no matter what
by Phil Meyer
Please tolerate this post intended for the livecd-creator list. They
are bouncing me now days. Maybe its time I changed deodorant? I dunno ...
I am desperate!
---
livecd-tools-15.7-1.fc15.x86_64
Kickstarts all contain:
firewall --disabled
selinux --disabled
I even went as far as this:
%packages
---
[stuff deleted]
---
-system-config-firewall*
and
%post
---
[stuff deleted]
---
/sbin/chkconfig iptables off
/sbin/chkconfig ip6tables off
echo '#' > /etc/sysconfig/iptables
echo '#' > /etc/sysconfig/ip6tables
echo '#' > /etc/sysconfig/iptables-config
echo '#' > /etc/sysconfig/ip6tables-config
echo "#\n--disabled" > /etc/sysconfig/system-config-firewall
%end
What happens is that /etc/sysconfig/iptables, /etc/sysconfig/iptables,
and /etc/sysconfig/system-config-firewall ALWAYS get recreated AFTER
%post runs!
That causes the iptables kernel modules to load, and filtering started,
even though iptables is actually configured for off and does not start.
What is doing that? I cannot find it.
Any help is appreciated.
Thanks!
9 years, 5 months
How to setup IPSEC client?
by Eric B.
Hi,
I'm trying to setup FC14 with an IPSEC client to connect to my VPN at
work. I have been given a PEM/KEY file for authentication (and a p12 if
needed) but I can't seem to figure out how to configure IPSEC. I've
been trying to read up on it as much as possible, but I just can't get a
good grasp on how to do this.
I have all the settings I need, but I just can't figure out how/where to
configure them. The Network Manager tool doesn't have anything that
supports PEM/Key certificates, and the same goes for the Network
Configuration gui as well.
Can anyone please point me in the right direction how to best set this up?
Thanks!
Eric
9 years, 5 months
selinux + mailman +postfix security problem (F14)
by Fulko Hew
On Fedora 14, I am setting up postfix and mailman.
I had this working once, but I decided to yum erase postfix and mailman
and redo the configuration to prove I knew how to recreate it.
Turns out I don't know how to recreate a working combination
because when creating a new list I now have mailman error log that
talks about:
command failed: /usr/sbin/postalias /etc/mailman/aliases (status: 1,
Operation not permitted)
and a corresponding AVC error:
Aug 25 10:28:54 (null) (null): audit(1314282534.501:4326): avc: denied {
search } for
pid=12121 comm=postalias name=postfix ino=295074 dev=dm-0
scontext=system_u:system_r:mailman_cgi_t:s0
tcontext=system_u:object_r:postfix_etc_t:s0 tclass=dir
Suggestions?
Fulko
9 years, 5 months
Kernel bug ?
by linux guy
I get the following when I boot F15 on my Dell Duo.
kernel BUG at drivers/media/media-entity.c 346!
invalid opcode: 0000 [#1] SMP
Modules linked in: snd_hda_codec_conexant uvcvideo(+) microcode(+)
snd_hda_intel(+)....
It goes on from there, including a Call Trace.
My Duo won't boot because of this problem.
Its also not displaying the grub kernel selection screen. It just boots.
It runs F15 Live just fine.
How do I fix this problem or what can I do to work around it ?
Thanks
9 years, 5 months
Latest update boots to blank screen (nvidia)
by CS DBA
Hi All;
I have an IBM Thinkpad with an Nvidia card ( nVidia Corporation GT218
[NVS 3100M] (rev a2) )
I currently have the nouveau driver black listed in my grub.conf setup:
/rhgb quiet nouveau.modeset=0 rdblacklist=nouveau/
I did the update which installed/updated the following:
---> Package kernel.i686 0:2.6.35.14-95.fc14 set to be installed
---> Package kernel-devel.i686 0:2.6.35.14-95.fc14 set to be installed
---> Package kernel-headers.i686 0:2.6.35.14-95.fc14 set to be updated
---> Package kmod-nvidia.i686 1:280.13-2.fc14 set to be updated
However when I reboot the system boots to a blank screen, and even the
previous kernel boots to a blank screen.
I tried installing akmod-nvidia but get the same results
I've restored the system back to before the update for now...
Thoughts?
Thanks in advance
--
---------------------------------------------
Kevin Kempter - Constent State
A PostgreSQL Professional Services Company
www.consistentstate.com
---------------------------------------------
9 years, 5 months
I think we need a discussion
by David L. Gehrt
These are a few thoughts that have been fermenting in my mind, but I view
this email as only a possible set of discussion topics. Anyway, I feel
better having said this.
I am a long time user of UNIX/Linux distributions: Slackware, RedHat,
Fedora, Suse and Ubuntu. I am of the opinion that Linux may be at or close
to a crossroad moving from a computing genre in which the users and
developers make cooperative decisions on alternative development paths to
one in which changes are imposed by developers. In my view this represents
A move from an open computing environment to a closed (or more closed) one.
For me it is not just that the Gnome2 environment is being replaced with a
new version, it is that this new version, Gnome3, was seemingly developed
without much consideration of how the former version, Gnome2, was being used
and then imposed on users.
If I am off base here I am confident that this forum will point out the nature and extent of the perceived errors.
I have long hoped for a future in which the UNIX/Linux computing environment
would become a more significant player in the desktop world of user
currently stuck with Microsoft Windows. But what seems to be happening is
that the user interfaces (UI) being developed being developed for the Linux
future are trending towards UI in Microsoft Windows.
What this seems to imply is that in the future the mainline Linux UI will be
characterized features imposed, and by lack of flexibility. This lack of
flexibility means that users are presented with a computing environment with
features thought desirable by developers and which provide little or no way
for users to modify their computing environment in ways that meet their
needs and preferences.
I suspect without knowing that this is someones idea of how to turn a profit
by moving Linux to more profitable place on corporate desktops. I am not
directing this criticism solely at the Gnome3 developers or the RedHat role
in the Fedora background. One need only look at the Unity desktop with
which Canonical is trying to replace its version of the Gnome desktop. It
seems to suffer some of the same inflexibility and misfeatures as I see with
Gnome3.
I say a pox on both these developments. At least in Ubuntu you have the
option of selecting the "classical" (Gnome2 or Gnome2 like) desktop on log
in. Having started an experiment with Ubuntu on a laptop to see if Windows
users might find it more usable than Fedora, I have now converted my laptops
to Ubuntu while waiting to see if there is anything left of the flexibility
and utility I used to see in the UNIX/Linux UI. If not, I despair.
As a footnote: I have observed over my decades using and developing
computing environments to replace a manual system or formerly use software
which users had used, any number of developed systems that were unused
because the people using them were not consulted about the new system.
There any number of expensive developments in the Government that have
failed because developers failed to consider the actual job to be supported
by software. The recent failed (or failing) computing system being
developed for the FBI. The beauty of Federal Government computing projects
is that their failures make news. I suspect business entities are more
successful at concealing the failures. he bottom line is that in he absence
of consultation with users s/w developers are not very good at meeting the
needs of users
As a country is the US becoming incompetent? The aforementioned s/w
development failures, NASA sending the Hubble up without checking the
collimation of the telescope first, the poor performance of our schools and
the failure to produce the scientists and engineers we need now. This does
not seem to be an exhaustive list of problems we face.
dlg
David L. Gehrt Land Line: 805.541.2390
1865 Wilding Lane Cell Phone: 805.704.5890
San Luis Obispo, CA 93401-3044 Internet: dlg(a)inanity.net
9 years, 6 months
Does the Asus Xonar DG sound card work well in F14?
by Richard Shaw
I'm having issues with my builtin audio. At first I thought it was the
new speakers I bought. I know they're not quite as my Cambridge
Soundworks but the external 5.1 decoder is having issues so I figured
it was time. I hear a high tinny noise and assumed it was the cheap
amplifier but after plugging in some old but nice SGI headphones I
still heard it.
To that end I'm in the market for an inexpensive sound card but don't
want to go too cheap and get something equivalent to my onboard audio.
I found the Asus Xonar DG[1] for a decent price but it uses the
CMI8786 which is supported in alsa 1.0.24 (which I have) OR kernel
2.6.38, which I don't. I'm really hoping the OR is right and it's not
supposed to be an AND.
Interestingly enough this chip doesn't appear to have internal volume
controls so I'll have to rely on PulseAudio.
Anyone have this card working (well)? Even though it's not a big
investment I'd like to know someone has it working.
Richard
9 years, 6 months
Gnome3: don't have anymore the language selection box and the keyboard selection box in gdm
by Eric Doutreleau
Hi
I have just installed fedora15 and therefore move to gnome3.
we have several hundreds of pc in lab environnement where 4000+ users
can log in.
There s a lot of different nationalities among these users and i have
dozens of languages installed.
In fedora 13 people could select ( after typing their login ) selecting:
the WM
The language
the keyboard
Now i have only access to the choose of WM.
Does someone know how i can get back the two other selection box?
Thanks in advance for any help
--
Eric Doutreleau
9 years, 6 months
how to fix rpm database
by Michael Hennebry
yum and rpm have different ideas about wether three packages are installed:
[root@localhost log]# rpm -V 1:tk-8.5.9-2.fc14.i686
1:tix-8.4.3-5.fc13.i686 1:numpy-1.4.1-6.fc14.i686
package 1:tk-8.5.9-2.fc14.i686 is not installed
package 1:tix-8.4.3-5.fc13.i686 is not installed
package 1:numpy-1.4.1-6.fc14.i686 is not installed
[root@localhost log]# yum install 1:tk-8.5.9-2.fc14.i686
1:tix-8.4.3-5.fc13.i686 1:numpy-1.4.1-6.fc14.i686
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
Setting up Install Process
Package 1:tk-8.5.9-2.fc14.i686 already installed and latest version
Package 1:tix-8.4.3-5.fc13.i686 already installed and latest version
Package 1:numpy-1.4.1-6.fc14.i686 already installed and latest version
Nothing to do
[root@localhost log]#
yum reinstall runs, but doesn't help.
What will.
This seems to have happened after I tried to play a
Macromedia Flash data (compressed), version 10 aka
Shockwave Flash file (application/x-shockwave-flash) .
The former came from the file command, the latter from right-clicking.
The first time, right-clicking produced an offer to search for a package.
I clicked on yes .
During the install, I got a "warning" about something aborting.
Now right clicking produces an offer to open
with vnc2swf Screen Recordings Player.
It doesn't work.
A window comes up and disappears without even achieving opacity.
How do I play the file?
--
Michael hennebry(a)web.cs.ndsu.NoDak.edu
"Pessimist: The glass is half empty.
Optimist: The glass is half full.
Engineer: The glass is twice as big as it needs to be."
9 years, 6 months
