off topic -- vm issues
by bruce
Hey group!
Much thanks to all who've replied to some of my posts over time!
I've got an off topic isue, but someone might have pointers in whhere
I can look to debug.
I'm testing digital ocean creating droplets/snapshots/etc..
I've create droplets, and from them - snapshots which have allowed me
to regenerate additional droplets. Droplets are VM/copies of servers..
Snapshots are compressed images.
Recently, I decided to try to "replicate" a droplet of size X to a
smaller size. For the most part, the process works. I have a smaller
working droplet that I can ping/ssh into.
The issue I'm now facing, is that generating a snapshot, followed by
regenerating a new droplet, seems to fail.
The resulting new droplet has an IP, but pinging/ssh'ing into it fails/hangs.
I'm posting to see if anyone has any clue as to what might be
happening. I suspect that in my rsync process xfering files from the
initial droplet to the new droplet (used for the snapshot) that I may
have screwed up some files that are used for the snapshot to droplet
process.
Haven't seen much online relating to this.. Also the DO the support
isn't the best! Again, I realize this is way off topic, but anything
might help at this point.
Comments are greatly welcome!
Thanks!
6 years, 2 months
Issue setting up Gallery3 on Fedora 27
by Steven P. Ulrick
Hello, Everyone
Until recently, I had been successfully running Gallery3 on Fedora 23.
I just did a full install of Fedora 27 (which now has all available
updates installed) and I am having difficulty getting Gallery3 set up.
The web based installer starts as expected, with options to configure a
location to store images at, and to set up a MYSQL database.
I created a MYSQL database using the following commands:
mysqladmin -uroot create gallery3
mysql gallery3 -uroot -e"GRANT ALL ON gallery3.* TO root@localhost
IDENTIFIED BY ''"
But when I click "Continue", the page just goes blank, with no
indication as to what went wrong.
I will gladly provide all additional information that you require.
I have downloaded Gallery3 from their SVN repo. I have also tried with
the RPM from the Fedora repo.
Kind of funny... The reason that I waited as long as I did to upgrade
from Fedora 23 to 27 is because I didn't want to risk failure in setting
up Gallery3.
Another thing: I don't believe that Gallery3 is being developed any
more, and the official support forum appears to have been dead for a few
years, which is why I bring this here.
Thank you,
Steven P. Ulrick
6 years, 2 months
audit system not working
by Eyal Lebedinsky
I am on f26 x86_64, fully updated.
I wanted to find which process keeps my server very busy for about 10 minutes
every few days so decided to use the audit facility to log every launched program.
After some searching I found that I could do
$ sudo auditctl -a always,task
then later I can see what happened with
$ sudo ausearch -i -sc execve|less
and finally remove the rule with
$ sudo auditctl -d always,task
No records were reported by ausearch and no records were added to /var/log/audit/audit.log.
I then noted that this log file is old, the last entry is from 17/Jan
$ sudo ls -l /var/log/audit/audit.log
-rw-------. 1 root root 6789409 Jan 16 14:59 /var/log/audit/audit.log
$ sudo tail -n 1 /var/log/audit/audit.log
type=DAEMON_END msg=audit(1516075173.204:8779): op=terminate auid=0 pid=1 subj= res=success
I then checked another machine and it was similar.
However /var/log/messages regularly includes audit messages.
I saw that the audit packages were updated around that time the logging stopped:
$ sudo grep audit /var/log/dnf.log
2018-01-16T03:33:00Z DEBUG ---> Package audit.x86_64 2.8.1-1.fc26 will be upgraded
2018-01-16T03:33:00Z DEBUG ---> Package audit.x86_64 2.8.2-1.fc26 will be an upgrade
2018-01-16T03:33:00Z DEBUG ---> Package audit-libs.x86_64 2.8.1-1.fc26 will be upgraded
2018-01-16T03:33:00Z DEBUG ---> Package audit-libs.x86_64 2.8.2-1.fc26 will be an upgrade
2018-01-16T03:33:00Z DEBUG ---> Package audit-libs-python3.x86_64 2.8.1-1.fc26 will be upgraded
2018-01-16T03:33:00Z DEBUG ---> Package audit-libs-python3.x86_64 2.8.2-1.fc26 will be an upgrade
2018-01-16T03:33:00Z DEBUG ---> Package audit-libs-python.x86_64 2.8.1-1.fc26 will be upgraded
2018-01-16T03:33:00Z DEBUG ---> Package audit-libs-python.x86_64 2.8.2-1.fc26 will be an upgrade
2018-01-16T03:33:00Z DEBUG ---> Package audit-libs-devel.x86_64 2.8.1-1.fc26 will be upgraded
2018-01-16T03:33:00Z DEBUG ---> Package audit-libs-devel.x86_64 2.8.2-1.fc26 will be an upgrade
2018-01-16T03:33:00Z DEBUG ---> Package audit-libs.i686 2.8.1-1.fc26 will be upgraded
2018-01-16T03:33:00Z DEBUG ---> Package audit-libs.i686 2.8.2-1.fc26 will be an upgrade
...
checking the service status I see:
$ systemctl status auditd
* auditd.service - Security Auditing Service
Loaded: loaded (/usr/lib/systemd/system/auditd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:auditd(8)
https://github.com/linux-audit/audit-documentation
Was it disabled intentionally?
I thought starting the service will do the trick - but no. The system became non responsive and after
a minute I could not even ping it. I switched to a text console and rebooted (CtlAltDel) which took
some time but did eventually reboot.
Feb 13 11:16:02 e7 systemd-journald[521]: Journal stopped
Feb 13 22:16:50 e7 kernel: microcode: microcode updated early to revision 0x1c, date = 2015-02-26
...
The log file (audit.log) was full of repetitions of
type=SYSCALL msg=audit(1518480718.009:8330567): arch=c000003e syscall=232 success=yes exit=1 a0=b a1=56069a5e0660 a2=40 a3=e95f items=0 ppid=1 pid=26480 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditd" exe="/usr/sbin/auditd" key=(null)
type=PROCTITLE msg=audit(1518480718.009:8330567): proctitle="/sbin/auditd"
type=SYSCALL msg=audit(1518480718.009:8330568): arch=c000003e syscall=45 success=yes exit=47 a0=3 a1=56069a5e3850 a2=231c a3=40 items=0 ppid=1 pid=26480 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditd" exe="/usr/sbin/auditd" key=(null)
type=SOCKADDR msg=audit(1518480718.009:8330568): saddr=100000000000000000000000
type=SYSCALL msg=audit(1518480718.009:8330585): arch=c000003e syscall=20 success=no exit=-11 a0=7 a1=7ffcb38e90c0 a2=2 a3=56069a5e3860 items=0 ppid=1 pid=26480 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditd" exe="/usr/sbin/auditd" key=(null)
type=PROCTITLE msg=audit(1518480718.009:8330585): proctitle="/sbin/auditd"
... many repeats of the last two lines...
The system logged many messages like:
kernel: kauditd_printk_skb: 31527 callbacks suppressed
systemd-journald[521]: Missed 1146 kernel messages
kernel: Out of memory: Kill process 1847 (/usr/sbin/httpd) score 1 or sacrifice child
The system was clearly in trouble.
I now wonder if the audit system was replaced by another facility which conflicts with this service.
Maybe the installed packages are leftovers from an old upgrade?
I see a kernel audit thread, running since the last reboot.
$ ps aux|grep audit
root 78 0.3 0.0 0 0 ? S 11:27 0:21 [kauditd]
My questions are:
1) do I need to remove or install any audit packages?
2) how do I set up the audit system properly?
3) How do I log every started program if 'auditctl -a' is not correct?
Maybe 'auditctl -a' is correct, but I need to look at 'messages' and *not* start the service?
TIA
--
Eyal Lebedinsky (fedora(a)eyal.emu.id.au)
6 years, 2 months
Gjots2 latest update
by Frederic Muller
Hi!
Happy user of Gjots2 there was an automatic update over the weekend
which unformately now refuses (well doesn't offer a prompt) to open GPG
encrypted files. So I cannot use it anymore. I downgraded to the
previous version and it's working fine. Not sure if it's me only problem
or where to file a bug.
Please thank you to let me know.
Fred
6 years, 2 months
sda/dev issues.. mounting fstab/exports/mtab..
by bruce
Hi.
I've screwed up a test system. Somehow I've managed to "link/attach" 3 dirs
df -h shows
/dev/vda1 30G 9.0G 19G 33% /
tmpfs 499M 0 499M 0% /dev/shm
/dev/sda 296G 274M 280G 1% /cloud_nfs
/dev/sda 296G 274M 280G 1% /cloud_nfs_fetch
/dev/sda 296G 274M 280G 1% /cloud_nfs_parse
/cloud_nfs is correct..
/cloud_nfs_fetch
/cloud_nfs_parse
-- are wrong...
any thoughts on what I need to change to remove them?? files/processes/etc...
thanks..
6 years, 2 months
lightdm authentication failure for one user
by François Patte
Bonjour,
I have problem with lightdm greeter: one user cannnot log-in: I have
this message in /var/log/lightdm/lightdm.log:
Authenticate result for user cath : User not known to the underlying
authentication module
What does it mean and how to recover?
selinux is disabled.
Thank you.
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte
6 years, 2 months
Replicating base server -> target server (Digital Ocean/Fed/Centos)
by bruce
Hi.
Kind of long ,but might be useful/helpful to others.. Feel free to
comment as you see fit!
I'm using this as a step/guide to recreate/replicate a smaller
droplet/vm from a larger vm within Digital Ocean.
The goal:
Replicate/reproduce the users/processes/directories/files
from a base server to a target server.
To be able to then use the target server in place of the base/initial
server
The base server acts as a nfsClient server to a nfsServer
Doing this to create a smaller vm/droplet from Digital Ocean (DO), and need
to "replicate" a larger droplet/vm.
DO doesn't provide a way to accomplish this!
::::---
This process doesn't deal/handle any iptable/firewall/selinux/dns
issues....
-need to figure out how to deal with these....
Process:
-analyse the base server to get all the existing users
-analyse the base server to get all the existing/running system processes
-analyse the base server to get all the existing/running 3rd party processes
-analyse the base server to get all the existing dirs/files
-analyse the base server to get all the existing sshkey data/files
-analyse the base server to get all the installed rpm/packages
-create process on the target to generate the user/group/passwd
for the users on the base server
-create process on the target to generate the ssh key for the users
to replicate the base users/sshkeys
-create process to copy all the dir/files from the base to the target,
excluding a limited subset of dirs..
-create process to install on the target, all the installed packages from
the base
-
Steps::
-on the target disable selinux for simplicity
vi /etc/sysconfig/selinux
set >> SELINUX=disabled <<
-Create the list of users
-On the target, generate the users/passwd/groups. It appears this
could/should be doable by copying the requisite files from the
base->target with the associated perms..
Decided to do it manually to ensure it matches..
-the users are/were:
root/root_tmp/test_user
-use useradd/passwd to generate the same users/passwd/group as well as
the same uid/gid for the userID/groupID to match the base server
--match the user/passwd/uid/gid so the target matches the base
--if required, mod the uid/gid
usermod -u xx test_user
groupmod -g xx test_user
--at the same time, change/match across the entire dir for any files
to handle user/group owner (do this for all users)
find / -group 500 -exec chgrp -h test_user {} \;
find / -user 500 -exec chown -h test_user {} \;
-change to given user (root/root_tmp/test_user)
set up the ssh keymkdir ~/.ssh
chmod 700 ~/.ssh
echo '' > ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chmod 755 ~ ~/.ssh
update/cpy in the "authorized_keys" file the pub key from the
base/user "authorized_keys" file
at this point, the users are set, and the ssh keys are set..
----------------------------------
Copy the dirs/files....
The process runs on the base, copying/rsync from the base-> target handling
the entire disk from the "/" top.. on down..
The excluded list follows as well as as the rsync cmd..
The file "/etc/skipdirs.rsync" contains:
/proc/*
/sys/*
/dev/*
/media/*
/var/log/*
/var/log/journal/*
**/.cache/google-chrome/***
**/.ccache/***
/BACKUPS/*
/run/media/*
/var/lib/nfs/*
/usr/src/kernels/*
/root/.cache/*
/swapfile
/bin/*
rsync --progress -avAI --exclude-from=/etc/skipdirs.rsync / root@11.22.33.44:/
(shout out to Rick!!)
I intentionally wanted to see all the files xfered as I ran/run the cmd..
-the cmd is run as "root" on the base, to ensure the process has
complete access to all dirs/files..
-the "root" user on the target has access to top level as well..
RPM packages..
-To further ensure the target will mtach the base,
on the base as "root" run
rpm -qa > rpmlist.dat
rsync --progress -avAI /rpmlist.dat root@11.22.33.44:/
and on the target as root
cat /rpmlist.dat | xargs yum -y install
followed by
yum update
--end result is that all the packages on the target should match
the base
::given that this is going to be a "client" to the nfsServer..
-make sure the nfs client utils are available.. they should already
be but check anyway..
on the target as root
install any/all additional packages on the target::
yum install nfs-utils nfs-utils-lib
as root
sudo cat << EOF > /etc/yum.repos.d/google-chrome.repo
[google-chrome]
name=google-chrome - \$basearch
baseurl=http://dl.google.com/linux/chrome/rpm/stable/\$basearch
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub
EOF
yum install -y gcc xorg-x11-server-Xvfb google-chrome-stable
yum install xvfb x11-xkb-utils
yum install xfonts-100dpi xfonts-75dpi xfonts-scalable xfonts-cyrillic
yum install vi
pip install pyvirtualdisplay
python -m pip install --upgrade pip setuptools wheel
easy_install simplejson
yum install libxml2-python
yum install epel-release
pip install -U selenium
pip install pyvirtualdisplay
yum install Xvfb libXfont Xorg
-finally.. install the "stuff" for the selenium/firefox/chrome testing..
wget https://github.com/mozilla/geckodriver/releases/download/v0.19.1/geckodri...
tar -x geckodriver -zf geckodriver-v0.19.1-linux64.tar.gz -O >
/usr/local/bin/geckodriver
chmod +x /usr/local/bin/geckodriver
rm geckodriver-v0.19.1-linux64.tar.gz
ln -s /path/to/file /path/to/symlink
ln -s /usr/local/bin/geckodriver /usr/bin/geckodriver
## Chromedriver
wget https://chromedriver.storage.googleapis.com/2.35/chromedriver_linux64.zip
unzip chromedriver_linux64.zip
sudo chmod +x chromedriver
sudo mv chromedriver /usr/local/bin/
rm chromedriver_linux64.zip
ln -s /usr/local/bin/chromedriver /usr/bin/chromedriver
finally.... on the base....
as root..
vi /etc/ssh/sshd_config
#PermitRootLogin yes
PermitRootLogin no
ok....
if you can see something else that can be done that I might have
missed.. or that would be better.. shout it out.
At some point.. others on DO will be looking for something like this.
Ideally, it would be cool/good to have this in a kind of chef/puppet cookbook.
But that's above my pay grade for now!
thanks
6 years, 2 months
SATA errors (only) when on battery
by Clemens Eisserer
Hi,
Recently my rather old HP Elitebook 2540p with an SSD in the upgrade
bay running Fedora 27 stopped booting when not plugged on.
The laptop is equipped with an 1st gen Intel Core i5 540M processor
as well as an "Intel Corporation 5 Series" SATA controller (lspci
output attached).
I first thought it is a kernel issue with 4.14.16-300.fc27.x86_64, but
4.14.14 is affected as well and it had worked for sure before.
What I wonder - have there been changes to Fedora 27's power
management recently - such udev scripts that enable mroe aggressive
power management?
Any ideas how to debug this issue further?
Is there a way to disable SATA link power management at the kernel command line?
Thank you in advance, Clemens
00:1f.2 SATA controller: Intel Corporation 5 Series/3400 Series
Chipset 6 port SATA AHCI Controller (rev 05) (prog-if 01 [AHCI 1.0])
Subsystem: Hewlett-Packard Company Device 7008
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop-
ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium
>TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 26
Region 0: I/O ports at 3048 [size=8]
Region 1: I/O ports at 3064 [size=4]
Region 2: I/O ports at 3040 [size=8]
Region 3: I/O ports at 3060 [size=4]
Region 4: I/O ports at 3000 [size=32]
Region 5: Memory at d0727000 (32-bit, non-prefetchable) [size=2K]
Capabilities: <access denied>
Kernel driver in use: ahci
6 years, 2 months
Loss of sound volume
by InvalidPath
So I've had a weird.. occasional issue over the last year. So out of the
blue.. without changing any config files or option in in Settings every
single key on the keyboard will register as a volume down key. Alpha keys,
numeric keys, all of them.
Tonight i experienced this for the first it in probably 3 months. Randomly
and without cause each key renders my volume down a notch,
I sincerely hope someone else has encountered this.
6 years, 2 months
