Category Archives: Fedora

Fedora with selinux enabled running OpenVPN using NetworkManager

On a Fedora or CentOS system with enables selinux you need to store your certificate and configuration in /etc/openvpn to avoid selinux is blocking the access of NetworkManager to this files. There is a way of setting some sebooleans to allow selinux to read them from user home directories but for me it didn’t work and I did not investigate. I moved all files on that machine to /etc/openvpn and modified the NetworkManager configuration. Everything works like a charm now. And it is quite more comfortable to configure all the details like if you wish to route all your traffic through that vpn connection or not.

Boot using a iSCSI root from an usb-stick with bridged ethernet device on Fedora/CentOS

Today I had a nice discussion with someone on the Fedora IRC channel about a problem booting from an USB stick with an iSCSI root filesystem and a bridged interface. He was facing the problem that the brctl tool was not available at boot time. CentOS and Fedora are using dracut to have everythink in place you need at boot time. For this use case brctl missed and he was not able to boot his machine.

In his special case he needed to setup the bridge at boot time because his root filesystem needs the connection not to be reconfigured and he needed a bridge device for his later KVM virtualization stuff on that machine. A dedicated second iSCSI interface wasn’t an option.

After reading some dracut documentation I came over a blog post from a Russian which showed how to add the missing brctl binary to the initramdisk and make thinks work.

To include brctl into the initrd for your current kernel run:

dracut -I /sbin/brctl --force

That should create a working initrd with brctl to use the bridge configuration of dracut.

Here you can find the complete forum entry to see how the grub config has to look like to boot it from iSCSI on CentOS7:

http://www.linux.org.ru/forum/admin/10652702

 

Turn splash screen off and remove it from initrd on Fedora 20

To remove the splash screen on Fedora and boot up with details run:

sudo plymouth-set-default-theme details

For me on Fedora 20 it did not work out of the box:

sudo plymouth-set-default-theme details --rebuild-initrd

The new created initrd go the name initrd-3.15.6-200.img and not initramfs-3.15.6-200.fc20.x86_64.img which would be the correct name. Just replace the old initramfs file with our new created one and reboot. Now you should get the detail view while booting your machine.

 

 

Custom Kernel on Fedora 20

The last time I built a Linux kernel for my machine was quite a time ago. In my Linux hacking times when I did my private researches on how Linux works and how the software can be built for it, I used  Gentoo and there it was normal to build every package from source code, including the kernel. The portage system was a copy of the well known ports package system from FreeBSD. It contains all the metadata for the software packages to be built from scratch with its dependencies. But back to my custom and vanilla kernel on Fedora 20.

Prepare your system

You will need the basic C build environment which can be installed using a package group as root or using sudo:

yum groupinstall 'C Development Tools and Libraries'

Download the kernel sources from kernel.org

I picked the last stable version which is current 3.16.1 and downloaded the sources to /usr/src/kernels to extract it there.

To extract a .xz compressed tar archive use:

tar xvfJ <archive.tar.xz>

Configure your kernel

I prefer a minimalistic kernel. That why I am building my own kernel. I don’t like to have support for hardware in my system which I don’t want to use. I don’t use bluetooth, isdn, scsi or legacy audio devices in my workstation and so I decided to remove everything I don’t need.

Change into the kernel source directory you just extracted and run the kernel menu config tool:

cd /usr/src/kernels/linux-3.16.1
make menuconfig

I don’t explain how you have to configure your kernel that it will work for you. This is what you have to learn yourself. Read the options and decide if you need the support for that option. There is a lot of documentation out there how you can configure your kernel. And if you are not sure what hardware you have, you maybe should stay with the generic kernel and explore your system with tools like lsusb, lspci and lsmod.

Build your kernel and install your modules

This is quite easy. To build your kernel just run:

make

And to install the created modules after your build was successful, run:

make modules_install

Install your kernel to boot and create initrd

Now you need to copy your kernel image to /boot:

cp /usr/src/kernels/linux-3.16.1/arch/x86_64/boot/bzImage /boot/vmlinuz-3.16.1

Create initrd:

mkinitrd /boot/initramfs-3.16.1.img 3.16.1

Regenerate the Grub config to add the new kernel option

grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

Reboot and have fun with your new kernel

 

Quake style terminal for KDE

A quite useful extension for my KDE application is yakuake. In my default configuration this shows a terminal window by pressing F12 button and hides the windows by pressing it again. This is widely known as the Quake terminal style from the game which had this behaviour included for its command console.

yakuake on a kde desktop on fedora 20

Dual boot system with UEFI and Fedora 20 and Windows 8.1

In short sentences:

Yes it is possible! Even with secure boot enabled!

The long version:

On my workstation I use a dual boot configuration for some games and my Linux based development and testing. Since I am using a UEFI only configuration it was quite easy to use a dualboot configuration with Fedora 20 and Windows 8.1.

I turned off the legacy mode on my board and reactived the secure boot option I disabled some time ago for testing. The most UEFI boards should come with this options as their default values. Since I connected each system HardDisk/SSD seperated for installation, Fedora couldn’t recognize the Windows disk and the boot menu entries automatically. This was just to protect my data since I am using two equal SSDs with the same size I didn’t want to risk to select the wrong and loose all my data.

The Fedora disk is my first boot disk and I only added these lines to the grub.cfg located on the EFI partition (/boot/efi/EFI/fedora/grub.cfg) to add the Windows entry:

menuentry 'Windows Boot Manager' {
 set root='hd1,gpt2'
 chainloader /EFI/Microsoft/Boot/bootmgfw.efi
 boot
}

That’s it. Reboot and test it. If everything is working as expected you should add this lines the correct way using /etc/grub.d/40_custom

#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.

menuentry 'Windows Boot Manager' {
 set root='hd1,gpt2'
 chainloader /EFI/Microsoft/Boot/bootmgfw.efi
 boot
}

and run:

grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

Make the Fedora/CentOS/RHEL update service the fastest

Since I played with some publish and subscribe protocols in the last months, I came to an idea to speed up the notification and delivery of software updates over the existing mechanism while reducing, or better optimizing, the needed resources.

Here a graphic to show what I try to implement:

Drawing software update push service

As an example in RHEL/CentOs or Fedora you can start yum and pull the latest updates frequently to see if there are some new packages. This can be done with manual cron jobs or the yum-updatesd. Every machine pulls in a defined frequency the complete package index and looks if something new was released. In my understanding it would be more efficient if the system gets notified that some new package is available or even better the system is listening only to updates and information of packages that are installed on that specific machine and need  be monitored. This not only can speed up and optimize the client-server communication this also could be a good way of optimizing the distribution of packages between repository mirrors. Each mirror can be notified if there is a new package and gets it pushed to make the package available as fast as possible.

I am aware that distribution of packages does not need to be optimized by milliseconds but in some environments such a notification mechanism can save money and bandwidth if a lot of clients need to be updated.

My plan is to discuss this with a proposal for a concrete implementation for yum based systems an the developers mailing list of Fedora to get a feeling if this is a real world requirement or if there is no need in optimizing this situation.

Up to now MQTT looks quite promising for me to do the notification mechanism or even push packages to the subscribed machines. With some control server in back this can make package deployment more efficient and faster. The package verification mechanism can work as now only the transport mechanism or the notification of a new package needs to be added to the existing infrastructure. Since MQTT supports SSL/TLS based connections and Websockets there should no bigger problem with security or blocked ports then today.

Latest kernel did not appear to be installed correctly in Fedora 20

Due to a known bug in Fedora 20 with some selinux updates I recognized a connected problem on my machine. While updating some packages I found this message:

Security: kernel-3.12.8-300.fc20.x86_64 is an installed security update
Security: kernel-3.12.7-300.fc20.x86_64 is the currently running version

To fix this and get the latest kernel visible in grub and set as default I needed to reinstall it by running:

yum remove kernel-3.12.8-300.fc20

and

yum update

again. After this procedure the new kernel was available.