Changes for June-Aug 2009: stage 1

Planned downtime and current issues.

Moderator: drgrussell

Post Reply
drgrussell
Site Admin
Posts: 426
Joined: Sat Feb 12, 2005 8:57 pm
Are you a robot or a human?: Human

Changes for June-Aug 2009: stage 1

Post by drgrussell » Thu Jun 18, 2009 10:26 am

linuxzoo is being revamped this summer, with lots of changes. Hopefully it wont cause any real downtimes.
The work for the next 2 weeks is as follows:

(1) All internal servers are being updated to fedora 11. This should not produce any obvious differences to users, as this is done 1 node at a time.
(2) Fedora 11 will be offered as the default virtual machine to users. Fedora 2, the current system, is just too old.
(3) New main server node: upgrading to a bigger raid10 platform with more memory.
(4) All internal nodes are having memory upgrades.
(5) Some juggling of the internal nodes to maximise availability.

Changing to fedora 11 for virtual machines may cause tutorials to fail, as the way the check button works is tied in with the version and configuration of the machines. I will go through all tutorials over a few days and fix any problems I find. I will try to keep the system running 24x7, but when the main server node is switched out there may be downtime. Last server switch took about 4 hours.

later stages involve the replacement of my back-end client software from a custom server architecture to one driven by cgi. Again this change should not be noticed by normal users, except there will be improved performance (hopefully). This is an initial step to changing the back end architecture to support multiple virtual machine engines such as qemu and vmware. We have also had promising experiments with windows 2003 virtual machines, which may be offered to validated users depending on our results.

drgrussell
Site Admin
Posts: 426
Joined: Sat Feb 12, 2005 8:57 pm
Are you a robot or a human?: Human

Re: Changes for June-Aug 2009: stage 1

Post by drgrussell » Thu Jun 18, 2009 3:06 pm

Progress:
(1) Updated 1 node to fedora 11. Looks ok.
(2) Building a UML kernel 2.6.30 to allow testing of fedora 11 as a virtual machine.

drgrussell
Site Admin
Posts: 426
Joined: Sat Feb 12, 2005 8:57 pm
Are you a robot or a human?: Human

Re: Changes for June-Aug 2009: stage 1

Post by drgrussell » Mon Jun 22, 2009 4:58 pm

(3a) Have fedora 11 running in the linuxzoo chroot

Ready to start small-scale testing of fedora 11 within linuxzoo itself. You may see it in the dropdown when you
boot a machine. Remember this is not a good idea yet, and only works anyway if you are on the right node (10.0.2.*).
Best avoid this selection!

Things I have learned:
  • I want to write tutorials for SELinux targetted mode. Fedora 11 needs its initrd to switch on SELinux. Normal distributions do this in init. No choice but to load an edited version of the fedora 11 initrd in order to get this working. Ugly and full of nash magic. But if you dont want SELinux, you dont really need the initrd.
  • With no graphical console, you dont get gdm etc. Thus no prefdm. Thus /etc/event.d/prefdm never succeeds. Comment the lines of this file out, then edit /etc/event.d/tty? so that then run at rd5.
  • I like running without module support. It just "feels" safer. Fedora 11 mildly hates this. Ended up setting permissions on modprobe to 000. Dont do this to lsmod, just find it in /etc/init.d/iptables and ip6tables and comment it out. Remember to change the defaults for the firewall to not unload modules too.
  • The .config for the needed kernel is just trial and error. Not sure if it is right yet.
  • execshield runs in fedora 11 by default. Not sure if this is wise for user mode linux, and not sure if its solution of increasing the brk means it uses more memory. I will turn it off if it becomes tiresome.
  • The node log has things like "2.6.30[10766] general protection ip:82ba8d0 sp:b85f934 error:0 in 2.6.30[8048000+3c4000]". Worrying but seems to have no effect. One to watch.
  • You cannot compile the UML kernel in fedora 11. Fortunately I have some fedora 10 servers and it compiles fine in that.
  • You have to watch SELinux like a hawk, or things just stop working. Keep an eye on the log to see what you have to restorecon next...
  • I prefer to disable udev, as it slows the boot down. But every attempt to do this causes a storm of errors. Its possible to disable udev but SELinux info must be preserved carefully. I think I will just live with udev for now.
  • I could go on, but by now everyone will have fallen asleep.

drgrussell
Site Admin
Posts: 426
Joined: Sat Feb 12, 2005 8:57 pm
Are you a robot or a human?: Human

Re: Changes for June-Aug 2009: stage 1

Post by drgrussell » Tue Jun 23, 2009 11:28 am

SELinux seems to dislike in.telnetd. I am no selinux expert, but thanks to:
http://docs.fedoraproject.org/selinux-f ... #id2961385

I loaded the likely problems from /var/log/audit/audit.log, and saved them to a file in tmp.
Then i ran

Code: Select all

audit2allow -M local < tmpfile
semodule -i local.pp
The local.te file produced was:

Code: Select all

::::::::::::::
local.te
::::::::::::::

module local 1.0;

require {
        type chkpwd_t;
        type user_devpts_t;
        type telnetd_devpts_t;
        type telnetd_t;
        class chr_file { read write setattr };
}

#============= chkpwd_t ==============
allow chkpwd_t telnetd_devpts_t:chr_file { read write };

#============= telnetd_t ==============
allow telnetd_t user_devpts_t:chr_file setattr;
If you do edit this yourself, you need to compile it before loading it, which is done via:

Code: Select all

checkmodule -M -m -o local.mod local.te
semodule_package -o local.pp -m local.mod 
And you thought selinux was hard! :wink:

drgrussell
Site Admin
Posts: 426
Joined: Sat Feb 12, 2005 8:57 pm
Are you a robot or a human?: Human

Re: Changes for June-Aug 2009: stage 1

Post by drgrussell » Wed Jun 24, 2009 4:10 pm

Validated the tutorials up to and including the firewalls tutorial using the fedora 11 image.
Some changes were needed but nothing too bad. However these tutorials may not completely work now for fedora 2.
During this transitional period you will need to be patient. Sorry about that.

Gordon.

drgrussell
Site Admin
Posts: 426
Joined: Sat Feb 12, 2005 8:57 pm
Are you a robot or a human?: Human

Re: Changes for June-Aug 2009: stage 1

Post by drgrussell » Wed Jun 24, 2009 11:15 pm

Recovery console bug is identified. Seems like in the latest version of Perl,

Code: Select all

<&=
is not the same as

Code: Select all

>&=
Of course they dont look the same, and the manual says they were different, but they used to work the same. Easy fix... do it the way the manual says. For once the C dup commands seem clearer than perl method. Not that I would dream of writing this all in C!

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest