I after installing Fedora7 I thought I’d take a look at the stats the project had gathered, I saw some centos devices, but couldn’t find a rpm.

I’ve had a go at building one, it mostly works (this is my nagios box), it’s a rebuild of the f7 source, I have to frig about with the spec file, so I’ve published my source rpm here, search for Nick in the .spec file, you’ll see my bodge.

The smolt rpms are in my yum repo, feel free to download the packages and have a go.

• smolt-0.9.8.1-1.noarch.rpm
• smolt-firstboot-0.9.8.1-1.noarch.rpm
• smolt-gui-0.9.8.1-1.noarch.rpm
• smolt-server-0.9.8.1-1.noarch.rpm

Why has it taken me so long to spot this ? Looks like this draft was written on the 13th May, if I hadn’t have been just about to download FC7 then I’d have missed it !

EPEL – Fedora Project Wiki
EPEL is a volunteer-based community effort from the Fedora project to create a repository of high-quality add-on packages that complement the Fedora-based Red Hat Enterprise Linux (RHEL) and its compatible spinoffs like CentOS or Scientific Linux.

About time, and thank you redhat/fedora, want fedora extra packages in centos, then install this epel-release .rpm frickin’ sweet !

Whilst doing some routine maintenance, I noticed that I never published the rkhunter rpm I built, the software is officially supported at rootkit.nl but for ease I wanted a yum available rpm

There are somethings that you just never get round to, my nagios box was still running whitebox linux, and I’ve finally gotten round “upgrading” it to CentOS… yeah ok, upgrade is arguable, but you get my point.

First off a warning: Don’t do this ! All the documentation, for CentOS, RHEL, Fedora, any redhat linux all say, clean installs are the best way, and upgrades are not advised…. therefore I offer no support or warranty that this will work, in fact, I you advise you to read this post, but step away from your consoles !

But, if you think it might be a laugh, the centos documentation is a bit old, and not 100% correct, so here is what I did. First up (as root – obviously), clear out your yum cache,and install the CentOS gpg key.

yum clean all
rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4

Next, install some base centos packages, take not that some need to be forced on

rpm -Uvh --nodeps http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/centos-release-4-4.2.i386.rpm
rpm -ivh http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/python-elementtree-1.2.6-4.2.1.i386.rpm
rpm -ivh http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/python-sqlite-1.1.7-1.2.i386.rpm
rpm -ivh http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/sqlite-3.3.3-1.2.i386.rpm
rpm -Uvh --force http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/python-urlgrabber-2.9.8-2.noarch.rpm
rpm -Uvh --nodeps http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/yum-2.4.3-1.c4.noarch.rpm

finally remove the whitebox rpm db.

rpm -ev rpmdb-whitebox

Move any “whitebox” mirrors still in /etc/yum.repos.d and

yum install rpmdb-CentOS

Once you have that sorted, you can complete the upgrade with

yum update
reboot

& cross your fingers
If you come across the following warnings while using yum: Warning, could not load sqlite, falling back to pickle , I found…

yum install python-sqlite

Fixed the problem. And there we have it, all my boxes are now running CentOS – yay – just in time to look at the CentOS 5 upgrade

Dependency Problems ?
If a whitebox rpm is newer than the CentOS one, it won’t get upgraded, this might cause problems when installing new packages via yum. To solve the problem download the rpm manually from http://www.centos.org/modules/tinycontent/index.php?id=13 and force an upgrade

rpm --force -Uvh Something-CentOS.rpm

UPDATE: If you’re using something like Root Kit Hunter, you will notice a load of md5 hashes fail, these are whitebox rpm’s that didn’t need upgrading, to correct the problem you need to replace these with CentOS versions.. example rkhunter output:

/sbin/init  [ BAD ]

Find which rpm, init belongs to

# rpm -q --whatprovides /sbin/init
SysVinit-2.85-34.3

and upgrade it

wget http://www.mirrorservice.org/sites/mirror.centos.org/4.4/os/i386/CentOS/RPMS/SysVinit-2.85-34.3.i386.rpm
rpm --force -Uvh SysVinit-2.85-34.3.i386.rpm

A couple of weeks ago, I was proper ill with flu; the problem with looking after your own server is that only you can fix it – it’s well and good having monitoring systems (nagios) telling you about faults, but if you can’t read or see the alerts the fault won’t get resolved.

During this time I was ill, for an unknown reason the mySQL process on my server died, as such my website (and others I look after) were down for 8 hours. The fix was simple, one command, restart the service and normal service was resumed (excuse the pun).

This led to me to the conclusion that there must be a way to get the server to fix it’s self. after all, why do a job when you can get a computer to do it for you ! Fortunately I had a light bulb moment and realised that I could use the init scripts that are provided by redhat, the below code will restart apache (httpd) and mySQL on a redhat based system in the event that the service was not stopped cleanly. (In-fact this config has only be tested on CentOS, your mileage may vary on anything else)

#!/bin/bash

# taken from redhast default scripts - /etc/rc.d/init.d/functions

# Set up a default search path.
PATH="/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin"
export PATH

status() {
        local base=${1##*/}
        local pid

        # Test syntax.
        if [ "$#" = 0 ] ; then
                echo $"Usage: status {program}"
                return 1
        fi

        # First try "pidof"
        pid=`pidof -o $$ -o $PPID -o %PPID -x $1 ||
             pidof -o $$ -o $PPID -o %PPID -x ${base}`
        if [ -n "$pid" ]; then
# Uncomment this if you want OK messages
#               echo $"${base} (pid $pid) is running..."
                return 0
        fi

        # Next try "/var/run/*.pid" files
        if [ -f /var/run/${base}.pid ] ; then
                read pid < /var/run/${base}.pid
                if [ -n "$pid" ]; then
                        echo $"${base} dead but pid file exists"
                        /etc/init.d/${base} restart
                        return 1
                fi
        fi
        # See if /var/lock/subsys/${base} exists
        if [ -f /var/lock/subsys/${base} ]; then
                echo $"${base} dead but subsys locked"
                /etc/init.d/${base} restart
                return 2
        fi
        echo $"${base} is stopped"
        return 3
}

# found in /etc/init.d/httpd
httpd=${HTTPD-/usr/sbin/httpd}

status mysqld
status $httpd

If you save this, as /etc/cron.hourly/auto_recovery.sh , then do chmod +x /etc/cron.hourly/auto_recovery.sh , assuming you’ve not changed the default cron setup, every hour mySQL & httpd will be checked, if they have died the’ll be restarted and root will get an e-mail about what happened.

Cool eh !

A final finishing touch: I wanted to change the default “Database Down” error messages on my two most popular applications.

• Melvin Rivera has written a tutorial on how to customize the wordpress error page, note that it involves editing a file outside of wp-content, that means you’ll have to re-do this “hack” every time you upgrade wordpress.
• PHPBB: Setting a custom error page on that is really easy, first create a php page displaying your message. Then at the bottom of /path/to/phpbb-install/includes/db.php you’ll see

  // Make the database connection.
  $db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false);
  if(!$db->db_connect_id)
  {
  message_die(CRITICAL_ERROR, "Could not connect to the database");
  }

  change it to

   // Make the database connection.
  $db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false);
  if(!$db->db_connect_id)
  {
   include("/path/to/my-custom-error-page.php");
          die();
  }

Now if you database dies, for the time it’s down (before cron fixes it) wordpress & phpbb sites would get a much prettier error message. Obviously there’s no solution for apache as there’s nothing to serve the pages, but hopefully this kind of thing doesn’t happen to often

Recently I decided to re-organise my bookmarks toolbar, and added links to my nagios and cacti installations. I noticed that the favicons where missing.

For cacti, there’s a how to, but I found it a little over kill – I didn’t need step 2 , as my catci install is an rpm from dag, and I didn’t bother with step 4, as it worked without it, but hey ymmv!

Nagios was simpler, depending on how you installed nagios, will effect file permission , owners, directories etc. Again, I’ve got another dag rpm, so for me I logged in as root,

cd /usr/share/nagios/
wget http://www.nagios.org/images/favicon.ico

then edit index.html. just before </head> , insert

<link rel="shortcut icon" href="/nagios/favicon.ico" type="image/x-icon" />

refresh your browser (delete the cache if necessary), and job done !

I think it’s safe to say, if you can’t get something to work then the manual is rubbish or the user is stupid, with setting up snmp v3 on linux, the user is me, so the fault is probably lies there.

SNMPv3 moves away from the community string idea from older version, and into a username & password combo. The correct tool for creating users is snmpusm, but no matter how many times I read the man page I can’t work it out. I get that you copy a user from the initial user, but how do you create the initial user ? If I try on my box I just get an “snmp timeout” error.

I found a work around for my stupidity, on redhat based boxes (RHEL, CENTOS, WHEL, FEDORA) there is a development package to do the job, so to to get the snmp v3 encrypted goodness going run,

yum install net-snmp-utils net-snmp-devel

Yum will pick up the dependencies you need. Now as root, run (make sure snmpd is stopped first)

/usr/bin/net-snmp-config --create-snmpv3-user -a PASSWORD MYUSERNAME

You’ll get the following output…

adding the following line to /var/net-snmp/snmpd.conf:
   createUser MYUSERNAME MD5 "PASSWORD" DES
adding the following line to /usr/share/snmp/snmpd.conf:
   rwuser MYUSERNAME

Before testing make sure that UDP 161 is permitted through iptables, and restart snmpd

/etc/init.d/snmpd start

now from another box, you can test, snmpwalk is the command, if it works your screen will fill up with loads of interesting snmp stuff, if it fails you’ll get an error. Timeout usually means UDP 161 is blocked or they can’t ping each other, and you’ll get authentication failure messages if there is a problem with your snmp accounts.

snmpwalk -v 3 -a md5 -A PASSWORD -x des -X PASSWORD -u MYUSERNAME IP.ADD.RE.SS

good luck !

I don’t know everything about linux, who does ? So if I put one into a production environment I want to know if anything changes.

It took a couple of goes, but I finally managed to build a tripwire rpm for Redhat Enterprise Linux, I’ve been testing it for a couple of weeks, all looks good.

It’s available from my files directory or my repo , if you have any problems let me know

This has been on my to do list for a while… I have finally converted my little reporsitory of rpm’s into a proper yum repo !

The old xfce repo has been mergered into a new Whitebox repo, which in fact can be used for CentOS, WBEL or Red Hat Enterprise Linux (RHEL).

A new fedora repo exists as well, those with a keen eye will see new rpm sections for FC5 64_86 (my new pc!).

All packages will be signed with my gpg key, and config files can be found here:

• linickx-fedora.repo

  [LINICKX]
  name=LINICKX Fedora Yum Repo
  baseurl=http://www.linickx.com/files/rpm/fedora/$releasever/$basearch/
  gpgkey=http://www.linickx.com/files/GPG-KEY-NICK
  gpgcheck=1
  

• linickx-whitebox.repo

  [LINICKX]
  name=LINICKX WBEL Yum Repo
  baseurl=http://www.linickx.com/files/rpm/whitebox/$releasever/$basearch/
  gpgkey=http://www.linickx.com/files/GPG-KEY-NICK
  gpgcheck=1
  

copy the .repo’s into your /etc/yum.repo.d dir and you should be away ! Let me know if you have any problems

Sorry yum friends, when I saw the announcement from xfce about Xfce 4.2.3.1 I sighed, not because my love for xfce has changed, but I remember what I’d forgotten.

When my place of work moved office I lost my white box build server as soon as I’ve got one, I’ll get the rpms built, in the mean time please see www.xfce.org

Maybe it’s just me, but I found it incredibly hard to find how to NIC Teaming in linux similar to compaq network card teaming.

Now I’m fully aware that hp provide an official “pack” (Google Search Results Here), but what if you don’t have a supported server ? – Like me ! I’ve actually got an old hp netserver lp1000r.

Well after an age of searching, I found redhat’s page on the issue. , it was the usual scenario, if you don’t know the right word, how can the search engine find it ?

For those that just want to get it working, below are the 3 config files you need ( Save them in /etc/sysconfig/network-scripts/) once you’ve created them add

alias bond0 bonding

to /etc/modules.conf

ifcfg-bon0

DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
NETWORK=192.168.2.0
NETMASK=255.255.255.0
IPADDR=192.168.1.1
USERCTL=no

ifcfg-eth0

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no

ifcfg-eth1

DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no

Once I’d updated modules.conf & created the above files I did a reboot (to ensure bond0 get loaded into the kernel) . When the box finishes rebooting you’ll have a load balanced team. In my case a 200mb Ethernet connection

[nick@WhiteBox nick]$ ifconfig -a
bond0     Link encap:Ethernet  HWaddr 00:30:6E:05:64:D7
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:373134 errors:0 dropped:0 overruns:0 frame:0
          TX packets:274144 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:38984323 (37.1 Mb)  TX bytes:37004178 (35.2 Mb)

eth0      Link encap:Ethernet  HWaddr 00:30:6E:05:64:D7
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:186460 errors:0 dropped:0 overruns:0 frame:0
          TX packets:137072 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:19476584 (18.5 Mb)  TX bytes:18475825 (17.6 Mb)
          Interrupt:11 Base address:0x1800 Memory:fb001000-fb001038

eth1      Link encap:Ethernet  HWaddr 00:30:6E:05:64:D7
          inet addr:192.168.2.101  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:186674 errors:0 dropped:0 overruns:0 frame:0
          TX packets:137072 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:19508259 (18.6 Mb)  TX bytes:18530361 (17.6 Mb)
          Interrupt:11 Base address:0x1840 Memory:fb003000-fb003038

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:698888 errors:0 dropped:0 overruns:0 frame:0
          TX packets:698888 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:80164429 (76.4 Mb)  TX bytes:80164429 (76.4 Mb)

XFCE 4.2.2 has been released, and to be honest I’ve struggled to get the rpm rebuilds done… just no time :’( !

Anyway the official announcement was here

http://foo-projects.org/pipermail/xfce-announce/2005-May/000021.html

You can update your whitebox installation using [LINICKX].com ! Check that you have something like this in your /etc/yum.conf…

Then… from a shell do:

…and your done

I’ve got a few posts in my wordpress drafts that are based around rebuilding RPMS, I figure that before I finish them it makes sense to wrte a Getting Started Guide.

The first thing is based around the “Unix Golden Rule”: Only use root when you have to.

To rebuild rpms you need a cirtain directory stucture, it is located in /usr/src/redhat, but since it is owned by root you’re gonna need on in your $HOME. The following does the job:

Next: you need a Source RPM, these are usually found with any other RPM, except they end .src.rpm rather than .i386.rpm or similar. Start with something simple like wget; (Sometimes building rpms requires dependancies) now this import, install as your normal user NOT root.

This will put all of the source in wget-1.9.1-17.src.rpm into your $HOME/rpmbuild directory, specifically you’lll find the actual sources in $HOME/rpmbuild/SOURCES and a SPEC file in $HOME/rpmbuild/SPEC. The Sources are all the files you need; so the source.tar.gz that you’d usually run the “holy trinity” (configure, make, make install ) against, and any patches. The SPEC file is what turns the sources & patches into the RPM, so if you want to change the RPM in anyway, like change the changelog (i.e. packaged by [NICK] ) you edit the spec file.

So to turn the src.rpm into an installable file you run.

and in $HOME/rpmbuild/arch/will be wget-1.9.1-17.arch.rpm (in my case arch is i386; oh and sometimes you get a debug rpm, which gives you some developemnt stuff you might need), and now you have an exact copy of the wget RPM built by Redhat but this one was built by your fair hands

So to Install as root or using sudo

& you’re done ! So now if you find a src.rpm but not one to install, now you can build your own.

Here are some useful References :

Better Living Through RPM, Part 1
Better Livig Though RPM, Part 2
How to Sign Custom RPM Pakages with GPG
How to create rpmbuild directory

UPDATE: 15th Aug 06 – This repo has moved, please see this post.

Yesterday I think google & I fell out, I’ve got WBEL installed on a really old PC and GNOME is just too fat

I discovered XFCE when I was playing with Fedora Core 2 some time ago. I found it to be a nice light weight windowmager / Desktop Evnvirmoent that used very little memory; so in my wisdom I decided to install XFCE onto my WBEL box, and to my suprise I couldn’t find a Yum Repo. This left me with three options (1) put up with twm (2) find another alternative, read their manual, and learn how to use xyz window manager or (3) Build XFCE for WBEL from source.

I chose (3): The great guys at xfce.org made my job very easy, on their site is whole load or src.rpms, so all i did was recomplie them (After playing a little chase the depandancy) and yum-arch the directory, I updated my yum.conf & Sorted xfce !

Instructions to install xfce here:http://www.linickx.com/index.php?content=whitebox