CentOS 6 to CentOS 7: Upgrade of my Desktop

Deciding that the best way to learn a system is to use it, I recently decided to move my primary Desktop system at work from CentOS6 to CentOS7. This is the story of that upgrade.

Running the Upgrade Tool

So, after some planning and system prep work, I ran the CentOS upgrade tool. This caused me many false starts - including the fact that my system had been Oracle Linux at one point in it's life, and the CentOS upgrade tool didn't like the OEL packages. So I tried to change the offending OEL packages to CentOS ones, which included the sterling idea of removing glibc from my system's rpm database [Hint: don't do this, or if you really feel that you have to, do remember to type "--justdb" in the command, unlike me who knew to type it but left it off the actual command I executed, and thus accidentally removed glibc from a running system, which was not the best scenario]). I did discover wonderful commands such as "yum distro-sync" which will prove invaluable in years to come, but was a lot of heartache in between.

After such small starter issues, I got the upgrade tool to recognise my system fully, so I ran the prechecks and then ran the actual upgrade itself... at which point it outright failed. The upgrade tool refused to upgrade, since I had Gnome installed. So, I "yum remove"d GNOME (as per Red Hat KB) and continued.

After The Fall, Comes a Reinstall

So, the upgrade tool dutifully upgraded my system - and left me without a working GDM login screen (which I couldn't fix, since I don't know the inner murky depths of systemd), broken /var/log/ output files, and quite a few more elements that should have worked on a cleanly-installed system.  So, after all of the above travails, I decided to simply reinstall. Noone else on the internet appeared to have my gdm problem, except two others (on Fedora) who also reinstalled after their failed upgrades. It would have saved me many, many hours if I had just done this in the first place.

...Except Now I can't Reinstall Either

So I booted the Install DVD, ran the installer... but this then failed to install on my system.

I hit the issue "you haven't selected a bootable stage 1 partition" in the disk partitioning installer section -- the installer decided that my hard drive needed to be GPT instead of MBR format, but instead of telling me this, it decided to hit me with unrelated errors telling me I had did not have a boot partition (when I did).

See here for resolution for this issue: http://fedoraproject.org/wiki/Common_F20_bugs#UEFI_install_to_ms-dos_.28.27MBR.27.29_labelled_disk_fails_with_unclear_errors

So I had to convert my disk to GPT and re-run the installer. It ran easily after that, it was mostly a boring straightforward affair that someone else can blog about.

I saw someone else at work also hit this issue, but they simply blew the whole disk away and let the installer do it's own thing -- I wanted to do something silly, like keep the existing data I had on the drives without a reformat (yes, I had backups elsewhere, but that's not the point).

So, I finally get to Reinstall... and GNOME needs a lot of help

So much help, that  I posted about it here.

On CentOS6, I used Gnome2 as my primary desktop interface, so Gnome3 seemed like a logical thing to move to. With a decent amount of research and effort, I actually quite like it now. My link shows what I changed to make it feel like home.

Other System Stuff

# Install EPEL
yum install -y epel-release --enablerepo=extras
yum upgrade -y epel-release
# or manually:
yum install http://fedora.mirror.uber.com.au/epel/7/x86_64/e/epel-release-7-1.noarch.rpm


# Install ElRepo (for NVidia kernel)
yum install http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm

# Install Chrome (as per http://www.if-not-true-then-false.com/2010/install-google-chrome-with-yum-on-fedora-red-hat-rhel/):
cat << EOF > /etc/yum.repos.d/google-chrome.repo
[google-chrome]
name=google-chrome - \$basearch
baseurl=http://dl.google.com/linux/chrome/rpm/stable/\$basearch
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub
EOF
yum install google-chrome-stable


# Install "nux desktop" for vlc
yum install http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm

# Install vlc from Nux
yum install -y vlc


# Disable "nux desktop" from being auto-enabled
cd /etc/yum.repos.d/
sed -i.orig 's/enabled=1/enabled=0/' nux-dextop.repo



Nvidia Drivers - The Easy Way!

# Install ElRepo repo above
yum install nvidia-x11-drv nvidia-detect kmod-nvidia
reboot


Read More

Gnome 3 on CentOS 7 - How I Made It Lovely and Usable

I generally really liked Gnome2 in RHEL6 - it was stable and worked well, and it's shortcomings had been largely addressed over the years. I promised I wouldn't fall prey to everyone else's griping about GNOME3 - but it's quite hard not to. For example, I have to use the command line to configure many of the GUI settings - Seriously??

I won't whinge too much, I'll just record what I've had to do to make Gnome3 a nice place to be. After a flurry of several days' activities, summarised below, I actually really quite like Gnome 3 now, I just don't understand the defaults and/or design decisions behind them.

Starting out in Gnome 3

This picture does sum up what it first felt like to use Gnome 3 after many years of Gnome 2:

But what I ended up with is something far more like:

So how did I get to the point of a personal tick of approval?

Install some packages, configure the GUI from the command line:

# Key Gnome Tools: dconf editor, Extensions browser plugin, a menu editor and the all-important Tweak Tool
yum install -y dconf-editor gnome-shell-browser-plugin alacarte gnome-tweak-tool

# Update Firefox to v31.0, updated from v24 since RHEL7 was shipped
yum update -y firefox

# Install Gnome's Epiphany "Web" Browser to browse Gnome Extensions. Only needed if you# Set the screen timeout to 60 minutes, which cannot be done via GUI options
# Configuring a GUI via the command line - seriously?
gsettings set org.gnome.desktop.session idle-delay 1800

# Replace the system Firefox packages with the latest ones from the internet (to run Firefox-current instead of -ESR):
yum install -y http://mirror.internode.on.net/pub/fedora/linux/releases/19/Everything/x86_64/os/Packages/e/epiphany-3.8.2-1.fc19.x86_64.rpm



Install Gnome Extentions:

Open https://extensions.gnome.org in Firefox browser, and install the following extensions, which are essential for desktop usage:
* Activities Configurator (to adjust top-left hot-corner timeout)
* Impatience (to adjust animation speeds)
* Frippery Panel Favourites (to put application-launch icons in the top panel)
* WindowOverlay Icons (Application Icons on each application preview in the Overview overlay)

Optional Extensions, for personal taste:
* Removable Drive Menu (Allows eject of removable devices from top panel)
* Caffeine (adds a button to top panel to disable screensaver/screen-power timeout; useful for a workday)
*  Lock Screen (adds a lock button to top panel, to allow single-click screen lock)

Now open the Gnome GUI Tweak Tool:

* Configure  Shell Extensions/Activities Configurator, adjust HotCorner Sensitivity to 200 (as per http://stevenrosenberg.net/blog/desktops/GNOME/2013_1209_gnome_3_hot_corner_sensitivity)
* Configure Theme: Turn on Dark Theme for all applications
* Configure Shell Extensions/Impatience: Adjust to scale 0.65 (Gnome default is 1.0)
* Configure Fonts: Set Default font to "DejaVu Sans 10"
* Configure Desktop: Set background Picture URI to "Sandstone.jpg" (or something else you like)

Edit the "Favourites" Application List:

This list appears in multiple places, in the same order. This appears as Favourites in the "Applications" menu in the top Panel, and as the icons used in the "Frippery Panel Favourites", and as the menu in the Overview overlay. So, to edit it, use the following steps:

* Press the Windows key on your keyboard (aka Super,  Meta key) to get the the Overview overlay
* Right-click on each app in the left side-menu you don't like & remove it
* Now open the Show Applications (nine white dots) icon
* Right-click on each application icon & select "Add to Favourites"
* Drag the Order  of icons up & up as you please

The order appears in all areas (Panel favourites, Applications->Favourites) which I really like.

Install a Firefox Extension to hide the title bar:

Open Firefox, and install the extension "Htitle" - this hides the top title bar when in full-screen mode, and gives you back quite a bit of screen real estate.

...And You're Done

And after that you have a very lovely, workable Gnomey system!

Bonus Marks: Make the Dark Theme More Pervasive

Ok, this is more personal taste than bonus marks. I definitely prefer the Adwaita Dark Theme for Gnome (which is just a dark version of the default Gnome3 theme), which is quite easy to turn on (in the Gnome Tweak Tool, as listed above).

However, once you enable this, eagle-eyed- (and not-so-eagle-eyed- and even blind-) people will probably notice that some Gnome apps don't look all that Dark when using the Dark theme, and thus look quite out of place. This doesn't make sense, until you know that while many apps are now written in Gnome's windows-drawing library GTK3, some are still using the older GTK2, and the older apps don't utilise the Dark theme. It is also possible for some gtk3 apps to override the dark theme choice, although this is less of an issue than the gtk2 apps.

So, to fix this, we somewhat follow the instructions in this link, albeit reversed (thanks to this answer for pointing me there), and then add gtk-2.0 goodness on top of it all (thanks to this guy for the gtk-2.0 dark theme).

mkdir -p ~/.themes/Adwaita
cp -rp /usr/share/themes/Adwaita/gtk-* ~/.themes/Adwaita
cd ~/.themes/Adwaita/gtk-2.0
wget http://pastebin.com/download.php?i=vbnULbyi -O gtkrc-dark
ln -sf gtkrc-dark ./gtkrc
cd ~/.themes/Adwaita/gtk-3.0
ln -sf gtk-dark.css gtk.css

And also, installing and using the Firefox theme "FT DeepDark" also makes it blend in much better with the Dark theme.

Update: the latest release of Firefox theme DeepDark is no longer compatible with Firefox 31.x - you will need to install an older version. See here for older versions, version 11.1 is still compatible.

Read More

Red Hat Enterprise 7: This Train Has Now Arrived on Multiple Platforms, All Change

I am just preparing my first Red Hat Enterprise Linux 7 server - installed on Hyper-V, no less. Here is a collection of notes I have made along the way.

Guest VM on Hyper-V (Server 2012 R2)

I've used a Generation 2  VM for my RHEL7 guest - this is supposedly fully supported by both Microsoft and Red Hat, although fairly poorly documented by both parties (admittedly Microsoft's documentation is a little better than RH's, but only is up to RHEL6.5 and not updated for 7 yet).

I had to disable SecureBoot to get the Install DVD to boot, and subsequently keep it off for the installed VM too. Apparently, there is a way to make it work (a colleauge said he found a result on Google, although didn't send the link to me as he said it needed to be done at Installation time, and my server was already installed), but it's not really important.

Integration Services showed as "Degraded - Missing" after I installed the OS. However, despite both vendors saying that RHEL7 was a fully supported guest with Integration Services built-in, Integration Services was clearly broken. The missing major step, that I worked out myself using "yum search", was to instal the meta-package "hyperv-daemons" - I.S. now shows as "Degraded - requiring Update", but at least it shows the IP Address etc - and it adds a VSS integration layer for crash-consistent snapshots!

yum install hyperv-daemons
systemctl enable hypervvssd.service
systemctl enable hypervkvpd.service
systemctl start hypervvssd.service
systemctl start hypervkvpd.service


CPUfreq may or may not be working - certainly the acpi kernel modules do not load (neither auto- nor manually) - but maybe there is power-saving auto-magic elsewhere in the system that I am unaware of. I might do some investigation later, but again I'm not too worried at this point.

Sidenote: Guest on VMWare

VMWare Tools are also now built-in to the OS; install them with:
yum install open-vm-tools
I haven't yet tested this, but at least this step is documented by both RH & VMWare!

RHEL 7 Installation-Process Notes

Although it looks different, and the prompts are in a diiferent order, installation  isn't really any different to any other OS you've ever seen - I just used the install ISO and it installed.

I selected "Autopartition" on a raw 20GB disk image to see what would happen - it gave me the following disk layout:

Partition
/dev/sda1    200M  vfat   /boot/efi
/dev/sda2    500M  xfs    /boot/
<lvm>        19G   xfs    /


Which is pretty much exactly what I wanted for this server.

Minimal Installation

I chose Minimal set of installation packages (my usual choice for servers). I then added the following obviously-missing useful packages:
yum install -y nano bind-utils net-tools telnet ftp mlocate wget at lsof man-pages tcpdump time bash-completion bzip2 yum-utils traceroute rsync strace pm-utils logrotate screen nmap-ncat

For this server, I also pulled in the full Base (a futher ~120 packages), although I probably didn't need to:
yum groupinstall -y base

Red Hat Subscription-Manager Troubles

After installation, I ran the usual:
subscription-manager register --username <rhn_username> --autosubscribe
Which refused to register the host and logged lots of HTTP 502 Errors. I thrashed about for half an hour, to no avail. So, I left it for the night, came back in the morning, only to find that the damn thing worked immediately. Thanks Red Hat, thanks -- I wouldn't have had that issue on CentOS, would I?

Obvious Differences from RHEL6

Service Management - Starting, Stopping, etc

The service management is now different with SystemD:
servicename=<servicename>
systemctl start ${servicename}.service
systemctl stop ${servicename}.service
systemctl status ${servicename}.service
# Enable on boot
systemctl enable ${servicename}.service<
# Disable on boot
systemctl stop ${servicename}.service
# Check boot status
systemctl list-unit-files | grep  ${servicename}

NTP: The Times Are A-Changin'

NTPd is no longer installed in RHEL7 - chrony is the new NTP service.
See my updated NTP-On-Linux blog post for Chrony Setup:
http://itnotesandscribblings.blogspot.com.au/2014/05/ntp-on-linux-linux-host-needs-ntp-set.html

Firewalls: Burn the Old Ways

Gone are the days of /etc/sysconfig/iptables - FirewallD now rules the roost.
I haven't looked in great detail, but I found the following commands very helpful in getting myself set up with a basic single-interface server:

I experienced a serious gotcha when creating custom services - after you copy and edit the new custom file, you need to restart the firewall service. This is not documented in RedHat's Doco. Thanks again, guys.

cp /usr/lib/firewalld/services/http.xml /etc/firewalld/services/squid.xml
nano -w /etc/firewalld/services/squid.xml
firewall-cmd --get-service | grep squid
systemctl restart firewalld.servicefirewall-cmd --get-service | grep squid

No EPEL - Yet

EPEL hasn't yet added non-beta RHEL7 support - watch this space at https://fedoraproject.org/wiki/EPEL.

RHEL7 Links And Resources

Red Hat Documentation (Official)

Quite useful - generally well-written and concise, albeit with occasional missing elements which can really cause an issue.

Overall Documentation:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/index.html

Basic Administration:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/part-Basic_System_Configuration.html

Firewall Information:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html

Other Useful Links:

Decent Overviews of firewallD:
http://www.certdepot.net/rhel7-get-started-firewalld/

Adding permanent Rules to FirewallD:
http://blog.christophersmart.com/2014/01/15/add-permanent-rules-to-firewalld/

Read More

NTP on Linux

A Linux host needs NTP set to ensure correct time sync. These commands below set this for Linux systems, with an emphasis on Australian settings (swap in other NTP servers for non-Australian servers). This can be set simply by pasting the commands below into a Bash prompt (as root).

This guide makes no attempt to check/enforce the security of the NTP server: issues such disabling commands such as "mon" are not covered here, and appropriate firewalling is assumed. The NTP config file contained in Red Hat Enterprise Linux has a secure-by-default config (in RHEL6, if not prior as well), and the commands below simply assume security and configure the time sources.

All commands are IPv6-compatible, although only IPv4 is used in the addressing below.

Please note that Red Hat Enterprise Linux 7 has introduced Chrony as the default NTP service instead of the venerable NTPd - see notes at the end for chrony config.

Systems with NTPd

Install NTP on the system, strip defined servers

# For yum/RHEL-based systems
if [ `which yum` ] ; then yum install -y ntp; fi
# For apt/Debian-based systems
if [ `which apt-get` ] ; then apt-get install -y ntp; fi
# Backup original config
cp -p /etc/ntp.conf{,.orig}
# Strip all default servers
perl -i -pe 's/^server/#server/' /etc/ntp.conf

# Optional: Configure local timezone
ln -sf /usr/share/zoneinfo/Australia/Adelaide /etc/localtime

Add Local Servers

cat >> /etc/ntp.conf <<EOF
# NTP servers
server 192.168.1.1 prefer # Set this to your local NTP-serving machine if you have one
server 3.au.pool.ntp.org

EOF

Add Internode or Telstra Servers

Only required if you are on Internode networks:

cat >> /etc/ntp.conf <<EOF

# Internode NTP server
server ntp.on.net

EOF

Only required if you are on Telstra networks:

cat >> /etc/ntp.conf <<EOF

# NTP servers
server tic.ntp.telstra.net
server toc.ntp.telstra.net

EOF

Optional Step: Allow Local subnets to query this NTP

This will allow other machines on your local network to query this NTP server. Remember to allow inbound port UDP:123 on your host firewall.

cat >> /etc/ntp.conf <<EOF
# Allow Local subnets to query this NTP
restrict 192.168.0.0 mask 255.255.0.0 nomodify notrap

EOF

Ensure NTP is started & starts on boot

Commands tested on RHEL6 only; other OSes left as an exercise for the reader.

service ntpd start
chkconfig ntpd on

Systems with Chrony (RHEL7 and others)

Red Hat Enterprise Linux 7 uses Chrony as the default NTP daemon - unless you have a good reason to use ntpd, then you can simply configure chrony the same way as above.

yum install -y chrony
# Show config
timedatectl
# Set timezone
timedatectl list-timezones | grep Adelaide
timedatectl set-timezone Australia/Adelaide
# Show NTP status
chronyc sources
# Change NTP config
perl -i -pe 's/^server/#server/' /etc/chrony.conf
cat >> /etc/chrony.conf <<EOF
# NTP servers
server 192.168.1.1 iburst # Set this to your local NTP-serving machine if you have one
server 3.au.pool.ntp.org iburst
EOFchronyc sourcessystemctl restart chronyd.servicesystemctl enable chronyd.service




Read More