Preupgrading Fedora 9

Fedora 9 is coming Real Soon Now ©. I mentioned before that I am desperately waiting for this release, since it brings KDE 4 and Firefox 3. One thing that I haven’t seen noticed anywhere until I read this interview is “preupgrade”. It sounds pretty cool:

By now, the “preupgrade” package should be available in updates-testing for Fedora 8. Enable the updates-testing repo and install it. It currently shows up as “Upgrade Fedora” in your Applications -> System menu.
From there, it’s very simple – follow the screens to choose what to upgrade to, wait for everything to download, hit “Reboot”, and the upgrade will begin!

Basically, what happens is that Fedora 9 installer is downloaded together with all the required packages, while you are still using Fedora 8. Once everything is in place, you can simply reboot and upgrade your system, without burning any CDs or DVDs or waiting for long downloads while having nothing to do.

Happy Sysadmin Day!

Once again, today is the last Friday of July, which means that today is Sysadmin’s Day! Congratulations to all system, network, database, etc administrators out there. Today is your day. I wish you all receive some appreciation from your users and management. Don’t stay in the office for too long. Go out and celebrate!

SELinux fixes

If you are anything like me and don’t want to disable SELinux upon installation of Fedora Linux, then I have a hint for you.

List all files from selinux-policy-targeted and look at the output. You will the list of all files in the RPM package. Few of those files are SELinux manuals for better tweaking.

/usr/share/man/man8/ftpd_selinux.8.gz
/usr/share/man/man8/httpd_selinux.8.gz
/usr/share/man/man8/kerberos_selinux.8.gz
/usr/share/man/man8/named_selinux.8.gz
/usr/share/man/man8/nfs_selinux.8.gz
/usr/share/man/man8/nis_selinux.8.gz
/usr/share/man/man8/rsync_selinux.8.gz
/usr/share/man/man8/samba_selinux.8.gz
/usr/share/man/man8/ypbind_selinux.8.gz

I just fixed two problems easily after looking into the documentation.

One was with bind, which was complaining with “Permission denied” on any incoming zone transfer (slave zone). named had all the access there is to all folders, but still couldn’t write. This command (mentioned in man 8 named_selinuhelped immediately:

setsebool -P named_write_master_zones 1

Anoner problem was with Apache, which wasn’t showing anything in user’s public_html directory. man 8 httpd_linux suggested the solution that worked:

setsebool -P httpd_enable_homedirs 1
chcon -R -t httpd_sys_content_t ~user/public_html

Weird

My boss has left the company. I had to delete his account and clean some groups and other access lists. It felt very weird. It felt like a beginning of the end. Although it’s not.

Not to mention that removing one of the global administrators, who had access virtually to every corner of the network, is not a trivial job…

Static Subversion for Red Hat 6.2

I’ve heard a few harsh words about Subversion before. Mostly these came from sysadmins who complained about all bits and pieces Subversion requires to work properly. Some mentioned that it is not trivial to compile with the set of options that is different from the default.

Today I spent about three hours together with The Master of Strace trying to make Subversion command line client svn work on one of our old machines that runs Red Hat Linux 6.2. The only way to success, it seems, was to compile the static version of svn. Since we needed support for https:// URLs, we had to build with OpenSSL. OpenSSL is not trivial to compile statically too, because of it enourmous love of Kerberos5. While trying to make it work we also jumped through a number of versions of Subversion and other components.

Finally, we managed to build everything. In case you’ll ever need a statically compiled version of svn (from Subversion version 0.17.1 (r4503)), you can get it here (the binary is about 7 MB):

/usr/local/bin/svn

As far as I am concerned it works just fine. It runs on Red Hat Linux 6.2 and can work (import, checkout, commit, etc) with repository running on one of the recent versions (1.1.4 if I recall correctly).

Needless to say that today I’ve heard a few more not-for-kids-ears words and phrases towards Subversion developers.