Adding graphical logins to a text only system.

November 29, 2015 Graham Leave a comment

I often find myself in a situation where I have an already installed Linux box, and want to add X.org for graphical logins. This may be because I have installed from the Fedora server DVDs (which no longer include graphical logins), or because I am using a discless Fedora machine installed by following these instructions.

During a normal graphical installation process, the installer will probe your hardware and install the correct drivers for your video card, however if you are adding Xorg to an existing installation then you no longer have that option and need to perform some steps manually

Firstly, use dnf to install Gnome.

dnf groupinstall gnome
On a Fedora 23 basic install, this would install an additional 706 packages.

We now need to identify the video card.

dnf install pciutils
lspci | grep VGA

Find the correct driver for your video card, the following will list all drivers in your repo.

dnf list xorg-x11-drv*
Then install the one that looks as if it will match your video card (sometimes you can ignore this step and use the generic VGA drivers, although performance may suffer).
dnf install xorg-x11-drv-vesa

I found that I had to install a couple of additional packages

dnf install mesa-libGL mesa-dri-drivers xorg-x11-drv-evdev xorg-x11-drv-fbdev

You should now be able to test your setup by running

startx
When finished, simply log out of the graphical console.
If this does not work, then you will need to look at the logfiles in /var/log/Xorg* for clues as to what has gone wrong.

You can now start gdm to check whether the login prompt is working

systemctl start gdm

If the above doesn’t work, sometimes I have found that I need to disable “Wayland”.

This is done by editing vi /etc/gdm/custom.conf and deleting the ‘#’ at the start of the line WaylandEnable=false Then try starting gdm again.

Once this is all working, you can set it to run by default on system boot.

ln -fs /lib/systemd/system/graphical.target /etc/systemd/system/default.target

You should now be able to reboot and login graphically. Once logged in, setup the monitor arrangement (i.e. if you have multiple monitors, then ensure that they are in the correct order)

If the monitor order is incorrect at the initial login prompt, then copy your user’s monitor config to the system default.

cp ~/.config/monitors.xml /var/lib/gdm/.config

Computers, IPv6, Networking

Using IPv6

July 13, 2015 Graham Leave a comment

I like to think of the IPv4 and the IPv6 internet as two separate, but interrelated, networks. This is because, without some sort of tunnel or encapsulation, a packet will either travel solely on the IPv4 internet, or solely on the IPv6 internet.

What I mean by “interrelated” is that, generally, a website on IPv6 will show the same content as the IPv4 website would for the same URL. The difference is purely in the IP addresses and routers used to pass packets to and from the website. This difference should be completely transparent to the users, but if you are configuring or testing a computer, then you need to be able to distinguish between the two.

Which will it use

As we are transitioning from IPv4 to IPv6, many machines will be on both networks, known as dual-stack. This generally works in the following way.

The user types in a URL, say http://www.example.com/content
The browser pulls out the machine name, in this case “www.example.com” and uses DNS to find an IP address.
DNS initially attempts to resolve to an IPv6 address and, if found, is returned to the browser. The browser will then communicate with the server via IPv6.
If no IPv6 address is found, then DNS attempts to resolve to an IPv4 address. The browser will then communicate with the server via IPv4.

This selection even works with the DNS itself, where DNS servers that list both IPv6 and IPv4 addresses will be queried by IPv6, and servers with only an IPv4 address will be queried by IPv4.

Using Both?

There are some situations where you can be using both IPv4 and IPv6, such as when a proxy is involved. My setup uses Squid proxy on a dual stack machine, so web browsers are able to connect to the proxy via IPv4, but the proxy may end up getting the web page over the internet using IPv6. Since this is actually two separate client/server connections, there is no issue with using different IP versions for each.

This can be useful to help you transition from 4 to 6 without needing to change everything over at once.

Checking IPv6 Availability

You can manually test the DNS queries by using the nslookup tool. “A” type queries are for IPv4 addresses, and “AAAA” queries are for IPv6 addresses. “set q=” allows you to change which query you are performing.

>nslookup
Default Server: yourdns.example.com
Address: 192.168.1.1
> set q=A
> www.google.com
 Server:         192.168.1.1
 Address:        192.168.1.1#53

Non-authoritative answer:
 Name:   www.google.com
 Address: 216.58.220.132
> set q=AAAA
> www.google.com
 Server:         192.168.1.1
 Address:        192.168.1.1#53

Non-authoritative answer:
 www.google.com  has AAAA address 2404:6800:4006:800::2004

This can show up some interesting “hex text” in the IPv6 addresses, for example…

mirror.aarnet.edu.au includes “cafe::beef”
facebook.com includes “face:booc”

Tools that use IPv6

To ping test IPv6 in linux, use the “ping6” utility as you would normally use “ping”. For Windows, use “ping -6” to force IPv6, or “ping -4” to force IPv4.

In a web browser, you can use an IPv4 address instead of the URL. For example, the following two will get to the same server

http://www.google.com
http://216.58.220.132

But for IPv6, you need to encapsulate the address in square brackets, such as…

http://[2404:6800:4006:800::2004]

Note that there are issues with most proxy autoconfig scripts recognising the square bracketed raw IPv6 address, however this isn’t a major issues as they are rarely used outside of testing.

To do more advanced testing (when you are running an internet accessible server, to check that your services are IPv6 accessible) see IPv6 Testing Tools

Also, Hurricane Electric’s free IPv6 certification system goes through many tests of your IPv6 enabled server as part of their certification process.

Computers, IPv6, Networking

IPv6 Testing Tools

August 25, 2014 Graham Leave a comment

The following is a list of IPv6 testing sites that I find useful.

First to test your connectivity as a client (can you reach IPv6 websites, DNS, email servers, etc)
Test-IPv6
IPv6-Test

And then test whether your IPv6 enabled servers are accessible from the wider IPv6 internet.
IPv6 Status Check (Web, E-Mail, DNS and NTP)
IPv6 Health Check (All DNS servers, Web, E-Mail and SPF record)
IPv6 only email bouncer – send an email to bouncer@freenet6.net and if you receive a reply then you have successfully sent and received email via IPv6.
Other tools can be found at Freenet6 IPv6 Tools.

Computers, Linux

Fedora Discless Netboot Install

August 25, 2014 Graham Leave a comment

Have you ever wanted to run a discless Linux box? Maybe, like me, you have a Windows PC for someone else in the family that you want to run Linux on, you might want to take advantage of an existing backed-up RAID array and avoid additional hard discs, or you might simply want a cheaper or quieter PC.

Most PCs these days have a BIOS that supports PXE booting, this will allow you to boot a simple file from a server. Linux has an amazing feature where you can create a kernel and initrd (initial ramdisc) which can be booted via PXE, which will then start your system up using an NFS share as the root filesystem with no need for local storage at all.

There are various HOWTOs on the ‘net explaining this, however these all seemed to make two assumptions that caused me problems…

They basically involved installing to a local hard disc, then copying the image onto a server
They assumed that everything (client and server) was running exactly the same distribution version

Now I intended to create a few of these and didn’t want to be stuffing around with hard discs all the time, plus I’m a bit of a purist in some ways and wasn’t keen on installing temporary hard discs just for installation if there was a better way. I also had the issue that all my servers were running 64 bit versions, whereas my clients were only capable of 32 bit. In addition, since I was planning to do a few of these I wanted to use a local (on my home LAN) Yum repository to reduce bandwidth usage and to speed up the installs.

So, here is my step-by-step procedure for installing and running a discless Fedora system (I used Fedora 19) with a custom repository, with different architecture between server and client, and without any temporary client hard discs. You will need to be logged in as root for at least some of these steps.

Create a new directory on the server for the root filesystem of the remote client. I called mine “remoteFamily”

mkdir /mnt/remoteFamily
cd /mnt/remoteFamily

Create a repository location in the server’s /etc/yum.repos.d/ directory. I called mine “fedora32-local” as it was a 32bit repository (as opposed to the server’s usual 64bit one). This new repository configuration should have “enabled=0” to stop the server from using it.

less /etc/yum.repos.d/fedora32.repo

Now use yum to install @core (which is basically a minimal installation) from only the 32bit repository and using /mnt/remoteFamily as the root directory.

yum --installroot=/mnt/remoteFamily --disablerepo=* --enablerepo=fedora32-local install @core

Now that we have a minimal install (including yum repo config) yum will use the client’s repository configuration, so we need to copy the config for the local repo to the client’s yum config directory.

cp /etc/yum.repos.d/fedora32.repo /mnt/remoteFamily/etc/yum.repos.d/

Now to install a few items which are critical for NFS root systems…
NFS itself.
yum --installroot=/mnt/remoteFamily --disablerepo=* --enablerepo=fedora32-local install nfs-utils
Dracut for creating the initial ramdisc images for booting.
yum --installroot=/mnt/remoteFamily --disablerepo=* --enablerepo=fedora32-local install dracut-network
And the kernel.

yum --installroot=/mnt/remoteFamily --disablerepo=* --enablerepo=fedora32-local install kernel

Create an /etc/fstab file with a reference to the nfs root directory on the server. This is used by dracut later on to link what is mounted on bootup, so it is very important that this is correct. If this changes, you will need to re-run dracut and copy the new initrd onto the tftp server

vi etc/fstab
This should contain something like…

192.168.131.3:/mnt/remoteFamily / nfs defaults 1 1

Enable the root user (with no password) by deleting the “x” between the colons

vi etc/shadow

Disable SELinux by changing to “disabled” in the config file.

vi etc/sysconfig/selinux

OK, now chroot to the client’s root so that kernel and modules are able to be found in their final locations, and you can set passwords

chroot /mnt/remoteFamily

Create the ramdisc image. Note that we explicitly define the kernel image, otherwise the server’s currently running kernel would be used. If you used a different version of Fedora then you will need to look in /boot to find which kernel version to use (they start with “vmlinuz”).

dracut --filesystems nfs -H --fstab -f /boot/initramfs-3.9.5-301.fc19.i686.img 3.9.5-301.fc19.i686

Set root’s password.

passwd

Disable a couple of services that cause difficulty when you are using NFS as root.

systemctl disable firewalld.service
systemctl disable NetworkManager.service

Exit from the chroot

exit

copy the kernel and initrd to server, don’t forget chmod444

Now the client should be able to boot up.

Once the client has booted you will get a plain old command line login prompt, you should be able to log in and then install more packages as you would with a “normal” installation.
A couple of (in my opinion) packages that are essential, but aren’t in the minimal install.

Net-Tools (such as ifconfig)
yum install net-tools
Mlocate (with the “locate” and “updatedb” programs)
yum install mlocate

Now, if you want to install X with graphical logins, follow the instructions Here.

Crowie.net