RHEL 7 with OpenVPN in NetworkManager

Standard

OK, put simply there are issues immediately due to SELinux in getting NetworkManager to connect up to your VPN properly.  If you setup your connection and certificates as follows you will have no issues whatsoever connecting as any user.

1)Copy all your certificate files into ~/.cert

2)Check your SELinux context and validate it is appropriate:

unconfined_u:object_r:home_cert_t:s0

You need to have something like this:

[andrew@big-red-wireless .cert]$ pwd
/home/andrew/.cert
[andrew@big-red-wireless .cert]$ ls -Z
-rw-r–r–. andrew andrew unconfined_u:object_r:home_cert_t:s0 andrew.crt
-rw——-. andrew andrew unconfined_u:object_r:home_cert_t:s0 andrew.key
-rw-r–r–. andrew andrew unconfined_u:object_r:home_cert_t:s0 ca.crt
[andrew@big-red-wireless .cert]$

3)If you need to reset the contexts, issue the following command as root:

restorecon -R -v /home/$USERNAME/.cert

4)Create a NetworkManager VPN entry with your cert files from the ~/.cert folder.

5)Connect!

Took me a few minutes to understand why the connection was barfing out.  Once I noticed some SELinux alerts it dawned on me — I never set the contexts.  A quick Google showed me also, that there is a convenient location to dump all certificates into.  Double win!

Learnt something new : cu

Standard

Inside the uucp package is a nifty tool that I just picked up on called cu.  This is for serial connection management and it works beautifully, and simply.  I had a few old machines that I needed to tap into via serial and a friend admin I was with recently mentioned her love of this command.  So having a selectively great memory, I gave it a stab.

1)First get uucp installed.  I see that it comes from EPEL on RHEL7.

[andrew@big-red-wireless Desktop]$ sudo yum info uucp
Loaded plugins: langpacks, nvidia, product-id, subscription-manager
Installed Packages
Name : uucp
Arch : x86_64
Version : 1.07
Release : 41.el7
Size : 2.7 M
Repo : installed
From repo : epel
Summary : A set of utilities for operations between systems
URL : http://www.airs.com/ian/uucp.html
License : GPLv2+
Description : The uucp command copies files between systems. Uucp is primarily
: used by remote machines downloading and uploading email and news
: files to local machines.

[andrew@big-red-wireless Desktop]$

2)Secondly determine your connection parameters.  I have a USB to serial hodgepodge of cabling and adapters that I tote around and stash in places useful.  So in my case its /dev/ttyUSB0 for the device, and of course each connection has its flow control and bitrate and parity, etc…  Know that all.  In my case the devices preferred to speak 19200b, 8N1, FC Off (manuals say so).  But being hasty I just slapped into the terminal:

[andrew@big-red-wireless ~]# sudo cu -l /dev/ttyUSB0 -s 19200

And things just worked.  For a full reference guide for various settings and such,:

http://linux.die.net/man/1/cu

http://www.jann.cc/2013/02/10/the_cu_command.html

RHEL 7 + Intel 7260 AC Card

Standard

There are known issues with older kernels that cause major issues with the 7260 with regards to power management and the 5GHz spectra.  After dealing with a dying i7 IMC issue, I finally could spend time troubleshooting my issues.

For starters, ensure your router/AP isn’t crap.  I had that issue regardless of devices and their respective OS’s.  Once you are sure that there isn’t anything dead/dying or just plain flaky, there are a few things that can be done, one of which you have a potential choice as to how to deal with it.  Supposedly kernels beyond 3.16/3.17 have this rectified.  As we are pegged on EL7 to 3.10, until Red Hat backports the changes we have to deal with it ourselves.

For starters there are several lines we need to put into your /etc/modprobe.d/iwlwifi.conf

Here is how I went, and I will detail what each line means:

$ cat /etc/modprobe.d/iwlwifi.conf

options iwlmvm power_scheme=1

options iwlwifi bt_coex_active=N swcrypto=1 11n_disable=8

The power_scheme option is to set the power to full bore at all times.  The default is to 2 on most installations which is the adaptive mode.  This can cause issues with the device going to sleep at rather inopportune moments.  Although not necessarily your issue, something to keep note of.

The bt_coex_active option is for coexistence of BlueTooth and wireless.  They operate on the same frequency range and can cause issues.

The swcrypto option is for forcing the cryptography off of the card and onto your system CPU.  High workloads

The 11n_disable option is where I was referring to a choice.  Setting the disable to 1 will force the card into G only speeds.  This does indeed work on AC networks just fine, but will limit your connection to 54Mb/s speeds max.  Setting this to 8 will not cause that restriction but rather a link aggregation.  Here is the information from the module on this parameter:

$modinfo iwlwifi | grep 11n_disable
parm: 11n_disable:disable 11n functionality, bitmap: 1: full, 2: disable agg TX, 4: disable agg RX, 8 enable agg TX (uint)

Once you have made a choice as to what of these option you are going to implement, you can do the following commands (as root) to unload/load the kernel, of course taking the new parameters on reload.

$ sudo rmmod iwlmvm

$ sudo rmmod iwlwifi

$ sudo modprobe iwlwifi

Hopefully this information is as useful to you as it was me.  This fully rectified my constant disconnections while on AC networks with this card.

Docker & desktop applications

Standard

I decided to play around a bit with running applications that aren’t packaged up for RHEL7 via docker.  I mean, why not?  That’s one of the perks of containers, so it should be doable without much fuss right?

Sorta.

I did manage with little difficulty to do so, but there is a bit of work that will go into it first, and you will need to work with Dockerfiles, selinux, and sudo.  Here we go.

I found a great tutorial on this and pretty much copied the work verbatim.  I know that not all applications are going to need everything in the template, but its just a container, so to hell with it.  If it is mission critical, one should be a bit more discriminatory anyhow.
http://fabiorehm.com/blog/2014/09/11/running-gui-apps-with-docker/

 

Now, what I use is the following for my stub for a Ubuntu 14.04 LTS base:

FROM ubuntu:14.04

RUN apt-get update && apt-get install -y firefox

# Replace 1000 with your user / group id
RUN export uid=1000 gid=1000 && \
mkdir -p /home/firefox && \
echo “firefox:x:${uid}:${gid}:firefox,,,:/home/firefox:/bin/bash” >> /etc/passwd && \
echo “firefox:x:${uid}:” >> /etc/group && \
echo “firefox ALL=(ALL) NOPASSWD: ALL” > /etc/sudoers.d/firefox && \
chmod 0440 /etc/sudoers.d/firefox && \
chown ${uid}:${gid} -R /home/firefox

USER firefox
ENV HOME /home/firefox
CMD /usr/bin/firefox

 

As you can see not alot to it.   But lets go over a few things that should stand out a bit.  First off, the variables should bark out at you very loudly.  For things to work, we need to setup a few maps between your actual system UID and GID and the fake one we are making in the container.  Second, I need to work on making this a bit more portable.  I will eventually play around with a variable for the appname, and propagate that thru the entire Dockerfile as we are doing with the UID and GID variables.   Lastly a general clean up of everything there so its a bit more logical as to what is going on and can be commented out for those that just don’t need it.

That said, usage!  I am going to presume you can install docker (yum install -y docker).  The way docker builds docker images via dockerfiles is a bit odd for those not used to it, but you will want to make a directory structure that includes a folder for each docker image’s dockerfile. So a ~/Dockerfiles/firefox/ and put the above into it in a file called … (wait for it) … Dockerfile.  Yes with a capital D.  The result using the above demonstration info would be ~/Dockerfiles/firefox/Dockerfile.

Next via a terminal, cd to that directory and enter in:

sudo docker build -t firefox .

Dont forget the trailing space and period.  The image should be getting built.  Once completed, you can enter in on the prompt:

sudo docker images

That should show a firefox image.  Now we can invoke this firefox instance as we need via:

sudo docker run -ti –rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix firefox

If you are like me and love your selinux, it will have a fit.  Open up setroubleshooter and fix it as you deem best for your tastes.  Rerunning it should then work fine.

Here is a quick screen recording demonstrating what I went over.  I have already built the image, so that was of course not there.  But I do show my dockerfile I made, the launch script and running firefox.

 

Video Card Benchmark Site

Standard

Found a bit back a nifty site for figuring out relative performances of all the video cards out on the market.  Posting in lieu of poor memory and assumption I am not the only one interested in this information 😀

http://www.videocardbenchmark.net/

 

Installing “The Elder Scrolls Online” on Linux

Standard

I have instructions for both Wine, via PlayOnLinux, and Crossover.  I have links where I can, and have hosted locally the digital cert file, just to make sure its available.  The images are clickable for full resolution screenshots.

First off, there has been an issue with wine + TESO loosing network connection to the server.  Some windows gamers have this issue too.  As far as I can tell nothing can be done as of right now.  I have two installs of most of my games, Crossover for daily gameplay, and the other in PlayOnLinux for reference purposes just in case a patch breaks things.  I haven’t seen a change with the latest wine in regards to this.  If this ever gets resolved, this text will disappear, or get an update as to what needs to be done.

Wine via PlayOnLinux

There should be an entry in the available games list still.  Use this, it works great.  If for whatever reason anything gets changed, there are two things that will affect getting this to run.  If you cannot talk to the servers, its the digital certificate that’s missing.  To accomplish this:

  1. Click on the “Configure” gear, highlight your game
  2. Select “Task Manager”.
  3. Run “C:\windows\system32\control.exe”.
  4. Run “Internet Settings”.
  5. Select the “Content” Tab, and click on “Certificates”.
  6. Import the Thawte Digital Certificate
    eso-pol-cert-import-1 eso-pol-cert-import-2

If you are crashing out, you need to change video drivers.  Edit the following file: ~/Documents/Elder Scrolls Online/live/UserSettings.txt

You want to change or add the line SET GraphicsDriver.7 “OPENGL”

Codeweavers Crossover

The installation is actually pretty simple, and hopefully I can figure out how to do crossties, but here is the manual method for getting this accomplished.  I am specifying the order here to avoid extra steps and confusion states.

  1. Create a Windows 7 bottle

    Install MSXML 3.0
    Install Core Fonts
    Install DirectX 9
    Install Visual C++ 2010

  2. Install the Thawte digital cert (images show how if you need help) via the Internet Settings for this bottle.  Wine users will need to launch IE and goto internet settings from there to access this screen.  One more perk for those that shell out the money for Crossover :)
    eso-import-cert-1eso-import-cert-2
  3. Set a virtual desktop up.  And avoid if possible any Alt-Tabbing.  Can get crashy very fast if you are.
  4. For best practices, you may want to add the registry key for DirectX to know your video card memory.

    HKEY_CURRENT_USER\Software\Wine\
    Create a new key called “Direct3D”
    Create a new string value called “VideoMemorySize”
    Double Click on VideoMemorySize to set the value in MB (remember 1024 MB == 1GB, 2048MB == 2GB, etc)

  5. Install TESO
  6. During the install untick the DirectX and Visual C installs.  We already have this, and these installers are broken under wine.
  7. After the installation is completed, close out of the updater. If Crossover doesn’t see a successful installation, thats OK, just hit cancel and it will continue along.
  8. Launch TESO and update.
  9. Run the game at least once to generate all the settings and configuration files.
  10. If you have problems launching, not an issue.  Either way, quit out and edit ~/Documents/Elder Scrolls Online/live/UserSettings.txt  You want to change or add the line SET GraphicsDriver.7 “OPENGL”
  11. Done

RHEL 7.1 & NVIDIA

Standard

EL & NVIDIA workes quite well with the elrepo kmod-nvidia rpms that are in the stable repo.

 

1)Install ELRepo

http://elrepo.org/tiki/tiki-index.php

2)Follow the instructions here for normal installs on 7.0 (RHEL or clone)

http://elrepo.org/tiki/kmod-nvidia

To install the rpms use the following command:

 yum install kmod-nvidia nvidia-x11-drv-32bit nvidia-x11-drv

3)To finish up, we need to ensure that nouveau is blacklisted and glamoregl is disabled.

nouveau should automatically get blacklisted, but lets ensure that the RPM did the job:

[andrew@big-red-wireless ~]$ sudo grep –color -e nouveau /etc/default/grubGRUB_CMDLINE_LINUX=”rhgb quiet nouveau.modeset=0 rd.driver.blacklist=nouveau”[andrew@big-red-wireless ~]$

Providing it is we can move to dealing with glamoregl.  There are several ways to deal with this one, personally I chose to remove it via yum cleanly.  The mailing list description is here:

http://lists.elrepo.org/pipermail/elrepo/2013-November/002058.htm

To do what I did:
yum remove xorg-x11-glamor

4)Reboot.

Minecraft servers down for now, doing upgrade

Standard

The minecraft servers are down for the next day or so whilst I migrate from a slower machine to a faster one, and go from Fedora Server to RHEL Atomic.

Will post an update here, the G+ group, and update the MC server pages at each location with the needed info for connecting.

And yes, for now still going to be whitelisted.

Removing F20 Repo

Standard

As I see nobody is tapping into my repo anymore, I am killing off my F20 repo.  Those that have access, will continue to access it if they wish, but I am removing instructions for access, and this is fair warning that I am officially abandoning the repo.  All future work on packages will be EL6/7 based.

Working on new EL7 RPMs again.

Standard

As it has been a little while, I am back in the game rolling and re-rolling up RPMs for EL7 again.  The big one that I am working on is getting the razercfg package functional.   I have added a number of new rpms that primarily were needed to compile razercfg successfully.  There are alot of hurdles here, but I should eventually get this completed.

The first is the broken install script.  I have a few ways of getting around this, so this shouldn’t be a major issue.

Second issue, is the PySide portion being broken.  This occurs on OpenSUSE 13.2 as well, and renders the QT GUI worthless, as it barfs out with PySide errors.  Hopefully I will not have to patch up or rewrite anything there, as I am a hideous coder, and not familiar at all with QT or these Python3 bindings.  And to be honest, I think the problem lies with how RHEL7 and OpenSUSE 13.2 handle Python3.

Wish me luck!  Once I get the srpm built it should be trivial to get this into the hands of the OpenSUSE packagers to clean up and get onto OpenSUSE.  Hopefully I can get this taken care of in a reasonable timeframe 😛

LibreOffice on RHEL 7.1

Standard

LibreOffice is my go-to office tool, and it is not in the standard yum repos. But, all hope is not lost, Red Hat does indeed distribute this. Goto your subscription manager and edit the repos you are subscribed to add in the “optional-rpms” category for your flavor of RHEL:

[andrew@big-red-wireless ~]$ sudo yum info libreoffice
[sudo] password for andrew:
Loaded plugins: langpacks, product-id, subscription-manager
Installed Packages
Name : libreoffice
Arch : x86_64
Epoch : 1
Version : 4.2.6.3
Release : 5.el7
Size : 0.0
Repo : installed
From repo : rhel-7-server-optional-rpms
Summary : Free Software Productivity Suite
URL : http://www.libreoffice.org/
License : (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1
: or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and
: Artistic and MPLv2.0
Description : LibreOffice is an Open Source, community-developed, office
: productivity suite. It includes the key desktop applications, such
: as a word processor, spreadsheet, presentation manager, formula
: editor and drawing program, with a user interface and feature set
: similar to other office suites. Sophisticated and flexible,
: LibreOffice also works transparently with a variety of file
: formats, including Microsoft Office File Formats.

[andrew@big-red-wireless ~]$

Steam on RHEL 7.1

Standard

I found a writeup a while back when I was running CentOS 7.0 that I used, but found a few things that were not needed/wrong.  Here is the original article : http://linuxsysconfig.com/2014/07/how-to-install-steam-on-centos-7/

 

Now for what I did:

 

  1. Install the EPEL repo:
    http://mirror.us.leaseweb.net/epel/7/x86_64/repoview/epel-release.html
  2. Install this dependency:
    yum install http://download1.rpmfusion.org/free/fedora/releases/19/Everything/i386/os/libtxc_dxtn-1.0.0-3.fc19.i686.rpm
  3. Create a new repo file (I called it /etc/yum.repos.d/steam_fedora19.repo) with this in it:
    [steam_fedora19]
    name=Steam RPM packages (and dependencies) for Fedora
    baseurl=http://negativo17.org/repos/steam/fedora-19/x86_64/
    enabled=0
    skip_if_unavailable=1
    gpgcheck=0
  4. Next we can install Steam:
    yum --enablerepo=steam_fedora19 install steam

Mumble on RHEL 7.1

Standard

[UPDATE]

Found the repo on RHEL-Desktop where to find the missing rpm for avahi-compat

=============================================
Package              Arch   Version         Repository                    Size
=============================================
Installing:
mumble               x86_64 1.2.6-5.el7.nux nux-dextop                   3.0 M
Installing for dependencies:
avahi-compat-libdns_sd
x86_64 0.6.31-14.el7   rhel-7-desktop-optional-rpms  33 k
celt071              x86_64 0.7.1-8.el7.nux nux-dextop                    61 k
protobuf             x86_64 2.5.0-7.el7     epel                         338 k

Transaction Summary
=============================================

[/UPDATE]

 

I just dropped RHEL 7.1 onto my main workstation and had to relive and relearn how to install mumble onto it.  Here is what you need to do.

    1. Install nux-desktop repo.
      http://li.nux.ro/repos.html 
    2. Determine which avahi packages you have[andrew@big-red-wireless ~]$ rpm -qa | grep avahi | sort
      avahi-0.6.31-14.el7.x86_64
      avahi-autoipd-0.6.31-14.el7.x86_64
      avahi-glib-0.6.31-14.el7.x86_64
      avahi-gobject-0.6.31-14.el7.x86_64
      avahi-libs-0.6.31-14.el7.x86_64
      avahi-ui-gtk3-0.6.31-14.el7.x86_64
      [andrew@big-red-wireless ~]$As you can see from my example, I am dealing with .6.31-14 
    3. Next go find a CentOS mirror and grab and install the appropriate avahi-compat-libdns_sd package:
      http://www.centos.org/download/mirrors/

      So what I used for my installation was the package:

      avahi-compat-libdns_sd-0.6.31-14.el7.x86_64

      yum install /path/to/downloaded/file/avahi-compat-libdns_sd-0.6.31-14.el7.x86_64.rpm
       
    4. Now, you can finally install nux’s mumble package:yum install mumble

All done, there should be a GNOME 3 entry already.  Happy voice-chatting!

New site, less pain!

Standard

As the title states, I moved finally.  Got off Squarespace and am now self hosted.  Can save the money for something that really shouldn’t cost me anything beyond a VPS.  Over the coming weeks, I will have the template ironed out, but for now, what you are seeing is approximately what I want.

Now for the old content — most of it was crap anyhow, and is left over at Squarespace.  The good content was migrated into its own pages.  Even stuff that is antiquated, it got moved becuase it may come in handy.  My griping on this or that or lack of this or that can die a digital death, its worthless.  The antiquated pages are just there for archival purposes, and all comments are disabled.  Newer, and presumable more engaging topics, however will be allowed to be discussed.