Using nmcli to configure a static dual stack wired network interface

I recently managed to break the network on my VM that hosts this blog. Basically I removed the NetworkManager-initscripts-ifcfg-rh package because I don’t use the old style ifcfg configuration anywhere else and I had forgotten how long I’d had this VM. So I went into the web console, manually bought up the network with ip commands and reinstalled the package but it made no difference. Oh well! Time to just move it to the new config so I just worked out the nmcli options for all the bits in the old ifcfg. This VM network is nothing special, it’s basically dual IPv4/IPv6 interface with associated DNS.

Step 1: Show existing connections:

$ sudo nmcli c
NAME  UUID                                  TYPE      DEVICE 
eth0  a603bba7-fad8-3c71-9d4c-2cd5dc50e114  ethernet  eth0   

Step 2: Delete existing connection:

$ sudo nmcli c del a603bba7-fad8-3c71-9d4c-2cd5dc50e114

Step 3: Create a new connection (Note the IP addresses are random, the DNS servers are the Google public ones):

$ sudo nmcli c add type ethernet ifname eth0 con-name eth0 mac 80:00:00:ab:cd:ef ip4 192.168.10.6/24 gw4 192.168.10.1 ip6 fe80::b257:377c:e7b3:29ed/64 gw6 2A03:B0C0:0003:00D0:0000:0000:0000:0001 ipv4.dns "8.8.8.8 8.8.4.4" ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844"

Now the blog is back! The new connection is stored in /etc/NetworkManager/system-connections/eth0.nmconnection

Flock Rochester

I’m not going to do a day by day outline of what I did at flock, if I did it would basically be “blah blah blah I talked a lot to a lot of people about a lot of tech topics” and anyone that’s ever met me would have guessed that! It was, as in the past, a great conference. A big shout out to the organisers for an excellent event with two excellent evening events! So I’m going to give a brief summary to my talks and link to slides and video recordings.

My first talk was an overview of the state of aarch64 and POWER as secondary architectures. The slides aren’t particularly interesting as they’re just words for discussion points. The video has all the interesting bits. A related talk was Dennis’s Standardising ARMv7 booting with a memorial quote by Jon Masters 😉

My second talk was about using Fedora as a base for IoT. Slides are here but the talk was quite a bit different to the slides and is more interesting so I suggest watching the video.

I also actively participated in Dennis’s Fedora Release Engineering going forward because well obviously I’m part of it 😉 and it was interesting for where we’re going, and even where we’ve come from in the last year or so 🙂

Finally I loved the Keynote Be an inspiration, not an impostor by Major Hayden. He’s published a follow up blog post with a FAQ too.

The least memorable bit was the terrible Amtrak ride back to New York City. On the plus side it makes the worst of the British National Rail service seem amazingly on time! NEVER AGAIN!

Configuring filesystem “TRIM” options on Fedora or RHEL

The SATA TRIM option, or discard if you use enterprise SCSI/SAS, that everyone likes to ensure their whiz bang SSD supports actually needs some configuration on Linux. There’s a few tasks that need to be done and some depend on your partitioning configuration.

Filesystem mount options: You’ll need to be using ext4/xfs/btrfs and mount with the “-o discard” option. To do this automatically in /etc/fstab just add ,discard after the defaults option.

LVM config: In /etc/lvm/lvm.conf file set the issue_discards option to 1. So issue_discards = 1.

LUKS config: In /etc/crypttab file add discards to the end of the appropriate luks lines, likely it’ll look like the following: none discards. It’s worth nothing there are some security implications by enabling discards with an encrypted filesystem.

For the fstab changes to take effect you just need to reboot. For the LVM and crypttab changes to take effect you also need to regenerate the initrd (or just wait for the next kernel update 🙂 ).

The above will enable online discards. You can also do it in batches with the fstrim command which is as simple as fstrim mount-point.

Killing zombie processes

So not really the zombie apocalypse but useful. I sometimes get zombie processes with my GNOME desktop and a lot of the GNOME apps won’t restart with a zombie brother hanging around. While sometimes the only resolution to a zombie process is to restart the computer I often find this helps.

cat /proc/1111/status | grep PPid

Where 1111 is the Zombie process number. This will give you the parent process ID (PPid). For GNOME apps this is often the gnome-shell process. Thankfully the GNOME guys allow you to restart this while all is running without losing your entire desktop session so a simple

killall -HUP gnome-shell

will restart the shell and generally kill off the Zombie so you can get back to reading your email or what ever it is you were trying to do much more quickly without the pain of a full session restart 🙂

RoundCube mail on RHEL/Fedora

I run my own mail server and for years I’ve used squirrelmail as it was a simple interface that just worked and I never really use many of the advanced web mail features anyway. The squirrelmail project hasn’t really advanced a whole lot though and while they do keep up the security fixes and make it work with the latest releases of php there’s been no real development in quite some time so with the move to a new hosted server I decided it was time for a change. I decided to go with RoundCube Mail. The instructions are identical for Fedora as well.

Initial Install
RoundCube is packaged in EPEL and while 0.8.6 isn’t the latest release the ability to “yum install” works for me.

Install the roundcubemail package, mysql and mod_nss for HTTPS (or mod_ssl if you prefer), I’m assuming here you already have a working imap/smtp server. So just a:

yum install roundcubemail mysql-server mod_nss

I plan to use a MySQL DB so to create that I did the following to create the DB and db user:

# mysql -u root -p
mysql> create database roundcubemail;
mysql> create user roundcube;
mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY 'changeme';
mysql> FLUSH PRIVILEGES;
mysql> quit
# mysql -u root -p roundcubemail < /usr/share/doc/roundcubemail-0.8.6/SQL/mysql.initial.sql

To configure RoundCube to access the database edit /etc/roundcubemail/db.inc.php:

$rcmail_config['db_dsnw'] = 'mysql://roundcube:changeme@localhost/roundcubemail';

To configure RoundCube for mail server settings edit /etc/roundcubemail/main.inc.php:

$rcmail_config['default_host'] = 'localhost';

The only config changes I made for the mod_nss was to change the default port from 8443 to the standard HTTPS port of 443 by editing /etc/httpd/conf.d/nss.conf

Configure RoundCube URL and various other apache config like enforcing HTTP edit /etc/httpd/conf.d/roundcubemail.conf:

Alias /webmail /usr/share/roundcubemail

    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

I'll likely tweak the apache config a little more but that ensures its running over SSL for now.

Finally restart apache to make it work 🙂 with a "service httpd restart"

Fixes to enable running SELinux in Enforcing mode
Initial on testing I wad getting an error in the apache logs about writing to logs. I figured this might be a SELinux error so I did a quick setenforce 0 to test my theory and I was right on.

[error] [client 192.168.100.1] PHP Warning:  Error writing to log file /var/log/roundcubemail/errors; Please check permissions in /usr/share/roundcubemail/program/include/main.inc on line 1965

To fix running in enforcing mode I needed to change two SELinux settings. The first was to set the log directory with http_log and the second was to allow httpd to connect to the network. Fixed easily with these two commands:

chcon -R system_u:object_r:httpd_log_t:s0 /var/log/roundcubemail
setsebool -P httpd_can_network_connect=1

Now I don't need to upset Major Hayden or make Dan weep 😉

Fixing the date display
The date column in the mail initially didn't display. Looking at the apache logs I needed to set the php date.timezone setting in /etc/php.ini. I have users in a number of timezones so I was a little concerned at first of chosing one in particular but it doesn't seem to make much difference. Just search for date.timezone in /etc/php.ini and your good to go.

Conclusion
I like my new mail setup. The migration has enabled me to clean up a number of things I've wanted to for some time and just never got around to it. All the commands are basically identical on Fedora or any other EL6 clones. Hopefully it will be useful for others, and of course feedback is welcome.