All posts by dee

Another self inflicted wound

Shot off my foot.

I was working on some scripts which I will use on some other people’s macs (my wife has a new macbook air, and there is another friend I need to do this for also). These are bash scripts to be run from the terminal, and are supposed to set them up so I can help them from afar. One of the things the script does is create a user for me to use. I guess I was kinda “practicing” the transfer of the script via email, and I thoughtlessly ran the script on my macbook. Oops.

It tried to create a user dee with command line tools, and there was already a user dee. This was in El Capitan (the latest my ancient macbook will run), and there seemed to be no safeguards against idiocy. It seemed to foul things up. I rebooted, user dee was hidden — it was partly the new one, partly the old one, it wanted to “repair” the keychain, but couldn’t. There were a bunch of question marks in the dock. It couldn’t run anything. It was a mess. I was able to get up under a different username, and I was able to make a good backup. But I couldn’t recover. So then, from this hole I was in, I started to dig myself in farther, aiming (so it seems) for the center of the earth.

Continue reading Another self inflicted wound

Out of space on btrfs

I don’t know if I actually know enough to write this post. But I want to record what little I do know about this.

The symptom is that my tarragondata volume on this system, tarragon, claims to be out of space. This is a btrfs volume, about which there are other posts. It contains most of the dynamic parts of the system. The root volume ‘/’ is very small, about 20GB. Just enough to install the Centos code and keep a few little things. The great majority of the information needed to run the system is symlinked out of /, which includes /home, mail, databases, websites and their data, the repositories, certificates, local scripts etc.

This is a 180GB disk, and it currently is running about 55% full, i.e. almost 100GB used. Among the information on this disk are snapshots of all the tarragondata, every night for 30 days. This isn’t disaster backup/disk failure backup (which is elsewhere), this is “operator error” backup.

A couple of weeks ago I began to experience a new kind of failure. In the middle of the night, suddenly this btrfs volume would report that it was out of space – usage 100%, although the amount of storage in use was, still the roughtly 100GB that it normally uses. It manifestly was not actually out of space.

Continue reading Out of space on btrfs

The working environment

I’m an old guy, and I mostly use pretty old stuff, but occasionally I think I should migrate to more up to date tools. I’ve used svn for 20 years. I know I should have moved to git long ago. I have also been using Eclipse as an IDE since forever. I run on apache. My systems aren’t virtual. One of my main websites is still hand wrought in PHP, and another is using an ancient and obsolete version of zend framework which has been abandoned by Zend. I think of moving it, maybe to laravel, maybe even to ruby on rails.

This documents my effort to modernize, if only a little. This is a very uncomfortable process because there are times when I’m sure I’m going to foul up the running sites, and be unable to get them up, or that I’m not going to be able to fix the next bug that comes along.

Continue reading The working environment

Arch Keys

Needed to install calibre on oregano, for a downloaded e-book. So, I found calibre in the Arch User Repository, AUR.

I’ve been using AUR a good deal, but I constantly forget what to do and have to look it up: copy the url for the git link, create a directory, git clone from the link. cd into the directory, non-root. Inspect the BUILDPKG for safety. Then:

Continue reading Arch Keys

Goodbye fedora

I’ve commented in a number of previous posts that I have had an inordinate amount of trouble with Fedora, compared to other distributions I have used. There were also a few posts about my efforts with Arch. Now I am biting the bullet and declaring the move of my main daily work computer to Arch to have been completed. I have been running on Arch for a month or three, and there is no going back.

Continue reading Goodbye fedora

No Worthy mechs

I just built another little gateway pi, on Raspbian. It is a newer Raspbian than I used for the others. And newer is better, right? But when the little fellow came up, postfix claimed it couldn’t relay through tarragon, because it couldn’t accomplish login. Sasl authentication failed, no worthy mechs.

I remember good old “no worthy mechs” from way back when, always thought it a very cool error message. But why in the heck am I getting this? I’m not doing anything fancy.

I had a vague nagging feeling from some old Fedora problems, long ago. Could it be that I have to install some kind of sasl library, even to do plain authentication? Poked around a little. Eventually did an apt install libsasl2-modules and sasl2-bin. Sure enough, they actually installed.

And afterwords postfix came up and send the mail out of the queue. I’ll be dipped in … I am surprised. This was not something I had to do before. Is this an improvement in Raspbian. Don’t package any sasl mechs, make the poor sod figure out why sasl authentication won’t work.

This is to help me remember the next time this happens.

Re-signing Openssh Certificates

Seldom do I get to write a post where I am offering information which might not actually be out there in a lot of places. I could not find this information on the web, and had to figure it out myself, by reading the code, and doing experiments.

I talked in the last post about the need to re-issue all the openssh certificates, in order to update the hash algorithm used for the signatures. My way of maintaining the certificates, in my repository, would make it easy for the signing box to get all the existing certificates, but not (directly) the public keys that are inside those certificates.

Continue reading Re-signing Openssh Certificates

SSH Certificate signing

I’ve encountered a problem migrating from Fedora to Arch which ends up being about ssh and openssh certificates. I look back and discover that I never posted anything about my movement toward openssh certificates. Curious because I wrote a lengthy document about it (because of my leaky brain – not because I am any kind of authority on it).

I will probably go back and write a post about it, and back date it. But now a problem has arisen. Rather than explain, let the boys at openssh speak for themselves, in the release notes for openssh 8.2:

Continue reading SSH Certificate signing

Percona Toolkit

This is to help me remember how to get percona toolkit, so that I can get the grants information out of the mysql database – the database in mysql which keeps tracks of users, databases, and (in particular) grants, i.e. permissions.

I originally dug this up for use when I was migrating tarragon. But now I am working on migrating oregano from fedora to arch, and I will have to transfer the databases. I have finally learned (I admit I am slow) that one cannot expect to be able to move the database directory even from one release to another, let alone from one distribution to another. The only way to do this properly is to dump the databases, reinstall mariadb/mysql in the new place, and set it up, and then reimport the dumped databases.

Continue reading Percona Toolkit