Fedora Crash, again

Preparing to go off on my semi-annual visit east I was trying to ensure that the primary systems here that have encrypted root drives (oregano, cinnamon and rosemary) could each be rebooted from afar by attaching to a dropbear instance during the initramfs. See article on booting notes about that.

Somehow Oregano became unbootable. Again. It usually takes three or four hours of flailing around to figure out what little thing has caused it to point its casters to the sky. It takes only a little longer to just rebuild from scratch with the latest release.

So I built a new root/boot disk using Fedora 30. No chance to prepare, but I have good backups and my scripts for remembering everything that has to be restored are pretty good now. Time to put them to the test.

So I installed onto a spare SSD, and then went through the restore process. There were a number of little problems as follows, but this is about typical for a full rebuild.

  1. Copied from cinnamon backups: the crypttab, mdadm.conf, and .keyfile onto a usb key, and copied them to oregano on a created directory /DEEKEY.
  2. Made some adjustments to the oregano_restore script on cinnamon. Fixed fstab: no media downloaders, opendkim, openvpn, ssh certs, samba private, crypttab. Committed back to repo. Copied onto the key and moved to /DEEKEY.
  3. Did a dnf update. Very little there.
  4. Run the script: ./restore_oregano | tee -a restore.log.1
  5. Lot of problems with the installs. Eliminated all of eclipse, and s3cmd.
  6. Problem with creating private key link, fixed and committed.
  7. The restore of the firewall – running firewall config had a problem. I have currently left the fedora firewall in place. Created a todo item to look at it, and see if I can just use the fedora firewall. (I did).
  8. Postfix restore tripped on access, which we don’t use. In fact, postfix restore is way too complicated with stuff we don’t use. Added to list to review and get rid of.
  9. After install, don’t have the desktop apps, the gconf setup from /home/dee/.config and /home/dee/.local as expected. Terminal windows not set up right.
  10. Openwindows stuff: need wmctrl, added to packages needing to be installed.
  11. Current script doesn’t restore dee to sudo privileges. Probably do with wheel.
  12. Opendkim userid changed. This is a common problem with system installed userids, like openkim, which may change from one install to the next while the restored files have the old userid as owner.
  13. Certbot didn’t get installed, added to the reinstall list.
  14. After the install I had trouble (AGAIN!) with python -version 2 versus version 3. I changed the package install to specifically install python3 next time. This may still not do what I want.
  15. My dmarc scripts had trouble. In installed python3, but I also had to install mysqlclient, which was python3 -m pip install mysqlclient

Things to do:

  • Dropbear needs to be reloaded – DONE
  • php-fpm – DONE
  • Investigare using firewalld instead of my own – DONE
  • Review postfix files no longer needed, since oregano no longer accepts mail from the net – DONE
  • Reinstall eclipse – DONE
  • Figure out how to preserve terminal window properties – DONE
  • Figure out how to restore a modified cursor