4K Screen

I’ve been using this Samsung 4K screen for 3 years. I never adjusted any of the parameters for making things larger. I just got used to the small fonts, and blew things up by application when I needed to.

I’ve been doing some reading in anticipation of getting a new laptop maybe with hidpi. Learned stuff about changing resolution.

With Gnome-Tweak tool->Windows->HIDPI Window scaling, can blow up everything in Gnome. Can only have integer values, so with 2, I can double the size. But after several years of smaller sizes I don’t really like this. Might need it on the laptop though.

With Firefox and Thunderbird, use config editor and find layout.css.devPixelsPerPx. This can have non integer values and 1.5 in Thunderbird is better for me. For Firefox I currently have it set at 1.3.
Continue reading 4K Screen

Apache module debugging

I have some problem using mod_xsendfile on tarragon. I’ve been working on getting this working for 2 days. I have had to get into the source code of the apache module to figure it out, and I want to turn on the debugging option to see what is going on.

So I have to recompile the c source file, with the define of _DEBUG, and install the it as a module. Had to figure out how to do this. It is very easy. But easy doesn’t mean I’ll remember it, thus this post.

I cloned the source:

git clone https://github.com/nmaier/mod_xsendfile (into my local git repo), and then cd into the directory, and

apxs -D_DEBUG -i -c mod_xsendfile.c

This creates the module with debugging defined, and puts it in /usr/lib64/httpd/modules/mod_xsendfile.so

It still needs to be loaded into apache. Instructions at his site say to use the -a flag, to activate, but while that would work on a simple site, it tries to put the LoadModule into /etc/httpd/conf/httpd.conf, and all my LoadModule statements are in files in the directory /etc/httpd/conf.modules.d so I need to create /etc/httpd/conf.modules.d/xsendfile.conf containing:

LoadModule xsendfile_module modules/mod_xsendfile.so

The module will log debug statements, but this still won’t actually get you any log records until you set LogLevel debug in the apache config file.

Then restart apache and Bob’s your uncle.

Migrating to dovecot

I’ve been using cyrus imap for about 15 years. I’m probably the last user. Carnegie Mellon recently announced that they were abandoning cyrus-imap. I never tried to get any help from them anyway, so I guess that isn’t a big deal, but it did make clear that I was using an out of date product. I also knew the product to be fragile and brittle, and tools for repair were not really available. Also, I had some things wrong with my cyrus files that were nagging. Overall it was past time to move on.

I didn’t look far for a replacement, in fact I didn’t do much research at all. Dovecot seemed the place to go. So after doing some reading I set about to convert. My plan was to convert first on oregano, my local development machine, and get it working there. I get almost no mail there. Then, once I thought I knew what I was doing, I would convert to it on one of the client websites I maintain where, again, there is very little mail, but there is some, and there are two or three accounts only, and the mail is mostly error things. Not very important. Finally, after those two, I would convert the mail on tarragon, where there is some 13GB of mail for about a dozen or so users. Continue reading Migrating to dovecot

Adjusting the size of the tarragondata volume

At one point I was getting low on space on tarragondata, so I added an additional physical device to the btrfs filesystem containing tarragondata.

[root@tarragon backup_scripts]# btrfs fi show
Label: 'tarragon_data' uuid: d6e4b6fc-8745-4e6e-b6b4-8548142b5154
 Total devices 2 FS bytes used 92.04GiB
 devid 1 size 120.00GiB used 120.00GiB path /dev/xvdf1
 devid 2 size 30.00GiB used 30.00GiB path /dev/xvdg

This is fine, but there are a couple of problems. The main one is that I can no longer use the EC2 snapshot capability on tarragondata, which meant that the nightly EC2 snapshot feature I was using had to be deimplemented.

But now I am about to create a new tarragon instance, and it would be really helpful to be able to snapshot tarragondata (Amazon snapshot, not btrfs snapshot) and then create a new Amazon volume with a consistent snapshot for testing. Continue reading Adjusting the size of the tarragondata volume

mdadm consistency checks

On ubuntu it seems there is an automatic mdadm array check provided in /etc/cron.d/mdadm, automatically installed with mdadm. This invokes a utility /usr/share/mdadm/checkarray and the cron is set to run this on the first Sunday of every month at 12:57am. And it is set to do this check on all arrays at one time.

This is horrible! So with 5 arrays, totalling 25TB, when this sucker fires up it quickly saturates the i/o capacity of cinnamon, slows to a crawl and settles in to run forever.

I’ve commented that out, and added my own /etc/cron.d/dee_mdadm which doesn’t do all the goofy shenanigans to try to ensure the thing runs on a Sunday (WHY?! Because the guy who wrote it doesn’t work on Sunday?). Instead, my version simply runs on the first of the month, at 12:57am, and on each month it starts the consistency check on a different array. I have 5 arrays, so 3 are checked twice a year, and 2 are checked thrice. Checking just one at a time means there is a good chance it will be done before morning, at least for the small arrays.

I don’t really think the whole consistency check idea is doing me much good, but at least this doesn’t unaccountably bring the system to its knees on the first Sunday of every month.

Updating certificates to “Let’s Encrypt” with ACME

I’ve used a variety of certificate providers over the years, Thawte, CA-Cert, Verisign, Comodo, Startcom. Until about six months ago I was using Startcom, and had spent a fair amount of energy setting that up for my own site (this one) as well as all the other sites I manage.

Then Wo-Sign acquired Startcom, and browsers starting distrusting Startcom. I ended up buying a cert from Comodo for this site.

But then I found out about Let’s Encrypt. Not only are they free, but they have this whole ACME auto update thing worked out, using various ACME clients. I’ve been using Certbot from EFF. Continue reading Updating certificates to “Let’s Encrypt” with ACME

Fail: Resizing /boot on Cinnamon

The current 128GB (119.2GiB) Plextor M.2 disk on cinnamon was created with a very small (256MB/243MiB) /boot partition. Turns out this was a mistake, as it will only hold 3 kernels, so I’m constantly having to go in and remove kernel n-3 to make room.
The remainder of the drive is a single extended partition, containing a 119GiB LUKS container, which contains a 119GiB LVM volume group, which has a root of 107.3GiB and an 11.7GiB swap. The root is only 13% utilized, and while it may grow a little it is in no danger or running out of space. The swap is also far larger than needed. I want to steal a couple of GB from one of them to increase the /boot, but I want to do this while retaining the contents of both the / and the /boot.
Long story short, turns out I wasn’t able to do it. But the journey was a great learning experience for me, so I’ve kept the notes, for future reference.
Continue reading Fail: Resizing /boot on Cinnamon

Mysql 5.7 on Fedora 25

Had a fair amount of trouble getting mysqld to run properly on Fedora 25.

One issue was that mysql 5.7 introduces expiration of passwords, and ALL my passwords expired, including root. I couldn’t do anything, including change my password. Catch 22.

Also, the tables were out of date, and I needed a mysql_upgrade. But I couldn’t do that, because my password was expired.

Eventually figured out that I could change the password with mysqladmin password “goop”

After this, I was able to get in as root, and eventually get all the passwords marked as legitimate.

I was also able to update all the tables with mysql_upgrade.

In researching and troubleshooting this, I discovered a bunch of errors on cinnamon, with innodb generating errors of the form:

InnoDB: Ignoring tablespace `xbmc_video90/directorlinktvshow` because it could not be opened.

I’m pretty sure what happened here was that I removed the files for old xmbc databases from /var/lib/mysql, but didn’t actually drop the databases first. This is a bad habit left over from pre-Innodb when you could get rid of a mysql database just by removing the files.

I made a lot of attempts to fix this with setting in mysqld.conf:

innodb_force_recovery = 1 (or 2 or 3)

but it never worked. In the end I managed to get rid of these errors by :

mysqladmin create xbmc_videoxx (or xbmc_musicxx)

and then

mysqladmin drop xbmc_videoxx

mysqladmin generates a whole bunch of errors and warnings about not being able to find the files, but it does seem to remove the dreck from the innodb files.

 

 

Upgrading to Fedora 25

Every upgrade is a little easier, as my restore scripts get better. This was probably the easiest in more than a decade.

This earlier post describes how I put the persistent parts of the system onto btrfs subvolumes, so that on a new system I only need to symlink most of the stuff.

I created a usb stick, containing the resore script, a keyfile for the encrypted drive containing the btrfs subvolumes (the drive is encrypted), and the Nvidia driver installer (which I didn’t need). Halted the system, changed to a different boot ssd drive in the 2.5″ removable drawer, and installed onto it from the downloaded Fedora 25 installer.

This time I made the /boot partition much larger, so that I’m not having to clean up old kernels so often.
Continue reading Upgrading to Fedora 25

Disabling ipv6

I was really keen to get ipv6, and very pleased when my provider (wretched hateful Comcast) finally gave me an ipv6 address.

What I didn’t know was that most VPN providers, including the one I use, are only tunneling the ipv4 traffic. So if you make a connection to a location that supports ipv6 (has an AAAA record) the connection will completely bypass the vpn tunnel.

I have temporarily turned off ipv6 on the external interface by putting this into /etc/sysctl.conf:

net.ipv6.conf.enp4s1.disable_ipv6 = 1