mercredi, avril 29 2020, 09:31

Fixing docker-engine, docker-ce on Fedora 32

I've been using Fedora for some years now (probably 5). I have participated in a bunch of beta when new releases were approaching. At my new job I'm building our next infrastructure, which will be based on docker. So When I joined 2 months ago I installed the official docker packages following these instructions. Things worked well.

I've been willing to beta test Fedora32, because I can, I like using unstable software (I've been using firebox unstable since probably 2000 when it was called mozilla suite) and filling bug reports. In the past I've been bitten by selinux once - and nits of issues with gnupg - but nothing that prevented me from going back quickly to work. So I've been wanting to use 32 for a while but was reluctant because of :

root@saraan firewalld# dnf update
Docker CE Stable - x86_64                                                                                                   725  B/s | 577  B     00:00    
Errors during downloading metadata for repository 'docker-ce-stable':
 - Status code: 404 for https://download.docker.com/linux/fedora/32/x86_64/stable/repodata/repomd.xml (IP: 2600:9000:2047:de00:3:db06:4200:93a1)
Error: Failed to download metadata for repo 'docker-ce-stable': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Docker CE Test - x86_64                                                                                                     654  B/s | 575  B     00:00    
Errors during downloading metadata for repository 'docker-ce-test':
 - Status code: 404 for https://download.docker.com/linux/fedora/32/x86_64/test/repodata/repomd.xml (IP: 2600:9000:2047:d800:3:db06:4200:93a1)
Error: Failed to download metadata for repo 'docker-ce-test': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Ignoring repositories: docker-ce-stable, docker-ce-test

And I wanted to make sure that I could still work. I've asked on Mastodon/Twitter when the docker repos would have 32 equivalent without any answers. I when to the docker forums and posted there.I didn't get a single reply.

Finally, last Sunday I updated to 32 without a single issue. Until yesterday when I did a docker-compose up and that docker project dind't work at all (issue connecting to the http interface of the service / issue between the app and it's postgresql backend). I tried cleaning up everything I could, it didn't help, nor did qwanting, googling or binging. journalctl -e -u docker.servicel was of course almost empty :

No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: nameserver 8.8.8.8 nameserver 8.8.4...

Which I'm very unhappy about. So I ended doing a quick search on twitter and found a twitt in japanese which gave me a hint. I confirmed the hint :

root@saraan firewalld# systemctl status firewalld.service 
● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2020-04-28 17:56:10 CEST; 15h ago
       Docs: man:firewalld(1)
   Main PID: 1079 (firewalld)
      Tasks: 2 (limit: 18853)
     Memory: 46.2M
     CGroup: /system.slice/firewalld.service
             └─1079 /usr/bin/python3 /usr/sbin/firewalld nofork nopid

Apr 28 17:56:17 saraan firewalld1079: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER' failed: iptables: No chain/target/match by t>
Apr 28 17:56:17 saraan firewalld1079: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain> 
Apr 28 17:56:17 saraan firewalld1079: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain>

Switching the backend for firewalld from nftable to iptable did fix my issue. Thanks twitter.

mardi, mars 31 2020, 14:00

Mounting your projet directory in vagrant on Fedora using libvirt provider

I've been struggling with mounting my projects files into vagrant. NFS was timing out and other such errors. Googling did not help. Asking on the ask fedora Forum did provide some hints and after googling a bit more I found the solution. The solution involves using sshfs instead of the default NFS mount vagrant wants to use.

So first off install vagrant-sshfs using dnf ``` sudo dnf install vagrant-sshfs ``` now you need to edit your Vagrantfile and tell vagrant not to mount the default "." on "/vagrant ``` config.vm.synced_folder ".", "/vagrant", disabled: true ``` If you don't do that vagrant will try to load it via NFS and fail. Now tell vagrant to mount using the following directive : ``` config.vm.syncedfolder ".", "/vagrant", type: "sshfs", sshfsopts_append: "-o nonempty" ```

This still did not work because ssh was failing the trick was to use SSHAUTHSOCK= vagrant up instead of just vagrant up

jeudi, avril 5 2018, 11:52

Making unbound your default resolver on Fedora

I've had unbound installed for quite some time now. The idea to have an uncensored dns resolver has always been something I wanted. Adding that unbound also does dnssec validation I was a fan (even If I stopped running dnssec here - cause it caused me too much trouble). Here is my recipe on Fedora 27 to make unbound your resolver:

  • sudo dnf install unbound
  • sudo systemctl enable unbound
  • sudo systemctl start unbound
  • journalctl -f -l -u unbound.service
  • sudo vi /etc/NetworkManager/NetworkManager.conf
    • add dns=unbound
  • ls -l /etc/resolv.con
    • if it's a symlink , do unlink /etc/resolv.conf
  • sudo vi /etc/unbound/unbound.conf
  • *uncomment access-control: 127.0.0.0/8 allow and access-control: ::1 allow
  • sudo systemctl restart unbound

et voila ! I was greatly helped by https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html

jeudi, mars 9 2017, 15:16

Comparatif d'installation Fedora 25 et Ubuntu LTS

J’ai une nouvelle machine une bien jolie station de travail – et je cherche en sus de Windows (que je garde pour faire des maj de bios, etc.) à y installer Linux. J’ai donc commencé par fedora, et là je lance une Ubuntu (parce que le support CUDA dans fedora 25 n’est pas là).

  • Le secureboot Ubuntu veut un mot de passe long pas moyen de forcer dans <u>F</u>edora c’est plus rapide
  • le test du media dans fedora permet l’installation ensuite, pour Ubuntu il faut rebooter.
  • ça me semble plus lent Ubuntu
  • le programme pour les partitions est plus clair dans fedora
  • Ubuntu télécharge les maj du système pendant l’installe
  • <u>quand</u></u><! err_end > je <u id="err7_1" class="error spell" href="#" onclick="return false;">boot je me tape un « secure boot violation avec Ubuntu », pas avec fedora
  • au premier boot j’ai plein d’artifacts à l’écran
  • L’interface par défaut de ubuntu est grossière/pas fine c’est moins beau
  • l’installation des pilote nvida est super facile pas aussi compliqué chiante que sur fedora
  • y a tout un trucs pour les maj du système, j’ai jamais vu dans fedora, mais je passe mes dnf update régulièrement.
  • le boot menu est moche – mais sans doute plus pratique quand y a une grosse merde.
  • Après l'installation du drivers nvidia, impossible de me connecter en mode graphique , j'ai du taper un mot de passe pour virer le secure boot , bref bizare comme expérience utilisateur.
  • Après avoir mis le secure boot à off le driver est reconnu !!

mercredi, février 22 2017, 10:23

Je viens d'ajouter TZ à mon /etc/profile

Après avoir lu https://blog.packagecloud.io/eng/2017/02/21/set-environment-variable-save-thousands-of-system-calls/ j'ai éditer sur mes machines fedora et centos /etc/profile afin d'y exporter TZ :

TZ=:/etc/localtime
export TZ

j'ai bien entendu pris le temps de vérifier les dire du blog ci-dessus.

jeudi, février 16 2017, 14:21

Fedora or Centos ? titq

I'm soon going to get a new machine , a beefy one, a desktop workstation with 2 xeon inside. The plan is to run a bunch of services on VM, for testing and learning. I'd like to have a bunch of host running puppet , and fake services just for my admin skills to get better.

I'm having to choose which distribution to run on the machine. I need to choose between fedora and centos. Knowing that I'll run a bunch of VM on centos and probably none fedora based ones. I want my use of the base OS to benefit as most as it can to the rest of the world, and I have no idea how redhat works for QA and such, hence this post. To make my machine benefit more users what should It run ? (for example If I was asked the question for Firefox, knowing that I'm still a tech savvy person, I would answer nightly)
You'll get bonus points if you let me know what VM software to run :)