Category: Fedora

I’ve been using the freeware VMPlayer and VMware Server for a few years now, and while they function, it’s been a pain to have to recompile kernel modules every time the kernel is updated on my Fedora machines. A big disadvantage of VMWare is that the guests don’t seem to startup when run inside of an NX session, and I can’t run guests “headless” (without a monitor connected) using the free editions.

Based on the recommendation of [Craig Ozancin](http://www.linkedin.com/pub/0/826/810), I’ve tried [Virtual Box](http://www.virtualbox.org/), and I’m pleased with it — it lets me start and stop guests from the command line. I can connect to them using RDP (remote desktop). The new 1.4.0 release includes support for VMWare guest images! VirtualBox hasn’t required me to recompile kernel modules, and it seems to run faster than VMWare.

Goodbye VMware. Hello VirtualBox. What does the future hold? Probably [KVM](http://fedoraproject.org/wiki/Docs/Fedora7VirtQuickStart) (the [kernel-based virtual machine](http://www.phoronix.com/vr.php?view=9066)), which only works with newer Intel and AMD chips containing virtualization instructions.

I later discovered that when I (accidentally) ran the Xen kernel, VirtualBox wouldn’t work. It seems the Xen kernel doesn’t work well with third party virtualization solutions. It’s a good thing I don’t need Xen.

Here’s how to set up an encrypted disk and swap partition on Fedora 6. Refer to Disk encryption in Fedora: Past, present and future for more information. For RedHat (RHEL 4) or CentOS 4, refer to http://wiki.centos.org/TipsAndTricks/EncryptedFilesystem.

Warning: I have no idea how to set up encrypted disks in combination with LVM. I tend to shy away from LVM because it’s yet another layer of abstraction, making it difficult to recover a broken system. However, the following links may be of help: [1], [2].

In these examples, I’m encrypting the /home partition located on partition /dev/sda5, and the swap partition located on /dev/sda3. The partitions will be different on your system.

Create and Format Encrypted Disk

Before you start, you may want to obliterate the partition that will hold the encypted file system:

$ shred /dev/sda5

Setup the crypt disk:

$ cryptsetup -y --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat
/dev/sda5
  # You must type "YES" to proceed
  # It will prompt you for a passphrase twice
$ cryptsetup luksOpen /dev/sda5 home
$ mkfs.ext3 -L /home /dev/mapper/home
$ cryptsetup luksClose home

Create /etc/crypttab

Create the /etc/crypttab file. It should be formatted as follows:

swap    /dev/sda3       /dev/urandom swap,cipher=aes-cbc-essiv:sha256
home    /dev/sda5       none    luks

Edit /etc/fstab

/dev/mapper/home        /home                   ext3    defaults 2 1
/dev/mapper/swap        swap                    swap    defaults 0 0

Whenever you boot the system, it will prompt you for your passphrase for the /home partition.

I upgraded my desktop machine at work from Fedora Core 5 to Fedora Core 6, and since I run the free VMWare Player (the free VMWare Server is also a fine product), I knew I’d have to get it working after the upgrade. It could have been as simple as running ‘vmware-config.pl’, but it wasn’t.

A known issue with Fedora 6 is that on many single processor systems, the
installer loads an i586 kernel instead of an i686 kernel. The workaround for
this, at install boot-time, is to type “linux i686” — except that it only
works for fresh installs — it doesn’t work for upgrades. An i586 kernel was
installed even though I wanted an i686 kernel, and it created problems when I
went to configure VMWare. vmware-config.pl compiles a kernel module against
kernel headers. I had installed the kernel-devel package to get the kernel
headers. It turns out that I had an i686 kernel-devel package, and it didn’t
mesh up well with the i586 kernel that I didn’t know I had.

Run the following command:
rpm -q --queryformat '%{ARCH} %{NAME}-%{VERSION}-%{RELEASE}\n' kernel kernel-devel

This is how I figured out that I had a mismatch. Here’s what I had:

i586 kernel-2.6.18-1.2869.fc6
i686 kernel-devel-2.6.18-1.2869.fc6


Both of those should read ‘i686’. Here are the commands to run (as the ‘root’ user) to resolve the issue:

1. yum -y upgrade # to get the latest kernel, etc.
2. Follow the instructions at http://fedoraproject.org/wiki/Bugs/FC6Common to switch to an i686 kernel.
• yum -y install yum-utils
• yumdownloader kernel.i686
• rpm -ivh --replacefiles --replacepkgs kernel-2*.i686.rpm
3. reboot
4. yum -y install kernel-devel
5. rpm -q --queryformat '%{ARCH} %{NAME}-%{VERSION}-%{RELEASE}\n' kernel kernel-devel # The architecture should be i686
6. touch /usr/src/kernels/2.6.18-1.2869.fc6-i686/include/linux/config.h
7. vmware-config.pl

Update

I can’t recommend upgrading to Fedora Core 6 from version 5. My screensaver (gnome-screensaver) wouldn’t unlock — it never even gave me the chance to enter a password. I tried switching to xscreensaver, but it wouldn’t accept my password. After several fruitless google searches for a resolution to either problem, I gave up and decided to install from scratch. Now my screensaver behaves correctly.

When I did a fresh install, it installed the xen kernel. VMware and Xen didn’t play well together for me — I got nearly 100% CPU utilization when I tried to load a guest. I installed the non-xen kernel, booted that kernel, and reconfigured vmware. Now VMware runs great. If I remember correctly, here are the commands I ran as root:

1. yum -y install kernel
2. reboot into a non-xen kernel
3. touch /usr/src/kernels/2.6.18-1.2869.fc6-i686/include/linux/config.h
4. vmware-config.pl

KVM is the future of virtualization on Linux, from what I gather, so I’m not going to try Xen.

Figured this out using http://www.puschitz.com/SecuringLinux.shtml

Server /etc/exports:

/home/images 192.168.1.123/255.255.255.0(rw,sync)

Server /etc/hosts.allow:

portmap: 192.168.1.123 : allow
mountd: 192.168.1.123 : allow
rquotad: 192.168.1.123 : allow

Client /etc/fstab:

myserver:/home/images /home/images nfs rsize=8192,wsize=8192,nosuid 0 0

Advantages of Fedora Core 5 over FC3/FC4:

• Faster boot times
• Faster Gnome desktop login
• Faster responsiveness in the Gnome user interface (snappier application menu, etc.)
• Suspend to disk and suspend to RAM
• New desktop applications: Beagle desktop search tool, F-spot photo manager, Tomboy note taking application.
• Firefox: Opening a new window is MUCH faster than with FC4.
• Most stable installer to date, in my opinion.
• New HAL integration (hardware abstraction layer) manages USB flash drives, and as a result, they mount on the user’s desktop more quickly than in the past.
• SELinux targetted policies are much more comprehensive
• Better wireless NIC support.
• Xen virtulization.

I find it easier to upgrade rather than reinstall. The upgrade process did not install the new applications that a fresh install would have provided. Therefore, I did a fresh install of FC5 on one machine, and grabbed the package list (FC5 Packages). Then, I upgraded another machine, grabbed the package list ("rpm -qa | sort > upgradepackages.txt“). I generated a ‘diff’ of the two files. Here are the main things I came up with when going from FC4 to FC5:

Missing desktop packages:

• beagle
• f-spot
• frysk
• tomboy
• gnome-backgrounds
• gnome-power-manager
• gnome-screensaver
• gnome-user-share
• nautilus-sendto
• hal-gnome

Missing non-desktop packages:

• xorg-x11-fonts-truetype
• smartmontools
• systemtap
• hplip
• longrun
• irqbalance
• glx-utils
• gmime
• gmime-sharp
• dbus-sharp
• dcraw
• evolution-sharp

It’s always a good idea to read the release notes:
http://fedora.redhat.com/docs/release-notes/fc5/
Install extra software using yum, or using the graphical application ‘pirut’, or view ‘extra’ packages with your browser:
http://fedoraproject.org/extras/5/i386/repodata/repoview/graphical-internet.group.html
Useful packages (from extras repository):

yum install yum-utils gtweakui themes-backgrounds-gnome nautilus-open-terminal nautilus-image-converter nautilus-actions

I’ve been using RedHat/Fedora distributions of Linux since 1995. I typically keep my home machines running a fairly recent release. I find that it’s easier to upgrade if I don’t procrastinate through too many releases.

On the other hand, I’ve found that upgrading too soon can be risky. I depend on third party repositories for some of the software that I use (e.g. an ntfs driver). It takes between two to four weeks before the software repositories start offering their packages for a new distribution.

If I wait at least a few weeks to upgrade, after the release of the new distribution, and I run into problems, I can usually google to find a solution to the problem. If I’m on the bleeding edge, I don’t get that benefit. Instead, I’m the one posting problems and solutions that other people google.

On Monday, I downloaded the recently released Fedora Core 5 DVD via bittorrent, and decided to upgrade my less-critical Fedora Core 3 machine.

Backup. Even though I’m generally careful, I find that it’s easier to recover from a mistake if I have a complete backup. For this, I used Norton Ghost.

First try: I was impressed by the shiny new graphics in the installer. After several screens of questions and after it analyzed my system to figure out what packages to upgrade, it informed me that I didn’t have enough disk space (I only had 2 Gig of free space). The install aborted and I had to reboot my machine.

Yum cache: I use yum to upgrade my machines, and I happen to know that by default, it leaves a cache of the packages in the /var/cache/yum directory. I deleted the directory, which freed up 2 Gig of space. Shouldn’t the installer do that for me?

Second try: The installer ran without a hitch. It upgraded my system, even though it took a while.

First boot: The boot process hung when it tried to initialize OpenCT smart card terminals, whatever those are. I don’t think I have any. Back in the days when Iinstalled FC3, I had to add “acpi=off” and “pci=noacpi” to the boot loader before FC3 would work on my system. The FC5 upgrade had left those options in place. I deleted the options, and rebooted. This time, the boot process didn’t hang. Wierd. There may not have been a correlation.

First login: The GNOME desktop loaded much more quickly than with FC3. However, several error dialogs appeared. Various resources couldn’t be located, including icons for desktop launchers that I had customized. As I already mentioned, the third party repositories that I use with yum didn’t have FC5 packages available.

Upgrade versus Fresh Install: I find that upgrades are less than ideal, especially when I want to experience the new features of a distribution. Upgrades tend to leave out new features and new packages. Since RedHat has been changing SELinux policices at a rapid rate, an upgrade isn’t likely to leave SELinux in a workable state. A fresh install is better. For a home, desktop system that isn’t a server, it’s probably best to disable SELinux. It will be interesting to see how SELinux fares compared to the now open-source AppArmor that is included with SUSE. AppArmor appears to be easer to use and configure, but SELinux has fewer gaps in security coverage. I tend to think that ease-of-use will win out. In any case, I do use SELinux to protect one of my web servers.