Category: Linux OS-level Issues

Mount NFS Shares in Linux
article #1045, updated 29 days ago

So you have an NFS server share known to be working, and you want to mount its share(s) on your Linux client machine. Here’s a summary. All commands are in “sudo -s” or root login.

  1. Let’s postulate that the server share is visible on server 10.11.11.10, and its name is “/srv/nfs”.
  2. We need a place to mount the share on this machine. So:
    mkdir /nfs
  3. Next we try it manually:
    mount -t nfs 10.11.11.10:/srv/nfs /nfs
  1. We now make sure that permissions allow users of the mounting machine read/write access to the share. By far the simplest way this author has found to do this, is to have the shared folder and all contents chmoded g+rwXs, chgrped to a sharing-designated group, on the server side. On the client side what’s to do, is to make sure that sharing-designated group exists with the same GID. So let’s say the group we’re designating for sharing setup is called “sharegroup”. Before we set this up, a ls -l from root on the client machine may look something like this:
drwxrwsr-x 11 1000 1001 4096 May 14 04:06 folder1
drwsrwsr-x 25 1000 1001 4096 Apr 19 07:49 folder2
drwsrwsr-x 21 1000 1001 4096 Apr 18 23:53 folder3

If you compare with ls -l of a local folder, you’ll see that the third and fourth fields from the left should be owning username, and owning groupname. The groupname as viewed from the server will be “sharegroup” if things are set according to this method. You will need to add a group on the client side, with the same name and GID, i.e., if ‘1001’ were really the GID as above:

groupadd -g 1001 sharegroup

And then add yourself to ‘sharegroup’ on the local machine:

usermod -a -G sharegroup username

A logoff and logon is then best, to make sure all of the security settings are activated.

  1. Then we set up automount at boot. We do this by adding the following line to the end of /etc/fstab:
10.11.11.10:/srv/nfs   /nfs   nfs   rsize=8192,wsize=8192,timeo=14,_netdev,intr	0 0

The final option “intr” is instead of “hard” or “soft”. It makes NFS transactions explicitly interruptible, which helps prevent corruption if the server goes down.

Categories:   LAN Networking   Linux OS-level Issues

==============

Install Fonts Manually in Linux
article #1048, updated 29 days ago

There is a per-user font installation procedure, but we’ll do this system-wide just in case. This procedure presumes that you are using a modern fully-fledged Linux desktop which includes a font server.

  1. First we create a folder for manual font installs, and give it the right permissions.
    sudo mkdir /usr/share/fonts/manual-installs
    sudo chmod 0555 /usr/share/fonts/manual-installs
  2. Copy all of your .ttf, .otf, etc., files, into the folder, and give them all the right permissions. We’ll say that you downloaded a file named Fonts.zip to Downloads in your home directory, and unpacked it.
    sudo cp ~/Downloads/Fonts/* /usr/share/fonts/manual-installs
    sudo chmod 0444 /usr/share/fonts/manual-installs/*
  3. Update the font cache.
    sudo fc-cache

Categories:   Linux Desktop Specific   Linux OS-level Issues

==============

Microsoft Fonts in Solus Linux
article #1047, updated 36 days ago

Here’s a great set of steps:

http://www.fosslinux.com/1387/how-to-install-microsoft-true-type-fonts-in-solus.htm

In essence it’s two interactive commands, first one, then the other:

sudo eopkg bi --ignore-safety https://raw.githubusercontent.com/solus-project/3rd-party/master/desktop/font/mscorefonts/pspec.xml
sudo eopkg it mscorefonts*.eopkg;sudo rm mscorefonts*.eopkg

Categories:   Linux OS-level Issues   

==============

Linux Speed, Responsiveness, and Latency Reduction with 'sysctl' Settings
article #892, updated 105 days ago

These items help a lot in any application, including desktop, web server, or terminal server. The end of this post has two large compilations of these settings, one for wired (“non-lossy”) networking, one for wireless (“lossy”).

On the vast majority of Linux distributions, one can just add these changes to /etc/sysctl.conf, and then run sysctl -p to apply them without reboot. However, recent additions to standards have enabled us to place custom settings in our own configuration files, so that we don’t take /etc/sysctl.conf out of distro control.

On recent Debian and Ubuntu, we may best put them in /etc/sysctl.d/60-custom.conf (or replace the word “custom” to your liking), and then run sysctl --system to load both /etc/sysctl.conf and everything under /etc/sysctl.d.

On some other recent distros, it’s /etc/sysctl.d/custom.conf (the word “custom” is still arbitrary), and then run systemctl restart systemd-sysctl.

You can check your results with sysctl -A.

The first selection is for wired networking performance:

net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control=illinois

A bit different first group for networking performance, is recommendable for anything involving wireless, i.e., “lossy” networks:

net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control = hybla
net.ipv4.tcp_allowed_congestion_control = hybla cubic

And then some general networking performance items:

net.core.rmem_default = 31457280
net.core.rmem_max = 12582912
net.core.wmem_default = 31457280
net.core.wmem_max = 12582912
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 65536
net.core.optmem_max = 25165824
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1

And some for network security enhancement:

net.ipv4.tcp_synack_retries = 2
net.ipv4.ip_local_port_range = 2000 65535
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15

And now a few to keep virtual memory usage under good control:

vm.swappiness=20
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2

And one to increase the maximum number of open and watched files, very helpful indeed for servers, file synchronization of all sorts, and many other functions:

fs.file-max = 2097152
fs.inotify.max_user_watches = 524288

The above was compiled from these two excellent articles:

http://www.networkworld.com/article/2227856/opensource-subnet/best-networking-tweaks-for-linux.html
https://easyengine.io/tutorials/linux/sysctl-conf/

and other sources. Here is the whole set for wired (non-lossy) networking:

net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control=illinois
net.core.rmem_default = 31457280
net.core.rmem_max = 12582912
net.core.wmem_default = 31457280
net.core.wmem_max = 12582912
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 65536
net.core.optmem_max = 25165824
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.ip_local_port_range = 2000 65535
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15
vm.swappiness=20
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
fs.file-max = 2097152
fs.inotify.max_user_watches = 524288

and another full set for wireless / lossy networking:

net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control = hybla
net.ipv4.tcp_allowed_congestion_control = hybla cubic
net.core.rmem_default = 31457280
net.core.rmem_max = 12582912
net.core.wmem_default = 31457280
net.core.wmem_max = 12582912
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 65536
net.core.optmem_max = 25165824
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.ip_local_port_range = 2000 65535
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15
vm.swappiness=20
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
fs.file-max = 2097152
fs.inotify.max_user_watches = 524288

Categories:   Performance   Linux OS-level Issues

==============

Installing nslookup on Linux
article #1008, updated 214 days ago

Increasingly, nslookup is not installed by default in major Linux distros. On Arch-based and Debian-based distros, it’s in package dnsutils,

Categories:   DNS   Linux OS-level Issues

==============

'atop' for Linux CPU and other resources and performance checking
article #964, updated 358 days ago

‘atop’ seems to have some extraordinary depth.

http://linux.die.net/man/1/atop

Categories:   Linux OS-level Issues   

==============

syncthing on CentOS 7 and multiple Fedora versions
article #948, updated 423 days ago

After scouting a rather large number of potential sources, this one is working extremely well; download the .repo file for your OS and put it with the rest, and you’re in with yum or dnf!

https://copr.fedorainfracloud.org/coprs/decathorpe/syncthing/

Categories:   Tools   Linux OS-level Issues

==============

Set up 'gpg' (GnuPG) for public key verification under Linux
article #921, updated 495 days ago

Verification of packages and many other things under Linux, is often done with GnuPG, also called gpg. Distros don’t always come with this set up completely, because users often have divergent needs. But if you should see anything remotely like this:

linux-3.18.tar ... FAILED (unknown public key 79BE3E4300411886)

edit the file ~/.gnupg/gnupg.conf, and place these contents at the top:

keyserver hkp://keys.gnupg.net

and then run the following command on the missing key(s):

gpg --recv-keys 79BE3E4300411886

Categories:   Linux OS-level Issues   

==============

Compile grub-customizer 4.0.6 when it won't
article #871, updated 538 days ago

Grub Customizer is a great GUI configurator for GRUB, currently the most common boot loader for ix86 and AMD64 hardware. The Customizer has issues compiling on some setups, especially later versions of gcc. Here’s what I found to do:

  1. Download grub-customizer-4.0.6.tar.gz, unpack.
  2. ccmake .
  3. Resolve any missing libraries et cetera. ccmake . again until nothing missing.
  4. Look for these files:
    ./CMakeFiles/grub-customizer.dir/flags.make
    ./CMakeFiles/grubcfg-proxy.dir/flags.make
  5. Add -std=gnu++11 as first item to CXX_FLAGS in both files.
  6. cmake .
  7. Again resolve any missing libraries et cetera. cmake . again until nothing missing.
  8. make
  9. sudo make install

Categories:   Linux OS-level Issues   Booting

==============

An approach to a Linux terminal server
article #891, updated 579 days ago

This project:

http://www.x2go.org

appears very good.

Categories:   Linux OS-level Issues