Category: Linux OS-level Issues

Mount NFS Shares in Linux
article #1045, updated 33 days ago

So you have an NFS server share known to be working, and you want to mount its share(s) on your Linux client machine. Here’s a summary. We’re using NFS4.

  1. So we start out thinking that we have an NFS server 10.11.11.10. We verify it’s ready for connection, if we run this command from the client:
    showmount -e 10.11.11.10
    and receive one or more NFS folder shares, e.g.:
    /Media 10.11.11.0/255.255.255.0
  2. We need a place to mount the share on this machine. So:
    mkdir /Media
  3. Next we try it manually:
    mount -t nfs 10.11.11.10:/Media /Media
  1. Now let’s make sure all of our NFS4-related services are enabled and running on the client.
sudo systemctl enable nfslockd.service
sudo systemctl start nfslockd.service
sudo systemctl enable nfs-idmapd.service
sudo systemctl start nfs-idmapd.service
  1. We now make sure that permissions allow users of the client read/write access to the share. There are two problems here. The first is to make the shared folder and all contents read/writable by all designated users. The second is to make this happen across systems, i.e., from server to clients.

So first we set the shared folder and all contents chmoded g+rwXs, chgrped to a sharing-designated group, on the server side. We then create a new user group on both server and clients, perhaps named “sharedfiles”, add all selected users to that group on clients and server, make sure the GID is the same for the group name on all of the machines, and then reboot them all.

The GID is a numerical indicator for the group, which is more important to the local OS than the name of it. As part of the above we do need to make sure the GID is the same for our new user group, across all machines, or else the OSes will not recognize the equivalency. On each of them then, after the group is created, we do this:

groupmod -g 20000 sharedfiles

A list of current groups and GIDs is available here:

cat /etc/group

You’ll notice that 20000 places the new group long after all of the others in general. This is intentional, to avoid conflict with existing configurations.

  1. Then we set up automount. We do this by adding the following line to the end of /etc/fstab:
10.11.11.10:/Media /Media nfs noauto,x-systemd.automount,intr,rsize=4194304,wsize=4194304,x-systemd.device-timeout=10,timeo=14,x-systemd.idle-timeout=1min 0 0

Items:

  • NFS by itself is normally a very strong connection at a very low level, which means that unless an NFS mount is handled with care by other facilities, a client machine can freeze up very hard if its server becomes unreachable, rather different than SMB on Windows. There are at least three different methods to do this well. The above uses a facility within systemd, which this author found much easier to handle than the other two he found. If your Linux system does not use systemd, you should use one of the others, e.g., autofs, which is a layer unto itself.
  • The option “intr” is instead of “hard” or “soft”. It makes NFS transactions explicitly interruptible, which helps prevent corruption if the server goes down.
  • rsize and wsize can vary a lot. The number is in bytes. The above is a recent report on gigabit; if you’re on a lower-speed network you should use a correspondingly full order of magnitude smaller pair of numbers, e.g., the commonly reported rsize=8192,wsize8192.

Categories:   LAN Networking   Linux OS-level Issues

==============

Reset password on Linux from GRUB
article #1076, updated 46 days ago

If you have access to the console and the machine runs GRUB or something similar, reset of a password is easy. Just interrupt the boot before kernel load (hit the Tab key if it really is GRUB you have there), edit the kernel load line, and add the following to the very end:

init=/bin/bash

Then boot that kernel load line (F10 in GRUB) and the machine will come up in single-user ‘bash’ shell, and you can run ‘passwd’.

Categories:   Security   Linux OS-level Issues

==============

Install Fonts Manually in Linux
article #1048, updated 143 days ago

There is a per-user font installation procedure, but we’ll do this system-wide just in case. This procedure presumes that you are using a modern fully-fledged Linux desktop which includes a font server.

  1. First we create a folder for manual font installs, and give it the right permissions.
    sudo mkdir /usr/share/fonts/manual-installs
    sudo chmod 0555 /usr/share/fonts/manual-installs
  2. Copy all of your .ttf, .otf, etc., files, into the folder, and give them all the right permissions. We’ll say that you downloaded a file named Fonts.zip to Downloads in your home directory, and unpacked it.
    sudo cp ~/Downloads/Fonts/* /usr/share/fonts/manual-installs
    sudo chmod 0444 /usr/share/fonts/manual-installs/*
  3. Update the font cache.
    sudo fc-cache

Categories:   Linux Desktop Specific   Linux OS-level Issues

==============

Microsoft Fonts in Solus Linux
article #1047, updated 150 days ago

Here’s a great set of steps:

http://www.fosslinux.com/1387/how-to-install-microsoft-true-type-fonts-in-solus.htm

In essence it’s two interactive commands, first one, then the other:

sudo eopkg bi --ignore-safety https://raw.githubusercontent.com/solus-project/3rd-party/master/desktop/font/mscorefonts/pspec.xml
sudo eopkg it mscorefonts*.eopkg;sudo rm mscorefonts*.eopkg

Categories:   Linux OS-level Issues   

==============

Linux Speed, Responsiveness, and Latency Reduction with 'sysctl' Settings
article #892, updated 219 days ago

These items help a lot in any application, including desktop, web server, or terminal server. The end of this post has two large compilations of these settings, one for wired (“non-lossy”) networking, one for wireless (“lossy”).

On the vast majority of Linux distributions, one can just add these changes to /etc/sysctl.conf, and then run sysctl -p to apply them without reboot. However, recent additions to standards have enabled us to place custom settings in our own configuration files, so that we don’t take /etc/sysctl.conf out of distro control.

On recent Debian and Ubuntu, we may best put them in /etc/sysctl.d/60-custom.conf (or replace the word “custom” to your liking), and then run sysctl --system to load both /etc/sysctl.conf and everything under /etc/sysctl.d.

On some other recent distros, it’s /etc/sysctl.d/custom.conf (the word “custom” is still arbitrary), and then run systemctl restart systemd-sysctl.

You can check your results with sysctl -A.

The first selection is for wired networking performance:

net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control=illinois

A bit different first group for networking performance, is recommendable for anything involving wireless, i.e., “lossy” networks:

net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control = hybla
net.ipv4.tcp_allowed_congestion_control = hybla cubic

And then some general networking performance items:

net.core.rmem_default = 31457280
net.core.rmem_max = 12582912
net.core.wmem_default = 31457280
net.core.wmem_max = 12582912
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 65536
net.core.optmem_max = 25165824
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1

And some for network security enhancement:

net.ipv4.tcp_synack_retries = 2
net.ipv4.ip_local_port_range = 2000 65535
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15

And now a few to keep virtual memory usage under good control:

vm.swappiness=20
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2

And one to increase the maximum number of open and watched files, very helpful indeed for servers, file synchronization of all sorts, and many other functions:

fs.file-max = 2097152
fs.inotify.max_user_watches = 524288

The above was compiled from these two excellent articles:

http://www.networkworld.com/article/2227856/opensource-subnet/best-networking-tweaks-for-linux.html
https://easyengine.io/tutorials/linux/sysctl-conf/

and other sources. Here is the whole set for wired (non-lossy) networking:

net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control=illinois
net.core.rmem_default = 31457280
net.core.rmem_max = 12582912
net.core.wmem_default = 31457280
net.core.wmem_max = 12582912
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 65536
net.core.optmem_max = 25165824
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.ip_local_port_range = 2000 65535
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15
vm.swappiness=20
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
fs.file-max = 2097152
fs.inotify.max_user_watches = 524288

and another full set for wireless / lossy networking:

net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control = hybla
net.ipv4.tcp_allowed_congestion_control = hybla cubic
net.core.rmem_default = 31457280
net.core.rmem_max = 12582912
net.core.wmem_default = 31457280
net.core.wmem_max = 12582912
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 65536
net.core.optmem_max = 25165824
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.ip_local_port_range = 2000 65535
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15
vm.swappiness=20
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
fs.file-max = 2097152
fs.inotify.max_user_watches = 524288

Categories:   Performance   Linux OS-level Issues

==============

Installing nslookup on Linux
article #1008, updated 327 days ago

Increasingly, nslookup is not installed by default in major Linux distros. On Arch-based and Debian-based distros, it’s in package dnsutils,

Categories:   DNS   Linux OS-level Issues

==============

'atop' for Linux CPU and other resources and performance checking
article #964, updated 471 days ago

‘atop’ seems to have some extraordinary depth.

http://linux.die.net/man/1/atop

Categories:   Linux OS-level Issues   

==============

syncthing on CentOS 7 and multiple Fedora versions
article #948, updated 536 days ago

After scouting a rather large number of potential sources, this one is working extremely well; download the .repo file for your OS and put it with the rest, and you’re in with yum or dnf!

https://copr.fedorainfracloud.org/coprs/decathorpe/syncthing/

Categories:   Tools   Linux OS-level Issues

==============

Set up 'gpg' (GnuPG) for public key verification under Linux
article #921, updated 609 days ago

Verification of packages and many other things under Linux, is often done with GnuPG, also called gpg. Distros don’t always come with this set up completely, because users often have divergent needs. But if you should see anything remotely like this:

linux-3.18.tar ... FAILED (unknown public key 79BE3E4300411886)

edit the file ~/.gnupg/gnupg.conf, and place these contents at the top:

keyserver hkp://keys.gnupg.net

and then run the following command on the missing key(s):

gpg --recv-keys 79BE3E4300411886

Categories:   Linux OS-level Issues   

==============

Compile grub-customizer 4.0.6 when it won't
article #871, updated 652 days ago

Grub Customizer is a great GUI configurator for GRUB, currently the most common boot loader for ix86 and AMD64 hardware. The Customizer has issues compiling on some setups, especially later versions of gcc. Here’s what I found to do:

  1. Download grub-customizer-4.0.6.tar.gz, unpack.
  2. ccmake .
  3. Resolve any missing libraries et cetera. ccmake . again until nothing missing.
  4. Look for these files:
    ./CMakeFiles/grub-customizer.dir/flags.make
    ./CMakeFiles/grubcfg-proxy.dir/flags.make
  5. Add -std=gnu++11 as first item to CXX_FLAGS in both files.
  6. cmake .
  7. Again resolve any missing libraries et cetera. cmake . again until nothing missing.
  8. make
  9. sudo make install

Categories:   Linux OS-level Issues   Booting