?

Log in

Mon, Feb. 13th, 2017, 07:56 pm
Migrating from LEAP to Tumbleweed is a Zypp

So after careful consideration, I decided to upgrade my server to Tumbleweed instead of LEAP. I already did this on my desktop, and saw no problems (though minor config updates and the usual stuff was an issue, but expected). Well, I am now doing it on my server because I've seen no adverse problems with laptop/desktop running Tumbleweed, and the added packages are a plus.
Migrating from LEAP 42.1 to Tumbleweed was a cinch. Following their Upgrade Guide (https://en.opensuse.org/openSUSE:Tumbleweed_upgrade) seems to be spot on. The only caveat (hence this article) was that I had a plethora of ancillary repos for all the crap that didn't come with LEAP. In order for my upgrade to not break dependencies, I had to add a couple of steps.
High level, the steps are:

  1. update all packages (reboot!)

  2. move your current repos out of the way, backing them up

  3. add the default repos

  4. add the custom repos for tumbleweed

  5. zypper dup. Except for step four, the other steps are in the link above.

To resolve step four, I basically took my current custom repos (packman, Mono:Factory, google-chrome; virtualbox) and resolved their Tumbleweed URL versions.
First before you start at all, list out all of your repos with their URL's: zypper lr -u
I paid attention to my custom repos: google-chrome, virtualbox, mono:factory, packman. I took the URL's that they were pointing to (some ending in "42.1" for LEAP) and plugged them into my browser. I went to the parent directory and saw the Tumbleweed version of the repo, and copied that URL. This is going to be the new URL for the repo. So, for example, packman had "http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Leap_42.1/" and when I plugged it into my browser, I navigated up to "http://ftp.gwdg.de/pub/linux/misc/packman/suse/" then copied the Tumbleweed repo "http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/".
I did this for all of my "extra" repos (google-chrome, and virtualbox would stay the same). I copied and pasted the new URL's into a text file for easy access later. Then I started through the steps in the document listed above. When I got done with step three, I added my custom repos with the same syntax "zypper ar -f -c http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/ packman". Then I went on to step five.
My only issues were of conflicting versions from various repositories. The easy way out, without tearing your hair out, is to just remove the installed package. Make note of it, and once you get an operational system, reinstall them if needed. For example, ffmpeg-2.8 (installed) was in conflict with ffmpeg-3.x, I just uninstalled 2.8 "zypper rm ffmpeg-2.8" and jotted it down for reinstallation later. Just get your system up and operational first, then deal with the minutiae later.

Thu, Feb. 9th, 2017, 06:48 pm
Enabling SSL Client Trust for TDI / IDI ... Simply

So you want to connect to that LDAP server via SSL, but don't know or can't make heads or tails of the IBM documentation? Here are a couple of easy steps that took me forever to figure out the right order and location.
First it's assumed that you have TDI V7.1.1 or higher. It's assumed that you're running the ibmditk on the same box as ibmdisrv. When you installed TDI, it asked to select a "Solutions" directory. Make sure you know where that is. If you don't know the default solutions directory go to the TDI_install_dir/bin and see "defaultSolDir.sh" for the contents. In my case it's: /opt/IBM/TDI/V7.1.1/bin/defaultSolDir.sh and the solutions directory is TDI_SOLDIR="/opt/IBM/TDI/solutions".

1) download the certificate from the LDAP (or whatever SSL) server you want to connect to. You can easily use a tool like Portecle to do an SSL connect to the server, and save the certificate as a PEM file. For our purposes "foo.pem".
2) start the ibmditk (TDI Console)
3) select "Keymanager"
3.1) open the solutions directory's jks file: /opt/IBM/TDI/solutions/serverapi/testadmin.jks
3.2) the password is "administrator"
3.3) select the dropdown to "signer certificate"
3.4) add the PEM certificate foo.pem
3.5) save the file with the same password, and click OK to overwrite.
4) In the TDI console under Servers, click "STOP Server", wait until it stops and Quit or Restart the TDI Console.
5) Start the TDI Console, and go to "Resources" -> "Connectors"
6) Add a connector for the SSL server you want to connect to. In our case an LDAP server on port 636 as SSL.
7) Fill out the appropriate information, and goto "Input Map" tab -> "Connect" on right.
8) DONE.

Now, I leave it up to the reader to then customize the jks file's password, location, etc. Warning... it's sticky to untangle internals client/server certs.

Sat, Nov. 26th, 2016, 07:41 pm
Python3 and MySQL on OpenSuSE 42.1

So this might be outdated now that 42.2 came out, but I am not ready to upgrade until they get the kinks out. This version is still heavily dependent on a python2 implementation, so if you want to do db development with python3, it's not going to work (afaik - corrections requested).
Best thing to do is to uninstall (if installed) the python-PyMySQL package.
sudo zypper rm python-PyMySQL
Then just use "pip" to install the Python3 version...
sudo pip search mysql
sudo pip install PyMySQL3

It might ask you to update the version or something of pip. I ended up doing so (outside of the zypper/rpm method - perhaps not wise).
Now when I do
user@host:~> python3
Python 3.4.5 (default, Jul 03 2016, 13:32:18) [GCC] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pymysql;
>>> conn = pymysql.connect(host='127.0.0.1', user='root', passwd=None, db='mysql');
>>> help ("pymysql")

Everything seems to work... well, at least no errors. I would like to have kept it down to packages ONLY for the software, but it was more important to be able to use ALL of my machines for this project instead of relying on Tumbleweed machines.

Fri, Nov. 25th, 2016, 07:19 am
MariaDB/MySQL not starting on OpenSuSE Tumbleweed

So, I ran into an issue where mysql server was not starting at all in Tumbleweed after upgrading from 42.1 to Tumbleweed. Apparently, I just had to chown /var/lib/mysql to mysql.mysql via "chown -R mysql.mysql /var/lib/mysql"

Tue, Nov. 15th, 2016, 05:36 pm
More Eclipse woes, switching to IntelliJ

So I started dabbling in the IntelliJ IDE. I am very impressed so far with their community edition. I would typically use Netbeans whenever possible, and Eclipse when it would run, but Netbeans dropped support for Python, and Eclipse started crapping out at libgtk.so.3 (See bug #1009882) and crashing all over the place on Tumbleweed, so I couldn't use PyDev on Eclipse. After kicking the tires with PyCharm (IntelliJ based IDE) I am very impressed! :) I might actually shell out a few pennies for this. I am going to see if work pays for it first.
They have a community version which is limited, and if you pay you can get "Ultimate" version. Check them out for a bit for Java IDE, Python IDE, and they even support PHP and other languages. It's one of the best IDE's yet.
Note: no, I don't work for them! ;)

Fri, Nov. 4th, 2016, 12:53 pm
Boot problems solved: Tumbleweed with Disk Encryption and Intel video during initrd

So when I installed Tumbleweed on the laptop, everything was working fine with my Skylake mainboard's video card (notably Leap 42.1 did NOT work at all with its Intel Corporation HD Graphics 520 (rev 07)). As soon as I encrypted my home partition, it seems to have stopped being able to boot up completely. It got through the initrd loading, then the screen blanked, and came back, then ... nothing it just sat there. Caps lock didn't work. So I changed the crypto settings to timeout after 15 seconds, and it booted just fine, except that the /home wasn't decrypted or mounted. I had to systemctl to mount the encrypted partition. Every once in a while, however, it would work, and I would get a plain text (in green plain text as a one liner) request on the center of the screen to type in the password.
I figured it was something to do with the initialization of the graphics driver during initrd phase.
So I ended up changing it from "silent=splash" to "silent=no" as a kernel parameter, and that did the trick. It boots every time now, and I can type in the password as normal. BTW, the boot splash screen never worked for me either. I used to get three question marks on the boot screen, with each lighting up (bright green instead of green) from left to right. On my desktop (again Intel) I would get a static image, but at least I knew that when I hit that screen I could type the password in (blind because there was NO password prompt) and it would continue - not on the laptop - not even capslock/numlock on the laptop.

Wed, May. 25th, 2016, 06:24 am
KF5 Steaming Pile that just keeps giving...

So an Evolution alarm went off, which initiated an xembed icon. Guess what? I can't click on it! Nothing happens! Just like the Java xembed. *sigh* KDE5 is still a big pile of poop for very simple stuff that keeps getting in your way to just "get your work done". I regret every day ever upgrading.

Mon, May. 16th, 2016, 08:48 pm
Creating non-journaled HFS+ filesystems

So, I am not quite sure when it happened, but the non-journaled Mac OS Extended (HFS+) is no longer an option in Disk Utility. The only option is Journaled HFS (encrypted and/or case-sensitive), MS-DOS, ExFAT. This is bad for me, because on Linux I can only read/write to non-journaled HFS+ (Journaled HFS+ is read-only) I wanted to use an external 1TB drive on linux and mac. So barring some kext driver that can read ext4/3/2, I had to pick HFS+.

The simple answer is to use the "diskutil" command line tool in Terminal as such:
[foo@bar ~]$ diskutil eraseDisk HFS+ GE128 /dev/disk2
Started erase on disk2
Unmounting disk
Creating the partition map
Waiting for the disks to reappear
Formatting disk2s1 as Mac OS Extended with name GE128
Initialized /dev/rdisk2s1 as a 122 MB case-insensitive HFS Plus volume
Mounting disk
Finished erase on disk2




Where GE128 is an arbitrary label, and /dev/disk2 is the disk in question. You don't have to unmount the drive when you run this command, it'll take care of that bit.

Also note that you can use the command line util to create journaled filesystems too, just change HFS+ with JHFS+ and many more filesystems. Use 'diskutil listFilesystems' to get a listing of those supported on your system, including its shortcut identifier as such:
[foo@bar ~]$ diskutil listFilesystems
Formattable file systems

These file system personalities can be used for erasing and partitioning.
When specifying a personality as a parameter to a verb, case is not considered.
Certain common aliases (also case-insensitive) are listed below as well.

-------------------------------------------------------------------------------
PERSONALITY                     USER VISIBLE NAME                               
-------------------------------------------------------------------------------
ExFAT                           ExFAT                                           
Free Space                      Free Space                                      
  (or) free
MS-DOS                          MS-DOS (FAT)                                    
MS-DOS FAT12                    MS-DOS (FAT12)                                  
MS-DOS FAT16                    MS-DOS (FAT16)                                  
MS-DOS FAT32                    MS-DOS (FAT32)                                  
  (or) fat32
HFS+                            Mac OS Extended                                 
Case-sensitive HFS+             Mac OS Extended (Case-sensitive)                
  (or) hfsx
Case-sensitive Journaled HFS+   Mac OS Extended (Case-sensitive, Journaled)     
  (or) jhfsx
Journaled HFS+                  Mac OS Extended (Journaled)                     
  (or) jhfs+

Tue, Apr. 12th, 2016, 08:58 am
Reclaiming your syslog from systemd!

So I figured this out a while ago, but as life is, been quite busy.

Rather simple with OpenSUSE. I just installed rsyslogd via zypper, and it asked me what to do. Should I uninstall systemd's console logging package and install rsyslogd or not install rsyslogd. I uninstalled systemd's console logging package.

Notably, it does not /stop/ logging certain console/dmesg items in the systemd journal. However, now you have var-log-messages etc back in plain text format, which is easier to deal with rather than trying to type with mittens!

Sat, Mar. 12th, 2016, 01:39 pm
KDESu / Sudo and Polkit Woes

So upon installing OpenSUSE (for KDE4!), I noticed that everything it wanted privileges to do (add/remove network connections, install apps, etc.) required "root" password even though I redirected kdesu to use sudo instead with "kwriteconfig --file kdesurc --group super-user-command --key super-user-command sudo". I also already tried to comment out the following:

#Defaults targetpw   # ask for the password of the target user i.e. root
#ALL    ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!

in my sudoers file. I wanted all KDE/gui password prompts to behave as it does on command line with "sudo".

I tested by opening a command-line and typing:


  • "sudo ls /root": worked! asked me for my password


  • "kdesu ls /root": worked! put up a different type of GUI pw prompt that came up when I tried to delete a network connection.


  • tried to delete a network connection: failed! It asked for root's password.


So then I noticed that on this particular dialog (the one that failed), there was something about polkit. Specifically "polkit-kde-authentication-agent-1". So that gave me another breadcrumb to search for on the net.

Long story short, after two days, delving into PolicyKit, what it does, and how it does it and the API... and it uses JavaScript(?!) in its configuration files... and there's no GUI to manage it, or even configure it... I found the answer.

Make a copy of 50-default.rules to 49-default.rules. Nullify 50-default.rules (not necessary, but I do this thanks to the other bastardized component - systemd). Edit the "[unix-user:root]" to "[unix-group:wheel]" (or whatever your /etc/sudoers has set as a group for elevated privileges). Please note you still have to set your user to be in that group (and logout/login).

Small rant: Next up - WHERE IS MY VAR LOG MESSAGES systemd? It works as plain text, now we need special tools to view the binary files. Next thing you know, they'll be using a binary registry like Windows... oh wait, yeah, Gnome's already doing that.

10 most recent