darkness

Reinstalled the firewall at work today. I thought it would only take two or three hours. Boy was I mistaken.

I crashed the RH8 installer two or three times while partitioning. I’m thinking this is because I opted to make a software RAID 1 array of my two IDE disks and then put LVM on top of that. The first time I wasn’t expecting it I answered all the installers questions, it went to format, and *boom* saying it couldn’t read the partition table. The second time I made something similar happen by switching between fdisk and Disk Druid. As it turns out, the installer wasn’t lying, and the kernel apparently couldn’t reread the partition table because “the disk is in use” or something like that. I eventually partitioned (two RAID 1 arrays, one for boot and one for LVM — you can’t put /boot on LVM), rebooted, then came in and actually mapped everything. The installer was happy once it didn’t have to partition.

The installer is nice, and it’s been changed a good bit from RH7.3. One nice thing that comes to mind is the package selection interface. It finally works well with the keyboard — as did the few other things I played with.

The install needed all three discs, though only a handful of packages from disc 3. What Red Hat now neglects to tell you is that — I think — discs 4 and 5 are like the SRPM disks of old. So you probably don’t need those last two ISOs if you’re in a time crunch.

So now I’ve installed, it worked, I reboot, and… no boot devices found, says the BIOS. I’m using a Promise FastTrak 66 on a Supermicro P6SBA (good, stable, BX chipset motherboard, if old and no-frills). That’s odd. Make sure SCSI is in boot device order; it is. Flash BIOS, but still no good. Turn on PCI IDE Busmastering or some such; no dice. Even explicitly tell the BIOS there is a PCI IDE controller (the option was there) and no booting. I did question whether RH marked the partition bootable, but a boot into rescue mode showed that it did. (BTW, the rescue disk did not correctly mount the system on LVM.) Then I plop the drives down on the on-board IDE, and they boot right up. Eventually I just stuck with this solution, even though on-board is only UDMA 33 or whatever. Note to self: stop trying to use Promise controllers because they suck, especially in Linux.

It finally boots, comes up fine (much to my surprise, I assure you). No sshd by default? That’s nonsense. service start sshd. Hm, already started? I have no idea what happened there. Turn off nfslock, portmap, xinetd. Ran redhat-config-network to set up some static routes, but I don’t think that worked right. I think it created two files with the routes, and they both got run, so ifup eth1 would give errors. I removed /etc/sysconfig/network-scripts/route.eth1 (IIRC) and it fixed this problem. BTW, static routes are hidden in the “Route” tab when you go to edit an interface. Usually I’d just make /etc/sysconfig/static-routes, but I get the feeling that is highly unsupported these days; no mention of it in /etc/sysconfig/network-scripts/*.

Sangoma doesn’t have a Wanpipe RPM for RH8.0 yet, which I need to get my Internet access back up. Naturally I forgot to download this before I reinstalled. So now I have to download it on my laptop. Their 7.3 RPM won’t work because the kernel doesn’t want to load modules compiled for 7.3’s 2.4.18-4 or whatever – apparently not because of the version, but because 8.0’s kernel has been built with gcc 3, and a gcc 3 kernel can’t load a gcc 2-compiled module. Fun! Then their Setup rpmbuild process doesn’t work to build me a new RPM, and as usual the RPM build process mysteriously exits. I can’t strace rpmbuild either because that magically fails early on in a brand new way. I love debugging RPM problems. Eventually I ended up installing the 7.3 RPM set for the tools and configuration files and manually placing the drivers I managed to get it to compile for my kernel in /lib/modules/2.4. I had to completely delete the modules that shipped with the 8.0 kernel, since even renaming them to things like wanpipe.o.old still got them loaded before my modules in /lib/modules/2.4. Bah. (I didn’t really delete them, but instead stashed them away in my home directory.) Oh, and don’t bother trying the latest stable Wanpipe with the drivers that come with the kernel, because they don’t work. Somehow it seems the kernel is always behind on Wanpipe drivers. At least Sangoma finally made them totally modular, so you can rebuild them without rebuilding your entire kernel.

I made a bunch of firewall rules, happy to be using iptables. I actually used my PIX-like iptables rule generating script, pipt, and it mostly worked. I had to tweak the output a bit, but I’ve since modified pipt to generate the rules correctly itself. (Really, I still think a bug lingers and I need to sprinkle some --m state --state NEW around liberally). My 100-odd-lines pipt input generated something like 40 rules I think. I’m kind of worried about performance, since there’s a couple of heavy-use rules at the bottom of the FORWARD chain, but we’ll see.

Now I need to get MRTG back up and running, and traffic shaping as well. What do we think the chances are that the RH 8.0 kernel comes with HTB already compiled in? Probably not bloody likely, but hopefully I can just build it as a module. Also need to get a Socks server set up.

This reminds me of a couple of things that are notably missing from RH 8.0. For starters, /usr/lib/rpm/cpanflute* is gone. You have to go get the RPM::Specfile package from CPAN for this script. I actually had to build RPM::Specfile, then use its cpanflute2 script to build a package for RPM::Specfile, then I installed that package. Nothing that’s not under package management, or neatly tucked away in its own directory, baby! Don’t forget to try the --noarch and --buildall options to the script. Note that its automatic noarch detection doesn’t seem to work… at all.

The links browser is now provided by the elinks package, which is supposedly “experimental links”. The metamail package is gone, as explicitly stated in the release notes; this is too bad, since TRAMP prefers to use mimencode and mimedecode (or is it mimdecode?) from that package. I’ve got it using uuencode and uudecode for now. There is no Socks5 proxy server included at all, which might be because there’s nothing under a suitable license. Honestly, though, I suspect Dante is. Indeed, an earlier version of Red Hat, perhaps 7.1, included Dante. Dante wouldn’t build on my install, either: instead I copied it over to a RH 7.2 box and built in there, and I presume it will work when I bring it back over to RH 8.0.

Oh, and before I forget, no more rpm -ba: now you must use rpmbuild -ba. Anytime you’re building a package or doing anything of that sort, it seems you must use rpmbuild instead of just rpm. I personally find this kind of annoying. Also, the release notes mention having to set LANG=C for some applications that don’t understand Unicode (I think?). man seems to be among those applications, either that or viewing man pages on my RH 7.2 gnome-terminal over ssh to my RH 8.0 box just magically breaks. Whatever the case, setting LANG=C fixed it.

A co-worker also tried to setup RH 8.0 on his desktop. When he changed to one of the themes that ship with RH 8.0 (I don’t remember which, GTK theme Redmond 95 I think?) Mozilla would die upon loading the default start page. He also had a couple other assorted problems, IIRC. Sounds like a typical RH .0 release (as opposed to .2, which is usually real stable).

As of right now the firewall seems to be horked up. I can’t create new SSH connections in to it, and of the two or three connections I had open they’re all locked upon trying to run a command. My guesses are (A) disk died, since it was making some occasional strange clicking; or (B) LVM horked. I don’t really want to Masterswitch it since I don’t remember if I did chkconfig wanrouter on, and the box probably needs to be reinstalled besides. I need to get my PIPT configuration of of there first, though, so it had better boot up long enough to get eth0 or the floppy working.

So now I’m going to get some breakfast then probably head in to work to do another reinstall. Oh, joy.