Discussion:
New Workstation (sort-of) Working
(too old to reply)
Jim Beard
2016-10-16 16:59:10 UTC
Permalink
New Workstation is assembled in its entirety, all internal SSD and HD are
connected, and the thing is working, sort of.

The monitor worked well in the brief period I was booted to W10. It goes
streaky when idle when using Mageia, but this is tolerable.

W10 boots from the EFI partition on the first ssd, and occupies about
half of the 250GB. The remaining half of this ssd is unallocated.

Mageia 5 boots from the EFI partition on the second ssd.

At the moment, when booting I have to hit DEL or F2 to get into the UEFI
BIOS, pick the ssd, dvd, or hd I want to boot from, and then hit F8 to
pick the exact source to boot from.

I think that grub2 can be set up to chainload W10, and the UEFI BIOS can
be set up to go first to the dvd and (if empty) then to the ssd grub2 is
on. This is not yet proven. I have tried to save boot order and
priority in the UEFI BIOS, but it is not doing what I expect. Further
experimenting and testing required.

With the new kernel 4.4.16-desktop-1.mga5 the new machine promptly went
to the 'Net and brought back the updates needed.

My attempt to set up nfs failed, and for a time the new workstation could
not talk to the router. This morning connectivity to the router is good.

One problem is that I set up a local network xxxxxxx:192.168.1.0/28.
xxxxxxx is the new equivalent of the old eth0 on the individual machine,
and that is put into the shorewall hosts file as "loc 192.168.1.0/28"

This allows 16 machines on the net, and with my machines, my wife's
multiple Apples, smart phone, and such the new workstation got a dynamic
ip of 20. I will have to find an unused slot on the router and assign a
static ip of 14 or less, or maybe increase the number of ip allowed on
the local net.

While looking at shorewall, I surfaced an area that gave me problems
before, and may be in error.

In my zones file, on one machine I have

loc ipv4
net ipv4
fw firewall

On another, only
net + detect

on my laptop,

fw firewall
loc ipv4
net ipv4

This cannot be right, as all should be the same. What is a "Parent"
network in shorewall speak? Does parent start with the firewall, then
the local network, and then subchild net ? I am confused, and
clarification would be appreciated.

fw is firewall, net is the net. loc is my local net, currently
192.168.1.0/28.

Cheers!

jim b.
--
UNIX is not user-unfriendly; it merely
expects users to be computer-friendly.
Jim Beard
2016-10-16 19:59:38 UTC
Permalink
Post by Jim Beard
New Workstation is assembled in its entirety, all internal SSD and HD
are connected, and the thing is working, sort of.
The monitor worked well in the brief period I was booted to W10. It
goes streaky when idle when using Mageia, but this is tolerable.
W10 boots from the EFI partition on the first ssd, and occupies about
half of the 250GB. The remaining half of this ssd is unallocated.
Mageia 5 boots from the EFI partition on the second ssd.
At the moment, when booting I have to hit DEL or F2 to get into the UEFI
BIOS, pick the ssd, dvd, or hd I want to boot from, and then hit F8 to
pick the exact source to boot from.
I think that grub2 can be set up to chainload W10, and the UEFI BIOS can
be set up to go first to the dvd and (if empty) then to the ssd grub2 is
on. This is not yet proven. I have tried to save boot order and
priority in the UEFI BIOS, but it is not doing what I expect. Further
experimenting and testing required.
With the new kernel 4.4.16-desktop-1.mga5 the new machine promptly went
to the 'Net and brought back the updates needed.
My attempt to set up nfs failed, and for a time the new workstation
could not talk to the router. This morning connectivity to the router
is good.
One problem is that I set up a local network xxxxxxx:192.168.1.0/28.
xxxxxxx is the new equivalent of the old eth0 on the individual machine,
and that is put into the shorewall hosts file as "loc 192.168.1.0/28"
This allows 16 machines on the net, and with my machines, my wife's
multiple Apples, smart phone, and such the new workstation got a dynamic
ip of 20. I will have to find an unused slot on the router and assign a
static ip of 14 or less, or maybe increase the number of ip allowed on
the local net.
While looking at shorewall, I surfaced an area that gave me problems
before, and may be in error.
In my zones file, on one machine I have
loc ipv4 net ipv4 fw firewall
On another, only net + detect
on my laptop,
fw firewall loc ipv4 net ipv4
This cannot be right, as all should be the same. What is a "Parent"
network in shorewall speak? Does parent start with the firewall, then
the local network, and then subchild net ? I am confused, and
clarification would be appreciated.
fw is firewall, net is the net. loc is my local net, currently
192.168.1.0/28.
A couple of quirks have turned up. The first ssd now shows up in MCC as
Windows in its entirety. My guess is booting to W10 led an automatic
claim on the unallocated space by MS. I will leave that until I know
enough to go into the W10 disk manager and try to cut the size back again.

A second quirk is that I put cheap speakers on the machine, that have a
usb cable and a head-phone like cable. I told rhythmbox where to find
music (fumbled around at that, but eventually rhythmbox found it), and
then plugged in the usb connector. No joy. I then plugged the other
cable into the audio ports in turn and on the top left it worked.
Rebooted the machine after freezing it up trying to configure workspace,
and sound no longer worked. I had noted a usb port 3 had been
disconnected, so I moved the head-phone-like plug around again, and the
bottom-middle port now delivers music.

Has anyone seen this?

Cheers!

jim b.
--
UNIX is not user-unfriendly; it merely
expects users to be computer-friendly.
Bit Twister
2016-10-16 23:20:57 UTC
Permalink
Post by Jim Beard
New Workstation is assembled in its entirety, all internal SSD and HD are
connected, and the thing is working, sort of.
The monitor worked well in the brief period I was booted to W10. It goes
streaky when idle when using Mageia, but this is tolerable.
Hopefully, setting Plug-in-play for monitor type and reboot will
smooth out that problem. Other wise disabling powersaving/idle in your
Desktop settings will reduce the problem.
Post by Jim Beard
W10 boots from the EFI partition on the first ssd, and occupies about
half of the 250GB. The remaining half of this ssd is unallocated.
Mageia 5 boots from the EFI partition on the second ssd.
I was wondering if mounting both EFI partitions and using rsync to
copy w10 efi to mga efi might help dual booting. Example as root:

blkid -s device -s LABEL
mkdir /w10_efi
mkdir /mga_efi
mount -t auto /dev/xyz /w10_efi
mount -t auto /dev/xyz /mga_efi
rsync -aAHSXxv /w10_efi/ /mga_efi
umount *efi

Now that everything is hardware cabled up, rebuild grub.cfg with the command
update-grub2

Theoretically at this point, you could change w10 EFI PARTITION UUID to
something else and mga EFI automagically becomes the master EFI partition.

I would have both soft and hard copy of
blkid | sort -V
output and verify that I could boot my systemrescuecd and knew how to
change PARTUUID back to original value.
Post by Jim Beard
My attempt to set up nfs failed,
Assuming mga5 installs on a client and server, as root, in an xterm on
both systems, run
journalctl -fa --no-pager
and attempt your mount to see what is going on.
Post by Jim Beard
One problem is that I set up a local network xxxxxxx:192.168.1.0/28.
xxxxxxx is the new equivalent of the old eth0 on the individual machine,
and that is put into the shorewall hosts file as "loc 192.168.1.0/28"
I have no idea why you do not want to not keep it simple. There is no need
for the hosts file modification. Did you read the indicated link in
the file. Read the first paragraph under Description.
http://www.shorewall.net/manpages/shorewall-hosts.html
Post by Jim Beard
This allows 16 machines on the net, and with my machines, my wife's
multiple Apples, smart phone, and such the new workstation got a dynamic
ip of 20. I will have to find an unused slot on the router and assign a
static ip of 14 or less,
I like to run with the KISS methodology. Every device on my LAN network
has a static ip address.
Post by Jim Beard
or maybe increase the number of ip allowed on
the local net.
All my devices use ip addresses 100 and up. Less than 100 are for guests.
Post by Jim Beard
While looking at shorewall, I surfaced an area that gave me problems
before, and may be in error.
In my zones file, on one machine I have
loc ipv4
net ipv4
fw firewall
On another, only
net + detect
on my laptop,
fw firewall
loc ipv4
net ipv4
This cannot be right, as all should be the same.
Hehehehe, if not "right" how can they be working. :)

Based on the answers provided during firewall setup on install I have
# grep -v '\#' zones
loc ipv4
wls ipv4
net ipv4
fw firewall

My shorewall_changes script added the wireless entry when executed on my web
browsing node with wireless hardware.
Post by Jim Beard
What is a "Parent"
network in shorewall speak? Does parent start with the firewall, then
the local network, and then subchild net ? I am confused, and
clarification would be appreciated.
Would not hurt for you to provide the url/section to give a subject
matter expert a crumb to work with. :(
Post by Jim Beard
fw is firewall, net is the net. loc is my local net, currently
192.168.1.0/28.
You seem to ignore suggestions to use /somewhere/app.conf.d so the
following is for any lurkers.

You may find it handy to use the params file in /etc/shorewall.
That allows you to use variables in files like rules.
It also comes in handy when you script changes to other files like
/etc/hosts.allow.

It makes it easier for me to read my rules file. Some snippets of
params and rules follow:

cat /etc/params


# Modified by /local/bin/shorewall_changes Sun 31 Jul 16:09 2016
#
ISP_SEG=192.168.1 # ISP router segment
LAN_SEG=192.168.11 # lan segment
LAN_NODES=${LAN_SEG}.100,${LAN_SEG}.200,${LAN_SEG}.132,${LAN_SEG}.140
MTV_IP=${LAN_SEG}.200 # used in shorewall_changes rules
WB_IP=${LAN_SEG}.132 # used in shorewall_changes, rules, hostx_changes
TB_IP=${LAN_SEG}.100 # used in shorewall_changes, rules, hostx_changes
GUESTS_IP=96.231.29.231 # Thomas Dickey
DHCPSERVERS=10.5.0.1 # used by /locl/bin/lease
SPA_LAN_SEG=192.168.15
SPA_LAN_IP=${SPA_LAN_SEG}.135 # used in day_one_install, ifcfg-enp4s0
SPA_WAN_SEG=${LAN_SEG} # used in hostx_changes, /etc/hosts.allow
SPA_WAN_IP=${SPA_WAN_SEG}.135 # used in day_one_install, ifcfg-enp4s0
WEB_CAM1_IP=${LAN_SEG}.198 # used in shorewall_changes, rules
WEB_CAM2_IP=${LAN_SEG}.197 # used in shorewall_changes, rules
WEB_CAM3_IP=${LAN_SEG}.196 # used in shorewall_changes, rules
WEB_CAM4_IP=${LAN_SEG}.195 # used in shorewall_changes, rules
GATEWAYIP=192.168.11.1 # used by /locl/bin/lease
NET_BCAST=255.255.255.255 # /tmp/dhcp.env
VBOX_GUEST_RANGE=10.0.2 # VirtualBox guest ip range
HDHOMERUN_DOMAIN=tuners.test # hdhomerun domain
HDHOMERUN_SEG=169.254.1 # hdhomerun network tv tuner ip range
HDHOMERUN1_IP=${HDHOMERUN_SEG}.26 # hdhomerun 1
HDHOMERUN2_IP=${HDHOMERUN_SEG}.27 # hdhomerun 2
HDHOMERUN3_IP=${HDHOMERUN_SEG}.28 # hdhomerun 3
HDHOMERUN4_IP=${HDHOMERUN_SEG}.29 # hdhomerun 4
HDHOMERUN5_IP=${HDHOMERUN_SEG}.30 # hdhomerun 5
NET_OPTIONS=routefilter,tcpflags,logmartians,nosmurfs # used in/interfaces
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

cat /etc/shorewall/rules

# Modified by /local/bin/shorewall_changes Sun 31 Jul 16:09 2016
#

# ekiga incomming SIP VoIP, Windows Messenger ports
# If behind NAT router, http://wiki.ekiga.org/index.php/Ekiga_behind_a_NAT_router
ACCEPT $FW net udp 5000:5100
ACCEPT net $FW udp 5000:5100

# ekiga incomming H.323, Netmeeting ports
ACCEPT net $FW tcp 1720
ACCEPT $FW net tcp 1720

# ekiga RTP
ACCEPT $FW net udp 7070
ACCEPT $FW net udp 16382
ACCEPT net $FW udp 30000:30010
ACCEPT $FW net udp 30000:30010

# ekiga UDP Through NAT (STUN) ports
ACCEPT $FW net udp 3478:3479
ACCEPT net $FW udp 3478:3479

#
ACCEPT net:$HDHOMERUN1_IP all all
ACCEPT net:$HDHOMERUN2_IP all all
ACCEPT net:$HDHOMERUN3_IP all all
ACCEPT net:$HDHOMERUN4_IP all all
ACCEPT net:$MTV_IP all all
ACCEPT net:$CHRIS_IP all tcp ssh
ACCEPT net:$GUESTS_IP all tcp ssh
ACCEPT net:$LAN_NODES all all
ACCEPT net:$WB_IP all all
# Allow webcam dns lookups
ACCEPT net:$SPA_WAN_IP all all
ACCEPT net:$WEB_CAM1_IP all udp 53
ACCEPT net:$WEB_CAM2_IP all udp 53
ACCEPT net:$WEB_CAM3_IP all udp 53
ACCEPT net:$WEB_CAM4_IP all udp 53
#LAST LINE -- DO NOT REMOVE
Jim Beard
2016-10-17 01:50:29 UTC
Permalink
Post by Jim Beard
New Workstation is assembled in its entirety, all internal SSD and HD
are connected, and the thing is working, sort of.
The monitor worked well in the brief period I was booted to W10. It
goes streaky when idle when using Mageia, but this is tolerable.
Hopefully, setting Plug-in-play for monitor type and reboot will smooth
out that problem. Other wise disabling powersaving/idle in your Desktop
settings will reduce the problem.
Setting Plug-n-play resulted in the monitor being identified as an
S24D300, which is close to the exact S24D300HL model number, but the
brief patches of horizontal streaking lines continue. I turned off all
the powersaving features I could find, to no effect so far as I can tell.
Post by Jim Beard
W10 boots from the EFI partition on the first ssd, and occupies about
half of the 250GB. The remaining half of this ssd is unallocated.
This may be untrue. MCC sees the entire first SSD as Windows, so booting
W10 may have resulted in it claiming the unallocated space. I will
ignore this for the moment, and perhaps learn to use MS disk tools to
shrink that partition back down.
Post by Jim Beard
Mageia 5 boots from the EFI partition on the second ssd.
I was wondering if mounting both EFI partitions and using rsync to copy
blkid -s device -s LABEL
mkdir /w10_efi
mkdir /mga_efi
mount -t auto /dev/xyz /w10_efi
mount -t auto /dev/xyz /mga_efi
rsync -aAHSXxv /w10_efi/ /mga_efi umount *efi

I had a similar thought, though not detailed as your's is. For the
moment, I think grub2 can assume the role of master bootloader for both
itself on Mageia, and for W10 via a chainload approach.

If chainloading will work, I do not have to mess with the MS EFI partion
at all, which is an idea I like.
Now that everything is hardware cabled up, rebuild grub.cfg with the command
update-grub2
That strikes me as a good idea. I think I will do that, and reboot the
machine. If all goes south, I will return and mention it in this
missive, and then break out the bottle of Scotch and ignore the computer
for a while.

All went well, with this. The Grub 2 screen came up with Mageia as one
option and Options on a second line, and when I clicked on the Options
line I was given a choice of which kernel to boot and whether to boot
normal or in failsafe mode.
Theoretically at this point, you could change w10 EFI PARTITION UUID to
something else and mga EFI automagically becomes the master EFI partition.
I would have both soft and hard copy of
blkid | sort -V
output and verify that I could boot my systemrescuecd and knew how to
change PARTUUID back to original value.
Post by Jim Beard
My attempt to set up nfs failed,
Assuming mga5 installs on a client and server, as root, in an xterm on
both systems, run
journalctl -fa --no-pager
and attempt your mount to see what is going on.
I relocated the new workstation to 192.168.1.9 and nfs is now working.

I am now thinking about converting my current backup machine to headless
and moving it out of the way but still connected to the router, moving my
current main machine to the desktop where the backup is sitting, moving
the new machine to my computer hutch, and then hooking up the laser
printer to the new workstation and start the serious work of configuring
everything in the new workstation and copying over whatever I want from
the current main and backup machines via nfs.

I have never set up or used a headless machine. Suggestions welcome.
I will likely need to be able to change permissions on files on the
headless, and some will be owned by root, so rw capability and Root
authority may be needed.
Post by Jim Beard
One problem is that I set up a local network xxxxxxx:192.168.1.0/28.
xxxxxxx is the new equivalent of the old eth0 on the individual
machine, and that is put into the shorewall hosts file as "loc
192.168.1.0/28"
I have no idea why you do not want to not keep it simple. There is no
need for the hosts file modification. Did you read the indicated link in
the file. Read the first paragraph under Description.
http://www.shorewall.net/manpages/shorewall-hosts.html
To quote from the page cited,

"The only time that you need this file is when you have more than one
zone connected through a single interface."

I have one interface, that I wish to use for communication to the 'Net
and for communication to my other desktop(s) and laptop within my home.
To me, that looks like two zones connected through a single interface.

One zone the net. One zone the local lan. As mentioned, I choked down
the size of my home lan to 14 IP addresses (/28 minus the first and last
IP that cannot be used for machines).
Post by Jim Beard
This allows 16 machines on the net, and with my machines, my wife's
multiple Apples, smart phone, and such the new workstation got a
dynamic ip of 20. I will have to find an unused slot on the router and
assign a static ip of 14 or less,
I like to run with the KISS methodology. Every device on my LAN network
has a static ip address.
I favor that, but my wife dislikes me tinkering with her machines, even
for assigning or controlling the ip address. (For years she had only
Apples, but then she tried a cheapie Microsloth machine since junked and
currently has an android phone--still predominately Apple). If I have
Linux, she will have Apple, and never shall I meet with the latter except
when one of her machines does not work. Then I get called in.
Post by Jim Beard
or maybe increase the number of ip allowed on the local net.
All my devices use ip addresses 100 and up. Less than 100 are for guests.
Post by Jim Beard
While looking at shorewall, I surfaced an area that gave me problems
before, and may be in error.
In my zones file, on one machine I have
loc ipv4
net ipv4
fw firewall
Post by Jim Beard
On another, only
net + detect
Post by Jim Beard
on my laptop,
fw firewall
loc ipv4
net ipv4
Post by Jim Beard
This cannot be right, as all should be the same.
Hehehehe, if not "right" how can they be working. :)
They let traffic through, but if I wanted unrestricted flow of traffic a
firewall would not be needed.
Based on the answers provided during firewall setup on install I have #
grep -v '\#' zones
loc ipv4
wls ipv4
net ipv4
fw firewall

I have one zones file that looks like your's above, except the wls ipv4
line is missing.

I think I will duplicate that on my machines other than a laptop, restart
shorewall on all, and if needed systemctl restart network a time or two
on any machine not able to communicate with the others changed, the
router, or the net.

The laptop will be my fallback, if all goes fubar and I need access to
the net. If they work, I change the laptop as well.
My shorewall_changes script added the wireless entry when executed on my
web browsing node with wireless hardware.
Post by Jim Beard
What is a "Parent"
network in shorewall speak? Does parent start with the firewall, then
the local network, and then subchild net ? I am confused, and
clarification would be appreciated.
Would not hurt for you to provide the url/section to give a subject
matter expert a crumb to work with. :(
man shorewall-zones was my source of the term "parent."
The term "parent" also appears in this page,

http://www.shorewall.net/manpages/shorewall-zones.html
Post by Jim Beard
fw is firewall, net is the net. loc is my local net, currently
192.168.1.0/28.
You seem to ignore suggestions to use /somewhere/app.conf.d so the
following is for any lurkers.
If I knew what /somewhere/app.conf.d was, or could find it with locate, I
might try to do something with it, if I knew how to format entries in
files under app.conf.d. I used locate to look for conf.d, and found
nothing that looked interesting. Perhaps I overlooked it, or did not
recognize it.
You may find it handy to use the params file in /etc/shorewall.
That allows you to use variables in files like rules.
It also comes in handy when you script changes to other files like
/etc/hosts.allow.
It makes it easier for me to read my rules file. Some snippets of params
cat /etc/params
Using pan for the reply, your examples were scrambled to unreadable.
They are in your earlier post, so I have omitted them.

Cheers!

jim b.
--
UNIX is not user-unfriendly; it merely
expects users to be computer-friendly.
Bit Twister
2016-10-17 03:19:54 UTC
Permalink
Post by Jim Beard
Hopefully, setting Plug-in-play for monitor type and reboot will smooth
out that problem. Other wise disabling powersaving/idle in your Desktop
settings will reduce the problem.
Setting Plug-n-play resulted in the monitor being identified as an
S24D300, which is close to the exact S24D300HL model number, but the
brief patches of horizontal streaking lines continue. I turned off all
the powersaving features I could find, to no effect so far as I can tell.
From your previous symptoms I was thinking lost sync was when your
Desktop Environment attempted to blank or power it down.
Post by Jim Beard
Post by Jim Beard
Mageia 5 boots from the EFI partition on the second ssd.
I was wondering if mounting both EFI partitions and using rsync to copy
blkid -s device -s LABEL
mkdir /w10_efi
mkdir /mga_efi
mount -t auto /dev/xyz /w10_efi
mount -t auto /dev/xyz /mga_efi
rsync -aAHSXxv /w10_efi/ /mga_efi umount *efi
I had a similar thought, though not detailed as your's is. For the
moment, I think grub2 can assume the role of master bootloader for both
itself on Mageia, and for W10 via a chainload approach.
If chainloading will work, I do not have to mess with the MS EFI partion
at all, which is an idea I like.
Now that everything is hardware cabled up, rebuild grub.cfg with the command
update-grub2
That strikes me as a good idea. I think I will do that, and reboot the
machine. If all goes south, I will return and mention it in this
missive, and then break out the bottle of Scotch and ignore the computer
for a while.
All went well, with this. The Grub 2 screen came up with Mageia as one
option and Options on a second line, and when I clicked on the Options
line I was given a choice of which kernel to boot and whether to boot
normal or in failsafe mode.
Well that bites. I had hoped update-grub2 would automagically add a
win10 choice. I still would copy win10 efi into mga efi and run
update-grub2 again.

If that does not work then create a script over in /etc/grub.d to
generate your chain load stanza.
Post by Jim Beard
I relocated the new workstation to 192.168.1.9 and nfs is now working.
And there is where the magic of hard coding ip address and a good
/etc/hosts file makes that all seamless.
Post by Jim Beard
I am now thinking about converting my current backup machine to headless
and moving it out of the way but still connected to the router, moving my
current main machine to the desktop where the backup is sitting, moving
the new machine to my computer hutch, and then hooking up the laser
printer to the new workstation and start the serious work of configuring
everything in the new workstation and copying over whatever I want from
the current main and backup machines via nfs.
I have never set up or used a headless machine. Suggestions welcome.
I will likely need to be able to change permissions on files on the
headless, and some will be owned by root, so rw capability and Root
authority may be needed.
Offhand my assumption thinks you plan to manage it via nfs. That would
not be the best method in my opinion.

Personally I use ssh as remote access to any of my nodes.
I have a xroot script that figures out if it needs to use sudo or ssh
based on the target node.

That way I click my xroot desktop shortcut for sudo local access or run
xroot mtv to get an xterm root prompt over on my MythTv node.
The script changes colors for different nodes.
Post by Jim Beard
I have no idea why you do not want to not keep it simple. There is no
need for the hosts file modification. Did you read the indicated link in
the file. Read the first paragraph under Description.
http://www.shorewall.net/manpages/shorewall-hosts.html
To quote from the page cited,
"The only time that you need this file is when you have more than one
zone connected through a single interface."
I have one interface, that I wish to use for communication to the 'Net
and for communication to my other desktop(s) and laptop within my home.
To me, that looks like two zones connected through a single interface.
Ok I see how you would think it is a requirement.
It is not required in your setup.
Post by Jim Beard
I like to run with the KISS methodology. Every device on my LAN network
has a static ip address.
I favor that, but my wife dislikes me tinkering with her machines, even
for assigning or controlling the ip address. (For years she had only
Apples, but then she tried a cheapie Microsloth machine since junked and
currently has an android phone--still predominately Apple). If I have
Linux, she will have Apple, and never shall I meet with the latter except
when one of her machines does not work. Then I get called in.
Ok, assign static ip addresses to linux boxes and give her node a
hosts file to find them.
Post by Jim Beard
Post by Jim Beard
This cannot be right, as all should be the same.
Hehehehe, if not "right" how can they be working. :)
They let traffic through, but if I wanted unrestricted flow of traffic a
firewall would not be needed.
Ok, your basic zone file tends to limit those zones to what protocol
is used in each zone. The detect might latch onto an ipv6 address and
cause you a fair amount of time troubleshooting lost connectivity.
Post by Jim Beard
Based on the answers provided during firewall setup on install I have #
grep -v '\#' zones
loc ipv4
wls ipv4
net ipv4
fw firewall
I have one zones file that looks like your's above, except the wls ipv4
line is missing.
I think I will duplicate that on my machines other than a laptop,
If laptop does not leave the house, I would have it match the server's zone.
If labtop is used somewhere else, detect would allow it to connect to
ipv6 or ipv4 as needed.
Post by Jim Beard
You seem to ignore suggestions to use /somewhere/app.conf.d so the
following is for any lurkers.
If I knew what /somewhere/app.conf.d was,
That is whatever app is of interest.
Post by Jim Beard
or could find it with locate,
Generally speaking, they would only show up when you create them.
On Mageia 6 (Cauldron) I have noticed a few applications using the feature.

Check for yourself run
locate \.d/ | grep -v /src
Post by Jim Beard
I might try to do something with it, if I knew how to format entries
in files under app.conf.d.
It will usually be the same format as found in the vendor supplied
configuration file. Always check the man page. Some apps want .conf as
the file name type. systemd-network wants .network. nfs wants .exports
Post by Jim Beard
I used locate to look for conf.d, and found
nothing that looked interesting.
It may not be a "conf.d" directory. Just depends on the app.
Post by Jim Beard
cat /etc/params
Using pan for the reply, your examples were scrambled to unreadable.
Well, if I used pan, I sure as hell would configure it to NOT reformat
posts.

For anyone using .d/ configuration/scripts I can recommend using a tag
in the file name to make hunting for them easier. Maybe you might also
want to add the app name.

Examples:
$ locate /xx__
/accounts/bittwister/local/work/xx_kf5.sh
/etc/X11/xinit.d/xx_x11_local_env.sh
/etc/X11/xorg.conf.d/xx__screen.conf
/etc/conf.d/xx__wireless-chris
/etc/conf.d/xx__wireless-fios
/etc/conf.d/xx__wireless-netgear
/etc/dovecot/conf.d/xx__dovecot.conf
/etc/exports.d/xx__exports.exports
/etc/my.cnf.d/xx__my.cnf
/etc/profile.d/xx__local.sh
/etc/sensors.d/xx__lm_sensor.conf
/etc/stunnel/conf.d/xx__stunnel.conf
/etc/sysctl.d/xx__sysctl.conf
/etc/systemd/system/mysqld.service.d/xx__local.conf
/etc/systemd/system/named.service.d/xx__local.conf
/etc/systemd/system/stunnel.service.d/xx__local.conf

Some directories like a number at the start of the file name in order
to control execution order.

Examples using my tag:
$ locate _xx__
/etc/grub.d/10a_label_xx__grub
/etc/grub.d/10a_linux_xx__grub
/etc/grub.d/20a_Network_install_xx__grub
/etc/grub.d/20b_rescue_cd_xx__grub
/etc/grub.d/20c_boot_iso_xx__grub
/etc/grub.d/30a_os-prober_xx__grub
/etc/modprobe.d/20_xx__custom.conf
/etc/systemd/network/12_xx__enp4s0.network
/etc/systemd/network/12_xx__wlp2s0.network
/usr/lib/systemd/network/10_xx__enp3s0.network
/usr/lib/systemd/network/11_xx__enp4s0.network
/usr/lib/systemd/network/12_xx__wlp2s0.network

Lets look at my nfs exports file.
$ cat /etc/exports.d/xx__exports.exports
#****** /etc/exports.d/xx__exports.exports *********************
#
# Created by /local/bin/export_changes Sun 31 Jul 16:47 2016
#
# / tb(no_root_squash,sync,no_subtree_check,rw)
# /accounts tb(no_root_squash,sync,no_subtree_check,rw)
# /local tb(no_root_squash,sync,no_subtree_check,rw)
# /misc tb(no_root_squash,sync,no_subtree_check,rw)
/spare tb(no_root_squash,sync,no_subtree_check,rw)
#
# After changing this file
# systemctl restart nfs-server.service
#
#****** end /etc/exports.d/xx__exports.exports ******************

As you can see, I used the export syntax and get to use node names
from my /etc/hosts file:
$ grep ' tb' /etc/hosts
192.168.11.100 tb.home.test tb
which allows me to change /etc/hosts tb ip address, scp the hosts file to
all my nodes and magically I do not have to modify any exports file.



For some conf files, you are required to have section names. mysql example:

$ cat /etc/my.cnf.d/xx__my.cnf
# Created by /local/bin/xx_cnf_changes Thu 14 Jul 03:46 2016
# https://mariadb.com/kb/en/mariadb/documentation/plugins/feedback-plugin/
# http://mariadb.org/feedback_plugin/

[mysqld]
skip-networking=false
bind-address=192.168.11.200

#********************** end of /etc/my.cnf.d/xx__my.cnf ******************
Jim Beard
2016-10-17 18:09:30 UTC
Permalink
Post by Bit Twister
Post by Jim Beard
Post by Bit Twister
Hopefully, setting Plug-in-play for monitor type and reboot will
smooth out that problem. Other wise disabling powersaving/idle in your
Desktop settings will reduce the problem.
Setting Plug-n-play resulted in the monitor being identified as an
S24D300, which is close to the exact S24D300HL model number, but the
brief patches of horizontal streaking lines continue. I turned off all
the powersaving features I could find, to no effect so far as I can tell.
From your previous symptoms I was thinking lost sync was when your
Desktop Environment attempted to blank or power it down.
the loss of sync or whatever it is results from a refresh, rather than a
blank or power down. It is an annoyance, but tolerable. It stablizes in
a few seconds, and then is fine for a time.
Post by Bit Twister
Post by Jim Beard
Post by Bit Twister
Post by Jim Beard
Mageia 5 boots from the EFI partition on the second ssd.
I was wondering if mounting both EFI partitions and using rsync to
blkid -s device -s LABEL
mkdir /w10_efi mkdir /mga_efi mount -t auto /dev/xyz /w10_efi mount -t
auto /dev/xyz /mga_efi rsync -aAHSXxv /w10_efi/ /mga_efi umount *efi
I had a similar thought, though not detailed as your's is. For the
moment, I think grub2 can assume the role of master bootloader for both
itself on Mageia, and for W10 via a chainload approach.
If chainloading will work, I do not have to mess with the MS EFI
partion at all, which is an idea I like.
Post by Bit Twister
Now that everything is hardware cabled up, rebuild grub.cfg with the command
update-grub2
That strikes me as a good idea. I think I will do that, and reboot the
machine. If all goes south, I will return and mention it in this
missive, and then break out the bottle of Scotch and ignore the
computer for a while.
All went well, with this. The Grub 2 screen came up with Mageia as one
option and Options on a second line, and when I clicked on the Options
line I was given a choice of which kernel to boot and whether to boot
normal or in failsafe mode.
Well that bites. I had hoped update-grub2 would automagically add a
win10 choice. I still would copy win10 efi into mga efi and run
update-grub2 again.
Well, my problems are proliferating. I tried going into MCC to mount the
Winblows disk ssd EFI partition, and the only thing MCC will allow me to
work with is the Linux ssd disk. The W10 ssd and both WD hard drives are
grayed out.

Then, I used lsblk to get the partition names and mounted the W10 EFI on /
mnt. I then used rsync -av to copy the contents of the W10 boot
partition (Boot and Microsoft) to /boot/EFI, ran update-grub2, and had
the Linux choices but no Microsoft. I next did a mv B* M* /boot/EFI/EFI
to put Boot and Microsoft in the EFI directory with mageia that holds the
Mageia5 uefi boot, ran update-grub2, and tried that, but still no joy.
Post by Bit Twister
If that does not work then create a script over in /etc/grub.d to
generate your chain load stanza.
I will have to do more reading on grub2 and creation of its stanzas.
I will leave that for later.
Post by Bit Twister
Post by Jim Beard
I relocated the new workstation to 192.168.1.9 and nfs is now working.
And there is where the magic of hard coding ip address and a good
/etc/hosts file makes that all seamless.
Post by Jim Beard
I am now thinking about converting my current backup machine to
headless and moving it out of the way but still connected to the
router, moving my current main machine to the desktop where the backup
is sitting, moving the new machine to my computer hutch, and then
hooking up the laser printer to the new workstation and start the
serious work of configuring everything in the new workstation and
copying over whatever I want from the current main and backup machines
via nfs.
I have never set up or used a headless machine. Suggestions welcome.
I will likely need to be able to change permissions on files on the
headless, and some will be owned by root, so rw capability and Root
authority may be needed.
Offhand my assumption thinks you plan to manage it via nfs. That would
not be the best method in my opinion.
Personally I use ssh as remote access to any of my nodes.
I have a xroot script that figures out if it needs to use sudo or ssh
based on the target node.
That way I click my xroot desktop shortcut for sudo local access or run
xroot mtv to get an xterm root prompt over on my MythTv node.
The script changes colors for different nodes.
Post by Jim Beard
Post by Bit Twister
I have no idea why you do not want to not keep it simple. There is no
need for the hosts file modification. Did you read the indicated link
in the file. Read the first paragraph under Description.
http://www.shorewall.net/manpages/shorewall-hosts.html
To quote from the page cited,
"The only time that you need this file is when you have more than one
zone connected through a single interface."
I have one interface, that I wish to use for communication to the 'Net
and for communication to my other desktop(s) and laptop within my home.
To me, that looks like two zones connected through a single interface.
Ok I see how you would think it is a requirement.
It is not required in your setup.
I can see where it would not be necessary, but it does allow me to
restrict the size of the lan, currently /28 or 14 machines. I think I
will leave things as they are for the moment, but later delete the local
network loc.
Post by Bit Twister
Post by Jim Beard
Post by Bit Twister
I like to run with the KISS methodology. Every device on my LAN
network has a static ip address.
I favor that, but my wife dislikes me tinkering with her machines, even
for assigning or controlling the ip address. (For years she had only
Apples, but then she tried a cheapie Microsloth machine since junked
and currently has an android phone--still predominately Apple). If I
have Linux, she will have Apple, and never shall I meet with the latter
except when one of her machines does not work. Then I get called in.
Ok, assign static ip addresses to linux boxes and give her node a hosts
file to find them.
Post by Jim Beard
Post by Bit Twister
Post by Jim Beard
This cannot be right, as all should be the same.
Hehehehe, if not "right" how can they be working. :)
They let traffic through, but if I wanted unrestricted flow of traffic
a firewall would not be needed.
Ok, your basic zone file tends to limit those zones to what protocol is
used in each zone. The detect might latch onto an ipv6 address and cause
you a fair amount of time troubleshooting lost connectivity.
Post by Jim Beard
Post by Bit Twister
Based on the answers provided during firewall setup on install I have
# grep -v '\#' zones
loc ipv4 wls ipv4 net ipv4 fw firewall
I have one zones file that looks like your's above, except the wls ipv4
line is missing.
I think I will duplicate that on my machines other than a laptop,
If laptop does not leave the house, I would have it match the server's zone.
If labtop is used somewhere else, detect would allow it to connect to
ipv6 or ipv4 as needed.
Post by Jim Beard
Post by Bit Twister
You seem to ignore suggestions to use /somewhere/app.conf.d so the
following is for any lurkers.
If I knew what /somewhere/app.conf.d was,
That is whatever app is of interest.
Post by Jim Beard
or could find it with locate,
Generally speaking, they would only show up when you create them.
On Mageia 6 (Cauldron) I have noticed a few applications using the feature.
Check for yourself run
locate \.d/ | grep -v /src
Post by Jim Beard
I might try to do something with it, if I knew how to format entries in
files under app.conf.d.
It will usually be the same format as found in the vendor supplied
configuration file. Always check the man page. Some apps want .conf as
the file name type. systemd-network wants .network. nfs wants .exports
This is getting into areas where my ignorance leaves me baffled. I need
to learn a bit more before even trying to ask a question.

For the moment, I need to reorganize the layout of my computer room/
study, move computers around, decide what I need to keep from my old
backup machine and move that over by nfs to the new machine.

Inability to use MCC to play with partitions other than sda will
complicate matters, but gparted should work. My Laserjet Pro would not
install on the new workstation, and hplip/HP website says it has Smart
Install that must be disabled. I rebooted to W10 and installed it there,
thinking that would disable the Smart Install feature. The Laserjet
works under W10 but I still cannot install it on Mageia.

Before I started playing with hplip, I had everything installed but the
correct driver. While trying to find a usable driver, I found the proper
driver for the machine now is available. And that is when the problems
started. I cannot even get back to undo and start fresh.

Basically, I have much tinkering and experimenting to do, in addition to
rearranging all boxes and moving backup stuff around. It may be a while
before I return. Or it may be soon, if I have a question that vexes me
an I think someone else may have a known answer.

Cheers!

jim b.
--
UNIX is not user-unfriendly; it merely
expects users to be computer-friendly.
Bobbie Sellers
2016-10-17 18:31:21 UTC
Permalink
Post by Jim Beard
Post by Bit Twister
Post by Jim Beard
Post by Bit Twister
Hopefully, setting Plug-in-play for monitor type and reboot will
smooth out that problem. Other wise disabling powersaving/idle in your
Desktop settings will reduce the problem.
Setting Plug-n-play resulted in the monitor being identified as an
S24D300, which is close to the exact S24D300HL model number, but the
brief patches of horizontal streaking lines continue. I turned off all
the powersaving features I could find, to no effect so far as I can tell.
From your previous symptoms I was thinking lost sync was when your
Desktop Environment attempted to blank or power it down.
the loss of sync or whatever it is results from a refresh, rather than a
blank or power down. It is an annoyance, but tolerable. It stablizes in
a few seconds, and then is fine for a time.
Post by Bit Twister
Post by Jim Beard
Post by Bit Twister
Post by Jim Beard
Mageia 5 boots from the EFI partition on the second ssd.
I was wondering if mounting both EFI partitions and using rsync to
blkid -s device -s LABEL
mkdir /w10_efi mkdir /mga_efi mount -t auto /dev/xyz /w10_efi mount -t
auto /dev/xyz /mga_efi rsync -aAHSXxv /w10_efi/ /mga_efi umount *efi
I had a similar thought, though not detailed as your's is. For the
moment, I think grub2 can assume the role of master bootloader for both
itself on Mageia, and for W10 via a chainload approach.
If chainloading will work, I do not have to mess with the MS EFI
partion at all, which is an idea I like.
Post by Bit Twister
Now that everything is hardware cabled up, rebuild grub.cfg with the command
update-grub2
That strikes me as a good idea. I think I will do that, and reboot the
machine. If all goes south, I will return and mention it in this
missive, and then break out the bottle of Scotch and ignore the
computer for a while.
All went well, with this. The Grub 2 screen came up with Mageia as one
option and Options on a second line, and when I clicked on the Options
line I was given a choice of which kernel to boot and whether to boot
normal or in failsafe mode.
Well that bites. I had hoped update-grub2 would automagically add a
win10 choice. I still would copy win10 efi into mga efi and run
update-grub2 again.
"i thusly informed you that two /efi partitions would cause
machine confusion". Sorry I cannot get you to pay attention.
Post by Jim Beard
Well, my problems are proliferating. I tried going into MCC to mount the
Winblows disk ssd EFI partition, and the only thing MCC will allow me to
work with is the Linux ssd disk. The W10 ssd and both WD hard drives are
grayed out.
We have been telling you to use gparted for months now.
Post by Jim Beard
Then, I used lsblk to get the partition names and mounted the W10 EFI on /
mnt. I then used rsync -av to copy the contents of the W10 boot
partition (Boot and Microsoft) to /boot/EFI, ran update-grub2, and had
the Linux choices but no Microsoft. I next did a mv B* M* /boot/EFI/EFI
to put Boot and Microsoft in the EFI directory with mageia that holds the
Mageia5 uefi boot, ran update-grub2, and tried that, but still no joy.
Post by Bit Twister
If that does not work then create a script over in /etc/grub.d to
generate your chain load stanza.
I will have to do more reading on grub2 and creation of its stanzas.
I will leave that for later.
Post by Bit Twister
Post by Jim Beard
I relocated the new workstation to 192.168.1.9 and nfs is now working.
And there is where the magic of hard coding ip address and a good
/etc/hosts file makes that all seamless.
Post by Jim Beard
I am now thinking about converting my current backup machine to
headless and moving it out of the way but still connected to the
router, moving my current main machine to the desktop where the backup
is sitting, moving the new machine to my computer hutch, and then
hooking up the laser printer to the new workstation and start the
serious work of configuring everything in the new workstation and
copying over whatever I want from the current main and backup machines
via nfs.
I have never set up or used a headless machine. Suggestions welcome.
I will likely need to be able to change permissions on files on the
headless, and some will be owned by root, so rw capability and Root
authority may be needed.
Offhand my assumption thinks you plan to manage it via nfs. That would
not be the best method in my opinion.
Personally I use ssh as remote access to any of my nodes.
I have a xroot script that figures out if it needs to use sudo or ssh
based on the target node.
That way I click my xroot desktop shortcut for sudo local access or run
xroot mtv to get an xterm root prompt over on my MythTv node.
The script changes colors for different nodes.
Post by Jim Beard
Post by Bit Twister
I have no idea why you do not want to not keep it simple. There is no
need for the hosts file modification. Did you read the indicated link
in the file. Read the first paragraph under Description.
http://www.shorewall.net/manpages/shorewall-hosts.html
To quote from the page cited,
"The only time that you need this file is when you have more than one
zone connected through a single interface."
I have one interface, that I wish to use for communication to the 'Net
and for communication to my other desktop(s) and laptop within my home.
To me, that looks like two zones connected through a single interface.
Ok I see how you would think it is a requirement.
It is not required in your setup.
I can see where it would not be necessary, but it does allow me to
restrict the size of the lan, currently /28 or 14 machines. I think I
will leave things as they are for the moment, but later delete the local
network loc.
Post by Bit Twister
Post by Jim Beard
Post by Bit Twister
I like to run with the KISS methodology. Every device on my LAN
network has a static ip address.
I favor that, but my wife dislikes me tinkering with her machines, even
for assigning or controlling the ip address. (For years she had only
Apples, but then she tried a cheapie Microsloth machine since junked
and currently has an android phone--still predominately Apple). If I
have Linux, she will have Apple, and never shall I meet with the latter
except when one of her machines does not work. Then I get called in.
Ok, assign static ip addresses to linux boxes and give her node a hosts
file to find them.
Post by Jim Beard
Post by Bit Twister
Post by Jim Beard
This cannot be right, as all should be the same.
Hehehehe, if not "right" how can they be working. :)
They let traffic through, but if I wanted unrestricted flow of traffic
a firewall would not be needed.
Ok, your basic zone file tends to limit those zones to what protocol is
used in each zone. The detect might latch onto an ipv6 address and cause
you a fair amount of time troubleshooting lost connectivity.
Post by Jim Beard
Post by Bit Twister
Based on the answers provided during firewall setup on install I have
# grep -v '\#' zones
loc ipv4 wls ipv4 net ipv4 fw firewall
I have one zones file that looks like your's above, except the wls ipv4
line is missing.
I think I will duplicate that on my machines other than a laptop,
If laptop does not leave the house, I would have it match the server's zone.
If labtop is used somewhere else, detect would allow it to connect to
ipv6 or ipv4 as needed.
Post by Jim Beard
Post by Bit Twister
You seem to ignore suggestions to use /somewhere/app.conf.d so the
following is for any lurkers.
If I knew what /somewhere/app.conf.d was,
That is whatever app is of interest.
Post by Jim Beard
or could find it with locate,
Generally speaking, they would only show up when you create them.
On Mageia 6 (Cauldron) I have noticed a few applications using the feature.
Check for yourself run
locate \.d/ | grep -v /src
Post by Jim Beard
I might try to do something with it, if I knew how to format entries in
files under app.conf.d.
It will usually be the same format as found in the vendor supplied
configuration file. Always check the man page. Some apps want .conf as
the file name type. systemd-network wants .network. nfs wants .exports
This is getting into areas where my ignorance leaves me baffled. I need
to learn a bit more before even trying to ask a question.
For the moment, I need to reorganize the layout of my computer room/
study, move computers around, decide what I need to keep from my old
backup machine and move that over by nfs to the new machine.
Inability to use MCC to play with partitions other than sda will
complicate matters, but gparted should work. My Laserjet Pro would not
install on the new workstation, and hplip/HP website says it has Smart
Install that must be disabled. I rebooted to W10 and installed it there,
thinking that would disable the Smart Install feature. The Laserjet
works under W10 but I still cannot install it on Mageia.
How is the Laserjet connected?
Post by Jim Beard
Before I started playing with hplip, I had everything installed but the
correct driver. While trying to find a usable driver, I found the proper
driver for the machine now is available. And that is when the problems
started. I cannot even get back to undo and start fresh.
On Mageia or other Mandriva fork try creating a new printer
with proper driver et al. When your test page prints Ok then you can
delete the mistake.
Post by Jim Beard
Basically, I have much tinkering and experimenting to do, in addition to
rearranging all boxes and moving backup stuff around. It may be a while
before I return. Or it may be soon, if I have a question that vexes me
an I think someone else may have a known answer.
Cheers!
jim b.
bliss
--
bliss dash SF 4 ever at dslextreme dot com
Bit Twister
2016-10-17 21:43:38 UTC
Permalink
Post by Jim Beard
Well, my problems are proliferating. I tried going into MCC to mount the
Winblows disk ssd EFI partition, and the only thing MCC will allow me to
work with is the Linux ssd disk. The W10 ssd and both WD hard drives are
grayed out.
No clue about w10, but hard drives should have been selectable.
I found it much easier to install gparted. Much more control over what
I want to do.
Post by Jim Beard
Then, I used lsblk to get the partition names and mounted the W10 EFI on /
mnt. I then used rsync -av to copy the contents of the W10 boot
partition (Boot and Microsoft) to /boot/EFI,
I would be interested in knowing the exact rsync command used.
Post by Jim Beard
ran update-grub2, and had the Linux choices but no Microsoft.
Maybe a new grub2 release will help, You might find this interesting
http://askubuntu.com/questions/666317/grub2-shows-windows-7-or-windows-recovery-environment-instead-of-windows-10
Post by Jim Beard
I next did a mv B* M* /boot/EFI/EFI
to put Boot and Microsoft in the EFI directory with mageia that holds the
Mageia5 uefi boot, ran update-grub2, and tried that, but still no joy.
Now that was not smart and I assume you will not be able to boot w10
until you copy the files back to w10 efi just like you found them.

I would have assumed the rsync would have already copied the files
into mga efi directory.
Post by Jim Beard
Post by Bit Twister
Ok I see how you would think it is a requirement.
It is not required in your setup.
I can see where it would not be necessary, but it does allow me to
restrict the size of the lan, currently /28 or 14 machines. I think I
will leave things as they are for the moment, but later delete the local
network loc.
All I was suggesting was removing the shorewall hosts modification.
Post by Jim Beard
This is getting into areas where my ignorance leaves me baffled. I need
to learn a bit more before even trying to ask a question.
Well, it really is pretty straight forward.

The man page indicates location and file name extension.

You may need to create /what/ever.d and you create a file with the
indicated file extension and add the line(s) you would have
added/change to the app.conf. If indicated in man page, you might have
to set the execute bit.
Post by Jim Beard
Inability to use MCC to play with partitions other than sda will
complicate matters, but gparted should work.
Yes, I would think so. It would be nice if the Mageia rpm had the
latest release.
Post by Jim Beard
Before I started playing with hplip, I had everything installed but the
correct driver. While trying to find a usable driver, I found the proper
driver for the machine now is available. And that is when the problems
started. I cannot even get back to undo and start fresh.
Well, at this point, I suggest that if httpd and cups services are running,
pointing your browser at http://localhost:631/ selecting add printer
should allow you to pick the driver, click defaults and have printer access.
Loading...