Category: Linux

Linux rules the world, right?

Install Fedora Workstation 38 (Gnome GUI)

This article will show the simple steps of installing a modern Linux Distribution like Fedora 38 Workstation Edition with Gnome for the graphical user interface. First, it is offered the basic steps for installing the Operating system and then there are some screenshots of the installed system and its look and feel. Soon another article will show more screenshots of the installed and working Fedora 38 (Gnome and KDE plasma) – so the user may decide which of them to try first.
This is the most straightforward setup. One hard disk device in the system is installed, which is detected as sda and the entire disk will be used for the installation of Fedora Workstation 38. All disk information in sda disk device will be permanently deleted by the installation wizard!

The Fedora 38 Workstation comes with

  • Xorg X11 server – 1.20.14 and Xorg X11 server XWayland 22.1.9 is used by default
  • GNOME (the GUI) – 44.0
  • linux kernel – 6.2.9

Check out our article about what software is included in – Review of freshly installed Fedora 38 Workstation (Gnome GUI).

There are previous installations howto articles for the older Fedora 37Install Fedora Workstation 37 (Gnome GUI), Review of freshly installed Fedora 36 Workstation (Gnome GUI), Install Fedora Workstation 31 (Gnome GUI), Install Fedora Workstation 30 (Gnome GUI).

The following ISO is used for the installation process: https://download.fedoraproject.org/pub/fedora/linux/releases/38/Workstation/x86_64/iso/Fedora-Workstation-Live-x86_64-38-1.6.iso
It is a LIVE image so you can try it before installing. The easiest way is just to download the image and burn it to a DVD disk (or make a bootable USB flash drive) and then follow the installation below.
The simplest way to make a bootable USB drive is to just use the Linux command dd. First, download the ISO file above and then plug the USB drive into the computer and find out the device name, it should be something of /dev/sda or /dev/sdb or /dev/sdc (execute the dmesg command in the console and check the last lines for the USB drive detection and its device name like /dev/sd?). After knowing the USB device name issue the dd command to overwrite it with the ISO. Note, all data will be lost if you use the following command with the device name mentioned in the command line.

myuser@mydesktop ~ # dd if=/mnt/media/OS/Fedora/Fedora-Workstation-Live-x86_64-38-1.6.iso of=/dev/sdd bs=8M status=progress oflag=direct
2080374784 bytes (2.1 GB, 1.9 GiB) copied, 22 s, 94.4 MB/s2099451904 bytes (2.1 GB, 2.0 GiB) copied, 22.1921 s, 94.6 MB/s

250+1 records in
250+1 records out
2099451904 bytes (2.1 GB, 2.0 GiB) copied, 22.2063 s, 94.5 MB/s

The USB flash drive should have at least 4G space. Using dd command will overwrite the data on the USB drive without warning or confirmation!

The user can check what device name the just-plugged USB Drive has with dmesg console command:

myuser@mydesktop ~ # dmesg|tail -n 20
[1111445.079524] usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[1111445.079526] usb 3-2: Product: IS888 USB3.0 to SATA bridge
[1111445.079528] usb 3-2: Manufacturer: Innostor Technology
[1111445.079529] usb 3-2: SerialNumber: 088810000000
[1111445.083169] usb-storage 3-2:1.0: USB Mass Storage device detected
[1111445.083301] scsi host6: usb-storage 3-2:1.0
[1111446.092244] scsi 6:0:0:0: Direct-Access     KINGSTON  SNV425S2128GB        PQ: 0 ANSI: 0
[1111446.093165] sd 6:0:0:0: Attached scsi generic sg2 type 0
[1111446.093586] sd 6:0:0:0: [sdd] 250069680 512-byte logical blocks: (128 GB/119 GiB)
[1111446.093883] sd 6:0:0:0: [sdd] Write Protect is off
[1111446.093886] sd 6:0:0:0: [sdd] Mode Sense: 03 00 00 00
[1111446.094489] sd 6:0:0:0: [sdd] No Caching mode page found
[1111446.094497] sd 6:0:0:0: [sdd] Assuming drive cache: write through
[1111446.100093] GPT:Primary header thinks Alt. header is not at the end of the disk.
[1111446.100102] GPT:1402999 != 250069679
[1111446.100104] GPT:Alternate GPT header not at the end of the disk.
[1111446.100105] GPT:1402999 != 250069679
[1111446.100106] GPT: Use GNU Parted to correct GPT errors.
[1111446.100148]  sdd: sdd1 sdd2 sdd3
[1111446.100623] sd 6:0:0:0: [sdd] Attached SCSI disk

The just-plugged USB drive is attached to the system with the device name /dev/sdd.

SCREENSHOT 1) Boot from the UEFI USB device.

It is the same as the CD/DVD removable drive. Choose the UEFI USB drive to boot the live installation.

main menu
UEFI BIOS USB device boot

Keep on reading!

Pages: Page 1, Page 2, Page 3, Page 4, Page 5

Install CentOS Stream 9 booting VNC installer with kexec

Lately, dedicated servers come with Remote management consoles like IPMI KVM or iLO, or DRAC, but they are still slow to initiate the process of installing a system.

main menu
kexec execute

Consider a server (dedicated or not) should be installed in a remote colocation with the help of only the server’s network. The system administrator just receives an administrative shell access and nothing more and the server should be installed with the proper and secured software, in this case, the CentOS Stream 9. Using kexec the user can boot a new kernel from a different Linux Distribution and initiate automated network installation of the system and it is not needed any Remote management consoles. The only thing needed is the ability of the current system/kernel to be able to use kexec, which is pretty standard for 8 to 10 years old Linux systems. There is a good chance the colocations’ rescue CD/DVD/USB flash drives or the PXE rescue images support kexec, because they tend to upgrade their rescue systems, which the user may boot if he has problems.
Still, using kexec to initiate another kernel or Linux Distribution like CentOS Stream 9 with VNC installer, for example, it a powerful tool to safely replace a currently running system with only shell access.
This article has chosen to start the CentOS Stream 9 VNC installer just for demonstration purposes. Booting a downloaded kernel may be used for just anything from booting a system over the network, booting an installer, booting an unattended automation installation, and so on. There are a couple of simple things to check before booting the new kernel.
This article will show just one use case – reinstalling a system with CentOS Stream 9 over the network using the CentOS VNC Install. The purpose is to show how simple, fast, and easy is to install a modern Linux system only by having console access. No scripts are required if manual installation is performed.
To boot a CentOS Stream 9 VNC Installer the kexec command needs the following options.

The kexec commands need the following options:

  • Networkingdevice interface name, IP, netmask, gateway and DNS servers
  • Kernel options – these options will initiate scripts from the initramfs.
  • inst.vnc – a kernel option, which will start a VNC server with no password on the default port and network device. Using it with another inst.vncpassword=[PASSWORD] the VNC server will require the password – [PASSWORD]. The password should be a maximum of 8 characters because the VNC server will not start if it is with more!
  • inst.repo=[HTTP/HTTPS://repository] – a kernel option, which sets the CentOS HTTP/HTTPS repository.

The kexec command to boot the CentOS Stream 9 VNC Installer is:

kexec --initrd=./initrd.img -l ./vmlinuz --command-line="bootdev=eno1 ip=10.10.10.20::10.10.10.1:24:srv.example.com:eno1:none nameserver=8.8.8.8 inst.vnc inst.vncpassword=cha3hae4ahZaqueev1ee inst.repo=https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/"

The kernel (i.e. vmlinuz) and the initramfs (i.e. initrd.img) should be downloaded in the current directory before executing the above command. The above line will order the kernel to load the new kernel, but to boot it another command must be executed:

kexec -e

Keep on reading!

Software and technical details of Fedora Server 38 including cockpit screenshots

main menu
System Overview

This article is for those of you who do not want to install a whole new operating system only to discover some technical details about the default installation like disk layout, packages included, software versions, and so on. Here we are going to review in several sections what is like to have a default installation of Fedora 38 Server using a real not virtual machine!
The kernel is 6.2.15 it detects successfully the Threadripper 1950X AMD and the system is stable (we booted in UEFI mode).
The installation procedure uses default options for all installation setups – Minimal network installation of Fedora 38 Server

Software

With Fedora Server 38 you can have

  • linux kernel – 6.2.15 (6.2.15-300.fc38.x86_64)
  • System
    • linux-firmware – version: 20230515, release: 20230515-150.fc38.
    • libc – 2.37 (2.37-4.fc38)
    • GNU GCC – 13.1.1 (13.1.1-2.fc38)
    • OpenSSL – 3.0.8 (3.0.8-2.fc38) and 1.1.1q (1.1.1q-4.fc38)
    • coreutils – 9.1-12 (9.1-12.fc38)
    • yum – Depricated and replaced with dnf
    • dnf – 4.15.1 (4.15.1-1.fc38)
    • rsyslog – 8.2210.0 (8.2210.0-4.fc38)
    • NetworkManager – 1.42.6 (1.42.6-1.fc38)
  • Servers
    • Apache – 2.4.57 (2.4.57-1.fc38)
    • Nginx – 1.24.0 (1.24.0-1.fc38)
    • MySQL server – 8.0.33 (8.0.33-2.fc38)
    • MariaDB server – 10.5.19 (10.5.19-2.fc38)
    • PostgreSQL – 15.1 (15.1-2.fc38)
  • Programming
    • PHP – 8.2.6 (8.2.6-1.fc38)
    • python – The default is 3.11.3 (3.11.3-2.fc38) and many more available – 3.12.0 (3.12.0~a7-1.fc38), 3.10.11 (3.10.11-1.fc38), 3.9.16 (3.9.16-3.fc38), 3.8.16 (3.8.16-3.fc38), 3.7.16 (3.7.16-3.fc38), 3.6.15 (3.6.15-17.fc38) and also includes the older 2.7.18 (2.7.18-31.fc38)
    • perl – 5.36.1 (5.36.1-497.fc38)
    • ruby – 3.2.2 (3.2.2-180.fc38)
    • OpenJDK – the latest 20 – 20.0.1.0.9 (20.0.1.0.9-8.rolling.fc38) and also includes 17.0.7.0.7 (17.0.7.0.7-5.fc38), 11.0.19.0.7 (11.0.19.0.7-1.fc38) and 1.8.0.362.b09 (1.8.0.362.b09-2.fc38)
    • Go – 1.20.4 (1.20.4-1.fc38)
    • Rust – 1.69.0 (1.69.0-2.fc38)
    • llvm – the latest 16.0.4 (16.0.4-1.fc38), 15.0.7 (15.0.7-4.fc38), 14.0.5 (14.0.5-5.fc38), 13.0.1 (13.0.1-4.fc38), 12.0.1-8.fc38 (12.0.1-8.fc38), 11.1.0 (11.1.0-10.fc38), 8.0.1 (8.0.1-4.fc38) and 7.0.1 (7.0.1-7.fc38)
    • Subversion – 1.14.2 (1.14.2-13.fc38)
    • Git – 2.40.1 (2.40.1-1.fc38)

Note: Not all of the above software comes installed by default. The versions above are valid as of May 2023, these are the minimum versions you get with Fedora Server 38 now, and updating it after the initial date may update some of the above packages with newer versions.

Installed packages are 679 occupying 1.8G space:. Note, this is Fedora Server Install, not minimal install. The server install includes the web console – cockpit version 254.

[root@srv ~]# dnf list installed|wc -l
674
[root@srv ~]# df -h /
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/fedora-root   15G  1.7G   14G  12% /

Keep on reading!

Pages: Page 1, Page 2, Page 3, Page 4

Minimal network installation of Fedora 38 Server

This article will show the simple steps of installing a modern Linux Distribution Fedora 38 Server edition. Fedora line offers many bleeding-edge Linux technologies than the more enterprise CentOS of the same RPM Linux family.

In fact, if the user needs a server with the latest Linux stable software Fedora server is the right and easy choice for a server!

It is interesting to compare to the other big rival Ubuntu Server, which has the latest software and upgrade path to the future release.
Here are some basic data from the default installation setup settings:

  1. Installed packages – ~673 occupying 1.7G of space.
  2. 3 partitions when using automatic partition layout – boot efi, boot and lvm.
  3. xfs used for the root and the boot partitions.

The Fedora 38 Server comes and updates to the latest stable Linux:

  • Linux kernel : 6.2.15.
  • Python : 3.11.3
  • GLibc : 2.37
  • OpenSSL : 3.0.8
  • systemd : 253.4

More detailed software overview here – Software and technical details of Fedora Server 38 including cockpit screenshots.

Of course, one can expect the latest version of GCC (13.1.1), PHP (8.2.6), GO (1.20.4), MySQL Server (8.0.33), PostgreSQL (15.1), Nginx (1.24.0), Apache (2.4.57) and so on. Almost all of them are the latest stable version on their Internet sites.
Just be careful, the Fedora life cycle is 13 months from the release to the EOL (End of Life)! Of course, a dist-upgrade is supported and indeed, it has been flawless for years!

We used the following ISO for the installation process from https://getfedora.org/en/server/download/:

https://download.fedoraproject.org/pub/fedora/linux/releases/38/Server/x86_64/iso/Fedora-Server-netinst-x86_64-38-1.6.iso

It is not a LIVE image so you cannot try it before installing it. The easiest way is to download the image and burn it to a DVD or USB stick disk and then follow the installation below (a USB flash drive could be also created from this ISO). The netinstall installation is as simple as having a good Internet connection to download the packages, the installation wizard automatically detects the closest mirror, from which it will download the packages. Essentially, the network does not differ from the ordinary installation except it expects to download the packages from the Internet. The good thing f network installation is that the bootable ISO is just 686Mbytes and the minimal install of the Fedora 38 Server will consume only around 560 Mbytes.
Here is how to make a bootable USB flash drive using dd:

root@srv ~ # dd if=/mnt/media/OS/Fedora/Fedora-Server-netinst-x86_64-38-1.6.iso of=/dev/sdd bs=8M status=progress oflag=direct
629145600 bytes (629 MB, 600 MiB) copied, 6 s, 105 MB/s718336000 bytes (718 MB, 685 MiB) copied, 6.76099 s, 106 MB/s

85+1 records in
85+1 records out
718336000 bytes (718 MB, 685 MiB) copied, 6.78797 s, 106 MB/s

The /dev/sdd is the removable USB drive. Be careful, it probably will with another name on a different system. Find the name by checking the dmesg.

SCREENSHOT 1) Select the UEFI OS (KINGSTON …), which is the USB flash drive connected to the server.

This USB flash drive is created by the Fedora Official ISO described above.

main menu
USB flash BIOS boot

Keep on reading!

Pages: Page 1, Page 2, Page 3, Page 4

Moving existing Elasticsearch and Kibana installation from CentOS 7 to CentOS Stream 9

main menu
install Elasticsearch and Kibana

Despite having only two additional installed software under CentOS 7 it is not a good idea to just try upgrading only CentOS 7 to CentOS Stream 9. There is no clear and supported path for upgrading from CentOS 7 to CentOS Stream 9 and even to the older one CentOS 8 (or CentOS Stream 8). The best way is to just make a clean install of CentOS Stream 9 and copy all the Elasticsearch and Kibana files and this article is how to do it without problems.
Here is the plan to move the existing installation of Elasticsearch and Kibana services from CentOS 7 to CentOS Stream 9:

  1. Make a clean install of CentOS Stream 9
  2. Update the current Elasticsearch and Kibana installations to their last versions (from their branch or minor versions).
  3. Add Elasticsearch and Kibana repositories to the new system. Tune the system crypto policies.
  4. Install Elasticsearch and Kibana software packages, but do not start the services.
  5. Copy Elasticsearch and Kibana important files such as the index directory and the configuration directories. Check the user and group IDs of the files.
  6. Start the Elasticsearch and Kibana services.

In this example, the installation of the new server is just starting a new LXC container, which will host the Elasticsearch and Kibana services. There is no difference between using a container or a physical machine. With LXC container it is easier to copy the needed files such as the Elasticsearch index files, which may be tens of terabytes or more, and various configuration files.

STEP 1) Make a clean install of CentOS Stream 9

Check out the following article on the purpose – Network installation of CentOS Stream 9 (20220606.0) – minimal server installation or if LXC container is preferred – Run LXC CentOS Stream 9 container with bridged network under CentOS Stream 9.

Creating a LXC container of CentOS Stream 9 is really simple and fast:

[root@srv ~]# lxc-create --template download -n kibana.u1x2.com -- --dist centos --release 9-Stream --arch amd64
The cached copy has expired, re-downloading...
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs

---
You just created a Centos 9-Stream x86_64 (20230511_19:27) container.

Then tune the network following the above article. It is a good idea when configuring the network to preserve the original UUIDs and network addresses (MAC address, too) of the LXC containers network and the inner container’s interface.
So copy the UUID from /var/lib/lxc/loganalyzer-old/rootfs/etc/sysconfig/network-scripts/ifcfg-eth0 to the CentOS Stream 9 network configuration – /var/lib/lxc/loganalyzer/rootfs/etc/NetworkManager/system-connections/ethernet-eth0.nmconnection, which uses NetworkManager. And the LXC container’s MAC address: the variable lxc.net.0.hwaddr from /var/lib/lxc/loganalyzer/config to /var/lib/lxc/loganalyzer/config.
The last step is to run the newly installed system. No errors in the output signals for a successful start-up of the LXC container with the name loganalyzer.

[root@srv ~]# lxc-start -n loganalyzer
[root@srv ~]#

STEP 2) Upgrade the current Elasticsearch and Kibana installations to their last versions (from their branch or minor versions).

For example, if the current Elasticsearch is version 7. It is good to upgrade it to the latest version from 7.x before proceeding with the next steps.
The current installed versions of Elasticsearch and Kibana software are from the branch 77.17.4-1 and the latest version is 7.17.10-1.
Check in the old system with (CentOS 7):

[root@loganalyzer-old ~]# yum list installed|egrep -e "(elasticsearch|kibana)"
elasticsearch.x86_64               7.17.4-1                               @elasticsearch
kibana.x86_64                      7.17.4-1                               @elasticsearch

Keep on reading!

Building chromium fails with set the variable “swiftflags” here and it was unused before it went

main menu
Chromium building failed

Apparently, the recent versions of Chromium require a new version of dev-util/gn. Trying to build Chromium web browser with an older version such as dev-util/gn-0.1807 will likely to cause the configuration stage to fail with

srv ~ # emerge -va --nodeps chromium

These are the packages that would be merged, in order:

[ebuild     U #] www-client/chromium-111.0.5545.6:0/dev::gentoo [106.0.5245.0:0/dev::gentoo] USE="X cups hangouts js-type-check kerberos official (pic) proprietary-codecs pulseaudio qt5%* screencast (selinux) suid vaapi wayland widevine (-component-build) -custom-cflags -debug -gtk4 (-headless) -libcxx -lto (-pgo) -system-av1% (-system-ffmpeg) -system-harfbuzz -system-icu -system-png" L10N="-af -am -ar -bg -bn -ca -cs -da -de -el -en-GB -es -es-419 -et -fa -fi -fil -fr -gu -he -hi -hr -hu -id -it -ja -kn -ko -lt -lv -ml -mr -ms -nb -nl -pl -pt-BR -pt-PT -ro -ru -sk -sl -sr -sv -sw -ta -te -th -tr -uk -ur -vi -zh-CN -zh-TW" 0 KiB

Total: 1 package (1 upgrade), Size of downloads: 0 KiB

Would you like to merge these packages? [Yes/No] yes

>>> Verifying ebuild manifests

>>> Running pre-merge checks for www-client/chromium-111.0.5545.6
.....
.....
 * Configuring Chromium...
gn gen --args= is_clang=false use_lld=false custom_toolchain="//build/toolchain/linux/unbundle:default" host_toolchain="//build/toolchain/linux/unbundle:default" is_debug=false dcheck_always_on=false dcheck_is_configurable=false is_component_build=false enable_nacl=false use_system_harfbuzz=false use_gnome_keyring=false enable_js_type_check=true enable_hangout_services_extension=true enable_widevine=true use_cups=true use_kerberos=true use_pulseaudio=true use_vaapi=true rtc_use_pipewire=true gtk_version=3 disable_fieldtrial_testing_config=true use_gold=false use_sysroot=false use_custom_libcxx=false enable_pseudolocales=false blink_enable_generated_code_formatting=false proprietary_codecs=true ffmpeg_branding="Chrome" google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc" target_cpu="x64" treat_warnings_as_errors=false fatal_linker_warnings=false v8_use_libm_trig_functions=true use_ozone=true ozone_auto_platforms=false ozone_platform_headless=true use_system_libdrm=true use_system_minigbm=true use_xkbcommon=true use_qt=true ozone_platform_x11=true ozone_platform_wayland=true ozone_platform="wayland" use_system_libffi=true is_official_build=true use_thin_lto=false thin_lto_enable_optimizations=false is_cfi=false symbol_level=0 chrome_pgo_phase=0  out/Release
ERROR at //build/config/compiler/BUILD.gn:1271:16: Assignment had no effect.
  swiftflags = []
               ^
You set the variable "swiftflags" here and it was unused before it went
out of scope.
See //build/config/BUILDCONFIG.gn:333:3: which caused the file to be included.
  "//build/config/compiler:afdo",
  ^-----------------------------
 * ERROR: www-client/chromium-111.0.5545.6::gentoo failed (configure phase):
 *   (no error message)
 * 
 * Call stack:
 *     ebuild.sh, line  136:  Called src_configure
 *   environment, line 5084:  Called chromium_configure '0'
 *   environment, line 2457:  Called die
 * The specific snippet of code:
 *       "$@" || die
 * If you need support, post the output of `emerge --info '=www-client/chromium-111.0.5545.6::gentoo'`,
 * the complete build log and the output of `emerge -pqv '=www-client/chromium-111.0.5545.6::gentoo'`.
 * The complete build log is located at '/var/tmp/portage/www-client/chromium-111.0.5545.6/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/www-client/chromium-111.0.5545.6/temp/environment'.
 * Working directory: '/var/tmp/portage/www-client/chromium-111.0.5545.6/work/chromium-111.0.5545.6'
 * S: '/var/tmp/portage/www-client/chromium-111.0.5545.6/work/chromium-111.0.5545.6'

>>> Failed to emerge www-client/chromium-111.0.5545.6, Log file:

>>>  '/var/tmp/portage/www-client/chromium-111.0.5545.6/temp/build.log'

 * Messages for package www-client/chromium-111.0.5545.6:

 * ERROR: www-client/chromium-111.0.5545.6::gentoo failed (configure phase):
 *   (no error message)
 * 
 * Call stack:
 *     ebuild.sh, line  136:  Called src_configure
 *   environment, line 5084:  Called chromium_configure '0'
 *   environment, line 2457:  Called die
 * The specific snippet of code:
 *       "$@" || die
 * 
 * If you need support, post the output of `emerge --info '=www-client/chromium-111.0.5545.6::gentoo'`,
 * the complete build log and the output of `emerge -pqv '=www-client/chromium-111.0.5545.6::gentoo'`.
 * The complete build log is located at '/var/tmp/portage/www-client/chromium-111.0.5545.6/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/www-client/chromium-111.0.5545.6/temp/environment'.
 * Working directory: '/var/tmp/portage/www-client/chromium-111.0.5545.6/work/chromium-111.0.5545.6'
 * S: '/var/tmp/portage/www-client/chromium-111.0.5545.6/work/chromium-111.0.5545.6'

The error above occurred under Gentoo when trying to build the latest Chromium 111.0.5545.6 with an older GN utility (GN is a meta-build system that generates build files for Ninja). If someone receives a similar error during the configuration stage of Chromium building the first thing to check is the GN utility and get the latest version!
Under Gentoo, emerge-ing the GN version 0.2077 eliminated the error above, and the Chromium was built successfully. Probably, it should be added dependency for the Chromium ebuild package above GN 0.2049.

List all rules and IPs when using firewalld under CentOS

CentOS 7, CentOS 8, CentOS Stream 8, CentOS Stream 9 use firewalld service for the firewall of the machine. Firewalld service is easily controlled by the command-line tool firewall-cmd, which has a relatively simple syntax. It imposes an abstraction layer over the much more complex Linux kernels backends like iptables, ip6tables, arptables, ebtables, ipsetand, and nftables. The Firewalld organizes the firewall rules with the help of policies and zones, but there is a catch – it is not possible to list all the firewall rules to check whether an IP, network, or ethernet interface takes part in some rule or policy.

main menu
nft list ruleset

Yes, it is possible to list all rules of a firewalld zone (firewall-cmd –list-all), but what if there are multiple zones? First, get all the zone names and then enumerate all the zones with a list command to check for an IP. It is not practical and fast.
There is the other trick, searching through the Firewalld configuration files in the directory /etc/firewalld/, which saves all the permanent rules. But what if there are temporary rules, which are not saved in the configuration?
From CentOS 8.2 (RHEL 8.2) firewalld backend defaults to nftables instead of “iptables”. By using the nftables tools we can list all the rules applied in text or JSON format. It is like a snapshot of all the running rules applied by the Linux kernel firewall infrastructure no matter in which zone and policy. There is no such command with the firewall-cmd tool.

CentOS 8.2 (RHEL 8.2) and above including CentOS Stream 9

There is an export command using the nfs command line tool. 

nft list ruleset

Keep on reading!

Upgrading to systemd-utils and resolving systemd-tmpfiles soft blocking systemd-utils

main menu
News migrating to systemd-utils

Recently a new Gentoo package was added – sys-apps/systemd-utils, which should replace three separate packages sys-apps/systemd-tmpfiles, sys-boot/systemd-boot and sys-fs/udev. As the sys-fs/udev is one of the core packages in the OpenRC world and it can trigger multiple blocking errors and dependency problems.
The sys-apps/systemd-utils has three USE variables for the three replacing packages – udev, boot, and tmpfiles, so the user might add them in make.conf file.
It’s worth noting when upgrading to the sys-apps/systemd-utils, the sys-apps/systemd-tmpfiles and sys-boot/systemd-boot will be removed, but sys-fs/udev is staying in the system with version sys-fs/udev-250 and above. The sys-fs/udev-250 would always pull in sys-apps/systemd-utils[udev] as a dependency. Despite the names including systemd, these packages do not depend on systemd and are meant to be used in OpenRC system.
There is Gentoo news about this upgrade and it can be read with eselect. Check out the article ending for more information.
Here is what a blocking could look like:

root@srv ~ # emerge -vau world
......
......
[ebuild     U  ] dev-lang/php-8.0.27:8.0::gentoo [8.0.25:8.0::gentoo] USE="acl bcmath berkdb bzip2 calendar cli ctype curl enchant exif fileinfo filter flatfile fpm ftp gd gdbm gmp iconv imap intl ipv6 jit mhash mysql mysqli nls opcache pcntl pdo phar posix readline session session-mm sharedmem simplexml soap sockets sqlite ssl tidy tokenizer truetype unicode xml xmlreader xmlwriter xslt zip zlib -apache2 -apparmor -argon2 -cdb -cgi -cjk -coverage -debug -embed -ffi -firebird -inifile -iodbc -kerberos -ldap -ldap-sasl -libedit -lmdb -mssql -oci8-instant-client -odbc -phpdbg -postgres -qdbm (-selinux) -snmp -sodium -spell -systemd -sysvipc -test -threads -tokyocabinet -webp -xpm" 10549 KiB
[ebuild     UD ] sys-apps/man-pages-posix-2013a::gentoo [2017a::gentoo] 909 KiB
[ebuild     U  ] sys-apps/openrc-0.46::gentoo [0.45.2-r1::gentoo] USE="ncurses netifrc pam unicode -audit -bash -debug -newnet (-selinux) -sysv-utils" 242 KiB
[blocks B      ] sys-fs/eudev ("sys-fs/eudev" is soft blocking sys-apps/systemd-utils-251.10-r1)
[blocks B      ] sys-apps/systemd-utils[udev] ("sys-apps/systemd-utils[udev]" is soft blocking sys-fs/eudev-3.2.11-r3)

Total: 113 packages (97 upgrades, 1 downgrade, 15 new), Size of downloads: 554077 KiB
Conflict: 3 blocks (2 unsatisfied)

 * Error: The above package list contains packages which cannot be
 * installed at the same time on the same system.

  (sys-fs/eudev-3.2.11-r3:0/0::gentoo, installed) pulled in by
    sys-fs/eudev required by @selected 

  (sys-apps/systemd-utils-251.10-r1:0/0::gentoo, ebuild scheduled for merge) pulled in by
    sys-apps/systemd-utils[tmpfiles] required by (sys-apps/systemd-tmpfiles-250:0/0::gentoo, ebuild scheduled for merge) USE="" ABI_X86="(64)"
    sys-apps/systemd-utils[tmpfiles] required by (virtual/tmpfiles-0-r3:0/0::gentoo, installed) USE="" ABI_X86="(64)"
    sys-apps/systemd-utils[udev] required by (virtual/udev-217-r5:0/0::gentoo, installed) USE="" ABI_X86="(64)"


For more information about Blocked Packages, please refer to the following
section of the Gentoo Linux x86 Handbook (architecture is irrelevant):

https://wiki.gentoo.org/wiki/Handbook:X86/Working/Portage#Blocked_packages
root@srv ~ # emerge -va sys-apps/systemd-utils


These are the packages that would be merged, in order:

Calculating dependencies... done!
Dependency resolution took 0.84 s.

[ebuild  N     ] acct-group/audio-0-r1::gentoo  0 KiB
[ebuild  N     ] acct-group/cdrom-0-r1::gentoo  0 KiB
[ebuild  N     ] acct-group/dialout-0-r1::gentoo  0 KiB
[ebuild  N     ] acct-group/disk-0-r1::gentoo  0 KiB
[ebuild  N     ] acct-group/kmem-0-r1::gentoo  0 KiB
[ebuild  N     ] acct-group/lp-0-r1::gentoo  0 KiB
[ebuild  N     ] acct-group/sgx-0::gentoo  0 KiB
[ebuild  N     ] acct-group/tape-0-r1::gentoo  0 KiB
[ebuild  N     ] acct-group/tty-0-r1::gentoo  0 KiB
[ebuild  N     ] acct-group/video-0-r1::gentoo  0 KiB
[ebuild  N     ] sys-apps/systemd-utils-251.10-r1::gentoo  USE="acl kmod (split-usr) tmpfiles udev -boot (-selinux) -sysusers -test" ABI_X86="(64) -32 (-x32)" 11194 KiB
[blocks B      ] <sys-apps/systemd-tmpfiles-250 ("<sys-apps/systemd-tmpfiles-250" is soft blocking sys-apps/systemd-utils-251.10-r1)
[blocks B      ] sys-fs/eudev ("sys-fs/eudev" is soft blocking sys-apps/systemd-utils-251.10-r1)
[blocks B      ] sys-apps/systemd-utils[udev] ("sys-apps/systemd-utils[udev]" is soft blocking sys-fs/eudev-3.2.11-r3)

Total: 11 packages (11 new), Size of downloads: 11194 KiB
Conflict: 3 blocks (3 unsatisfied)

 * Error: The above package list contains packages which cannot be
 * installed at the same time on the same system.

  (sys-apps/systemd-tmpfiles-249.9:0/0::gentoo, installed) pulled in by
    sys-apps/systemd-tmpfiles required by @selected 

  (sys-apps/systemd-utils-251.10-r1:0/0::gentoo, ebuild scheduled for merge) pulled in by
    sys-apps/systemd-utils

  (sys-fs/eudev-3.2.11-r3:0/0::gentoo, installed) pulled in by
    sys-fs/eudev required by @selected 


For more information about Blocked Packages, please refer to the following
section of the Gentoo Linux x86 Handbook (architecture is irrelevant):

https://wiki.gentoo.org/wiki/Handbook:X86/Working/Portage#Blocked_packages

A screenshot from the command line, which is colored properly.

main menu
Unresolved Soft blocking tmpfiles and eudev

To solve the soft blocking, first, deselect the old packages, which are soft blocking the sys-apps/systemd-utils. In the above example, the problematic packages are sys-fs/eudev and sys-apps/systemd-tmpfiles. Deselect the packages and try to build only sys-apps/systemd-utils:
Keep on reading!

Review of freshly installed Fedora 37 Xfce Desktop

After the tutorial of how to install Fedora 37 Xfce Desktop this tutorial is mainly to see what to expect from a freshly installed Fedora 36 Xfce Desktop – the look and feel of the new Xfce GUI (Xfce version – 4.16). The Fedora 37 Xfce Desktop is part of Fedora spins – https://spins.fedoraproject.org/xfce/
Here you can find how to Install Fedora 37 Xfce Desktop.
The idea of this article is to see what to expect from Fedora 37 Xfce – the look and feel of the GUI, the default installed programs, and their look and how to do some basic steps with them. Here you’ll find more than 130 screenshots and not so many texts we do not want to turn this review of many texts and version information and 3 meaningless screenshots, which you could not see anything for the user interface because these days it is the primary goal of a Desktop system. You can expect more of this kind of review in the future.
This article is the first part of reviewing the Fedora 37 Xfce Desktop. The second article contains Xfce Settings screenshots are coming soon.

Xfce is a collection of programs that provides a features-rich desktop environment.

Here are some core elements:

  • Window Manager (xfwm4) – Handles the placement of windows on the screen.
  • Panel (xfce4-panel) – Provides a home for window buttons, launchers, app menu and more.
  • Desktop Manager (xfdesktop) – Sets desktop backgrounds, handles icons and more.
  • File Manager (thunar) – Manages your files in a modern, easy-to-use and fast way.
  • Volume Manager (thunar-volman) – Manages removable drives and media for Thunar.
  • Session Manager (xfce-session) – Saves and restores your session, handles startup, autostart and shutdown.
  • Setting System (xfce3-settings) – Configures appearance, display, keyboard, and mouse settings.
  • Application Finder (xfce4-appfinder) – Quickly finds and launches applications installed on your system
  • Settings Daemon (xfconf) – Stores your settings in a D-Bus-based configuration system.
  • A Menu Library (garcon) – Implements a freedesktp.org compliant menu based on GLib and GIO.
  • Thumbnails Services (tumbler) – Implements the thumbnails management D-Bus specification.

Fedora 37 Xfce screenshots

SCREENSHOT 1) Fedora (6.0.7-301.fc37.x86_64) 37 (Xfce)

main menu
grub 2 entry boot

Keep on reading!

Pages: Page 1, Page 2, Page 3, Page 4, Page 5, Page 6, Page 7, Page 8, Page 9, Page 10, Page 11, Page 12, Page 13, Page 14, Page 15, Page 16, Page 17

Install Fedora 37 Xfce Desktop

This article will show the simple steps of installing a modern Linux DistributionFedora 37 Xfce Desktop with Xfce for the graphical user interface – one of the alternatives, which tries to break the domination of GNOME and partly KDE Plasma. First, it is offered the basic steps for installing the Operating system and then there are some screenshots of the installed system and its look and feel. Here is another article available with more screenshots of the installed and working Fedora 37 Xfce DesktopReview of freshly installed Fedora 37 Xfce Desktop.
Xfce offers a fast, easy and lightweight graphical environment for Linux systems and Fedora teams bring it out-of-the-box with their spins projects – Fedora Xfce Spin
This is the simplest setup. One hard disk device in the system is installed, which is detected as sda and the entire disk will be used for the installation of Fedora 37 Xfce Desktop. All disk information in sda disk device will be permanently deleted by the installation wizard!

The Fedora 36 Xfce Desktop comes with:

  • linux kernel – 6.0.7
  • Xorg X11 server – 1.20.14 and Xorg X11 server XWayland 22.1.5 is used by default
  • Xfce: 4.16, which is the latest stable as of the official Xfce site.

For more packages and versions information the user may check out the Fedora 37 server articles – Software and technical details of Fedora Server 37 including cockpit screenshots.

We used the following ISO for the installation process:
https://download.fedoraproject.org/pub/fedora/linux/releases/37/Spins/x86_64/iso/Fedora-Xfce-Live-x86_64-37-1.7.iso
The ISO may be burnt on a disk or written on a USB stick. Just boot up from it.

SCREENSHOT 1) Boot from the UEFI DVD-ROM device.

It is the same as the USB bootable removable drive. Choose the UEFI USB drive and boot the installation live drive.

main menu
UEFI BIOS DVD-ROM boot

Keep on reading!

Pages: Page 1, Page 2, Page 3