Recovering
last update: 01/28 @ 23:19

Win some and lose some…

Refurbished power supply was a bust; wrong item (it was hot swapable, I didn’t have redundent, hot swapable — but I do now).

So I’ve moved on to server rebuild. And with Centos pretty much gone, seemingly a causality of IBM’s purchase of Red Hat, I’m moving on to Rocky Linux. Going from 7.X to 9.X was bound to have some growing pains (having them in a more controlled build and cutover rather than replacing a dead server would have been nicer).

Lessons from my experience:

ssh

First, Rocky uses AuthorizedKeys vs. Centos 7 using AuthorizedKeys2; not a big problem but my first, bad, assumption was the upgrade meant I needed newer keys. And then (did I mention I was trying to go fast), I just used default file permissions on the new file. Final stumbling block: the new key pushed me over the limis so I started to get “too many failed attempts” errors. Lesson: copy AuthorizedKeys2 to AuthorizedKeys and check the file permissions.

samba

It’s been a long time since I set it up. First, bad assumption: samba users are pulled from OS users. Eventually the errors made sense and I remembered I had to create the samba users/passwords. Second issue: selinux boolean to allow samba to get to home directories — that generates a really weird error on Linux workstation mapping in those drives (not sure what Windows would have looked like). Lessons: create the samba users/passwords and ensure selinux is permitting home directories (or relabel the file system).

httpd

Really went pretty well: don’t forget to install CRS with mod_security. And the new rulesets added a few more false positives for subversion access.

subversion

Speaking of subversion; it just works. I was pleasantly surprised to see no issues with access the repositories via httpd (after the mod_sec updates). (Do be sure selinux context is correct.)

postfix and spamassassin

It took a lot longer than it should have to understand that the error message about pipe failed due to unknown user really meant just that. The Spamassassin package for CentOS 7 used the “spamfilter” user (I think); it seems like the Rocky 9 package piggybacks off of the “mail” user.

dovecot

I had to refresh my memory on SSL keys for dovecot; but mistakenly figured I could just remove the Thunderbird saved key and add back the new key (see below). For me, dovecot uses standard key files in standard tls directory. I was surprised that dovecot seems to log Thunderbird’s ssl error which Thunderbird seemed to just mask.

Thunderbird

When I hit the certificate issue, I thought (next bad assumption) I could just remove the key I loaded from the old server and add a new exception for the new server’s key. I spent a long time trying but could never coach Thunderbird to ask for that offending key and give me a chance to accept it.

Thunderbird

So I remembered having to create a new profile not that long ago when the hard drive failed on the old server. (The power supply was the camel back breaking straw.) So I created a new profile and that let me import the certificate. But…

Thunderbird

The Thunderbird new profile/account set up presumed username would include domain (davewill@kayakero.net, for example). Of course, dovecot on Linux, using Linux accounts just needed the name. The unknown user / invalid password threw me for my final loop of the rebuild session. Lessons: Delete imported SSL cert only as a last resort and look closely at the assumptions made in setting up a new profile/account.

tar

Final note this this entry: when I started my backup scripts, I was getting astronomically large backup files. tar, in Rocky 9 does not like “—exlude” clause after the source of the files to tar up. CentOS 7 was OK with that. Lesson: tar .

The server has been working well for a few days now and I’m feeling pretty good. I have a bunch more disk space to work with (but I’ll likely need new, bigger USB drives for offsite storage). And I’ve seen a whole new slew of error messages and eventually worked out what they mean and what I need to do.

Of course, the public server (serving this blog and website) is the same era as the internal server and lived through the same very dusty remodel. So that’s next on my plate…

Oh, and Ting is setting up fiber to the house too…

(0) Comments -- permanent link
Edit this (owner only)

Ack!!!
last update: 01/13 @ 13:12

I may be a bit distracted for a while.

I can now say I’ve experienced a power supply failure for a server — new to me before today. I knew these needed to be replaced, I was just hoping for 6 more months…

New (refurbished) power supply on order — if that’s really the cause (could be motherboard as well), I may be up and limping in a week or so.

New servers ordered as well — clearly it was time, but I was hoping not to be forced into a rush job :( And, learning my lesson, redundant power this time; that seemed excessive for home use before today).

Oh, and Ting says they may be able to hook us up next month.

Gonna be a techy few weeks here…

(1) Comments -- permanent link
Edit this (owner only)

Christmas photos
last update: 01/03 @ 15:05

Sadly for us, Robert had to go back to school. We had a lot of fun while he was here and I expect we’ll start plotting our next trip out that way soon.

There are some more photos in the vacations section.

(0) Comments -- permanent link
Edit this (owner only)

Happy 2024!!!
last update: 01/01 @ 00:51

Hoping for a GREAT year!

It was fantastic to have Robert join us for the fireworks, grapes under the table, sweeping the porches and running around the house.

You know, the usual :)

Also very nice to be invited to Will, Rob, Christine and Cassie’s house for their balloon drop party.

(0) Comments -- permanent link
Edit this (owner only)

Add new entry (owner only)