Planet Redpill Linpro

17 January 2018

Sigurd Urdahl

yum shell - bat out of dependency hell


There's evil in the air and there's thunder in sky
(Meatloaf "Bat out of hell")

# yum install foo
[..]
Error: foo conflicts with bar

Again I have had the pleasure of having dependencies between RPM-packages ending my attempt to install a single package with a suggestion of removing core packages. I think this most often happen with Mysql or Percona packages, but I am sure MariaDB will be able to give you the same situation too. It's not the first time I have been here..

[root@ftp01-prod ~]# yum install Percona-Server-client-57
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package Percona-Server-client-57.x86_64 0:5.7.20-19.1.el7 will be installed
--> Processing Dependency: Percona-Server-shared-57 for package: Percona-Server-client-57-5.7.20-19.1.el7.x86_64
--> Running transaction check
---> Package Percona-Server-shared-57.x86_64 0:5.7.20-19.1.el7 will be installed
--> Processing Dependency: Percona-Server-shared-compat-57 for package: Percona-Server-shared-57-5.7.20-19.1.el7.x86_64
--> Running transaction check
---> Package Percona-Server-shared-compat-57.x86_64 0:5.7.20-19.1.el7 will be installed
--> Processing Conflict: Percona-Server-shared-compat-57-5.7.20-19.1.el7.x86_64 conflicts Percona-Server-shared-56
--> Finished Dependency Resolution
Error: Percona-Server-shared-compat-57 conflicts with Percona-Server-shared-56-5.6.38-rel83.0.el7.x86_64
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
[root@ftp01-prod ~]#

So if I want to install Percona-Server-client-57 I have to install Percona-Server-shared-compat-57 too, and that I can't because of the already installed Percona-Server-shared-56. OK, so I will just remove Percona-Server-shared-56 and then install Percona-Server-shared-compat-57 before doing the install I first tried to do:

[root@ftp01-prod ~]# yum remove Percona-Server-shared-56
[..]
Dependencies Resolved

================================================================================================================
 Package                           Arch            Version                      Repository                 Size
================================================================================================================
Removing:
 Percona-Server-shared-56          x86_64          5.6.38-rel83.0.el7           @percona-release          3.4 M
Removing for dependencies:
 MySQL-python                      x86_64          1.2.5-1.el7                  @centos_os                284 k
 fail2ban                          noarch          0.9.7-1.el7                  @epel                     0.0
 fail2ban-sendmail                 noarch          0.9.7-1.el7                  @epel                      11 k
 perl-DBD-MySQL                    x86_64          4.023-5.el7                  @centos_os                323 k
 postfix                           x86_64          2:2.10.1-6.el7               @centos_os                 12 M
 redhat-lsb-core                   x86_64          4.1-27.el7.centos.1          @anaconda                  45 k

Transaction Summary
================================================================================================================
Remove  1 Package (+6 Dependent packages)

Installed size: 16 M
Is this ok [y/N]:

Very much not OK. I'd like to at least keep things with descriptions like this

Description : The Linux Standard Base (LSB) Core module support
: provides the fundamental system interfaces, libraries,
: and runtime environment upon which all conforming
: applications and libraries depend.



The problem seems to be that postfix need since both provide libmysqlclient.so.18 which is provided by both Percona-Server-shared-56 and Percona-Server-shared-compat-57. So I just need to swap the former for the latter, and then I can run my original install.

OK, so I both want to remove a package and install a package. And I want to do it at the same time, so that I don't have to remove things like redhat-lsb-core. Did you notice the use of the word transaction in "Transaction Summary" from yum? A transaction is actually what I want. Luckily yum provides a way of doing this, and have probably done since forever, but I didn't learn about it till today. And as so many times before, it is a shell that solves our problems:

[root@ftp01-prod ~]# yum shell
Loaded plugins: fastestmirror, priorities
> remove Percona-Server-shared-56
> install Percona-Server-shared-compat-57
Loading mirror speeds from cached hostfile
> run
--> Running transaction check
---> Package Percona-Server-shared-56.x86_64 0:5.6.38-rel83.0.el7 will be erased
---> Package Percona-Server-shared-compat-57.x86_64 0:5.7.20-19.1.el7 will be installed
--> Finished Dependency Resolution

==================================================================================================
 Package                             Arch       Version                Repository            Size
==================================================================================================
Installing:
 Percona-Server-shared-compat-57     x86_64     5.7.20-19.1.el7        percona-release      1.2 M
Removing:
 Percona-Server-shared-56            x86_64     5.6.38-rel83.0.el7     @percona-release     3.4 M

Transaction Summary
==================================================================================================
Install  1 Package
Remove   1 Package

Total download size: 1.2 M
Is this ok [y/d/N]:

Yes, very much thank you! And then finally:

[root@ftp01-prod ~]# yum install Percona-Server-client-57
[..]
Dependencies Resolved

==================================================================================================
 Package                        Arch         Version                  Repository             Size
==================================================================================================
Installing:
 Percona-Server-client-57       x86_64       5.7.20-19.1.el7          percona-release       7.2 M
Installing for dependencies:
 Percona-Server-shared-57       x86_64       5.7.20-19.1.el7          percona-release       747 k

Transaction Summary
==================================================================================================
Install  1 Package (+1 Dependent package)

Total download size: 7.9 M
Installed size: 41 M
Is this ok [y/d/N]:y
[..]
Complete!

Done and done :-)


by Sigurd Urdahl (noreply@blogger.com) at Wed 17 Jan 2018, 23:00

29 December 2017

Ingvar Hagelund

J.R.R. Tolkien: The Silmarillion

I read Tolkien’s “canon”, that is, The Hobbit, The Lord of the Rings, and The Silmarillion, around Christmas every year. So also this year.

One of the most fascinating stories in The Silmarillion is of course the story of Túrin Turambar. He is regarded as one of the major heroes of his age. At the Council of Elrond, Elrond himself lists the great men and elf-friends of old, Hador and Húrin and Túrin and Beren. But while reading through the Silmarillion, there are few among mortal men that have also added so much pain and disaster to the elves. While a great war hero, Húrin was also responsible for the slaying of the greatest hunter of the elves, Beleg Cúthalion, the strong bow. Being the war hero, he turned the people of Nargothrond away from the wisdom of their history, and even their king, and made the hidden kingdom available for the enemy. How many elves were cruelly slain or taken to captivity in Angband because of Turin’s pride? Thousands! Perhaps even tens of thousands? So how come the elves, ages later, still reckoned Túrin son of Húrin as one of the great elf-friends?

In a Nordic saga style stunt, Túrin finally slew his greatest enemy, Glaurung the great fire-breathing dragon. Glaurung had been a continous danger to all peoples of Middle-Earth, and the end of that worm was of course a great relief to all the elves, even Elrond’s ancestors, the kings of Doriath and Gondolin. Also, we must remember that the lives of the elves are different from that of men. When the elves’ bodies die, their spirits go to Mandos, where they sit in the shadow of their thought, and from where they may even return, like Glorfindel of both Gondolin and Rivendell. But when men die, they go to somewhere else, and are not bound to the world. It seems that elves are more willing to forgive and let grief rest for wisdom over time, than are men’s wont. Even the Noldor who survived the passing of the Helcaraxë forgave and united the Noldor of Fëanor’s people that left them at the burning of the ships at Losgar.

Perhaps that is one of the lessons learned from the tragic story of Túrin. From all his unhappy life, good things happened, and afterwards, the elves forgave and even mourned him and his family.

by ingvar at Fri 29 Dec 2017, 16:27

25 December 2017

Ingvar Hagelund

J.R.R. Tolkien: The Lord of the Rings

I read Tolkien’s “canon”, that is, The Hobbit, The Lord of the Rings, and The Silmarillion, around Christmas every year. So also this year.

2017 was a great year for Tolkien fans. It was the 125th anniversary of the Professor’s birth, and the 80th anniversary for the Hobbit. We also got the magnificent news that Amazon will produce a TV series based on “previously unexplored stories based on J.R.R. Tolkien’s original writings“. So what storylines would that be? A reboot of the 2001-03 trilogy is out of the question, as Peter Jackson explored and extended more than enough already. So, what do we have left? A lot! Let’s have a look.

The Lord of the Rings and its appendices tells stories in several different timelines. Long before (as in hundreds, and even thousands of years) before the main story, just before the main story (like a few decennials), parallel to the main story, and after.

One storyline could follow the ancient history of Gondor and Arnor. There are lots and lots of substories there. If I should pick one I would like to see, it would be the stories of the kings Arvedui of Arnor and  Eärnil II of Gondor, perhaps started with the Firiel incident. There are lots of exciting points to pick up there. Gondor throne heiritage politics, the war against, and the prediction of the downfall of the Witch King, the flight to Forochel, with the disastrous ship’s wreck in the ice, and the loss of the palantiri.

For the “near history” before The War of the Ring, the obvious choice would be a “The young Aragorn” series, where we could follow Aragorn in his many guises, riding with the Rohirrim, going on raids with Gondor against Harad, in and in constant conflict with Denethor. And his love life, of course, with his meeting and very long-term relationship with Arwen. And speaking of Arwen, her family story is a good storyline, with the love of Celebrían and Elrond, travelling from Lorien to Rivendell, and her abduction, and Elladan and Elrohir’s rescue of her from the orcs. Parallel to that, the story I would most love to see, would be, the story of Denethor. His tragic life is worth a season alone. Another storyline from the years just before The War of the Ring, could be Balin’s attempt to retake Moria, and build  a colony of dwarves. Lots of gore and killing of goblins to depict!

Parallel to the War of the Ring, there are a lot of things going on, that are merely mentioned in the book, and completely forgotten in the movies. The fight in Dale. The Ents’ war against the orcs after the capture of Isengard, the loss of Osgiliath and Cair Andros, to name just a few.

And of course, even after the the War of the Ring, and the Return of the King, there are stories to follow up. Aragorn’s “negotiations” for peace with his neighbouring peoples, with armed battle as alternative, supported by Eomer of Rohan. The sweet but bitter death of Aragorn and Arwen. The reign of King Eldarion.

I’m optimistic! This is going to be great!

by ingvar at Mon 25 Dec 2017, 07:00

24 December 2017

Redpill Linpro Sysadvent

Thank you for visiting our SysAdvent Blog!

We hope you have enjoyed the articles in our third SysAdvent season!

This is the last post in this years sysadvent. If you want to read more, we have other blog entries at our main site, our techblog, our employees have personal blogs that are aggregated at

Sun 24 Dec 2017, 23:00

Ingvar Hagelund

J.R.R. Tolkien: The Hobbit

I read Tolkien’s “Canon”, that is, The Hobbit, The Lord of the Rings, and The Silmarillion, every year about Christmas. These year, it’s even The Hobbit’s 80th Anniversary, and to celebrate, I have of course read through The Hobbit again.

So many have said so much about this book, so I’d rather show off my newest addition to my Tolkien bookshelf. This is the Swedish 1962 edition of The Hobbit, Bilbo, En Hobbits Äventyr (Bilbo, A Hobbit’s Adventure), and it has quite an interesting history.

In the 50s and 60s, Astrid Lindgren, maybe most famous for her children’s books about Pippi Longstocking, worked as an editor at the department for Children’s literature at Rabén & Sjögren, who published Tolkien’s works in Sweden. Lindgren was very interested in Tolkien’s work, and while she later denied Tolkien as an inspiration for it, she published the quite Lord of the Rings reminiscing Mio my Son in 1954, and later the world beloved classic children’s fantasy novels The Brothers Lionheart and Ronia, the Robber’s daughter.

In the early 60s Lindgren was not content* with the current Swedish translation of The Hobbit, Hompen (translation by Tore Zetterholm, 1947), and wanted to better it. So she opted for a new translation and got hold of Britt G. Hallqvist for the job. For illustrations, she contacted her friend Tove Jansson, now World famous for her Moomin Valley universe. Jansson had already had success with her Moomintrolls, and had previously made illustrations for a Swedish edition of Lewis Carrol’s classic poem Snarkjakten (The Hunting of the Snark, 1959), so a successful publication seemed likely.

Hallqvist translated, Jansson drew, Lindgren published it, and it flopped! Tolkien fans didn’t enjoy Jansson’s drawings much, and the illustrations were not used** again before 1994. By then, the 1962 version was cherished by Tove Jansson fans and Tolkien collectors over the World, and it had become quite hard to find. The 1994 edition was sold out in a jiffy. The illustrations were finally “blessed” by the Tolkien Estate, when they were used for the 2016 Tolkien Calendar.

Jansson’s illustrations were also used in the 2016 Tolkien calendar, which I’m, afraid to say, have not acquired (yet).

I was lucky and found a decent copy of the 1962 edition in a Japanese(!) bookstore on the Net. Now I LOVE this book. Its illustrations are absolutely gorgeous.

20171219_003402.jpg.small

20171219_144844.small

20171219_003429.jpg.small

The destruction of Lake Town and the death of Smaug are my personal favourites

The destruction of Lake Town and the death of Smaug is my personal favourite

It makes a great additon to my ever growing list of Hobbits.

This book makes a great additon to my ever growing list of Hobbits.

It would be a pity to let this book stay alone without decent Janssonic company, so I searched a few weeks, was lucky again and found a nice copy of the mentioned Snarkjakten by Lewis Carrol, and an almost mint copy of the absolutely fantastic (in all meanings of that word) Swedish 1966 edition of Alice i underlandet (Alice in Wonderland). If you enjoy Alice, you will love Janssons’ illustrations, even outshining her work on The Hobbit.

For an intensely interesting read about Jansson’s artistic work on these classics: Read Olga Holownia’s essay at barnboken.net.

That’s it. Merry Christmas and happy Youletide everybody!

*) Neither was Tolkien himself. He specially disliked the translation of Elvish names into Swedish, like Esgaroth -> Snigelby (ie. Snail Town!!!). Also interesting: Svensson, Louise, Lost in Translation? – A Comparative Study of Three Swedish Translations of J.R.R. Tolkien’s ‘The Hobbit’, Lund University 2016

**) Actually, there were other versions with Jansson’s illustrations; the Finnish Hobbit Lohikäärme-vouri (The Dragon mountain) from 1973, and the updated Finnish translation in 2003. The illustrations were also used in this year’s Finnish 80th Anniversary edition of The Hobbit.

by ingvar at Sun 24 Dec 2017, 07:00

23 December 2017

Redpill Linpro Sysadvent

Using Ansible for system updates

As mentioned in the previous ansible post, we use ansible quite a lot for day to day operations. While we prefer Puppet for configuration management, ansible is excellent for automation of maintenance procedures.

One such procedure is gracefully applying package upgrades, including any required reboot, of application servers. In ...

Sat 23 Dec 2017, 23:00

22 December 2017

Redpill Linpro Sysadvent

Vagrant for the lazies

Personally, I consider the script parameter in a Vagrantfile to be a feature that is not abused enough. It’s got a lot of potential - every script can have a parameter (or several). Modifying your Vagrant use to include this gives you a more flexible and reliable ...

Fri 22 Dec 2017, 23:00

21 December 2017

Redpill Linpro Sysadvent

Tiny virtual firewalls with IncludeOS

Sometimes you need just a little something on your network to do a simple task. Perhaps you need a small router, a firewall or load balancer. Currently, the most popular option is to deploy a little Linux server. There is a downside though, a Linux is rather heavy. It requires ...

Thu 21 Dec 2017, 23:00

Bjørn Ruberg

Control code usernames in telnet honeypot

By running a Cowrie honeypot, I’m gathering interesting information about various kinds of exploits, vulnerabilities, and botnets. Upon a discovery of a new Linux-based vulnerability – often targeting network routers, IoT devices, and lately many IP camera products – the botnets will usually come in waves, testing the new exploits. The honeypot logs everything the […]

by bjorn at Thu 21 Dec 2017, 08:19

20 December 2017

Redpill Linpro Sysadvent

Making it right all the time - or that time I disagreed with a distro package about file permissions

Distro packages are a blessing that most of us take for granted (thank you and sorry package maintainers everywhere!). They make installation, maintenance and even removal of both simple and complex software a breeze.

Sometimes you disagree

But sometimes you disagree with a decision made in the distro package. ...

Wed 20 Dec 2017, 23:00

19 December 2017

Redpill Linpro Sysadvent

S2I hooks

S2I, Source-To-Image, is a toolkit for building Docker images with minimum effort. The S2I project description describes itself like this:

Source-to-Image (S2I) is a toolkit and workflow for building reproducible Docker images from source code. S2I produces ready-to-run images by injecting source code into a Docker container and letting ...

Tue 19 Dec 2017, 23:00

Ingvar Hagelund

12 days of Varnish

While Varnish is most famous for its speedy caching capabilities, it is also a general swiss army knife of web serving. In the spirit of Christmas, here’s Twelve Days of Varnish Cache, or at least, twelve Varnish use cases. Read the rest of this post on Redpill Linpro’s Sysadvent calendar.

by ingvar at Tue 19 Dec 2017, 22:24

18 December 2017

Redpill Linpro Sysadvent

12 days of Varnish

While Varnish is most famous for its speedy caching capabilities, it is also a general swiss army knife of web serving. In the spirit of Christmas, here’s Twelve Days of Varnish Cache, or at least, twelve use cases.

...

Mon 18 Dec 2017, 23:00

17 December 2017

Redpill Linpro Sysadvent

Investigating performance problems through snapshot logging

So, the database is slow - why?

There can be several reasons for this. Perhaps a few very heavy queries are bogging down the database. In this case, you’d typically set up slow query logging and find them in the slow.log. However, sometimes the reason is simply lots of ...

Sun 17 Dec 2017, 23:00

16 December 2017

Redpill Linpro Sysadvent

Threat intelligence: Sharing is caring

In today’s threat landscape, with botnets, ransomware, and unpatched and unprotected IoT toasters and garbage bins in every home, the ability to quickly and easily identify suspicious activities and artifacts is probably more important than ever before. If your company’s web server is being probed from a particularly malicious IP ...

Sat 16 Dec 2017, 23:00

15 December 2017

Redpill Linpro Sysadvent

A different approach to log rotation

Logrotation is a key for running a stable server, but removing log files is often an anathema to security, traceability, and server history. In reality, you want a perfect rotation setup in order to maximise the retention of logs.

Instead of trying to continuously trying to balance the number of ...

Fri 15 Dec 2017, 23:00

14 December 2017

Redpill Linpro Sysadvent

Using Let's Encrypt with OpenShift

When installing OpenShift, the default certificates that are being installed are self-certified. Although this gives you functional encryption, this is in no way best practice and is especially annoying for the route being exposed for the Hawkular metrics, which is integrated within the Web console.

Luckily there is a ...

Thu 14 Dec 2017, 23:00

13 December 2017

Redpill Linpro Sysadvent

Using ssh_config(5) and FoxyProxy for fun and profit

The other day, as I just had updated my workstation to Fedora 27, I realized maybe the Include statement in ssh_config(5) had been implemented. And indeed it had.

So it’s time to reorganize my ssh-config-generate script, FoxyProxy browser plugin for tunneling web traffic through ssh, and maybe even setting up ...

Wed 13 Dec 2017, 23:00

12 December 2017

Redpill Linpro Sysadvent

iPXE and automated provisioning

Provisioning of new servers can be a daunting experience. Back in days it meant booting the machine with a CD or a DVD and doing manual choices. Automation of the installation process makes the process faster and less prone to human errors.

Network installation helps the process, but you still ...

Tue 12 Dec 2017, 23:00

11 December 2017

Redpill Linpro Sysadvent

Care and feeding of SMTP honeypots

In parallel with an SSH/telnet honeypot, I’m also running an SMTP honeypot using INetSim. The SMTP honeypot is only one of many functions of INetSim; this article will cover the SMTP component only.

The SMTP part of INetSim has been configured with the following settings in inetsim.conf:

Mon 11 Dec 2017, 23:00

10 December 2017

Redpill Linpro Sysadvent

Allow backup sysadmins to gain access through a "Break the Glass"-solution

I want backup sysadmins to have login access to some systems, with said access rarely (if ever) used. To prevent abuse I’d like strong audit logging, logging that stands out from the rest of all the logging, logging that cannot be tampered with, and that can easily be followed up ...

Sun 10 Dec 2017, 23:00

09 December 2017

Redpill Linpro Sysadvent

Running Jekyll with Docker and OpenShift

OpenShift is currently en vogue in the company. The ease of use and scaleability found in a container based system allows us to automate the build and deployment steps of containers through software like Kubernetes/OpenShift.

Jekyll

We have visited Jekyll in several previous blog posts. Our techblog and ...

Sat 09 Dec 2017, 23:00

08 December 2017

Redpill Linpro Sysadvent

A quick look at Thruk

Thruk comes natively with Naemon, and is a free and open source full drop in replacement web interface for Nagios, Icinga and Shinken. These are flexible tools for alerting us when something goes horribly wrong, and Thruk adds a few tricks for even better monitoring.

With this blog ...

Fri 08 Dec 2017, 23:00

07 December 2017

Redpill Linpro Sysadvent

Reduce disk bloat in PostgreSQL

Lately I have been working a bit with the monitoring platform Zabbix, and the instance in question is backed by the

Thu 07 Dec 2017, 23:00

06 December 2017

Redpill Linpro Sysadvent

fail2ban: To SSH and beyond

fail2ban is one of several tools designed to protect other services by blocking unwanted and possibly repeating activities. Its most common use case is probably protecting the SSH server from bruteforce attacks, where repeatedly failed login attempts will be generously rewarded with an iptables firewall ban or some other variant ...

Wed 06 Dec 2017, 23:00

05 December 2017

Redpill Linpro Sysadvent

Getting started with OpenShift – The OpenShift all-in-one cluster

OpenShift Container Platform (OCP) builds on Docker for container-technology and Kubernetes for orchestration of those containers. OpenShift solves the network annoyances in Kubernetes and adds features like authentication and authorization, multi-tenancy, source-to-image (S2I) and templating of applications.

To easily get started with OpenShift development, the OpenShift client (oc) ...

Tue 05 Dec 2017, 23:00

04 December 2017

Redpill Linpro Sysadvent

Fast and dirty RPMs

Everything was ready. The deploy should have been clean and fast. But then, the developers had added just another language module. Not a big thing, just something you could have pulled ...

Mon 04 Dec 2017, 23:00

03 December 2017

Redpill Linpro Sysadvent

Everyday Docker

The first time I successfully fired up a container I was pretty excited with the potential this tool had to make a lot of everyday tasks much easier. For example when I had a colleague ask for package xyz from EPEL/PPA made available from our internal mirrors, I could just ...

Sun 03 Dec 2017, 23:00

02 December 2017

Redpill Linpro Sysadvent

Varnish and misbehaving application servers

Sometimes you come across problems with websites that normal configuration does not address usefully. A case in point was a PHP-based application that from time to time returned a 302 to a login page instead of the front page, which is not optimal when you serve news articles.

Our solution ...

Sat 02 Dec 2017, 23:00

01 December 2017

Redpill Linpro Sysadvent

Using Ansible to change root passwords

While dropping root account passwords completely in favour of sudo is an option in many cases, we prefer keeping root passwords around for when we need direct console access. We keep these passwords in an encrypted password-store (we will write about this in a later blog post this season), and ...

Fri 01 Dec 2017, 23:00