Netinst Installation CD
My server dates back from the last millenium and is pushing a decade since its birth in 1999. A Pentium III 450 MHz, it's done its share of work but presses on. Even if it doesn't have a DVD drive. I needed a way to install by CD, and rather than downloading the entire 6-volume set, I learned that new to Fedora 9 is a "netinst" disc image that replaces boot.iso, rescue.iso, and diskboot.img and provides "everything the user needs to install a system over the network."
It serves as a small disc that contains just enough to run the installer, download the files for an installation, and even rescue a system. One just needs to remember to point the URL to the official Fedora 9 release rpms, such as
http://mirrors.kernel.org/fedora/releases/9/Fedora/i386/os, or of course to a local repository of mirrored Fedora files.
During the upgrade, my internet connection went down, and the netinst install failed at the final file. Not to fear. A retry completed the upgrade, and Fedora 9 came to life on my server.
Web Server Down!
A quirk from the initial release of Fedora 9 is that the httpd Apache web server failed to start on several of my machines. Apparently some libphp module couldn't be found, and the server never started. Again, not to fear. A
sudo yum updateresuscitated httpd, and it started serving pages immediately.
While updating some CCF web files, I found that I couldn't commit my changes to the server. I got
can't open db activity permission denied
error messages when running svn commit commands. At first I thought that the permission bits had been misapplied, or perhaps files had been overwritten by a different user, but even setting permissions to 777 failed to permit commits.
Eventually I came across a solution on a Fedora forum that pointed to an SELinux context error. Apparently during the upgrade, the security labels got changed, flagging SELinux to prevent those files' usage. One workaround was to switch SELinux from "enforcing" to "permissive" mode via
sudo /usr/sbin/setenforce 0
Of course this change dramatically alters security just for Subversion. An alternative solution is to restore the context of the Subversion files. I saw "httpd_sys_content" several times in forums but didn't find the label to solve permission erros on my machine, so I left the server in permissive mode while making a file commit. One of the files that gets changed during a commit is
ls -ldZ /path/to/repos/db/current, I found that the file had been labeled to "unconfined_u:object_r:httpd_sys_content_rw_t".
That last bit was what flagged me that a similar "httpd_sys_content" label might work. Using
sudo chcon -R system_u:object_r:httpd_sys_content_rw_t /path/to/repos
sudo /usr/sbin/setenforce 1
I found that I could again commit files with SELinux in enforcing mode. Note that I used "system_u" rather than "unconfined_u" and that SELinux is still much of a mystery to me.
Fun with Fedora? or Fedora frustrations? As with most things Linux, how can there be one without the other?