The Perfect Server - Gentoo 2007.0 - Page 3

Want to support HowtoForge? Become a subscriber!
 
Submitted by rachel (Contact Author) (Forums) on Sat, 2007-09-22 02:22. ::

4 Getting up to date

Welcome back to those who followed the Gentoo Handbook to install the base system.

4.1 Logging into the new system

ssh root@server1.example.com

You're probably seeing something like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
13:13:39:99:9b:ea:81:72:2c:20:d2:f5:d2:0f:bd:ac.
Please contact your system administrator.
Add correct host key in /home/rachel/.ssh/known_hosts to get rid of this message.
Offending key in /home/rachel/.ssh/known_hosts:23
RSA host key for server1.example.com has changed and you have requested strict checking.
Host key verification failed.

That's because the installed system has generated its own hostkeys which aren't the same as that of the installation system. You just need to remove the host key from your local ssh. For pretty much any unix this should work:

vi ~/.ssh/known_hosts
/server1.example.com
dd:x

Now we're logged in as root on our new basic Gentoo system.

Check that your hostname is configured properly:

hostname -f

It should be returning your fully-qualified domain name, eg, server1.example.com.

4.2 Optional: Install all the software in one go

By its nature, Gentoo takes a relatively long time to install new software, compared to binary distributions. This can be frustrating when following a howto like this, as you find yourself entering a few commands and then having to twiddle your thumbs while something and its dependencies build from scratch; repeat ad nauseum. You've already had to do it if you've followed these instructions for the base install.

For this reason I've collected together the commands to do the initial software build here of everything used in the Perfect Setup configuration, so you can do all that in one go. Unlike some distributions, Gentoo does not automatically start new services, or install them in runlevels, or do any post-configuration that needs user input, so we can set it off building all the software and then come back later and do the configuration on them.

If you want to do it this way, just enter the script below now. (You can just copy and paste it to your bash commandline). Then, as you're going through the rest of the howto, skip the commands that are given in bold.

# Uninstalling ssmtp
emerge --unmerge ssmtp
# Setting postfix as the default MTA
mkdir -p /etc/portage/profile
echo 'virtual/mta mail-mta/postfix' >> /etc/portage/profile/virtuals
# Setting USE flags
echo 'USE="apache2 bzip2 idn jpeg png tiff tk truetype xml"' >> /etc/make.conf
echo 'LINGUAS="en"' >> /etc/make.conf
echo 'net-dns/bind resolvconf' >> /etc/portage/package.use
echo 'mail-mta/postfix sasl' >> /etc/portage/package.use
echo 'dev-libs/cyrus-sasl authdaemond urandom' >> /etc/portage/package.use
echo 'net-mail/courier-imap fam' >> /etc/portage/package.use
echo 'www-servers/apache doc mpm-prefork' >> /etc/portage/package.use
echo 'dev-lang/php bcmath bzip2 calendar ctype curl exif filter ftp gd hash imap json mhash mysql mysqli pcntl pdo posix sharedmem simplexml snmp soap sockets spell sqlite tidy tokenizer wddx xmlreader xmlrpc xmlwriter xsl zip' >> /etc/portage/package.use
echo 'net-ftp/proftpd -ipv6' >> /etc/portage/package.use
# Unmasking packages
echo 'dev-php5/pecl-imagick ~*' >> /etc/portage/package.keywords
echo 'dev-php5/pecl-memcache ~*' >> /etc/portage/package.keywords
echo 'dev-libs/pslib ~*' >> /etc/portage/package.keywords
echo 'dev-php5/pecl-ps ~*' >> /etc/portage/package.keywords
# Adding packages to the world file
echo 'app-admin/sudo' >> /var/lib/portage/world
echo 'app-admin/webalizer' >> /var/lib/portage/world
echo 'app-arch/unzip' >> /var/lib/portage/world
echo 'app-arch/zip' >> /var/lib/portage/world
echo 'app-editors/vim' >> /var/lib/portage/world
echo 'app-portage/gentoolkit' >> /var/lib/portage/world
echo 'dev-db/mysql' >> /var/lib/portage/world
echo 'dev-lang/php' >> /var/lib/portage/world
echo 'dev-php/PEAR-PEAR' >> /var/lib/portage/world
echo 'dev-php5/pecl-imagick' >> /var/lib/portage/world
echo 'dev-php5/pecl-memcache' >> /var/lib/portage/world
echo 'dev-php5/pecl-ps' >> /var/lib/portage/world
echo 'dev-tcltk/expect' >> /var/lib/portage/world
echo 'mail-filter/procmail' >> /var/lib/portage/world
echo 'mail-mta/postfix' >> /var/lib/portage/world
echo 'net-dns/bind' >> /var/lib/portage/world
echo 'net-ftp/ncftp' >> /var/lib/portage/world
echo 'net-ftp/proftpd' >> /var/lib/portage/world
echo 'net-mail/courier-imap' >> /var/lib/portage/world
echo 'net-mail/fetchmail' >> /var/lib/portage/world
echo 'net-misc/netkit-telnetd' >> /var/lib/portage/world
echo 'net-misc/ntp' >> /var/lib/portage/world
echo 'sys-fs/quota' >> /var/lib/portage/world
echo 'www-servers/apache' >> /var/lib/portage/world

Paste this in too if you intend to run ISPConfig:

echo 'dev-db/mysql latin1' >> /etc/portage/package.use
echo 'app-shells/smrsh' >> /var/lib/portage/world
echo 'dev-perl/HTML-Parser' >> /var/lib/portage/world
echo 'dev-perl/Net-DNS' >> /var/lib/portage/world
echo 'net-firewall/iptables' >> /var/lib/portage/world
echo 'virtual/perl-DB_File' >> /var/lib/portage/world

And paste this in if you need to run some X applications remotely (eg: VMWare Tools vmware-toolbox dialogue, and fetchmailconf).

echo 'x11-apps/xauth' >> /var/lib/portage/world
echo 'x11-libs/libXi' >> /var/lib/portage/world

Update portage now, as the new version of portage is the one that supports the behaviour we're exploiting.

In fact, even if you skip this step, it will do it right later when we do the full update, as it will install portage first, then stop and restart itself with the new version. But you won't get an accurate list of what's going to happen if you use --ask as the later example does. So this step is really for the avoidance of confusion.

emerge --ask --verbose --newuse portage

Afterwards it will warn you that some configuration files have been changed, and invite you to approve those changes.

Just upgraded portage

dispatch-conf

>> q quit, h help, n next, e edit-new, z zap-new, u use-new
   m merge, t toggle-merge, l look-merge: 

As all we've done here is to update portage itself, you should be able to just accept all the changes by selecting u for each file it offers you.

4.3 The first update

We did an emerge --sync during installation, so we probably don't need to do another one right away, so let's go immediately to the update.

We want to set some global USE flags. For the most part I've tried to avoid this in favour of package-specific flags, but we do need a few global ones. Or it makes things simpler anyway. Remember, if you carried out the optional step 4.2 above, you don't need to enter the commands that follow that are shown in boldface. Just take them as explanatory.

grep USE /etc/make.conf

If there's already a USE variable set up in this file, you need to edit the file and make sure the following flags are added to it. If there isn't, just run this command:

echo 'USE="apache2 bzip2 idn jpeg png tiff tk truetype xml"' >> /etc/make.conf

And now we can actually perform the update.

emerge --ask --verbose --newuse --deep world

The --ask --verbose will list what packages it's going to install or upgrade, with their selected USE flags. They're completely optional, they're just to let you see what you're about to do before you do it. The --newuse --deep says to rebuild anything whose USE flags have changed, as well as anything that's out of date. (--deep indicates you want to upgrade everything, including dependencies, rather than just your primary packages.)

When you press Return (or type Yes) it will bring your system up to date. This will probably take some time.

If you followed step 4.2, to set up the complete Perfect Setup software build in advance, all the Perfect Setup software and its dependencies will now be downloaded, compiled and installed as well as the due updates to the basic system; somewhere between 150 and 190 packages in total will be either built afresh or rebuilt. Portage will complain that you changed its world file manually, but it will get on and make the system the way the world file specifies; ie: installing the new software. Go out for dinner or catch a movie; or go to bed. This is going to take a while.

When that finally finishes you'll see something like this:

Done big update

dispatch-conf

For each configuration file that's changed you'll be shown the differences, and given these options:

>> q quit, h help, n next, e edit-new, z zap-new, u use-new
   m merge, t toggle-merge, l look-merge: 

As this is a brand new system you probably want to just accept the changes for most of them (by hitting u for "use new". Those that you want to keep as they are, hit z for "zap new". These are likely to be, because we edited them earlier:

  • /etc/conf.d/clock
  • /etc/conf.d/hostname
  • /etc/conf.d/keymaps

When you do use --deep in a Gentoo upgrade, it's good practice to do this afterwards:

revdep-rebuild

You probably don't need to at this stage, or in fact in most instances, but it's worth being introduced to it. What it does is to make sure that the software that's installed on your system is still binary-compatible with the libraries on which it depends, and if it isn't, re-installs it (which, naturally, rebuilds it against the new version of the library). You generally only need to do this when an important library goes up a major version number. Sometimes portage will prompt you to do so anyway for a specific library. You can give this command a package identifier and it will, if necessary, rebuild everything that depends on it; hence it's name, which is short for "reverse-dependency rebuild". On its own it will just check everything. (There's probably no equivalent to this in binary distributions as updates for a given release tend not to encompass any libraries upgrading to a version which breaks binary compatibility with its dependents. Instead older versions are patched as necessary and the new versions which would break binary compatibility are held back until the next major release.)

As this is a pretty big update I'm going to reboot now just to make sure everything's still OK. This is basically optional though. If you're not rebooting, type,

source /etc/profile

This is to take account of any environment changes. Among these is almost certainly a gcc upgrade.

And as openssh got upgraded,

/etc/init.d/sshd restart

For the rest of you, see you after the reboot.

4.4 VMWare Tools

Offtopic, but likely needed, and non-obvious

To install VMWare Tools in Gentoo, you now need to recompile the kernel (as the VMWare Tools installer will complain if the current kernel was built on an earlier version of gcc than the system now has, and gcc has just been upgraded).

The genkernel options will ensure that everything is recompiled, but the previous kernel configuration is retained, in case you've made any other changes earlier.

genkernel --clean --no-mrproper all
reboot

When it comes up again, do the following if you're using VMWare Workstation:

emerge --ask --verbose vmware-workstation-tools

This will prompt you further. If you're running another version of VMWare, like VMWare Server or VMWare Fusion, just do the following:

mkdir /etc/init.d/rc{0,1,2,3,4,5,6}.d

In the latter case, when asked, your init scripts are in /etc/init.d and your rc0.d to rc6.d directories are also in /etc/init.d. The VMWare Tools installer will detect and offer these as the defaults. The rcn.d directories won't do anything, they're just there because the VMWare installer wants them. You can remove them afterwards.

Select Install VMWare Tools in VMWare itself.

mount /dev/cdrom /mnt/cdrom
cd ~
tar --extract --verbose --gzip --file /mnt/cdrom/VM*.tar.gz

You need to run the VMWare Tools installer on the virtual machine's system console, not remotely. The installer itself will remind you of this if you ignore me. :-)


cd vmware-tools-distrib
./vmware-install.pl

And follow the prompts. It's known that at present, the vmhgfs and the vmxnet modules won't build, but everything else should be fine.

And set it to come up automatically on the next reboot.

rc-update add vmware-tools default

To use the VMWare Toolbox, you'll need to build some of its dependencies. It's an X11 application, so either you need a desktop environment on the box itself (which for Perfect Setup we probably don't) or you want to do the following:

vi /etc/ssh/sshd_config

Find the line containing "X11Forwarding" and ensure that it is uncommented and set to "yes".

/etc/init.d/sshd restart

And install the minimal X11 dependencies needed.

emerge --ask --verbose libXi xauth

Log in with X11 forwarding from your remote machine, and run it, and set what you need to set. There really is no other way to do needful things like synchronise to the host's RTC (very necessary on VMWare Server especially on AMD hosts) and to allow things like snapshots.

ssh -X root@server1.example.com
vmware-toolbox

You may want to reboot to make sure it all works.

update-modules force
reboot

4.5 Future, routine updates

The typical workflow is,

emerge --sync
emerge -avND world
# (short form of emerge --ask --verbose --newuse --deep world)

If the listed upgrades look sensible, press return to let it go ahead. You may be prompted at the end that configuration files have been updated, as above; in which case run,

dispatch-conf

And if prompted, or if in doubt,

revdep-rebuild

There's no harm beyond the time it takes in doing that when it's not necessary. It'll just think for a while and tell you there's nothing that needs reinstalling.

Remember to restart upgraded services afterwards. (Unlike Ubuntu and presumably Debian, it won't do it for you.)

It's sensible to do this about once a week, then changes come incrementally and bite-sized and are usually complete in a few minutes. Conversely, doing a long-overdue upgrade on a Gentoo system can be very painful. We've just done the equivalent of this above, in bringing the machine up to date from the most recent stage3 release, which as of first writing was some time ago. And this was from a brand-new, empty system. Imagine it when you have a number of services and users running.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.