Fedora Core rescue and umount /mnt/sysimage

April 20th, 2006

Today, I was trying to resize a logical volume of one of my systems running Fedora Core 5, configured with two LVM volumes (one for the root filesystem and another one for swap) on top of a software RAID-0. Since the volume I wanted to shrink holds the root filesystem, I had to boot from the Fedora Core 5 rescue CD in order to reduce the filesystem (ext2online didn’t allow me to reduce the filesystem on the fly), then reducing the volume itself.

Thus, I booted from the Fedora Core 5 DVD by entering linux rescue at the syslinux prompt, then choosed English for both the system language and keyboard layout. Since I was lazy, and didn’t want to manually set up the RAID disks and search for LVM volumes, I told Anaconda to scan the system for a Linux installation and mount it read-only under /mnt/sysimage.

What I didn’t know is that Anaconda also spawns up /mnt/sysimage/usr/bin/bash as the shell (instead of /bin/bash which is the one I expected), appends /mnt/sysimage/bin:/mnt/sysimage/sbin:\
/mnt/sysimage/usr/bin:/mnt/sysimage/usr/sbin:\
/mnt/usr/X11R6/bin to PATH and appends /mnt/sysimage/lib:/mnt/sysimage/usr/lib to LD_LIBRARY_PATH. So, when I tried to umount /mnt/sysimage it failed with a Device or resource busy error message:

# umount /mnt/sysimage/boot
# umount /mnt/sysimage/dev
# umount /mnt/sysimage/selinux
# umount /mnt/sysimage/sys
# umount /mnt/sysimage/proc
# umount /mnt/sysimage
umount: Device or resource busy

The solution was easy, however:

# exec /bin/bash
# umount /mnt/sysimage
# echo $?
0
Posted in Fedora, Linux | 11 Comments »

Automatic start-up for SSL-enabled instances of Fedora Directory Server

February 14th, 2006

Fedora Directory Server protects its internal, software-based, cryptographic repository with a PIN (passphrase).

When an instance of a Fedora Directory Server is configured for SSL/TLS support, by default, the start-up script interactively prompts for that PIN in order to unlock the private key. This can be a problem for automated system start-ups.

However, there is a way to configure Fedora Directory Server in such a way that the PIN is stored into a root-only readable configuration file. Thus, during start-up, the directory server instance can retrieve the PIN from that configuration file wihout asking it.

The PIN is stored into a file called:

/opt/fedora-ds/alias/slapd-[instance_name]-pin.txt

and should contain a single line with the following format:

Internal (Software) Token:[pin or passphrase]

For example, if the Fedora Directory Server instance is named "server1" and the PIN or passphrase needed to unlock the SSL/TLS private key is "secret":

# echo "Internal (Software) Token:secret" > \
   /opt/fedora-ds/alias/slapd-server1-pin.txt
Posted in Fedora, LDAP | 5 Comments »