Wednesday, December 4, 2013

SELinux & PostgreSQL PGDATA *not* in /var/lib/pgsql/data

I've been playing around with PostgreSQL for years but never used in professionally.  I use MySQL for pay but more on that later.  Both have default locations for the actual files that contain the data, etc. and these locations are already configured in SELinux so the RDBMS can start without issues.  But what about putting the data in a location other than the default?  I tried this and the database manager would not start because of permissions violations.  I did a lot of research and it took a long time but I could never find everything I needed in one place.  For a while I just turned SELinux off so I didn't have to worry about it but in this world of security consciousness that is not a good answer.

Please remember that all the commands must be run as root.  I use sudo either on a per-command basis or using the -i option which does the same thing as su -.

First, add PGDATA & PGLOG to /etc/sysconfig/pgsql/postgresql using your favorite editor.  I use vi because I've been using it for over 20 years...  (Yes, I've been doing this for a while.)  I use the following for my database location with /db being a separate filesystem:

Now add the contexts to SELinux. The documentation says to use semanage to update the file /etc/selinux/targeted/contexts/files/file_contexts.local but does not say how to do it, so I manually edit the file. Add lines to the file with the new paths like these (I'm using the example above):
    /db/pgsql(/.*)?                  system_u:object_r:postgresql_db_t:s0
    /db/pgsql/data(/.*)?             system_u:object_r:postgresql_db_t:s0
    /db/pgsql/logfile(/.*)?          system_u:object_r:postgresql_log_t:s0
    /db/pgsql/pgstartup\.log.*       system_u:object_r:postgresql_log_t:s0
Before executing service, make sure the paths exist and are owned by postgres:
    ls -ld /db/pgsql /db/pgsql/data
it should look like
    drwxr-xr-x.  3  postgres postgres  4096 Nov  6  11:29  /db/pgsql
    drwx------. 12  postgres postgres  4096 Nov  6  11:30  /db/pgsql/data
Now initialize the database
    service postgresql initdb
if it doesn't show
    Initializing database:                                  [OK]
The something has gone wrong. If it hasn't, start the Postgres service:
    service postgresql start
which should show
    Starting postgresql service:                            [OK]
To make PostgreSQL start up on boot, execute the following command:
    chconfig postgresql on
The default runlevels for PostgreSQL are 2, 3, 4, and 5 which are the multi-user levels.

Some of the commands may behave differently on other Linux systems. I use CentOS and Fedora and they work reasonably well there.

Saturday, March 9, 2013

The move to digital only publication and Upgrading Fedora, Part III (a)

I'm taking the bus to work for the time being and it gives me time to read, so I'm catching up on my subscription to Linux Journal, which has been all digital for about 2 years.  I used to subscribe to the paper (or dead-tree) edition but when I realized I wasn't even reading it I gave up and let my subscription lapse.  Then I received an e-mail from the magazine with a link for a free copy in any (or all) of several different formats.  I don't like reading long documents in PDF format because it takes too long on my laptop and the files don't look right on my e-book reader (an Aluratek Libre eBook Reader Pro).  I also passed on some of the other formats because they were hardware specific (Kindle, etc.) but the two I noticed were Mobi and ePub.  Both were supported on my e-book reader so I downloaded the ePub and gave it a try.  I was hooked.  I pulled my credit card out of my wallet and subscribed, specifying the the ePub as my desired default.

Several issues later the publisher of Linux Journal, Belltown Media, Inc.,  announced that they were no longer going to publish the paper edition, stating cost reasons.  It didn't bother me because I had grown to like the digital edition.  Other magazines have gone to digital only publication but they only offer HTML, PDF, and proprietary formats.  I'll pass on them until they follow Belltown Media's lead in offering in Mobi and ePub.  The three I would like to see in these formats are Linux User & Developer, Linux Format, and Linux Magazine (Pro).  They only offer HTML and PDF, and they are expensive because they are all UK publishers and the exchange rate makes the subscription about USD $75 per year.

As more magazine publishers look at the increased cost of paper and the demands of physical publications they are faced with the choice of switch to digital only or shut down and lay off all their staff.  The letters to Linux Journal are many and varied.  Some readers welcome the switch, others state they will never renew their subscriptions until a print on demand option is offered.  I prefer digital because I can store more issues that way and they don't clutter up the house.  When I closed down my storage locker several years ago I dumped a lot of computer magazines in the recycle bin.  I ended up filling it five times before they were all gone.  I don't miss them because most of them have archive DVDs of all the back issues (in HTML and PDF format) so I can go back when I want...  When I shell out the $$ for the discs.  One that I can is Byte because it went under before they could make digital copies of their issues.  But if I want to read the Chaos Manner columns I can just ask the author since he regularly attends the LASFS meetings.


I'm writing this entry on my backup laptop while I backup the hard-drive on my main laptop, before upgrading to Fedora 16.  Because of the issue with Qt on the older laptop I'm going to remove all the packages before starting the upgrade process.  The backup should take another couple of hours and the upgrade several more.  I report on the status later.



Linux Journal:
Linux User & Developer:
Linux Format:
Linux Pro Magazine:
E-Book Reader: Aluratek Libre E-Book Reader Pro

Wednesday, March 6, 2013

Upgrading Fedora, Part II

The upgrade from Fedora 14 to 15 on my primary laptop was successful.  However, I do not like Gnome Shell.  The alternative, Classic Gnome with Compiz, really is the classic desktop.  It's not even close.  It's about as much like the old desktop as Hawaiian Gardens, CA is a Hawaiin garden.  Trust me, I've been there.

I decided to upgrade to Fedora 16 on the older laptop and nearly lost everything.  It's a good thing I made a backup before the upgrade.  Everything went well until it was time to install the upgraded packages.  There must have been a problem with one of the Qt library packages because it failed to install.  I restored from backup and tried again, and it failed again.  The second time I restored from backup the boot sector didn't get created correctly and grub failed to start up because it couldn't find a file.  I restored from backup again but the boot sector still have issues.  I did a Google search to find a solution and tried every one I found with no success.  I was about to give up when I remembered something from the Microsoft Windows world.  When a Windows system is horribly trashed you can re-install the OS and it will only overwrite the boot sector, system binaries, and configuration files.  But not all the configuration files.  I didn't have a Fedora 15 install disk so I had to download an ISO image on my primary laptop and burn it to disk.  I started it up on the older computer and hoped for the best.  Luckily there was an option to write a new boot sector based on the targets grub configuration.  After that finished I restarted and it worked.  I was back in business.

When the laptop rebooted I made a backup of the hard drive and then restored it to make sure it worked.  It booted up without a problem.  Not the next task was to remove all of the Qt libraries and anything that depended on them.  I really wasn't using them so it didn't matter.  When I was certain I had removed anything that would break the upgrade, I made yet another backup, this with a different name so I could preserve the older one just in case.

The upgrade went a lot smoother this time.  It was still slow because the machine is old but it booted with no problems.  I verified that my user directory was still in place and all the files were there, since I needed this computer for an upcoming convention (Gallifrey One).  The computer worked flawlessly as the charity auction check-in system.

As a precaution, I've removed all of the Qt libraries on my main laptop so I don't have the same problem as I did before.  I never go around to doing the upgrade.  Maybe this weekend.