Monthly Archives: April 2016

Upgrade from Ubuntu Desktop 14.04 LTS to 16.04 LTS (KDE desktop)

I just upgraded from Ubuntu Desktop 14.04 LTS to 16.04 LTS. It worked without major problems and didn't take a long time. I am not using the Kubuntu distribution, only the native Ubuntu Desktop version. You can still use KDE as the standard desktop. Here are some notes:

- "do-release-upgrade" didn't work for some reason. It just showed "No new release found". I had to use "do-release-upgrade -p".

- Versions:

  • Kernel 4.4.0-21
  • KDE Framework 5.18.0
  • libvirt 1.3.1
  • virt-manager 1.3.2
  • MySQL 5.7.12
  • Apache 2.4.18
  • ClamAV 0.99
  • OpenSSL 1.0.2g-fips
  • OpenSSH 7.2p2
  • Bacula 7.0.5

- No problems upgrading LVM root partition on LUKS encrypted disk partition.

- Virtual Machine Manager now supports snapshots and cache modes "directsync" and "unsafe" for disk devices. Some options are missing though, like cpu pinning.

- KDE did not work after upgrading and rebooting. I had to install the meta package "kubuntu-desktop" manually, which pulls in all necessary dependencies to run KDE as the standard desktop manager. The display manager "kdm" is now replaced by "sddm", which works great. So the "kdm" package is missing now and no longer part of the default repositories.

You can change the default display manager by editing /etc/X11/default-display-manager or by running "dpkg-reconfigure sddm".

- KDE desktop theme Breeze looks very nice. Take a look here:
http://kde-look.org/content/show.php/Elegant+Breeze?content=166630

- Upstart has been replaced by systemd. Make sure to know some basics about the command line interface "systemctl" before upgrading in case there are problems during the upgrade process.

Typing "systemctl<tab><tab> gives you a list of command line options. Just typing "systemctl" lists all services. The column "SUB" shows you if the service is running or not.

With the switch to systemd, consolekit is no longer required. kubuntu-desktop depends on either systemd or consolekit. As systemd is installed now, you can safely delete all consolekit packages, especially if the package is no longer supported by Ubuntu anyway (e.g. consolekit, libck-connector0). 

- ZFS is part of the standard repositories. You do not have to add any 3rd party repository to try it out.

- Bacula client (bacula-fd 7.0.5) is not compatible with previous version of Bacula server (bacula-director/bacula-sd 5.2.6) on Ubuntu 14.04. Checking the status of the client works in bacula director, but running a job on bacula-fd in debug mode (bacula-fd -c /etc/bacula/bacula-fd.conf -f -d 100) shows the following output:

bacula-fd: job.c:1855-0 StorageCmd: storage address=x.x.x.x port=9103 ssl=0
bacula-fd: bsock.c:208-0 Current x.x.x.x:9103 All x.x.x.x:9103
bacula-fd: bsock.c:137-0 who=Storage daemon host=x.x.x.x port=9103
bacula-fd: bsock.c:310-0 OK connected to server Storage daemon x.x.x.x:9103.
bacula-fd: authenticate.c:237-0 Send to SD: Hello Bacula SD: Start Job bacula-data.2016-05-29_07.53.26_05 5
bacula-fd: authenticate.c:240-0 ==== respond to SD challenge
bacula-fd: cram-md5.c:119-0 cram-get received: authenticate.c:79 Bad Hello command from Director at client: Hello Bacula SD: Start Job bacula-data.2016-05-29_07.53.26_05 5
bacula-fd: cram-md5.c:124-0 Cannot scan received response to challenge: authenticate.c:79 Bad Hello command from Director at client: Hello Bacula SD: Start Job bacula-data.2016-05-29_07.53.26_05 5
bacula-fd: authenticate.c:247-0 cram_respond failed for SD: Storage daemon

It is however quite simple to download and compile the latest 5.2.x version of bacula (5.2.13):

  • systemctl stop bacula-fd
  • Install packages required for building bacula client from source:
    apt-get install build-essentials libssl-dev
  • Download bacula-5.2.13.tar.gz and bacula-5.2.13.tar.gz.sig from https://sourceforge.net/projects/bacula/files/bacula/5.2.13/
  • Import Bacula Distribution Verification Key and check key fingerprint (fingerprint for my downloaded Bacula key is 2CA9 F510 CA5C CAF6 1AB5  29F5 9E98 BF32 10A7 92AD):
    gpg --recv-keys 10A792AD
    gpg --fingerprint -k 10A792AD
  • Check signature of downloaded files:
    gpg --verify bacula-5.2.13.tar.gz.sig 
  • tar -xzvf bacula-5.2.13.tar.gz
  • cd bacula-5.2.13
  • ./configure --prefix=/usr/local --enable-client-only --disable-build-dird --disable-build-stored --with-openssl --with-pid-dir=/var/run/bacula
  • check output of previous configure command
  • make && make install
  • check output of previous command for any errors
  • create new file /etc/ld.so.conf.d/local.conf:
    /usr/local/lib
  • ldconfig
  • edit file /etc/init.d/bacula-fd and change variable DAEMON:
    DAEMON=/usr/local/sbin/bacula-fd
  • systemctl daemon-reload
  • systemctl start bacula-fd

- I experienced a problem with the ntp service. "systemctl start ntp" did not show any error messages, but the ntp service was not running afterwards. There were no suspicious entries in the log files. I had to remove / purge the "upstart" package and then reinstall the package "ntp" to make it work again. ntp does still use the old init-script under "/etc/init.d". Starting the service with the init-script did work, but using "service ntp start" or "systemctl start ntp" did not start the ntp process. It did not even try to run the init-script in "/etc/init.d". Not sure what the real cause for the problem was, but as I said removing upstart and reinstalling ntp fixed the problem.

- Changes in configuration files or software features:

  • New default for /etc/ssh/sshd_config / permit_root_login: "yes" -> "prohibit-password"
    With this default setting, root is no longer able to login to SSH with username/password.
  • chkrootkit is trying to run "ssh -G" which is not working without a hostname (false positive, ignore): 
    "Searching for Linux/Ebury - Operation Windigo ssh...        Possible Linux/Ebury - Operation Windigo installetd"
  • "dpkg-log-summary" shows a history of recent package installations (install, update, remove) 

 - Post-installation task: Remove all packages that you don't need or which are no longer supported by Ubuntu: 

ubuntu-support-status --show-unsupported
  • upstart packages (upstart, libupstart1)
  • unity
  • ubuntu-desktop
  • lightdm
  • anacron (if running Ubuntu on a 24x7 installation)
  • bluez, bluedevil (if you don't need bluetooth)
Share

Squid performance

If there are only low cache hit rates, you can disable disk caching completely. Comment all cache_dir entries in squid.conf:

# cache_dir ...

Check with "squidclient mgr:info":
...
0 on-disk objects

(Why running squid without disk caching? See one of my next posts.)

 

Enable SMP mode and set CPU affinity, e.g. if you have 2 CPU cores:

workers 2
cpu_affinity_map process_numbers=1,2 cores=1,2

Check with "ps aux | grep squid":
root 21107 0.0 0.5 344768 5196 ? Ss Apr16 0:00 /usr/sbin/squid3 -YC -f /etc/squid3/squid.conf
proxy 21110 0.0 2.3 384584 24060 ? S Apr16 0:04 (squid-coord-3) -YC -f /etc/squid3/squid.conf
proxy 21111 0.0 2.5 387348 26536 ? S Apr16 0:13 (squid-2) -YC -f /etc/squid3/squid.conf
proxy 21112 0.2 3.2 391764 33024 ? S Apr16 2:06 (squid-1) -YC -f /etc/squid3/squid.conf

Notice the new worker processes "squid-1"  and "squid-2", and the new io process "squid-coord-3".

 

Share

Disk configuration for VM guests in KVM / qemu

For KVM / qemu virtualization there are 2 settings to optimize performance for the virtual disks within the VM guest:

Cache mode
IO mode

In VMM (Virtual Machine Manager) if you create a new VM guest these are both set to "default". For newer versions of KVM / qemu this default seems to be:

Cache mode: writeback
IO mode: threads

The preferred configuration for both settings depends on the kind of storage you use for guest disk images:

Disk file (e.g. qcow2-file on an ext4 partition):
Cache mode: writeback
IO mode: threads

Block device (e.g. logical volume):
Cache mode: writethrough
IO mode: native

These settings are just a rough starting point. Because there are many layers of disk io and caching involved (guest application, guest fs / kernel, host fs / kernel, raid controller, hard drive cache, etc.) every installation is different and it is therefore almost impossible to give a general rule of thumb. You need to experiment yourself to find the best combination.

Share