x2go xfce

     With the exception of eskimo.com which is an old Sparc box with 64MB running SunOS 4.1.4, I checked all shell servers to make sure x2go and the xfce Desktop were working properly.

     I found several machines where x2go was not going full screen because of the wrong version of xrandr and corrected those.  They were Fedora, Scientific7, and OpenSuse.

     I found several machines with broken installations of xfce and corrected those, these were centos7, debian, and mxlinux.

NFS Changes

     I received an e-mail asking why Ubuntu was mounting NFS file systems with version 4.0 instead of 4.1, I responded I did not know and would need to research it.

     What I found was that actually version 4.2 is supported by most modern systems, and according to the manual the NFS client is supposed to negotiate the highest version mutually supported by the client and server but for some reason it will not do this.

     I found that if I added vers=4.2 to the mount options on machines which support it (the old centos6 machine does not with the stock kernel and is using 4.1 instead), then when the machine boots it will use that version.  This should not be necessary if things worked as documented but that is not the case.  Performance of version 4.2 is significantly better so changing this substantially improved the web server performance because it accesses it’s content via NFS.

 

Machine Checks Completed

  • debian.eskimo.com failed to remount /mail properly.
  • mint.eskimo.com failed to remount /mail properly.
  • scientific.eskimo.com failed to remount /home and /mail properly.
  • ubuntu.eskimo.com failed to remount /home, /mail, and /misc properly.
  • uucp.eskimo.com failed to remount /mail.

     All have been fixed.

Reboots Completed

     Reboots have been completed.  Often after a reboot of all servers there will be a handful that do not properly remount NFS partitions or bind to NIS servers properly.  Checking for these issues presently is a manual operation.  I am checking the machines for these issues now, otherwise things should be basically operational.

 

Mail SSL Fixed

     The issues with SSL on the mail server have been fixed.  It was caused by the new certificate ca-bundle file only having the intermediate files in it while last years had our site certificate followed by the intermediates.  I had to cat both files together into a third which made dovecot and postfix happy.  The web server was unaffected by this because it’s configuration includes both files so all of the necessary certificates were available to it.

 

Mail

     I am having problems with our new Comodo certificate.  It works fine with Apache web server but with the Dovecot mail server it is telling me the key does not match the cert but it does, I have verified this.

     I am thinking the software is too outdated and I am trying to build the new openssl and dovecot for this machine.  To put it mildly it is giving me fits.  If mail does not work, please try to use webmail https://www.eskimo.com/mail or login to a shell server and use alpine configured to talk to local spool.

     I am working hard to resolve this but running into numerous problems.  I want to get the latest openssl in place which has support for elliptical curve cryptography, this will become important as quantum computers become more robust and we learn how to program them.  But it will not find one of the shared libraries even though it is there and included in the path.  Argh!

     Anyway I’m working hard to resolve.

Mail Server

     I broke our client mail server trying to install new SSL certificates.  I do not know why yet but am restoring the previous configuration.  Unfortunately this needs to be resolved soon or our old certificate expires in a couple of days.  I am restoring the unbroken configuration from backup and then will try changing one thing at a time until I figure out what went wrong.