Document revision history
Click the “Details” toggle below for the revision history.
Details
-
1.2.1 — Reorganize installing updates and related text
-
1.2.0 — Minor release
-
1.1.8 — Add collapsible box for document revision history; further wording improvements in the End of security updates
-
1.1.7 — Fix when to use archive for editing /etc/apt/sources.list; correct date for end of support
-
1.1.6 — Add CAUTION about new packages when upgrading
-
1.1.5 — Add advice for removing insecure packages
-
1.1.4 — Fix non-root user ~/.ssh creation and ownership, make wording consistent for analogously prog
-
1.1.3 — Cleanup: Add NIC selection in rescue mode, recommend latest installer, consolidate boot menu NOTEs, clarify when UEFI doesn’t work, change bullets to solid, advise changing source.lst for install if no longer current release, update download package/MB count, wording fixes
-
1.1.2 — Include link to Debian CD archive
-
1.1.1 — Include admonition about additional network interfaces
-
1.1.0 — Minor release (refresh_spare_usr2 updated for CIS hardening elsewhere)
-
1.0.11 — Use
10.2.0
for FS tag -
1.0.10 — Fix referring to where RAID tools are used; other minor wording improvements
-
1.0.9 — Fix link for transferring FS install to FSL11
-
1.0.8 — Add revision history
-
1.0.7 — Add reference for transferring FS install to FSL11
-
1.0.6 — Update latest FS tag to
10.2.0-beta2
-
1.0.5 — Update end-of-support for current sources.list
-
1.0.4 — Refine pgperl wording
-
1.0.3 — Improve pgperl with pgplot warning
-
1.0.2 — Add pgplot version of pgperl; use
10.2.0-alpha3
tag -
1.0.1 — Use
10.2.0-alpha2
tag -
1.0.0 — Initial release
1. Introduction
These instructions provide a complete method for system installation and some tuning. They are not the only method for accomplishing these goals, but have been well tested. Experts can of course use their own means, but the farther they deviate from this model, the less support we will be able to provide.
The standard configuration uses a RAID1 system with removable disks. Normally, two disks would be in use at a given time. A third disk is used as a back-up and rotated into use periodically. More disks can be used for further redundancy. You can of course provide your own back-up method and can install the system to a single disk if you do not want to use the software RAID.
If you are using the RAID configuration, you may wish to review the Recommended practices subsection of the RAID notes for FSL11 document before installing. However, all of the practices listed there can be implemented after the installation steps below are complete.
Tip
|
Removable disks should be used with a carrier/receiver system that can tolerate a large number of insertions; “bare” disks should not be inserted repetitively. Two receivers would normally be mounted in the computer chassis. Each disk would be in its own carrier. We can provide a recommendation for a carrier/receiver system if you need one. |
Please note that for each step in this guide, we recommend you carefully read all the included caveats and notes as the material is not always logically sequential, i.e., instructions may proceed explanations that impact what you actually type.
FS Linux | Release Name | Debian Version | Linux kernel | Year |
---|---|---|---|---|
1 |
(Slackware) |
1.2.<x> |
1994 |
|
2 |
bo |
1.3.1 |
2.0.29 |
1997 |
3 |
hamm |
2.0 |
2.0.34 |
1998 |
slink |
2.1 |
2.0.36 |
1999 |
|
4 |
potato |
2.2 |
2.2.18 |
2000 |
5 |
woody |
3.0 |
2.2.20/2.4.18 |
2002 |
6 |
sarge |
3.1 |
2.4.27 |
2005 |
7 |
etch |
4.0 |
2.6.18 |
2007 |
8 |
lenny |
5.0 |
2.6.26 |
2009 |
squeeze |
6.0 |
2.6.32 |
||
9 |
wheezy |
7.0 |
3.2.0 |
2014 |
jessie |
8.0 |
3.16.0 |
||
10 |
stretch |
9.0 |
4.9.0 |
2020 |
buster |
10.0 |
4.19.0 |
||
11 |
bullseye |
11.0 |
5.10.0 |
2023 |
The FSL11 documents follow the FS font conventions, which can be found at: https://nvi-inc.github.io/fs/misc/font_conventions.html.
2. Choosing architecture and creating installation media
FSL11 can be configured for either the i386 or amd64
architectures. With FSL11 it is necessary to use Field System version
10.2 or later. Those FS versions support both architectures
natively, so either may be used. The amd64 architecture is preferred
and should be used if possible (it should be unless the processor is
very old, from about 2010 or older). However, some work may be
required to port your station code from a 32-bit to a 64-bit OS. An
automatic tool has been developed to help with this, and can be
provided upon request. Usually the i386 architecture will work on
any processor, but requires use of the Legacy
(or BIOS
) boot mode
in most cases. The amd64 installation media will fail to boot on a
system that is 32-bit only.
To install Debian 11, you can either use a DVD or USB drive. The latter is faster, and also easier if you wish to use UEFI. Directions for creating your installation media can be found online.
Note
|
Don’t be confused by the amd64 name, this architecture supports both AMD and Intel manufactured x86-64 processors. This includes CPU lines such as Ryzen, Epyc, Core, and Xeon. The naming scheme dates back to when Intel had a competing and incompatible 64-bit architecture ia64. |
You can install from a DVD drive, USB device, or over the network. Any revision of the 11.<x> installer should work fine. (Generally, pick the latest, i.e., largest <x>. If there are non-zero patch versions, <y>, for a given <x>, e.g., 11.<x>.<y>, pick the largest <y>.) Note also that installing from DVDs as described here is recommended mainly for sites with little to poor Internet connectivity (even then, use of a single DVD may suffice) and the equivalent use of a “Debian GNU/Linux 11.<x>.<y> Bullseye - Official i386/amd64 NETINST” CD would suffice for installation at most sites with good connectivity. Official images for the installer can be found at: https://cdimage.debian.org/cdimage/release/ (or at: https://cdimage.debian.org/cdimage/archive/ when no longer the current release). Alternatively, should your hardware require non-free firmware, unofficial images for the installer that also include all available non-free firmware can be found at: https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/
The details of creating your installation media can be found in the Debian installation guide available from: https://www.debian.org/releases/bullseye/installmanual
3. Motherboard setup
Caution
|
If you are installing to a virtual machine, make sure it is configured to have at least two cores. This is required for FS display server support. |
Note
|
Some hardware may require special procedures. For cases we know about, instructions are provided in top-level sub-directories of the repository, which is visible at https://github.com/nvi-inc/fsl11. In addition to special instructions, there may be needed software/drivers in the sub-directories. The following table lists the cases that are currently covered. Some of these solutions may be useful for other hardware with the same issues. If you have the listed hardware or issue, we recommend reading the instructions before beginning the installation.
|
Modern motherboards offer two forms of booting: native UEFI or BIOS emulation (“Legacy”). UEFI is the preferred approach. Either mode of boot is supported by this installation guide, and you will be given alternatives when the instructions differ.
Decide which boot mode you want to use and select it through the motherboard setup menu (typically by pressing Delete during the power-on self test, aka POST).
Make sure that the motherboard time is set to the current Coordinated Universal Time, i.e., UTC, and the motherboard can boot from the installation media.
While you are in the motherboard menu, make sure that hot-swapping is enabled for the controllers of both the primary and secondary disks. This is necessary for disk rotation and recoverable testing.
Tip
|
For UEFI, some motherboards may switch to booting to the UEFI
shell if they fail to find a hard disk that will boot. This might
happen, for example, if you attempt to boot from a blank disk. If you
become stuck booting to the UEFI shell, you may need to enter the
motherboard’s setup utility to restore booting from the hard disks.
The Boot menu may be where this is set. You may be able to disable
use of the UEFI Shell, which may eliminate this situation.
|
4. First stage installation
This guide assumes that you have only one disk installed in the machine initially even if you intend to use a RAID configuration. Use of a single disk (for a test install, etc.) is also annotated below.
Note
|
The single dish install approach is used because it is faster than a dual disk install. It also allows you to control when the syncing for the second disk occurs, such as when you leave for the evening. The setup of a second and third disk is covered in the Setup additional disks subsection below. |
-
Install your smallest disk in the primary slot (the one connected to the lowest numbered SATA controller, usually
0
.CautionFor the RAID to work seamlessly with other disks later, you must make sure that the smallest disk of the ones available is used for the installation.
4.1. Boot from the installation medium
-
Connect an active network cable to your lowest numbered interface (only). Usually it is on the left if there are two.
-
Insert/plug-in your installation media and reboot.
To boot from the installation media you may need to bring up your motherboard’s setup utility, which is typically accessed by pressing Delete during the POST. From there you may need to access a menu such as
Save & Exit
(orBoot
), to select overriding to boot with the installation media.TipIf the system was most recently booted from a hard disk, you may need to boot one time with no hard disk installed for the motherboard’s setup utility to recognize the USB drive as a valid boot override option. If the setup utility does not recognize the USB drive at all, it may be necessary to turn the power off, remove the USB drive, reinsert it, and then reboot. Making the USB the first boot device temporarily may be necessary.
4.2. Set boot options and boot installer
At the Installer boot menu
:
-
Highlight
Install
(orGraphical install
— only the installer interface differs — but this may not work on some video hardware)-
UEFI: press e, then ↓ three times (
vmlinuz
), then EndNoteIf e doesn’t work, UEFI is not available. This may also be apparent because the Installer
banner includesBIOS mode
. It may be possible to enable UEFI in the motherboard setup menu. -
BIOS: press Tab
-
-
To the end of the displayed command, add the additional options:
locale=en_US.UTF8 netcfg/disable_dhcp=true time/zone=UTC
NoteWhilst typing a
/
(slash) it may automatically be changed (escaped) to\/
(i.e. preceded by a backslash). This is normal behaviour and harmless.You may omit the
netcfg/disable_dhcp=true
if you want to use DHCP to configure the network settings of this machine, though this is not advised.You can additionally use
partman-partitioning/default_label=gpt
if you wish to force the use of a GPT partition table on a disk that is smaller than 2 GB, but beware - some older BIOS versions cannot handle GPT formatted disks.If you do not set a locale or set
locale=C
, you will be prompted to select your language and your country. However some applications may have problems if a UTF8 locale is not used. -
Press:
-
UEFI: F10
-
BIOS: Enter
The installer will now boot.
-
4.3. Select a keyboard layout
Find your keyboard on the Keymap
list, highlight it, and press
Enter. (The most common one is American English
)
The installation media is now scanned and additional installer components loaded.
4.4. If you are presented with a dialog asking for non-free firmware files
You may need to locate the files requested (especially if they relate
to your network or disk-drive interfaces) and place them on a USB
stick which should be inserted at this stage. If you do have the
required files select Yes
, otherwise press Tab to select No
then press Enter to continue. It may well be simpler just to use
the unofficial installer images mentioned above that include all
available non-free firmware.
4.5. Configure the network
-
If you are presented with a dialog asking which interface to use as
primary
This is typically only shown if two or more network interfaces are found, which might include a virtual FireWire interface in some cases. Select the interface you require (usually
eno1
) and press Enter.
Unless you are using DHCP (which is not advisable) you will be prompted to:
-
Type in the required static IP address in the form
xxx.xxx.xxx.xxx
(where eachxxx
is any integer from 0 - 255 inclusive) and press Enter. -
Type in the required netmask in the form
255.yyy.yyy.yyy
(where eachyyy
is typically 0, 64, 128, 192 or 255) and press Enter. -
Type in the required gateway IP address in the form
xxx.xxx.xxx.xxx
(where eachxxx
is any integer from 0 - 255 inclusive) and press Enter. -
Type in the required nameserver IP addresses, space separated, in the form
xxx.xxx.xxx.xxx
(where eachxxx
is any integer from 0 - 255 inclusive) and press Enter.
Important
|
Before connecting an Ethernet cable to an additional
(non-primary ) interface, you must use the
Stabilize network configuration subsection of
Additional Setup Items appendix. For example, in addition to the
primary interface, you may connect a cable to the second interface
for IPMI. In this situation, the second interface may be incorrectly
utilized in Linux if it is not disabled.
|
4.6. Set a hostname
Backspace over the default hostname debian and type in the name you require (if not already retrieved via DNS), then press Enter. Enter the required Internet Domain name (if not found) and press Enter.
4.7. Enter a suitable root password
Twice as prompted.
4.8. Setup first account
Enter Desktop User
for the name of the new user
then press Enter to accept desktop as the username and enter a (real)
password twice as prompted.
4.9. Get network time
The installer now tries to set the time using NTP. If this is not possible at your site due to your firewall etc., you may need to press Enter to cancel this process.
4.10. Partition the disk
Note
|
If you are using UEFI and the disk was previously used for BIOS, you may need to confirm forcing UEFI installation. |
-
When prompted for a partitioning method, select
Manual
4.10.1. Setup physical partitions
-
Create a new partition table by:
-
Select your disk, something like
SCSI1 (0,0,0) (sda) - 4 TB ATA SATA HARDDISK
, and press Enter.WarningDo not select your installation media. -
The installer may warn:
You have selected an entire device to partition…
. If so, selectYes
. If you are prompted to delete RAID partitions, selectYes
.
-
-
Select the (one and only entry)
FREE SPACE
under your disk. There should be no RAID or LVM partitions shown.NoteIf other entries and/or RAID or LVM partitions are shown, you will need to delete them before proceeding.
If no RAID and/or LVM partitions are shown, a possible solution may be to delete individual partitions until you have a single entry,
FREE SPACE
.If that doesn’t work or RAID and/or LVM partitions are shown, you may be able to use
Guided partitioning
to delete the existing configuration (and temporarily create new partitions). In this case, selectGuided partitioning
, then selectGuided - use entire disk
. Then select your disk, such as listed above, do not select a RAID or your installation media device. Then selectAll files in one partition (recommended for new users)
. You may be prompted to confirm deleting RAID partitions and/or removing logical volume data, which you must do to continue. Then you should be able to continue with selecting your disk, as above.If the
Guided partitioning
method above doesn’t work or you have problems later creating the RAID or LVM partitions, then other means will be needed. There may be more complicated paths through the partitioner that will work or, perhaps easier, you may need to overwrite the start of the disk with a large number, say 2 GiB (but possibly more, if that doesn’t solve the problem), of zeros.Overwriting with zeros: can be implemented (for 2 GiB) at this stage in the installer with:
-
Press Ctrl+Alt+F2 to switch to a different console.
-
Press Enter to activate the console.
-
Execute:
dd if=/dev/zero of=/dev/sda bs=1G count=2 sync;sync reboot
-
When the system reboots, restart the installation.
-
-
Select
Create a new partition
-
Then for
-
UEFI: Enter
1GB
in the size, then selectBeginning
of the disk. -
BIOS: Enter
1MB
in the size, choosePrimary
(rather thanLogical
) if asked for the partition type, then selectBeginning
of the disk.
-
-
Then for
-
UEFI: Select
Use as
then selectEFI System Partition
-
BIOS: Select
Use as
then selectReserved BIOS boot area
, or alternativelydo not use the partition
if the former option is not available.
-
-
Now select
Done setting up the partition
. -
Next select the
FREE SPACE
andCreate a new partition
again.NoteYou may see a small 1MB FREE SPACE
at the start of the disk. This is fine, just be sure to choose the largeFREE SPACE
at the end of the disk. -
This time choose the whole amount of free space (the default) and choose
Primary
for the partition type if asked. -
Select
Use as
, then selectphysical volume for RAID
, thenDone setting up the partition
NoteIf you physically only have one disk bay and wish to construct a FSL11 test-bed
, it is possible to avoid using the software RAID layer entirely. Simply selectUse as
, then selectphysical volume for LVM
for this partition instead and skip ahead to Setup Logical Volume Manager (LVM) below. However, please note that a single disk setup is not recommended for any operational system.
4.10.2. Setup RAID
-
Select
Configure software RAID
. Then selectYes
to write the changes to the disk. -
Select
Create MD device
, chooseRAID1
and use2
as the number of devices and0
as the number of spares. -
Despite the fact that the instructions say you must select exactly two partitions, select only one. Select the RAID partition you just created by pressing Space. This should be /dev/sda2. Then press Enter to continue. Select
yes
if prompted to write changes to the disk.NoteIf the newly created RAID partition doesn’t appear as an option, you may need to use the method of Overwriting with zeros in the Setup physical partitions step above. -
Select
Finish
. -
Back in partitioning, select the partition
#1
(with no designated use) underRAID1 device #0
and press EnterNoteIf that partition appears immediately after being created already having a designated use, perhaps lvm
, you may need to use the method of Overwriting with zeros in the Setup physical partitions sub-step above. -
Select
Use as
, then selectphysical volume for LVM
, thenDone setting up the partition
4.10.3. Setup Logical Volume Manager (LVM)
-
Now choose
Configure the Logical Volume Manager
and selectYes
if prompted to write the changes to the disk and keep the current layout and configure LVM. -
Choose
Create volume group
-
Enter a name appropriate for the machine and group, e.g.,
vg0
, and press Enter -
Select the raid device md0 (or sda2 if not using RAID) by pressing Space, then press Enter to continue
-
For each item in the following table run
Create logical volume
, select your volume group and assign the corresponding name. Those marked with*
are optional unless you are applying CIS hardening.Table 3. Logical volumes Mount point LV name Size 1
/var/log/audit
audit
*4 G
2
/boot
boot
1 G
3
/home
home
4 G
4
/var/log
log
*4 G
5
/
root
50 G
6
(swap)
swap
8 G
7
/tmp
tmp
50 G
8
/var
var
*8 G
9
/var/tmp
vartmp
*8 G
10
/usr2
usr2
remaining disk space less ~100 GB
-
In the LVM configuration window, select
Finish
-
Then for each logical volume in the table except
swap
, do the following:-
Select the partition (e.g.,
#1
) for eachLV name
(and press Enter) -
Select
Use as
and press Enter then selectExt4 journaling file system
-
Select
Mount point
, press Enter, then select the appropriate mount point from the list or useEnter manually
if not there. -
Select
Done setting up this partition
-
-
For the
swap
logical volume, selectUse as
then selectswap area
, followed byDone setting up this partition
-
Back in the partition screen, select
Finish partitioning and write changes to the disk
and selectYes
to write the changes. For big disks, it may take a little time to create theext4
file systems.
The Debian base system is now installed from the installation media, which usually only takes a few minutes.
4.11. Configure the package manager
If you started from a netinst CD image, the installer now assumes
you will install only from the network, and jumps straight to the
Choose your Debian archive mirror country
part of the
dialogue as detailed below.
If you are using DVD installer you will be prompted to scan additional DVDs. Scanning the additional DVDs (and obtaining copies of them in the first place) is entirely optional, and is only useful if you don’t have a reliable network connection to a suitable Debian mirror and hence would prefer not to download packages you could get from the DVD.
Note
|
If you do want to use a mirror in the future, it is better not to scan any DVDs at this stage and to scan them later during Stage 2 using apt-cdrom. |
For each additional DVD you wish to scan, insert it in the drive, select
Yes
and press Enter to perform the scan (which takes a while.)
(If you are using DVDs, and are prompted to insert another DVD, you
will need to use eject /dev/cdrom
from another virtual console to do this)
Select No
and press Enter to continue once you are done.
If prompted, insert the “Debian GNU/Linux 11.<x>.<y> Bullseye - Official i386/amd64
Binary-1 DVD” back into the DVD-ROM drive and press Enter.
Warning
|
If you do scan additional DVDs, the following useful dialogue which allows you to select a suitable network mirror from a country-based list may be suppressed. |
Select Yes
and press Enter to use a network mirror (unless you
have inadequate Internet access - but then you must scan all DVDs.)
Choose your Debian archive mirror country
:
Select from the list if available and press Enter. (If your
country is not available choose the country nearest to you in a
network connectivity sense.)
Select the fastest Debian mirror from those available.
Tip
|
The new deb.debian.org mirror is a good choice for most
sites as it uses DNS to find a local mirror.
|
Enter any necessary HTTP
proxy information (usually left blank).
Software is downloaded briefly.
4.12. Do not participate in popularity-contest
When prompted to join the popularity-contest, select No
and press Enter
4.13. Choose your packages
When prompted to choose packages, select SSH server
by moving to
that row with the arrow keys and pressing Space on it (unless
you don’t want it).
Tip
|
If you have a small disks and are worried about space, then you can
also press Space on Desktop Environment to unselect it (which may
then change the dialogue presented below).
|
Finally press, Enter to install the standard system.
The Debian standard system is now installed from the installation media plus any updates from the network mirror and/or security.debian.org site if they can be reached.
This can take a while, up to one and a half hours or more.
4.14. Install the GRUB bootloader (BIOS boot only)
Note
|
With UEFI boot, you will not be presented with this option; GRUB will automatically be installed to the first ESP partition. |
At Install GRUB to Master Boot Record
select yes
then select /dev/sda
When prompted, press Enter to install to the master boot record.
4.15. Disable Wayland (optional)
This step should only be needed if your CPU does not include a GPU and
you do not have an add-on graphics card. In that case, you are using
the motherboard graphics support. Disabling Wayland
is known
specifically to be necessary for the X11SCA-F
motherboard, which
uses the AST2500
graphics chip. If you don’t know that you need to
disable Wayland
, we recommend that you initially leave it enabled.
Whether your choice works or not should be evident when you start the
Second stage installation step below. The console may be very
difficult, even impossible, to work with. In that case, please see the
Wayland recovery NOTE below.
To disable Wayland
:
Tip
|
These instructions step can be executed when the installation stops for input in the next step, Remove installation media. |
-
Press Ctrl+Alt+F2 to switch to a different console.
-
Press Enter to activate the console.
-
Edit /target/etc/gdm3/daemon.config, uncomment
Wayland=False
, and save the file.The only editor available at this point may be nano.
-
Execute:
sync;sync exit
-
Press Ctrl+Alt+F1 to return to the Installer dialog.
Note
|
Wayland recovery: If you find you have made the wrong choice, there are at least three possible ways to recover:
|
4.16. Remove installation media
Remove the DVD from the DVD-ROM drive (it should be auto-ejected), or unplug the USB drive, and press Enter to reboot into the newly installed system.
Tip
|
It would generally be wise to disable booting from DVD-ROM and floppy i.e., anything other than the hard drive, in the BIOS just in case someone leaves something nasty in the machine’s removable drives by mistake. |
5. Second stage installation
You should now have booted to your new OS.
5.1. Login as root
Tip
|
Versions before Debian 9 ran X11 on virtual console 7. As of Debian 9, the graphical environment login is on virtual console 1. Each login there for a different user creates a session on the next unused virtual console. |
Switch to Virtual Console 2, by pressing Ctrl+Alt+F2.
Enter root and press Enter, then enter the root password you set earlier.
5.2. Remove the dummy Desktop User (optional)
Unless you want an account that is set up to use the default desktop environment, delete the desktop user with:
deluser --remove-home desktop
Note
|
If you do keep this account, you will not be able to run the FS from it unless you add this account into the additional hardware access groups such as is done for oper and prog by fsadapt. |
5.3. Setup HTTP proxy for APT (optional)
Should you wish to make APT use an HTTP proxy for downloads, create the new file /etc/apt/apt.conf.d/00proxies using vi containing:
ACQUIRE::http::Proxy "http://proxy.some.where:8080/";
to use a proxy proxy.some.where at port 8080
for example.
5.4. Edit /etc/apt/sources.list
Note
|
If Bullseye is no longer under security support, you will also need to modify sources.list as described in the End of security updates in the Managing Security Updates appendix. |
Using your favourite text editor, eg vi, and comment out all cdrom
entries (unless you don’t have a decent Internet connection and need
to use DVDs, whereupon the dialogue presented below may differ) and
check you have the equivalent of the following entries towards the top
of the file, adding in contrib
and/or non-free
as needed:
deb http://deb.debian.org/debian/ bullseye main contrib non-free deb-src http://deb.debian.org/debian/ bullseye main contrib non-free
and likewise the equivalent of the following entries towards the
bottom of the file, again adding in contrib
and/or non-free
as
needed:
deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free deb-src http://deb.debian.org/debian/ bullseye-updates main contrib non-free
(where you can use any suitable mirror instead of deb.debian.org)
Also add contrib
and/or non-free
to the lines referring to the
security.debian.org mirror in the middle of the file.
Warning
|
you MUST use bullseye and NOT stable for the
distribution in all these entries (but CD/DVD entries might use
unstable .)
|
5.5. Update APT’s list of packages
Tip
|
Recent versions of Debian have the apt program, which gives a more user-friendly interface to the package manager than apt-get. We generally use apt-get except for applying updates. |
Next tell APT to update its internal source list of packages using
apt-get update
Note
|
It is also possible to add additional DVDs at this stage using the
apt-cdrom add command.
|
5.6. Download the FS Linux 11 package selections
-
Install git and dselect
apt-get install git dselect
-
Update dselect's package lists
dselect update
-
Get the selections by downloading this repository:
cd /root git clone https://github.com/nvi-inc/fsl11 cd fsl11
-
Feed the package selections into dpkg using the command, for amd64
dpkg --set-selections < selections/fsl11_amd64.selections
or, for i386
dpkg --set-selections < selections/fsl11_i386.selections
-
Start the additional package installation with
apt-get dselect-upgrade
then press Enter to confirm any updating of installed packages (where you have an Internet connection) and the installation of currently ~214 new packages (downloading ~196 MB from the Internet and/or DVDs) for amd64 with UEFI — probably different for i386 and/or BIOS — unless you did not select the Desktop or added other tasks earlier.
Downloading commences for up to half an hour (depending on your Internet access and the exact revision of DVDs used).
Installation runs to completion.
5.7. Clean up the APT download directory
So that the update mechanism will work correctly, run
apt-get clean
6. Third stage installation
6.1. fsadapt
In the /root/fsl11 directory, start fsadapt with
./fsadapt
6.1.1. FS Adaptation: Modifications (Window 1)
Using the arrow keys and Space make your selections and press Enter.
-
If you are not using a GPIB board or USB dongle, you can deselect the GPIB option.
-
If you are using the RAID configuration, you must not deselect the
mdinc
option.
6.1.2. FS Adaptation: Setup (Window 2)
All of the steps in Window 2 need to be done once (even if you do not
intend to use the serial ports) with the exception of sshkeys
which
can be used to generate new SSH keys if required.
If you did not select the GPIB option in the previous page deselect the
two related options on this page (but do not deselect set_perms
as it
is always required). Otherwise, simply press Enter with the OK
selected to continue.
Note
|
The updates option relies on email to root being re-directed
to some mailbox that will be read regularly, so make sure you set that
up and test it as well (see the Configure e-mail section in the
Additional Setup Items appendix). The installer sets it up to go
the desktop account by default which would definitely be a problem
if you have removed that!
|
6.1.3. GPIB driver configuration (optional)
On the /etc/gpib.conf
screen, use the up/down arrow keys to select the
required GPIB controller and press Enter on OK
to continue.
6.1.4. Serial port configuration
On the /etc/default/grub: serial port configuration
screen
up/down arrow keys to select the required RS232 serial card
(or None
if you don’t have one) and press Enter on OK
to continue.
6.1.5. FS Adaptation: Settings (Window 3)
On Window 3 you can choose to modify the email or network settings if required.
Simply press Enter on OK
to continue.
6.1.6. FS Adaptation: Network Services (Window 4)
The Window 4 will show what services are enabled. Use the up/down
arrows and Space to select secure
and press Enter on
OK
. Thereafter use the up/down arrows and Space to select
those services you actually need. If you need printing, you will need
to select netipp
(remote access to this can be blocked by
configuring ufw with either not explicitly allowing or instead
denying the CUPS service). Press Enter on OK
to set them
up and finish with fsadapt.
Note that the fsadapt script can be re-run at a later date should you need to change the adaptations.
6.2. Set passwords
Set passwords for the oper and prog accounts with:
passwd oper passwd prog
entering the passwords twice as prompted.
6.3. Install tools for RAID (optional)
You can install some useful tools for working with the RAID, if you’re actually using it, with:
~/fsl11/RAID/install_tools
The Fourth stage installation section, below, assumes the first four of these tools have been installed. The six tools are:
-
mdstat — for all users — check on the RAID status
-
refresh_secondary — for root — refresh a secondary disk that is from the same RAID
-
blank_secondary — for root — initialize a secondary disk, must be used with extreme care
-
rotation_shutdown — for root — shutdown the system if it is safe to rotate disks
-
drop_primary — for root — deliberately drop the primary disk out of the RAID for use as a backup
-
recover_raid — for root — re-add a disk that fell out of (or was removed from) the RAID back into it
Tip
|
More information about RAID operation can be found in the RAID notes for FSL11 document. |
6.4. Download the Field System
cd /usr2 git clone https://github.com/nvi-inc/fs fs-git cd /usr2/fs-git git checkout -q tag
where tag
is the latest available release, 10.2.0 or later.
Important
|
You should install the latest official release. To find it, go to: You should probably use the most recent feature release (ending in .0 with no trailing -<string>, e.g., 10.2.0. However, if there is a more recent patch release (not ending .0) for the most recent feature release, you should use the most recent patch release. For example, if 10.2.0 is the most recent feature release and there are corresponding patch releases, 10.2.1 and 10.2.2, then the last one, ending .2, is probably the best choice. |
6.5. Run FS install script
This will set the /usr2/fs link, set /usr2/fs-git permissions, and install default copies of all the FS related directories.
make install
and enter y
to confirm installation.
6.6. Make the FS
The FS must always be compiled as prog.
Warning
|
Make sure you log-out as root, and log-in again as prog. |
cd /usr2/fs make >& /dev/null
then
make -s
to confirm that everything compiled correctly (no news is good news).
6.7. Reboot the new system
Remove any DVD from the machine and restart the machine using reboot as root or Ctrl+Alt+Del whilst watching that everything starts up smoothly.
7. Fourth stage installation
7.1. Setup additional disks
If your are using a RAID, follow the steps in this subsection to setup the second and third disks.
Note
|
Additional disks should be at least as large as the disk already in use. |
Note
|
You will need to have hot-swapping enabled in your motherboard’s setup menu, at least for the controller for the secondary disk (it should also be enabled for the primary). |
Note
|
This subsection assumes you have installed the RAID tools according to the Install tools for RAID (optional) subsection above. |
-
If you have a second disk (secondary) in the RAID:
-
Shut the system down with the rotation_shutdown command.
This command will check the status of the RAID and proceed to shutting down only if the RAID is synced. There are three errors that can prevent shutting down: (i) if the FS is running, you should terminate it before trying again; (ii) if the RAID is
recovering
, you will need to wait until the recovery is finished before shutting down, you can check the progress with the mdstat command; and (iii) if the RAID isdegraded
, seek expert advice. -
Remove the disk in the primary slot and place it on the shelf, labelled appropriately as the shelf disk for this system with the date.
-
Move the disk in the secondary slot to the primary slot.
-
-
Initialize the new disk
ImportantDo not initialize a disk unless you are sure there is no data on it that you need to preserve. For the first time use of an additional disk with a new install, the disk should be initialized to make sure it has no existing structure. This should be done even if the disk has been used in a different FS computer or a previous install on this computer.
-
Boot with just the primary disk installed.
TipIf your system is already running with no second disk (secondary) installed, you can skip rebooting. -
Use the script:
blank_secondary
The script will wait for the new disk to be turned on. Insert a new disk in the secondary slot. The secondary slot is the one connected to second lowest numbered SATA controller, usually
1
. Turn the key to turn the disk on. There will be a prompt asking if you wish to proceed. If it is a new disk or you are sure it is safe to erase this disk, answery
. If you are unsure about this or otherwise need to abort, answern
.
-
-
Refresh the now blank secondary disk
Run the script:
refresh_secondary
Once you reach the message that you can check on the recovery with mdstat , you can resume using the computer as usual. You can safely reboot at this point, if it is needed; just don’t remove either disk until the recovery is finished.
You can check the progress of the recovery with:
mdstat
When the recovery is complete, you can repeat the process of this entire subsection, Setup additional disks, to initialize another disk.
8. Post install
Tip
|
Please refer to the appendix Additional Setup Items for OS customizations that you may find useful. |
The current section provides information on customizing your new system from scratch for a new FS installation or transferring an existing FS installation to this machine.
8.1. New FS installation
Your newly installed system should now be ready to be customized for your site’s requirements for a new FS installation. You will need to tailor the control files in /usr2/control and add suitable station specific software to /usr2/st, particularly antcn. See the files in the /usr2/fs/st.default/st-0.0.0 directory for starter versions of the latter.
8.2. Transferring an FS existing installation
If you have an existing FS installation you want to transfer to this machine, you will need to transfer your files and update their contents for use with FS 10.2 or later. For transferring and updating to FS 10.2, please see the appendix “Transferring an existing FS installation to FSL11” in the “FS 10.2 Update Notes” document at: https://nvi-inc.github.io/fs/releases/10/2/10.2#_transferring_an_existing_fs_installation_to_fsl11.
Appendix A: Additional Setup Items
This appendix covers several customizations that may be helpful depending on the requirements for a system. It serves as a reference for how to make these changes, but can also be helpful as a checklist when setting up a new system. All actions in this section require root permissions.
A.1. Additional security and CIS Benchmarks
For stations that wish to conform to the additional security recommendations of the Center for Internet Security (CIS), move on to the CIS hardening FSL11 document.
A.1.1. Alternate hardening
If you don’t want the complete CIS hardening, which creates some inconveniences and is only required in certain environments, you may still be interested in applying a subset of the remediations. You can pick and choose those from the CIS hardening FSL11 document and its script.
A useful minimum set of features to apply would be to install ufw and block everything except ssh and further restrict ssh access with TCP Wrappers.
A.1.1.1. ufw setup
To install and configure ufw to only allow ssh for incoming connections, use the commands:
apt-get -y install ufw ufw allow OpenSSH ufw --force enable
Addition setup for ufw is covered below in the More firewall rules subsection.
A.1.1.2. TCP Wrappers setup
A base setup for TCP Wrappers is
ALL:ALL
sshd:ALL
It is recommend that you further restrict sshd by using specific
hosts and/or sub-domains instead of ALL
. Please use
man hosts_access
for more information about configuring TCP
Wrappers
A.1.1.3. More firewall rules
The following tersely summarizes some ufw settings that may be useful:
#SSH ufw allow OpenSSH #NTP ufw allow ntp #remote access to metserver (or gromet) on port 50001 ufw allow 50001 #anywhere from subnet ufw allow from 192.168.4.0/24 #RDBE multicast to addresses from subnet ufw allow in proto udp to 239.0.2.0/24 from 192.168.4.0/24 #? RDBE multicast to group from subnet ? #ufw allow in proto igmp to 239.0.2.0/24 from 192.168.4.0/24
A.2. Customize root’s .bashrc file
There are a few changes you should consider for root's .bashrc file.
-
If you have applied the CIS remediations, you should consider uncommenting the line that sets the
umask
to022
. The remediations set it to027
in /etc/profile, which may cause problems with routinely created files, including some in this section covering optional changes. -
Uncomment the the
alias
commands that add the-i
option to the commands cp, mv, and rm as the default. This can help avoid some careless errors. -
Add the command
set -o noclobber
to avoid accidently overwriting existing files with I/O redirection. Other options to consider setting arephysical
andignoreeof
.
A.3. Create root’s .inputrc file
The readline package is used by bash, and other programs, to maintain a history of commands that can be edited and then re-executed. By default, it will retain edits of history entries that have not been re-executed. This makes the unedited history entries more difficult to locate and re-execute. Retaining the un-executed edits can be disabled for root by creating the file:
$include /etc/inputrc
set revert-all-at-newline on
The $include /etc/inputrc
line preserves the other system wide
readline defaults.
Note
|
The standard fresh FS installation creates this file for the oper and prog (and AUID) accounts. |
A.4. Setup /etc/hosts
You may want to add more hosts to the /etc/hosts, especially if do not have DNS. This will allow you to give a short alias to use when referring to other local machines. Even if you have DNS, you may wish to add additional aliases for your local hosts.
For use with ntpq -p
, is recommended that you use a short alias as
the canonical name (the first one after the IP address) for other
local machines (and possibly remote ones as well). This will make the
ntpq output easier to understand, particularly if the canonical
names of the local machines only differ at the end of their names.
That may make the differences hard to see given the short field
available for the remote
node ID in the ntpq output.
A.5. Stabilize network configuration
This subsection requires using nm-connection-editor on a graphic display (nmtui may be an option on a text terminal, but it has not been fully verified). You may need to be root or desktop to do this. All the subsections below assume you are in the program and have sufficient permissions.
Note
|
If you someday move the disks to a computer with a different mainboard model, the device names of the network interfaces may change. If that happens, you will need to reselect the names as described in the sub-steps below. This should not be necessary if the other computer uses the same mainboard. |
A.5.1. Make the connection always appear on the same interface regardless of the MAC address.
This is useful both to make the connection appear on only one interface and/or make it the same interface if the computer (or NIC) is changed.
-
Select your connection and click the “gear” icon.
-
Select the
Ethernet
tab. -
Use the drop-down for the
Device
field to select your device (typicallyeno1
with the MAC address in parentheses). Then edit the field to just list the name of the interface (typicallyeno1
) by removing the MAC address in parentheses. -
You may want to also set the
IPv6 Settings
to useMethod: Disabled
. -
Click
Save
. -
Close the window by pressing Esc (while the focus is on that window).
A.5.2. Disable the second Ethernet port
This may be useful, for example, if your second port has a IPMI interface and the kernel detected a connection there and it is interfering with the normal or the IPMI connection.
-
If there is no
Wired connection 2
, click the+
icon. Otherwise select that connection, click the “gear” icon, and skip to step 4. It may be benign to delete (-
icon) any other connections exceptWired connection 1
. -
Make sure
Ethernet
is selected in the drop down box and clickCreate…
. -
Change the
Connection name
toWired connection 2
. -
Select the
Ethernet
tab. -
Use the drop-down for the
Device
field to select your device (typicallyeno2
with the MAC address in parentheses). Then edit the field to just list the name of the interface (typicallyeno2
) by removing the MAC address in parentheses. -
Select the
IPv4 Settings
tab. -
For
Method
selectDisabled
. -
Select the
IPv6 Settings
tab. -
For
Method
selectDisabled
. -
Click
Save
. -
Close the window by pressing Esc (while the focus is on that window).
A.6. Disable Desktop User
If you do not need the functionality available in the Desktop environment, you can disable the desktop account. You can re-enable the account later if you need it. To disable it, execute:
usermod -L desktop
You can undo this by using the -U
option instead.
To prevent connecting with ssh using a key, create (or add desktop
to an existing) DenyUsers
line in /etc/ssh/sshd_config:
DenyUsers desktop
And restart sshd with:
systemctl restart sshd
You can undo the ssh block be removing the line (if it only has desktop) or removing desktop from the line and then restarting sshd.
A.7. Remove ModemManager package
If you use serial ports, it is strongly advised that you remove the ModemManager package to avoid conflicts over access to the ports. Execute this command:
apt-get purge modemmanager
A.8. Remove anacron package
If you enabled the weekly update job in fsadapt (it is strongly recommended), we recommend that you also remove the anacron package so that the job will run at a fixed time every week, even if the system is turned off for some periods of time. Execute this command:
apt-get purge anacron
A.9. Configure e-mail
The configuration described here (Internet site
or mail sent by
smarthost
in the exim4 configuration, no incoming mail, reply-to
filter, and modified user names), provides good support for system
messages and the FS msg and rdbemsg utilities.
-
As
root
, enter:dpkg-reconfigure exim4-config
to change the setup. Typically you should select
internet site
, use your host name in place of debian when it occurs, and otherwise select defaults at all the other prompts. (The only other recommended choices arelocal delivery only
ormail sent by smarthost; received via SMTP or fetchmail
.) If you want to receive incoming mail, you will also need to enable SMTP connections inWindow 4
of fsadapt (and if you are using a firewall, you will need to enable such connections for it). We recommend that you NOT receive incoming mail on this computer. -
Reply-To filter: If you follow the recommendation not to receive incoming mail and your system is not setup for
local delivery only
, you should set theReply-To
address for outgoing messages to a real e-mail account at your institution that is read regularly. You can do this by (all as root):-
Create the filter (four lines in file):
cat >/etc/exim4/reply-to-filter <<EOF # Exim filter << THIS LINE REQUIRED headers remove "Reply-To" headers add "Reply-To: email@address" EOF
Change
email@address
to the e-mail address you want replies to be addressed to. If you want more than one, separate them with commas. -
Create a file for local customizations:
touch /etc/exim4/conf.d/main/00-exim-localmacros ln -sfn /etc/exim4/conf.d/main/00-exim-localmacros /etc/exim4/exim4.conf.localmacros
NoteThe file is constructed this way so that it will work for both non-split or split exim4 configurations. -
Add a call to the filter to /etc/exim4/exim4.conf.localmacros:
cat >>/etc/exim4/exim4.conf.localmacros <<EOF #set reply to system_filter = /etc/exim4/reply-to-filter EOF
-
Then execute
update-exim4.conf systemctl restart exim4
-
-
You should change your /etc/aliases so root and prog e-mail goes to oper.
-
change
root: desktop
toroot: oper
-
add
prog: oper
-
add
desktop: oper
This is recommended as a “catch all” since the oper account is presumably under regular use and any messages sent there are likely to be noticed. This is particularly important for system error messages since they should be delivered to a mail box on the system in case there is a network problem that might prevent them from being delivered off system. You can however add additional off machine delivery of these messages to whatever addressees you wish and we recommend this as well. These should include an e-mail account at your institution that is read regularly (maybe the same address as the
Reply-To
address you may have set above would be a good choice). To do this, create a .forward file in oper's home directory. The permissions should be-rw-r—r--
. The contents should be similar to (left justified):\oper user@node.domain
where
user@node.domain
is the off machine addressee you want the messages to go to. You can add additional lines for additional addressees. The backslash (\
) beforeoper
prevents the mail system from getting into an infinite loop re-checking oper's .forward file. -
-
If you have made the above changes to forward messages to another an e-mail account on another machine, you should customize the User Name (not login name, the User Name is the fifth field) of root, prog, oper, and desktop in /etc/passwd to identify the source of the message. For root and prog, it is recommended to append a string like
at node
(it is probably best to avoid FQDNs), where node is this machine, e.g., for atri you might change the 5th field for root fromroot
to
root at atri
For oper, you might instead prepend your site name to the accounts for clearer reading in
ops
e-mail messages, e.g., for oper on atri at GSFC, we changed the 5th field for oper to:GSFC VLBI Operator
and for completeness, for prog and desktop we use:
GSFC VLBI Programmer GSFC Desktop User
These changes will help the recipient (possibly you) determine which system generated this message since it may not be obvious given the modified return address.
-
To give oper an indication at login that there is mail to read, add either (to get a count of messages):
test ! -f /var/mail/oper || from -c
or (to see the senders and subjects):
test ! -f /var/mail/oper || from
to the end of oper's .profile file (if using bash as the login shell) or .login file (tcsh).
-
Lastly, check the default mailbox directory /var/mail/ for accounts that may have messages that arrived before the e-mail system was fully configured. Be sure to resolve any system messages that may have been received. You can check to see what accounts have mail with:
ls /var/mail
which will list each user account mail file that exists. Check and clear each user’s mailbox (where
user
in the line below is the account name) that has received mail (as root):mail -f /var/mail/user
If there are messages in the desktop user’s mailbox that you want to preserve and oper's mailbox is empty or non-existent, you could consider renaming desktop's mailbox to be oper's. If you do so, be sure to change the owner of the file to be oper.
A.10. Generate FQDN in HELO for outgoing mail
If mail from your system is being rejected by some servers because
exim4 is not providing a Fully Qualified Domain Name (FQDN), in its HELO
message, the following steps should fix the problem.
-
If you have not already created /etc/exim4/conf.d/main/00-exim-localmacros (see Reply-To filter above), do so:
touch /etc/exim4/conf.d/main/00-exim-localmacros ln -sfn /etc/exim4/conf.d/main/00-exim-localmacros /etc/exim4/exim4.conf.localmacros
-
Add the necessary line to the file:
cat >>/etc/exim4/exim4.conf.localmacros <<EOF MAIN_HARDCODE_PRIMARY_HOSTNAME=ETC_MAILNAME EOF
-
Then execute:
update-exim4.conf systemctl restart exim4
-
Verify that the change has taken effect:
exim4 -bP primary_hostname
A.11. Set X display resolution at boot
If your display sometimes starts with the wrong resolution, you may be able to configure a better resolution. The following is a description of something that worked for at least one system. The details of your system may require some changes (beyond the resolution and output name).
First you need to determine the correct resolution and output name. You may be able to do this with xrandr. If the screen currently has the correct resolution, you can just execute:
xrandr
The output might look like:
Screen 0: minimum 320 x 200, current 1920 x 1200, maximum 1920 x 2048 VGA-1 connected primary 1920x1200+0+0 (normal left inverted right x axis y axis) 0mm x 0mm 1024x768 60.00 800x600 60.32 56.25 640x480 59.94 1920x1200 (0x42) 154.000MHz +HSync -VSync h: width 1920 start 1968 end 2000 total 2080 skew 0 clock 74.04KHz v: height 1200 start 1203 end 1209 total 1235 clock 59.95Hz
Where the current screen resolution is 1920x1200
and the output name is VGA-1
.
You can then generate the needed Modeline
by executing:
cvt 1920 1200
Which might generate output:
# 1920x1200 59.88 Hz (CVT 2.30MA) hsync: 74.56 kHz; pclk: 193.25 MHz Modeline "1920x1200_60.00" 193.25 1920 2056 2256 2592 1200 1203 1209 1245 -hsync +vsync
As a test, you can make a script (use an appropriate name), that will
enable that resolution. Use the output name (VGA-1
in this example)
and the tokens following Modeline
from above. There are three lines
after the #!/bin/bash
line.
#!/bin/bash
xrandr --newmode "1920x1200_60.00" 193.25 1920 2056 2256 2592 1200 1203 1209 1245 -hsync +vsync
xrandr --addmode VGA-1 1920x1200_60.00
xrandr --output VGA-1 --mode "1920x1200_60.00"
Be sure to chmod u+x
the file before executing.
If that is successful, you can use output name (VGA-1
in this
example) and Modeline
from above to make a file (you may need to create
the directory first):
Section "Monitor"
Identifier "VGA-1"
Option "Enable" "true"
Modeline "1920x1200_60.00" 193.25 1920 2056 2256 2592 1200 1203 1209 1245 -hsync +vsync
EndSection
Section "Screen"
Identifier "Screen0"
Device "Device0"
Monitor "VGA-1"
DefaultDepth 24
#Option "TwinView" "0"
SubSection "Display"
Depth 24
Modes "1920x1200_60.00"
EndSubSection
EndSection
You should chmod the permissions for directory with o+rx
and the
file with o+r
, if those are not already set.
You could then try restarting the display (after closing all windows) with:
systemctl restart gdm3
or rebooting.
A.12. Use KeepAlive to prevent VLAN firewall inactivity time-out
If there is a VLAN firewall in use on the local network, it may be
necessary to use KeepAlive
for TCP connections to prevent inactivity
time-outs for network connections from the FS to the VLBI equipment
when no activity is occurring with the system. For some devices, having
the time-out break the connection may cause an issue with the number of
connections available.
To use KeepAlive
to prevent the inactivity time-outs, first install
the package libkeepalive0:
apt-get install libkeepalive0
Then add the follow lines for oper (and analogously for prog):
export KEEPCNT=20
export KEEPIDLE=180
export KEEPINTVL=60
Then add the following alias for oper (and analogously for prog):
alias fs='LD_PRELOAD=libkeepalive.so fs'
You will need to terminate the FS, log out, and log back in to activate these changes.
Note
|
If you run the FS from a script, you will need to include the
setting of LD_PRELOAD explicitly in the script since scripts do not
pick up aliases.
|
A similar alias can used to allow other individual applications to avoid the inactivity time-outs. (A better solution is available for ssh, discussed below.) It is also possible to put export LD_PRELOAD=libkeepalive.so in ~/.profile to enable it for all applications, but this may generate some error messages (in the case of xterm at least, the error is apparently benign).
If you need to have a persistent ssh connection, add the follow for oper (and analogously for prog):
Note
|
You will need to create the ~oper/.ssh directory if it doesn’t already exist: mkdir ~oper/.ssh |
Host *
ServerAliveInterval 200
ServerAliveCountMax 2
This can be set selectively per remote system. The interval of 200
seconds is chosen to be less than the 300
seconds that some (possibly
security hardened) servers may use.
If created the ~oper/.ssh directory, set its ownership (and analogously for prog) with:
chown -R oper.rtx ~oper/.ssh/
A.13. Remove login banners for commands run by ssh on remote systems
If you use ssh as oper (and maybe prog), to run commands on other systems as part of FS operations, you may get login banners mixed in with the output. You can suppress the banners by adding the following for oper (and analogously for prog):
Note
|
You will need to create the ~oper/.ssh directory if it doesn’t already exist: mkdir ~oper/.ssh |
Host *
LogLevel ERROR
This will allow errors to be displayed while suppressing the login banners of remote systems. This can be set selectively per remote system.
Please check the end of the Use KeepAlive to prevent VLAN firewall inactivity time-out section for setting the ownership of ~/.ssh/config.
A.14. Suspend, shutdown, and restart issues
-
Mouse cursor disappearing on text console after suspend
The FSL11 installation disables suspend by default (as part of the
greeter
item in the FS Adaptation: Setup (Window 2) sub-step of fsadapt in the Third stage installation). If you did not disable suspend, you may encounter this issue. A way to fix it is to switch to a different text console and then back again. The cursor should reappear. -
Disable the power switch from shutting the system down
-
Add the following to the /etc/gdm3/greeter.dconf-defaults file:
# Disable restart buttons disable-restart-buttons=true
-
Restart gdm3:
systemctl restart gdm3
-
-
Disable use of restart for ordinary users
It is possible to disable all use of restart for ordinary users with a bit more work — the details are available on request. The file powerlock.tar.gz may be helpful for this. It contains sample contents of the files that need to be changed or created.
A.15. Printer setup
-
Make sure your printer is connected, to the computer or the network, as appropriate.
TipNewer computers usually do not have a parallel port (IEEE 1284). If not, and your printer requires a parallel connection, you should be able to obtain a USB/Parallel converter for less than US$20. -
Login in to the X-display or remotely using an X-capable display.
-
Start firefox
-
Enter URL:
localhost:631
-
Select
Add printers and classes
.You may be prompted to enter credentials. If your account is a member of the lpadmin group, you can use your own credentials; if not, those of the root account or another account that is a member of lpadmin will be required.
-
Add your printers.
Connected printers may be automatically offered to be added. You may also be able to find printers using the
Find Printer
function. If CUPS offers you the wrong type of printer to be automatically added or it is unclear what driver to select for a printer, you may be able to get some useful information to help with manually installing your printer by searching the Internet for the stringcups
and your printer model.Some printers will work with an
AppSocket/HP JetDirect
connection of the formsocket://hostname
. -
Be sure to select a printer as the default (usually by selecting
Printers
at the top of the page, then select the printer to be set as the default, then from theAdministration
drop down:Set As Server Default
). -
Quit firefox
A.16. NTP configuration
For good performance with NTP, please follow the recommendations in /usr2/fs/misc/ntp.txt.
Additionally, to make the ntpq -c pe
output more readable for local
devices, you can adjust the contents of /etc/hosts. The local
devices should be listed in the file, but use a nickname (15
characters or less) that is meaningful locally in place of the
canonical name (the first name after the IP address). The canonical
name can be listed after the nickname.
A.17. Add raid-events scripts
If your system is using a RAID configuration, you may want to install the raid-events script. The script provides email notifications of when Rebuilds (and array checks) start and end. For full details on the script and installation instructions, please see the raid-events subsection in the Script descriptions section of the RAID Notes for FSL 11 document.
A.18. Add refresh_spare_usr2
If you are using two systems, an operational and a spare, you may want to install the refresh_spare_usr2 script. The script can be used to backup the /usr2 partition on the operational system to the spare system. For full details on the script and installation instructions, please see the refresh_spare_usr2 subsection in the Script descriptions section of the RAID Notes for FSL 11 document.
A.19. Install pgplot version of pgperl
Important
|
This step is “use as at your own risk.” Every effort has been made to make it safe, but it installs a non-standard package. You should only use it if you need it and accept the risk. |
This replaces the use of the giza package in pgperl with pgplot. It will restore the behavior of pgperl (used by plotlog) from distributions FSL10 and earlier. Full directions can be found in the INSTALL file in sub-directory libpgplot-perl.
This package uses the same pgperl source as the standard version, but it is built against pgplot instead. If pgperl receives a security update, the pgplot version will be overwritten. It is possible to prevent that if you prefer.
Appendix B: Managing Security Updates
It is strongly recommended that you use the weekly cron update
download (the “weekly cron job”) as configured according to the
Window 2
subsection in the fsadapt section of the main
document. The job will send a message to root (or whoever e-mail to
root is aliased to, typically oper) to provide notification of the
available updates on a weekly basis. You can choose a convenient time,
when not in (or about to start) operations, to install the updates and
test the system.
It is also recommended that you remove anacron as described in the Remove anacron package section in Additional Setup Items appendix. This will cause the updates to always be downloaded at what should be innocuous time, early Sunday morning (but this can be adjusted if need be).
Note
|
An optional method for identifying available updates without using the weekly cron job is described below in the Manually checking for updates section. |
B.1. Installing updates (upgrading)
This section gives a recipe for upgrading, collecting best practices from this appendix and elsewhere in the FSL11 documents. Links to explanatory information are included.
All steps are to be performed by root:
-
If you are using the RAID configuration with removable disks, it is recommended that you perform a disk rotation first (see the Disk Rotation section in the RAID Notes for FSL 11 document). This will provide an easier recovery path in the unlikely event that something goes wrong. You do not need to wait for the refresh to finish before upgrading.
If your RAID is in a “split” testing configuration (see the Recoverable testing section of the previously referenced document), you can’t perform a rotation. Click the “Details” toggle below for information on how to proceed in this case.
Details
If it is not feasible to restore the RAID, and rotate disks, before upgrading, you can still apply updates, but there are additional considerations:
-
If you had split the RAID using drop_primary, it is recommended that you reboot with the primary disk turned off. However, this is not strictly necessary unless there is a kernel update.
-
When the testing is completed you will restore the RAID with either recover_raid (overwriting the primary disk) or with refresh_secondary (overwriting the secondary disk). In the latter case, you will need to reinstall the updates, probably after a disk rotation.
-
Additional disk rotations may be needed to re-sync the disk order with other systems if the testing has been going on for an extended period.
If the RAID is not already “split”, you can create an additional recovery path using the method of the Recoverable testing section of the previously referenced document. Click the “Details” toggle below for additional considerations for this case.
Details
If you want to use this approach:
-
It will be necessary to wait until the refresh from the disk rotation completes before splitting the RAID.
-
It is recommended that you not use drop_primary to split the RAID. But strictly speaking, not using it is only necessary if there is a kernel update.
-
-
Execute (see the Manually checking for updates section below):
/root/fsl11/etc_cron.weekly_apt-show-upgradeable --which=news
This may take a few minutes, depending on your Internet connection. If there is no output, there are no updates to install and the rest of the steps in this section can be skipped.
If there is output, the instructions for upgrading (starting with
apt upgrade …
) will be shown, including any special instructions for a kernel update (see the Kernel updates section below).WarningBefore the instructions, there may be News
items. These rarely occur, but may contain additional actions that are needed. If there are any, you should consider how they will affect your system. Be sure you are prepared to handle them before continuing to the next step.NoteIf you want to see the full list of packages to be installed, leave the --which=news
off the above command. You may want to pipe the output through less so you can view it a page at a time. -
Upgrade:
apt upgrade
Before answering
y
to proceed, check if anyNEW
packages will be installed. There should only be the new packages associated with a kernel update, if there is one. There may also be new packages listed for insecure packages that have been removed (see the Removing insecure packages section below). Those can be removed afterwards. If there are new packages that you don’t recognize, you can answern
and investigate before proceeding.NoteThis command will also show if any News
items are included in the update. If there are, they will be displayed by a paging program at the beginning of the upgrade, giving you an extra chance to be prepared for them before upgrading or aborting if you are not. -
Clean the cache:
apt clean
-
Remove any insecure packages that were reinstalled.
-
Take any actions specified by
News
items. -
Reboot
-
If there was a kernel ABI update, rebuild any out-of-tree modules and reboot again (see the Updating out-of-tree modules section below).
-
Test the system as appropriate, particularly for a kernel update.
B.2. Kernel updates
Warning
|
Kernel updates require extra care and testing. If you are using a RAID, you should consider using the Recoverable testing procedure to give more, and easier, options for recovery in case there is a problem. That procedure contains special instructions for kernel update testing. |
Note
|
When a kernel update is available, you may see messages at the start of the cron job output similar to:
and Calling ['apt-get', '-qq', 'changelog', 'linux-headers-amd64=5.10.120+1'] to retrieve changelog Calling ['apt-get', '-qq', 'changelog', 'linux-image-amd64=5.10.120+1'] to retrieve changelog These appear to be benign. Our only advice at this time is to ignore them. |
If there is a kernel update available, the weekly cron job output will include a warning at the end with additional instructions depending on which type is available. There are two types of kernel updates:
-
ABI updates, e.g., from 4.9.0-11-amd64 to 4.9.0-12-amd64 (with 11 and 12 being the ABI versions), which change the kernel ABI (Application Binary Interface). The warning for this case is:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! NB: The Linux kernel image is one of the packages due to be upgraded. NB: (The kernal ABI has changed as per the linux-latest source package above NB: so all out-of-tree modules WILL NEED TO BE REBUILT after you REBOOT.) NB: Please allow _extra time_ for TESTING after the upgrade. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
Non-ABI updates, which update the kernel, but do not change the ABI. The warning for this case is:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! NB: The Linux kernel image is one of the packages due to be upgraded. NB: (Upgrading will OVERWRITE the running kernel and require you to REBOOT!) NB: Please allow _extra time_ for TESTING after the upgrade. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Be sure to allow time to follow the instructions when planning to install these updates. As described in the ABI update warning, you will need to rebuild any out-of-tree modules after rebooting for that case. This is discussed in the Updating out-of-tree modules section below.
Caution
|
In extreme circumstances, an ABI (but not a non-ABI) kernel update can be deferred to a later date when more extensive testing can be performed by using apt-get in place of apt in the instructions for installing the update. This works because an ABI update involves new packages. The apt-get command will install the updates for existing packages, but it will not install the new packages. While this method can be used to install the other updates, it is not recommended since there are presumably security patches needed for the kernel and they are not being installed in this case. |
Tip
|
When the kernel is upgraded, you may get messages such as: update-initramfs: Generating /boot/initrd.img-5.10.0-16-amd64 W: Possible missing firmware /lib/firmware/ast_dp501_fw.bin for module ast These are usually benign, unless you need that firmware. If you don’t, these messages can be silenced for future upgrades by creating an empty version of the file. For this example, enter: touch /lib/firmware/ast_dp501_fw.bin |
B.2.1. Updating out-of-tree modules
When an ABI update is installed, it will be necessary to update any, so-called, out-of-tree modules that use the kernel ABI. This must be done after rebooting with the new kernel installed.
For a normal FSL11 installations, unless you have installed other
out-of-tree modules, the only module that needs to be rebuilt is the
GPIB driver (if it is installed). You will need to recompile it (usually using fsadapt,
Window 2
, config_gpib
only) after the initial reboot
and then (to keep these instructions simple) reboot again.
If you have installed other out-of-tree modules (e.g., you use a special driver for some of your NICs), you will need to update them appropriately after the initial reboot and then (to keep these instructions simple) reboot again.
B.3. Recovery from a failed update
If an update fails, e.g., an updated kernel fails to boot or another problem is discovered, you can recover as described in FSL11 RAID document Recoverable testing section, if you were following that method, or from a shelf disk according to the FSL11 RAID document Recover from a shelf disk section if not and you have a good shelf disk.
B.3.1. Additional recovery option for a failed ABI kernel update
For a ABI update that has failed, it is also possible to try to use
the previous kernel on the current system. For a single boot, use the
Advanced
option in the grub menu at boot and then select the
previous kernel. You can change back permanently to the previous
kernel by purging the new kernel and its headers. To do this, use:
dpkg -l|grep linux-image dpkg -l|grep linux-headers
to determine the ABI version to be removed. For example, for the first command above, you may get:
linux-image-4.9.0-11-amd64 linux-image-4.9.0-12-amd64
The package with 12 would be the later version that should be purged:
apt-get purge linux-image-4.9.0-12-amd64
Likewise with the linux-headers. For example, for the 12 ABI version, there will be two packages you should purge:
linux-headers-4.9.0-12-amd64 linux-headers-4.9.0-12-common
B.4. Manually checking for updates
If you do not use the weekly cron job, you can run the distributed copy of the weekly script manually to check for updates:
/root/fsl11/etc_cron.weekly_apt-show-upgradeable
If there is no output, there are no updates to install.
If there is output, there are updates to install. You can install them by following the installation procedure in the Installing updates (upgrading) section above. (That section uses the alternate form of running the script given below.)
Any News
items will be included in the output along with the
packages to be updated. If you would like to just see any News
items
you can run the script with the --which=news
option:
/root/fsl11/etc_cron.weekly_apt-show-upgradeable --which=news
If there are updates available and no News
items, you will only get
the installation instructions.
You can use this form of running the script to check for updates initially, if you do not need to review which updates are available (you will still get warnings about kernel updates). As usual, you will see no output at all if there are no updates available.
Caution
|
Each run of the script, with or without --which-news , may
add to the list of updates to install.
|
B.5. Removing insecure packages
In some cases, it may be necessary to remove an installed package
because it has a known security flaw that has not been fixed. When a
package is removed, any packages that depend on it will be removed as
well. In same cases, a package that has been removed may be
reinstalled later because another package that has an update
recommends it, or recommends a package that depends on it.
When removing a flawed package
, you should check carefully that no
critical package that depends on it will be deleted as well. You can
check which packages will be deleted with, as root:
apt-get purge package
The list of packages to be deleted will be displayed and you will
prompted for whether to continue. If you are confident that no
critical packages will be lost, you can confirm (Y
). If don’t want
to delete the listed packages, or need more time to think about it,
you can stop (n
).
Since subsequent upgrades may reinstall the flawed package
, you
should attempt to purge it after each upgrade. If the flawed
package
is not present, there should be nothing to remove. If it
is present, you should reverify that nothing critical will be removed
before confirming.
Warning
|
It is recommended to not prevent the flawed package
from being installed using /etc/apt/preferences,
/etc/apt/preferences.d, or apt-mark hold … . If an update
requires the flawed package , not being able to install it will
probably silently prevent the update from being installed; leaving
the insecure version in place. Additionally, having a hold will
complicate making a Debian release upgrade.
|
If you use the automatic weekly updates reminder
(/etc/cron.weekly/apt-show-upgradeable), you can modify it to
include a reminder about purging the flawed package
, inserting,
e.g.:
echo " apt purge libmfx1 (check packages being deleted before 'y')"
after:
echo " apt clean"
You may also wish to adjust the white space on the apt upgrade
line
for alignment.
B.6. End of security updates
When support for Bullseye ends, currently expected at the end of August 2026, there will be no more security updates. At that time, the existing packages will subsequently be migrated to the historical Debian archive site. This will be visible in the output from the weekly cron job script as errors that the packages files can’t be found. Two steps are needed at that time:
-
If you have been using the weekly cron job, it should be deleted:
rm /etc/cron.weekly/apt-show-upgradeable
(you may need to answer
y
to confirm) -
Change the /etc/apt/sources.list file to point to the archive site. Although there will be no more security updates, this will enable downloading of additional packages if they are needed. The new lines that should replace the corresponding existing lines are:
deb http://archive.debian.org/debian/ bullseye main contrib non-free deb http://archive.debian.org/debian-security bullseye/updates main contrib non-free
And if you are using
deb-src
lines:deb-src http://archive.debian.org/debian/ bullseye main contrib non-free deb-src http://archive.debian.org/debian-security bullseye/updates main contrib non-free
Otherwise the
deb-src
lines can be commented out (with a leading#
). Any otherdeb
ordeb-src
lines relating to updates, proposed-updates etc. should likewise be commented out.In addition, if you want to install packages from more recent distributions that have been backported to bullseye you can add:
deb http://archive.debian.org/debian-backports bullseye-backports main contrib non-free
However, the “backports” are not normally needed.
Lastly, update the index files:
apt-get update
This may generate an error about a
Release
file having expired, but that is benign.
Note
|
When support for Bullseye ends, it is strongly advised that you move your FS machine behind a firewall and/or upgrade it to a more recent FS Linux release. |
Appendix C: Other Maintenance Procedures
This appendix covers additional procedures for maintaining your system.
C.1. Update IP address, hostname, FQDN, and other network information
This is useful if the computer is physically moved to a different site, its IP address changes, or its network information needs to be updated for a different reason. This is typically not needed if you use DHCP, though that may still require some of the changes in the Modify other system files step below (please let us know if you gain experience).
This subsection requires using nm-connection-editor on a graphic display (nmtui may be an option on a text terminal, but it has not been fully verified). You may need to be root or desktop to do this. This subsection assumes you are in the program and have sufficient permissions.
Note
|
If you move the disks to a computer with a different mainboard model, the device names of the network interfaces may change. In that case, you will need to reselect the names as described in the sub-steps of the Stabilize network configuration section of the Additional Setup Items appendix. This should not be necessary if the origin and destination computers have the same mainboard. |
-
Select your connection and click the “gear” icon.
-
Select the
IPv4 Settings
(orIPv6 Settings
if you are using IPv6) tab. -
Adjust your
Manual
Method configuration:Addresses
,DNS Servers
(comma separated), andSearch domains
. -
Click
Save
. -
Close the window by pressing Esc (while the focus is on that window).
-
Update the information as appropriate. The system may have initially been installed with the default hostname debian and no domain name.
/etc/hostnameChange your hostname
/etc/hostsUpdate your IP address, FQDN (canonical name), and alias (typically the hostname, but multiple aliases/nicknames are allowed).
If you moved your computer to a new LAN environment, you may also want to update the nodes and aliases listed, see also Setup /etc/hosts.
/etc/networksUse your local subnet (class A, B, or C) for the localnet line.
/etc/mailnameUse fully qualified node name.
NoteIf your system doesn’t have a FQDN or you don’t want to show it in e-mail messages, you may be able to use a fake one. A FQDN may be necessary to allow messages to be sent successfully to some remote hosts and mailman mail lists. A possible strategy for this is to append .net to the node name you use in this file and the next. The node name in these two files can be different than the official hostname. However, these two mail related files should be consistent. You might consider fs1-<xx>.net (or fs2-<xx>.net), where <xx> is your station two letter code (lower case).
/etc/exim4/update-exim4.conf.confLook for
hostnames=
, use fully qualified domain name.Then execute:
update-exim4.conf
When finished, reboot.
C.2. Increase the size of an LVM volume
It is possible to increase the size of an LVM volume if there is additional room available in its volume group. These instructions assume you will be resizing a logical volume for a typical configuration. For example, for the logical volume mounted at /usr2, on RAID device /dev/md0, which is using /dev/sda2 and /dev/sdb2. Additionally, example pathnames are given in the instructions below for adjusting the size of the logical volume for /usr2. All these names may be different if you want to resize a different volume and/or your disk configuration is different.
-
Preparation
-
Check that there is enough free space available.
Examine the output of:
vgs
You can increase the size of a logical volume if the volume group (under the
VGS
column heading) has enough free space (VFree
heading) for the increase. Typically, the volume group would bevg0
. -
Determine the
Path
of the logical volume you want to extend.-
Get a listing to relate the internal device-mapper pathnames (under the
Filesystem
column heading) and where the logical volumes are mounted (Mounted on
heading). For example, /dev/mapper/vg0-usr2 would typically be mounted at /usr2.df -h
-
Get a listing to relate the internal device-mapper pathname (under the
DMPath
column heading) to the logical volumePath
. For example, for /dev/mapper/vg0-usr2, thePath
would typically be /dev/vg0/usr2.lvdisplay -C -o lv_dm_path,lv_path
-
For the mount point of the logical volume you want to extend, determine the
Path
using the internal device-mapper pathname from the above two sub-steps. For example, the logical volume for /usr2 would typically correspond to /dev/mapper/vg0-usr2 and the correspondingPath
would be /dev/vg0/usr2.
-
-
-
Pre-check (optional)
This sub-step is not required but can be used, along with the “Post-check” sub-step below, to check that the volume size changed as expected and that no files were lost or changed size/modification-time.
-
Get the size (under the
1G-block
column heading) of the logical volume (Mounted on
heading) for the volume of interest:df -BG
Record the size to compare to the results in the “Post-check” sub-step below.
-
Make a listing of the files on the
mount_point
(include the leading/
) to be changed. For example, themount_point
might be /usr2.ls -ltR mount_point >/tmp/before.txt
-
-
Make the change, using the
Path
you determined in the “Preparation” sub-step above.-
Make a backup of your system.
NoteThis sub-step, and recovery in case of a problem, is much easier if you using the FSL11 RAID system. If not, it is strongly recommended that you make your own backup of your entire system. The remainder of this sub-step assumes you are using a RAID, following the approach of the Recoverable testing procedure in the Raid Notes for FSL11 document. If you are using a RAID, you can drop the primary disk out of the RAID to save as a backup:
drop_primary
-
Extend
Path
For the logical volume (mount point) you want to extend, you can either:
-
Incrementally increase the size. For example, to increase
Path
by 4 GB:lvextend -L+4G Path
-
Set the size to a new larger total size, say 8GB:
lvextend -L8G Path
-
-
Resize
Path
ImportantDo not interrupt the next command. If it is interrupted and you are using the Recoverable testing procedure in the Raid Notes for FSL11 document, you will need to utilize the If the update is deemed to have failed subsection of that procedure. Otherwise, if you are not using that procedure, you will need to use your own recovery method. resize2fs Path
-
-
Post-check (optional)
This sub-step is not required but can be used, if the “Pre-check” sub-step above was used, to check that the new size is correct and no files were lost or changed size/modification-time.
-
Check that the size of the logical volume (under the
Mounted on
column heading) has the expected new size in the output of:df -BG
Compare the result to that in the “Pre-check” sub-step above.
-
Make a listing of the files on the
mount_point
(include the leading/
) that was changed. For example, themount_point
might be /usr2.ls -ltR mount_point >/tmp/after.txt
-
Compare the before and after listings of the files
diff /tmp/before.txt /tmp/after.txt
There should be no differences in the listings except any changes that can explained by other expected activity that occurred since the “Pre-check” sub-step above. If there was no other activity on the logical volume, there should be no differences.
-
-
Cleanup
NoteIf you not are using the Recoverable testing procedure in the Raid Notes for FSL11 document, you will need to use your own methods to restore the system if there was a problem. This step describes how to proceed if you are using the referenced procedure. There are two options:
-
If you are satisfied with the change, you can recover the RAID with:
recover_raid
This should only take a few minutes.
NoteThe change in the volume size will not propagate to the shelf disk until the next disk rotation. -
If you are not satisfied with the change, you can try again if you first restore the RAID using the If the update is deemed to have failed subsection of the Recoverable testing procedure in the Raid Notes for FSL11 document.
-
Appendix D: Rescue Mode
Rescue mode is useful for repairing some problems that prevent booting and/or logging in.
Note
|
If your computer’s setup utility is locked with a password, you may need that password to select booting from your installation media. |
Note
|
You should provide suitable values for your system when a specific value is required. Values that agree with the FSL11 install described in this document (or reasonable defaults) are shown in parentheses. |
-
Boot from installation media
-
Select
Advanced options …
-
Select
… Rescue mode
NoteYou could instead add parameters to the boot line (by entering e for UEFI or Tab for BIOS on the
… Rescue mode
line instead), following the directions in the Set boot options and boot installer section above. This is not necessary nor usually helpful, but if you use this approach the most useful parameters are probablynetcfg/disable_dhcp=true
and/ortime/zone=UTC
. Use of added parameters will change the dialogue below. -
Select Language (
English
) -
Select Location (
United States
) -
Select Keymap (
American English
) -
Network configuration
If you computer has more than one network interface, select your primary interface when presented with the choice.
If no network is currently available (or you know that you do not need it for the rescue), simply press Enter when DHCP autoconfiguration starts and press Enter again for the resulting
Network autoconfiguration failed
message. Thereafter selectDo not configure the network at this time
and confirm the default hostname (debian
) when prompted before continuing below.If the DHCP autoconfiguration succeeds before you can stop it, you may as well confirm the hostname and domainname and continue with the network anyway, since you never know when it might prove useful. (However, if you want to make sure you don’t use the network, you can select
Go Back
and press Enter for the resultingNetwork autoconfiguration failed
message. Thereafter selectDo not configure the network at this time
and confirm the default hostname,debian
, when prompted before continuing below.)Otherwise if the DHCP autoconfiguration fails and you want to use the network, press Enter for the resulting
Network autoconfiguration failed
message. You can then select the appropriate option, most likelyConfigure network manually
and give appropriate responses to the prompts, ultimately continuing below. -
Select time zone (
Eastern
)NoteThe selected time zone will have no effect on the timestamps stored on the disk for any changes you may make, but will affect the displayed times you see. -
Unless you are not using Software RAID, select
Assemble RAID array
Press Space on
Automatic
and Enter to continue -
Select your root file system (/dev/vg0/root)
-
Select
Yes
to mount separate /boot partition (/boot), unless it is corruptFor UEFI boot also select
Yes
to mount separate /boot/efi partition (/boot/efi), unless it is corrupt -
Select Execute a shell in /dev/vg0/root (or whatever your root file system is)
-
Select
Continue
to enter rescue mode -
Use whatever commands are needed for your repair
NoteIf you need to use the network, DNS does not appear to work by default in recovery mode. Use of explicit IP addresses does work. If you need to use DNS, you can make it functional by deleting the symbolic link /etc/resolv.conf and creating it as a normal file with the nameserver information you want, e.g.:
rm /etc/resolv.conf cat >>/etc/resolv.conf <<EOF nameserver 8.8.8.8 EOF
-
Use the exit command to exit when done
-
Select
Reboot the system
-
“Bob’s your uncle” (i.e., you are done!)