Arch Server Progress

phenomlab

@Madchatthew The general rule of thumb with Linux is that every kernel update attracts a reboot. The reason for this is that these updates cannot be affected with the kernel in use, so a reboot is the only way to ensure you have the best protection.

You cannot upgrade the Linux kernel without rebooting. At least not in a way you would think.

There are technologies like systemtap, dtrace, kpatch or kgraft which allow for small modifications of kernel code. These are meant as short “workarounds” to prevent security threats, and to typically to give you more time until you plan a maintenance window for reboot.

You will have to reboot at some point and should design your infrastructure for that (in the commercial sense).

Madchatthew

@phenomlab this makes a lot of sense. I don’t mind rebooting the server then. I am just glad that I won’t have to reinstall the operating system at some point like I do with Debian and the others. I don’t think you have to reinstall the operating system with Fedora either. It would be interesting to run a web server off of Fedora.

I will have to start implementing reboots into my upgrading schedule to make sure the latest security patches are in place. I am still happy with Arch though. I am having a great experience so far with it and I hope that it stays that way.

Madchatthew

I updated the server, waited about 30 seconds, probably closer to 20 and was able to access the server and the sites were back up and running with no flaws. Now I am running the current Linux kernel.

Madchatthew

So my Brother-In-Law messaged me that he wasn’t able to send or receive email. I thought, well that is weird because it should all be up and running. So I remote into the server and start doing some investigation and I found that somehow Dovecot became disabled. So I used sudo systemclt enable dovecot and then sudo systemctl start dovecot and finally sudo systemctl status dovecot to verify that the service is enabled and started.

So the lesson I learned from this is that, once you update, reboot to be on the latest kernel, is to go through and make sure all of your services are running. Normally I would just go to the website and make sure that both websites are displaying and functioning as intended and call it a day. I should have been checking all of the services from the beginning. Now I will be putting this in practice.

This brings me to the next project with this server, is that now I plan on making a bash script that I can run that will go through and check each service and return a “Service Running” message. “Service” would name the service of course, so whether it is NGINX, FPN, Postfix, Dovecot and any others would show that message. Just to make that process quick and easy and less painful of typing the command a bunch of times.

phenomlab

@Madchatthew Interesting how Dovecot was suddenly disabled. Anything of interest in /var/log/dovecot.log or /var/log/mail.log?

Madchatthew

@phenomlab this is another lesson I need to learn is to check the logs. I am usually the person that sees what the status is of the service, try to restart it and go from there, then start googling. I think though that looking at the log files first would save me a lot of time from googling and such. Or at least being able to know what to google for to help fix an issue faster. I am doing the process backwards. So I am going to remote in and look at those logs to see what they say in regard to the Dovecot service being disabled. There is a small chance that I forgot to enable the service, but I am pretty sure I enabled it.

I will look at those logs and update here what I find out.

phenomlab

@Madchatthew You’d be surprised at the amount of times I’ve setup a service and forgot to enable it!

Madchatthew

@phenomlab yes and I am leaning more towards me forgetting to enable the service. Especially if there is nothing in the logs that specifically says it was disabled for some reason

Madchatthew

So, I know that AI is being used for all sorts of nefarious things out this world, but I also believe there are more people using AI for good that for bad things. One such case in point, I just used Chatgpt to write a bash script so I can check to make sure services are running. And let me tell you, it did a beautiful job!

I wrote out the following prompt:

Write a bash script for Arch linux to check if the following services are running:

nginx
php-fpm
mariadb
postfix
dovecot

For each of the checks, display in the terminal if they are running or stopped

I am sure there are others ways to do this, but it looks like it took it’s queue on my “For each of” and wrote a for each statement. In the prompt in Chatgpt none of the wording is bolded or colored in blue. Which is perfectly fine. I added Redis and UFW to the code in my script file to make sure those are running as well.

Then Chatgpt told me to make the script executable using chmod +x check_services.sh and to double check to make sure that it chose the correct service names and to use systemctl list-units --type=service to get the exact names of the services and change accordingly.

So I did that and everything checks out. Then, Chatgpt prompted me and said if you would like to make this color coded let me know. So I did the following prompt:

This work perfectly. Please include color-coded output

This was the final code that Chatgpt outputed:

#!/bin/bash

# Colors
GREEN="\033[0;32m"
RED="\033[0;31m"
NC="\033[0m"  # No Color

# List of services to check
services=(
  nginx
  php-fpm
  mariadb
  postfix
  dovecot
  redis
  ufw
)

echo "Checking service statuses..."

# Loop through each service
for service in "${services[@]}"; do
  status=$(systemctl is-active "$service")
  if [[ "$status" == "active" ]]; then
    echo -e "${service}: ${GREEN}Running ✅${NC}"
  else
    echo -e "${service}: ${RED}Stopped ❌${NC}"
  fi
done

So upon running this in the terminal when remoted into the server ./checkservices I get the following output:

I am happy with the results and now have a super easy way to double check and make sure all of the services are running after I reboot the server when a new kernel is installed.

phenomlab

@Madchatthew Yes, ChatGPT excels in this sense, and does take queues from key items you describe, which sets it apart from others. I actually have a monthly paid subscription to ChatGPT because I use it more frequently these days for something else I have in the pipeline I’m working on.

Madchatthew

@phenomlab That is awesome! I think I am going to start using Chatgpt to help with some programming and if nothing else, it should be able to help me understand how to program some things or rather aspects of an app whether web or otherwise.

Madchatthew

One of the package install options is the AUR. These are programs that can’t be installed using pacman, and are apps that can be installed. Usually the options are to install yay or paru. I am one that doesn’t like extra programs on their computer if I don’t need it. It is another app that can have issues on an upgrade. Of course there is no doubt that typing sudo yay -S google-chrome is way easier and quicker.

So how do you install from aur.archlinux.org with either of those apps. Easy, lets go through it step by step.

1. Go to the website aur.archlinux.org

2. We will use google-chrome for an example. I use chrome off the AUR so that I can log in and have all my bookmarks and extensions sync.

3. On the page for google-chrome on the AUR there will be a link next to Git Clone URL:.

4. Click on the link, which is read only to copy the link.
   

5. Go to your terminal and type cd Download - this changes to the Download directory.

6. Type git clone 'right click and paste here' the link that you clicked on to copy.

7. Press Enter and now the contents will be downloaded.

8. Change directory to the new one that appears, which in this case would be google-chrome

9. Once in this directory, now type makepkg -s -i and it will install after updating packages and compiling. The -s will install missing dependencies and -i will tell makepkg to install after a successful build.

So now that you have been using good chrome and it says to restart to install the latest update and you do that, but no updates install. That is where you would need to type sudo yay -U google-chrome to upgrade. Or I prefer to do the following.

1. Go to the Downloads folder then to the program folder that you want to update in the terminal. In this case Downloads/google-chrome

2. Type git pull

3. Type makepkg -s -i after git is done pulling down the updates.

4. Go through the install process after a successful build.

You will need to put in your password a couple of times and that is normal. Hope this helps and thank you!

phenomlab

@Madchatthew Another great guide - thanks.

Madchatthew

@phenomlab Thank you! And you are welcome! I had struggled with this the first couple times that google chrome had an update. Then I finally got it that I have to do that each time and that it isn’t done automatically.

phenomlab

@Madchatthew This is one of the things that I always loathe about unmaintained repositories. They are so easily abandoned these days and it’s often not until the months have gone by where you realise your browser is woefully out of date because the repository no longer has anyone lovingly updating it.

Madchatthew

@phenomlab Yeah I am with you there. If they stop maintaining the google chrome one I will have to import my bookmarks and stuff into a different one and switch. I hoping they don’t stop maintaining it though.

Now some software once it is installed will have an update feature so you don’t have to do that every time, but unfortunately, the google chrome one doesn’t.

phenomlab

@Madchatthew said in Arch Server Progress:

Now some software once it is installed will have an update feature so you don’t have to do that every time, but unfortunately, the google chrome one doesn’t.

Yes, that was always the case with the Ubuntu repository for Chrome. PITA.

Madchatthew

@phenomlab said in Arch Server Progress:

PITA

LOL yes for sure!!