Tuesday, 7 February 2023

Restoring NextCloud to a New OpenSuse build

I have been running my Nextcloud instance on OpenSuse 15.3 which has reached EOL, so it was time to upgrade. Unfortunately, something went awry with the in-place 15.3->15.4 upgrade resulting in a trashed btrfs filesystem. Fair enough, not a problem, I have tiered backups using rsnapshot on a separate volume which include not only the Nextcloud www and data directories but also /etc for good measure. Before each rsnapshot run, I also mysqldump a copy of the Nextcloud database into the top of the data directory.

This time, unlike previous OpenSuse+Nextcloud builds, I'm not going to install the official Nextcloud package since it's always an older verion. I can just plonk the backup copy into /srv/www/htdocs and be done with it. I chose the LAMP server pattern for my OpenSuse install, restore the backup directory, and reload the database into MariaDB. All very simple but it ain't working, so what have I missed?

  1. Set permissions on the restored files. They should be owned by wwwrun and be chmod 750
  2. Apache config (you can use the Yast sysconfig tool for this),
    1. Add ssl, rewrite and headers to the modules list in sysconfig
    2. Make sure Apache is started with SSL option
    3. Restore the /etc/apache2 config directory from backup so it has vhosts and SSL config correct 
  3. PHP config (I'm still with PHP 7 at this point)
    1. Make sure all the Nextcloud PHP module dependencies are installed
    2. Install php-apcu and php-cli
    3. Edit PHP config as outlined in my previous posting to enable opcache, apcu and up the memory limits.
  4. Cron config
    1. Restore /etc/cron.d from backup
    2. Change permissions on all the files to 644
  5. Letsencrypt config (seems to be installed be default in the 15.4 LAMP pattern)
    1. Restore /etc/letsencrypt from backup
  6. Networking
    1. Make sure hostname and IP address are set so that SSL certificates work externally
    2. Open firewall ports for http and https

If you remember these then the rebuild takes maybe an hour. A lot of this is restoring files - I'm using SSD's so if you are stuck with HDD's this might be rather longer.

Another trick is that OpenSuse 15.4 now offers a downloadable updated ISO image which includes patches. This speeds up the install a fair bit.

Sunday, 22 January 2023

Running KVM VM's as a regular user on OpenSuse 15.4

 Things you need to do to allow a regular user to use virt-manager for VM's

  1. Add user to the following groups: kvm, libvirt, qemu
  2. These bits let regular users redirect USB devices to a VM...
    Add the line: org.spice-space.lowlevelusbaccess     yes:no:yes
    to: /etc/polkit-default-privs.local 
  3. After this run: /sbin/set_polkit_default_privs
  4. Add the line: usr/bin/spice-client-glib-usb-acl-helper  root:root  4755
    to: /etc/permissions.local
  5. After this run: chkstat --system --set
Credit to simon at serverfault