Arrdino

I just upgraded to Fedora 13, all went smoothly.. or so I thought. When it finally became time login to my new system I got a error saying ksmserver wouldn’t start, and my session would then close and throw me back to the login screen.

Turning to a console I decided to run ‘ksmserver’ and see what errors I got, sure enough it failed. There was a mismatch between the versions of  libGL.so and libGLCore.so.
The libGL.so being used was offered by the “mesa-libGL” package, the other the “kmod-nvidia” package. I thought this was odd, should it be using the mesa libGL? I dunno, what I do know is the nvidia package does install nvidia’s own libGL.so library.. maybe the package was suppose to set up the links? Maybe the mesa one is suppose to be compatible?

Anyway this is how the linking looked:

# ls -l /usr/lib64/libGL.so*
lrwxrwxrwx. 1 root root 10 May 31 16:06 /usr/lib64/libGL.so -> libGL.so.1
lrwxrwxrwx. 1 root root 15 Jun 1 10:43 /usr/lib64/libGL.so.1 -> libGL.so.190.42
-rwxr-xr-x. 1 root root 439952 May 1 10:38 /usr/lib64/libGL.so.1.2
-rwxr-xr-x. 1 root root 928808 Dec 11 09:43 /usr/lib64/libGL.so.190.42


So I linked ‘libGL.so.1 to the nvidia one:

cd /usr/lib64
unlink libGL.so.1
ln -sf /usr/lib64/nvidia/libGL.so.1 libGL.so.1

So it looks like:

# ls -l /usr/lib64/libGL.so*
lrwxrwxrwx. 1 root root 10 May 31 16:06 /usr/lib64/libGL.so -> libGL.so.1
lrwxrwxrwx. 1 root root 28 Jun 1 11:00 /usr/lib64/libGL.so.1 -> /usr/lib64/nvidia/libGL.so.1
-rwxr-xr-x. 1 root root 439952 May 1 10:38 /usr/lib64/libGL.so.1.2
-rwxr-xr-x. 1 root root 928808 Dec 11 09:43 /usr/lib64/libGL.so.190.42


I restarted X (just to be on the safe side) and logged in… problem solved!

NOTE: To restart X under fedora you just kill the kdm or gdm process as X is spawned as a part of inittab (pkill kdm). Unlike a debian based system in which it’s a init script (/etc/init.d/kdm restart).

It’s a bit of a hack, and hopefully it will be fixed properly, but here is at least a solution that works!

A few of us here at work are using Fedora 12, two of the guys upgraded Fedora to find X not starting, seemingly a broken nvidia driver. Because they had issues I was careful about updates. But the inevitable happened.. I updated killing my Xorg.

I decided I’d do a bit of research into what was actually happening.. the fix the others used at work was to install the free nvidia driver or use a driver without proper 3D support, I didn’t like this so I started by checking my logs and then some google-fu.

The Xorg log file showed (/var/log/Xorg.0.log):

(II) May 11 11:18:49 NVIDIA: Using 768.00 MB of virtual memory for indirect framebuffer
(II) May 11 11:18:49 NVIDIA: access.
(II) May 11 11:18:49 NVIDIA(0): Initialized GPU GART.
(II) May 11 11:18:52 NVIDIA(0): Setting mode
(II) May 11 11:18:52 NVIDIA(0): "DFP-0:nvidia-auto-select+0+0,DFP-1:nvidia-auto-select+1680+0"
(EE) May 11 11:18:56 NVIDIA(0): WAIT: (E, 0, 0x827d, 0)

Notice it seemed to hang on a wait.

So I checked the kernel log (/var/log/messages) and found a lot of repeating entries:

May 11 11:19:55 localhost kernel: DMAR:[DMA Read] Request device [01:00.0] fault addr 22d226000
May 11 11:19:55 localhost kernel: DMAR:[fault reason 01] Present bit in root entry is clear
May 11 11:19:55 localhost kernel: DRHD: handling fault status reg 2

These repeated hundreds of times.
OK so time to start googling, it turns out these errors seem to point to the PCI bridge or something related to that, the device [01:00.0] turns out to be the address of my video card.

Some google hits talked about a bios issue and recommend adding “intel_iommut=off” to the kernel line, I also found mention in a kernel mailing list post about “intel_iommu=off”, as my PCI bus was made by Intel I thought I’d give it a go.
NOTE: To check your PCI Bus you can use the “lspci” command.

For the keen observers you’ll notice intel_iommut and intel_iommu, I didn’t know if one had a typo so I added them both to my kernel line and booted.. and SUCCESS, Xorg started!

Updated Note: Thanks to Chris the only option you need is “intel_iommu=off”.

For those who don’t know how to add the extra stuff to your kernel command line permanently, then edit /boot/grub/menu.lst.

In this file there should be an entry for each kernel and operating system you have installed, each new entry starts with a “title” line, under which is a root, kernel and initrd line, just append the new option(s) to the end of the kernel line for the entry/kernel you want. e.g:

title Fedora (2.6.32.11-99.fc12.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32.11-99.fc12.x86_64 ro root=/dev/mapper/system-fedora noiswmd LANG=en_AU.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us rhgb quiet nouveau.modeset=0 vga=0×318 intel_iommu=off
initrd /initramfs-2.6.32.11-99.fc12.x86_64.img

NOTE: The kernel line above is actually wrapping to a new line in, but should actually be all on the same line.
So there you go.

Iptables is a powerful firewall/packet filtering framework inside Linux, and obviously used for firewalls on desktop, servers, and even embedded Linux devices such as most home internet routers. I was asked to write a script that could monitor and report network usage on one of our machines at work.

I took on the challenge and after searching package repositories and Google for cool Linux console apps that will report network usage, I came came across the idea of using iptables.. seeing as I love iptables, and it is installed by default on most machines it was the perfect solution for us.

The Idea
Iptables can be thought of a bunch of tables each containing some lists of rules called “chains”. There are some default chains which packets must progress through depending on the packets origin and destination. The main and default table that most people use is the ‘filter’ table, the default chains are:

• INPUT – Packets coming to the machine from the network.
• OUTPUT – Packets leaving your machine,
• FORWARD – Packets passing through your machine, if your machine routes packets.

Each of these chains have a default policy, that is what should happen if there is no rules or no rules matching the packet, this is either:

• ACCEPT – Allow the packet into the machine.
• DROP – Drop the packet,

Now the default chains cannot be changed, the packets will work through one of those chains, we can add any rules we want to filter these packets. Netfilter/iptables tracks the amount of data running through chains. So if you want to track all your incoming network usage you can just use the INPUT chain, but if we want to track more specific traffic, we can create a custom chain, add a rule to pass the specific packets to this new chain, and thus monitor the specific traffic! Easy huh!

Before I go into the script and specific iptables configuration I’ll show you readers some useful itptables commands:

• To see the manual page on iptables: man iptables
• To list the rules on the default (filter) table: iptables -L
• To list rules on other tables: iptables -t <tablename> -L

NOTE: If you add a -v you can see packet and byte counts.

Now we move onto what I did.

Network script and setup

I mentioned some iptables commands in the last section, so now I will describe the iptables command I use in the script for reporting:
iptables -L -n -x -v --line-numbers

The options mean:

• -L = List the rules
• -n = Do not do a DNS lookup, just show numbers
• -x = use exact byte values, don’t convert to M or G, this is needed to ease the maths.
• -v = verbose output, to actually show the counts
• –line-numbers = The script inserts rules as to not disrupt other iptables rules that it doesn’t control so we need to know the rule number.

With the reporting explained let now talk about how we setup iptables, this is just the theory, the script actually sets it up for you, but as you will have different requirements you’ll need to know

In this example we will only be only worried about monitoring things going through a proxy, which we’ll call 192.168.1.10 and traffic not coming from our local network, not via the proxy (not on 192.168.1.0/24). As the we get the required byte counts from the rule on the INPUT chain, we can use 1 custom chain for both types of traffic. So the first step is to create the custom chain and then add rules to match these packets:

iptables -N DOWNLOADED

Then we add a rule for each of the traffic conditions we want to track:

# Proxy rule
iptables -I INPUT 1 -s 192.168.1.10 -j DOWNLOADED

# Not our network rule
iptables -I INPUT 1 ! -s 192.168.1.0/24 -j DOWNLOADED

The above rules break down like:

• -I INPUT 1 = Insert into the INPUT chain at index 1 (1 based).
• -s <ip address or network> = Source is from <ip address>, the ‘!’ means negate (read as ‘not’)
• -j DOWNLOADED = Jump or push this packet over to the DOWNLOADED chain.

See simple huh… ok maybe not, it is quite easy once you’ve used iptables for a while. Anyway, now that we have iptables set up I can talk about the script.

When ever the machine is rebooted or the chains flushed the counts will be zero’d out again, and as the chains only store the totals we need to keep track of the previous values so we can do a calculation. So I log the entries as three values (columns) separated by tabs:

date proxy bytes non-network bytes


The report I then generate says to usage since last check and current total, but the current total since when? In stead of having to parse the file since the last flush/reboot I simply have another file storing the last run with the following structure, similar to the log but containing the date of the last reset.

date proxy bytes non-network bytes total start date

Anyway without further adieu I’ll now present my script, it contains the reporting, and I have my own function that makes the report counts human readable:

#!/usr/bin/env python

import sys
import os
import datetime
from send_email import send_email

# Global Variables
PROXY = "192.168.1.10"
NETWORK = "192.168.1.0/24"

IPTABLES_CUSTOM_CHAIN = "DOWNLOADED"
IPTABLES_CREATE_CHAIN = "iptables -N " + IPTABLES_CUSTOM_CHAIN
IPTABLES_DELETE_CHAIN = "iptables -X " + IPTABLES_CUSTOM_CHAIN
IPTABLES_PROXY_RULE = "INPUT %s -s " + PROXY + " -j " + IPTABLES_CUSTOM_CHAIN
IPTABLES_NOT_NETWORK_RULE = "INPUT %s ! -s " + NETWORK + " -j " + IPTABLES_CUSTOM_CHAIN

IPTABLES_REPORT_CMD = "iptables -L -n -x -v --line-numbers"

# Result column indexes
TIMESTAMP_IDX = 0
PROXY_IDX = 1
NOT_NETWORK_IDX = 2
TOTAL_START_IDX = 3

# Format of the folling files: date     proxy bytes     non-network bytes
# NOTE: Seperated by tabs (\t)
LAST_RESULT = "/home/dpadmin/matt/bin/netmon.last"
RESULT_LOG = "/home/dpadmin/matt/bin/netmon.log"

# Email reporting variables
EMAIL_TO = ['email@address.goes.here']
EMAIL_FROM = 'email.from@address.goes.here'
EMAIL_SUBJECT = 'Network Usage Report - %s'
EMAIL_ATTACHMENTS = []
EMAIL_SERVER = 'localhost'
EMAIL_MSG = """Network usage between: %s and %s

Proxy Traffic:
  Usage: %s
  Current Total: %s

Non Network Traffic:
  Usage: %s
  Current Total: %s

Total since: %s
"""

def human_readable(bytes):
        if bytes < 1024:
                return str(bytes)
        for x in 'K', 'M','G':
                bytes /= 1024.0
                if bytes < 1024:
                        return "%.2f%s" % (bytes, x)
        if bytes > 1024:
                return "%.2f%s" % (bytes, 'G')

def make_human_readable(results):
        return (results[0], human_readable(results[1]), human_readable(results[2]))

def get_totals():
        timestamp = generate_timestamp()
        result = os.popen(IPTABLES_REPORT_CMD)
        proxy_bytes = 0
        network_bytes = 0

        # Parse the output.
        # 1. Find "Chain INPUT" that way we know we have the right chain.
        # 2. Look for 1 and 2 in the first column, as they are our rules.
        # 3. Find out which one is the proxy one.
        # 4. return totals.
        start = False
        for line in result:
                if line.startswith("Chain INPUT"):
                        start = True
                elif line.startswith("Chain"):
                        start = False
                elif start:
                        cols = line.split()
                        if len(cols) != 0:
                                if cols[0] == '1' or cols[0] == '2':
                                        # Found our rules
                                        if cols[8] == PROXY:
                                                proxy_bytes = int(cols[2])
                                        else:
                                                network_bytes = int(cols[2])

        return (timestamp, proxy_bytes, network_bytes)

def generate_timestamp():
        d = datetime.datetime.now()
        datestr = "%d/%.2d/%.2d-%.2d:%.2d:%.2d" % (d.year, d.month, d.day, d.hour, d.minute, d.second)
        return datestr

def get_last():
        if os.path.exists(LAST_RESULT):
                lstFile = file(LAST_RESULT).readlines()
                result = lstFile[0].strip().split()
                result[PROXY_IDX] = int(result[PROXY_IDX])
                result[NOT_NETWORK_IDX] = int(result[NOT_NETWORK_IDX])
                return tuple(result)
        else:
                timestamp = generate_timestamp()
                return (timestamp, 0, 0, timestamp)

def _cleanup_iptables():
        os.system("iptables -D %s" % (IPTABLES_PROXY_RULE % ("")))
        os.system("iptables -D %s" % (IPTABLES_NOT_NETWORK_RULE % ("")))
        os.system(IPTABLES_DELETE_CHAIN)

def start():
        # Incase the rules alread exist lets remove them
        _cleanup_iptables()

        # Now we can add them
        os.system(IPTABLES_CREATE_CHAIN)
        os.system("iptables -I %s" % (IPTABLES_PROXY_RULE % ("1")))
        os.system("iptables -I %s" % (IPTABLES_NOT_NETWORK_RULE % ("1")))

def stop():
        # Delete the rules TOTAL_START_IDX
        _cleanup_iptables()

def report():
        last = get_last()

        # Now we need to get the byte totals from iptables.
        new_totals = get_totals()

        reset_detected = False
        proxy_usage = 0
        not_network_usage = 0
        total_start = last[TOTAL_START_IDX]
        if last[PROXY_IDX] > new_totals[PROXY_IDX]:
                # Counters must have been reset.
                reset_detected = True
                proxy_usage = new_totals[PROXT_IDX]
                not_network_usage = new_totals[NOT_NETWORK_IDX]
                total_start = new_totals[TIMESTAMP_IDX]
        else:
                # Do the calc
                proxy_usage = new_totals[PROXY_IDX] - last[PROXY_IDX]
                not_network_usage = new_totals[NOT_NETWORK_IDX] - last[NOT_NETWORK_IDX]

        result = (new_totals[TIMESTAMP_IDX],proxy_usage, not_network_usage)
        result_str = "Timestamp: %s Proxied: %s Off Network: %s"

        # Write out the new last totals to the log and last.
        last_file = file(LAST_RESULT, 'w')
        tmp_list = []
        tmp_list.extend(new_totals)
        tmp_list.append(total_start)
        last_file.write("%s\t%d\t%d\t%s\n" % tuple(tmp_list))
        last_file.close()

        log = file(RESULT_LOG, 'a')
        log.write("%s\t%d\t%d\n" % new_totals)
        log.close()

        last = make_human_readable(last)
        new_totals = make_human_readable(new_totals)
        result = make_human_readable(result)

        print "Last Total - " + result_str % last
        print "New Total - " + result_str % new_totals
        print "New Usage - " + result_str % result

        if reset_detected:
                msg = " == RESET DETECTED! == \n"
        else:
                msg = ""

        # Send the email report
        msg += EMAIL_MSG % (last[TIMESTAMP_IDX],result[TIMESTAMP_IDX], result[PROXY_IDX], new_totals[PROXY_IDX], result[NOT_NETWORK_IDX], new_totals[NOT_NETWORK_IDX], total_start)
        send_email(EMAIL_FROM, EMAIL_TO, EMAIL_SUBJECT % (result[TIMESTAMP_IDX]), msg, EMAIL_ATTACHMENTS, EMAIL_SERVER)

def main(args):
        if len(args) == 0:
                # Run report
                report()
        elif str(args[0]).upper() == "CLEAR":
                stop()
        elif str(args[0]).upper() == "FLUSH":
                stop()
        elif str(args[0]).upper() == "STOP":
                stop()
        elif str(args[0]).upper() == "INITIATE":
                start()
        elif str(args[0]).upper() == "START":
                start()
        elif str(args[0]).upper() == "INITIALISE":
                start()
        elif str(args[0]).upper() == "REPORT":
                report()

if __name__ == "__main__":
        main(sys.argv[1:])

The send email code looks like:

import smtplib
import os
from email.MIMEMultipart import MIMEMultipart
from email.MIMEBase import MIMEBase
from email.MIMEText import MIMEText
from email.Utils import COMMASPACE, formatdate
from email import Encoders

def send_email(send_from, send_to, subject, text, files=[], server="localhost"):
  assert type(send_to)==list
  assert type(files)==list

  msg = MIMEMultipart()
  msg['From'] = send_from
  msg['To'] = COMMASPACE.join(send_to)
  msg['Date'] = formatdate(localtime=True)
  msg['Subject'] = subject

  msg.attach( MIMEText(text) )

  for f in files:
    part = MIMEBase('application', "octet-stream")
    part.set_payload( open(f,"rb").read() )
    Encoders.encode_base64(part)
    part.add_header('Content-Disposition', 'attachment; filename="%s"' % os.path.basename(f))
    msg.attach(part)

  smtp = smtplib.SMTP(server)
  smtp.sendmail(send_from, send_to, msg.as_string())
  smtp.close()

The script will setup the iptables setup by:

network_monitor.py start
network_monitor.py initiate
network_monitor.py initialise


To clean up iptables:

network_monitor.py clear
network_monitor.py flush
network_monitor.py stop


and finally to report:

network_monitor.py report
network_monitor.py


If you wish to graph the log then using higher and higher totals might not be what you want, so here is another script which parses the totals log and turns each entry into the daily usage, in MB, rather then totals:

#!/usr/bin/env python

import sys
import os

OUT_FILE = "netmon_graph.dat"

def main(netmon_log):
        if not os.path.exists(netmon_log):
                print "Error %s doesn't exist!" % (netmon_log)
                sys.exit(1)

        inFile = file(netmon_log)
        outFile = file(OUT_FILE, 'w')

        outFile.write("%s\t%s\t%s\n" % ("Date", "Proxy", "Non-Network"))

        line = inFile.readline()
        lastProxyValue = 0
        lastNetValue = 0
        while len(line) > 0:
                #process
                cols = line.strip().split()
                if len(cols) == 3:
                        date = cols[0]
                        proxy = long(cols[1])
                        net = long(cols[2])

                        if proxy < lastProxyValue or net < lastNetValue:
                                lastProxyValue = 0
                                lastNetValue = 0

                        # Calc
                        newProxy = proxy - lastProxyValue
                        newNet = net - lastNetValue

                        lastProxyValue = proxy
                        lastNetValue = net

                        # Convert to MBs
                        newProxy = float(newProxy) / 1024.0 / 1024.0
                        newNet = float(newNet) / 1024.0 / 1024.0

                        outFile.write("%s\t%.2f\t%.2f\n" % (date, newProxy, newNet))

                line = inFile.readline()

        inFile.close()
        outFile.close()

if __name__ == "__main__":
        main(sys.argv[1])

Happy network monitoring!

Fedora by default only supports free software, which is awsome.. but if you have some music in a non-free or non-OSS codec, you still want to play it.. if your using Amarok then just:
sudo yum install xine-lib-extras-freeworld

NOTE: The above package isn’t available in the default Fedora repositories, it requires the RPMFusion repos!

This is a simple post, I’ve been benchmarking some MySQL storage engines at work, and sometimes from the command line I want to make sure I know what storage engine I’m using. Its actually very easy, but for some reason I keep forgetting the command. This post is for memory sake.

mysql> show table status;

or
mysql> show create table <table name>;

I know, I know, most Fedora users probably are giving me the evil eye as they read this, but I find this tip useful when something on my desktop machine isn’t behaving properly and I want to see if it’s SELinux causing the behaviour, or if I want to stop the security for I one time only test.

For example, when migrating some of our unit tests, some virus scanning unit tests were failing, as this was a test I don’t run on my Desktop except on this occasion, it was simply easier to disable SELinux while I run the test.. it ran fine, so I could turn it back on, and tick it off my list.

By disable I actually mean put SELinux into passive mode, which allows everything, but still logs problems.

Anyway, to temporarily disable SELinux as root run one of these:
echo 0 > /selinux/enforce
setenforce 0


To re-enable it simply echo 1:
echo 1 > /selinux/enforce
setenforce 1


There is an Australian FTP RPMFusion mirror:
baseurl=ftp://mirror.transact.net.au/rpmfusion/free/fedora/releases/$releasever/Everything/$basearch/os/
baseurl=ftp://mirror.transact.net.au/rpmfusion/nonfree/fedora/releases/$releasever/Everything/$basearch/os/

For updates:
baseurl=ftp://mirror.transact.net.au/rpmfusion/free/fedora/updates/$releasever/$basearch/
baseurl=ftp://mirror.transact.net.au/rpmfusion/nonfree/fedora/updates/$releasever/$basearch/

NOTE: This purpose of this post is simply for future reference.

By default Fedora 12 doesn’t install Sun’s Java, and it isn’t in the repository. This isn’t a mistake, in fact I think this is a good decision! Fedora is only dealing with free open source software. You can add other repositories to give you the extra non OSS software you want, for those who cannot live without certain software.

Fedora uses the OpenJDK, which I think is awesome.. but unfortunately as I am a Java developer at the moment, and it seems some of the software I work requires the Sun version of Java, at least to compile.

So I needed to install Sun JDK on my 64bit machine.. this is how I did it:

1. Download the Sun Java JDK 64bit Linux bin installer.
2. Run it to install.
3. Even though I ran it as root it installed in the current folder. So move the folder to we it should be installed:
   sudo cp -a jdk1.6.0_16 /usr/lib/jvm/
4. Use the alternatives command to tell Fedora to use the new Java binary, to do so we need to “install” the new binary as an option in alternatives:
   sudo /usr/sbin/alternatives --install /usr/bin/java java /usr/lib/jvm/jdk1.6.0_16/bin/java 20000
   Then use alternatives and make sure our new binary is selected:
   sudo /usr/sbin/alternatives --config java
5. Use the following command to verify that Fedora is pointing to the right binary:
   java -version

That’s it, Sun’s Java should now be installed!

Intro

Over the years I have been turning my desktop into a NAT router.. why for virtual machines of course!

If your using 1 virtual machine the virtual machine software does it for ya, but when you want to simulate your own virtual network, separate from the LAN your desktop is on this is how to do it.
I used to do this a lot back when I was working at the ANU, to enable a test network.. and now suddenly I need it again to work on multi master MySQL replication at work.

It easy to do, only a few commands really, but it something I like to have filed away, I have it on a private wiki, but thought why not post it here.

Routing in Linux

To turn on routing in your kernel at runtime, without needing to reboot, as root run:
echo 1 > /proc/sys/net/ipv4/ip_forward

To make this permanent, edit ‘/etc/sysctl.conf’  and turn on IP packet forwarding:
net.ipv4.ip_forward = 1

Now that we have packet forwarding (trouting) enabled, we need to use iptables to allow us to connect our private LAN to the internet via NAT.
To do this we need to write an iptables rule on the nat table to MASQUARADE every packet coming from the virtual or internal network interface and out to the world through our public interface.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Where eth0 is the public interface.

The above rule, after routing changes the source IP address to that of the public interface, so traffic can get back to this machine. once a packet is returned iptables knows to change it back to the hidden LAN machine’s IP address.

In many distributions, iptables default configuration is to ACCEPT all traffic going through the FORWARD chain. But I’ve noticed Fedora doesn’t. it actually rejects forwarded packets. To check this out run the command:
iptables -L

My Fedora 12 Desktop FORWARD chain by default  looked like:
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Which REJECT’s anything being forwarded.

There are many ways to solve this:
Insert a rule to accept all:
iptables -I FORWARD 1 -j ACCEPT

Flush the chain:
iptables  -F FORWARD

If the policy is DROP, then change it to ACCEPT:
iptables -P FORWARD ACCEPT

Finally if you need to port forward to a machine behind your new NAT router then use a rule like:
iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 6346 -j DNAT --to 192.168.0.2:6346

And if your interested in rate-limiting then read: http://www.debian-administration.org/articles/187

By default Fedora 12 comes with the nouveau driver.. which is awesome, but my machine at work needed a bit more video card grunt so I needed to install the Nvidia driver.

Now I’m new to Fedora.. as in installed it an hour before I wrote this post, so thought I’d document here how to do it.
It wasn’t as straight forward as it _should_ have been, as apparently there is a bug in the current (at time of writing) version of Xorg, which causes X to run really slow. Anyway this is what you do:

1. Add the rpmfusion repositories (to gain access to proprietary and other packages not supported by Fedora).
   su -c 'rpm -Uvh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm'
2. Update yum:
   sudo yum update
3. Now install the Nvidia drivers:
   sudo yum install kmod-nvidia xorg-x11-drv-nvidia-libs.i686 xorg-x11-drv-nvidia-libs.x86_64
4. This should blacklist the nouveau, but doesn’t remove it from the initrd, so we run:
   sudo dracut -f /boot/initramfs-$(uname -r).img $(uname -r)
5. Then we can restart, or just restart X (sudo pkill kdm) to see the new Nvidia card in action.

You should now been using the new nvidia module, however on my Fedora 12 KDE installation the X response time was really slow. However on a friends Fedora 12 Gnome installation there wasn’t an issue.
Apparently it is a bug in Xorg, but seeing as it doesn’t effect a friend it makes me wonder if it is a KDE/Xorg/Nvidia bug.

Anyway to fix it up we need to install a patched Xorg:

1. First we need to add a repository:
   sudo vim /etc/yum.repos.d/xorgFix.repo
   And paste the contents:
   [rdieter]
name=xorg-x11-server rebuilds for nvidia users
baseurl=http://rdieter.fedorapeople.org/repo/fedora/$releasever/$basearch/
enabled=1
gpgcheck=0
2. Run ‘yum update’  again, and it should need to update Xorg. Update it then restart X.

X should now run correctly. Phew.. not too hard right.