Re: [CentOS] Firefox spelling checker

[Frank Cox]

On Thu, 2010-09-16 at 21:54 -0400, Yves Bellefeuille wrote:
> Check under Tools > Add-ons > Extensions. If the dictionary you need 
> there? (If not, download it at 
> https://addons.mozilla.org/en-US/firefox/language-tools/) Is it 
> deactivated?

That did it.

Oddly enough, I'm pretty sure I never had a dictionary installed under
the Extensions before.  I wonder why it used to work without it.

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox spelling checker

[Yves Bellefeuille]

On Thursday 16 September 2010 15:59, Frank Cox wrote:

> I just noticed that since the last updates, Firefox no longer does
> the automatic spelling checking thing in text boxes.
>
> I'm sure that it used to work and I'm not sure exactly when it
> stopped.
>
> I just tried it on two different up-to-date Centos 5 machines with
> the same results.
>
> "Check my spelling as I type" is set.

Check under Tools > Add-ons > Extensions. If the dictionary you need 
there? (If not, download it at 
https://addons.mozilla.org/en-US/firefox/language-tools/) Is it 
deactivated?

-- 
Yves Bellefeuille 
"En la Esperanta Civito pri molestaj ebriuloj oni aplikas la normon
validan en la lando kie okazas la fakto." -- Heroldo Komunikas, n-ro 451
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iptables

[alexus]

On Thu, Sep 16, 2010 at 4:18 PM,   wrote:
> alexus wrote:
>> I'm trying to do some simple tcp port forwarding
>>
> 
>> [r...@wcmisdlin02 ~]# iptables --table nat --append PREROUTING --proto
>> tcp --dport 80 --jump DNAT --to 10.52.208.223:80
>                                       ^^^
>> [r...@wcmisdlin02 ~]# curl --verbose http://10.52.208.221:80
>                                                        ^^^
>> * About to connect() to 10.52.208.221 port 80
>> *   Trying 10.52.208.221... Connection refused
>> * couldn't connect to host
>
> Could this be a problem?
>
>          mark
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

iptables contains a rule where to forward traffic
and i'm testing against my local machine and not a remote
how is that a problem?

if i'll be hitting remote machine then i dont really need a redirect
-- 
http://alexus.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iptables

[m . roth]

alexus wrote:
> I'm trying to do some simple tcp port forwarding
>

> [r...@wcmisdlin02 ~]# iptables --table nat --append PREROUTING --proto
> tcp --dport 80 --jump DNAT --to 10.52.208.223:80
  ^^^
> [r...@wcmisdlin02 ~]# curl --verbose http://10.52.208.221:80
^^^
> * About to connect() to 10.52.208.221 port 80
> *   Trying 10.52.208.221... Connection refused
> * couldn't connect to host

Could this be a problem?

  mark


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[John R Pierce]

  On 09/16/10 1:34 AM, Kevin Thorpe wrote:
> Can anyone suggest a simple backup package for us? Essentially a single
> server, full backup to tape every day. We don't need tape management as
> we're fully capable of reading the written label on the tape ourselves.
>
>

u, reading your requirements again, and cogitating.  and...

 tar

a simple script that tars each file system appending it to the same tape 
(assuming your backup fits on one tape)
maybe something like...

 mt -f /dev/nst0 rewind
 for fs in / /var /usr /home /opt /data ...; do
 tar clf /dev/nst0 $fs
 done
 mt -f /dev/nst0 offline


If you do your backups this way, its important to keep track of the 
order you write the file systems to the tape, as the tape position is 
the only way to distinguish them

I'd probably add some logging to that script, and basic error 
trapping.   the following mess is totally untested and probably full of 
errors. caveat emptor.

 #!/bin/bash
 d=${date -I}
 lf=/var/log/mybackups-$d.log
 df=/var/log/mybackups-$d.detail.log
 dt=${date +"%Y-%m-%d %H:%M:%S%z"}
 echo "$dt *** Starting Daily Backup **" >>$lf
 mt -f /dev/nst0 rewind
 for fs in / /var /usr /home /opt /data ...; do
 echo "$dt Starting Backup $fs" >>$lf
 tar clvf /dev/nst0 $fs 2>>$lf 1>>$df
 if [ $? != 0 ]; then
 {
 echo "$dt Error in tar $fs.  backups aborted" >>$lf
 mail -s "***DAILY BACKUP ERROR" u...@mydomain.com < $lf
 exit 1
 } fi
 echo "$dt Completed Backup $fs" >>$lf
 done
 echo "$dt Ejecting Tape" >>$lf
 mt -f /dev/nst0 offline
 echo "$dt *** Daily Backup Complete **" >>$lf


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] iptables

[alexus]

I'm trying to do some simple tcp port forwarding

[r...@wcmisdlin02 ~]# cat /proc/sys/net/ipv4/ip_forward
0
[r...@wcmisdlin02 ~]# /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
[r...@wcmisdlin02 ~]# cat /proc/sys/net/ipv4/ip_forward
1
[r...@wcmisdlin02 ~]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source   destination
RH-Firewall-1-INPUT  all  --  anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source   destination
RH-Firewall-1-INPUT  all  --  anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source   destination
ACCEPT all  --  anywhere anywhere
ACCEPT icmp --  anywhere anywhereicmp any
ACCEPT esp  --  anywhere anywhere
ACCEPT ah   --  anywhere anywhere
ACCEPT udp  --  anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp  --  anywhere anywhereudp dpt:ipp
ACCEPT tcp  --  anywhere anywheretcp dpt:ipp
ACCEPT all  --  anywhere anywherestate
RELATED,ESTABLISHED
ACCEPT tcp  --  anywhere anywherestate NEW
tcp dpt:mysql
ACCEPT tcp  --  anywhere anywherestate NEW
tcp dpt:ssh
ACCEPT tcp  --  anywhere anywherestate NEW
tcp dpt:http
ACCEPT tcp  --  anywhere anywherestate NEW
tcp dpt:ftp
ACCEPT tcp  --  anywhere anywherestate NEW
tcp dpt:https
REJECT all  --  anywhere anywhere
reject-with icmp-host-prohibited
[r...@wcmisdlin02 ~]# iptables --table nat --append PREROUTING --proto
tcp --dport 80 --jump DNAT --to 10.52.208.223:80
[r...@wcmisdlin02 ~]# iptables --table nat --list PREROUTING
Chain PREROUTING (policy ACCEPT)
target prot opt source   destination
DNAT   tcp  --  anywhere anywheretcp
dpt:http to:10.52.208.223:80
[r...@wcmisdlin02 ~]# curl --verbose http://10.52.208.221:80
* About to connect() to 10.52.208.221 port 80
*   Trying 10.52.208.221... Connection refused
* couldn't connect to host
* Closing connection #0
curl: (7) couldn't connect to host
[r...@wcmisdlin02 ~]#

-- 
http://alexus.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Firefox spelling checker

[Frank Cox]

I just noticed that since the last updates, Firefox no longer does the
automatic spelling checking thing in text boxes.

I'm sure that it used to work and I'm not sure exactly when it stopped.

I just tried it on two different up-to-date Centos 5 machines with the
same results.

"Check my spelling as I type" is set.

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Howto enter a password to mount windows share in Places

[Akemi Yagi]

On Thu, Sep 16, 2010 at 12:05 PM, Denis  wrote:
> Hi - using gnome I am trying to use Places -> Connect to Server to mount
> a windows share. I can do:
>
> smbclient //disk.site.edu/uname$ -U uname%passwd
>
> but have not been able to transfer that infomation into the GUI that can
> mount the Windows Share, specifically can't figure out how to enter the
> password.
>
> I'm trying make things as simple as possible for windows students to use
> CentOS.

Then this CentOS wiki is your friend:

http://wiki.centos.org/TipsAndTricks/WindowsShares

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] is Intel VT-d "really" necessary?

[Pasi Kärkkäinen]

On Wed, Sep 15, 2010 at 11:19:38AM +0200, Rudi Ahlers wrote:
> Hi all,
> 
> I'm just curios and would like some input from the community on this
> one. We're busy budgeting for a couple of new servers and I thought it
> would be good to try out the Core i7 CPU's, but see the majority of
> them don't offer VT-d, but just VT-x. Looking at the LGA1366 range,
> only the "Intel lga1366 i7 980XE" (from the list of what our suppliers
> stock) have VT-d, and it costs 4x more than "Intel lga1366 i7 930" or
> 2x more than "Intel lga1366 i7 960". From a budget perspecitve I could
> purchase 4 more CPU's, which could translate to 40x - 80x more VM's
> being hosted for the same capital outlay. Experience has shown that we
> under-utilize CPU's by a great margin and memory / HDD IO is our
> biggest bottleneck on any server.
> 
> So, if VT-d really necessary?
> We mainly host XEN virtual machine for the hosting industry, i.e. we
> don't need / use graphics rendering inside VM's, or need DAS on the
> VM's, etc.
> 

VT-d is marketing term for Intel's IOMMU (IO MMU) implementation,
and it's used *only* for PCI passthru, aka giving guest VM direct PCI
access to some physical PCI device (nic, hba, etc) on the host hardware.

Xen can actually do PCI passthru *without* VT-d for PV guests,
but for Xen HVM guests you *need* VT-d (if you want to use PCI passthru).

VT-d is NOT required for running HVM/Windows guests.

VT-x is the CPU feature that makes it possible to run unmodified guests.
VT-d is the chipset IOMMU feature for PCI passthru.

See:
http://wiki.xensource.com/xenwiki/XenPCIpassthrough

-- Pasi


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Howto enter a password to mount windows share in Places

[Denis]

Hi - using gnome I am trying to use Places -> Connect to Server to mount 
a windows share. I can do:

smbclient //disk.site.edu/uname$ -U uname%passwd

but have not been able to transfer that infomation into the GUI that can 
mount the Windows Share, specifically can't figure out how to enter the 
password.

I'm trying make things as simple as possible for windows students to use 
CentOS.

Thanks,

-- 

Denis Becker
ITS - Engineering
MN State Univ., Mankato
Mankato Minnesota
ph: 507-389-5617
fx: 507-389-5002

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] is Intel VT-d "really" necessary?

[John R Pierce]

  On 09/16/10 10:37 AM, Alan Hodgson wrote:
> The 6 core Xeons are still kinda pricey though.
>
>

the new AMD 6-8 core Opteron stuff, OTOH, is relatively cheap, Dell 
sells these as the Rx15 models, like the R715

they also support a LOT of ram.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[Alan Hodgson]

On September 16, 2010 11:02:25 am Les Mikesell wrote:
> > Amanda's dumps are standard tar archives and can be restored without
> > Amanda.
> 
> Well, sort-of.  You have to know how to skip over the amanda label and
> header.  And how to find the right set of tapes.

Sure, but at least it's documented. Better than reinventing the wheel. 
Especially for your successor.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[Les Mikesell]

On 9/16/2010 12:52 PM, Alan Hodgson wrote:
> On September 16, 2010 10:49:04 am Les Mikesell wrote:
>> Agreed there.  Backuppc doesn't know much about tapes and nothing about
>> changers.  But for straight long-term archiving you could wrap a script
>> around BackupPC_tarCreate to save whatever you wanted off to tape.  And
>> you are on your own for restoring it, but it might be an advantage to
>> have a standard tar archive than something only a certain program knows
>> how to access.
>
> Amanda's dumps are standard tar archives and can be restored without Amanda.

Well, sort-of.  You have to know how to skip over the amanda label and 
header.  And how to find the right set of tapes.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[Alan Hodgson]

On September 16, 2010 10:49:04 am Les Mikesell wrote:
> Agreed there.  Backuppc doesn't know much about tapes and nothing about
> changers.  But for straight long-term archiving you could wrap a script
> around BackupPC_tarCreate to save whatever you wanted off to tape.  And
> you are on your own for restoring it, but it might be an advantage to
> have a standard tar archive than something only a certain program knows
> how to access.

Amanda's dumps are standard tar archives and can be restored without Amanda.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[Les Mikesell]

On 9/16/2010 12:20 PM, John R Pierce wrote:
>
> actually?  tapes like LTO/DLT write *faster* than file systems on hard
> disks.  in fact the biggest issue in many LTO/DLT backup systems is not
> being able to READ the source fast enough to keep the tape busy.
>
>
> re: BackupPC...  while this is a neat solution for backing up a
> small-to-moderate number of workstations, I don't think its a very good
> solution for archival backups of a single server,

This sort of depends on the nature of the files and rate of change. 
Backuppc pools all copies of identical content with optional 
compression, whether from multiple backup runs or different targets.  If 
you have huge files with frequent small changes, it has to make new 
complete copies each time, but otherwise it can aggregate many times 
what you'd expect the disk space to hold and you can access it much more 
easily than finding the right set of tapes.

> NOR does it scale very
> well, as the storage pool it creates becomes an ungodly mess of links
> and becomes itself very very difficult to replicate or backup or do
> maintenance on.

That imposes some limits, but they are sill fairly big if you think in 
terms of image-copying the whole filesystem if you need to replicate.

> Systems like Amanda and Bacula really work better with
> autoloader/libraries, like the Quantum PX502 I use in my lab at work
> (acquired surplus from another department, this holds 28 tapes and has
> two LTO3 drives).

Agreed there.  Backuppc doesn't know much about tapes and nothing about 
changers.  But for straight long-term archiving you could wrap a script 
around BackupPC_tarCreate to save whatever you wanted off to tape.  And 
you are on your own for restoring it, but it might be an advantage to 
have a standard tar archive than something only a certain program knows 
how to access.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Transferring system to new drive

[Timothy Murphy]

Lamar Owen wrote:

> But having done a few now I vastly prefer doing it online using LVM.  No
> downtime, and it just works, including resizing, as long as you are going
> to a larger lv.
> 
> When a server simply has to have minimal downtime, LVM is worth its LoC in
> gold for this use.

What do you mean by "no downtime"?
What exactly do you do?
Is it documented anywhere?


-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] https

[Keith Roberts]

On Thu, 16 Sep 2010, Matthew Miller wrote:

> To: CentOS mailing list 
> From: Matthew Miller 
> Subject: Re: [CentOS] https
> 
> On Thu, Sep 16, 2010 at 04:53:17PM +0100, Kevin Thorpe wrote:
>> Sorry, but you need to buy a certificate. It needs to be signed by an
>> authority which already
>> has a master certificate in the end user's browser. We use Thawte but
>> there are cheaper
>> options such as  GoDaddy who offer them for less than GBP 10.
>
> Or get one from: http://cert.startcom.org/

Nice one! Thanks for that Matt. I've bookmarked that for 
later reference.

Keith

-
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] is Intel VT-d "really" necessary?

[Rudi Ahlers]

On Thu, Sep 16, 2010 at 7:37 PM, Alan Hodgson  wrote:
> On September 16, 2010 10:23:15 am Rudi Ahlers wrote:
>> But I'm convinced now that XEON's would be better even though they're
>> far more expensive. And at the same time our older Pentium IV,
>> Core2Duo & Core2Quad machines work as well as our XEON machines, but
>> at much cheaper prices - which translates to more money being
>> available to other hardware / services / marketing / etc.
>
> They're not that much more expensive, at least for the dual-socket boards. And
> you get a lot better I/O and memory bandwidth from real server boards.
>
> The 6 core Xeons are still kinda pricey though.
>
> Supermicro also makes fine server boards and a great range of rack-mount
> chassis, including blades, for much cheaper than, say, HP.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Alan, I am using server boards.


-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] is Intel VT-d "really" necessary?

[Alan Hodgson]

On September 16, 2010 10:23:15 am Rudi Ahlers wrote:
> But I'm convinced now that XEON's would be better even though they're
> far more expensive. And at the same time our older Pentium IV,
> Core2Duo & Core2Quad machines work as well as our XEON machines, but
> at much cheaper prices - which translates to more money being
> available to other hardware / services / marketing / etc.

They're not that much more expensive, at least for the dual-socket boards. And 
you get a lot better I/O and memory bandwidth from real server boards. 

The 6 core Xeons are still kinda pricey though.

Supermicro also makes fine server boards and a great range of rack-mount 
chassis, including blades, for much cheaper than, say, HP.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] is Intel VT-d "really" necessary?

[Rudi Ahlers]

On Thu, Sep 16, 2010 at 7:09 PM, John R Pierce  wrote:
>  On 09/16/10 8:56 AM, Rudi Ahlers wrote:
>>
>> >  Dell's PowerEdge R210 and R310 are available with Core i3.
>>
>> But those aren't servers since the Core iX CPU's are desktop class CPU's
>> ;)
>
>
> those are low end servers in Dell's line.
>
> I'd be looking at the R410 or R710 for virtualization hosts, along with
> external storage.   you can put far more memory in these.  the 2U version
> lets you add more network and HBA (storage) interfaces than the 1U has room
> for.
>
>
>
>
>

John, my statement was a bit sarcastic :)

But, the truth is these servers exist, with Core i3, i5 & i7 CPU's
from various vendors. I can get a nice big setup on the SuperMicro
side with 32GB RAM, Core i7, 4x RAID 10 HDD's, etc.


But I'm convinced now that XEON's would be better even though they're
far more expensive. And at the same time our older Pentium IV,
Core2Duo & Core2Quad machines work as well as our XEON machines, but
at much cheaper prices - which translates to more money being
available to other hardware / services / marketing / etc.


-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[John R Pierce]

  On 09/16/10 6:27 AM, m.r...@5-cent.us wrote:
> Not sure of a package - we use rsync and scripts - but you should consider
> what we do: an external eSATA dock, and a number of inexpensive SATA
> drives. It *will* speed up the backups, and recoveries, should you need
> them.
>
>

actually?  tapes like LTO/DLT write *faster* than file systems on hard 
disks.  in fact the biggest issue in many LTO/DLT backup systems is not 
being able to READ the source fast enough to keep the tape busy.


re: BackupPC...  while this is a neat solution for backing up a 
small-to-moderate number of workstations, I don't think its a very good 
solution for archival backups of a single server, NOR does it scale very 
well, as the storage pool it creates becomes an ungodly mess of links 
and becomes itself very very difficult to replicate or backup or do 
maintenance on.


Systems like Amanda and Bacula really work better with 
autoloader/libraries, like the Quantum PX502 I use in my lab at work 
(acquired surplus from another department, this holds 28 tapes and has 
two LTO3 drives).




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] https

[R P Herrold]

On Thu, 16 Sep 2010, Matthew Miller wrote:

> Or get one from: http://cert.startcom.org/

I had seen this cross as well from another poster:

> Sorry, but you need to buy a certificate.

Bzzzrttt


I am firmly with Matthew on this one.  When I saw the initial 
post hit my email inbound queue (not sure what time -- 
something after 11:45), I started the process of 
deploying a test box, and setting up a new certificate with 
them (I have previously gone through their Class I and II 
authentication processes and have an account with them).  I 
post this around 13:15 [the spell checker is very unhappy 
with that key ... ]


This rough outline will get some parkup, and turn into a blog 
post later this week, and I'll mark it so: 
http://planet.centos.org picks it up.  The timestamps of this 
email and of the certificate on that page show how quickly 
this may be done (and with startcom, with no additional 
per-certificate issuance fees other than as related to the 
authentication process)

==

1. Deploy, secure and name a box
victim-centos.pmman.net


2. Set the A record in DNS
198.178.231.140


3. Set the PTR


4. Install the mod_ssl package
(which pulls in httpd and its dependencies)
also useful is: crypto-utils as it will 'watch' for upcoming 
expirations


5. Position a placeholder page to look for in a test
... I installed php as well, and here use a php scriptlet 
that does a redirect into https on the fly when a connection 
comes in on http

[r...@vm178231140 html]# cat index.php
https://$SITE";);
print "";
print "CentOS and SSL are 
easy";
print "CentOS and SSL are easy";
print "This example lives at: https://"; . $SITE ;
print "\">https://"; . $SITE . " on a box provided by: ";
print "http://www.pmman.com\"; target=\"_blank\">";
print "pmman.com";
?>


6. Open up port 80/tcp and 443/tcp in iptables


7. Read: /etc/httpd/conf.d/ssl.conf

[r...@victim-centos conf.d]# grep -v ^# ssl.conf | grep -v ^$
LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog  builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

 SSLOptions +StdEnvVars


 SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
  nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

[r...@victim-centos conf.d]# grep -v ^# ssl.conf | grep -v ^$ | wc
  32  771089

---

... the lines starting: ^SSL and containing the fragment File 
are what need to be configured (and in the case with one from 
startcom, a chained key file)


8. Set up a place to make the keys. signing request, and 
pemfile, along with key chains

mkdir attic
cd attic

#   we intentionally make one without a passphrase here
# to simplify the discussion
openssl genrsa -out victim-centos.pmman.net-2010.key 2048

openssl req -new -key victim-centos.pmman.net-2010.key -out 
victim-centos.pmman.net-2010.csr


9. Get the CSR onto the clipboard so it may be pasted into the 
web GUI at startcom

[r...@victim-centos attic]# cat 
victim-centos.pmman.net-2010.csr
-BEGIN CERTIFICATE REQUEST-
MIIC7TCCAdUCAQAwgacxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UE
BxMIQ29sdW1idXMxHDAaBgNVBAoTEzc4MSBSZXNvbHV0aW9uLCBMTEMxDjAMBgNV
  ... snippage ...
eKGhP2r4C8kVBrK13lgmlOt1OYLn+rvV8y/hkrlPbDSRoW4cNmoX3F4hFWUKxWZc
hvtc52ImrMe4vikYYIZGPk6Lhw3xSnVwZzoU0QxgR1XN
-END CERTIFICATE REQUEST-
[r...@victim-centos attic]#

... startcom will indicate the CSR has been countersigned, and 
a CRT may be retrieved


10. While you are waiting, retrieve the certificate chaining
back to the CA roots in any modern browser

wget -O sub.class1.server.ca.pem  \
 http://www.startssl.com/certs/sub.class1.server.ca.pem
wget -O sub.class2.server.ca.pem  \
 http://www.startssl.com/certs/sub.class2.server.ca.pem
wget -O ca.pem  http://www.startssl.com/certs/ca.pem

... and copy them into place

cp sub.class2.server.ca.pem /etc/pki/tls/certs/
cp ca.pem /etc/pki/tls/certs/


11. Edit /etc/httpd/conf.d/ssl.conf and adjust the values for:

SSLCertificateFile \
/etc/pki/tls/certs/victim-centos.pmman.net.crt
SSLCertificateKeyFile \
/etc/pki/tls/private/victim-centos.pmman.net-2010.key
SSLCertificateChainFile \
/etc/pki/tls/certs/sub.class2.server.ca.pem
SSLCACertificateFile /etc/pki/tls/certs/ca.pem

# we also need to add:
SSLCer

Re: [CentOS] is Intel VT-d "really" necessary?

[John R Pierce]

  On 09/16/10 8:56 AM, Rudi Ahlers wrote:
> >  Dell's PowerEdge R210 and R310 are available with Core i3.
>
> But those aren't servers since the Core iX CPU's are desktop class CPU's ;)


those are low end servers in Dell's line.

I'd be looking at the R410 or R710 for virtualization hosts, along with 
external storage.   you can put far more memory in these.  the 2U 
version lets you add more network and HBA (storage) interfaces than the 
1U has room for.




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] https

[Rudi Ahlers]

On Thu, Sep 16, 2010 at 6:28 PM, Matthew Miller  wrote:
> On Thu, Sep 16, 2010 at 04:53:17PM +0100, Kevin Thorpe wrote:
>> Sorry, but you need to buy a certificate. It needs to be signed by an
>> authority which already
>> has a master certificate in the end user's browser. We use Thawte but
>> there are cheaper
>> options such as  GoDaddy who offer them for less than GBP 10.
>
> Or get one from: http://cert.startcom.org/
>
> --
> Matthew Miller           mat...@mattdm.org          
> ___


The Godaddy / eNom / StartSSL / etc certificates are as secure as
<> money-sucking thawte certificates.

@Jerry, you could use these http://cert.startcom.org/ since it's just
an intranet. There are other trusted free SSL certificates as well.


-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] https

[Brian Mathis]

On Thu, Sep 16, 2010 at 12:07 PM, Patrick Lists
 wrote:
> On 09/16/2010 05:53 PM, Kevin Thorpe wrote:
>>    On 16/09/2010 16:45, Jerry Geis wrote:
>>> hi all,
>>>
>>> I wish to just have secure browsing for my application.
>>> no credit cards or anything like that just secure browser usage is the goal.
>>>
>>> I can self sign a certificate (I already have) on my servers but for
>>> "anyone" accessing the server
>>> you see this "nasty" message about "untrusted sight " and all that.
>>> This will all be intranet type usage for the server.
>>>
>>> What is the best method to not see that "untrusted sight" and have the
>>> certificate load without
>>> and exception?
>> Sorry, but you need to buy a certificate. It needs to be signed by an
>> authority which already
>> has a master certificate in the end user's browser. We use Thawte but
>> there are cheaper
>> options such as  GoDaddy who offer them for less than GBP 10.
>
> Or you make sure that all browsers of the users on your Intranet have
> imported the CA certificate that signed the webservers certificate. I'm
> afraid I don't know how to do that automagically.
>
> Regards,
> Patrick

This is the road to madness unless you have a huge corporation with a
dedicated PKI team.  Just pay the money to get your certificate
signed.  The amount of time it takes to do and manage it on your own
is far more expensive.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] https

[Matthew Miller]

On Thu, Sep 16, 2010 at 04:53:17PM +0100, Kevin Thorpe wrote:
> Sorry, but you need to buy a certificate. It needs to be signed by an 
> authority which already
> has a master certificate in the end user's browser. We use Thawte but 
> there are cheaper
> options such as  GoDaddy who offer them for less than GBP 10.

Or get one from: http://cert.startcom.org/

-- 
Matthew Miller   mat...@mattdm.org  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] https

[Patrick Lists]

On 09/16/2010 05:53 PM, Kevin Thorpe wrote:
>On 16/09/2010 16:45, Jerry Geis wrote:
>> hi all,
>>
>> I wish to just have secure browsing for my application.
>> no credit cards or anything like that just secure browser usage is the goal.
>>
>> I can self sign a certificate (I already have) on my servers but for
>> "anyone" accessing the server
>> you see this "nasty" message about "untrusted sight " and all that.
>> This will all be intranet type usage for the server.
>>
>> What is the best method to not see that "untrusted sight" and have the
>> certificate load without
>> and exception?
> Sorry, but you need to buy a certificate. It needs to be signed by an
> authority which already
> has a master certificate in the end user's browser. We use Thawte but
> there are cheaper
> options such as  GoDaddy who offer them for less than GBP 10.

Or you make sure that all browsers of the users on your Intranet have 
imported the CA certificate that signed the webservers certificate. I'm 
afraid I don't know how to do that automagically.

Regards,
Patrick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 67, Issue 4

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2010:0697 Critical CentOS 3 i386 samba - security and
  bug fix update (Tru Huynh)
   2. CESA-2010:0697 Critical CentOS 3 x86_64 samba - security and
  bug fix update (Tru Huynh)
   3. CESA-2010:0697 Critical CentOS 4 i386 samba - security and
  bug fix update (Tru Huynh)
   4. CESA-2010:0697 Critical CentOS 4 x86_64 samba - security and
  bug fix update (Tru Huynh)


--

Message: 1
Date: Wed, 15 Sep 2010 15:23:12 +0200
From: Tru Huynh 
Subject: [CentOS-announce] CESA-2010:0697 Critical CentOS 3 i386 samba
- security and bug fix update
To: centos-annou...@centos.org
Message-ID: <20100915132312.ga2...@sillage.bis.pasteur.fr>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2010:0697

samba security update for CentOS 3 i386:
https://rhn.redhat.com/errata/RHSA-2010-0697.html

The following updated file has been uploaded and is currently syncing to
the mirrors:

i386:
updates/i386/RPMS/samba-3.0.9-1.3E.18.i386.rpm
updates/i386/RPMS/samba-client-3.0.9-1.3E.18.i386.rpm
updates/i386/RPMS/samba-common-3.0.9-1.3E.18.i386.rpm
updates/i386/RPMS/samba-swat-3.0.9-1.3E.18.i386.rpm

source:
updates/SRPMS/samba-3.0.9-1.3E.18.src.rpm

You may update your CentOS-3 i386 installations by running the command:

yum update samba

Tru
-- 
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 
http://lists.centos.org/pipermail/centos-announce/attachments/20100915/98e13442/attachment-0001.bin
 

--

Message: 2
Date: Wed, 15 Sep 2010 15:25:44 +0200
From: Tru Huynh 
Subject: [CentOS-announce] CESA-2010:0697 Critical CentOS 3 x86_64
samba - security and bug fix update
To: centos-annou...@centos.org
Message-ID: <20100915132544.gb2...@sillage.bis.pasteur.fr>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2010:0697

samba security update for CentOS 3 x86_64:
https://rhn.redhat.com/errata/RHSA-2010-0697.html

The following updated file has been uploaded and is currently syncing to
the mirrors:

x86_64:
updates/x86_64/RPMS/samba-client-3.0.9-1.3E.18.i386.rpm
updates/x86_64/RPMS/samba-3.0.9-1.3E.18.x86_64.rpm
updates/x86_64/RPMS/samba-common-3.0.9-1.3E.18.i386.rpm
updates/x86_64/RPMS/samba-common-3.0.9-1.3E.18.x86_64.rpm
updates/x86_64/RPMS/samba-swat-3.0.9-1.3E.18.x86_64.rpm

source:
updates/SRPMS/samba-3.0.9-1.3E.18.src.rpm

You may update your CentOS-3 x86_64 installations by running the command:

yum update samba

Tru
-- 
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 
http://lists.centos.org/pipermail/centos-announce/attachments/20100915/c2f75bf3/attachment-0001.bin
 

--

Message: 3
Date: Wed, 15 Sep 2010 15:26:48 +0200
From: Tru Huynh 
Subject: [CentOS-announce] CESA-2010:0697 Critical CentOS 4 i386 samba
- security and bug fix update
To: centos-annou...@centos.org
Message-ID: <20100915132648.gc2...@sillage.bis.pasteur.fr>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2010:0697

samba security update for CentOS 4 i386:
https://rhn.redhat.com/errata/RHSA-2010-0697.html

The following updated file has been uploaded and is currently syncing to
the mirrors:

i386:
updates/i386/RPMS/samba-3.0.33-0.19.el4_8.3.i386.rpm
updates/i386/RPMS/samba-client-3.0.33-0.19.el4_8.3.i386.rpm
updates/i386/RPMS/samba-common-3.0.33-0.19.el4_8.3.i386.rpm
updates/i386/RPMS/samba-swat-3.0.33-0.19.el4_8.3.i386.rpm

source:
updates/SRPMS/samba-3.0.33-0.19.el4_8.3.src.rpm

You may update your CentOS-4 i386 installations by running the command:

yum update samba

Tru

-- 
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not 

Re: [CentOS] is Intel VT-d "really" necessary?

[Rudi Ahlers]

On Thu, Sep 16, 2010 at 5:32 PM, Lamar Owen  wrote:
> On Thursday, September 16, 2010 03:37:23 am John R Pierce wrote:
>>   On 09/16/10 12:16 AM, Rudi Ahlers wrote:
>> > Yet the server vendors ship servers, with server chassis, hardware
>> > RAID, redundant power supplies, etc&  offer Core i7 options. How does
>> > that work?
>>
>> low end servers, i guess.  I'd have to see a specific model to comment
>> specifically.
>
> Dell's PowerEdge R210 and R310 are available with Core i3.
>
> ___


But those aren't servers since the Core iX CPU's are desktop class CPU's ;)



-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] https

[Kevin Thorpe]

  On 16/09/2010 16:45, Jerry Geis wrote:
> hi all,
>
> I wish to just have secure browsing for my application.
> no credit cards or anything like that just secure browser usage is the goal.
>
> I can self sign a certificate (I already have) on my servers but for
> "anyone" accessing the server
> you see this "nasty" message about "untrusted sight " and all that.
> This will all be intranet type usage for the server.
>
> What is the best method to not see that "untrusted sight" and have the
> certificate load without
> and exception?
Sorry, but you need to buy a certificate. It needs to be signed by an 
authority which already
has a master certificate in the end user's browser. We use Thawte but 
there are cheaper
options such as  GoDaddy who offer them for less than GBP 10.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] https

[Jerry Geis]

hi all,

I wish to just have secure browsing for my application.
no credit cards or anything like that just secure browser usage is the goal.

I can self sign a certificate (I already have) on my servers but for 
"anyone" accessing the server
you see this "nasty" message about "untrusted sight " and all that.
This will all be intranet type usage for the server.

What is the best method to not see that "untrusted sight" and have the 
certificate load without
and exception?

jerry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Transferring system to new drive

[Lamar Owen]

On Tuesday, September 14, 2010 01:42:05 pm Robert Heller wrote:
> At Tue, 14 Sep 2010 13:19:16 -0400 CentOS mailing list  
> wrote:
> > What about doing all with dd ... If you have the second disk installed in
> > the same machine you can do "dd if=/dev/sda of=/dev/sdb" ort you can use
> > clonezilla is a live cd .

> dd only works IFF (!) the new drive is exactly the same size as the old
> drive.  Otherwise dd can be very bad.  This is a serious misuse of dd!

I routinely use dd for offline cloning to larger drives.  Works fine.  Just 
have to edit the partition table later, which isn't hard either, using several 
different open and closed source tools.  Using a blocksize of 8225280 makes it 
go faster (this being a remap CHS default for LBA drives, and a guaranteed 
greatest common divisor of any hard drive size of modern drives); but use fdisk 
-l (or equivalent parted command for non-MBR disks (like my laptop's GPT drive) 
to get the blocksize to a good value.

But having done a few now I vastly prefer doing it online using LVM.  No 
downtime, and it just works, including resizing, as long as you are going to a 
larger lv.

When a server simply has to have minimal downtime, LVM is worth its LoC in gold 
for this use.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] is Intel VT-d "really" necessary?

[Lamar Owen]

On Thursday, September 16, 2010 03:37:23 am John R Pierce wrote:
>   On 09/16/10 12:16 AM, Rudi Ahlers wrote:
> > Yet the server vendors ship servers, with server chassis, hardware
> > RAID, redundant power supplies, etc&  offer Core i7 options. How does
> > that work?
> 
> low end servers, i guess.  I'd have to see a specific model to comment 
> specifically.

Dell's PowerEdge R210 and R310 are available with Core i3.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[Tom Yates]

On Thu, 16 Sep 2010, Kevin Thorpe wrote:

> You've hit the nail on the head. You've got the proper tape library 
> hardware. Our ISP uses Bacula absolutely fine for our hosted servers.

ah, right.

> Our problem is mostly tape management. It will work fine for ages then 
> we do something stupid like miss a tape and put it in in the morning, or 
> we get a bank holiday and it starts getting picky about which tape it 
> wants. For example we gave it monday's tape which was 'full' when it 
> only has a 4 day retention period and it didn't like it and wanted the 
> thursday tape. Why thursday I don't know, mon tue and wed should all 
> have been available.

yes, i completely agree; the stacker changes everything.  sorry to have 
jumped in, and i hope you find something that works for you.


-- 

   Tom Yates  -  http://www.teaparty.net
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to show that a filesystem is ACL-enabled?

[Toby Bluhm]

On 9/16/2010 10:09 AM, Robert P. J. Day wrote:
> On Thu, 16 Sep 2010, Miguel Medalha wrote:
>
>>
>>>   can someone clarify this?  is there a command that shows whether a
>>> filesystem is currently acl-enabled?  and is the mount man page
>>> simply incomplete in that respect?  thanks.
>>
>> tune2fs -l /dev/[hda1,sda1]
>>
>> The values between [ ] are an example only. Replace, of course, with
>> your own storage device.
>>
>> Look at "Filesystem features" and "Default mount options".
>
>ah, excellent, i can see that "default mount options" includes
> "acl", and i'm going to guess that that's a kernel config option
> that's selected on a per-filesystem type basis.  thanks.
>


I'm not sure what fs mount options are available through kernel config, 
but you can set/unset many fs options/features with tune2fs. Check the 
manpage.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to show that a filesystem is ACL-enabled?

[Robert P. J. Day]

On Thu, 16 Sep 2010, Miguel Medalha wrote:

>
> >  can someone clarify this?  is there a command that shows whether a
> > filesystem is currently acl-enabled?  and is the mount man page
> > simply incomplete in that respect?  thanks.
>
> tune2fs -l /dev/[hda1,sda1]
>
> The values between [ ] are an example only. Replace, of course, with
> your own storage device.
>
> Look at "Filesystem features" and "Default mount options".

  ah, excellent, i can see that "default mount options" includes
"acl", and i'm going to guess that that's a kernel config option
that's selected on a per-filesystem type basis.  thanks.

rday

-- 


Robert P. J. Day   Waterloo, Ontario, CANADA

Top-notch, inexpensive online Linux/OSS/kernel courses
http://crashcourse.ca

Twitter:   http://twitter.com/rpjday
LinkedIn:   http://ca.linkedin.com/in/rpjday

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to show that a filesystem is ACL-enabled?

[Miguel Medalha]

>   
>can someone clarify this?  is there a command that shows whether a
> filesystem is currently acl-enabled?  and is the mount man page
> simply incomplete in that respect?  thanks.

tune2fs -l /dev/[hda1,sda1]

The values between [ ] are an example only. Replace, of course, with 
your own storage device.

Look at "Filesystem features" and "Default mount options".

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[m . roth]

> On 9/16/2010 3:34 AM, Kevin Thorpe wrote:
>>Hi all,
>>
>> We have a bit of a problem with backups. We've been using bacula to tape
>> and now trying to disk but it's a complete nightmare as regards tape
>> management. The backup to file storage went ok for ages and now is stuck
>> 'waiting for max storage jobs' which is odd as that's set to 20 and it's
>> the only backup running. That's totally typical of bacula.
>>
>> Can anyone suggest a simple backup package for us? Essentially a single
>> server, full backup to tape every day. We don't need tape management as
>> we're fully capable of reading the written label on the tape ourselves.

Not sure of a package - we use rsync and scripts - but you should consider
what we do: an external eSATA dock, and a number of inexpensive SATA
drives. It *will* speed up the backups, and recoveries, should you need
them.

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[Les Mikesell]

On 9/16/10 6:20 AM, Sorin Srbu wrote:
>> -Original Message-
>> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> Behalf
>> Of Kevin Thorpe
>> Sent: Thursday, September 16, 2010 11:59 AM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] Can anyone suggest a decent backup system?
>>
>> I'll definitely look into BackupPC for HDD backups but they're in the
>> same offfice and
>> don't give us the audit monthend tapes we are required to keep
> indefinitely.
>
> Given you have enough storage space, it's possible to keep a full backup
> with BackupPC indefinitely as well, *if* you set up the rentention
> parameters properly.

I ran amanda and backuppc independently for a long time. Both are pretty much 
'full automatic' once you set them up.  If your backup window is long enough 
having both means you still have backups if one or the other has some kind of 
problem or is being upgraded.  But, after years of never restoring from tapes I 
gave up on them and now have the backuppc archive on a 3-member raid1 mirror 
and 
swap one of the drives offsite regularly.

Tapes are kind of an afterthought with backuppc, but if you want to use it by 
itself you can use its concept of 'archive host' to write a tar copy of the 
last 
backup to tape (or compress/split for dvds, etc.).  This can be done through 
the 
web interface or you could use the command line tool that generates a tar image 
to script whatever you wanted to write to tape.  With the command line tool you 
can specify the backup you want so you'd be able to generate a 'month-end' tar 
any time before the run for that day expired.

Also, backuppc can use rsync over ssh for the transport, so once you get the 
initial copy you might be able to move the server to a remote location.

--
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[David Milholen]

  Freenas is the way do it.
Very simple and fast to get up and running on most hardware platforms.  
Supports E-sata,USB, IDE, RAID configurations.
Can use an old pc laying around but recommend more up2date hardware to 
meet the demands of a large system.
Dual GigE ports with mtu modified will push/pull more bandwidth than 
most needs required.

--Dave

On 9/16/2010 3:34 AM, Kevin Thorpe wrote:
>Hi all,
>
> We have a bit of a problem with backups. We've been using bacula to tape
> and now trying to disk but it's a complete nightmare as regards tape
> management. The backup to file storage went ok for ages and now is stuck
> 'waiting for max storage jobs' which is odd as that's set to 20 and it's
> the only backup running. That's totally typical of bacula.
>
> Can anyone suggest a simple backup package for us? Essentially a single
> server, full backup to tape every day. We don't need tape management as
> we're fully capable of reading the written label on the tape ourselves.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] how to show that a filesystem is ACL-enabled?

[Robert P. J. Day]

  currently reading the RHEL deployment guide and i have a short
question about ACLs that i can test on my centos 5.5 box.

  here:

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-acls.html

the manual clearly claims that, in order to use ACLs on a filesystem,
that filesystem must be mounted with the "acl" mount option, and even
shows a sample /etc/fstab entry that represents that.

  however, i just verified that i can use setfacl to give my non-root
account read access to /etc/shadow so, clearly(?), the root filesystem
supports ACLs, but the mount entry for that filesystem in /etc/fstab
reads only "defaults" and, as i read it in the man page for "mount",
the "defaults" option is not listed as including the "acl" option.

  can someone clarify this?  is there a command that shows whether a
filesystem is currently acl-enabled?  and is the mount man page
simply incomplete in that respect?  thanks.

rday

-- 


Robert P. J. Day   Waterloo, Ontario, CANADA

Top-notch, inexpensive online Linux/OSS/kernel courses
http://crashcourse.ca

Twitter:   http://twitter.com/rpjday
LinkedIn:   http://ca.linkedin.com/in/rpjday

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[Sorin Srbu]

>-Original Message-
>From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf
>Of Kevin Thorpe
>Sent: Thursday, September 16, 2010 11:59 AM
>To: CentOS mailing list
>Subject: Re: [CentOS] Can anyone suggest a decent backup system?
>
>I'll definitely look into BackupPC for HDD backups but they're in the
>same offfice and
>don't give us the audit monthend tapes we are required to keep
indefinitely.

Given you have enough storage space, it's possible to keep a full backup
with BackupPC indefinitely as well, *if* you set up the rentention
parameters properly.

-- 
/Sorin


smime.p7s
Description: S/MIME cryptographic signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[Kevin Thorpe]

  On 16/09/2010 10:35, Tom Yates wrote:
> On Thu, 16 Sep 2010, Kevin Thorpe wrote:
>
>> We have a bit of a problem with backups. We've been using bacula to tape
>> and now trying to disk but it's a complete nightmare as regards tape
>> management.
> i suspect it's quite annoying when people try to re-engineer your request,
> but i use bacula for some fairly large installations (several hundred LTO2
> tapes, 60-tape dual-drive stacker with barcode support, 5TB of staging
> disc, that sort of thing) as well as my much-smaller home backups, and
> find its tape management lovely - after i made one or two small but
> important tweaks.
>
> if you're not already so sick of bacula that the mere name makes you break
> out in hives, might i ask what problems you've been having?  on- or
> off-list is fine, as you prefer.
You've hit the nail on the head. You've got the proper tape library 
hardware. Our ISP uses
Bacula absolutely fine for our hosted servers.

Our problem is mostly tape management. It will work fine for ages then 
we do something
stupid like miss a tape and put it in in the morning, or we get a bank 
holiday and it starts
getting picky about which tape it wants. For example we gave it monday's 
tape which
was 'full' when it only has a 4 day retention period and it didn't like 
it and wanted the
thursday tape. Why thursday I don't know, mon tue and wed should all 
have been available.

Essentially it works absolutely fine but isn't very tolerant of human 
error. I've fiddled with
it for ages and it's just irritating me.

I'll definitely look into BackupPC for HDD backups but they're in the 
same offfice and
don't give us the audit monthend tapes we are required to keep indefinitely.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[Tom Yates]

On Thu, 16 Sep 2010, Kevin Thorpe wrote:

> We have a bit of a problem with backups. We've been using bacula to tape
> and now trying to disk but it's a complete nightmare as regards tape
> management.

i suspect it's quite annoying when people try to re-engineer your request, 
but i use bacula for some fairly large installations (several hundred LTO2 
tapes, 60-tape dual-drive stacker with barcode support, 5TB of staging 
disc, that sort of thing) as well as my much-smaller home backups, and 
find its tape management lovely - after i made one or two small but 
important tweaks.

if you're not already so sick of bacula that the mere name makes you break 
out in hives, might i ask what problems you've been having?  on- or 
off-list is fine, as you prefer.


-- 

   Tom Yates  -  http://www.teaparty.net
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[John Doe]

From: Kevin Thorpe 

> We have a bit of a problem with backups. We've been using  bacula to tape 
> and now trying to disk but it's a complete nightmare as  regards tape 
> management. The backup to file storage went ok for ages and now  is stuck 
> 'waiting for max storage jobs' which is odd as that's set to 20 and  it's 
> the only backup running. That's totally typical of bacula.
> Can  anyone suggest a simple backup package for us? Essentially a single 
> server,  full backup to tape every day. We don't need tape management as 
> we're fully  capable of reading the written label on the tape  ourselves.


Did you ask on the bacula mailing list what could be the problem...?
You could try amanda, but it is quite as "heavy" as bacula.
If you really want something simple, as in "write these folders to tape", maybe 
just make a small shell script that uses tar/afio + mt...
I prefer afio because it is resilient to errors.

JD


  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[Sorin Srbu]

>-Original Message-
>From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf
>Of Theo Band
>Sent: Thursday, September 16, 2010 10:53 AM
>To: CentOS mailing list
>Subject: Re: [CentOS] Can anyone suggest a decent backup system?
>
>> Can anyone suggest a simple backup package for us? Essentially a single
>> server, full backup to tape every day. We don't need tape management as
>> we're fully capable of reading the written label on the tape ourselves.
>>
>Do you need tape backups?

If the answer to that last question is "no", consider BackupPC. It's open
source and comparatively easy to setup, and even easier to use, unless
you're a total n00b, like I was at first.

BackupPC has a very good support mailing list.

HTH.

-- 
/Sorin


smime.p7s
Description: S/MIME cryptographic signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[Keith Roberts]

On Thu, 16 Sep 2010, Kevin Thorpe wrote:

> To: CentOS mailing list 
> From: Kevin Thorpe 
> Subject: [CentOS] Can anyone suggest a decent backup system?
>
>  Hi all,
>
> We have a bit of a problem with backups. We've been using bacula to tape
> and now trying to disk but it's a complete nightmare as regards tape
> management. The backup to file storage went ok for ages and now is stuck
> 'waiting for max storage jobs' which is odd as that's set to 20 and it's
> the only backup running. That's totally typical of bacula.
>
> Can anyone suggest a simple backup package for us? Essentially a single
> server, full backup to tape every day. We don't need tape management as
> we're fully capable of reading the written label on the tape ourselves.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

I've seen this on Fedora 12:

Name: BackupPC
Arch: noarch
Version : 3.1.0
Release : 13.fc12
Size: 2.2 M
Repo: installed
>From repo   : updates
Summary : High-performance backup system
URL : http://backuppc.sourceforge.net/
License : GPLv2+
Description : BackupPC is a high-performance, 
enterprise-grade system for backing up
 : Linux and WinXX PCs and laptops to a server's 
disk. BackupPC is highly
 : configurable and easy to install and maintain.

Not sure if it would work with tape drives though, or if it 
comes with CentOS 5.x

Looks like it's written in perl.

Kind Regards,

Keith

-
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[Theo Band]

 On 09/16/10 10:34, Kevin Thorpe wrote:
>   Hi all,
>
> We have a bit of a problem with backups. We've been using bacula to tape 
> and now trying to disk but it's a complete nightmare as regards tape 
> management. The backup to file storage went ok for ages and now is stuck 
> 'waiting for max storage jobs' which is odd as that's set to 20 and it's 
> the only backup running. That's totally typical of bacula.
>
> Can anyone suggest a simple backup package for us? Essentially a single 
> server, full backup to tape every day. We don't need tape management as 
> we're fully capable of reading the written label on the tape ourselves.
>
Do you need tape backups? If not, consider automatic backups to HDD
storage. For disaster recovery you can use a USB drive to take offsite.
Or an e-sata drive in a hot swappable raid setup. Exchange once a day
and bring it off-site. Or get some online backup storage to create an
off-site mirror.
I use good old dump with LVM snapshots to make daily consistent backups
(works only for ext2/3 fs). Since it's fully automated, I only have to
check the backup disk usage. Even there I automate the removal of old
daily backups.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Can anyone suggest a decent backup system?

[Kevin Thorpe]

  Hi all,

We have a bit of a problem with backups. We've been using bacula to tape 
and now trying to disk but it's a complete nightmare as regards tape 
management. The backup to file storage went ok for ages and now is stuck 
'waiting for max storage jobs' which is odd as that's set to 20 and it's 
the only backup running. That's totally typical of bacula.

Can anyone suggest a simple backup package for us? Essentially a single 
server, full backup to tape every day. We don't need tape management as 
we're fully capable of reading the written label on the tape ourselves.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] is Intel VT-d "really" necessary?

[John R Pierce]

  On 09/16/10 12:16 AM, Rudi Ahlers wrote:
> Yet the server vendors ship servers, with server chassis, hardware
> RAID, redundant power supplies, etc&  offer Core i7 options. How does
> that work?

low end servers, i guess.  I'd have to see a specific model to comment 
specifically.

most of the stuff I look at is like HP DL380 G-whatever and so forth, 
these tend to be dual xeon 5xxx




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] is Intel VT-d "really" necessary?

[Rudi Ahlers]

On Thu, Sep 16, 2010 at 8:24 AM, John R Pierce  wrote:
> Core I7 is the branding for the desktop CPU family.  The Server
> processors are branded Xeon 5500 and 5600 (for dual socket servers) and
> Xeon 7000 for 4+ socket servers.   Typically, desktop processors go with
> desktop motherboards which don't support ECC memory, probably don't have
> remote management features, likely don't readily support redundant
> power, and often have only a single NIC onboard.  A server board will
> likely have significantly more IO bandwidth, oriented towards network
> and disk IO rather than graphics.
>
> IMHO, the dual socket 5600 family is the sweet spot of price/performance
> for a VM host, with 2 x 6 cores, and typically 12 memory slots (2x3 per
> CPU).  populate the memory with 6 matching DIMMs for best performance.
>
>
> ___


Yet the server vendors ship servers, with server chassis, hardware
RAID, redundant power supplies, etc & offer Core i7 options. How does
that work?


-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos