Re: [CentOS] sshd problem
The TCP connection is being built successfully. We can know this by the fact that it has progressed to sending an application-layer PDU. If it were a routing issue, it would have failed to build a TCP connection (the SYN-ACK would have failed to return). However, it is closed very soon after, during key exchange, so I would suggest you check your /etc/hosts.allow and /etc/hosts.deny. Check the contents of /etc/ssh/, in particular, is there anything in /etc/ssh/sshd_config that could be a problem? Was this a clean reinstall, or an upgrade over an existing system? Most importantly, is there anything in the server logs? You mentioned "idc", what is that? Your issues with nginx,php,mysql etc, are probably separate. On 1/02/2011, at 12:52 AM, Yang Yang wrote: > my server is on centos 5.5,it is just a new reinstall system > > i build a php depend on server and used nginx,php,mysql > > ssh is default 22 port > > The system perfomance good a few time.but it is always happen a problem only > need hardware reboot to solve.the server is on idc.so i can not see the local > screen information. > > the appearance is: > 1.it can not use ssh to connect,it show server is down or rebooting > 2.ping is ok > 3.http can show nginx's information(nginx/0.8.46),but can not load right > page,and it show 403 forbiden page > > i use another server usessh -vv xxx.xxx.xxx.xxx,and the responce is: > > SSH2_MSG_KEXINIT sent > > close > > sshd hangs after SSH2_MSG_KEXINIT sent > > > i do not know what happen,please give me a good answer > > > thanks erverbody > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] python-dbus
It's dbus-python [dkrause@cen015-246 ~]$ yum search dbus-python Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: centos-distro.cavecreek.net * extras: mirror.web-ster.com * rpmforge: fr2.rpmfind.net = Matched: dbus-python = dbus-python.i386 : D-Bus Python Bindings On Jan 31, 2011, at 5:26 PM, David McGuffey wrote: > What is this all about? Seems to be related to my attempt to load > hplip-3.10.9 to support an HP Photosmart 3210 all-in-one for scanning > through saned. > > from /var/log/messages: > > Jan 31 20:07:26 desk python: [2851]: error: dbus failed to load > (python-dbus ver. 0.80+ required). Exiting... > Jan 31 20:07:49 desk python: hp-systray[3402]: warning: Qt/PyQt 4 > initialization failed. > > > When I check for python-dbus with yum, it doesn't show in the nomal > mirrors. > > > [root@desk log]# yum info python-dbus > Loaded plugins: fastestmirror, priorities > Loading mirror speeds from cached hostfile > * addons: mirrors.finalasp.com > * base: yum.singlehop.com > * centosplus: mirror.web-ster.com > * extras: mirrors.finalasp.com > * rpmforge: fr2.rpmfind.net > * updates: mirror.trouble-free.net > addons| 951 B00:00 > base | 2.1 kB 00:00 > centosplus| 1.9 kB 00:00 > extras| 2.1 kB 00:00 > rpmforge | 1.1 kB 00:00 > updates | 1.9 kB 00:00 > Excluding Packages in global exclude list > Finished > 202 packages excluded due to repository priority protections > Error: No matching Packages to list > [root@desk log]# > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > __ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > __ > -- Don Krause "This message represents the official view of the voices in my head." smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Recommendations for a virtual storage server
On Jan 31, 2011, at 12:20 PM, carlopmart wrote: > On 01/31/2011 03:57 PM, Ross Walker wrote:>>> virtual machines running on HP > ML115 > server. Where is the problem?? Problem is the storage. All storage resides on the HP ML150 server. For that reason I need to install a server as a virtual storage to run most of the virtual machines running on the server HP ML115 with the exception of firewalls and the DMZ server that resides on the HP ML115's local disk. For backups I have an external usb disk with 1TB. >>> >>> You can probably make that work if you don't care much about performance, >>> but it >>> would be much better to toss at least one more drive in the the ML115 - and >>> maybe more RAM in both. Even better if you can add several drives and keep >>> each >>> VM that is active (the firewalls/DNS server, etc. shouldn't be busy but the >>> squid will unless you disable the disk cache) on its own drive. And more >>> RAM >>> would help too. >> >> I would probably take the memory from the 115 and put it in the 150 and have >> 1 highly usable system instead of a .75 and .50 usable system. >> >> That's if I couldn't buy more memory. I would say 8GB is a min, 16GB >> preferred, 32GB is great > > At this moment I can't buy more RAM. > > . Are these single socket or dual socket? > > HP ML150 is dual socket, but ML115 not. > >> >> Can the smart array be shared between two hosts? > > No. >> Then I suggest loading all the RAM from the 115 into the 150 (if it's the same type) and have a really good ESXi box and the 115 around as a spare in case the 150 fails. When monies come available you could buy a second CPU or more RAM depending on what resource is needed most. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
We've got a CentOS/Apache server with a ton of "content providers" that only have write access to specific directories. In our case, we use ACLs to grant access to the specific parts of the /var/www/html tree. If there's only one or two users, we usually add individual ACL entries for each, if there's a herd[1] of them we set up a group, make them members, and set the ACLs to use the group. I'm surprised nobody brought it up already! [1] users come in herds, like all forms of cattle. -- Jay Leafey - jay.lea...@mindless.com Memphis, TN smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Squid and SELinux
Hi Mrcos (2011/02/01 0:31), Marcos Lois Bermúdez wrote: > semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' > > i check the files and are in the good context: > > drwxr-xr-x squid squid user_u:object_r:squid_cache_t. **> drwxr-xr-x squid squid system_u:object_r:home_root_t .. > drwxr-x--- squid squid user_u:object_r:squid_cache_t00 > drwxr-x--- squid squid user_u:object_r:squid_cache_t01 > ... > > But when i want start it i get this: > > type=AVC msg=audit(1296442326.932:739661): avc: denied { search } for > pid=30924 comm="squid" name="/" dev=sda3 ino=2 > scontext=user_u:system_r:squid_t:s0 tcontext=system_u:object_r:home_root_t:s0 > tclass=dir [root@localhost ~]# audit2allow -m squid type=AVC msg=audit(1296442326.932:739661): avc: denied { search } for pid=30924 comm="squid" name="/" dev=sda3 ino=2 scontext=user_u:system_r:squid_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir Ctl-D module squid 1.0; require { type home_root_t; type squid_t; class dir search; } #= squid_t == allow squid_t home_root_t:dir search; [root@localhost ~]# It seems the directory '/home/squid' has 'home_root_t' type. Change it to 'squid_cache_t' # chcon -u system_u -r object_r -t squid_cache_t /home/squid --Tsuyoshi. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] python-dbus
What is this all about? Seems to be related to my attempt to load hplip-3.10.9 to support an HP Photosmart 3210 all-in-one for scanning through saned. from /var/log/messages: Jan 31 20:07:26 desk python: [2851]: error: dbus failed to load (python-dbus ver. 0.80+ required). Exiting... Jan 31 20:07:49 desk python: hp-systray[3402]: warning: Qt/PyQt 4 initialization failed. When I check for python-dbus with yum, it doesn't show in the nomal mirrors. [root@desk log]# yum info python-dbus Loaded plugins: fastestmirror, priorities Loading mirror speeds from cached hostfile * addons: mirrors.finalasp.com * base: yum.singlehop.com * centosplus: mirror.web-ster.com * extras: mirrors.finalasp.com * rpmforge: fr2.rpmfind.net * updates: mirror.trouble-free.net addons| 951 B00:00 base | 2.1 kB 00:00 centosplus| 1.9 kB 00:00 extras| 2.1 kB 00:00 rpmforge | 1.1 kB 00:00 updates | 1.9 kB 00:00 Excluding Packages in global exclude list Finished 202 packages excluded due to repository priority protections Error: No matching Packages to list [root@desk log]# ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to relocate $HOME directory
On 01/31/2011 01:32 PM, Cameron Kerr wrote: > On 1/02/2011, at 7:19 AM, Paul Heinlein wrote: > > Lots of good advice snipped > >> 12. Tell your users emphatically that they should use $HOME anywhere >> they're tempted to hardwire their home directory path into a >> script. :-) > > Although this is still painful for any users who might have compiled their > own software. (libraries, etc) > > In some environments this can be common. That's why I have my home directory tree bind-mounted on /home . In /etc/fstab: /var/home /home none bind 0 0 -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID support in kernel?
On 01/31/2011 05:36 AM, Kenni Lund wrote: > 2011/1/31 Steve Brooks: >> On Mon, 31 Jan 2011, Les Bell wrote: >>> Kenni Lund wrote: >>> >> >>> Fakeraid is a proprietary software RAID >>> solution, so if your motherboard suddenly decides to die, how will >>> you then get access to your data? >>> << >>> >>> Obviously, you restore it from a backup. RAID is not a substitute for >>> backups. >> >> Hmm... What percentage of home users keep backups of their systems and >> data .. not enough me thinks? > > Ditto...I have backups of all of my important data at home, but not of > the operating systems or of the less important data. When something > breaks, I'll have a backup of all the important stuff, but I'll still > need to spend time on reinstalling the operating system, configuring > it, etc. I think this is true for most home users. Good point ... and the rest of the story is; all important data is backed up data. By definition, if it is not backed up, it is not important Regards, Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
It redirects them back to them self, actually and they get whatever they might be running for a web-server on the local machine if anything. It nothing they get a not found http://en.wikipedia.org/wiki/HTTP_301 On Mon, Jan 31, 2011 at 11:50 AM, wrote: > Todd wrote: > >> Also avoid having phpMyAdmin off the main web directory. Ordinary users > >> > don't need access and should never have access to it. Hide it away > >> > somewhere and create a virtual Apache host to use it with a > >> non-standard > >> > port number. Make it hard for the hackers and spoilers to find it. > >> > >> Um, no. The answer is yum remove phpMyAdmin on a production system. As I > >> read the logs for all our servers, and a number are world-visible > >> websites, I can't tell you the number of times I've seen probes looking > >> for that. > > > > I don't run PHPMyAdmin, I connect to my MySQL over SSH and obviously run > > SSH on an alternative port and don't allow root log-ins. > > > > But I do have some fun with those that try and snoop for URL's like > > /Php-my-admin, /p/m/a, /admin, /sqlweb, etc, etc. If I see something new > > show up, I add it. I redirect them through ReWrite rules to a RewriteRule > > .* > > http://%{REMOTE_ADDR}%{REQUEST_URI} [L,R=301,QSA] > > Hmmm... what's that do? The thought that comes to mind is to redirect them > to a known malware site, or some site that you consider to have the most > obnoxious set of popups/popunders/driftons (preferably all at the same > time), or maybe a pr0n site > > mark "and I think you should deposit at least 1% of that $25M US > in this bank account I'll set up" > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
Todd wrote: >> >> I can sftp I realize, but what group can I add my personal account to, >> but not root, so I can sftp in and put the files in /var/www/html? > > Adding to this: > > My son (who is 12) has his own domain now and is using iWeb to publish his > website to an old server that I have. Well he is getting a fair number of > visitors and is starting to expand his site and learn MySQL and PHP. > > So I want to move his domain to my CentOS box away from the Windows and > IIS > he is using now. No problem. > > I want him to publish over SFTP. > > 1. I can create him an account on the box > 2. I can set him as the owner of his directory in /var/www/html/ domain> > > My question is Would I make his users home directory /var/www/html/ domain> so he automatically gets dumped there? Have his profile cd there on login? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
Todd wrote: >> Also avoid having phpMyAdmin off the main web directory. Ordinary users >> > don't need access and should never have access to it. Hide it away >> > somewhere and create a virtual Apache host to use it with a >> non-standard >> > port number. Make it hard for the hackers and spoilers to find it. >> >> Um, no. The answer is yum remove phpMyAdmin on a production system. As I >> read the logs for all our servers, and a number are world-visible >> websites, I can't tell you the number of times I've seen probes looking >> for that. > > I don't run PHPMyAdmin, I connect to my MySQL over SSH and obviously run > SSH on an alternative port and don't allow root log-ins. > > But I do have some fun with those that try and snoop for URL's like > /Php-my-admin, /p/m/a, /admin, /sqlweb, etc, etc. If I see something new > show up, I add it. I redirect them through ReWrite rules to a RewriteRule > .* > http://%{REMOTE_ADDR}%{REQUEST_URI} [L,R=301,QSA] Hmmm... what's that do? The thought that comes to mind is to redirect them to a known malware site, or some site that you consider to have the most obnoxious set of popups/popunders/driftons (preferably all at the same time), or maybe a pr0n site mark "and I think you should deposit at least 1% of that $25M US in this bank account I'll set up" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to relocate $HOME directory
> By the way, I'd suggest not using the name /export. It gets used > in too many places to mean specific things and it could get confusing > some time later. Pick some other name. My personal preference is to use a subdirectory under /srv, say /srv/nfs/home. Keeps it out of the rest of the tree and pretty obvious what the files are for. -- Drew "Nothing in life is to be feared. It is only to be understood." --Marie Curie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to relocate $HOME directory
On 1/02/2011, at 7:19 AM, Paul Heinlein wrote: Lots of good advice snipped > 12. Tell your users emphatically that they should use $HOME anywhere > they're tempted to hardwire their home directory path into a > script. :-) Although this is still painful for any users who might have compiled their own software. (libraries, etc) In some environments this can be common. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
> > I can sftp I realize, but what group can I add my personal account to, but > not root, so I can sftp in and put the files in /var/www/html? > Adding to this: My son (who is 12) has his own domain now and is using iWeb to publish his website to an old server that I have. Well he is getting a fair number of visitors and is starting to expand his site and learn MySQL and PHP. So I want to move his domain to my CentOS box away from the Windows and IIS he is using now. No problem. I want him to publish over SFTP. 1. I can create him an account on the box 2. I can set him as the owner of his directory in /var/www/html/ My question is Would I make his users home directory /var/www/html/ so he automatically gets dumped there? -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
> Also avoid having phpMyAdmin off the main web directory. Ordinary users > > don't need access and should never have access to it. Hide it away > > somewhere and create a virtual Apache host to use it with a non-standard > > port number. Make it hard for the hackers and spoilers to find it. > > Um, no. The answer is yum remove phpMyAdmin on a production system. As I > read the logs for all our servers, and a number are world-visible > websites, I can't tell you the number of times I've seen probes looking > for that. I don't run PHPMyAdmin, I connect to my MySQL over SSH and obviously run SSH on an alternative port and don't allow root log-ins. But I do have some fun with those that try and snoop for URL's like /Php-my-admin, /p/m/a, /admin, /sqlweb, etc, etc. If I see something new show up, I add it. I redirect them through ReWrite rules to a RewriteRule .* http://%{REMOTE_ADDR}%{REQUEST_URI} [L,R=301,QSA] -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to relocate $HOME directory
On Mon, 31 Jan 2011, Soo-Hyun Choi wrote: > Hi there, > > As you know, $HOME is generally located at "/home/$username" by default. > > I would like to re-locate all users' $HOME directories to something > like "/export/home/$username" without having a hassle/trouble. > > Initially, I've thought of just copying them to the new directory > (under /export/home/xxx), but guessed it might trouble for the > normal use (I'm pretty new to CentOS, although many experiences with > Debian/Ubuntu). > > Is there any good tricks (or caveats) when moving users' home > directory cleanly with CentOS? (I'm with CentOS 5.5 x86_64) For the sake of argument, I'm going to assume that your current /home and the new /export/home are on separate disks or partitions. That is, you need to make a full copy of the existing directories rather than just renaming them. The following instructions should all be done as root. 1. rsync -av --delete /home/ /export/home/ 2. Edit /etc/default/useradd so that HOME=/export/home 3. Run /usr/sbin/genhomedircon 4. Verify the change in /etc/selinux/<>/contexts/files/file_contexts.homedirs 5. Make sure that /export/home has the right contect: semanage fcontext -a -t home_root_t /export/home 6. Run fixfiles to see if anything is amiss: /sbin/fixfiles check /export/home If something fixfile reports errors, use it to fix things: /sbin/fixfiles restore /export/home 7. Disable user logins (including your own). 8. Update /etc/password with new $HOME definitions 9. Re-run rsync, if necessary, to catch last-minute changes: rsync -av --delete /home/ /export/home/ 10. Make the older /home/* directories unreadable. 11. Enable user logins 12. Tell your users emphatically that they should use $HOME anywhere they're tempted to hardwire their home directory path into a script. :-) -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
Always Learning wrote: > On Mon, 2011-01-31 at 18:05 +0100, Nicolas Thierry-Mieg wrote: > Also avoid having phpMyAdmin off the main web directory. Ordinary users > don't need access and should never have access to it. Hide it away > somewhere and create a virtual Apache host to use it with a non-standard > port number. Make it hard for the hackers and spoilers to find it. Um, no. The answer is yum remove phpMyAdmin on a production system. As I read the logs for all our servers, and a number are world-visible websites, I can't tell you the number of times I've seen probes looking for that. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
Nicolas Thierry-Mieg wrote: > m.r...@5-cent.us wrote: >> Todd wrote: >>> >> With /var/www/html owned by root:root and me loggin in as 'jason' I >> cannot accomplish this. I don't allow root logins over ssh... > Would I change /var/www/html/ owner to myid:mygroup? I am > not sure the famifications of this and how Apache would behave, etc. > The whole of /var/www can belong to myid:mygroup as long as the > apache >>> Not a great idea. Rather, I'd recommend that it be the apache user (apache or httpd, whichever you have it as, and have the directory of a group that you belong to (remember, you can have multiple secondary groups, like, say, group httpd), and make it group writeable. >>> So you are saying set the owner of /var/www/html and all >>> files below to apache:apache and then add my personal id to the apache group? >> >> And make the directory you want to upload stuff into, not /var/www/html, >> but /var/www/html//, group writeable, then >> sudo usermod -G apache myusername > > again: this is bad advice, httpd is runing as user apache so you should > avoid giving that user write access to stuff in /var/www/ unless it > needs to (CGI, file uploads, etc...). > The apache user only needs read access. The users editing the content > need write access. > Make /var/www/* owned by root, or yourself, or some brand new account, > but not by apache. Then use groups and sgid bits to give write access > (to relevant subdirs) to whoever needs to edit the content. Well, root wouldn't work for him, since he's preventing remote login. But making the directory - and I did mean something *under* /var/www/html/his_site, *not* his whole site - of webmin group, or whatever he wants, and adding himself to that group, then making that group writeable, would seem to me to meet both his needs and your suggestions, Nicolas. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
On Mon, 2011-01-31 at 18:05 +0100, Nicolas Thierry-Mieg wrote: > so you prefer giving the apache user write access to /var/www ? > Is this really a good thing...? > I agree with the group advice though, if you have several users > modifying the website content of course. Apache is wonderfully flexible where "root" or "base" directories can be created for USER applications. There is absolutely NO need to let any HTML user rummage around in /var/www/. My advice is keep them well-out and disable any dodgy 'Alias' links. All my web sites are created as virtual hosts and the base directories start at /data/web/domain-name/public/. Thus no web user gets the chance of roaming anywhere except above /data/web/domain-name/public/. PHP routines used on web pages are in /data/sys to which no web user can get access. Also avoid having phpMyAdmin off the main web directory. Ordinary users don't need access and should never have access to it. Hide it away somewhere and create a virtual Apache host to use it with a non-standard port number. Make it hard for the hackers and spoilers to find it. /data is a directory created in the operating system's root directory and may reside on its own partition. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
m.r...@5-cent.us wrote: > Todd wrote: >> > With /var/www/html owned by root:root and me loggin in as 'jason' I > cannot accomplish this. I don't allow root logins over ssh... >>> Would I change /var/www/html/ owner to myid:mygroup? I am not sure the famifications of this and how Apache would behave, etc. >>> The whole of /var/www can belong to myid:mygroup as long as the apache >>> >> >>> Not a great idea. Rather, I'd recommend that it be the apache user >>> (apache or httpd, whichever you have it as, and have the directory of a > group >>> that you belong to (remember, you can have multiple secondary groups, > like, >>> say, group httpd), and make it group writeable. >> >> I don't quite follow. >> >> if I do a 'getent groups' I do have apache as a group. > > Or if you just type "groups" from the command line >> >> So you are saying set the owner of /var/www/html and all files >> below to apache:apache and then add my personal id to the apache group? > > And make the directory you want to upload stuff into, not /var/www/html, > but /var/www/html//, group writeable, then > sudo usermod -G apache myusername again: this is bad advice, httpd is runing as user apache so you should avoid giving that user write access to stuff in /var/www/ unless it needs to (CGI, file uploads, etc...). The apache user only needs read access. The users editing the content need write access. Make /var/www/* owned by root, or yourself, or some brand new account, but not by apache. Then use groups and sgid bits to give write access (to relevant subdirs) to whoever needs to edit the content. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
Hey, Todd, Todd wrote: > >> >> With /var/www/html owned by root:root and me loggin in as 'jason' I >> >> cannot accomplish this. I don't allow root logins over ssh... >> >> > Would I change /var/www/html/ owner to myid:mygroup? I am >> > not sure the famifications of this and how Apache would behave, etc. >> >> > The whole of /var/www can belong to myid:mygroup as long as the apache >> > >> Not a great idea. Rather, I'd recommend that it be the apache user >> (apache or httpd, whichever you have it as, and have the directory of a group >> that you belong to (remember, you can have multiple secondary groups, like, >> say, group httpd), and make it group writeable. > > I don't quite follow. > > if I do a 'getent groups' I do have apache as a group. Or if you just type "groups" from the command line > > So you are saying set the owner of /var/www/html and all files > below to apache:apache and then add my personal id to the apache group? And make the directory you want to upload stuff into, not /var/www/html, but /var/www/html//, group writeable, then sudo usermod -G apache myusername mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Recommendations for a virtual storage server
On 01/31/2011 03:57 PM, Ross Walker wrote:>>> virtual machines running on HP ML115 server. >>> >>> Where is the problem?? Problem is the storage. All storage resides on the >>> HP ML150 >>> server. For that reason I need to install a server as a virtual storage to >>> run most >>> of the virtual machines running on the server HP ML115 with the exception of >>> firewalls and the DMZ server that resides on the HP ML115's local disk. >>> >>> For backups I have an external usb disk with 1TB. >> >> You can probably make that work if you don't care much about performance, >> but it >> would be much better to toss at least one more drive in the the ML115 - and >> maybe more RAM in both. Even better if you can add several drives and keep >> each >> VM that is active (the firewalls/DNS server, etc. shouldn't be busy but the >> squid will unless you disable the disk cache) on its own drive. And more RAM >> would help too. > > I would probably take the memory from the 115 and put it in the 150 and have > 1 highly usable system instead of a .75 and .50 usable system. > > That's if I couldn't buy more memory. I would say 8GB is a min, 16GB > preferred, 32GB is great At this moment I can't buy more RAM. . Are these single socket or dual socket? HP ML150 is dual socket, but ML115 not. > > Can the smart array be shared between two hosts? No. > > -Ross > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- CL Martinez carlopmart {at} gmail {d0t} com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] zfs experience
Rudi Ahlers wrote: > On Mon, Jan 31, 2011 at 6:54 PM, Karanbir Singh wrote: >> Hi Rudi, >> >> On 01/31/2011 04:41 PM, Rudi Ahlers wrote: take this to a more relevant list. >>> This is a "more relevant list", it's Linux. >>> >> >> erm, no - this is the CentOS list. Not a generic linux list. And I'm >> guessing most of the zfs interest isnt even Linux centric. >> >> - KB > > He actually asked who has experience with ZFS on Linux. How more > centric do you want? please let KB spend his free time producing centos for us all, rather than make him waste his time justifying his moderation of the ml... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] zfs experience
On 01/31/2011 05:08 PM, Rudi Ahlers wrote: > He actually asked who has experience with ZFS on Linux. How more > centric do you want? Reread the last email from me and from Brian. This is the CentOS list, questions and comments on or about CentOS is whats considered ontop here. Not generic Linux chatter. I dont see how one might further clarify that. - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] zfs experience
On Mon, Jan 31, 2011 at 6:54 PM, Karanbir Singh wrote: > Hi Rudi, > > On 01/31/2011 04:41 PM, Rudi Ahlers wrote: >>> take this to a more relevant list. >> This is a "more relevant list", it's Linux. >> > > erm, no - this is the CentOS list. Not a generic linux list. And I'm > guessing most of the zfs interest isnt even Linux centric. > > - KB > ___ ' He actually asked who has experience with ZFS on Linux. How more centric do you want? And, I guess there would be many people with the same interest, to see how well ZFS performs on Linux, especially with the recent talks about storage servers. ZFS is a great file system, with many great features geared towards RAID, reliability and scalability. But, you would need to run it in fuse no user-space since it's not supported in the Linux kernel. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
m.r...@5-cent.us wrote: > Nicolas Thierry-Mieg wrote: >> Todd wrote: >>> With /var/www/html owned by root:root and me loggin in as 'jason' I >>> cannot accomplish this. I don't allow root logins over ssh... > >>> Would I change /var/www/html/ owner to myid:mygroup? I am not >>> sure the famifications of this and how Apache would behave, etc. >> >> The whole of /var/www can belong to myid:mygroup as long as the apache > > Not a great idea. Rather, I'd recommend that it be the apache user (apache > or httpd, whichever you have it as, and have the directory of a group that > you belong to (remember, you can have multiple secondary groups, like, > say, group httpd), and make it group writeable. so you prefer giving the apache user write access to /var/www ? Is this really a good thing...? I agree with the group advice though, if you have several users modifying the website content of course. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
Hi Mark, > >> With /var/www/html owned by root:root and me loggin in as 'jason' I > >> cannot accomplish this. I don't allow root logins over ssh... > > >> Would I change /var/www/html/ owner to myid:mygroup? I am not > >> sure the famifications of this and how Apache would behave, etc. > > > > The whole of /var/www can belong to myid:mygroup as long as the apache > > > Not a great idea. Rather, I'd recommend that it be the apache user (apache > or httpd, whichever you have it as, and have the directory of a group that > you belong to (remember, you can have multiple secondary groups, like, > say, group httpd), and make it group writeable. I don't quite follow. if I do a 'getent groups' I do have apache as a group. So you are saying set the owner of /var/www/html and all files below to apache:apache and then add my personal id to the apache group? -Jason > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] zfs experience
Hi Rudi, On 01/31/2011 04:41 PM, Rudi Ahlers wrote: >> take this to a more relevant list. > This is a "more relevant list", it's Linux. > erm, no - this is the CentOS list. Not a generic linux list. And I'm guessing most of the zfs interest isnt even Linux centric. - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
Nicolas Thierry-Mieg wrote: > Todd wrote: >> > On one of my servers I have a personal account and root. I >> disable root for ssh logins and run ssh on an alternative port. When >> 'scp'ing files I usually scp them up, then ssh in 'su' root and move >> them to /var/www/html. Or sudo. Or you can have a cron job that looks and moves, that runs as root. >> > >> > I can sftp I realize, but what group can I add my personal >> account to, but not root, so I can sftp in and put the files in >> /var/www/html? >> With /var/www/html owned by root:root and me loggin in as 'jason' I >> cannot accomplish this. I don't allow root logins over ssh... >> Would I change /var/www/html/ owner to myid:mygroup? I am not >> sure the famifications of this and how Apache would behave, etc. > > The whole of /var/www can belong to myid:mygroup as long as the apache Not a great idea. Rather, I'd recommend that it be the apache user (apache or httpd, whichever you have it as, and have the directory of a group that you belong to (remember, you can have multiple secondary groups, like, say, group httpd), and make it group writeable. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] zfs experience
> -Original Message- > From: centos-boun...@centos.org > [mailto:centos-boun...@centos.org] On Behalf Of Rudi Ahlers > Sent: Monday, January 31, 2011 11:42 AM > To: CentOS mailing list > Subject: Re: [CentOS] zfs experience > > On Mon, Jan 31, 2011 at 5:52 PM, Karanbir Singh > wrote: > > On 01/31/2011 03:13 PM, ann kok wrote: > >> Hi > >> > >> Anyone is trying zfs in linux. > >> > >> Any experience can be shared > > > > take this to a more relevant list. > > ___ > > > This is a "more relevant list", it's Linux. If this is a "discussion of any/all things that can be done on a Linux system" list, yes. Such vague questions as Ann Kok asks aren't "Support on CentOS" questions. CentOS and Linux are not the same. I perceive KB desires to keep the help/chatter ratio above 1. Ann should indulge us in stating what research she's done touching Linux (better: CentOS) and ZFS, and what difficulty she's encountered trying to utilize ZFS on a CentOS distribution. Otherwise this doesn't look different from the "please do my homework" posts we've seen here. /me *** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.Hubbell.com - Hubbell Incorporated** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd problem
i set mtu to 576 depende on google search result hope it can help me to resolve the rproblem thanks for all answer 2011/1/31 Kai Schaetzl > >From the search results this is likely a network/routing/network settings > problem on your side and not specific to CentOS at all. > > Kai > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
> > On one of my servers I have a personal account and root. I > > disable root for ssh logins and run ssh on an alternative port. When > > 'scp'ing files I usually scp them up, then ssh in 'su' root and move > > them to /var/www/html. > > > > > > I can sftp I realize, but what group can I add my personal > > account to, but not root, so I can sftp in and put the files in > > /var/www/html? > > > > There are a dozen ways to do this. One is to uplodate with WebDAV > over > > HTTPS, which is built into Apache on CentOS and has plenty of usable > > clients such as lftp. Another is simply to designate a directory > under > > /var/www/html/, owned by you personally, that the apache user can > > browse. That give you direct upload access as yourself. > I write nothing out on the file system at all for this site. -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
Todd wrote: > > On one of my servers I have a personal account and root. I > disable root for ssh logins and run ssh on an alternative port. When > 'scp'ing files I usually scp them up, then ssh in 'su' root and move > them to /var/www/html. > > > > I can sftp I realize, but what group can I add my personal > account to, but not root, so I can sftp in and put the files in > /var/www/html? > > There are a dozen ways to do this. One is to uplodate with WebDAV over > HTTPS, which is built into Apache on CentOS and has plenty of usable > clients such as lftp. Another is simply to designate a directory under > /var/www/html/, owned by you personally, that the apache user can > browse. That give you direct upload access as yourself. > > > Right, but giving myself a directory doesn't allow me to put files other > places in /var/www/html > > My goal here is to be able to use my iPad over my ssh port to pull down > files, edit them and save them back. Also, upload new files when I am at > my desktop. > > With /var/www/html owned by root:root and me loggin in as 'jason' I > cannot accomplish this. I don't allow root logins over ssh... > > So I think that something needs to change. > > Would I change /var/www/html/ owner to myid:mygroup? I am not > sure the famifications of this and how Apache would behave, etc. The whole of /var/www can belong to myid:mygroup as long as the apache user can read it. If apache must write some files somewhere (eg via a cgi script), it needs write access to that specific somewhere, but that's it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] zfs experience
On Mon, Jan 31, 2011 at 5:52 PM, Karanbir Singh wrote: > On 01/31/2011 03:13 PM, ann kok wrote: >> Hi >> >> Anyone is trying zfs in linux. >> >> Any experience can be shared > > take this to a more relevant list. > ___ This is a "more relevant list", it's Linux. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
> > > On one of my servers I have a personal account and root. I disable root > for ssh logins and run ssh on an alternative port. When 'scp'ing files I > usually scp them up, then ssh in 'su' root and move them to /var/www/html. > > > > I can sftp I realize, but what group can I add my personal account to, > but not root, so I can sftp in and put the files in /var/www/html? > > There are a dozen ways to do this. One is to uplodate with WebDAV over > HTTPS, which is built into Apache on CentOS and has plenty of usable > clients such as lftp. Another is simply to designate a directory under > /var/www/html/, owned by you personally, that the apache user can > browse. That give you direct upload access as yourself. > Right, but giving myself a directory doesn't allow me to put files other places in /var/www/html My goal here is to be able to use my iPad over my ssh port to pull down files, edit them and save them back. Also, upload new files when I am at my desktop. With /var/www/html owned by root:root and me loggin in as 'jason' I cannot accomplish this. I don't allow root logins over ssh... So I think that something needs to change. Would I change /var/www/html/ owner to myid:mygroup? I am not sure the famifications of this and how Apache would behave, etc. -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd problem
>From the search results this is likely a network/routing/network settings problem on your side and not specific to CentOS at all. Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] zfs experience
On 01/31/2011 03:13 PM, ann kok wrote: > Hi > > Anyone is trying zfs in linux. > > Any experience can be shared take this to a more relevant list. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Building RPMs for CentOS
Hi. Some times i need to build packages for CentOS, the major requeriment is build some missing module or package newer version required to run some sotware. I setup a mock build enviroment to compile packages, all is working as expected, but i enconter problem to share this work in a source repo, i try to figure out how other people are making this, in CentOS i have no idea on which source repo are kept the package metadata, specs and patches, but in other repos, epel for example it only versions specs and patches, all binary files are downloaded in the time that the srpms are built to send to mock (koji in their case), fedora is swiching from a Makefile per package to a fedpkg tool to work with package sources. I see that a friend will be spectool, and some of scripting i can get a build system from source version control, but i think that this already is made, so i'm don't want to reinvent the well, i prefer help other people in make more robust system. There is a currently model for package metadata store and common task work? Regards. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Squid and SELinux
Hi. I'm trying to setup squid with SELinux, the problem i encounter is taht i want to add another directory for cache, in this system we have a home partition with huge space, i create a squid dir and add the path with semanage: semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' i check the files and are in the good context: drwxr-xr-x squid squid user_u:object_r:squid_cache_t. drwxr-xr-x squid squid system_u:object_r:home_root_t .. drwxr-x--- squid squid user_u:object_r:squid_cache_t00 drwxr-x--- squid squid user_u:object_r:squid_cache_t01 ... But when i want start it i get this: type=AVC msg=audit(1296442326.932:739661): avc: denied { search } for pid=30924 comm="squid" name="/" dev=sda3 ino=2 scontext=user_u:system_r:squid_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir I know that the solution is to mount the huge partition on /var/spool/squid, i'm a newbie to SELinux, and want to know if it's posible to archive this. Regards. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] zfs experience
> Anyone is trying zfs in linux. Any experience can be shared It's got some great features, but don't install the fuse-zfs version... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] zfs experience
Hi Anyone is trying zfs in linux. Any experience can be shared Thank you ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redirecting traffic using iptables
On Monday 31 January 2011 07:46, Jobst Schmalenbach wrote: >iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to > $PROXY:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j > DNAT --to $PROXY:3128 > > browser tell me "invalid request". >From the man pages: DNAT --to-destination ipaddr[-ipaddr][:port-port] You could combined these two rules into one with Multiport. Check the MAN pages. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Recommendations for a virtual storage server
On Jan 31, 2011, at 8:58 AM, Les Mikesell wrote: > On 1/31/11 3:20 AM, carlopmart wrote: >> On 01/31/2011 04:05 AM, James A. Peltier wrote: >>> - Original Message -> |>> >>> |> >>> |> Correct. >>> | >>> | But I don't see how any of those things apply here. If the host fails >>> | your vm's >>> | are going to fail in any case, and there's not much magic involved in >>> | exporting >>> | an NFS share even if you need to move it. Iscsi targets are slightly >>> | more >>> | complicated because it's not included in the base Centos install but >>> | you can >>> | find howto's to set it up. When your resources are limited it looks >>> | like a big >>> | waste to add an unnecessary virtual layer to storage. I've done it the >>> | other >>> | way around, though, with NFS exports from the host being mounted by >>> | the guest VM's. >>> | >>> | -- >>> | Les Mikesell >>> | lesmikes...@gmail.com >>> >>> I made no claims that it solved anything. I merely noted why someone might >>> want to virtualize in place of NFS. Personally, I don't think that the OP >>> really knows what they want, or they want the best of all worlds without >>> compromise. I don't see how it is possible to provide what is being asked >>> for. Really I think a minimum of two ideally a third server providing >>> iSCSI or NFS is needed for the solution to work. That third machine should >>> have all of the possible host level redundancy possible to keep it running. >>> If H/A is required at least two machines are required. >>> >> >> Ok I will try to explain with more details. First, this installation it is >> for my >> home personal use, It isn't for a production environment 24x7 or similar. >> >> I have two physical hosts with this configuration: >> >> HostA: >> >> - HP ML150 >> - 5GB RAM >> - 3TB for storage with HP smartArray E200i >> - Intel Xeon QuadCore. >> >> HostB: >> >>- HP ML115 G5 >>- 8GB RAM >>- 160GB for storage >>- AMD QuadCore >> >> Ok, lets go. I need (or I will like to do) to setup several virtual machines >> to >> accomplish different tasks (remeber, It is for personal use, like a lab >> environment): >> >> - 1 virtual machine using as a DNS server and Kerberos authentication >> (CentOS or >> RedHat) >> - 2 virtual machines with RHCS installed providing several services: smtp >> server >> (only smtp), mirror updates, squid and cifs server. (with CentOS5) >> - 1 virtual machine with Windows 7 as a workstation. >> - 1 virtual machine with Windows 2008 R2 server. >> - 2 virtual machines with RHCS installed with OSSEC. Snort. Snortby and >> Splunk >> server (with CentOS5 too) >> - 2 virtual machines with OpenBSD firewalls with CARP and load balancing. >> - 1 virtual machine as a DMZ Server. >> >> My idea is to install DNS server (with kerberos auth) and 2 virtual virtual >> machines >> with RHCS and common services linke smtp, squid, etc onto HP ML150. And the >> others >> virtual machines running on HP ML115 server. >> >> Where is the problem?? Problem is the storage. All storage resides on the HP >> ML150 >> server. For that reason I need to install a server as a virtual storage to >> run most >> of the virtual machines running on the server HP ML115 with the exception of >> firewalls and the DMZ server that resides on the HP ML115's local disk. >> >> For backups I have an external usb disk with 1TB. > > You can probably make that work if you don't care much about performance, but > it > would be much better to toss at least one more drive in the the ML115 - and > maybe more RAM in both. Even better if you can add several drives and keep > each > VM that is active (the firewalls/DNS server, etc. shouldn't be busy but the > squid will unless you disable the disk cache) on its own drive. And more RAM > would help too. I would probably take the memory from the 115 and put it in the 150 and have 1 highly usable system instead of a .75 and .50 usable system. That's if I couldn't buy more memory. I would say 8GB is a min, 16GB preferred, 32GB is great. Are these single socket or dual socket? Can the smart array be shared between two hosts? -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to relocate $HOME directory
On Mon, Jan 31, 2011 at 06:07:27AM +0900, Soo-Hyun Choi wrote: > Hi there, > > As you know, $HOME is generally located at "/home/$username" by default. > > I would like to re-locate all users' $HOME directories to something like > "/export/home/$username" without having a hassle/trouble. > > Initially, I've thought of just copying them to the new directory (under > /export/home/xxx), but guessed it might trouble for the normal use (I'm > pretty new to CentOS, although many experiences with Debian/Ubuntu). > > Is there any good tricks (or caveats) when moving users' home directory > cleanly with CentOS? (I'm with CentOS 5.5 x86_64) It depends on if /export is in the same file system as /home currently is. If the file systems are different, then make the new '/export' space. Then use a tar-to-tar to copy the old home to the new place. First, create the new directory situation. If the file systems are different mount /export (or whatever you have to do to create the new one) cd /export tar -cpf - /home | tar xpf - If it is the same file system, just do: mkdir /export(or whatever it takes to create the new one) mv /home /export/. (NOTE: Some versions of mv(1) (FreeBSD for example) will actually do a cp(1) for you if they are not in the same file system so you can cheat a little) Next you would have to modify each user's entry in the /etc/passwd file to be /export/home/userid rather than /home/userid you can use vipw(8) to insert the export/ string in between the first '/' and 'home'eg search for home and then insert 'export/' By the way, I'd suggest not using the name /export. It gets used in too many places to mean specific things and it could get confusing some time later. Pick some other name. jerry > > Cheers, > Soo-Hyun > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd problem
i visit some webpage like http://stackoverflow.com/questions/2419412/ssh-connection-stop-at-debug1-ssh2-msg-kexinit-sent it is very like my problem but unfornatuly,i do not find the reson and solve it thanks,i am new guy on linux,please give me futher advice On Mon, Jan 31, 2011 at 9:11 PM, Kai Schaetzl wrote: > Yang Yang wrote on Mon, 31 Jan 2011 19:52:59 +0800: > > > i do not know what happen,please give me a good answer > > Did you already check > http://www.google.de/search?as_q=SSH2_MSG_KEXINIT > > ? > > Kai > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to relocate $HOME directory
On 1/31/11 2:34 AM, Kenneth Porter wrote: > --On Monday, January 31, 2011 12:55 AM -0500 Nico Kadel-Garcia > wrote: > >> This tends to break symlinks and hard-coded script locations. In >> particular, Samba and Apache make some assumptions about where home >> directories live that you might want to resolve if you enable homedir >> access for or public_html access for those tools. > > I'd be surprised if such well-written packages didn't simply use the value > from /etc/passwd (acquired by the appropriate API, such as getpwent(3)). > Remember also that Samba and Apache are written to be used on other than > Linux, and other OS's might not keep their home directories in the same > place. > > As Tom H points out, the big issue is to set the selinux attributes of home > directories not in the more common location. There's also a template somewhere for 'adduser' and equivalents to use as the default location when new users are added. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Recommendations for a virtual storage server
On 1/31/11 3:20 AM, carlopmart wrote: > On 01/31/2011 04:05 AM, James A. Peltier wrote: >> - Original Message -> |>> >> |> >> |> Correct. >> | >> | But I don't see how any of those things apply here. If the host fails >> | your vm's >> | are going to fail in any case, and there's not much magic involved in >> | exporting >> | an NFS share even if you need to move it. Iscsi targets are slightly >> | more >> | complicated because it's not included in the base Centos install but >> | you can >> | find howto's to set it up. When your resources are limited it looks >> | like a big >> | waste to add an unnecessary virtual layer to storage. I've done it the >> | other >> | way around, though, with NFS exports from the host being mounted by >> | the guest VM's. >> | >> | -- >> | Les Mikesell >> | lesmikes...@gmail.com >> >> I made no claims that it solved anything. I merely noted why someone might >> want to virtualize in place of NFS. Personally, I don't think that the OP >> really knows what they want, or they want the best of all worlds without >> compromise. I don't see how it is possible to provide what is being asked >> for. Really I think a minimum of two ideally a third server providing iSCSI >> or NFS is needed for the solution to work. That third machine should have >> all of the possible host level redundancy possible to keep it running. If >> H/A is required at least two machines are required. >> > > Ok I will try to explain with more details. First, this installation it is > for my > home personal use, It isn't for a production environment 24x7 or similar. > > I have two physical hosts with this configuration: > > HostA: > >- HP ML150 >- 5GB RAM >- 3TB for storage with HP smartArray E200i >- Intel Xeon QuadCore. > > HostB: > > - HP ML115 G5 > - 8GB RAM > - 160GB for storage > - AMD QuadCore > > Ok, lets go. I need (or I will like to do) to setup several virtual machines > to > accomplish different tasks (remeber, It is for personal use, like a lab > environment): > >- 1 virtual machine using as a DNS server and Kerberos authentication > (CentOS or > RedHat) >- 2 virtual machines with RHCS installed providing several services: smtp > server > (only smtp), mirror updates, squid and cifs server. (with CentOS5) >- 1 virtual machine with Windows 7 as a workstation. >- 1 virtual machine with Windows 2008 R2 server. >- 2 virtual machines with RHCS installed with OSSEC. Snort. Snortby and > Splunk > server (with CentOS5 too) >- 2 virtual machines with OpenBSD firewalls with CARP and load balancing. >- 1 virtual machine as a DMZ Server. > > My idea is to install DNS server (with kerberos auth) and 2 virtual virtual > machines > with RHCS and common services linke smtp, squid, etc onto HP ML150. And the > others > virtual machines running on HP ML115 server. > > Where is the problem?? Problem is the storage. All storage resides on the HP > ML150 > server. For that reason I need to install a server as a virtual storage to > run most > of the virtual machines running on the server HP ML115 with the exception of > firewalls and the DMZ server that resides on the HP ML115's local disk. > > For backups I have an external usb disk with 1TB. You can probably make that work if you don't care much about performance, but it would be much better to toss at least one more drive in the the ML115 - and maybe more RAM in both. Even better if you can add several drives and keep each VM that is active (the firewalls/DNS server, etc. shouldn't be busy but the squid will unless you disable the disk cache) on its own drive. And more RAM would help too. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS and Dell MD3200i / MD3220i iSCSI w/ multipath -- slightly OT
I forget to describe a non-general solution for I/O errors at boot time. Its the Multi-Path Proxy driver (linuxrdac), which acts as one device. Here is a description: http://linux.dell.com/wiki/index.php/Products/HA/DellRedHatHALinuxCluster/Storage/PowerVault_MD3000/Software BR, Peter On Fri, Jan 28, 2011 at 22:32, Peter Gillich wrote: > Hi Ed, > > The persistent reservation is a SCSI-3 feature. I'ts useful in a > cluster environment, where multiple nodes are configured to access a > device while at the same time blocking access to other nodes. > > To disable the iSCSI offload feature, disable the Broadcom iSCSI diver > (bnx2i), for example: > echo "install bnx2i /bin/true" > /etc/modprobe.d/blacklist-broadcom > In this case, only the bnx2 module will be loaded. You can check it by > the lsmod, modinfo and dmesg. Of course, the processor stress will be > inceased. > > BR, > > Peter > > On Tue, Jan 25, 2011 at 05:37, Dr. Ed Morbius wrote: >> on 07:48 Sun 23 Jan, Peter Gillich (pgill...@gmail.com) wrote: >>> Hi, >>> In last summer, I have had same problems with Dell + CentOS + >>> multipath combination. For example I/O errors and stability problems >>> on the initiator machines. The initator machines are (in a Pacemaker >>> cluster): >>> - Dell R310 >>> - Broadcom 5709 Gigabit Ethernet card (4-port) >>> - CentOS 5.4 >>> - 2 Ethernet ports on initiator machines, 2 Ethernet ports in target >>> machines --> 4 iSCSI pathes by initiators >>> >>> Irrespectively of iSCSI, we met the Broadcom MSI-X interrupt problem >>> (corrected in RHEL/CentOS 5.5). We met more (iSCSI) problems with >>> Broadcom cards, which are described on a Dell support page: >>> http://support.dell.com/support/edocs/software/rhel_mn/rhel5_4/en/index.htm >> >> Not familiar with this, though we're using Broadcom NICs, four per host >> for the most part: >> >> 01:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 >> Gigabit Ethernet (rev 20) >> Subsystem: Dell PowerEdge R610 BCM5709 Gigabit Ethernet >> Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- >> ParErr- Stepping- SERR- FastB2B- >> Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- >> SERR- > Latency: 0, Cache Line Size: 64 bytes >> Interrupt: pin A routed to IRQ 98 >> Region 0: Memory at d600 (64-bit, non-prefetchable) [size=32M] >> Capabilities: [48] Power Management version 3 >> Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA >> PME(D0+,D1-,D2-,D3hot+,D3cold+) >> Status: D0 PME-Enable- DSel=0 DScale=1 PME- >> Capabilities: [50] Vital Product Data >> >> We're bonding two NICs together on each of our core and management nets, >> iSCSI traffic is on the management net. >> >> (VMs are set to use E1000, single interface per subnet). >> >>> Since the CentOS is a recompiled RedHat, all RHEL problems and >>> solutions are true for CentOS ;-) >>> The Broadcom driver source code is frequently changed. RedHat follows >>> the Broadcom kernel drivers and iscsi-initiator-utils with some months >>> latency. CentOS follows the RedHat with some days/weeks/monts. >>> >>> Maybe you can find a solution for your problem on a newer Dell support >>> page: >>> http://support.dell.com/support/edocs/software/rhel_mn/rhel5_5/en/index.htm >>> Or here: >>> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/DM_Multipath >>> http://opensource.marshall.edu/papers/rhel5-iscsi-HOWTO.pdf >> >> That Marshall.edu doc looks pretty good. I'll note that if you're >> expecting to mount your network devices at boot, having the netdev >> service running will help (we ran into this issue, repeatedly, thanks to >> a puppet config ;-). >> >>> Some tips: >>> - I've read somewhere about iSCSI multipath I/O errors, which can be a >>> normal behaving in a multipath environment at boot time. (?) >> >> That has been our experience to date. >> >>> - Persistent reservation might be usefult against iSCSI multipath I/O >>> errors. >> >> What's persistent reservation? >> >>> - Disabling iSCSI offload feature (for example: iSCSI over Broadcom ) >>> and TCP offload feature (for example: NFS over Intel) may be helps. >> >> How does one do this / check for this? >> >>> - The iSCSI kernel drivers and iscs-initiator-utils must be updated >>> together. >> >> We'll keep this in mind. >> >>> >>> Finally, some comments: >>> - Never use Broadcom GbE card. Intel might be better (mostly) >> >> I think we're stuck with 'em. Dell seems to have been shipping with >> Broadcom for some years. Early experiences were horrible, lately it's >> been getting better, but I'm still leary of the brand. >> >>> - The Dell is hardware manufacturer (supplier), not an >>> OS/driver/utility developer. If you would like to get more support, >>> you may buy RHEL licenses (with the Dell hardware or from RedHat). >>> Sometime it's cheaper than taking days for a problem (but sometime >
Re: [CentOS] RAID support in kernel?
On 1/31/11 3:24 AM, Les Bell wrote: > > Kenni Lund wrote: > >>> > Fakeraid is a proprietary software RAID > solution, so if your motherboard suddently decides to die, how will > you then get access to your data? > << > > Obviously, you restore it from a backup. RAID is not a substitute for > backups. Or, you swap the disks into a spare chassis which can be much faster. The point here is that hardware or fake hardware raid will require a matching controller, where linux software raid will work on any machine with a compatible interface. In the case of RAID1 you can use any single disk that still works - or even plug it into a USB adapter cable to access the data from a different machine. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID support in kernel?
2011/1/31 Steve Brooks : > On Mon, 31 Jan 2011, Les Bell wrote: > >> >> Kenni Lund wrote: >> >> Fakeraid is a proprietary software RAID >> solution, so if your motherboard suddently decides to die, how will >> you then get access to your data? >> << >> >> Obviously, you restore it from a backup. RAID is not a substitute for >> backups. >> >> Best, >> >> --- Les Bell > > Hmm... What percentage of home users keep backups of their systems and > data .. not enough me thinks? Ditto...I have backups of all of my important data at home, but not of the operating systems or of the less important data. When something breaks, I'll have a backup of all the important stuff, but I'll still need to spend time on reinstalling the operating system, configuring it, etc. I think this is true for most home users. Anyway, the point is not to use RAID as a backup system, since it obviously isn't, but just not to lock yourself into using a doubtful vendor specific software RAID solution, when there's a much more portable solution integrated in the kernel, which at the same time probably is more well-tested and free of bugs. Best regards Kenni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID support in kernel?
On Mon, 31 Jan 2011, Les Bell wrote: > > Kenni Lund wrote: > >>> > Fakeraid is a proprietary software RAID > solution, so if your motherboard suddently decides to die, how will > you then get access to your data? > << > > Obviously, you restore it from a backup. RAID is not a substitute for > backups. > > Best, > > --- Les Bell Hmm... What percentage of home users keep backups of their systems and data .. not enough me thinks? Go with Linux software raid it is very stable and as Kenni Lund states is more portable than the software raid found on many motherboard chipsets that aspire/claim to be hardware raid. Steve -- Dr Stephen Brooks http://www-solar.mcs.st-and.ac.uk/ Solar MHD Theory Group Tel:: 01334 463735 Fax:: 01334 463748 E-mail :: ste...@mcs.st-andrews.ac.uk --- Mathematical Institute North Haugh University of St. Andrews St Andrews, Fife KY16 9SS SCOTLAND --- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd problem
Yang Yang wrote on Mon, 31 Jan 2011 19:52:59 +0800: > i do not know what happen,please give me a good answer Did you already check http://www.google.de/search?as_q=SSH2_MSG_KEXINIT ? Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redirecting traffic using iptables
On 31/01/2011 13:46, Jobst Schmalenbach wrote: Hi. I have two internet connections, the ADSL2+ is very very cheap (but fast 10mb) and I want to use the SHDSL (2mb) only for mail,ssh,http OUT and the ADSL2+ only for surfing. I all works fine if people specify the proxy in the browser, but in case like flash it of no use. Further if I can make the 80/443 traffic go through the proxy only, its an added bonus. If this can be done, fine. Bue I want all 80/443 traffic go through host2. SHDSL ADSL2+ -- --- host 1 host2 SQUID -- --- || host3 | eth1 On host 3 I have been trying to do this with IPtables, but I am stuck, I tried to utilise squid too, does not work tried: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128 browser tell me "invalid request". All I want is to redirect all traffic through host2 if ports 443 and 80 are encountered, thats all. If it goes through the proxy it is an added bonus, but not required. ANy ideas, anyone? Read the transparent proxy howto... you may need to do SNAT as well as DNAT. http://tldp.org/HOWTO/TransparentProxy-6.html -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] redirecting traffic using iptables
Hi. I have two internet connections, the ADSL2+ is very very cheap (but fast 10mb) and I want to use the SHDSL (2mb) only for mail,ssh,http OUT and the ADSL2+ only for surfing. I all works fine if people specify the proxy in the browser, but in case like flash it of no use. Further if I can make the 80/443 traffic go through the proxy only, its an added bonus. If this can be done, fine. Bue I want all 80/443 traffic go through host2. SHDSL ADSL2+ -- --- host 1 host2 SQUID -- --- || host3 | eth1 On host 3 I have been trying to do this with IPtables, but I am stuck, I tried to utilise squid too, does not work tried: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128 browser tell me "invalid request". All I want is to redirect all traffic through host2 if ports 443 and 80 are encountered, thats all. If it goes through the proxy it is an added bonus, but not required. ANy ideas, anyone? Jobst -- 'Two things are infinite: the universe and human stupidity, and I'm not sure about the first one. - Albert Einstein | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] sshd problem
my server is on centos 5.5,it is just a new reinstall system i build a php depend on server and used nginx,php,mysql ssh is default 22 port The system perfomance good a few time.but it is always happen a problem only need hardware reboot to solve.the server is on idc.so i can not see the local screen information. the appearance is: 1.it can not use ssh to connect,it show server is down or rebooting 2.ping is ok 3.http can show nginx's information(nginx/0.8.46),but can not load right page,and it show 403 forbiden page i use another server usessh -vv xxx.xxx.xxx.xxx,and the responce is: SSH2_MSG_KEXINIT sent close sshd hangs after SSH2_MSG_KEXINIT sent i do not know what happen,please give me a good answer thanks erverbody ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID support in kernel?
Kenni Lund wrote: >> Fakeraid is a proprietary software RAID solution, so if your motherboard suddently decides to die, how will you then get access to your data? << Obviously, you restore it from a backup. RAID is not a substitute for backups. Best, --- Les Bell [http://www.lesbell.com.au] Tel: +61 2 9451 1144 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Recommendations for a virtual storage server
On 01/31/2011 04:05 AM, James A. Peltier wrote: > - Original Message -> |>> > |> > |> Correct. > | > | But I don't see how any of those things apply here. If the host fails > | your vm's > | are going to fail in any case, and there's not much magic involved in > | exporting > | an NFS share even if you need to move it. Iscsi targets are slightly > | more > | complicated because it's not included in the base Centos install but > | you can > | find howto's to set it up. When your resources are limited it looks > | like a big > | waste to add an unnecessary virtual layer to storage. I've done it the > | other > | way around, though, with NFS exports from the host being mounted by > | the guest VM's. > | > | -- > | Les Mikesell > | lesmikes...@gmail.com > > I made no claims that it solved anything. I merely noted why someone might > want to virtualize in place of NFS. Personally, I don't think that the OP > really knows what they want, or they want the best of all worlds without > compromise. I don't see how it is possible to provide what is being asked > for. Really I think a minimum of two ideally a third server providing iSCSI > or NFS is needed for the solution to work. That third machine should have > all of the possible host level redundancy possible to keep it running. If > H/A is required at least two machines are required. > Ok I will try to explain with more details. First, this installation it is for my home personal use, It isn't for a production environment 24x7 or similar. I have two physical hosts with this configuration: HostA: - HP ML150 - 5GB RAM - 3TB for storage with HP smartArray E200i - Intel Xeon QuadCore. HostB: - HP ML115 G5 - 8GB RAM - 160GB for storage - AMD QuadCore Ok, lets go. I need (or I will like to do) to setup several virtual machines to accomplish different tasks (remeber, It is for personal use, like a lab environment): - 1 virtual machine using as a DNS server and Kerberos authentication (CentOS or RedHat) - 2 virtual machines with RHCS installed providing several services: smtp server (only smtp), mirror updates, squid and cifs server. (with CentOS5) - 1 virtual machine with Windows 7 as a workstation. - 1 virtual machine with Windows 2008 R2 server. - 2 virtual machines with RHCS installed with OSSEC. Snort. Snortby and Splunk server (with CentOS5 too) - 2 virtual machines with OpenBSD firewalls with CARP and load balancing. - 1 virtual machine as a DMZ Server. My idea is to install DNS server (with kerberos auth) and 2 virtual virtual machines with RHCS and common services linke smtp, squid, etc onto HP ML150. And the others virtual machines running on HP ML115 server. Where is the problem?? Problem is the storage. All storage resides on the HP ML150 server. For that reason I need to install a server as a virtual storage to run most of the virtual machines running on the server HP ML115 with the exception of firewalls and the DMZ server that resides on the HP ML115's local disk. For backups I have an external usb disk with 1TB. Thanks. -- CL Martinez carlopmart {at} gmail {d0t} com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID support in kernel?
2011/1/30 Michael Klinosky : > Robert wrote: >> You are generally *better off* to *disable* the motherboard RAID >> controller and use native Linux software RAID. > > After my research, I'm realizing that linux doesn't quite support it. > So, I'll probably do as you suggested. I don't know if "linux doesn't quite support it" is true, but nevertheless, even if Linux/CentOS had PERFECT support for it, you still shouldn't use it IMHO. The whole point of RAID is to give some sort of protection against hardware (HDD) failures. Fakeraid is a proprietary software RAID solution, so if your motherboard suddently decides to die, how will you then get access to your data? You'll need another motherboard/system with a fakeraid compatible controller, but how will you know if the new fakeraid-based controller is compatible with your HDDs created with the old controller? How will you know if the RAID controller has the correct firmware? Your best bet is to buy exactly the same motherbord (if it's still available at that time) and put the same BIOS version on it as your old board had. Using Linux software RAID, you'll get the same performance as fakeraid and you can plug your HDDs into any motherboard running Linux to access your data. Linux own implementation of software RAID was introduced in kernel 2.1 (somewhere around ~1997), so you can be fairly sure that the solution is well tested - something which is most likely not the case with a fakeraid controller with limited/partly missing Linux support. The only valid reason to run fakeraid I can think of, is if you're going to run Windows on it. Best regards Kenni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to relocate $HOME directory
On Mon, Jan 31, 2011 at 8:22 AM, Tom H wrote: > On Mon, Jan 31, 2011 at 12:18 AM, Rudi Ahlers wrote: >> On Sun, Jan 30, 2011 at 11:07 PM, Soo-Hyun Choi >> wrote: >>> >>> As you know, $HOME is generally located at "/home/$username" by default. >>> >>> I would like to re-locate all users' $HOME directories to something like >>> "/export/home/$username" without having a hassle/trouble. >>> >>> Initially, I've thought of just copying them to the new directory (under >>> /export/home/xxx), but guessed it might trouble for the normal use (I'm >>> pretty new to CentOS, although many experiences with Debian/Ubuntu). >>> >>> Is there any good tricks (or caveats) when moving users' home directory >>> cleanly with CentOS? (I'm with CentOS 5.5 x86_64) >> >> The easiest way would be to move (or copy) everything in /home to >> /export/home, and then remount /home on /export/home in your fstab. >> >> Before you remount it, you may want to rename it to say /oldhome or >> /home2 or something like that, and then if everything works fine then >> you simply delete it :) > > If you're changing the root of /home to another mount point or > directory, say "/export/home", you'll also have to use semanage to set > its selinux context to "home_root_t", etc. > ___ I generally do this on systems without website stored in the home folders, since website files are normally stored in /var/www/html folder by default. So, in this case you just need to update the httpd.conf file and tell it where the new home folder resides, IF you actually store website files in the /home folder. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to relocate $HOME directory
On 01/31/11 12:34 AM, Kenneth Porter wrote: > --On Monday, January 31, 2011 12:55 AM -0500 Nico Kadel-Garcia > wrote: > >> This tends to break symlinks and hard-coded script locations. In >> particular, Samba and Apache make some assumptions about where home >> directories live that you might want to resolve if you enable homedir >> access for or public_html access for those tools. > I'd be surprised if such well-written packages didn't simply use the value > from /etc/passwd (acquired by the appropriate API, such as getpwent(3)). > Remember also that Samba and Apache are written to be used on other than > Linux, and other OS's might not keep their home directories in the same > place. > apache itself has no clue and doesn't look at /etc/passwd or any other such. instead, /home/*/public_html is specified in the httpd.conf files, if that feature is enabled. > As Tom H points out, the big issue is to set the selinux attributes of home > directories not in the more common location. yeah,t hat will bite you ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Groups
--On Sunday, January 30, 2011 8:14 PM -0800 Jason S-M wrote: > Secondarily /var/www/html/ is owned by root:root, can I > change this to something else so my sftp'ing is easier? apache:apache as > owner? I would avoid giving the apache user write access to anything under /var/www/html unless it absolutely needs it. That prevents a rogue break-in through the web server from rewriting your web content and creating a back door into your system. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to relocate $HOME directory
--On Monday, January 31, 2011 12:55 AM -0500 Nico Kadel-Garcia wrote: > This tends to break symlinks and hard-coded script locations. In > particular, Samba and Apache make some assumptions about where home > directories live that you might want to resolve if you enable homedir > access for or public_html access for those tools. I'd be surprised if such well-written packages didn't simply use the value from /etc/passwd (acquired by the appropriate API, such as getpwent(3)). Remember also that Samba and Apache are written to be used on other than Linux, and other OS's might not keep their home directories in the same place. As Tom H points out, the big issue is to set the selinux attributes of home directories not in the more common location. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos