Re: [CentOS] Swap space for kvm virtual host

[John R Pierce]

On 03/14/11 4:45 PM, Nataraj wrote:
> Do you have any sense of whether this takes a big performance hit with
> software raid?  (I was actually planning on hardware raid but the system
> got ordered incorrectly).

if you have adequate memory for your workload, very little data gets 
written to swap, and what is written is done in the background so its of 
little importance to performance.

if your swap is mirrored, writes have to be done to both devices, while 
reads can be load balanced across them, so the write performance is 
equivalent to a single disk, while the read performance in aggregate may 
be twice as fast as a single drive.

if you DONT have adequate memory for your workload, your performance 
will suck pretty badly regardless of how fast the swap device(s) are.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Swap space for kvm virtual host

[Lucian]

On Mon, Mar 14, 2011 at 11:45 PM, Nataraj  wrote:
> Do you have any sense of whether this takes a big performance hit with
> software raid?  (I was actually planning on hardware raid but the system
> got ordered incorrectly).

I have lots of machines running linux raid and swap on top of it,
haven't noticed anything out of order so far; go for it.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Swap space for kvm virtual host

[Nataraj]

On 03/14/2011 03:07 PM, John R Pierce wrote:
> On 03/14/11 3:02 PM, Dr. Ed Morbius wrote:
>> I'd allocate swap to the raw devices rather than the RAID devices,
>
> why would you use RAID and not RAID your swap?the primary (many say, 
> only) purpose of RAID is to maintain uptime, and having any swap device 
> fail will ensure your system immediately crashes.
>
> I *always* mirror my swap devices on any system that is using RAID.
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos


Do you have any sense of whether this takes a big performance hit with
software raid?  (I was actually planning on hardware raid but the system
got ordered incorrectly).

Thank You,
Nataraj

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Swap space for kvm virtual host

[John R Pierce]

On 03/14/11 3:02 PM, Dr. Ed Morbius wrote:
> I'd allocate swap to the raw devices rather than the RAID devices,


why would you use RAID and not RAID your swap?the primary (many say, 
only) purpose of RAID is to maintain uptime, and having any swap device 
fail will ensure your system immediately crashes.

I *always* mirror my swap devices on any system that is using RAID.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Swap space for kvm virtual host

[Dr. Ed Morbius]

on 14:24 Mon 14 Mar, Nataraj (incoming-cen...@rjl.com) wrote:
> I have a kvm virtual host running on what will become CentOS 6 with 12GB
> of memory and a Quad Xeon  X5560 2.8Ghz .  The store for virtual
> machines will be a software raid 6 array of 6 disks with an LVM layered
> on top.  I'm not initially planning any major overcommitment of
> resources, though there could be a need for some overcommitment with a
> light workload on the guests.
> 
>  In recent years people seem to configure a wide range of different swap
> allocations.  I was thinking initially to spread swap across seperate
> non-raid partitions on 4 of these disks, but the downside of that is if
> I put 2gb on each disk, then I can only swap processes that will fit in
> 2gb swap space.  

Incorrect.

Linux processes aren't "swapped" to disk (the entire process memory
space), but are paged (given memory blocks are swapped out
individually).

Swap allocated over multiple spindles is effectively striped (treated as
one large RAID 0 partition).

If you've got SSD, you'll get even better swap performance.

For an excellent explanation of how Linux pages / handles memory:

http://sourcefrog.net/weblog/software/linux-kernel/swap.html

> Also, if one of the disks fails, I have to reboot if
> anything was swapped to that drive.
> 
> My questions are as follows:
> 
>1. What experience are others having with putting swap space on raid
>   partitions?  I was thinking about maybe swapping on a raid10
>   device, otherwise an LVM spanning multiple drives.

I'd allocate swap to the raw devices rather than the RAID devices,
particularly if using SW RAID.  In the case of HW RAID, it's a bit of a
toss-up.  Whatever's easier to manage.

>2. In practice, what kinds of swap allocation are people finding
>   useful for a kvm virtual host of this size?

1-3x RAM is still my rule of thumb.

> I definitely don't want a system that is so overcommited that
> performance is impacted, but if some overcommitment is reasonable for
> VM's that have light workload, then I consider that.  I can increase
> system resources when that becomes necessary.

For this, you'll want to set the overcommit and swappiness kernel
parameters.  Amount of swap space is a secondary consideration.  How
much swap you /have/ and how much swap you're /doing/ are two different
things.

-- 
Dr. Ed Morbius, Chief Scientist /|
  Robot Wrangler / Staff Psychologist| When you seek unlimited power
Krell Power Systems Unlimited|  Go to Krell!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Swap space for kvm virtual host

[Kwan Lowe]

On Mon, Mar 14, 2011 at 5:24 PM, Nataraj  wrote:
[snip]
>  In recent years people seem to configure a wide range of different swap
> allocations.  I was thinking initially to spread swap across seperate
> non-raid partitions on 4 of these disks, but the downside of that is if I
> put 2gb on each disk, then I can only swap processes that will fit in 2gb
> swap space.  Also, if one of the disks fails, I have to reboot if anything
> was swapped to that drive.

I'm not certain that's entirely accurate... It's not so much "swap
space" as "page space".  I.e., there are pages being swapped out
rather than entire processes.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Swap space for kvm virtual host

[Nataraj]

I have a kvm virtual host running on what will become CentOS 6 with 12GB
of memory and a Quad Xeon  X5560 2.8Ghz .  The store for virtual
machines will be a software raid 6 array of 6 disks with an LVM layered
on top.  I'm not initially planning any major overcommitment of
resources, though there could be a need for some overcommitment with a
light workload on the guests.

 In recent years people seem to configure a wide range of different swap
allocations.  I was thinking initially to spread swap across seperate
non-raid partitions on 4 of these disks, but the downside of that is if
I put 2gb on each disk, then I can only swap processes that will fit in
2gb swap space.  Also, if one of the disks fails, I have to reboot if
anything was swapped to that drive.

My questions are as follows:

   1. What experience are others having with putting swap space on raid
  partitions?  I was thinking about maybe swapping on a raid10
  device, otherwise an LVM spanning multiple drives.
   2. In practice, what kinds of swap allocation are people finding
  useful for a kvm virtual host of this size?

I definitely don't want a system that is so overcommited that
performance is impacted, but if some overcommitment is reasonable for
VM's that have light workload, then I consider that.  I can increase
system resources when that becomes necessary.

Nataraj

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Server locking up everyday around 3:30 AM

[Les Mikesell]

On 3/14/2011 3:24 PM, Scott Silva wrote:
> 
>>
>> (those commands should run the cron normally except starting at 03:00,
>> where it should kick off at 3:15 instead of 03:05)
>>
>> If it also fails to start at 03:15 then that would suggest that
>> something is happening to the cron job the last time it is run to make
>> it hang (or make the system think it is hung).
>>
> I wonder if the other end has some file(s) locked for writing or other reason
> and that is choking the local wget.

But nothing the other end does should cause a kernel task hang. 
Shouldn't that only be inside a device driver?

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wich filesystem to store > 250E6 small files in same or hashed dire

[Adam Tauno Williams]

On Mon, 2011-03-14 at 13:10 -0700, Dr. Ed Morbius wrote:
> on 13:10 Sat 12 Mar, Alain Spineux (aspin...@gmail.com) wrote:
> > Hi
> > I need to store about 250.000.000 files. Files are less than 4k.
> > On a ext4 (fedora 14)  the system crawl at 10.000.000 in the same directory.
> > I tried to create hash directories, two level of 4096 dir = 16.000.000
> > but I had to stop the script to create these dir after hours
> > and "rm -rf"  would have taken days ! mkfs was my friend
> > I tried two levels, first of 4096 dir, second of 64 dir. The creation
> > of the hash dir took "only" few minutes,
> > but copying 1 files make my HD scream for 120s ! I take only 10s
> > when working in the same directory.
> > The filenames are all 27 chars and the first chars can be used to hash
> > the files.

Exactly {XY}/{XY}/{ABCDEFGHIJKLMNOPQRSTUVW} will probably work just
fine.  Two characters is 676 combinations, hardly a large directory, and
that puts less than 1,000 entries in a folder.

> > My question is : Which filesystem and how to store these files ?
> I'd also question the architecture and suggest an alternate approach:
> hierarchical directory tree, database, "nosql" hashing lookup, or other
> approach.  See squid for an example of using directory trees to handle
> very large numbers of objects.   

Exactly. Squid and Cyrus IMAPd both manage to store massive number of
objects in a filesystem using hashing.  It is simple and reliable.

I'd wonder if that is really an issue if you just don't have an actual
I/O throughput problem.  Certainly trying to do any solution on a
single-disk is going to be awful.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Server locking up everyday around 3:30 AM

[Scott Silva]

> 
> (those commands should run the cron normally except starting at 03:00,
> where it should kick off at 3:15 instead of 03:05)
> 
> If it also fails to start at 03:15 then that would suggest that
> something is happening to the cron job the last time it is run to make
> it hang (or make the system think it is hung).
> 
I wonder if the other end has some file(s) locked for writing or other reason
and that is choking the local wget.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wich filesystem to store > 250E6 small files in same or hashed dire

[Dr. Ed Morbius]

on 13:10 Sat 12 Mar, Alain Spineux (aspin...@gmail.com) wrote:
> Hi
> 
> I need to store about 250.000.000 files. Files are less than 4k.
> 
> On a ext4 (fedora 14)  the system crawl at 10.000.000 in the same directory.
> 
> I tried to create hash directories, two level of 4096 dir = 16.000.000
> but I had to stop the script to create these dir after hours
> and "rm -rf"  would have taken days ! mkfs was my friend
> 
> I tried two levels, first of 4096 dir, second of 64 dir. The creation
> of the hash dir took "only" few minutes,
> but copying 1 files make my HD scream for 120s ! I take only 10s
> when working in the same directory.
> 
> The filenames are all 27 chars and the first chars can be used to hash
> the files.
> 
> My question is : Which filesystem and how to store these files ?

I'd also question the architecture and suggest an alternate approach:
hierarchical directory tree, database, "nosql" hashing lookup, or other
approach.  See squid for an example of using directory trees to handle
very large numbers of objects.   In fact, if you wired things up right,
you could probably use squid as a proxy back-end.

In general, I'd say a filesystem is the wrong approach to this problem.

What's the creation/deletion/update/lifecycle of these objects?  Are
they all created at once?  A few at a time?  Are they ever updated?  Are
they expired and/or deleted?

Otherwise, reiserfs and its hashed directory indexes scales well, though
I've only pushed it to about 125,000 entries in a single node.  There is
the usual comment about viability of a filesystem whose principle
architect is in jail on a murder charge.

It's possible XFS/JFS might also work.  I'd suggest you test building
and deleting large directories.

Incidentally, for testing, 'make -J' can be useful for parallelizing
processing, which would also test whether or not locking/contention on
the directory entry itself is going to be a bottleneck (I suspect it may
be).

You might also find that GNU 'find's "-depth" argument is useful for
deleting deep/large trees.

-- 
Dr. Ed Morbius, Chief Scientist /|
  Robot Wrangler / Staff Psychologist| When you seek unlimited power
Krell Power Systems Unlimited|  Go to Krell!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] FTP accounts

[Always Learning]

On Mon, 2011-03-14 at 13:32 -0400, Josh wrote:

> It depends on the FTP server software you use. If you are using VSFTP,
> then you want to add or uncomment the following line in
> /etc/vsftpd/vsftpd.conf
> chroot_local_user=YES
> Save the changes. Restart VSFTPD. This will jail the user to their
> home directory.
> Taken from: 
> http://centoshacker.com/kabir/remove-access/creating-a-chroot-jail-enabled-ftp-service.html

But do read the .conf file


# You may specify an explicit list of local users to chroot() to
# their home directory.
# If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (default follows)
# chroot_list_file=/etc/vsftpd/chroot_list


You can, instead, add the users name to the "chroot_list_file". Then
don't active "chroot_local_user=YES". I use the file and have these
lines active in vsftpd.conf

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot.list


With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wich filesystem to store > 250E6 small files in same or hashed dire

[Les Mikesell]

On 3/14/2011 12:33 PM, Alain Spineux wrote:
>
>> File aaa12345 goes in
>>
>>$DIR/a/a/a/12345
>>
>> File abc6789 goes in
>>
>> $DIR/a/b/c/6789
>
> Try to create this king of tree yourself and when done, remove it.
> I took hours on my box and it is even faster to keep all files in the
> same diretory.
> I looks like working in multiple directories slow down the process also

Normally, directory/inode caching would help but you are probably 
exceeding any reasonable caching attempt and making it thresh.

> I read other posts and articles and handle more than 100M files become
> a problem !
> 256M is a problem and more than 1G files is a big problem.
>
> I was splitting data into files to help me. I will keep them in big files.

Depending on your access needs you might investigate some of the 
scalable nosql databases like riak or cassandra.   These would let you 
distribute the data (and access contention) across a cluster of 
machines.  Riak has an extension called luwak that handles large data 
streams by chunking into smaller key/value sets which are then 
distributed over the cluster.  The way implementation works, you also 
get de-duplication of chunks - with the down side that you can't really 
delete anything.  And riak in general wants to keep all the keys in RAM 
which might be an issue for your use unless you can spread it over 
several machines.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] FTP accounts

[Huib Laurens]

Hello,

Its fixed now, it seems to be it was a easy fix and I was kind of waisting
your time, but thanks for the answers. I did google it and couldn't get a
good answer.

@ Nico Kadel-Garcia

Currently this server is setup for back-up the our other 3 servers and
people can get FTP for backing-up there site. I prefer FTP because people
*know* FTP, when I give them something different to use there is a change
they are scared and will not use it.

Best,

Huib

2011/3/14 Nico Kadel-Garcia 

> On Mon, Mar 14, 2011 at 1:27 PM, Huib Laurens  wrote:
> > Hello,
> >
> > I have setup a centos server running 5.5 and I have a problem with the
> FTP
> > settings.
> >
> > Currently I have two FTP accounts based on that server, they lead to:
> >
> > /home/bella
> > /home/carmen
> >
> > Currently the FPT accounts starts in the home directory when they are
> logged
> > in. But they are able to see all directories on the server. What can I do
> to
> > make sure they cant come out of there home directory?
> >
> > --
> > Regards,
> > Huib "Abigor" Laurens
>
> First things first. *DO NOT* use FTP. It's a blatantly insecure
> protocl and passes passwords, and data, in the clear.
>
> Second, if you *MUST* use FTP, do not use it with normal usernames and
> passwords.
>
> Third, if you *MUST* use FTP, use FTPS which SSL tunnels the connections.
>
> Fourth, read the manual page on the "vsftpd" server. In particulare,
> review this:
>
> chroot_list_enable
>If activated, you may provide a list of local users who are
> placed in a chroot() jail in their home directory upon login. The
> meaning is slightly different if chroot_local_user is set to YES. In
> this case, the list becomes a list of users which are NOT to be placed
> in a chroot() jail. By default, the file containing this list is
> /etc/vsftpd.chroot_list, but you may override this with the
> chroot_list_file setting.
> Default: NO
>



-- 
Regards,
Huib "Abigor" Laurens



Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5.5 php configure errors

[Roberto Alvarado]

You need to install the devel packages:

libxml2-devel.i386
libxml2-devel.x86_64

Regards.


On 14-03-2011 14:22, Ron Young wrote:
I am attempting to install odbtp on my newly created lamp server 
running CentOS 5.5 and php 5.2.17.  The odbtp compile failed looking 
for lots of zend related files supposedly in the php install dir.  I 
learned from the odbtp project forum that I need to run configure in 
the php source directory.


So I downloaded the php 5.2.17 source  and ran ./configure and got 
these results:


root@myserver php-5.2.17]# ./configure
...
checking whether to enable LIBXML support... yes
checking libxml2 install dir... no
checking for xml2-config path...
configure: error: xml2-config not found. Please check your libxml2
installation.
[root@myserver php-5.2.17]#

[root@myserver php-5.2.17]# yum list libxml2
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
* addons: mirrors.igsobe.com 
* base: mirror.cogentco.com 
* epel: mirror.vcu.edu 
* extras: mirror.ash.fastserv.com 
* ius: mirror.rackspace.com 
* updates: mirror.cogentco.com 
Installed Packages
libxml2.i386 2.6.26-2.1.2.8.el5_5.1
installed
libxml2.x86_64 2.6.26-2.1.2.8.el5_5.1
installed
[root@myserver php-5.2.17]#

What am I missing?  Suggestions?


Regards,

Ron Young
919-621-9015
http://www.linkedin.com/in/ronhyoung

+++
Little tiny dreams require little tiny thoughts and little tiny steps.
Great big dreams require great big thoughts and little tiny steps.
+++


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] FTP accounts

[Nico Kadel-Garcia]

On Mon, Mar 14, 2011 at 1:27 PM, Huib Laurens  wrote:
> Hello,
>
> I have setup a centos server running 5.5 and I have a problem with the FTP
> settings.
>
> Currently I have two FTP accounts based on that server, they lead to:
>
> /home/bella
> /home/carmen
>
> Currently the FPT accounts starts in the home directory when they are logged
> in. But they are able to see all directories on the server. What can I do to
> make sure they cant come out of there home directory?
>
> --
> Regards,
> Huib "Abigor" Laurens

First things first. *DO NOT* use FTP. It's a blatantly insecure
protocl and passes passwords, and data, in the clear.

Second, if you *MUST* use FTP, do not use it with normal usernames and
passwords.

Third, if you *MUST* use FTP, use FTPS which SSL tunnels the connections.

Fourth, read the manual page on the "vsftpd" server. In particulare,
review this:

chroot_list_enable
If activated, you may provide a list of local users who are
placed in a chroot() jail in their home directory upon login. The
meaning is slightly different if chroot_local_user is set to YES. In
this case, the list becomes a list of users which are NOT to be placed
in a chroot() jail. By default, the file containing this list is
/etc/vsftpd.chroot_list, but you may override this with the
chroot_list_file setting.
Default: NO
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wich filesystem to store > 250E6 small files in same or hashed dire

[Alain Spineux]

On Sat, Mar 12, 2011 at 10:14 PM, Nico Kadel-Garcia  wrote:
> On Sat, Mar 12, 2011 at 4:04 PM, Alain Spineux  wrote:
>> Thanks to everybody for answering.
>>
>> I thing >250E6 is a lot and keep decent read and write access speed is unreal
>> using mutli-purpose filesystems like ext? and other ?FS.
>> I would need a dedicated filesystem for that.
>>
>> This problem was only a possible solution to another problem.
>> I will solve the original problem using another way.
>>
>
> Why, exactly, are you doing this? The normal approach for such dense
> repositories is to create a hierarchy of subdirectories.
>
> File aaa12345 goes in
>
>   $DIR/a/a/a/12345
>
> File abc6789 goes in
>
>    $DIR/a/b/c/6789

Try to create this king of tree yourself and when done, remove it.
I took hours on my box and it is even faster to keep all files in the
same diretory.
I looks like working in multiple directories slow down the process also

I read other posts and articles and handle more than 100M files become
a problem !
256M is a problem and more than 1G files is a big problem.

I was splitting data into files to help me. I will keep them in big files.

Regards

Anyway it was too slow.

>
> And whatever is accessing or creating the files is taught the
> algorithm used. This requires some programming up front, but helps
> prevent precisely the outrageous directory size you describe.
> Handling, sorting, and reporting on that many files in one directory
> is an old and painful problem.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Alain Spineux                   |  aspineux gmail com
Monitor your iT & Backups |  http://www.magikmon.com
Free Backup front-end       | http://www.magikmon.com/mksbackup
Your email 100% available |  http://www.emailgency.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] FTP accounts

[Josh]

On Mon, Mar 14, 2011 at 1:27 PM, Huib Laurens  wrote:
> Hello,
>
> I have setup a centos server running 5.5 and I have a problem with the FTP
> settings.
>
> Currently I have two FTP accounts based on that server, they lead to:
>
> /home/bella
> /home/carmen
>
> Currently the FPT accounts starts in the home directory when they are logged
> in. But they are able to see all directories on the server. What can I do to
> make sure they cant come out of there home directory?
>
> --
> Regards,
> Huib "Abigor" Laurens
>
>
>
> Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

It depends on the FTP server software you use. If you are using VSFTP,
then you want to add or uncomment the following line in
/etc/vsftpd/vsftpd.conf
chroot_local_user=YES
Save the changes. Restart VSFTPD. This will jail the user to their
home directory.
Taken from: 
http://centoshacker.com/kabir/remove-access/creating-a-chroot-jail-enabled-ftp-service.html

If you use ProFTPD (which is what I use), then follow this guide:
http://www.proftpd.org/docs/howto/Chroot.html

Josh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] FTP accounts

[Roberto Alvarado]

If you are using proftpd, you have to add this line to the config file:

DefaultRoot ~

More info at:

http://www.proftpd.org/docs/directives/linked/config_ref_DefaultRoot.html

Regards.

On 14-03-2011 14:27, Huib Laurens wrote:

Hello,

I have setup a centos server running 5.5 and I have a problem with the 
FTP settings.


Currently I have two FTP accounts based on that server, they lead to:

/home/bella
/home/carmen

Currently the FPT accounts starts in the home directory when they are 
logged in. But they are able to see all directories on the server. 
What can I do to make sure they cant come out of there home directory?


--
Regards,
Huib "Abigor" Laurens



Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] FTP accounts

[Huib Laurens]

Hello,

I have setup a centos server running 5.5 and I have a problem with the FTP
settings.

Currently I have two FTP accounts based on that server, they lead to:

/home/bella
/home/carmen

Currently the FPT accounts starts in the home directory when they are logged
in. But they are able to see all directories on the server. What can I do to
make sure they cant come out of there home directory?

-- 
Regards,
Huib "Abigor" Laurens



Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 5.5 php configure errors

[Ron Young]

I am attempting to install odbtp on my newly created lamp server running
CentOS 5.5 and php 5.2.17.  The odbtp compile failed looking for lots of
zend related files supposedly in the php install dir.  I learned from the
odbtp project forum that I need to run configure in the php source
directory.

So I downloaded the php 5.2.17 source  and ran ./configure and got these
results:

root@myserver php-5.2.17]# ./configure
...
checking whether to enable LIBXML support... yes
checking libxml2 install dir... no
checking for xml2-config path...
configure: error: xml2-config not found. Please check your libxml2
installation.
[root@myserver php-5.2.17]#

[root@myserver php-5.2.17]# yum list libxml2
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
* addons: mirrors.igsobe.com
* base: mirror.cogentco.com
* epel: mirror.vcu.edu
* extras: mirror.ash.fastserv.com
* ius: mirror.rackspace.com
* updates: mirror.cogentco.com
Installed Packages
libxml2.i386 2.6.26-2.1.2.8.el5_5.1
installed
libxml2.x86_64 2.6.26-2.1.2.8.el5_5.1
installed
[root@myserver php-5.2.17]#

What am I missing?  Suggestions?


Regards,

Ron Young
919-621-9015
http://www.linkedin.com/in/ronhyoung

+++
Little tiny dreams require little tiny thoughts and little tiny steps.
Great big dreams require great big thoughts and little tiny steps.
+++
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Web server becoming unresponsive : high load

[Kai Schaetzl]

The ius packages are fine, you shouldn't use an unpatched old PHP version.

Kai


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS still serving old directory after rename

[Stephen Harris]

On Mon, Mar 14, 2011 at 10:33:11AM -0500, neubyr wrote:
> Thanks for the reply Nico.  I unmounted dir in a clean manner. I made
> sure that no other process is trying to access that mounted dir on
> client side. Not sure what was the problem, but it seems to be working

NFS shares are done via inode number so renaming the directory is
inadequate.  You need to unexport the directory, rename, create the
new then re-export.

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS still serving old directory after rename

[neubyr]

On Mon, Mar 14, 2011 at 10:04 AM, Nico Kadel-Garcia  wrote:
> On Mon, Mar 14, 2011 at 10:49 AM, neubyr  wrote:
>> Howdy,
>>
>> I have renamed a directory on NFS ver 3 server and then created a new
>> directory again with the same name.
>> # mv dir dir-hosed
>> # mkdir dir
>>
>> The directory is auto-mounted on client side. I had unmounted
>> directories on client side before making above changes. Now when I try
>> to mount back 'dir', I still see old files and not new empty dir. Am I
>> missing something here in the NFS config? Is it caching old directory
>> contents? Any help?
>
> One step at a time. Show your automount tables: are you using direct
> automounting, which requires "/sbin/service autofs reload" ? Or
> indirect automounting, which should just work? And when you say you
> "unmounted directories on client side", how exactly did you do that?
> Did you do "umount /mount/dir" and get a successful unmount? Or did
> you do a naughty thing and use "umount -l", which can create chaos
> without careful handling?
>
> If you have old software holding open the mount point, the
> automounting changes *will not* overwrite the old mountpoint until
> they are released properly. And it shouldn't!
>

Thanks for the reply Nico.  I unmounted dir in a clean manner. I made
sure that no other process is trying to access that mounted dir on
client side. Not sure what was the problem, but it seems to be working
now. I am guessing autofs or nfs had some timeout/cache settings that
caused this problem initially. I will try to replicate it some time
later to see what was causing it.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS still serving old directory after rename

[Nico Kadel-Garcia]

On Mon, Mar 14, 2011 at 10:49 AM, neubyr  wrote:
> Howdy,
>
> I have renamed a directory on NFS ver 3 server and then created a new
> directory again with the same name.
> # mv dir dir-hosed
> # mkdir dir
>
> The directory is auto-mounted on client side. I had unmounted
> directories on client side before making above changes. Now when I try
> to mount back 'dir', I still see old files and not new empty dir. Am I
> missing something here in the NFS config? Is it caching old directory
> contents? Any help?

One step at a time. Show your automount tables: are you using direct
automounting, which requires "/sbin/service autofs reload" ? Or
indirect automounting, which should just work? And when you say you
"unmounted directories on client side", how exactly did you do that?
Did you do "umount /mount/dir" and get a successful unmount? Or did
you do a naughty thing and use "umount -l", which can create chaos
without careful handling?

If you have old software holding open the mount point, the
automounting changes *will not* overwrite the old mountpoint until
they are released properly. And it shouldn't!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS still serving old directory after rename

[neubyr]

Seems like some clients (especially new connections) are mounting the
new dir correctly. Not sure what's the problem though.

--
thanks,
neuby.


On Mon, Mar 14, 2011 at 9:49 AM, neubyr  wrote:
> Howdy,
>
> I have renamed a directory on NFS ver 3 server and then created a new
> directory again with the same name.
> # mv dir dir-hosed
> # mkdir dir
>
> The directory is auto-mounted on client side. I had unmounted
> directories on client side before making above changes. Now when I try
> to mount back 'dir', I still see old files and not new empty dir. Am I
> missing something here in the NFS config? Is it caching old directory
> contents? Any help?
>
> thanks,
> neuby.
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] NFS still serving old directory after rename

[neubyr]

Howdy,

I have renamed a directory on NFS ver 3 server and then created a new
directory again with the same name.
# mv dir dir-hosed
# mkdir dir

The directory is auto-mounted on client side. I had unmounted
directories on client side before making above changes. Now when I try
to mount back 'dir', I still see old files and not new empty dir. Am I
missing something here in the NFS config? Is it caching old directory
contents? Any help?

thanks,
neuby.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Server locking up everyday around 3:30 AM - (INFO: task wget:13608 blocked for more than 120 seconds) need sleep, help.

[Shen, Xin (Sinux)]

Update the kernel will probably be the way to fix your problem.

Best Regards
Sinux

在 2011-3-12，10:08，"Ross Walker"  写道：

> On Mar 11, 2011, at 12:33 PM, PJ  wrote:
> 
>> This may or may not be CentOS related, but am out of ideas at this
>> point and wanted to bounce this off the list.
>> 
>> I'm running a CentOS 5.5 server, running the latest kernel 
>> 2.6.18-194.32.1.el5.
>> 
>> Almost everyday around 3:30 AM the server completely locks up and has
>> to be power cycled before it will come back online.
>> (this means someone hat to wake up and reboot the server, oh how I
>> love being an internet janitor! :)
>> 
>> Smells like a hardware issue to me too, but I went through all of the
>> dell diagnostics, updated the firmware, everything checks out as being
>> okay, RAID, disks, RAM, etc... Spent an hour on the phone with a Dell
>> tech. No hardware issues, at least that we were able to find.
>> 
>> There are no cron jobs that run at 3:30, no backups, the server has a
>> load of 0, nothing is scheduled around that time...
>> 
>> The only crontab entry at all is "*/5 * * * * wget -q
>> www.websitedomain.com/cron.php >/dev/null 2>&1"
>> They are running Magento for commerce purposes and this runs every 5 minutes.
>> 
>> Why does the server only lockup around 3:30 AM? Because it's knows I
>> am fast asleep?
>> 
>> I was able to pull this from /var/log/messages, this happens just
>> seconds before locking up completely...
>> 
>> Mar  8 03:33:18 web1 kernel: INFO: task wget:13608 blocked for more
>> than 120 seconds.
>> Mar  8 03:33:19 web1 kernel: "echo 0 >
>> /proc/sys/kernel/hung_task_timeout_secs" disables this message.
>> Mar  8 03:33:19 web1 kernel: wget  D 810001004420 0
>> 13608  13607 (NOTLB)
>> Mar  8 03:33:19 web1 kernel:  81007bc7bc78 0086
>> 81007bc7bd88 81000100d3f8
>> Mar  8 03:33:19 web1 kernel:  81007bc7bbf0 0007
>> 8100849db0c0 80308b60
>> Mar  8 03:33:19 web1 kernel:  00013a2964cdf439 3237
>> 8100849db2a8 64c82eae
>> Mar  8 03:33:19 web1 kernel: Call Trace:
>> Mar  8 03:33:20 web1 kernel:  []
>> __mutex_lock_slowpath+0x60/0x9b
>> Mar  8 03:33:20 web1 kernel:  [] .text.lock.mutex+0xf/0x14
>> Mar  8 03:33:20 web1 kernel:  [] do_lookup+0x90/0x1e6
>> Mar  8 03:33:20 web1 kernel:  [] 
>> __link_path_walk+0xa01/0xf5b
>> Mar  8 03:33:20 web1 kernel:  [] link_path_walk+0x42/0xb2
>> Mar  8 03:33:20 web1 kernel:  [] do_path_lookup+0x275/0x2f1
>> Mar  8 03:33:23 web1 kernel:  [] getname+0x15b/0x1c2
>> Mar  8 03:33:23 web1 kernel:  [] __user_walk_fd+0x37/0x4c
>> Mar  8 03:33:23 web1 kernel:  [] vfs_stat_fd+0x1b/0x4a
>> Mar  8 03:33:23 web1 kernel:  [] sys_newstat+0x19/0x31
>> Mar  8 03:33:23 web1 kernel:  [] system_call+0x7e/0x83
>> 
>> If anyone has some advice on where to go from here it would be greatly
>> appreciated.
> 
> Do a fsck of the file system wget is writing to as there might be a 
> corruption it hits only on the 3:30am run as that's when the other vendor 
> dumps data to be downloaded.
> 
> You could also check to see if a RAID  patrol read (scrub/predictive failure 
> detection) is happening around this time as well and disable/reschedule it.
> 
> -Ross
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache/Active Directory authentication

[Dvorkin, Asya]

Thank you!

I'm working on it right now and will give my progress report soon :)

Asya


On Mar 14, 2011, at 6:11 AM, John Hodrien wrote:

> On Fri, 11 Mar 2011, Dvorkin, Asya wrote:
> 
>> [root@myserver conf]# klist -k
>> Keytab name: FILE:/etc/krb5.keytab
>> KVNO Principal
>>  
>> --
>>  2 host/myserver.server@core.host.edu
>>  2 host/rmyserver.server@core.host.edu
>>  2 host/myserver.server@core.host.edu
>>  2 host/myser...@core.host.edu
>>  2 host/myser...@core.host.edu
>>  2 host/myser...@core.host.edu
>>  2 MYSERVER$@CORE.HOST.EDU
>>  2 MYSERVER$@CORE.HOST.EDU
>>  2 MYSERVER$@CORE.HOST.EDU
>>  2 http/myserver.server@core.host.edu
>>  2 http/myserver.server@core.host.edu
>>  2 http/myserver.server.com@CORE.HOSTEDU
>>  2 http/myser...@core.host.edu
>>  2 http/myser...@core.host.edu
>>  2 http/myser...@core.host.edu
> 
> So how did you get the point of having this keytab?
> 
>> My problem is that I am getting an error message in apache logs:
>> 
>> gss_acquire_cred() failed: Unspecified GSS failure.  Minor code may provide 
>> more information (No principal in keytab matches desired name)
>> 
>> I looked in AD configuration and see that my server does not have 
>> appropriate ServicePrincipalName for HTTP (only host).
> 
> Then something's wrong there.
> 
> net ads status
> 
> This *must* agree with your keytab.  If it doesn't, let's start again.
> 
> net ads keytab flush
> net ads keytab create
> net ads keytab ADD HTTP
> 
> net ads status
> klist -k
> 
> Make sure you get to a stage where what AD has and what you have agree.  Once
> you've got to that stage, use ktutil to read the system keytab
> (/etc/krb5.keytab), and delete out the entries you don't want, leaving just
> the HTTP ones.  Write that out to /etc/httpd/conf/krb5.keytab.
> 
> Check it's correct:
> 
> klist -k /etc/httpd/conf/httpd.keytab
> 
> Make sure you've told apache where to find it:
> 
> Krb5KeyTab /etc/httpd/conf/httpd.keytab
> 
> The example that comes with the RPM in /etc/httpd/conf.d/auth_kerb.conf is a
> good starting point.
> 
>> my keytab file:
>> -rw--- 1 apache apache 957 Mar 11 14:31 /etc/httpd/conf/krb5.keytab
>> 
>> I have NO right access to AD server and cannot do much about creating proper 
>> keytab file.
>> 
>> Anything else I can do?  Am I missing something?
> 
> Have a go with that, and see where you get to.
> 
> jh
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] internal ip

[mattias]

cool! i reinstall centos yestoday and xen
and forgot to put bridge=xenbr0 in the config
and my vm automaticley tooks a internal ip
192.168 something
and i haven't set it in xend-config.sxp
will xen not automaticley have bridge set?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache/Active Directory authentication

[John Hodrien]

On Fri, 11 Mar 2011, Dvorkin, Asya wrote:

> [root@myserver conf]# klist -k
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
>  
> --
>   2 host/myserver.server@core.host.edu
>   2 host/rmyserver.server@core.host.edu
>   2 host/myserver.server@core.host.edu
>   2 host/myser...@core.host.edu
>   2 host/myser...@core.host.edu
>   2 host/myser...@core.host.edu
>   2 MYSERVER$@CORE.HOST.EDU
>   2 MYSERVER$@CORE.HOST.EDU
>   2 MYSERVER$@CORE.HOST.EDU
>   2 http/myserver.server@core.host.edu
>   2 http/myserver.server@core.host.edu
>   2 http/myserver.server.com@CORE.HOSTEDU
>   2 http/myser...@core.host.edu
>   2 http/myser...@core.host.edu
>   2 http/myser...@core.host.edu

So how did you get the point of having this keytab?

> My problem is that I am getting an error message in apache logs:
>
> gss_acquire_cred() failed: Unspecified GSS failure.  Minor code may provide 
> more information (No principal in keytab matches desired name)
>
> I looked in AD configuration and see that my server does not have appropriate 
> ServicePrincipalName for HTTP (only host).

Then something's wrong there.

net ads status

This *must* agree with your keytab.  If it doesn't, let's start again.

net ads keytab flush
net ads keytab create
net ads keytab ADD HTTP

net ads status
klist -k

Make sure you get to a stage where what AD has and what you have agree.  Once
you've got to that stage, use ktutil to read the system keytab
(/etc/krb5.keytab), and delete out the entries you don't want, leaving just
the HTTP ones.  Write that out to /etc/httpd/conf/krb5.keytab.

Check it's correct:

klist -k /etc/httpd/conf/httpd.keytab

Make sure you've told apache where to find it:

Krb5KeyTab /etc/httpd/conf/httpd.keytab

The example that comes with the RPM in /etc/httpd/conf.d/auth_kerb.conf is a
good starting point.

> my keytab file:
> -rw--- 1 apache apache 957 Mar 11 14:31 /etc/httpd/conf/krb5.keytab
>
> I have NO right access to AD server and cannot do much about creating proper 
> keytab file.
>
> Anything else I can do?  Am I missing something?

Have a go with that, and see where you get to.

jh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache/Active Directory authentication

[John Hodrien]

On Fri, 11 Mar 2011, David Brian Chait wrote:

>> I looked in AD configuration and see that my server does not have 
>> appropriate ServicePrincipalName for HTTP (only host).
>
> Of course it doesn't, you gathered that ticket by joining the domain with
> Samba, but are not using samba auth with apache...

No, he's using mod_auth_kerb.  What's wrong with that?  What is this 'samba
auth' you speak of that lets you do passwordless Negotiate based auth?

jh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache/Active Directory authentication

[John Hodrien]

On Fri, 11 Mar 2011, David Brian Chait wrote:

> It appears as though you need to create a proper SPN/keytab from the AD 
> server:
>
> http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_SPNEGO_config_dc.html

I've done this just with a net ads keytab add HTTP.

jh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache/Active Directory authentication

[John Hodrien]

On Mon, 14 Mar 2011, Michael B Allen wrote:

> Hi Asya,
>
> You must set the servicePrincipalName attribute on the service account
> (MYSERVER$ in this case) to include all of the hostnames that will be
> used to access the web server which in this case would be at least
> "HTTP/myserver.server.com". One way to do this would be to use
> setspn.exe on a Windows client but if you really have no access to the
> Windows side as you say, you could use the Samba keytab to acquire
> credentials for doing the necessary LDAP add operation using some tool
> (maybe there is a Samba utility for this, I don't know) or program.

That's not true, and I'm not even sure it's possible from samba (at least, I'm
not sure it *should* be possible).

I have a machine with an A record that matches the keytab entry ("real").  The 
PTR
record for the IP goes back that the hostname.  There's then a CNAME record
for the name used in reality for the web server ("friendly").

A client will access:

https://www.friendly/kerberised

Client correctly pulls down HTTP/real@KRB-REALM, and the authentication works
just fine.

jh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] any tutorial/how to for su-exec php under selinux on centos 5?

[Lucian]

On Mon, Mar 14, 2011 at 12:07 AM, Eero Volotinen  wrote:
> Hi,
>
> Any good tutorial how to setup su-exec php unders selinux on centos 5?
>
> --
> Eero
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Slightly outdated, but should still work:
http://lucian.lastdot.org/howto/php-mod_fcgid-suexec.html
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos