Re: [CentOS] Rebuilding RHEL from source?
On 2 May 2011 12:22, R P Herrold herr...@owlriver.com wrote: On Mon, 2 May 2011, Amos Shapira wrote: Does anyone have instructions on how to go through the entire process from downloading source RPM's from RedHat's servers through to building the entire distribution? I've searched through the web and CentOS' own web sites and couldn't find such instructions. yeah - no one has ever documented it http://lists.centos.org/pipermail/centos/2011-April/109942.html Those centos people are hiding the secrets ... not You must have looked -- what? 5 seconds? Thanks for the pointer and your kind words. None of the keywords I used (Red Hat, RHEL, Build, Compile source etc) appear in this reference, even though I've been digging for this on and off for a few days. If I get to implement this, I'll try to put up the scripts in public. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Rebuilding RHEL from source?
Hello, Does anyone have instructions on how to go through the entire process from downloading source RPM's from RedHat's servers through to building the entire distribution? I've searched through the web and CentOS' own web sites and couldn't find such instructions. Is it just a matter of downloading them from ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ and building the packages? This is for personal/internal use so there shouldn't be an issue with trademarks+redistribution as far as I'm aware. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] trouble shooting slow ssh logins
2010/1/22 aurfal...@gmail.com: The DNS server also behaved regarding name/ip addy lookups. This server is a Zimbra mail server which during install, checks for proper DNS configs. I usually check proper functioning DNS by hand anyways. The ipv6 line was strange but I read a while back, some tech note about ensuring that is your last line in hosts. We got delayes by GSSAPIAuthentication, which we don't use. Try disabling it if you don't need it. ssh - might reveal more about where the delay happens. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] measuring iops on linux - numbers make sense?
Hello, When approaching hosting providers for services, the first question many of them asked us was about the amount of IOPS the disk system should support. While we stress-tested our service, we recorded between 4000 and 6000 merged io operations per second as seen in iostat -x and collectd (varies between the different components of the system, we have a few such servers). A couple of hosting providers told us that this (iostat and collectd merged operations per second) is a not so bad way to get IOPS. A partner of ours doubts that this is possible with the current hardware - a 3ware 9690SA-4I4E (http://www.3ware.com/products/sas-9690SA.asp) with 512Mb battery backed up cache and 8 SAS 15k rpm disks (SEAGATE ST3300656SS) in RAID 1+0. They calculate 750 IOPS per spindle and say that the maximum they ever saw from any 15k disk was 350 iops on RAID 0. Am I measuring the numbers correctly? Is there a better way to measure IOPS on CentOS? The OS is CentOS 5.3 x86_64, the rest of the hardware is 64Gb RAM, 2 quad-core 3GHz Intel Xeon CPU's. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] High load averages with latest kernel and USB drives?
Sorry can't suggest much about the usb issue but for such frequent backups, as well as to enable poin-in-time-recovery (PITR) you should consider log archiving. It should also save you heaps of load on cpu, disk, network and postgresql server. -Amos On 11/17/09, Benjamin Smith li...@benjamindsmith.com wrote: I'm having a server report a high load average when backing up Postgres database files to an external USB drive. This is driving my loadbalancers all out of kilter and causing a large volume of network monitor alerts. I have a 1TB USB drive plugged into a USB2 port that I use to back up the production drives (which are SCSI). It's working fine, but while doing backups (hourly) the load average on the server shoots up from the normal 0.5 - 1.5 or so up to a high between 10 and 30. Strangely, even though the load is high the server is completely responsive, even the USB drives being accessed are! Backup script is really simple, run via cron, pretty much just: #! /bin/sh hour=`date +%k`; pg_dump options mydatabase /media/backups/mydatabase.$hour.pgsql; where /media/backups is the mount point for the USB drive. Using top to diagnose, nothing seems to be particularly high! IoWait seems reasonable (10-30%) and CPUs are 0.5%, Idle is 70-90%. Even accessing the USB partition while the load is high is responsive! I'm guessing that something changed in how load average is counted? Server Stats: Late model 8-way Xeon, SuperMicro brand. CentOS 4.x / 64 (all updates applied, booted after last kernel update) Kernel 2.6.9-89.0.16.ELsmp 4 GB ECC RAM 300 GB SCSI HDD. Standard Apache/PHP, Postgres 8.4. Any idea how to revert to the old load average tracking behavior short of using a stale and potentially insecure kernel? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Rescan for new geometry without reboot?
Hello, We just had our servers fitted with more disks. Most of the disks are growing existing RAID 1+0 channels, some are in new channels. Controllers and disks support live installation. I'd like to avoid a reboot just to let the system find that the disks are larger. All I can find so far suggests that its possible to rescan the disks, and even find the new geometry (e.g. http://linux.derkeiler.com/Mailing-Lists/Kernel/2004-12/1555.html) but nobody knows how to actually convince the system to let me use the extra space without a reboot. Does anyone know of a way to achieve this? Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] DHCP authauth software
2009/10/19 Marko Vojinovic vvma...@gmail.com: with a form the user is supposed to fill in and send. After he does so, an administrator does a sanity check of the data the user provided, and grants or denies access. If access is granted, the user gets a new, unrestricted dhcp lease, which provides him with a normal access to local network. Just be aware that, as far as I hear the experts, MAC addresses can be sniffed off the air even on protected/encrypted WiFi networks and so an intruder can find authorised ones. So trusting the MAC address for authentication is not secure. The way I hear that this is usually done is to create a VPN tunnel over the WiFi connection. Legitimate users still have to authenticate over that VPN tunnel and therefore even a fake sniffed MAC address won't help an intruder. The VPN also enhances protection of legitimate traffic. I never implemented this (neither the WiFi protection nor the MAC sniffing) so can't testify from personal experience. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
2009/10/19 ken geb...@mousecar.com: In the couple of months I've had the need to contact Redhat support on just one issue and their support has been terrible, so far completely useless and a waste of time. I don't know what Redhat charges us for The only guy I personally know who went with RedHat because their support was included for free with our servers reported the same. I'm a bit surprised (and disappointed) to hear such negative testimonials about RedHat support. Do others have different experience? Could it be the the quality of support is tiered by how much you pay, enough to make a difference? Personally - my organisation runs over a hundred CentOS servers and growing rapidly, so for now it's not directly relevant to us. But I am aware of the connection between RedHat's health and CentOS', as well as RedHat's large volume of contribution back to the FOSS world, and would like to see them do well. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] DHCP authauth software
2009/10/19 Marko Vojinovic vvma...@gmail.com: I've never had a case of deliberate network intrusionmisuse, since physical access to the building is rather restricted. So far problems have occurred exclusively because of user ignorance. Users don't bother to obey local policy about p2p, antivirus and other protection, so I have to find them and make them obey it. And finding them is not easy if the only information I have is the dynamically assigned IP. I understand now that your situation is different from the one I envisioned when I wrote my previous post. Just wondering how easy is it to get within reach of your WiFi network - my mobile phone keeps picking up wireless networks wherever I go in urban areas and almost every stop outside the city (petrol stations etc). Is your building isolated enough to prevent someone from accessing your wireless networks from outside the secure area? Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitoring a remote server with Conky ?
While you take suggestions - look also for collecd. It's very easy to setup, customise and interogate graphs. Cheers, -Amos On 10/20/09, Niki Kovacs cont...@kikinovak.net wrote: Tait Clarridge a écrit : You could try a local script that gets values from a server that you would like to monitor... I might suggest looking into setting up snmpd on the server and using snmp walk to probe specific values (that relate to processes/free memory). Thanks for all the numerous! I'll take a peek at all of them as soon as I have a spare moment and then report back. Cheers, Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Passenger Best Practice
I think you can best help the project and the CentOS community by submitting a working .spec file to rpmforge-suggest mailing list. Cheers, -Amos On 10/19/09, Stephen Nelson-Smith step...@atalanta-systems.com wrote: Hi , I used the guide found here http://reductivelabs.com/trac/puppet/wiki/UsingPassenger on a RHEL 5 server with success. You'll see that most things are installed via yum repositories except for rack and passenger, which are installed as ruby gems. You'll probably find better answers for this type of questions and any issues you might run into during implementation on the puppet users mailing list ( http://groups.google.com/group/puppet-users) Thanks. I've done this before - I don't actually need help with getting Passenger installed - I could do it any number of ways. What I am saying is that I would like to manage the whole process using RPMs - I'd rather not have to manage gems as well as RPMs, or have things built from source, or have tarballs to distribute. I've seen or heard of several Ruby EE rpms, and I don't know or trust the provenance of the mod_rails RPM is found via google. I don't know if any of them are recommended. If anyone on the list has done this already, and a reasonable body of people trust the results, I'm happy to use that. Otherwise I'm happy to do it myself and share the results with the project - all assuming the general consensus is that my intended approach - using RPMs for everything - is wise. Thanks, S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] question on 5.4
While you are at it, consider the packages from go-oo.org. They are supposed to include enhancements which didn't find their way to the official release yet. -Amos On 10/10/09, Ron Loftin relof...@twcny.rr.com wrote: On Fri, 2009-10-09 at 11:45 -0400, Jim Perrin wrote: On Fri, Oct 9, 2009 at 11:43 AM, Jerry Geis ge...@pagestation.com wrote: Does 5.4 come with an updated openoffice. 5.3 comes with version 2.3 was wondering if 5.4 will have 3.1 Nope. 5.4 won't have openoffice 3.1 That's not a big surprise, just keeping within the stated policies of CentOS. However, I will point out that for those who want OOO 3.1, all they have to do is skip installing the old version that comes with CentOS, and install the RPMs that can be downloaded straight from openoffice.org. The ones for RHEL 5 work very well, and integrate with the Gnome desktop automagically. -- Ron Loftin relof...@twcny.rr.com God, root, what is difference ? Piter from UserFriendly ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple way to banish IP addresses ?
There is an iptables geoip module to allow you to specify countries. I never used it thought. The advantage of denyhosts is that it not only bans addresses but also shares banned hosts with a network of a few thousands of installations (an opt-in option), so you are not on your own. Moving ssh to a none standard port is the best thing you can do under the circumstances you describe, IMHO. Another option might be to tar-pit attackers (using iptables) - that way you can slow down their traffic so hopefully they'll eat less of your bandwidth. -Amos On 10/10/09, Toby Bluhm t...@alltechmedusa.com wrote: Toby Bluhm wrote: Niki Kovacs wrote: Hi, I just set up a web server... and my bandwidth is being eaten by some chinese folks trying to brute-force-ssh their way into the machine. Is there a simple way to banish either single IP addresses or, maybe even better, whole IP classes ? I know it's feasible with iptables, but is there something more easily configurable ? Cheers, Try fail2ban from rpmforge. Also, if you're using the standard fw that ships with centos, you can stop entire blocks of IPs by manually inserting rules after iptables starts: iptables -I RH-Firewall-1-INPUT 1 -s 1.2.3.4/24 -p tcp --dport 22 -j DROP IP ranges by country: http://www.countryipblocks.net/country-blocks/select-formats/ The IP ranges will change from time to time, so you have to check often. You could script in a download from http://www.countryipblocks.net/continents/ to keep it current. Like someone said, if you have to keep ssh open to the world, changing the port number will dramatically cut down on the attempts. -- tkb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antivirus for CentOS? (yuck!)
Hi All, Yes, I know, it's really really embarrassing to have to ask but I'm being pushed to the wall with PCI DSS Compliance procedure (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why we don't need to install an anti-virus or find an anti-virus to run on our CentOS 5 servers. Whatever I do - it needs to be convincing enough to make the PCI compliance guy tick the box. So: 1. Has anyone here gone though such a procedure and got good arguments against the need for anti-virus? 2. Alternatively - what linux anti-virus (oh, the shame of typing this word combination :() do you use which doesn't affect our systems performance too much. The reviewed servers run both Internet-facing web applications and internal systems, mostly using proprietary protocol for internal communications. They are being administrated remotely via IPSec VPN (and possibly in the future also OpenVPN). Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
2009/1/22 Ian Forde i...@duckland.org: On Thu, 2009-01-22 at 12:19 +1100, Amos Shapira wrote: Hi All, Yes, I know, it's really really embarrassing to have to ask but I'm being pushed to the wall with PCI DSS Compliance procedure (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why we don't need to install an anti-virus or find an anti-virus to run on our CentOS 5 servers. Note - I am *NOT* a lawyer. This advice is freely given, and may be worth exactly what you paid for it... ;) Thanks. We are paying some guy ~$US2000 a day to do this officially. But any preperation we can make to shorten the time he spends with us might save us a lot of money. And your advise below looks very reasonable. Whatever I do - it needs to be convincing enough to make the PCI compliance guy tick the box. So: 1. Has anyone here gone though such a procedure and got good arguments against the need for anti-virus? Yep - on the wikipedia page you referenced, look in the Requirements section, section 5. It says: Use and regularly update anti-virus software on all systems commonly affected by malware Note that CentOS isn't commonly affected by malware. So you should be okay here. :) Thanks. 2. Alternatively - what linux anti-virus (oh, the shame of typing this word combination :() do you use which doesn't affect our systems performance too much. None... clamav, amavis, etc... are used for protecting Windows boxes behind the Linux boxes. If you aren't running any Windows hosts on the e.g. in situations where the Linux box is the internet-facing SMTP server, right? same network as the Linux hosts, that should take care of the sweet spot of the AV argument. (Though if you're connected to a site via VPN or private link that has Windows boxes, that may be a different story.) Rightso. You reminded me - we have a couple of Windows servers there as well (running software we didn't get around to port to Linux yet). They only talk to internal systems and we'll install BitDefender on them (that's what we have around here). They talk to a couple of the Linux servers internally using our proprietary protocol. Is this the sort of situation that triggers requirement for AV on linux? The reviewed servers run both Internet-facing web applications and internal systems, mostly using proprietary protocol for internal communications. They are being administrated remotely via IPSec VPN (and possibly in the future also OpenVPN). Yep - then you want to make sure that since you're using a VPN, nothing (like say, an Apache worm) can jump over... Yes. We defined the PCI Zone as the remote data centre and have a border between it and the rest of the world, including our offices. PCI Compliance can be a bear. Just make sure that you have management buy-in, and good external scanning vendor... This requirement came from management, though the vendor we picked gives an impression that he knows his stuff about security and will help with real pen-testing rather than just tick boxes on papers. Thanks very much for your help! Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Yum-updatesd version in reports?
Hi, I've just startted configuring yum-updatesd on all our servers to install updates automatically and it works great. But I don't see anywhere in its config or command line options a way to find which package version was replaced by which. Is this achieveable in any way or should I resort to some home-grown scripting again? Thanks. -Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Scriptable way to edit yum .repo files?
Hello, Is there a standard programmatic way to manipulate yum configuration files, particularly the .repo files? I want to add things like priority=... per repo, or check_obsoletes=1 to the priorities plugin config. I can cook specific search/append using perl or sed but was wondering whether there is a more elegant way. I found Perl's Conf::INI module but it expects comments beginning with ;, not #. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Scriptable way to edit yum .repo files?
2009/1/8 Karanbir Singh kbsi...@centos.org: Amos Shapira wrote: Is there a standard programmatic way to manipulate yum configuration files, particularly the .repo files? Puppet has a yum module, which is quite capable and what I use. Thanks to both of you. We don't use Puppet for all our hosts and adding it for those which don't need it so far is a bit of an overkill. Actually I'd rather try to reduce our dependence on puppet (and possibly replace it with rollout, http://code.google.com/p/rollout/, or gradually improve our own home-grown scripts). Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Scriptable way to edit yum .repo files?
2009/1/8 Filipe Brandenburger filbran...@gmail.com: On Wed, Jan 7, 2009 at 19:11, Amos Shapira amos.shap...@gmail.com wrote: I found Perl's Conf::INI module but it expects comments beginning with ;, not #. Why don't you use Python's ConfigParser? That's what yum itself actually uses (AFAIK). http://docs.python.org/library/configparser.html With that module, you can read a file, modify the objects, and then write it to a new file. That's exactly (well, 99%) what I was hoping to find. I guessed that there are tools already around used by Yum but wouldn't know where to start looking. I looked for a more yum-specific code. I'll try to wrap the Python thing with something I can call from Perl. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Scriptable way to edit yum .repo files?
2009/1/8 R P Herrold herr...@centos.org: On Thu, 8 Jan 2009, Amos Shapira wrote: I found Perl's Conf::INI module but it expects comments beginning with ;, not #. and | sed -e 's...@^#@;@g' cannot cure that bad habit on generated files or an input stream? Possibly, but then I'll get pushed back to scripting things around. When I saw Filipe's pointer to configparser I already finished coding something rough in perl which detects [section]'s in input files, adds the priority=nnn for each section and moves the old version to a backup with ~. The code should be generalised to do the other stuff I'm interested in (e.g. configure yum-priorities, or the trigger for all of this - yum-updatesd). It assumes that a section and also end with the first empty line. Maybe this is wrong but it keeps my current files looking right. It's small enough that I pasted it below for your amusement. I also found a python script based on configparser which can do this from command line (http://robinbowes.com/article.php/20081026162228424) but it loses comments. Cheers, --Amos Here is my script: #!/usr/bin/perl use strict; use warnings; use IO::File; use Readonly; Readonly::Hash our %PRIORITIES = ( 'base' = '1', 'updates' = '1', 'addons' = '1', 'extras' = '1', 'centosplus' = '2', 'c5-testing' = '13', 'rpmforce' = '10', ); sub configure_priorities { my $orig_fh = new IO::File; my $new_fh = new IO::File; for my $repo_file (glob '/etc/yum.repos.d/*.repo') { $orig_fh-open($repo_file, 'r') or die !!! configure_priorities: failed to open \$repo_file\; rename($repo_file, $repo_file.'~') or die !!! configure_priorities: failed to rename \$repo_file\ to \$repo_file~\: $!; $new_fh-open($repo_file, 'w') or die !!! configure_priorities: failed to create new \$repo_file\: $!; my $reponame = undef; while (my $line = $orig_fh-getline) { if ($line =~ /^\[(.+)\])/) { defined $reponame and defined $PRIORITIES{$reponame} and $new_fh-print(priority=, $PRIORITIES{$reponame}, \n); $reponame = $1; # will become undef if current $line is empty } $new_fh-print($line); } # if no empty lines after last repo defined $reponame and defined $PRIORITIES{$reponame} and $new_fh-print(priority=, $PRIORITIES{$reponame}, \n); $new_fh-close or die !!! configure_priorities: Failed to close new version of \$repo_file\: $!; } $orig_fh-close or warn close failed: $!; } configure_priorities; exit 0; ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem setting up diskless boot.
From: clem...@dwf.com Sent: 6.1.'09, 8:17 You must enter directory of the Operating System Software This directory must include the images/pxeboot directories [Errno ftp error] 550 Failed to change directory. Now there is nowhere to ENTER the directory of the OS Software, the popup asks for Operating system identifier Description Select protocol for installation Kickstart Sotware Server IP Address Location So Im at a loss what to do. Anyone done this recently and know WHAT THIS THING IS ASKING FOR??? I suspect location is the directory name. Also check the ftpd logs. -Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any idea when we will have updated kmod-drbd82 rpm for the latest kernel?
--- Original message --- From: Alan Sparks aspa...@doublesparks.net Sent: 1.1.'09, 9:01 How is this statement justified? The RPM dependencies do not indicate this: $ rpm -qRp kmod-drbd82-smp-8.2.6-2.2.6.9_78.0.5.plus.c4.x86_64.rpm /bin/sh /bin/sh /sbin/depmod /sbin/depmod drbd82 = 8.2.6 kernel-smp-x86_64 = 2.6.9-78.0.5.plus.c4 rpmlib(CompressedFileNames) = 3.0.4-1 rpmlib(PayloadFilesHavePrefix) = 4.0-1 rpmlib(VersionedDependencies) = 3.0.3-1 $ rpm -qlp kmod-drbd82-smp-8.2.6-2.2.6.9_78.0.5.plus.c4.x86_64.rpm /lib/modules/2.6.9-78.0.5.plus.c4smp/extra/drbd.ko Since the current kernel is 78.0.8, this module will fail dependency checks. And install to the wrong module directory for the 78.0.8 kernel anyway... I have tickets 3291 and 3316 open for this. For what it's worth, I upgraded from pre-drbd82 to drbd82 by simply removing drbd (and assocaited kernel module). I have the exact steps documented somewhere if you are interested. -Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Proxy password questions
--- Original message --- From: Kwan Lowe kwan.l...@gmail.com Sent: 1.1.'09, 4:30 Hello All: I'm having a strange issue with the yum proxy settings. It is directly related to passwords containing exclamation points. It's a long shot but try maybe replacing the ! By %21. -Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Linux backup help
Thanks! (and sorry for the late response). On 12/19/08, Patrice Guay patrice.g...@nanotechnologies.qc.ca wrote: Amos Shapira wrote : 2008/11/16 Ian Forde i...@duckland.org: Actually, that's the problem that Red Hat Satellite Server can solve. You can approve packages for deployment. Thus, when provisioning new servers, they get updates from the approved list. And servers are grouped by class. For the free version, one should investigate Project SpaceWalk. http://www.redhat.com/spacewalk/ Thanks for the pointer. I've looked at it a few weeks ago back when there was some news about it and it looked promising but I didn't have time to learn it in depth. Will keep it in my stack of things to look at. I just wrote a HowTo on this topic. Spacewalk can help you manage software versions across different environments using software channels. The document is available here: http://wiki.centos.org/HowTos/PackageManagement/Spacewalk Regards, -- Patrice Guay patrice.g...@nanotechnologies.qc.ca ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Watchdog process?
Hello, Is there a generic built-in way on CentOS to overlook that a specific process is alive and re-spawn it (or just run a configured command) when it dies? I know how to script things so a parent will watch its child, but was wondering whether there is something more readily available instead of having to reinvent the wheel. The process must be controlled via a /etc/init.d/... script and should be stop-able (it runs in a primary/stand-by configuration), so use of respawn in inittab is not a solution. So far googl'ing for watchdog comes up with references about system watchdog - which will reboot the system if the kernel appears to be stuck. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Watchdog process?
2008/12/11 Karanbir Singh [EMAIL PROTECTED]: Amos Shapira wrote: Is there a generic built-in way on CentOS to overlook that a specific process is alive and re-spawn it (or just run a configured command) when it dies? Monit works well for me in a very diverse set of jobs and roles. Thanks! Obvious answer. I can't understand why I was stuck on looking for watchdog and not monitor. I'll try to use monit for everything else on my system too. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] New to Centos and have question about updating packages
2008/12/8 William L. Maltby [EMAIL PROTECTED]: Often, in a desktop environment, just a telnet 3, telnet 5 command You probably mean telinit 3 and telinit 5. But we are talking to a veteran of FreeBSD so he probably knows such stuff already, shouldn't he? Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mirroring Hard Drive
2008/12/8 William L. Maltby [EMAIL PROTECTED]: In reality, being raised on real UNIX(TM) systems from long ago and far away, it was just one of the things we wanted left unchanged when we did backups or shipped tapes to the outside world (one of my many jobs back then). There is the possibility that atime was tracked because we can. I've been there too. My first UNIX account was on a Vax 750 running BSD 4.2 in 1986, which after a year I started to manage (that's why I said that dump/restore are so '80's :). Times changed. I believe the reasoning which says that atime is a waste of time (pun intended :). Move on. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mirroring Hard Drive
2008/12/8 William L. Maltby [EMAIL PROTECTED]: Yep. I've recently began using rsync for several types of local copy, usually back-up related. I can't recall if the cp -a detects and handles hard-links to minimize space requirements though. I know cpio Yes, it seems that cp -a is designed just for that kind of job. Might have to add -x to limit it to one file system if you are interested. I noticed that, to my surprise, rsync is sometimes faster than a plain scp even when the destination is empty, and as someone else said it's nice to be able to stop/start and redo. can/does. I guess I'll have to read up on cp some more and see if it leaves the access times alone (cpio parameter allows retaining that) and handles hard-links efficiently. I'm not sure why you should care about atime so much - more and more people around (including Linus Torvalds) recommend to get rid of it altogether. Ubunut comes with relatime as a default config already. According to Linus, disabling atime updates will give the single largest performance gain (in dozens of percentages, as far as I remember). But back to the question - am I missing something too by not using dump/restore or cpio? dump/restore is so BSD 4/'80's :) Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trouble Donating on centos.org
2008/11/24 Kurt Hansen [EMAIL PROTECTED]: Hello, I tried making a donation via the centos.org website but was blocked by PayPal. I tried today and a few weeks ago. I told my boss about this (our company is mainly in the online anti-fraud domain) and he said that it happened to him in the last few days too. Maybe Paypal is suffering from a glitch or tightened their checks too much. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trouble Donating on centos.org
2008/11/25 Kurt Hansen [EMAIL PROTECTED]: Really? That's very interesting. Was his attempt via the centos.org website or elsewhere? Another web site (he didn't give details). --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Skype vs. CentOS: no outgoing sound
2008/11/24 Niki Kovacs [EMAIL PROTECTED]: Rob Townley a écrit : Don't use skype, but r u sure your firewall is not blocking outgoing sound? Funny, I never gave that a thought. Any idea which port I would have to open? You generally don't need to: 1. Skype is smart enough to pass through pretty much anything. 2. You say that you manage to setup a connection and hear the echo test incoming voice. IMHO you should concentrate on making sure you are using the latest version of Skype for Linux and getting your mic working. Skype until some stage used the old non-alsa sound interface and required the alsa emualtion of that interface. I think they finally switched to ALSA with version 2. http://alsa-project.org is a VERY helpful place (and carries very helpful mailing list) for such stuff, since it appears almost certain to me that your issue is generally with your mic or Skype's sound configuration and not Skype's network side. Good luck, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Forward all traffic from public IP A to public IP B?
2008/11/4 Morten Sundstrøm [EMAIL PROTECTED]: No nothing will go back from B through A, traffic from B vil go directly to the quering host. Sort of like manipulate the header of every packet Sounds like what LVS (Linux Virtual Server) ldirectord does in DR setup - host A publishes virtual IP, receives packets from the world, redirects them at the ethernet-level to host B (which is on the same ethernet segment) which then generates IP packets with the virtual IP as the source address and the initial client as the destination - allowing host B to send the reply directly to the client through its router without bothering the ldirectord. Is this what you are trying to achieve? --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] howto transfer all configuration between 2 remote dedicated servers?
Before you chroot, do mount -bind... of /sys, /dev, /proc and maybe /boot under the chroot dir to make chroot more useful. Cheers, Amos On 11/22/08, Joe Barjo [EMAIL PROTECTED] wrote: Thanks for the suggestion. I did the rpm -Va but have quite a lot of prelink warnings. But filtering them out gives a good list of files to transfer. I still wonder why the rsync method doesn't work, as I'm rsyncing from another server with the same distribution. I also don't know how to re install grub from the debian. Under chroot, there are no devices. It seems that the root filesystem doesn't even get mounted, as I have no logs at all. On Thu, Nov 20, 2008 at 5:04 PM, Lorenzo Quatrini [EMAIL PROTECTED] wrote: Joe Barjo ha scritto: Hello [snip] But my real question is: How can I get a list of files in the whole filesystem that were added or modified compared to all the files that come from rpms? Is there a script for doing such a thing? I think that doing some scripting around rpm -Va (to find modified files from rpms) and a 'comm' between rpm -qla and something like find / (with some clean-up to get files not coming from rpms) will do the magic. -- Regards Lorenzo Quatrini ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Linux backup help
2008/11/16 Ian Forde [EMAIL PROTECTED]: Actually, that's the problem that Red Hat Satellite Server can solve. You can approve packages for deployment. Thus, when provisioning new servers, they get updates from the approved list. And servers are grouped by class. For the free version, one should investigate Project SpaceWalk. http://www.redhat.com/spacewalk/ Thanks for the pointer. I've looked at it a few weeks ago back when there was some news about it and it looked promising but I didn't have time to learn it in depth. Will keep it in my stack of things to look at. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Linux backup help
2008/11/15 Warren Young [EMAIL PROTECTED]: [ long rant in favor of keeping the entire yum cache instead of a list of package versions deleted ] move around entire cache backups across continents. Continents?? What, now we're worried about protecting against total continental destruction? Maybe you're thinking you'll need those backups to help reboot civilization on another continent? Sheesh, talk about overengineering... I would have thought that sending backups to another time zone would be more than sufficient. My production and test/staging servers are over 12,000 km (or 7700 miles) away from my office. I need to be able to move configurations around between my office and two separate hosted sites. Also I have around 10 different system configuration prototypes (roles) with more expected to be added - so every such cache is multiplied by that number. I pay for the traffic and we easily hit our traffic quota during a busy month of tests and updates, not to mention the huge drag on time to copy things around back and forth. On top of that - the cache is not reliable - it would contain deleted packages, packages installed manually individually on one system for testing, packages which were replaced by newer ones etc. It can be cleaned (accidentally or when it runs out of space) etc. Your solution of it's cheap so waste it is not just wasteful but not sustainable as our operation will grow (or possibly even at its current size). Thanks for the advise, but the more I think about this solution the more I'm convinced it's not going to help me. I'll try to try to find or build something based on rpm -qa and yum. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Linux backup help
2008/11/16 Nicolas Thierry-Mieg [EMAIL PROTECTED]: Amos Shapira wrote: I'll try to try to find or build something based on rpm -qa and yum. no reason to use yum: it's for resolving dependencies, but in your case they would already be resolved. Instead you could more simply and reliably wget the files and rpm -U them. Right, except that this might require to re-implement yum's ability to find and download the right package from the right repository. Not sure what's the advantage of wget+rpm over a simple yum install then. In the meantime, on another list I got the following recipe: A. Installing the missing packages. (On the source machine:) $ rpm -qa --queryformat=%{NAME}-%{ARCH}\n | sort package_list.txt (On the target machine:) $ yum install -y $(cay package_list.txt) B. Remove extra packages: (On the target machine:) $ rpm -qa --queryformat=%{NAME}-%{ARCH}\n | sort package_list_new.txt $ yum remove $(diff package_list_new.txt package_list.txt | grep | cut -d -f2) The provider of the above says it works for him on Fedora, CentOS and RHEL, so it sounds like it's been tested for a while. I'll test it further before actually using it. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Linux backup help
Is there a way to freeze a list of installed packages and exact versions, then tell yum (or any other tool/script) to install exactly these verions either on the same or another systme? I'm asking from perspective of being able to update and test in my test or staging environment then when tests pass I want to replicate the exact list of package versions in production. Thanks, --Amos On 11/12/08, Marc Schwartz [EMAIL PROTECTED] wrote: Kevin Kempter [EMAIL PROTECTED] writes: Hi All; I'm awaiting a new linux laptop that will be my primary work machine. I want to implement a strategy that allows me as easily as possible to revert back to a former state. My primary concern is a scenario where I apply system updates and it breaks something that for me is critical. I wonder if a simple rsync script would work. If so, here's what I'm thinking: 1) updates are available so I execute the rsync script which pulls any updated files from my laptop to a backup server/drive 2) apply updates 3) if something breaks (even if I can no longer login) I boot the laptop, run the rsync script in the opposite direction (push files from the backup drive to the laptop) I assume that if I were to execute step 3 above that my system would be in the exact state that it was before I ran the updates. Is this a correct assumption ? Are there better approaches ? Thanks in advance.. Look at rsnapshot, which is rsync based and enables hourly, daily, weekly and monthly rotating backups. This is what I used on my laptop, to an external USB HD. It provides an OSX Time Machine like schema, albeit without the fancy GUI. http://rsnapshot.org/ HTH, Marc Schwartz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Sent from Google Mail for mobile | mobile.google.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Linux backup help
What about disaster recovery? Assuming I take the approach you suggest and have to restore the cache (with the tested versions) after it's lost in a disaster, is there a way to do that (short of backing it up)? I'd rather be able to keep a list of package versions instead of having to move around entire cache backups across continents. Thanks, --Amos On 11/15/08, Warren Young [EMAIL PROTECTED] wrote: Amos Shapira wrote: Is there a way to freeze a list of installed packages and exact versions, then tell yum (or any other tool/script) to install exactly these verions either on the same or another systme? There isn't a need for an explicit feature. Just update one server, test it, then copy all of /var/cache/yum/updates/packages to the other machines. You can then say rpm -Fvh *.rpm in that directory to bring that machine up to the same level as the other one. We don't do it exactly that way. We copy the current package cache to new machines after installation to speed a regular yum update, as it needs only enough bandwidth to download what's changed since updating the package cache clone. Because of CentOS/RHEL's policy of not upgrading versions, only patching the released version, we haven't had any serious problems by allowing production systems to track the current yum repositories. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Sent from Google Mail for mobile | mobile.google.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Linux backup help
Looks good. And is there a tool which can read this output and fetch the right packages from the right repositories, or do I have to write my own? Would a script which massages this into an input for | xargs yum install be the way to go? Thanks! --Amos On 11/15/08, Nicolas Thierry-Mieg [EMAIL PROTECTED] wrote: Amos Shapira wrote: What about disaster recovery? Assuming I take the approach you suggest and have to restore the cache (with the tested versions) after it's lost in a disaster, is there a way to do that (short of backing it up)? I'd rather be able to keep a list of package versions instead of having to move around entire cache backups across continents. something like this? rpm -qa installed_packages ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Sent from Google Mail for mobile | mobile.google.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Terminal emulation scripting
I'm not near a computer to dig this but there should be a way to tell unix telnet to change the chars it sends for enter, read telnet(1). Hope this helps. --Amos On 11/15/08, Frank M. Ramaekers [EMAIL PROTECTED] wrote: Okay, here are some things I found out. 1)Linux telnet is sending a 0x0a for the enter key 2)Windows putty program is sending a 0x0d for the enter key 3)Windows telnet is sending a 0x0d0a for the enter key 4)The device (don't ask) I'm working with doesn't like the Linux telnet I've tried coding the expect with 0x0d: expect send m2 send \x0d But, this doesn't seem to work. I'm starting to run out of ideas. Frank M. Ramaekers Jr. Systems Programmer MCP, MCP+I, MCSE RHCE American Income Life Insurance Co. Phone: (254)761-6649 1200 Wooded Acres Dr.Fax: (254)741-5777 Waco, Texas 76710 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Max Hetrick Sent: Wednesday, November 12, 2008 2:59 PM To: CentOS mailing list Subject: Re: [CentOS] Terminal emulation scripting Frank M. Ramaekers wrote: I need to write a script that will contact a remote system using TELNET with VT52/1xx/2xx/320 and perform some operations. I am familiar with TELNET but it appears that it won't work for my purposes. Check out expect. I had to do this with some data radios as of late, and it worked out pretty well. http://linux.die.net/man/1/expect Regards, Max ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos _ This message contains information which is privileged and confidential and is solely for the use of the intended recipient. If you are not the intended recipient, be aware that any review, disclosure, copying, distribution, or use of the contents of this message is strictly prohibited. If you have received this in error, please destroy it immediately and notify us at [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Sent from Google Mail for mobile | mobile.google.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Timeout for a script
Or maybe the next script that cron executes can kill the previous one as a first step before doing anything else. --Amos On 11/13/08, Filipe Brandenburger [EMAIL PROTECTED] wrote: Hi, On Wed, Nov 12, 2008 at 08:39, Jussi Hirvi [EMAIL PROTECTED] wrote: Thanks - but I couldn't make that work as expected. It seems to kill *something*, but after that, the rsync part still continues in the background... If what you want to kill is the rsync process, do the opposite, run rsync in background, sleep for some time, test if it is still running and then kill it. Here's my last test: log='/root/log/rsync2' timeoutseconds=1 pid=$$ (sleep $timeoutseconds; echo `date '+%c'` $0 INTERRUPTED $log; kill -9 $pid) /usr/bin/rsync -avzu --delete /root /home/palvelimet/bckserver1 echo `date '+%c'` $0 valmis $log Use something like: #! /bin/bash timeout=60 /usr/bin/rsync -avzu --delete /root /home/palvelimet/bckserver1 rsync_pid=$? sleep $timeout # test if process $rsync_pid is still a child of this process: ppid_rsync=`ps -o ppid= $rsync_pid` # remove any spaces ppid_rsync=`echo $ppid_rsync` # compare the parent of $rsync_pid with this process, if it matches, kill $rsync_pid test x$ppid_rsync = x$$ kill $rsync_pid It's certainly more convoluted than it should be... but it should work. The C solution is probably the right thing to do, if you have time to dig into it and find out how it works. HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Sent from Google Mail for mobile | mobile.google.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Setting up eth0 with address 0.0.0.0
Hello, I'm following instructions in http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-DR.html#route_on_non_ip_interface to allow my xen guest real hosts to serve virtual IP's behind LVS without having to allocate real public IP addresses for each such xen guest. I have eth1 connected via a back-end switch to the eth1/xenbr1 of the xen host and the other physical servers, this is the interface that is used by LVS to switch packets over to the real servers. I managed to manually do: # ip route add to default-router dev eth0 # ip route add via default-router and before that, in order to allow outgoing packets to be sent via eth0, I did: # ifconfig eth0 0.0.0.0 up and it works great, but when I try to configure this permanently via ifcfg-eth0 it says: Bringing up interface eth0: connect: Invalid argument [ OK ] Things seem to work OK - the server can serve over the Virtual IP, eth0 doesn't have an IP associated with it etc. But I'm worried about this message. Some relevant config files: ifcfg-eth0: To setup the routes, I followed http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s1-networkscripts-static-routes.html and http://www.mail-archive.com/centos@centos.org/msg15253.html and put the following in /etc/sysconfig/network-scripts/route-eth0: DEVICE=eth0 ONBOOT=yes TYPE=Ethernet IPADDR=0.0.0.0 NETMASK=0.0.0.0 route-eth0: to router-address dev eth0 via router-address output of ifconfig eth0: eth0 Link encap:Ethernet HWaddr 00:16:3E:19:E6:97 inet6 addr: fe80::216:3eff:fe19:e697/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2012 errors:0 dropped:0 overruns:0 frame:0 TX packets:250 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174268 (170.1 KiB) TX bytes:47731 (46.6 KiB) So - did I do this correctly and what should I do to fix the error message? Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] strict memory
2008/10/17 Mag Gam [EMAIL PROTECTED]: Hi John: Well, we run a lot of statistical analysis and our code loads a lot of data into a vector for fast calculations. I am not sure how else to do these calculations fast without loading it into memory. Thats why we have to do it this way. About 15 years ago I changed an application on SGI IRIX from using text files scanf(3)'ed into memory (with floating point numbers in them) to binary files mmap(2)'ed into memory. Processing time was cut down by over 95% and did much more in the 5% left (e.g. allow interactive real-time viewing of different frames of data). Using mmap'ed files means that the system will know that these pages are backed by blocks on the file system and therefore it won't take up so much buffer space which needs to be writen out into the swap partition whenever the memory buffer is needed for something else, only disk cache space which can be just freed if the buffer was only read. You can also benefit if multiple processes access same file - they'll share the buffer in memory too. It's not a silver bullet, there are still issues with too random access causing the system the thrash, but at least it won't take up so much swappable memory, it'll save lots of copying (file-kernel-user when reading and the other way around when writing), system calls etc. If you can process data in sequential order and possibly with help of madvise(2) you can probably squeeze out even more from this option. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] script
Except that you better quote the dots in the search string and put word boundary match around it or you'll end up replacing too much. See sed's -r switch for more. On 10/1/08, Chris Geldenhuis [EMAIL PROTECTED] wrote: Mad Unix wrote: Dear ALL, I need some help with bash scripting, a script that search the content of multiple files and replace old string ip 10.5.1.10 with the new string ip 127.128.1.10 it will search in specific folder and sub folders Thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos How about: find startdir -exec sed s/10.5.1.10/127.128.1.10/ \{\} \; ChrisG ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Sent from Google Mail for mobile | mobile.google.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] perl bless/overload performance problem
Hello, How do people here handle the situation mentioned in RH bug #379791 (https://bugzilla.redhat.com/show_bug.cgi?id=379791)? We have a web site built using Perl Catalyst which warns about this issue. So far we managed to avoid this by not upgrading the perl package handed to us as part of an old Xen image based on CentOS 5.0, but we are now building the Xen guests without this image and generally want to keep our package up to date for security. So - is there another package available to install instead of the CentOS 5.2 version? I tried before to compile the Fedora 9 package from source but despite it being claimed to have it patched it still demonstrated the buggy behaviour (using the sample test code mentioned in the bug report). Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
2008/7/9 Lanny Marcus [EMAIL PROTECTED]: I believe this is completely OT, but I want to be positive. I have a fully up to date CentOS 5.2 box. During the past week, when surfing with Firefox (and today, while testing with Konqueror), frequently, especially when DNS is slow, I am seeing references to opendns.com At times, I end up on opendns.com web pages, instead of at the web site I'm trying to get to. My ISP, the phone company, claims this is not coming from their end and that they are not using opendns.com. I was told they have two (2) DNS servers. I haven't changed anything in my IPCop Firewall/Router box and my belief is that this is coming from my ISP or upstream from there. . If using opendns.com is something new in CentOS 5.2, please let me know. TIA. Could it be that some server you connect to uses opendns' servers for their own DNS service? Which web sites are you trying to surf to when you reach OpenDNS? --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Anyone using TCP Connection Passing?
Hello, We are looking at ways to improve our cluster fail-over and one thing that we wonder about is the possibility of passing tcp connections from the primary server to the secondary when the primary dies. I found tcpcp (http://tcpcp.sourceforge.net/) and tcpcp2 (http://tcpcp2.sourceforge.net/) but they seem to be inactive (last release was two years ago) and requires also changes in the application level. I though that I saw somewhere an implementation of the simple idea of having the secondary tracking the connections (sort of shadowing the primary) and when the primary disappears it can take over everything. e.g. the following points to some interesting links: http://archive.gscept.com/2006/dev/?p=266 Has anyone here got to implement something like this? Our platform is CentOS 5 x86_64. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Anaconda ignores cmdline directive
Hello, Our environment: CentOS 5.2 (updated over time with yum update, current yum update lists about 7 packages out of date), x86_64. Running Xen, building Xen DomU's with kickstart. We are trying to debug the %post part of the kickstart process for DomU and are hitting difficulties in accessing the output. For a start, the cmdline directive in the kickstart seems to be ignored and it stays in text (ncurses) mode. Here is the kickstart file we use: install url --url http://a.b.c.d/centos/5.2/os/x86_64 logging --level=debug lang en_US.UTF-8 network --device eth0 --bootproto static --ip=a.b.c.e --netmask=255.255.255.0 --gateway=a.b.c.f --nameserver=a.b.c.g --hostname domu-hostname rootpw --iscrypted $1$password authconfig --enableshadow --enablemd5 selinux --disabled timezone --utc Australia/Sydney bootloader --location=mbr --driveorder=xvda --append=console=xvc0 poweroff cmdline # Partitioning zerombr clearpart --all --initlabel --drives=xvda part /boot --fstype ext3 --size=100 --ondisk=xvda part pv.2 --size=0 --grow --ondisk=xvda volgroup xxx --pesize=32768 pv.2 logvol / --fstype ext3 --name=root --vgname=xxx --size=1024 --grow logvol swap --fstype swap --name=swap --vgname=xxx --size=256 --grow --maxsize=512 %packages --nobase wget %post set -x echo hello world Can anyone point what are we missing? Googl'ing around just keeps coming up with pages saying that this should work (e.g. Running anaconda in real text-mode and Logging %pre and %post in http://wiki.centos.org/TipsAndTricks/KickStart) but the problem so far still remains that Anaconda uses ncurses, not cmdline. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Spacewalk from Redhat
2008/7/1 Tom Lanyon [EMAIL PROTECTED]: On 01/07/2008, at 2:19 PM, Amos Shapira wrote: 2008/6/30 Bazy [EMAIL PROTECTED]: Hello, Is anyone using Spacewalk (http://www.redhat.com/spacewalk/) on CentOS 5 or 4? What kind of hardware are you useing it on? Do I read it right that it requires Oracle 9?? (http://tinyurl.com/6rff8l) or am I missing something? 9 or 10, I believe. Blahh 9, 10, whatever - it's not free. I'd sort of expect it to work with PostgresQL/MySQL. Weird choice, as the guy who works for me put it. Thanks for the clarification. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Spacewalk from Redhat
2008/6/30 Bazy [EMAIL PROTECTED]: Hello, Is anyone using Spacewalk (http://www.redhat.com/spacewalk/) on CentOS 5 or 4? What kind of hardware are you useing it on? Do I read it right that it requires Oracle 9?? (http://tinyurl.com/6rff8l) or am I missing something? --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] missing depdency: drbd = 8.0.12 is needed by package kmod-drbd-xen
When I execute yum upgrade on both CentOS 5.0 Xen DomU and CentTOS 5.1 Xen Dom0 I get: -- Finished Dependency Resolution Error: Missing Dependency: drbd = 8.0.12 is needed by package kmod-drbd-xen yum list drbd\* gives: Available Packages drbd.x86_64 8.0.12-1.el5.centosextras drbd82.x86_648.2.6-1.el5.centos extras I searched for any mention ot drbd in my yum configuration (in case it was excluded) but didn't find anything. What could be the cause? Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] simple load balancing/failover for OWA
On Fri, Apr 4, 2008 at 11:36 PM, Matt Shields [EMAIL PROTECTED] wrote: On Fri, Apr 4, 2008 at 9:03 AM, Ruslan Sivak [EMAIL PROTECTED] wrote: David Hrbác wrote: Ruslan Sivak napsal(a): We are building an exchange cluster with two front end Outlook Web Access servers. We would like to at least have some sort of failover, and prefereably load balancing for them. Russ Russ, take a look at http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html David ___ Yes, that what I was thinking. However, I believe these servers also run smtp, pop3, imap,etc, so I don't think Apache can handle all of those.. LVS handles all protocols. It can do any port and UDP or TCP. It supports different types of balancing Round Robin (rr), Weighted Round Robin (wrr), Least Connections (lc), Weighted Least Connections (wlc). It can do sticky sessions, so if OWA doesn't like when you go from server 1 to server 2, LVS will keep the user stuck to one server. Plus a ton of other features. Give it a shot. I'm trying to setup a couple of LVS servers on CentOS 5 and hitting difficulties. I've been googl'ing around the docs (it mostly all gets back to http://www.austintek.com/LVS/LVS-HOWTO/mini-HOWTO/LVS-mini-HOWTO.html) for a few days now but can't get it to work. It sometimes work temporarily but very quickly a few fail-overs made things totally unworkable. One issue I suspect that might be in my way to success is that the two servers (I'm trying to use same two servers both as ldirectors and real servers) are assigned to two separate /28 networks, BUT the virtual rack (from ThePlanet) allows both of them to be assigned addresses from each other's network so I assigned an address from the correct network on an alias on the other server (eth0:0). Does anyone have a working example for this on CentOS 5? The docs I found so far are mostly generic and talk a lot about ancient kernel versions like 2.0, 2.2 and 2.4. I subscribed to the lvs-users mailing list but I'm not sure how active it is. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Should I update to DRBD 82?
On Wed, Mar 19, 2008 at 8:58 AM, Johnny Hughes [EMAIL PROTECTED] wrote: Not in CentOS ... centos is running the drbd82 branch, it is an update for drbd-8 and I won't be puttin gany more drbd-8 stuff in centos-5 extras. So now - more of a yum question - what can I put in some file to prevent yum from trying to upgrade drbd8 to drbd82 for now? Thanks very much for your reply. Please see this discussion thread with one of the drbd devels where they say 8.2 is the one to use: http://www.gossamer-threads.com/lists/drbd/users/13764 Thanks for the clarification. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Should I update to DRBD 82?
On Mon, Mar 17, 2008 at 11:04 AM, Johnny Hughes [EMAIL PROTECTED] wrote: Amos Shapira wrote: As far as I'm aware DRBD works fine for me. Is there a way I can find out about the new release and weather I should upgrade? Basically, see the details here: http://www.drbd.org/releases.html According to this link, drbd 8 is the stable one and 8.2 is still in development. That is up to you :D .. but drbd82 (which is currently drbd-8.2.5) is a replacement for drbd-8.0.x for CentOS-5. If you look at the drbd.org site, drbd-7 is really no longer getting any updates and is moving towards EOL in October 2008, and drbd-8.0.x is feature frozen and not getting any more features, though it will get security only updates from linbit. Sounds like just what I need - it (8.0) works for me, stable, and gets security updates. So now - more of a yum question - what can I put in some file to prevent yum from trying to upgrade drbd8 to drbd82 for now? Thanks very much for your reply. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Should I update to DRBD 82?
On Tue, Mar 18, 2008 at 10:50 AM, Joseph L. Casale [EMAIL PROTECTED] wrote: So now - more of a yum question - what can I put in some file to prevent yum from trying to upgrade drbd8 to drbd82 for now? Edit your /etc/yum.conf and add the following: exclude=drbd* kmod-drbd* Thanks. I suppose that tells yum to avoid upgrading drbd at all. I can probably do: exclude=drbd82* kmod-drbd82* to avoide the drbd82 packages. Can I tell yum to ignore drbd packages from the extras repository only, so it'll keep updating drbd 8.0 for security fixes? Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Should I update to DRBD 82?
Hello, This morning I noticed the following output from yum update: Installing: drbd82 x86_64 8.2.5-1.el5.centos extras 209 k replacing drbd.x86_64 8.0.11-1.el5.centos As far as I'm aware DRBD works fine for me. Is there a way I can find out about the new release and weather I should upgrade? I can't figure out the CentOS issue tracking system at bugs.centos.org but a google site search came up with http://bugs.centos.org/print_bug_page.php?bug_id=2657 (a DRBD 82 tracker bug with empty reports), which makes me feel like this version of the package is not 100% trusted. So - should I upgrade it or not? Generally, I try to stick to the standard as much as I can, but the text in http://wiki.centos.org/Repositories gives an impression that if it's in Extras, it's well tested. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Good version control package?
On Thu, Mar 13, 2008 at 6:38 PM, Sean Carolan [EMAIL PROTECTED] wrote: I dont really think you can get much easier than CVS if you need centralized management over a network. If it never gets off the machine then there is RCS. If those aren't simple enough... I don't think any of the others are going to help. Thanks for the pointers, it looks like we will go with CVS. I'd recommend you re-consider SVN. It's as simple as CVS (in terms of command line ease of use) but also adds important things: 1. Atomic commits (when checking in multiple file changes, either all of them or none of them will go in). 2. Directory operations (moving files and directories around is as simple as svn mv source destination) 3. Branches are a breeze (e,g, svn mkdir branches/project-a; svn cp trunk/file branches/project-a) I don't see any reason for anyone to get themselves into the trap that's called CVS at this time and age. (BTW - if you started with CVS then you should be able to move over to SVN, there are programs to convert the repository). Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] recompiled mod_perl insists on old perl dependency
On Thu, Mar 13, 2008 at 9:17 AM, Tim Verhoeven [EMAIL PROTECTED] wrote: Recompile the mod_perl package with after you installed the new perl. It looks like the mod_perl was build against the base CentOS perl version and not the one you build. That's what I suspected so I re-compiled mod_perl after I installed perl on the compilation machine but got exactly the same results. Is anyone here is aware of another way to get a fixed version of perl for CentOS 5? You need to get upstream to fix it. Report this bug in our and theirs bug reportingtools (bugs.centos.org and bugzilla.redhat.com) It's a known bug in RHEL: https://bugzilla.redhat.com/show_bug.cgi?id=379791 I now see that the previous bug link I provided was against Fedora and is closed. This one is against 5.0 and is open with recent activity. After some more digging with a colleague we suspect that: 1. We probably miss something about RPM version ordering (the perl version it looks for is 4:... while ours is just plain 5.8.8...) 2. The overriding package comes from rpmforge. We solved it in two ways (we have two test fail-over machines so we could try two fixes): 1. Manually installing all the dependent packages in one rpm command (there is a circular dependency) somehow passed fine. 2. Giving our own private repository higher priority. Thanks for your reply. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] recompiled mod_perl insists on old perl dependency
Hello, In order to overcome a known performance bug in perl-5.8.8-10 in centos 5 (see https://bugzilla.redhat.com/show_bug.cgi?id=196836) I downloaded the perl package from fedora 8 (http://mirror.internode.on.net/pub/fedora/linux/releases/8/Fedora/source/SRPMS/perl-5.8.8-30.fc8.src.rpm) and mod_perl (http://mirror.internode.on.net/pub/fedora/linux/releases/8/Fedora/source/SRPMS/mod_perl-2.0.3-14.src.rpm) and compiled them on an x86_64 machine following instructions from http://sial.org/howto/rpm/. The perl-5.8.8-30 installed fine but when I try to install the new mod_perl it insists on installing perl-4:5.8.8-10.el5_0.2.i386: Dependencies Resolved = Package Arch Version RepositorySize = Installing: mod_perlx86_64 2.0.3-14 threatmetrix 5.5 M Installing for dependencies: perli386 4:5.8.8-10.el5_0.2 updates12 M Going ahead with this complains about conflicts with the installed perl-5.8.8-30. What can I do to fix this? Is anyone here is aware of another way to get a fixed version of perl for CentOS 5? Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 32bit support in 64bit environment (CentOS and Debian)
On Tue, Mar 11, 2008 at 9:13 AM, Tim Verhoeven [EMAIL PROTECTED] wrote: I don't know how Debian does it. But this is how CentOS does it. Basically all libraries are available in 32 and 64 bit versions and To complement this with experience with Debian - current Debian stable release (Etch) still requires you to install 32-bit environments in chroot and run applications in that chroot. A multitude of chroot tools makes this painless once it's setup (e.g. I use schroot). It's askward and backwards and atypical for Debian to be in such a position. BUT - I heard that the next release (i.e. Lenny, which is advancing in good pace to be released on time this year) finally falls in line with the rest of the major distributions and supports 32-bit applications without having to build chroot environment for them. However - I haven't got around to test this (trying to stick with stable, and the schroot solution works for me) so I can't give details on how exactly it works with the installations tools (e.g. aptitude, apt-get etc). Hope this helps, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Perl-5.8.8-10 use overload backport breaks performance?
Hello, There is text in the documentation of Class::DBIx as follows: There is a problem with slow performance of certain DBIx::Class operations in perl-5.8.8-10 and later on RedHat and related systems, due to a bad backport of a use overload related bug. The problem is in the Perl binary itself, not in DBIx::Class. If your system has this problem, you will see a warning on startup, with some options as to what to do about it. (from http://search.cpan.org/~ash/DBIx-Class-0.08010/lib/DBIx/Class/Manual/Intro.pod#Problems_on_RHEL5/CentOS5) and indeed when I run a test I get: # perl -MDBIx::Class -e1 WARNING: DBIx::Class::StartupCheck: This version of Perl is likely to exhibit extremely slow performance for certain critical operations. Please consider recompiling Perl. For more information, see https://bugzilla.redhat.com/show_bug.cgi?id=196836 and/or http://lists.scsys.co.uk/pipermail/dbix-class/2007-October/005119.html. You can suppress this message by setting DBIC_NO_WARN_BAD_PERL=1 in your environment. Now it looks like the current solution is to compile a package by myself. Is there a way I can avoid this and just grab a fixed or older working version from some known repository? This is on a CentOS 5 with all updated packages (yum update doesn't update anything), rpmforge is enabled in case this matters. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kiskstart question
On Feb 3, 2008 12:41 AM, Gary Richardson [EMAIL PROTECTED] wrote: Add this to the end of your kickstart file: = %post yum -y update = In fact, you can do all sorts of things, like configure services using chkconfig. You have a bash interpreter and your chrooted into your new install. I used to do all sorts of crazy stuff in there, until I found puppet :) Now I have minimal kickstart configs and I let puppet do all the heavy lifting. And how do you get kickstart to start puppet? Do you need to add stuff in %post or is it enough to just install the packages? We are investigating doing just that - kickstart a CentOS Xen guest and get it to pull as much configuration as possible through puppet. Any other hints anyone can give about using Puppet on CentOS would be appreciated. Thanks. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh terminal froze once in a while
On 14/12/2007, Miark [EMAIL PROTECTED] wrote: Actually, I have to take that back. After I made the sshd config changes: ClientAliveInterval 30 ClientAliveCountMax 5 it did hang on me once, but I'm looking at Konsole rigth now, Let me guess - you did service sshd reload but didn't close your current session when you did that? The new settings don't affect existing sessions. and my connection to the CentOS box has stayed alive all day. I guess all is well. Great to hear. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum --security and staying with 5.0
On 13/12/2007, Ralph Angenendt [EMAIL PROTECTED] wrote: Amos Shapira wrote: I'll just try to avoid updates for now. Why? It is *highly* unlikely that 5.1 will break *anything* for you. I mean: Those are still the *SAME* software versions as in 5.0. And those are the same software versions which will be in CentOS 5.5. Or 5.7. You will *NOT* get any security updates that way, you are leaving your machines vulnerable - and that for *NO* reason. I just got the impression from the subject in the mailing list for the last couple of weeks that 5.1 introduced some problems to people who upgraded. Going through the archive today I see that it looks like all problems resulted from people deviating from the recommended path (just yum update) by having their own kernels or mixing 5.1 with packages from other sources. Thanks. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] yum --security and staying with 5.0
Hello, So I've watched a few threads about the new 5.0 vs. 5.1 upgrade and have a couple of (hopefully) practical questions about this: Context - I'd like to stick to 5.0 at least for a while until the dust around 5.1 settles down (and I'm back from holidays). As an example - In Debian, as long as I stick to stable I can be sure that the only updates I receive there are for heavily tested very important bugs and security issues, so I should generally apply them. 1. If I read the FAQ correctly, in order to force yum to stay with 5.0 should I just manually edit /etc/redhat-release from: CentOS release 5 (Final) to: CentOS release 5.0 (Final) (i.e. add .0 to the version)? If not then what should I do? 2. I am hoping that yum-security will allow me to stick to the latest security updates for 5.0 without forcing me to upgrade to 5.1 until the dust settles down. Am I correct that this is possible with yum-security and the repositories provided by CentOS? Will yum update --security update packages with later versions only if those versions fix security issues? Are security updates maintained for 5.0? Here is what I get right now on one of my systems (without doing the change I asked about in (1)): # yum --security list updates Loading security plugin Loading installonlyn plugin Setting up repositories base 100% |=| 1.1 kB00:00 updates 100% |=| 951 B00:00 addons100% |=| 951 B00:00 extras100% |=| 1.1 kB00:00 Reading repository metadata in from local files Limiting package lists to security relevant ones No packages needed, for security, 196 available If I drop the --security flag I indeed get a list of196 packages to upgrade. So to clarify my question - is my system secure (in terms of package versions) by sticking to yum update --security? Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] building a Xen guest image on straight LVM partitions?
On 11/12/2007, Johnny Tan [EMAIL PROTECTED] wrote: Amos Shapira wrote: When I needed to build Xen guests under Debian I could follow more or less the instructions in http://preview.tinyurl.com/2oc48r and the advantage of this approach is that it allows me to setup the Xen guest directly on the LVM partition without making it consider the LVM partition as an entire disk with a partition table. I might be missing something, but that link seems to talk about FAI and doesn't mention xen. I'm interested in seeing how it can install on the LVM partition but the OS doesn't see it as an entire disk with a partition table. What does fdisk -l show, then? The anchor I pointed to is about instructions for creating an entire CentOS file system hierarchy using Yum on Debian without having to go through the CentOS boot process. Nothing to do with FAI except that I found the instructions extremely useful for my needs. So what I used to do on Debian Dom0 in order to build a new CentOS 5 DomU was: 1. Create an LV for the filesystem, mke2fs -j /dev/xen/created-lv-name, mount ... 2. Go through those instructions to setup the filesystem hierarchy. 3. umount /dev/xen/created-lv-name, create another LV for the swap 4. Manually configure the /etc/xen/*.cfg file to use the new LV's and map them into disks in the guest machine: disk = [ 'phy:/dev/xen/centos5.0-01-root,ioemu:sda1,w', 'phy:/dev/xen/centos5.0-01-swap,ioemu:sda2,w'] device_model='/usr/lib/xen-3.0.3-1/bin/qemu-dm' 5. boot the image as a Xen guest. As for the fdisk output - it looks for partition tables on each of the mapped LV's but doesn't find them: # fdisk -l Disk /dev/sda1: 17.1 GB, 17179869184 bytes 255 heads, 63 sectors/track, 2088 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk /dev/sda1 doesn't contain a valid partition table Disk /dev/sda2: 1073 MB, 1073741824 bytes 255 heads, 63 sectors/track, 130 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk /dev/sda2 doesn't contain a valid partition table I suspect that maybe I could follow the same procedure under CentOS but under the current deadline pressure I'm looking for the fastest route. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] building a Xen guest image on straight LVM partitions?
On 11/12/2007, Ross S. W. Walker [EMAIL PROTECTED] wrote: Johnny Tan wrote: Amos Shapira wrote: When I needed to build Xen guests under Debian I could follow more or less the instructions in http://preview.tinyurl.com/2oc48r and the advantage of this approach is that it allows me to setup the Xen guest directly on the LVM partition without making it consider the LVM partition as an entire disk with a partition table. I might be missing something, but that link seems to talk about FAI and doesn't mention xen. I'm interested in seeing how it can install on the LVM partition but the OS doesn't see it as an entire disk with a partition table. What does fdisk -l show, then? Here is a good link: http://wiki.rpath.com/wiki/Xen_DomU_Guide The Xen domU or HVM will treat the partition as a whole disk, so that means MBR and stuff, but you can mount it on dom0 as such: # fdisk -l -u /dev/es_storage/exch_data.1 Disk /dev/es_storage/exch_data.1: 218.2 GB, 218233831424 bytes 255 heads, 63 sectors/track, 26532 cylinders, total 426237952 sectors Units = sectors of 1 * 512 = 512 bytes Device Boot Start End Blocks Id System /dev/es_storage/exch_data.1p1 128 426220514 213110193+ 7 HPFS/NTFS # mount -t ntfs -o loop,offset=128 /dev/es_storage/exch_data.1 /mnt That will create an auto-loop mount of the partition at sector offset 128. Yes I'm familiar with that trick (including your correction below, though I usually use explicit losetup) but it still: 1. Isn't as easy and safe as a direct mount 2. There is still some overhead of having LVM-over-LVM. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] building a Xen guest image on straight LVM partitions?
On 11/12/2007, Ross S. W. Walker [EMAIL PROTECTED] wrote: Here is a good link: http://wiki.rpath.com/wiki/Xen_DomU_Guide Ah and forgot to say thank you for the link. Looks useful. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] remote ssh to machine how display firefox
On 07/12/2007, Jerry Geis [EMAIL PROTECTED] wrote: Jerry Geis wrote: I can ssh into a remote machine. I can start X on that machine with startx How do I then start firefox on that machine (from the ssh prompt) and have it display on my machine in my office. So I want to be using firefox on the remote machine but displaying the screen output from firefox in my office. Both boxes are running centos 5. don't startx on the REMOTE machine, have it running on the LOCAL machine. local$ ssh -X remote ...authenticate... remote$ firefox and firefox should open on the local... I tried the above (without the ) and firefox just returns. I looked at /etc/ssh/sshd_config and X11Forwarding is yes. First - make sure you have xauth installed on the remote machine. With CenttOS 5 it comes in xorg-x11-xauth. Ssh needs it to pass over the x11 authentication cookies (e.g. I don't install X environment on my servers so I have to remember to install this package separately). Secondly - when you login through SSH, type echo $DISPLAY and see if you get anything - if not then X11 isn't being forwarded yet. Also I hope you start ssh after having X11 environment started on your local machine and from a shell which has $DISPLAY set correctly *locally*. When all these tests are passed I usually try to run a basic X11 program like xlogo but you might not have it so just try to run firefox again and see what happens. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacement for Linux-HA (heartbeat) - RedHat cluster?
On 06/12/2007, Dave Augustus [EMAIL PROTECTED] wrote: If you can try with non-Xen kernels, you should get better results. Does this mean that you tried Xen kernels and DomU and it failed, then switched to non-Xen kernels on the same setup and it succeeded? Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] heartbeat 1.2.5 on CentOS 5?
On 06/12/2007, Matt Shields [EMAIL PROTECTED] wrote: On Dec 5, 2007 6:32 AM, Johnny Hughes [EMAIL PROTECTED] wrote: Amos Shapira wrote: Hello, Has anyone got Heartbeat 1.2.5 (latest Heartbeat 1 version) to compile and run on CentOS 5? I downloaded the source but hit difficulties compiling it, presumebly because it was never quite tweaked to run on the latest version. Thanks, --Amos Why not run heartbeat-2 from the centos extras repo. Heartbeat-2 will use heartbeat-1.x configuration files and should be compatible. Ditto. It works a lot better, and there are RPMS available for it. I'm trying heartbeat 1 after two weeks of getting nothing but core dumps and fialures from heartbeat 2 from the repository for the last two weeks, with a long thread of questions and no good answers on the linux-ha mailing list. The setup I plan is very basic - a master/slave of two nodes only with DRBD. I suppose heartbeat 1 might be adequate for that. What do you mean by a lot better? In what sense? BTW - I found instructions for using rpmbuild -ta ...tar.gz and now need to complete the dependencies to make it install on CentOS 5. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] perl-libnet on CentOS 5?
Hello, Is there any package on CentOS 5 which provides perl-libnet? Beartbeat 1 depends on it but so far I couldn't find a package. Also - is there a way to find which non-installed package contains files with matching names (a-la Debian's apt-file)? I know about rpm -qf but it only works on packages which are already installed. I saw some place mentioning a command called pin but I couldn't find it (sort of chicken and egg?). Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacement for Linux-HA (heartbeat) - RedHat cluster?
On 06/12/2007, Matt Shields [EMAIL PROTECTED] wrote: I could probably bet you that you doing this on VM's is what's causing the problem. Grab some cheap old hardware and try setting this up on real machines. It will work. The problem is that we don't have spare hardware lying around (we run a tight shop). Besides - I imagine there are good uses for running such stuff on Xen guests (e.g. two VPS's on two separate real hosts, or even for testing just like I do). Tonight I'll try to switch our Debian Etch Xen host to CentOS so I can try it between real machines. In the mean time, I managed to compile and run heartbeat 1.2.5 and now looking at how to actually configure resources for it. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] heartbeat 1.2.5 on CentOS 5?
Hello, Has anyone got Heartbeat 1.2.5 (latest Heartbeat 1 version) to compile and run on CentOS 5? I downloaded the source but hit difficulties compiling it, presumebly because it was never quite tweaked to run on the latest version. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacement for Linux-HA (heartbeat) - RedHat cluster?
On 02/12/2007, Dave Augustus [EMAIL PROTECTED] wrote: We are in the middle of migrating to a new colo and I first heard about Cluster Suite with the release of 5. Our old colo used 2 different 2-node clusters using hearbeat version 1. We had a 2-node cluster in Active/passive for the LVS director and 4 nodes as real servers. Our other 2-node cluster was file servers. I saw the Redhat Cluster Suite (RCS) and spent 2 weeks trying to implement it- without success. I ran into bugs and couldn't get it to work right. Thanks. That's helpful to know. (Parenthecally let me say this: VERSION 2 ROCKS! With version 1, you are limited to 2 nodes. With 2, as many as you want.) Yes I know that heartbeat 2.x should rock - when it runs. But having multiple core dumps on my filesystem doesn't exactly increase my confidence in it. So I went back to heartbeat and learned version 2. Now, we have a 6-node cluster where ANY NODE can be a REAL SERVER OR a LVS DIRECTOR. It was really That's my plan - to put both director and real servers on the same two nodes. As far as I'm aware it's possible also with version 1. cool when I learned how to do it. I spent 2 more weeks learning it BUT I have a solution that works and has been stable since inception. Note that we left the file servers in their own 2 node cluster. Which platform is it? Is it CentOS 5 x86_64 on an Intel Xeon? I suspect that maybe my problems are connected with this particular architecture. And possibly a general CentOS question - Is it practical to just install i386 packages of heartbeat on an x86_64 system? So, in summary, from my experience: 1. forget RCS 2. use Heartbeat in version 2 mode to control both LVS and REAL Server functionality. 3. This will allow you to sleep at night. Enjoy! Thanks. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sharing Partitions between Linux and Windows
On 02/12/2007, Saurabh Sharma [EMAIL PROTECTED] wrote: I worked with it, http://wiki.centos.org/TipsAndTricks/NTFSPartitions much before i posted this mail,but all in vain.The system shows messages about the failure of loading the partition file system at the boot time. What does googl'ing the error message (in quotes) come up with? I don't have personal experience with it - It's been a long while since I dual-booted windows and Linux on the same machine, since I started playing with virtualization. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Deleting a user?
Hello, I've compiled linux-ha heartbeat into an RPM but when I try to install it (after yum erase heartbeat*) it complains that the user hacluster still exists: # rpm -ivh heartbeat-2.1.2-1.x86_64.rpm Preparing...### [100%] useradd: user hacluster exists error: %pre(heartbeat-2.1.2-1.x86_64) scriptlet failed, exit status 9 error: install: %pre scriptlet failed (2), skipping heartbeat-2.1.2-1 I ran userdel -r hacluster which just disabled the user login then edited /etc/passwd and /etc/shadow to remove this user completely, but I still get this error. What else can I do to remove this user and help useradd succeed? I'd rather not force script-skipping if at all possible. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sharing Partitions between Linux and Windows
On 30/11/2007, MHR [EMAIL PROTECTED] wrote: On Nov 29, 2007 9:39 AM, Akemi Yagi [EMAIL PROTECTED] wrote: You can access (read/write) NTFS partitions from Linux: http://wiki.centos.org/TipsAndTricks/NTFSPartitions You can also build the NTFS module that comes with the kernel and modprobe it, or you can rebuild the kernel with the configuration changed to allow write access to NTFS file systems and install that. The NTFS driver included in the kernel is considered unreliable in its support for NTFS writing. The de-facto standard is NTFS-3G, which is developed as a FUSE module (i.e. not a kernel module). I would advise against using the kernel module as it is recognized as not supporting NTFS writing reliably. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacement for Linux-HA (heartbeat) - RedHat cluster?
On 30/11/2007, Matt Shields [EMAIL PROTECTED] wrote: On Nov 30, 2007 3:57 PM, John R Pierce [EMAIL PROTECTED] wrote: Matt Shields wrote: Dump the cluste suite and use the LinuxVirtualServer.org packages. isn't that heartbeat and stuff repackaged? With a GUI that actually makes it more difficult to manage. Learn to use the command line tools and config files, it's so much easier. So it uses the same heartbeat as the one which comes in the heartbeat CentOS 5 package? I was hoping they implement their own thing. The last thing I need now is glossy interface which hides the little details that might help me understand what's wrong. Unless that interface can magically configure heartbeat in a way that it'll actually start running without core-dump'ing some of the programs it comes with. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacement for Linux-HA (heartbeat) - RedHat cluster?
On 30/11/2007, Matt Shields [EMAIL PROTECTED] wrote: LVS is a group of tools that do a lot of different things, the two that you are interested in are: - heartbeat - provides failover if you have two nodes (active/active or active/passive) - ipvsadm/ldirectord - provides load balancing (ie. http(s) load balancer in front of multiple web servers) As stated in a previous post we have a number of these setup in our network and we handle a lot of traffic. Some we're using for http(s) traffic, others smtp/pop/imap, others mysql (read only queries off replicas). There's no end to what what you could use heartbeat or ipvsadm/ldirectord or both for. Both packages can be installed from dag's repo. Thanks. What platform are you using? Mine is CentOS 5 on x86_64. It runs as a Xen DomU but from what I read on the linux-ha users mailing list this shouldn't be the issue. The production system will run on the bare metal (not under Xen). My experience with LVS at a previous workplace (a very large ISP) was also excellent - they had a couple of LVS servers in front of hundreds of mini-clusters (each such cluster service its own web or other network application, sometimes sharing disks using DRBD). The difference, I suspect, is that I'm trying this now with version 2.1.2 on CentOS 5 and x86_64, as opposed to possibly older version of everything (RedHat version, LVS, hardware (i386)). Thanks for your input, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacement for Linux-HA (heartbeat) - RedHat cluster?
On 30/11/2007, John R Pierce [EMAIL PROTECTED] wrote: Matt Shields wrote: With a GUI that actually makes it more difficult to manage. Learn to use the command line tools and config files, it's so much easier. then why in Gaea's name did they make the heartbeat config files XML ?? while XML -can- be human read, its a freekin' mess to read and edit and maintain sanity. I wish THAT was my problem :). While I'm not fond of manually manipulating XML (XML is usually meant to be touched by programs, not humans), I can cope with it if the f*** programs executed properly. As it is now, even the BasicSanityCheck fails. I'm trying to run the system-config-cluster thing and see what happens. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacement for Linux-HA (heartbeat) - RedHat cluster?
On 30/11/2007, Matt Shields [EMAIL PROTECTED] wrote: Take Xen out of the picture until you learn how heartbeat and ipvsadm/ldirectord actually work. You could be having network issues because you are hosting it on a virtual server instead of on a real server. So it's kinda hard to troubleshoot if you don't even know if your configs are broken. Get two crappy boxes that you can load everything up on, configure them with heartbeat, get that working Thanks for your suggestion. The reason I use Xen (beyond the huge convenience) is that I don't have spare hardware to play with. where it will failover an IP. then add some other service like ipvsadm/ldirectord, and take things one step at a time. Don't try to setup everything all at once, it makes it harder to try to debug problems. That's exactly what (I think) I did - just stuck to instructions from someone who seems to have been in exactly the same position and got it working. As for network issues - I see the packets coming and going all right. But I also see programs just crash and burn - I've just executed BasicSanityCheck on the primary node which appeared to be working relatively fine a couple of minutes ago (at least it got more processes running after three minutes than the other node) and that failed too with core dumps. I'm using CentOS4 and RHEL4 using dag'd rpms on a few of the CentOS and RHEL boxes and built from source on some of the other ones. I haven't had a chance to try out a CentOS 5 system yet. But as to your stability questions, we've been using LVS for about 3 or 4 years now and never, ever had stability problems. So maybe I should try to get packages from dag, even though there are ones included in CentOS? Which exact version of hearbeat are you using right now? From reading the history of Linux-HA it appears there was a huge change between 1.x and 2.x Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CleanLog.h
On 30/11/2007, Alfredo Perez [EMAIL PROTECTED] wrote: Furthermore, this question is for the list I have a Centos 5 server running sshd for me to signon and check my emails. I use denyhosts to protect port 22. Is there anyother software you people use to protect your servers. There are a few such programs floating around. Do you confine yourself to CentOS packages? denyhosts is apparently a good one. Personally, I don't use any - once I moved to a non-standard port I've never seen anyone knocking on my SSH server's door. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CleanLog.h
On 30/11/2007, Evans F. Mitchell KD4EFM / AFA2TH / WQFK-894 [EMAIL PROTECTED] wrote: By any chances, have you ran 'ps ax' from root and looked to see what does not look like it should be there?? IF you are willing, paste your 'ps' output for us to help you find the program that is running and sending out the emails. also review your sendmail rule set. Next, to help lock down your server a little more make sure you have set a password on your VNC. Tunnel your VNC over SSH (or SSL?). See http://en.wikipedia.org/wiki/Virtual_Network_Computing#Security about how insecure is the VNC protocol. I had and Italian 17 year old poking around one of my Amateur Radio boxes via VNC, simply cause I forgot to set a vnc password, so it was wide open like a windoz server box without a login screen, you know, the good old I AM OPEN FOR YOUR PLEASURES... Also change your sshd, the port it is on, and do a rule set that only allows a specific ip to access it. That's a good advise. I have yet to see my non-standard sshd server scanned since I changed it over 3-4 years ago. Same with a private http server. I think I am correct saying you can do that as well with VNC. See above - the VNC protocol is not secure on its own, but you can tunnel it over secure protocols. The other option would be to stop the service all together IF your not needing it. Of course. That's up in the top ten commandments - stop any service (and remove any package, I would add) that you don't need on the server. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacement for Linux-HA (heartbeat) - RedHat cluster?
On 30/11/2007, Matt Shields [EMAIL PROTECTED] wrote: Yup. We use LVS for all types of failover senarios. We use it for redundant firewall/vpn servers which use heartbeat for failing over So you are using the same heartbeat that doesn't work for me? Or are you refering to another package which provides a similar functionality? the virtual IPs and services. We also use LVS with ldirectord as redundant load balancers. Read the docs, they explain how to set up a service to be started/stopped on failover I've been digging the web for over a week now but it just doesn't work the way it's supposed to, whatever I try. Any other hints? Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacement for Linux-HA (heartbeat) - RedHat cluster?
On 30/11/2007, Matt Shields [EMAIL PROTECTED] wrote: Dump the cluste suite and use the LinuxVirtualServer.org packages. You won't have a gui, but it will be better in the long run. We're using that for quite a few clusters and handling about 30MBit/s on each of the clusters, I think it's around 10k concurrent connections. I also need to fail-over DRBD (i.e. so if the primary goes down the secondary will notice this, mount that DRBD partition and start the server which uses the files on it) - will LVS give me that by itself or will I need something else on top of it to do that? I got the impression that this what Linux-HA's heartbeat adds to the plain LVS but it doesn't work for me. I'm really not concerned about GUI's - I'd rather edit config files manually if they are documented well enough. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Replacement for Linux-HA (heartbeat) - RedHat cluster?
Hello, I'm beginning to give up on making Linux-HA's heartbeat work for my environment (CentOS x86_64) and am wondering what other option have I got to help me: 1. Use IPVS to maintain a cluster of virtual servers, either master/slave or load-balanced. 2. Use DRBD in master/slave fashion to keep a home-grown application highly-available. The first thing I stumbled upon is RedHat Cluster Suite ( http://www.linuxtopia.org/online_books/centos_linux_guides/centos_cluster_configuration_and_management/), from which I also saw some packages on my CentOS servers. I've never heard of it before and am just starting to dig its docs, but if someone here can confirm/deny that this is a possible route to take it might save me some time or doubts. Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] 32-bit xen pv domU on 64-bit dom0?
Hello, I'm hitting a problem with heartbeat which might be related to the use of x86_64. My test system is CentOS 5 Xen DomU x86_64 under CentOS 5 Dom0. Can I run i386 CentOS 5 DomU under x86_64 Dom0? Thanks, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CleanLog.h
On 30/11/2007, B.J. McClure [EMAIL PROTECTED] wrote: Sad to say one of my file servers was exploited and used to run a Phishing scam. Have identified subject virus amongst other things. It appears twice in a virus scan; /sbin/z (which I assume can just be deleted) and /sys/bus/serio/drivers/atkbd/description. The latter file is also present in identical uninfected machines. I have been unable to open the file, even with root privileges, although it appears to be a text file. Any suggestions on how to proceed appreciated. Guess I could delete it and copy over the file from an identical machine. Is SE Linux enabled on your system? If this is an ext2/ext3 filesystem - look at lsattr and friends. fuser(1) on that file and/or monitoring it using something base on inotify(7) might reveal which process has it open or uses it. Hope this gives you some useful direction. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CleanLog.h
On 30/11/2007, Ross S. W. Walker [EMAIL PROTECTED] wrote: Find out how they got in and make sure that hole is fixed. Do an rpm verify on all installed packages (excluding configs), reinstall the rpms that fail the verify. Find all binaries that are not accountable in rpm and nuke them. Harden your host with selinux and audit, keep audit logs of all changes to binary files and essential configs and make sure the audit logs are immutable. Keep an eye on the system for a while to make sure you haven't missed anything. Keep LVM snapshots of your OS LVs. I'd Frank Cox' - you can't trust anything on the system now (e.g. how can you be sure that the rpm, bash, ls, ps binaries and various kernel modules haven't been replaced to hide some processes and files? That the boot loader haven't been tweaked to run some snooper or who knows what?) The only benefit of investigating the current system is in learning what went wrong, report bugs and maybe change configuration in the reinstalled system, but other than that you shouldn't allow one bit of it to touch a CPU, so to speak. --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos