[CentOS] Official Docker images and security updates
Hello, It seems the official Docker images are missing some important security updates [1][2]. Does anyone have any insight in how these packages get built and when? Their Dockerfile seems to come from here: https://github.com/docker-library/official-images/blob/master/library/centos (commit for "latest" says "update CentOS-7 - 20160331 - monthly build"). In the official Docker documentation [2] they suggest not running `apt-get upgrade` which I understood as don't run `yum -y upgrade` for CentOS. Any advice on whether it's best practice to always update packages or not? Thank you, Giovanni 1 - http://pastie.org/pastes/10833370/text 2 - https://blog.docker.com/2016/05/docker-security-scanning/ 3 - https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] after last update google-chrome no runs anymore
On Tue, Jul 10, 2012 at 12:48 PM, Johnny Hughes joh...@centos.org wrote: For what it's worth, I am running that version of chrome: google-chrome-stable-20.0.1132.47-144678.x86_64 On x86_64 and I have no issues whatsoever. I have: zlib-1.2.3-27.el6.x86_64 that provides: /lib64/libz.so.1 Make sure the zlib that you have provides /lib/libz.so.1 Same here. $ cat /etc/redhat-release Red Hat Enterprise Linux Workstation release 6.3 (Santiago) $ uname -a Linux gtirloni 2.6.32-279.el6.x86_64 #1 SMP Wed Jun 20 01:32:12 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux I would change that /opt/google/chrome/google-chrome shell script and make chrome run through strace to see what's going on. -- Giovanni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mysql-bin files - filling up the space.
On Thu, May 3, 2012 at 11:23 AM, Prabhpal S. Mavi prabh...@digital-infotech.net wrote: Dear All Greetings, i am seeking help from guys with mysql knowledge. i can see lot of these files in mysql directory. And they are eventually filling up the space on the server. what these files are? some exists with very old time stamps. such as February 2012. can these be deleted? This Number Starts From ---mysql-bin.01 -rw-rw 1 mysql mysql 159M Apr 25 12:24 mysql-bin.000197 -rw-rw 1 mysql mysql 5M Apr 26 00:00 mysql-bin.000198 -rw-rw 1 mysql mysql 8.1M Apr 27 00:00 mysql-bin.000200 -rw-rw 1 mysql mysql 125M MAY 27 20:29 mysql-bin.000230 The first hit here has a very detailed description of that: https://www.google.com.br/search?q=mysql-bin In case your results are different: http://www.cyberciti.biz/faq/what-is-mysql-binary-log/ -- Giovanni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] High load averages copying USB
On Thu, Apr 26, 2012 at 10:18 PM, Lists li...@benjamindsmith.com wrote: On 04/20/2012 05:24 AM, Giovanni Tirloni wrote: On Apr 20, 2012 2:42 AM, Listsli...@benjamindsmith.com wrote: Problem as follows: 1) Plug in an external USB drive. 2) Mount it anywhere. Doesn't matter how. 3) Copy a few GB of data to the drive from a non-USB disk. 4) Watch the load average climb to 5.x, sometimes 10.x or more. Why? This on an otherwise unloaded system. Doesn't matter how many cores, how much RAM, 32/64 bit, etc. Why should copying some files to a USB drive cause load averages to climb so high? (and network monitors to freak out?) It's just a number. Is the system any slower? Linux adds I/O wait time to the load average calculation. Problem isn't so much actual speed but causing network monitors to freak out due to high load average when performing backups. I can make exceptions for servers doing backups, but then I don't get notifications when the load is legitimately high. I can make exceptions only during backup times, but that increases complexity. Seems silly that load average would climb to 2.x or more copying some files on an otherwise lightly loaded server. You might be better off monitoring CPU usage instead of load average in Linux. -- Giovanni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cisco AnyConnect on 6.2 32-bit?
On Sun, Apr 22, 2012 at 4:56 PM, Rhugga Harper rhu...@gmail.com wrote: Apr 22 14:53:50 keyhole vpnui[3122]: Function: loadLibs File: Certificates/NSSCertUtils.cpp Line: 1348 Invoked Function: getNSSDllPath Return Code: -31391726 (0xFE210012) Description: CERTSTORE_ERROR_NSS_LIBRARIES_NOT_FOUND Unable to locate library libplc4.so Apr 22 14:53:50 keyhole vpnui[3122]: Function: CNSSCertUtils File: # yum provides '*/libplc4.so' # yum install nspr -- Giovanni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] High load averages copying USB
On Apr 20, 2012 2:42 AM, Lists li...@benjamindsmith.com wrote: Problem as follows: 1) Plug in an external USB drive. 2) Mount it anywhere. Doesn't matter how. 3) Copy a few GB of data to the drive from a non-USB disk. 4) Watch the load average climb to 5.x, sometimes 10.x or more. Why? This on an otherwise unloaded system. Doesn't matter how many cores, how much RAM, 32/64 bit, etc. Why should copying some files to a USB drive cause load averages to climb so high? (and network monitors to freak out?) It's just a number. Is the system any slower? Linux adds I/O wait time to the load average calculation. -- Giovanni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] local repo question
On Fri, Apr 20, 2012 at 1:59 PM, Jerry Geis ge...@pagestation.com wrote: my repo line in my kickstart file is: repo --name=Updates --baseurl=http://192.168.1.14/centos/6/updates/x86_64/ Test your repo with yum, try `yum info` on the packages, etc. Take kickstart out of the picture first. -- Giovanni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help needed with NFS issue
Jumping late on this thread, pardon my ignorance of some details... On Wed, Apr 18, 2012 at 4:35 PM, Steve Thompson s...@vgersoft.com wrote: Interesting. It looks like some kind of RPC failure. During the hang, I cannot contact the nfs service via RPC: # rpcinfo -t server nfs rpcinfo: RPC: Timed out program 13 version 0 is not available Did you run this command during the hang or is it constantly returning you that? If the later, are you blocking UDP on either the server or the client? # rpcinfo -p server program vers proto port 102 tcp111 portmapper 102 udp111 portmapper 1000241 udp 1007 status 1000241 tcp 1010 status 1000211 udp 35077 nlockmgr 1000213 udp 35077 nlockmgr 1000214 udp 35077 nlockmgr 1000211 tcp 56622 nlockmgr 1000213 tcp 56622 nlockmgr 1000214 tcp 56622 nlockmgr 1000111 udp 1009 rquotad 1000112 udp 1009 rquotad 1000111 tcp 1012 rquotad 1000112 tcp 1012 rquotad 132 udp 2049 nfs 133 udp 2049 nfs 134 udp 2049 nfs 132 tcp 2049 nfs 133 tcp 2049 nfs 134 tcp 2049 nfs 151 udp605 mountd 151 tcp608 mountd 152 udp605 mountd 152 tcp608 mountd 153 udp605 mountd 153 tcp608 mountd However, I can connect to the service via telnet: # telnet server nfs Trying ipaddr... Connected to server (ipaddr). Escape character is '^]'. If you don't specify transport protocol, rpcinfo will use whatever is defined in the /etc/netconfig database and that's usually UDP. A couple of ideas/questions: - Is it happening at the exact same minute (eg. 2:15, 2:45, 3:15, 3:45). This might help you to identify a script/program that follows that schedule. - Is there any configuration different between this server and the others? /etc/system, root crontab, etc. - When you say everything else BUT NFS is working fine, are pings answered properly without increased latency during the hang ? - What about other services? Can you set up a monitoring script connecting to some other service (eg. ftp, ls, exit or ssh) and reporting the total run time? - Can you set up a monitoring script running rpcinfo on localhost to make sure both local and remote communications hang? -- Giovanni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LINUX kernel segment error 6
On Tue, Aug 23, 2011 at 2:08 PM, mcclnx mcc mcc...@yahoo.com.tw wrote: We have DELL R900 with CENTOS 5.5 installed. Recently I found /var/log/messages have following error come out. I used DELL OPMN check hardware but NO error. kernel: ctxhx[17268]: segfault at 7fff1fa6afd8 rip 2b8022887c96 rsp 7fff1fa6afe0 error 6 'ctxhx' segfaulted. I don't think this is a problem with the Linux kernel. http://en.wikipedia.org/wiki/Segmentation_fault#Common_causes -- Giovanni Tirloni sysdroid.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading from CentOS 5.6 to 6.0
On Sat, Jul 23, 2011 at 8:58 PM, Thomas Dukes tdu...@sc.rr.com wrote: Red Hat does not support upgrades between major versions (doesn't necessarily mean it's not possible) http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/ch-upgrade-x86.html http://linsec.ca/blog/2011/02/23/my-adventure-upgrading-rhel5-to-rhel6/ Since when?? I started with slackware 1.0 on a pentinum 1 system from VaResearch back in the mid 90's, change to Redat 2.0, then Fedora, then to Whitebox, then CentOS.. Never had a problem upgrading on an rpm based system. That's a good question. It seems that since RHEL 4 (2005), Red Hat has been telling us that upgrading from earlier major versions is not a good idea. - RHEL 3 docs say it's possible to upgrade from 2.1 to 3.x (http://goo.gl/8Gwrs) - RHEL 4 docs don't bother showing the steps and provide a lot of warnings for 2.x/3.x to 4.x (http://goo.gl/yiRGK) - RHEL 5 docs explicitly say Red Hat does not support upgrading from earlier major versions (http://goo.gl/RQABB) - RHEL 6 docs explicitly say Red Hat does not support upgrading from earlier major versions (http://goo.gl/H9zBU) I don't think RPM is the one allowing/disallowing the upgrade between major versions. The kernel architecture and other major components changes are more likely to be the culprit. I'd be surprised how you moved from Slackware 1.0 all the way to CentOS without a reinstall (because that's what is being discussed here). Just as reference, starting with Solaris 11, it'll not be possible to upgrade from earlier major versions either (although binary compatibility will still be there). Oracle is asking customers to treat earlier versions as legacy and put them in containers and/or virtual machines. Solaris 11 will change so much how things work that Oracle says it's better not to bother upgrading path from Solaris 10. My point is that big changes happen in Linux much frequently than in Solaris and even Solaris sometimes doesn't support these kinds of upgrades. -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading from CentOS 5.6 to 6.0
On Sat, Jul 23, 2011 at 7:41 PM, Thomas Dukes tdu...@sc.rr.com wrote: Help! Just ran the installation DVD but there is no option to 'upgrade'. Looked at the RHEL docs, http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installati on_Guide/ch-guimode-x86.html#id4594292 referenced off the CentOS Release notes but the CentOS installation doesn't offer the 'upgrade'. I use to be able to upgrade by doing a 'yum update'. That doesn't work either. Guess I'm stuck with 5.6 as I an not about to install a new version and have to rebuild all non-rpm packages from scratch. This is worse than Microsoft!! Red Hat does not support upgrades between major versions (doesn't necessarily mean it's not possible) http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/ch-upgrade-x86.html http://linsec.ca/blog/2011/02/23/my-adventure-upgrading-rhel5-to-rhel6/ Microsoft Windows and Red Hat Linux have a very different release strategies and version numbers. You can read more about the support lifecycle here: https://access.redhat.com/support/policy/updates/errata/ -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fyi: RHEL 5.7 is out
On Fri, Jul 22, 2011 at 6:32 AM, Alain Péan alain.p...@lpp.polytechnique.fr wrote: Le 21/07/2011 14:45, Always Learning a écrit : On Thu, 2011-07-21 at 11:11 +0200, Rainer Traut wrote: it seems redhat has just pushed RHEL 5.7 out. I see amoung others: kernel-2.6.18-274.el5.x86_64.rpm redhat-release-5Server-5.7.0.3.x86_64.rpm Thanks Rainer. The dilemma is whether to upgrade from 5.6 to 6.1 or stay with 5.x as more 5.x versions (5.8, 5.9, 5.10 etc. might be possible). For me the only negative aspect of 5.x is old kernel 2.6.18 whereas 6.x is 2.6.32? The dilemna is for the CentOS developper team. Following the decision last January, it would be natural that the priority would be to release 5.7, as there are millions of existing systems needing to be updated, rather than releasing 6.1, where very few systems are already in production, and 6.1 updates are backported to 6.0. So I fear that 6.1 will be postponed... Whatever is done I can only thank the CentOS team for doing this work while taking an huge amount of heat. IMHO, companies on the CentOS 5.x have just recently migrated to 5.6 and I believe there is a lot less pressure for them to go to 5.7. However, CentOS 6.0 is the first release and most companies ignore those for a reason. That puts more pressure on releasing a 6.1 version which companies will actually consider using. Just my $0.02 -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] linux-3.0 packages for CentOS?
On Fri, Jul 22, 2011 at 3:33 PM, Florin Andrei flo...@andrei.myip.org wrote: Anyone packaging the new kernel for RH / CentOS? http://wiki.centos.org/HowTos/Custom_Kernel -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] managing a rack full of centos servers
On Tue, Jul 19, 2011 at 8:43 PM, John R Pierce pie...@hogranch.com wrote: to date, I've done all my administration on a manual 1 at a time basis, as each system has been pretty much unique. its looking like I might need to setup a deployment of a dozen or 2 basically identical machines, all running pretty much the same sorts of stuff. I have zero experience with the sorts of management tools folks use to automate this type of configuration, both initial setup, and ongoing management (system updates, user application updates, configuration changes, etc). anyone care to suggest any such tools, maybe some real-world pros and cons? of course, being centos, I prefer FOSS tools. for various reasons, this environment likely will NOT be virtualized (although I may emulate a test setup with vmware). You might want to look at automation tools like Puppet, Chef or Cfengine (in no particular order). -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Working with the upstream vendor
On Sat, Jul 9, 2011 at 2:59 PM, Digimer li...@alteeve.com wrote: On 07/09/2011 01:32 PM, Karanbir Singh wrote: yes, we all clearly take that on board - I hope the changes we are bringing in helps clear that, and prevent this sort of a situation. But there are still lots of places for improvements, and over the next few months lets try and address all of those. - KB Sorry for thread-jacking, but I wanted to start this thread in relation to your comment. As I understand it, a lot of the delay came from reproducing Red Hat's build environment. That being needed for the binary compatibility. With each new major release, the number of packages, and in turn, the amount of complexity grows. Is that a correct understanding? If so, then EL7 will be even harder to sort out and will lead to an even longer delay in release. I think there is a business case to be made for CentOS, from the point of view of Red Hat. My experience has been that a lot of people/companies start out on CentOS. After a while, those that succeed and do well eventually want to switch to Red Hat proper. As good as CentOS is, by it's very nature, it will always lag behind RHEL in so far as updates are concerned. Given all this; I think there is an argument for Red Hat wanting to assist CentOS. As we saw with this release, the delay drove people away from EL. I am sure many went to Debian or other non-EL distributions. Each of these defections is another potential future customer lost to Red Hat. If Red Hat could be convinced to help the CentOS team with things like setting up their build environment, they would help foster this potential customer base while investing minimal time and effort. Has anyone in the CentOS team approached Red Hat to discuss some sort of arrangement like this? As an anecdotal example; We've built our entire infrastructure on CentOS. Now, our clients who are doing well, we are moving to Red Hat proper while still using a lot of CentOS internally and for smaller clients. It's a very smooth fit and transition, thanks to CentOS's binary compatibility. Just an idea. Thanks for the hard work and I'm anxious to play with CentOS 6! If Red Hat really wanted or cared about the customers you list here, it could simply make RHEL a free download with security updates. That would require very little spending on their side compared to duplicating their build infrastructure at CentOS and supporting both environments (eg. transfering their knowledge, what makes their product tick, to a open source project where it could be copied by companies seeking to profit from it). One could make a point that doing that would be a burden for Red Hat in terms of additional head count required to support the non-paying customers and the infrastructure costs, something they would have a hard time promoting internally to shareholders. Let's imagine that all CentOS contributors could be motivated to help RH in such imaginary efforts... RH would be giving direct control of the quality of its product to outsiders. Something already accomplished with Fedora. Your idea is nice and it's looking at the right perspective, IMHO. However, I don't feel it'll have much traction within Red Hat. Right now I think it'd be more practical to request any help that is needed (besides servers and hosting) and organize this work to reap the benefits of a larger contributor base. But I'm just a CentOS user that hasn't contributed anything besides promoting it and helping other users, so my opinion should be taken with a grain of salt. -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Diskdevstat
On Thu, Jul 7, 2011 at 1:57 AM, Jussi Hirvi listmem...@greenspot.fi wrote: Red Hat Enterprise Linux 6 also introduces diskdevstat for monitoring disk operations and netdevstat for monitoring network operations. How could I monitor disk operations under CentOS 5? The quote is from RHEL 6 release notes http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.0_Release_Notes/powermanagement.html There are more details about diskdevstat and netdevstat here: http://goo.gl/pA8Yt Since they depend on SystemTap, check this: http://sourceware.org/systemtap/wiki/SystemTapOnCentOS I couldn't find the tuned-utils package for CentOS 5.x but, if there aren't huge changes to SystemTap in CentOS 6.x, you could try to download the scripts from their repository and try them: https://fedorahosted.org/tuned/ -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bind97
On Wed, Jul 6, 2011 at 2:11 PM, listmail listm...@entertech.com wrote: I notice that CentOS 5.6 release notes say that bind97 is now included. However, my CentOS 5.6 installations have bind 9.3. I'm guessing that bind97 is not installed by default, due to the possibility of config file breakage or something. It looks like you have to explicitly install the bind97* packages. I don't see anything in the release notes about how to handle the transition from bind 9.3 to bind 9.7. Has anyone done this, or seen a list of potential pitfalls? They are two different set of packages (bind and bind97). You'll probably have to backup your config files and uninstall bind first, since they install files on the same locations. -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange symbolic link behaviour?
On Tue, Jul 5, 2011 at 2:21 AM, Emmanuel Noobadmin centos.ad...@gmail.comwrote: On 7/5/11, Eric B. ebe...@hotmail.com wrote: The strange behaviour here is when listing the parent directory (..). In this case, ls .. is listing the contents of Mail/ directory - not /home/eric. In the past, I always recall being able to use the parent identified (..) to move up one level in the directory structure whether in a symlink or not. In this case, I would have expected ls .. to list the contents of /home/eric - not /home/eric/Mail. I believe it's normal. If I'm not mistaken, cd works based on the working path i.e. /home/eric/test so cd .. goes to /home/eric However ls works by reading the .. inode of the directory you're in, which will always point to the real parent /home/eric/Mail no matter how you got to that directory. That's correct and it's the behavior most people seem to prefer. To change it use `set -o physical` in Bash. -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum update - [Errno 4] Socket Error: timed out - More info
On Thu, Jun 30, 2011 at 12:06 PM, ken geb...@mousecar.com wrote: On 06/29/2011 07:58 AM ken wrote: Trying to update a second CentOS box, I'm getting this error repeatedly: [Errno 4] Socket Error: timed out I'm getting this on every mirror and have gone through the list of mirrors more than a dozen times. Oddly, the RPMs I'm trying to upgrade I upgraded just yesterday without a problem on another machine on the same LAN with no problems whatsoever. I can ping mirrors fine. There were a spate of these errors back in 2006. The fix for many was to add this line to yum.conf: timeout=300 So I did that on the machine where yum is having the problem, but the same errors are returned. Anyone else seeing this? Anyone know what the problem is? So I tried using wget to download RPMs from a few mirrors. I was able to successfully one whose size is about 5.5M, but the others all stop downloading around 1M. Then I tried ftp... same deal. This might be the reason for the socket error in yum. I don't have quotas set on this machine. selinux is on, but it's been on for years... why should it start interfering now? I'm downloading into /tmp where security settings are standard (user_u:object_r:tmp_t). Fire up tcpdump/wireshark and record the TCP connection then analyze it with Wireshark and you can check for retransmissions, etc. A while ago I had to add the following to my Fedora 13/14 system to download from some sites. /etc/sysctl.conf: net.ipv4.tcp_timestamps = 0 -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anyway to ensure SSH availability?
On Thu, Jun 30, 2011 at 4:38 AM, Alexander Dalloz ad+li...@uni-x.orgwrote: Am 30.06.2011 08:36, schrieb Steve Barnes: Although it would really be interesting to me to see scheduler settings that would indeed allow something of a 'privileged' ssh or an OOB console that would be responsive even under a punishing load with lots of swapping, which is what the OP originally asked about. I'd be interested to hear thoughts on this. We have a small 1U test server with 2 entry-level SATA drives that was brought to its knees twice this week by an overzealous Java process. Load averages were up around 60+ and as a result, SSH access would timeout. I don't know if this behaviour is typical across operating systems, but it's frustrating to find yourself locked out a server just because a single process went to town on the i/o subsystem. Cheers Steve CentOS 6 will support cgroups, by which you can control cpu, memory and I/O. http://www.mjmwired.net/kernel/Documentation/cgroups.txt http://www.mjmwired.net/kernel/Documentation/cgroups/blkio-controller.txt Just tried the disktop.stp script on a Linux 2.6.38 and it looks nice. The possibilities! :) http://sourceware.org/systemtap/examples/io/disktop.stp -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum update - [Errno 4] Socket Error: timed out
On Wed, Jun 29, 2011 at 8:58 AM, ken geb...@mousecar.com wrote: Trying to update a second CentOS box, I'm getting this error repeatedly: [Errno 4] Socket Error: timed out I'm getting this on every mirror and have gone through the list of mirrors more than a dozen times. Oddly, the RPMs I'm trying to upgrade I upgraded just yesterday without a problem on another machine on the same LAN with no problems whatsoever. I can ping mirrors fine. There were a spate of these errors back in 2006. The fix for many was to add this line to yum.conf: timeout=300 So I did that on the machine where yum is having the problem, but the same errors are returned. I would start by trying to telnet to port 80 on these mirrors, see if it can establish a connection, if not, who's blocking it, iptables, etc. -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anyway to ensure SSH availability?
On Wed, Jun 29, 2011 at 4:50 PM, Emmanuel Noobadmin centos.ad...@gmail.comwrote: I was having problems with the same server locking up to the point I can't even get in via SSH. I've already used HTB/TC to reserve bandwidth for my SSH port but the problem now isn't an attack on the bandwidth. So I'm trying to figure out if there's a way to ensure that SSH is given cpu and i/o priority. However, so far reading seems to imply that it's probably not going to help if the issue is i/o related and/or it would require escalating SSH to such levels (above paging/filesystem processes) that makes it a really bad idea. Since I'm not the only person who face problems trying to remotely access a locked up server, surely somebody must had come up with a solution that didn't involve somebody/something hitting the power button? I would approach this issue from another perspective: who's locking up the server (as in eating all resources) and how to stop/constrain it. You can try to renice the sshd process and see what happens. I'm not entirely sure what 'locked up' means in this context. -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anyway to ensure SSH availability?
On Wed, Jun 29, 2011 at 5:57 PM, Emmanuel Noobadmin centos.ad...@gmail.comwrote: On 6/30/11, Giovanni Tirloni gtirl...@sysdroid.com wrote: I would approach this issue from another perspective: who's locking up the server (as in eating all resources) and how to stop/constrain it. You can try to renice the sshd process and see what happens. I'm not entirely sure what 'locked up' means in this context. Server's unresponsive to the external world. It isn't dead, on two occasions, when it happened at times like Sunday and 1am in the night, I could afford to wait it out and see that it eventually does recover from whatever it was. It's almost definitely related to disk i/o due to the VM guest fighting over the disks where their virtual disk-files are. However, the hard part is figuring out the exact factors, I know CPU isn't an issue having set up scripts to log top output when load goes above 5. Linux includes I/O in how it calculates the load average so you're not measuring CPU alone. What does top show? Any error messages in /var/log during the time the server is unresponsive? Is network responsive? Latency normal too? -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How many L1/L2 my cpu have ?
On Mon, Jun 27, 2011 at 7:25 AM, clibup clibup cli...@gmail.com wrote: Hi Could anybody explain me how to check how many L1/L2 cache my cpu have. I'm using CentOS 5.6 [...] If someone have any idea how to clearly designate L1/L2 cache don't hesitate share your knowledge .. You already have the model, why don't you check the processor datasheet? Are you trying to automate some kind of data collection system? http://ark.intel.com/Product.aspx?id=33917code=Intel%C2%AE+Core%E2%84%A22+Duo+Processor+T9300+%286M+Cache%2c+2.50+GHz%2c+800+MHz+FSB%29 http://www.intel.com/design/mobile/datashts/318914.htm -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] libv4l question
On Mon, Jun 27, 2011 at 3:39 PM, Jerry Geis ge...@pagestation.com wrote: Hi all, Hey I'm trying to do some web cam stuff, and I found this link: http://freshmeat.net/projects/libv4l/releases/333037 I was doing the rpm -qa | grep v4l and nothing comes up, I did ls path_to_centos/RPMS/* | grep v4l and nothing comes up, I did 'yum provides */libv4l*' and nothing comes up. Is the CentOS library for v4l named something different? Is this library something I can just grab and compile and help with my v4l efforts? Do I not need this library at all? I'm using 5.6 x86_64. It may not be in the default repository but you could try getting it from another one (ATrpms, RPM Fusion, etc) or compiling it manually. http://packages.atrpms.net/dist/el5/libv4l/ -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Year in log files
On Wed, Jun 22, 2011 at 11:06 PM, Fajar Priyanto fajar...@arinet.orgwrote: Hi, Can we display year in log files timestamp? We are being audited and the auditor wants to know when we apply certain patches. yum.log shows it, but it doesn't have the year. I can argue based on common sense, but it would be much nicer if the year is there. Example: Apr 12 11:41:25 Updated: krb5-libs-1.6.1-55.el5_6.1.i386 Apr 12 11:41:27 Updated: openssl-0.9.8e-12.el5_5.7.i686 If you're using rsyslog, check this out: http://www.rsyslog.com/doc/property_replacer.html -- Giovanni Tirloni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SNAT question
On Mon, Nov 23, 2009 at 12:10 PM, Peter Peltonen peter.pelto...@gmail.com wrote: Hi, I am unable to get my LAN masqueraded using SNAT with CentOS 5.3 and iptables. I have the following setup: eth0: connects to internet with static public IP 1.2.3.1 (obscured here for privacy) eth1: connects to DMZ with static public IP 1.2.3.2 (obscured here for privacy) eth2: connects to LAN with static private IP 192.168.0.1 Traffic to hosts in the DMZ/Internet through eth0/1 work fine. I tried masqueradig the LAN with following: ptables -A FORWARD -i eth2 -j ACCEPT iptables -A FORWARD -o eth2 -j ACCEPT iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 1.2.3.1 After this I can ssh to a server in the Internet from the LAN using the server's IP address but not its name. The w command on the server tells me that my address has not been masqueraded (its 192.168.0.2, the LAN client's private IP). If you can ssh to a server on the Internet then your connectivity is working. You might want to check if DNS is allowed and working from the LAN hosts to the Internet. The fact that 'w' shows your internal IP address is because you're connecting from the LAN to the gateway, which doesn't trigger the SNAT because it's not forwarding any packets... only accepting your connection. -- Giovanni. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS4 issue
On Mon, Nov 23, 2009 at 3:00 AM, Philip Manuel p...@zomojo.com wrote: Philip Manuel wrote: We are running kernel 2.6.18-164.6.1.el5 with exporting 3 aoe provided ext4 directories. For a couple of weeks we had a small number of users using the system with no issues, today we added 7 users and the system crashed and did not perform correctly since. Nov 23 10:20:03 sulphur rpc.idmapd[5199]: nfsdcb: id '-2' too big! Nov 23 10:42:25 sulphur nfsd[27306]: nfssvc: Setting version failed: errno 16 (Device or resource busy) Check your nfsnobody user and try changing its id to something below 65536, on client and server. http://www.fedoraforum.org/forum/archive/index.php/t-134487.html -- Giovanni. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] New administrator and upgrading systems
On Wed, Oct 21, 2009 at 11:59 AM, Jonathan Moore supermegat...@gmail.com wrote: Thanks for the input folks. I think I see now that it's going to be a pretty easy going process, and I don't need to screw around with crazy update processes. Very good to know. The documentation here should apply to some extent: http://www.redhat.com/docs/manuals/enterprise/#RHEL5 -Giovanni ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to turn off update info on /var/log/messages
2009/10/6 mcclnx mcc mcc...@yahoo.com.tw we have CENTOS 5.3 on DELL server. This server is inside firewall and it continue get error messages on /var/log/messages: error getting update info: Cannot retrieve repository metadata (repomd.xml) for repository: base. Please verify its path and try again anyone know how to turn off it? Is Yum working correctly on this server ? Those are probably from yum-updatesd. Giovanni P. Tirloni tirl...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Reply to ICMP echo request (type 8) on different (ethernet) interface
On Thu, Oct 1, 2009 at 2:02 PM, Timo Schoeler timo.schoe...@riscworks.netwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, I have a weird (?) problem here on a setup running CentOS 5.3 x86_64 (and OpenVZ, and some home-brew L2TP daemons, RIPd, BGPd, etc). There's a (VE in OpenVZ speak) virtual machine that has two ethernet interfaces, seen as eth0 and eth1, respectively. Those live in VLANs, but it's not important here. The thing is that on eth1 the default route lives, while on eth0 all traffic comes in. So, sending a ping to the IP address of eth0 tcpdump shows that the echo request (type 8) packet arrives on the machine. However, the machine does _not_ send an echo reply (type 0) back to the machine that pings eth0, maybe because it would have to emerge from eth1. One exception (an obvious one) is that IPs on the /29 where eth0 lives on _can_ ping eth0 and receive an answer -- this is because the packets don't have to take 'the default route', which lives on the other interface, eth1. This seems to me like decent behaviour. However, I really need eth0 to be able to be pinged from the outside world, it's totally okay for me that eth1 would 'answer' and send the echo replies instead of eth0. Is there anything I can tweak (via sysctl or whatever)? You need a way to tell that packets originating from eth0 destined outside should be routed to eth0. This thread should help: http://lists.centos.org/pipermail/centos/2009-January/070828.html Giovanni P. Tirloni tirl...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos