Re: [CentOS] Apache HTTPD not picking up environment variables.
Thank you very much. That did it! Hal -Original Message- From: CentOS On Behalf Of Jonathan Billings Sent: Friday, October 23, 2020 1:06 PM To: CentOS mailing list Subject: Re: [CentOS] Apache HTTPD not picking up environment variables. [EXTERNAL SENDER - PROCEED CAUTIOUSLY] On Fri, Oct 23, 2020 at 04:27:34PM +, Harold Pritchett wrote: > I'm trying to install DB2 on a CentOS 7 server. The problem I'm > seeing is that the Apache httpd server fails to pick up the db2 > environment variables. On an older version running under CentOS 5 > this was done by inserting the following lines into the httpd start > script in /etc/sysconfig/httpd: > > if test -f /db2home/db2inst1/sqllib/db2profile; then > . /db2home/db2inst1/sqllib/db2profile > fi > > Under CentOS 7's systemctl system this no longer works. I need a clue > as to where to start looking for where to put this so it will be > sourced when the Apache server starts. I have googled this and can > find nothing relevant. I even did a "find / -name httpd -print" > and didn't find anything looking promising. In non-systemd systems, httpd was started by a shell script (/etc/rc.d/init.d/httpd) which sourced the file /etc/sysconfig/httpd, so you could embed shell code in the file and it would be evaluated. In systemd systems, the httpd.service unit has: EnvironmentFile=/etc/sysconfig/httpd For systemd units, setting this will cause the systemd unit to read in the file for variables, but it ignores anything that isn't a simple 'foo=bar' syntax. It doesn't evaluate shell scripts. HOWEVER, the logic of your shell script is something that can be supported by systemd units. You can say: EnvironmentFile=-/db2home/db2inst1/sqllib/db2profile and it will only try to source that file for variables if it exists. So, what you should do is create a directory and file within it called: /etc/systemd/system/httpd.service.d/override.conf With these two lines in it: [Service] EnvironmentFile=-/db2home/db2inst1/sqllib/db2profile Then run (as root) 'systemctl daemon-reload', and it should conditionally load the environment variables on startup from that file if the file exists. This assumes that /db2home/db2inst1/sqllib/db2profile doesn't have more shell syntax in it, of course. See for more details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile= -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Apache HTTPD not picking up environment variables.
I'm trying to install DB2 on a CentOS 7 server. The problem I'm seeing is that the Apache httpd server fails to pick up the db2 environment variables. On an older version running under CentOS 5 this was done by inserting the following lines into the httpd start script in /etc/sysconfig/httpd: if test -f /db2home/db2inst1/sqllib/db2profile; then . /db2home/db2inst1/sqllib/db2profile fi Under CentOS 7's systemctl system this no longer works. I need a clue as to where to start looking for where to put this so it will be sourced when the Apache server starts. I have googled this and can find nothing relevant. I even did a "find / -name httpd -print" and didn't find anything looking promising. Thanks for your help Harold ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] db2 is running out of shared memory
On 3/30/2015 11:44 AM, John R Pierce wrote: On 3/30/2015 8:32 AM, Harold Pritchett wrote: Db2 is running our of shared memory. open a ticket with IBM DB2 support. IBM db2 Express-C does not include support. You get what you pay for (and db2 Express-C is free) Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] db2 is running out of shared memory
Db2 is running our of shared memory. The environment: Virtual computers running under VMware ESXi hypervisor version 5.5. Two different virtual machines, each running CentOS 5, db2 express C, and Apache/PHP and vmware tools. The machines each have 8 GB of memory, 4 processors, and a couple of hundred GB of disk space available. Everything is running on the 64 bit versions. The actual hardware for VMware is a dual processor machine with two Xeon E5410 processors, each with four cpu cores and 32 GB of ram. The difference in the two virtual machines is that one is running db2 version 9.7.1 and the other is running db2 version 10.5.5. The error occurs while restoring a backup taken on another server to the test server in question. Worse than that, it occurs when restoring a second database after the first restore works OK. The error message we are getting is this: On the 9.7 system: RESTORE DATABASE XYZZY USER db2inst9 using FROM '/db2home/restore1' INTO XYZZZ REPLACE EXISTING WITHOUT ROLLING FORWARD WITHOUT PROMPTING SQL1084C Shared memory segments cannot be allocated. SQLSTATE=57019 On the 10.5 system: RESTORE DATABASE XYZZY USER db2inst9 using FROM '/db2home/restore1' INTO XYZZZ REPLACE EXISTING WITHOUT ROLLING FORWARD WITHOUT PROMPTING SQL1084C The database manager failed to allocate shared memory because an`operating system kernel memory limit has been reached. SQLSTATE=57019 Everything I have read online says to increas the value of Shared Memory Size in the /etc/sysctl.conf file. However, on these systems it is already set to a value eight times larger than the actual memory size. The command "ipcs -l" give: [root@cowtest etc]# ipcs -l -- Shared Memory Limits max number of segments = 4096 max seg size (kbytes) = 67108864 max total shared memory (kbytes) = 17179869184 min seg size (bytes) = 1 -- Semaphore Limits max number of arrays = 1024 max semaphores per array = 250 max semaphores system wide = 256000 max ops per semop call = 32 semaphore max value = 32767 -- Messages: Limits max queues system wide = 2048 max size of message (bytes) = 65536 default max size of queue (bytes) = 65536 [root@cowtest etc]# the file /etc/sysctl.conf has the following in it # Controls the maximum size of a message, in bytes kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 These numbers just don't make sense. kernel.shmmax is set to 64 GB, 8 times the actual memory of the machine. the value of "Total Max Shared Memory" from the ipcs command is 16 TB! I have other machine running on real hardware with only 6 GB of memory on which this works fine. What is so strange about the virtual machines? I'm posting this to both the db2 and CentOS mailing lists. Sorry for the duplication if you are subscribed to both. Harold Attached below is the complete output of the backup.restore job which ran on the db2 10.5 machine. The backup was taken on a db2 9.7 machine, hence the message about database upgraded to current db2 version. backup.restore 1.0.0 - submitted Mon Mar 30 05:45:01 EDT 2015 on cowtest waiting... 1 05:45:01 waiting... 2 05:46:01 waiting... 3 05:47:01 waiting... 4 05:48:01 waiting... 5 05:49:03 backup.restore - started Mon Mar 30 05:50:03 EDT 2015 on cowtest File to be restored is: /db2home/www/daily/ANIMALS.0.db2inst9.NODE.CATN.20150330030114.001.bz2 Testing file to be restored for integrity at Mon Mar 30 05:50:03 EDT 2015 unzipping backup file /db2home/db2inst9/archivelogs/animals total 0 /db2home/db2inst9/archivelogs/animals SQL1064N DB2STOP processing was successful. Waiting for 1 minute... SQL1063N DB2START processing was successful. ATTACH TO db2inst9 Instance Attachment Information Instance server= DB2/LINUXX8664 10.5.5 Authorization ID = DB2INST9 Local instance alias = DB2INST9 DEACTIVATE DATABASE ANIMALS DB2I The DEACTIVATE DATABASE command completed successfully. RESTORE DATABASE ANIMALS USER db2inst9 using FROM '/db2home/restore1' REPLACE EXISTING WITHOUT ROLLING FORWARD WITHOUT PROMPTING SQL2555I The database was restored and then successfully upgraded to the current DB2 release where you issued the RESTORE DATABASE command. CONNECT to animals user db2inst9 using Database Connection Information Database server= DB2/LINUXX8664 10.5.5 SQL authorization ID = DB2INST9 Local database alias = ANIMALS SELECT count(bhid) from is3.dna 1 --- 220 1 record(s) selected. DETACH DB2I The DETACH command completed successfully. DISCONNECT CURRENT DB2I The SQL DISCONNECT command completed successfully. ACTIVATE DATABASE ANIMALS DB2I The ACTIVATE DATABASE command completed successfully. TERMINATE DB2I
Re: [CentOS] CentOS 6, selinux, and user modules
On 8/2/2014 2:39 PM, Harold Pritchett wrote: > On 8/1/2014 10:47 PM, Gardner Bell wrote: >> >> >> On 1 August 2014 22:33, Harold Pritchett wrote: >> >>> I am having problems making selinux modules on CentOS 6. >>> >>> Under CentOS 5, the following procedure works: >>> >>> Procedure to make an seliux policy named mickey1... >>> >>> # su - >>> # cd /var/log/audit >>> # rm * >>> # service auditd restart >>> # echo 0 > /selinux/enforce >>> # Do whatever selinux is blocking... >>> # echo 1 > /selinux/enforce >>> # touch /.autorelabel >>> # shutdown -fr now >>> >>> log back on as root... >>> >>> # cd /root >>> # mkdir tmp selinux >>> # cd tmp >>> # chcon -R -t usr_t . >>> # ln -s /usr/share/selinux/devel/Makefile . >>> # audit2allow -m mickey1 -i /var/log/audit/audit.log -o mickey1.te >>> # make -f /usr/share/selinux/devel/Makefile >>> # mv filename.te filename.pp ../selinux/ >>> # cd ../selinux >>> # semodule -i filename.pp >>> >>> This works fine on CentOS 5. I have been doing this on half a dozen >>> servers I support. >>> >>> Unfortunately, on CentOS 6 I get the following: >>> >>> # semodule -i mickey1.pp >>> libsepol.link_modules: Tried to link in a non-MLS module with an MLS base. >>> (No such file or directory). >>> libsemanage.semanage_link_sandbox: Link packages failed (No such file or >>> directory). >>> semodule: Failed! >>> >>> Does anyone have any idea what I am doing wrong? How do I get this to >>> work on CentOS 6? I've googled this until I'm blue in the face and can't >>> seem to find the answer. >>> >>> More info: >>> >>> # cat /etc/redhat-release >>> CentOS release 6.5 (Final) >>> >>> # uname -a >>> Linux xyzzy.plugh.net 2.6.32-431.20.5.el6.x86_64 #1 SMP Fri Jul 25 >>> 08:34:44 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux >>> >>> # rpm -qa | grep selinux >>> selinux-policy-minimum-3.7.19-231.el6_5.3.noarch >>> libselinux-devel-2.0.94-5.3.el6_4.1.x86_64 >>> selinux-policy-targeted-3.7.19-231.el6_5.3.noarch >>> selinux-policy-doc-3.7.19-231.el6_5.3.noarch >>> libselinux-python-2.0.94-5.3.el6_4.1.x86_64 >>> libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 >>> libselinux-2.0.94-5.3.el6_4.1.i686 >>> selinux-policy-mls-3.7.19-231.el6_5.3.noarch >>> selinux-policy-3.7.19-231.el6_5.3.noarch >>> libselinux-2.0.94-5.3.el6_4.1.x86_64 >>> >>> Thanks, >>> >>> Harold >>> >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> http://lists.centos.org/mailman/listinfo/centos >>> >> Should you maybe recompile the module with the -M switch? >> *-M,--mls* Enable the MLS/MCS support when checking and compiling the >> policy module. >> >> > > Please don't top post... It makes it hard to follow the discussion. > > Using this advice, I checked out the Makefile which compiles the module. It > uses the file "/etc/selinux/config" to determine the type of module to make. > So, I changed: > > # This file controls the state of SELinux on the system. > # SELINUX= can take one of these three values: > # enforcing - SELinux security policy is enforced. > # permissive - SELinux prints warnings instead of enforcing. > # disabled - No SELinux policy is loaded. > SELINUX=enforcing > # SELINUXTYPE= can take one of these two values: > # targeted - Targeted processes are protected, > # mls - Multi Level Security protection. > SELINUXTYPE=targeted > > to > > # This file controls the state of SELinux on the system. > # SELINUX= can take one of these three values: > # enforcing - SELinux security policy is enforced. > # permissive - SELinux prints warnings instead of enforcing. > # disabled - No SELinux policy is loaded. > SELINUX=enforcing > # SELINUXTYPE= can take one of these two values: > # targeted - Targeted processes are protected, > # mls - Multi Level Security protection. > SELINUXTYPE=mls > > ran "make clean" followed by "make" with the following results: > > # make > Compiling mls spamass-milter module > /usr/bin/checkmodule: loading policy configuration from > tmp/spamass-milter.tmp > /usr/bin/checkmodule: policy configuration loaded > /usr/bin/chec
Re: [CentOS] CentOS 6, selinux, and user modules
On 8/2/2014 2:39 PM, Harold Pritchett wrote: More information... After changing /etc/selinux/config from "SELINUXTYPE=targeted" to SELINUXTYPE=mls" I was unable to log on remotely as root, nor could I "su" to root from a regular id. Who knows what else changed. I'm almost afraid to look. I had to log on via the hardware console as root and change the entry in /etc/selinux/config back to "SELINUXTYPE=targeted" in order to be able to access the system normally. What is "mls" and where can I find it documented? I'm not sure but that what I want to do is completely get rid of this "mls" stuff and go back to a simple "targeted" selinux install. If this requires that I re-install the system and somehow get it into "targeted" mode then that's OK. Better now than finding out later after a bunch of other stuff has been installed. Any thoughts??? Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6, selinux, and user modules
On 8/1/2014 10:47 PM, Gardner Bell wrote: > > > On 1 August 2014 22:33, Harold Pritchett wrote: > >> I am having problems making selinux modules on CentOS 6. >> >> Under CentOS 5, the following procedure works: >> >> Procedure to make an seliux policy named mickey1... >> >> # su - >> # cd /var/log/audit >> # rm * >> # service auditd restart >> # echo 0 > /selinux/enforce >> # Do whatever selinux is blocking... >> # echo 1 > /selinux/enforce >> # touch /.autorelabel >> # shutdown -fr now >> >> log back on as root... >> >> # cd /root >> # mkdir tmp selinux >> # cd tmp >> # chcon -R -t usr_t . >> # ln -s /usr/share/selinux/devel/Makefile . >> # audit2allow -m mickey1 -i /var/log/audit/audit.log -o mickey1.te >> # make -f /usr/share/selinux/devel/Makefile >> # mv filename.te filename.pp ../selinux/ >> # cd ../selinux >> # semodule -i filename.pp >> >> This works fine on CentOS 5. I have been doing this on half a dozen >> servers I support. >> >> Unfortunately, on CentOS 6 I get the following: >> >> # semodule -i mickey1.pp >> libsepol.link_modules: Tried to link in a non-MLS module with an MLS base. >> (No such file or directory). >> libsemanage.semanage_link_sandbox: Link packages failed (No such file or >> directory). >> semodule: Failed! >> >> Does anyone have any idea what I am doing wrong? How do I get this to >> work on CentOS 6? I've googled this until I'm blue in the face and can't >> seem to find the answer. >> >> More info: >> >> # cat /etc/redhat-release >> CentOS release 6.5 (Final) >> >> # uname -a >> Linux xyzzy.plugh.net 2.6.32-431.20.5.el6.x86_64 #1 SMP Fri Jul 25 >> 08:34:44 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux >> >> # rpm -qa | grep selinux >> selinux-policy-minimum-3.7.19-231.el6_5.3.noarch >> libselinux-devel-2.0.94-5.3.el6_4.1.x86_64 >> selinux-policy-targeted-3.7.19-231.el6_5.3.noarch >> selinux-policy-doc-3.7.19-231.el6_5.3.noarch >> libselinux-python-2.0.94-5.3.el6_4.1.x86_64 >> libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 >> libselinux-2.0.94-5.3.el6_4.1.i686 >> selinux-policy-mls-3.7.19-231.el6_5.3.noarch >> selinux-policy-3.7.19-231.el6_5.3.noarch >> libselinux-2.0.94-5.3.el6_4.1.x86_64 >> >> Thanks, >> >> Harold >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > Should you maybe recompile the module with the -M switch? > *-M,--mls* Enable the MLS/MCS support when checking and compiling the > policy module. > > Please don't top post... It makes it hard to follow the discussion. Using this advice, I checked out the Makefile which compiles the module. It uses the file "/etc/selinux/config" to determine the type of module to make. So, I changed: # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted to # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=mls ran "make clean" followed by "make" with the following results: # make Compiling mls spamass-milter module /usr/bin/checkmodule: loading policy configuration from tmp/spamass-milter.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 10) to tmp/spamass-milter.mod Creating mls spamass-milter.pp policy package rm tmp/spamass-milter.mod.fc tmp/spamass-milter.mod Followed by: # semodule -vi spamass-milter.pp Attempting to install module 'spamass-milter.pp': Ok: return value of 0. Committing changes: libsepol.link_modules: Tried to link in a non-MLS module with an MLS base. (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! # semodule -l | grep spam spamassassin2.2.0 Still no joy! The make command claims to have made a mls policy package, but the semodule -i command says it's non-MLS. I'm confused... Thanks Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6, selinux, and user modules
I am having problems making selinux modules on CentOS 6. Under CentOS 5, the following procedure works: Procedure to make an seliux policy named mickey1... # su - # cd /var/log/audit # rm * # service auditd restart # echo 0 > /selinux/enforce # Do whatever selinux is blocking... # echo 1 > /selinux/enforce # touch /.autorelabel # shutdown -fr now log back on as root... # cd /root # mkdir tmp selinux # cd tmp # chcon -R -t usr_t . # ln -s /usr/share/selinux/devel/Makefile . # audit2allow -m mickey1 -i /var/log/audit/audit.log -o mickey1.te # make -f /usr/share/selinux/devel/Makefile # mv filename.te filename.pp ../selinux/ # cd ../selinux # semodule -i filename.pp This works fine on CentOS 5. I have been doing this on half a dozen servers I support. Unfortunately, on CentOS 6 I get the following: # semodule -i mickey1.pp libsepol.link_modules: Tried to link in a non-MLS module with an MLS base. (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Does anyone have any idea what I am doing wrong? How do I get this to work on CentOS 6? I've googled this until I'm blue in the face and can't seem to find the answer. More info: # cat /etc/redhat-release CentOS release 6.5 (Final) # uname -a Linux xyzzy.plugh.net 2.6.32-431.20.5.el6.x86_64 #1 SMP Fri Jul 25 08:34:44 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux # rpm -qa | grep selinux selinux-policy-minimum-3.7.19-231.el6_5.3.noarch libselinux-devel-2.0.94-5.3.el6_4.1.x86_64 selinux-policy-targeted-3.7.19-231.el6_5.3.noarch selinux-policy-doc-3.7.19-231.el6_5.3.noarch libselinux-python-2.0.94-5.3.el6_4.1.x86_64 libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 libselinux-2.0.94-5.3.el6_4.1.i686 selinux-policy-mls-3.7.19-231.el6_5.3.noarch selinux-policy-3.7.19-231.el6_5.3.noarch libselinux-2.0.94-5.3.el6_4.1.x86_64 Thanks, Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix vs Sendmail
On 11/2/2013 8:57 AM, Timothy Murphy wrote: > I have two CentOS-6.4 servers, in different places. > I am running postfix/amavis on one, and sendmail/procmail on the other. > I don't recall having any difficulty setting up sendmail many years ago > using sendmail.mc . > But I found postfix very complicated to setup last year. > (It's working fine now.) > > I recall that when I asked for advice > one person advised me to read 2 books on postfix, > and another advised me to pay someone to set it up. > > I asked why postfix was preferable, but didn't any convincing reply. > The general response was along the lines that it was the "modern" way. > > Having looked into postfix/amavis a little further, > it seems to me to involve excessively complicated processes > (at least for a simple home server) > with email going along spaghetti-like routes. > > Am I alone in this view? Not at all. Selection of a mail agent borders on a religious topic. I personally am a devout sendmail admin. I have been running sendmail since I was the sysadmin of a network of sun4 pizza boxes back in the 1980's. I even met Eric Allman at a USENIX conference once. I've have given sessions on installing and configuring sendmail at national and international conferences. I once installed sendmail on an IBM Mainframe running Redhat Linux. Are there better servers? Probably. According to WIkipedia, the only mail servers with more than 10% of the servers on the internet running them are Sendmail, Microsoft Exchange Server, Exim and Postfix, but these are hardly the only ones out there. In CentOS 6, postfix is the default server. What does that mean? It means that postfix is pre-selected in the anaconda install script. If you want to run something else, and not have to deal with un-installing postfix and installing your own religion then just un-select postfix and select your own when you do the initial install. You know, check the boxes saying you want to edit the packages being installed and make the changes before you do the install. Let's not get into a religious shouting match here. You know, the my software is better than yours kind of thing. Pick what you are comfortable with and run it. They all do basically the same thing, just in different ways. Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] recover lvm from pv
On 3/8/2013 10:08 AM, SilverTip257 wrote: > On Fri, Mar 8, 2013 at 9:37 AM, Robert Moskowitz wrote: > >> On 03/08/2013 09:21 AM, Harold Pritchett wrote: >>> On 3/8/2013 8:57 AM, Robert Moskowitz wrote: >>>> On 03/08/2013 08:07 AM, SilverTip257 wrote: >>>>> On Thu, Mar 7, 2013 at 10:54 PM, Harold Pritchett >> wrote: >>>>>> On 3/7/2013 10:10 PM, Stephen Harris wrote: >>>>>>> On Thu, Mar 07, 2013 at 09:54:59PM -0500, Harold Pritchett wrote: >>>>>>>> What other information do I need which may be available? >>>>>>> What does 'vgscan' say? 'vgchange -a y' ? >>>>>>> >>>>>> [root@mickey www]# vgscan >>>>>>Reading all physical volumes. This may take a while... >>>>>>Found volume group "VolGroup00" using metadata type lvm2 >>>>>> >>>>> Do both Volume Groups on those two sets of disks have the same name? >>>>> VolGroup00 >>>> This is all to common an issue. I make a point that all LVMs are >>>> uniquely named. >>>> >>> Actually, no. The VolGroup00 name is associated with the running >> system. It's the default name when you install CentOS with the default >> option. The vol group on the other disks >>> is "vg0" and is the name I used when I created the system several years >> ago. >> >> I would have expected that to show as a result of the vgscan and >> > I would have expected the same after vgchange. > > >> vgchange commands. Does RAID change things wrt LVM appareance to the >> system? >> > No. OK, I have just written off the disks as corrupt. I put in another pair with yet another raid LV on them. This time I was able to successfully mount the data. Something like this: After assembling the raid array from the two disks with mdadm --assemble /dev/md125 /dev/sdc3 /dev/sdd3 [root@mickey ~]# cat /proc/mdstat Personalities : [raid1] md125 : active raid1 sdc3[0] sdd3[1] 2925020024 blocks super 1.0 [2/2] [UU] [=>...] resync = 8.5% (249426816/2925020024) finish=357.5min speed=124707K/sec unused devices: [root@mickey ~]# vgscan Reading all physical volumes. This may take a while... Found volume group "rvg" using metadata type lvm2 Found volume group "VolGroup00" using metadata type lvm2 [root@mickey ~]# vgchange -a y 10 logical volume(s) in volume group "rvg" now active 2 logical volume(s) in volume group "VolGroup00" now active [root@mickey ~]# pvscan PV /dev/md125 VG rvg lvm2 [2.72 TB / 1.66 TB free] PV /dev/sda2VG VolGroup00 lvm2 [465.66 GB / 0 free] PV /dev/sdb1VG VolGroup00 lvm2 [465.75 GB / 0 free] Total: 3 [3.63 TB] / in use: 3 [3.63 TB] / in no VG: 0 [0 ] [root@mickey ~]# lvscan inactive '/dev/rvg/lv00' [1.00 GB] inherit inactive '/dev/rvg/lv08' [10.00 GB] inherit inactive '/dev/rvg/lv09' [1000.00 GB] inherit inactive '/dev/rvg/lv04' [20.00 GB] inherit inactive '/dev/rvg/lv03' [2.00 GB] inherit inactive '/dev/rvg/lv02' [4.00 GB] inherit inactive '/dev/rvg/lv06' [40.00 GB] inherit inactive '/dev/rvg/lv07' [10.00 GB] inherit inactive '/dev/rvg/lv01' [5.00 GB] inherit inactive '/dev/rvg/lv05' [512.00 MB] inherit ACTIVE'/dev/VolGroup00/LogVol00' [925.75 GB] inherit ACTIVE'/dev/VolGroup00/LogVol01' [5.66 GB] inherit [root@mickey ~]# ls /dev/rvg lv00 lv01 lv02 lv03 lv04 lv05 lv06 lv07 lv08 lv09 [root@mickey ~]# mount /dev/rvg/lv00 /mnt [root@mickey ~]# ls /mnt big dev lib media opt sbin sys usr bin etc lib64 misc proc selinux tftpboot var boot home lost+found mntroot srv tmp [root@mickey ~]# ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] recover lvm from pv
On 3/8/2013 8:57 AM, Robert Moskowitz wrote: > On 03/08/2013 08:07 AM, SilverTip257 wrote: >> On Thu, Mar 7, 2013 at 10:54 PM, Harold Pritchett wrote: >> >>> On 3/7/2013 10:10 PM, Stephen Harris wrote: >>>> On Thu, Mar 07, 2013 at 09:54:59PM -0500, Harold Pritchett wrote: >>>>> What other information do I need which may be available? >>>> What does 'vgscan' say? 'vgchange -a y' ? >>>> >>> [root@mickey www]# vgscan >>> Reading all physical volumes. This may take a while... >>> Found volume group "VolGroup00" using metadata type lvm2 >>> >> Do both Volume Groups on those two sets of disks have the same name? >>VolGroup00 > This is all to common an issue. I make a point that all LVMs are > uniquely named. > Actually, no. The VolGroup00 name is associated with the running system. It's the default name when you install CentOS with the default option. The vol group on the other disks is "vg0" and is the name I used when I created the system several years ago. Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] recover lvm from pv
On 3/7/2013 10:10 PM, Stephen Harris wrote: > On Thu, Mar 07, 2013 at 09:54:59PM -0500, Harold Pritchett wrote: >> What other information do I need which may be available? > What does 'vgscan' say? 'vgchange -a y' ? > [root@mickey www]# vgscan Reading all physical volumes. This may take a while... Found volume group "VolGroup00" using metadata type lvm2 [root@mickey www]# vgchange -a y 2 logical volume(s) in volume group "VolGroup00" now active [root@mickey www]# ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] recover lvm from pv
I have a vanilla CentOS 5.9 system. I have a pair of 2Tb sata drives with a RAID 1 array on them. This array contains an LVM physical volume. I have added these two drives to my system and now need to access the volume group on this physical volume. This volume group, vg0, contains 10 ext3 file systems and I need to get the data from them. What do I know: [root@mickey ~]# pvscan PV /dev/sda2VG VolGroup00 lvm2 [465.66 GB / 0free] PV /dev/sdb1VG VolGroup00 lvm2 [465.75 GB / 0free] PV /dev/md125 lvm2 [1.81 TB] Total: 3 [2.72 TB] / in use: 2 [931.41 GB] / in no VG: 1 [1.81 TB] [root@mickey ~]# The first two contain the running system. The third one, /dev/md125 is my lvm physical volume. [root@mickey ~]# pvdisplay - snip first two pvs --- "/dev/md125" is a new physical volume of "1.81 TB" --- NEW Physical volume --- PV Name /dev/md125 VG Name PV Size 1.81 TB Allocatable NO PE Size (KByte) 0 Total PE 0 Free PE 0 Allocated PE 0 PV UUID UB2Zs1-2bau-frhn-TdQb-hXNi-H6c1-OgA6XZ [root@mickey ~]# I have spent the last 8 hours or so searching the web for the next command(s) I need to enter to mount this vg and the 10 filesystems in it. What other information do I need which may be available? Help! Thanks Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange behavior from software RAID
Here I am following up on my own post... It occurred to me that all of this stuff must be magic. How does it work when the mdadm.conf file is on a raid/LVM volume which is not available at boot time? I looked in the /boot filesystem, the only one which is available at boot time and there is nothing there, unless this data is actually saved in one of the kernel modules or other binary files... Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Strange behavior from software RAID
Somewhere, mdadm is cacheing information. Here is my /etc/mdadm.conf file: more /etc/mdadm.conf # mdadm.conf written out by anaconda DEVICE partitions MAILADDR root ARRAY /dev/md0 level=raid1 num-devices=4 metadata=0.90 UUID=55ff58b2:0abb5bad:42911890:5950dfce ARRAY /dev/md1 level=raid1 num-devices=2 metadata=0.90 UUID=315eaf5c:776c85bd:5fa8189c:68a99382 ARRAY /dev/md2 level=raid1 num-devices=2 metadata=0.90 UUID=5b017f95:b7e266cc:f17a7611:8b752a02 ARRAY /dev/md3 level=raid1 num-devices=2 metadata=0.90 UUID=4cc310ee:60201e16:c7017bd4:9feea350 ARRAY /dev/md4 level=raid1 num-devices=2 metadata=0.90 UUID=ea205046:3c6e78c6:ab84faa4:0da53c7c After a system re-boot, here is the contents of /proc/mdstat # cat /proc/mdstat Personalities : [raid1] md125 : active raid1 sdc3[0] 455482816 blocks [2/1] [U_] md0 : active raid1 sdd1[3] sdc1[0] sdb1[1] sda1[2] 1000320 blocks [4/4] [] md127 : active raid1 sdd3[1] sdb3[0] 971747648 blocks [2/2] [UU] md3 : active raid1 sdf1[1] sde1[0] 1003904 blocks [2/2] [UU] md4 : active raid1 sdf3[1] sde3[0] 1948491648 blocks [2/2] [UU] md1 : active raid1 sda3[1] 455482816 blocks [2/1] [_U] unused devices: There are six physical disks in this system: Disk /dev/sda: 500.1 GB, 500107862016 bytes Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes Disk /dev/sdc: 500.1 GB, 500107862016 bytes Disk /dev/sdd: 1000.2 GB, 1000204886016 bytes Disk /dev/sde: 2000.3 GB, 2000398934016 bytes Disk /dev/sdf: 2000.3 GB, 2000398934016 bytes I used mdadm --examine /dev/sda1 to find the internal UUID for each of the physical volumes making up these volume groups /dev/sda1: Magic : a92b4efc Version : 0.90.00 UUID : 55ff58b2:0abb5bad:42911890:5950dfce /dev/sdb1: Magic : a92b4efc Version : 0.90.00 UUID : 55ff58b2:0abb5bad:42911890:5950dfce /dev/sdc1: Magic : a92b4efc Version : 0.90.00 UUID : 55ff58b2:0abb5bad:42911890:5950dfce /dev/sdd1: Magic : a92b4efc Version : 0.90.00 UUID : 55ff58b2:0abb5bad:42911890:5950dfce /dev/sda3: Magic : a92b4efc Version : 0.90.00 UUID : 315eaf5c:776c85bd:5fa8189c:68a99382 /dev/sdc3: Magic : a92b4efc Version : 0.90.00 UUID : 315eaf5c:776c85bd:5fa8189c:68a99382 /dev/sdb3: Magic : a92b4efc Version : 0.90.00 UUID : 5b017f95:b7e266cc:f17a7611:8b752a02 /dev/sdd3: Magic : a92b4efc Version : 0.90.00 UUID : 5b017f95:b7e266cc:f17a7611:8b752a02 /dev/sde1: Magic : a92b4efc Version : 0.90.00 UUID : 4cc310ee:60201e16:c7017bd4:9feea350 /dev/sdf1: Magic : a92b4efc Version : 0.90.00 UUID : 4cc310ee:60201e16:c7017bd4:9feea350 /dev/sde3: Magic : a92b4efc Version : 0.90.00 UUID : ea205046:3c6e78c6:ab84faa4:0da53c7c /dev/sdf3: Magic : a92b4efc Version : 0.90.00 UUID : ea205046:3c6e78c6:ab84faa4:0da53c7c As you can see, the UUID on the various PVs match the values in the /etc/mdadm.conf file. My question is What the heck is going on. When I boot the system, I end up with two unexpected, unconfigured volume groups. Where the heck are /dev/md125 and /dev/md127 coming from? They don't appear in /etc/mdadm.conf and if I re-boot they keep coming back. It appears that somewhere mdadm is keeping information. How can I get rid of it so the mdadm.conf file is used. Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Reorg of a RAID/LVM system
I have a system with 4 disk drives, two 512 Gb and two 1 Tb. It look like this: CentOS release 5.9 (Final) Disk /dev/sda: 500.1 GB, 500107862016 bytes Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes Disk /dev/sdc: 500.1 GB, 500107862016 bytes Disk /dev/sdd: 1000.2 GB, 1000204886016 bytes = Disk /dev/sda: 500.1 GB, 500107862016 bytes 16 heads, 63 sectors/track, 969021 cylinders Units = cylinders of 1008 * 512 = 516096 bytes Device Boot Start End Blocks Id System /dev/sda1 * 11985 1000408+ fd Linux raid autodetect /dev/sda219869923 4000752 82 Linux swap / Solaris /dev/sda39924 969021 483385392 fd Linux raid autodetect Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes 255 heads, 63 sectors/track, 121601 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sdb1 * 1 125 1004031 fd Linux raid autodetect /dev/sdb2 126 624 4008217+ 82 Linux swap / Solaris /dev/sdb3 625 121601 971747752+ fd Linux raid autodetect Disk /dev/sdc: 500.1 GB, 500107862016 bytes 255 heads, 63 sectors/track, 60801 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sdc1 * 1 125 1004031 fd Linux raid autodetect /dev/sdc2 126409631897057+ 82 Linux swap / Solaris /dev/sdc34097 60801 455482912+ fd Linux raid autodetect Disk /dev/sdd: 1000.2 GB, 1000204886016 bytes 255 heads, 63 sectors/track, 121601 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sdd1 * 1 125 1004031 fd Linux raid autodetect /dev/sdd2 126 624 4008217+ 82 Linux swap / Solaris /dev/sdd3 625 121601 971747752+ fd Linux raid autodetect The four 1 GB partitions (sd[abcd]1) are configured as a RAID 1 array with a single ext4 filesystem mounted as /boot. Swap is Swap... the two smaller drives (sd[ac]3) partitions are configured as a RAID 1 array containing an LVM physical volume (md1). the two larger drives (sd[bd]3) are configured as a RAID 1 array containing an LVM physical volume (md2). # pvdisplay --- Physical volume --- PV Name /dev/md1 VG Name vg0 PV Size 434.38 GB / not usable 7.44 MB Allocatable yes PE Size (KByte) 32768 Total PE 13900 Free PE 7810 Allocated PE 6090 PV UUID z5QGpO-6bKP-k8xm-vUha-CWYj-dkjG-UaHAE5 --- Physical volume --- PV Name /dev/md2 VG Name vg0 PV Size 926.73 GB / not usable 12.31 MB Allocatable yes (but full) PE Size (KByte) 32768 Total PE 29655 Free PE 0 Allocated PE 29655 PV UUID RIliNF-SENU-O2S9-Qo4H-rtOC-2Yzr-7jzuB0 The two physical volumes are defined as a single volume group. # vgdisplay --- Volume group --- VG Name vg0 System ID Formatlvm2 Metadata Areas2 Metadata Sequence No 17 VG Access read/write VG Status resizable MAX LV0 Cur LV10 Open LV 10 Max PV0 Cur PV2 Act PV2 VG Size 1.33 TB PE Size 32.00 MB Total PE 43555 Alloc PE / Size 35745 / 1.09 TB Free PE / Size 7810 / 244.06 GB VG UUID dKKD3L-pcHy-F8KQ-6qNX-vFye-tXdv-6Qs98W One of the 512 Gb drives is failing. What I want to do is to replace the two 512 Gb drives with 3 Tb drives, expand the RAID array on them and then expand the LVM PV contained therein. This much I can do. I then want to move all of the date from the other PV into this one, and remove the second PV, RAID array, and the two 1 Tb drives, leaving me with two 3 Tb drves, a large RAID array and a single PV containing everything (except the /boot and SWAP partitions.) What I'm not sure about is how to move the date from the second PV to the first so I can then delete the contents of the drive and physically remove them from the system leaving me with only the two 3 Tb drives. Help! Thanks Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] running yum update on remote servers
On 2/25/2013 9:03 AM, Dennis Jacobfeuerborn wrote: > On 02/25/2013 02:48 PM, Robert Moskowitz wrote: >> I have read a couple old threads here on updates for servers, and I am >> looking for some mechanics to getting the actual updates done. I don't >> want automatic updates; I want to control when and what gets updated. >> >> First I have to determine that a particular server needs updates. I >> suppose a daily script that would run "yum check-updates' and emails me >> the results could work, but then I would only want the email IF there >> was something to update, at my limited use of this option does not show >> anything to trigger a notify on changes. Does anyone know of a script >> that would do this? > A daily cronjob could call "yum check-update" and use the return code to > decide if the output should be mailed or not. From the yum man-page for > "check-update": > "Implemented so you could know if your machine had any updates that needed > to be applied without running it interactively. Returns exit value of 100 > if there are packages available for an update. Also returns a list of the > packages to be updated in list format. Returns 0 if no packages are > available for update. Returns 1 if an error occurred. Running in verbose > mode also shows obsoletes." > > So redirect the output into a file and when the return code is 100 mail > that file to the admin. > I also like to add the "download-only" plugin to yum so that when I do go back and do the updates, the files are waiting and I don't have to wait around for them to be downloaded. run "yum install yum-downloadonly" and the in your script run " /usr/bin/yum --downloadonly -y update" Hal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Multiple Virtual SSL sites with Apache httpd on CentOS 5
On 2/3/2013 11:47 PM, Bent Terp wrote: > So my advice is to use a wildcard domain covering *.mycompany.com - but > remember that mycompany.com does not match *.mycompany.com, so you'll need a > redirect to > www.mycompany.com BR Bent PS Just realised that we did this on nginx not > apache, but I really don't expect that to be a problem. I should have mentioned that wild cards are not an option. I need to support multiple names with absolutely nothing in common. It's sorta like www.mynethost.com www.gotch.net www.somewhere.else.org you get the idea. Hal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Excluding file systems from autorelabel
On 12/26/2012 4:05 AM, James A. Peltier wrote: > I'm trying to find a way to exclude file systems during the autorelabel > process. I have a file system (/exports) that has tens of millions of files > on it and I *know* I don't want it relabeled. > How often do you need to do this? The obvious solution is to comment out the entry in /etc/fstab for the /exports filesystem and then "touch /.autorelabel" and reboot. When the machine comes back up, remove the comment the entry in /etc/fstab and then do a "mount -a". If you want to do this on a regular basis, just script the whole thing, including a script called from /etc/rc.d/rc.local which checks for a semaphore file created by the first script and does the uncomment and "mount -a" if the first script has been run. Do lots of error checking and don't forget to remove the semaphore file when the system is back up. Run the whole thing out of cron. There may be a more direct way to do what you want, but this is one way to do it using simple shell commands. Hope this helps Harold linux since 1993 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to configure sendmail
On 12/2/2012 6:08 PM, John R Pierce wrote: > On 12/2/2012 2:46 PM, Tilman Schmidt wrote: >> Not a good advice for someone who already has some experience >> with Sendmail but none with Postfix. He'll have to read docs >> either way, but staying with Sendmail spares him the effort >> of reinstallation (including probable breakage of his running >> installation), and reading the docs of a familiar product >> (Sendmail) is much easier than reading the docs of an >> unfamiliar one (Postfix). > except he doesn't have a working configuration with sendmail and is > apparently a novice, so the postfix recommendation is, IMHO, a good one. Why? Once upon a time, many years ago, I tried postfix. I ended up removing it and installing sendmail. I've been using sendmail since the early 1980's, when we were running the Eric Allman code from UCB on a VAX 780 under BCD Unix. And, yes, I recognize this as a religious topic and I'm not trying to start a flame war. Why, in your opinion, is postfix superior to sendmail. Harold (who's first linux system was slackware 1.0) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How protect bash history file, do audit alike in server
Use remote logging to a second machine which only you have access to. http://www.linuxjournal.com/content/creating-centralized-syslog-server Harold 8/8/2012 12:56 PM, Heng Su wrote: > hello, > > I want to protect the history file from deleted for all users except > user 'root' can do it, is that possible? > For my server, many users can log in with root from remote through > ssh, so I can not trace which guy do wrong things. So I decide to create > new account for every users and let them use 'sudo' then I can trace > which guy typed which command and what he did. However, even if I create > new account for every user, they also can delete the history of them > self easily. > > How should I do. I believe everyone encountered such things > normally. I think there is a gracefully solution for it as I am not > experience on server manage. So any suggestions for how to trace user > like to write down which user did as an audit trail and let it can not > deletable exclude root user? > >Thanks! > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Using two subnets to change network configuration
Problem: My network uses the 192.168.1.0/24 network. Since is the most common network in all of the world it begins presenting problems when I want to set up vpns, or try to do other routing. The solution: Change the network from 192.168.1.0/24 to 172.24.24.0/22. This is somewhere in the middle of the less frequently used RFC-1918 20 bit private network range. My network contains 40 or so nodes, windows, linux, and proprietary operating systems of various types (TiVos, iPhones, iPads, TVs, BluRay players, WAP's, etc.) What I would like to do to minimize down time would be to create a single new machine on the network with addresses on both networks and set up as a router between the networks. That way, I can convert the machines one at a time, and not loose any connectivity. When all done, take the temporary router down and just use the new addresses. Machines are set up both static and DHCP, and there are some virtual servers running on a VMware machine. Updating all of the machines using DHCP can be done in a single pass, but the static machines will have to be done one at a time. Can anyone give me any pointers to web sites to help set this up. I know how to set up multiple addresses on the same NIC (eth0 and eth0:0). After that, I'm at a bit of a loss. And Yes, I know setting up multiple subnets on the same physical wire is a bad idea, but this is only for a couple of days until I can get everything moved to the new address scheme. Thanks Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Server Backup Options
On 3/15/2012 3:20 PM, John R Pierce wrote: > On 03/15/12 6:31 AM, James B. Byrne wrote: >> I eventually managed to read the tape at 1600 bpi in raw >> block format and from the headers determined that the >> encoding was EBCDIC and that the tape had been created on >> a CDC machine. > if it was from a 70s' vintage CDC system, I'm sort of surprised it > wasn't BCD, not EBCDIC... BCD was an earlier 7 bit character > code.lucky that was 9-track, the CDC stuff I remember used 7-track > tape, even MORE unobtanium. > Sounds like it might have been a system 360 plug compatable machine manufactured by CDC. I worked on several of those back in the 70's. These machines were the "omega" series and ran MVS or VM. We had both an OMEGA II and an OMEGA III at good ole UGA. Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Etherpad on CentOS 5
I am attempting to install Etherpad on a CentOS 5.7 system. The system is at current patchlevels. I am using a cookbook found at http://pauleira.com/13/installing-etherpad/ My main problem seems to be that this howto is a couple of years old and none of the software is still at the levels described. Does anyone have any experience with installing the current version of etherpad on the current version of CentOS? Thanks, Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] an actual hacked machine, in a preserved state
On 1/2/2012 9:41 PM, Ljubomir Ljubojevic wrote: > On 01/03/2012 03:30 AM, Bennett Haselton wrote: >> In other words, when SELinux causes a problem, it can take hours or days >> to find out that SELinux is the cause -- and even then you're not done, >> because you have to figure out a workaround if you want to fix the >> problem while keeping SELinux turned on. > You can always set SELinux to permissible mode for testing purposes and > it will allow the action, but report that it would have been blocked. > Then, re-boot back into enforcing mode and run "audit2allow" and it will tell you how to set up a module which can be installed so that SELinux will allow the operation. Here is a little file I keep in my /root directory to remind me some basic SELinux stuff: -- [root@monstro selinux]# more README Procedure to make an seliux policy named localtmp... cd /root mkdir tmp cd tmp chcon -R -t usr_t . ln -s /usr/share/selinux/devel/Makefile . audit2allow -m mickey1 -i /var/log/audit/audit.log -o mickey1.te make -f /usr/share/selinux/devel/Makefile mv filename.te filename.pp ../selinux/ cd ../selinux semodule -i filename.pp Commands to fix sshd binding to non-standard ports... semanage port -a -t ssh_port_t -p tcp 2244 semanage port -l | grep 22 Needed by samba setsebool -P samba_export_all_ro 1 setsebool -P samba_enable_home_dirs 1 setsebool -P samba_export_all_rw 1 [root@monstro selinux]# -- Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sieveshell fails to start on CentOS 6.0
On 8/11/2011 7:00 PM, Devin Reade wrote: --On Wednesday, August 10, 2011 01:52:21 PM -0400 Harold Pritchett wrote: [harold@newmick ~]$ sieveshell localhost connecting to localhost unable to connect to server at /usr/bin/sieveshell line 170. As an aid to finding out what was happening, I dropped a blank drive into this system and installed CentOS 5.6 in place of 6.0. Did a quick upgrade to 5.7 and then configured and started the following subsystems, exactly the same way I had done with 6.0 1. cyrus-imap 2. cyrus saslauthd 3. openldap [harold@newmick ~]$ sieveshell localhost connecting to localhost Please enter your password: > put sieve > list sieve > activate sieve > list sieve <- active script > quit [harold@newmick ~]$ And, so, it works. I am building this server to replace my existing mail/web/database server which is running Fedora release 9 (Sulphur). I wanted to upgrade to the latest version of CentOS, but it looks to me that it's just not ready for prime time. So, I'll just go to 5.7 and be supported again. Thanks for the help, even if we never got it to work. Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sieveshell fails to start on CentOS 6.0
On 8/10/2011 5:40 PM, Simon Matter wrote: > SELinux? I'm out of ideas apart from that. > > Simon > > audit2allow http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sieveshell fails to start on CentOS 6.0
On 8/10/2011 2:28 PM, Simon Matter wrote: >> On 8/10/2011 2:00 PM, Simon Matter wrote: I don't know if this is the right place to report this or not. I am building a new server on a 64 bit CentOS 6.0 platform. [root@newmick ~]# cat /etc/redhat-release CentOS Linux release 6.0 (Final) [root@newmick ~]# uname -a Linux newmick.halshome.net 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux Mail subsystem consists of: sendmail spamassassin spamass-milter cyrus-imap All of these appear to be working. Mail sent to the system appears in the inbox of the user it is sent to. My problem: I am unable to get the cyrus sieve to work. Attempting to run sieveshell to load the filter fails as shown below. [harold@newmick ~]$ sieveshell localhost connecting to localhost unable to connect to server at /usr/bin/sieveshell line 170. [harold@newmick ~]$ >>> Maybe sieveshell tries to connect to the wrong port? Did you try >>> sieveshell localhost:sieve >>> >> [harold@newmick ~]$ sieveshell localhost:sieve >> connecting to localhost:sieve >> connect: Connection refused >> unable to connect to server at /usr/bin/sieveshell line 170. >> [harold@newmick ~]$ sieveshell localhost:2000 >> connecting to localhost:2000 >> unable to connect to server at /usr/bin/sieveshell line 170. >> [harold@newmick ~]$ > And on which port does it listen for sieve? Note that port 2000 is not the > managesieve port anymore. > [root@newmick etc]# grep sieve /etc/services sieve-filter2000/tcpcisco-sccp # Sieve Mail Filter Daemon sieve-filter2000/udpcisco-sccp # Sieve Mail Filter Daemon sieve 4190/tcp# ManageSieve Protocol [root@newmick etc]# [harold@newmick ~]$ sieveshell localhost:4190 connecting to localhost:4190 connect: Connection refused unable to connect to server at /usr/bin/sieveshell line 170. [harold@newmick ~]$ I checked /etc/services, and it's 4190 and not 2000. But 4190 fails just the same. Harold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sieveshell fails to start on CentOS 6.0
On 8/10/2011 2:00 PM, Simon Matter wrote: >> I don't know if this is the right place to report this or not. >> >> I am building a new server on a 64 bit CentOS 6.0 platform. >> >> [root@newmick ~]# cat /etc/redhat-release >> CentOS Linux release 6.0 (Final) >> [root@newmick ~]# uname -a >> Linux newmick.halshome.net 2.6.32-71.29.1.el6.x86_64 #1 SMP >>Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux >> >> Mail subsystem consists of: >>sendmail >>spamassassin >>spamass-milter >>cyrus-imap >> >> All of these appear to be working. Mail sent to the system >> appears in the inbox of the user it is sent to. >> >> My problem: >> >> I am unable to get the cyrus sieve to work. Attempting to run >> sieveshell to load the filter fails as shown below. >> >> [harold@newmick ~]$ sieveshell localhost >> connecting to localhost >> unable to connect to server at /usr/bin/sieveshell line 170. >> [harold@newmick ~]$ > Maybe sieveshell tries to connect to the wrong port? Did you try > sieveshell localhost:sieve > [harold@newmick ~]$ sieveshell localhost:sieve connecting to localhost:sieve connect: Connection refused unable to connect to server at /usr/bin/sieveshell line 170. [harold@newmick ~]$ sieveshell localhost:2000 connecting to localhost:2000 unable to connect to server at /usr/bin/sieveshell line 170. [harold@newmick ~]$ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] sieveshell fails to start on CentOS 6.0
I don't know if this is the right place to report this or not.
I am building a new server on a 64 bit CentOS 6.0 platform.
[root@newmick ~]# cat /etc/redhat-release
CentOS Linux release 6.0 (Final)
[root@newmick ~]# uname -a
Linux newmick.halshome.net 2.6.32-71.29.1.el6.x86_64 #1 SMP
Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux
Mail subsystem consists of:
sendmail
spamassassin
spamass-milter
cyrus-imap
All of these appear to be working. Mail sent to the system
appears in the inbox of the user it is sent to.
My problem:
I am unable to get the cyrus sieve to work. Attempting to run
sieveshell to load the filter fails as shown below.
[harold@newmick ~]$ sieveshell localhost
connecting to localhost
unable to connect to server at /usr/bin/sieveshell line 170.
[harold@newmick ~]$
I have googled the error message and can find entries going
back as far as the early 2000's. Nothing recent which seems
to apply.
Details:
[root@newmick etc]# telnet localhost sieve
Trying ::1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.el6"
"SASL" ""
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
"STARTTLS"
OK
[root@newmick etc]# telnet 127.0.0.1 sieve
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.el6"
"SASL" ""
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
"STARTTLS"
OK
The following subsystems are running:
[root@newmick ~]# service --status-all | grep running
abrtd (pid 2538) is running...
acpid (pid 1768) is running...
atd (pid 2557) is running...
auditd (pid 2604) is running...
automount (pid 1894) is running...
avahi-daemon (pid 1743) is running...
crond (pid 2546) is running...
cyrus-imapd (pid 13884) is running...
hald (pid 1777) is running...
ip6tables: Firewall is not running.
iptables: Firewall is not running.
irqbalance (pid 1577) is running...
mdmonitor (pid 1621) is running...
messagebus (pid 1731) is running...
rpc.statd (pid 1609) is running...
rpcbind (pid 1591) is running...
rpc.idmapd (pid 1656) is running...
rsyslogd (pid 1536) is running...
saslauthd (pid 2472) is running...
sendmail (pid 2510) is running...
sm-client (pid 2519) is running...
slapd (pid 1877) is running...
spamass-milter (pid 2528) is running...
spamd (pid 9308) is running...
openssh-daemon (pid 1912) is running...
xinetd (pid 1920) is running...
[root@newmick ~]#
Notes on the above... Firewall is NOT running.
saslauthd is running.
slapd is running.
No errors in the selinux audit logs.
Configuration files look like this:
[root@newmick etc]# cat /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /etc/pki/tls/certs/cyrus.pem
tls_key_file: /etc/pki/tls/certs/cyrus.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
# uncomment this if you're operating in a DSCP environment (RFC-4594)
# qosmarking: af13
[root@newmick etc]#
[root@newmick etc]# cat /etc/cyrus.conf
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
# imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
# pop3 cmd="pop3d" listen="pop3" prefork=3
# pop3scmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntpscmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp"
prefork=1
}
EVENTS {
# this is required
checkpointcmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
[root@newmick etc]#
What other information do you need? Is there something obvious I
have missed?
I tried to send this with a "rpm -qa" attached, but my mail server timed
out. too big I guess...
Harol
[CentOS] sieveshell fails to start on CentOS 6.0
I don't know if this is the right place to report this or not.
I am building a new server on a 64 bit CentOS 6.0 platform.
[root@newmick ~]# cat /etc/redhat-release
CentOS Linux release 6.0 (Final)
[root@newmick ~]# uname -a
Linux newmick.halshome.net 2.6.32-71.29.1.el6.x86_64 #1 SMP
Mon Jun 27 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux
Mail subsystem consists of:
sendmail
spamassassin
spamass-milter
cyrus-imap
All of these appear to be working. Mail sent to the system
appears in the inbox of the user it is sent to.
My problem:
I am unable to get the cyrus sieve to work. Attempting to run
sieveshell to load the filter fails as shown below.
[harold@newmick ~]$ sieveshell localhost
connecting to localhost
unable to connect to server at /usr/bin/sieveshell line 170.
[harold@newmick ~]$
I have googled the error message and can find entries going
back as far as the early 2000's. Nothing recent which seems
to apply.
Details:
[root@newmick etc]# telnet localhost sieve
Trying ::1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.el6"
"SASL" ""
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
"STARTTLS"
OK
[root@newmick etc]# telnet 127.0.0.1 sieve
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.el6"
"SASL" ""
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
"STARTTLS"
OK
The following subsystems are running:
[root@newmick ~]# service --status-all | grep running
abrtd (pid 2538) is running...
acpid (pid 1768) is running...
atd (pid 2557) is running...
auditd (pid 2604) is running...
automount (pid 1894) is running...
avahi-daemon (pid 1743) is running...
crond (pid 2546) is running...
cyrus-imapd (pid 13884) is running...
hald (pid 1777) is running...
ip6tables: Firewall is not running.
iptables: Firewall is not running.
irqbalance (pid 1577) is running...
mdmonitor (pid 1621) is running...
messagebus (pid 1731) is running...
rpc.statd (pid 1609) is running...
rpcbind (pid 1591) is running...
rpc.idmapd (pid 1656) is running...
rsyslogd (pid 1536) is running...
saslauthd (pid 2472) is running...
sendmail (pid 2510) is running...
sm-client (pid 2519) is running...
slapd (pid 1877) is running...
spamass-milter (pid 2528) is running...
spamd (pid 9308) is running...
openssh-daemon (pid 1912) is running...
xinetd (pid 1920) is running...
[root@newmick ~]#
Notes on the above... Firewall is NOT running.
saslauthd is running.
slapd is running.
No errors in the selinux audit logs.
Configuration files look like this:
[root@newmick etc]# cat /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /etc/pki/tls/certs/cyrus.pem
tls_key_file: /etc/pki/tls/certs/cyrus.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
# uncomment this if you're operating in a DSCP environment (RFC-4594)
# qosmarking: af13
[root@newmick etc]#
[root@newmick etc]# cat /etc/cyrus.conf
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
# imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
# pop3 cmd="pop3d" listen="pop3" prefork=3
# pop3scmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntpscmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp"
prefork=1
}
EVENTS {
# this is required
checkpointcmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
[root@newmick etc]#
What other information do you need? Is there something obvious I
have missed?
and finally, a list of everything installed...
[root@newmick etc]# rpm -qa | sort
ConsoleKit-0.4.1-3.el
