Re: [CentOS] Is there a rpm command to find the package that created a particular user or particular group?
Just saw this. Here's how to do it via brute force. I have the user
ovirtagent on one of my boxes, and wanted to find out who provided it.
So I did the following:
rpm --qf %{NAME}\n -qa | while read rname ; do if rpm -q --scripts
${rname} | grep -q ovirtagent ; then echo $rname ; fi ; done
It's not efficient, but it works.
-I
On Thu, Jun 27, 2013 at 12:36 PM, Rob Townley rob.town...@gmail.com wrote:
--scripts is helpful, the following returns a great deal of package scripts
having to do with users and groups, but ideally would return just the
package names involved in creating the user or group.
rpm -qa --scripts | egrep 'user|group|id\s|getent|pass'
rpm -qa --scripts | less does not seem to list any package names, but may
be a more formal rpm would help:
rpm --queryformat %{FILEUSERNAME} %{TRIGGERSCRIPTS}
%{TRIGGERSCRIPTPROG}\n --query httpd
does not return a script name and i do not see anything else in rpm
--querytags that would help.
Has to be a way, but not today.
On Thu, Jun 27, 2013 at 1:52 PM, Leon Fauster leonfaus...@googlemail.com
wrote:
Am 27.06.2013 um 20:36 schrieb Rob Townley rob.town...@gmail.com:
Given a particular user or particular group, is there a rpm command
that
returns what package created that particular user or particular group?
Analogous to `rpm -q --whatprovides /etc/security/limits.conf` returns
the
package pam.
Is there an rpm command that returns what package generated a
particular
user?
Most of us already know that the httpd package is associated with the
user
apache. But there are passwd and group entries that i would like to
verify
and want to know exactly how they got on my system. Further i would
like
to know which the security implications of adding another group to a
user
account.
Something like the following command:
`rpm --query --user apache` would return httpd
`rpm --query --group pulse-access` might return pulseaudio
take a look at the pre/post-script parts of the rpms
rpm -q --scripts httpd
other users/groups are installed via centos setup (anaconda).
--
LF
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] r-x and r-x.
Yep - you'll want to do a 'ls -lZ' on both dirs and compare the differences... On Apr 24, 2013 8:32 AM, Larry Martell larry.mart...@gmail.com wrote: On Wed, Apr 24, 2013 at 8:50 AM, Johan Vermeulen jvermeu...@cawdekempen.be wrote: Dear All, I'm currently troubleshooting NetworkManger scripts. I see a difference in machine A : drwxr-xr-x 2 root root 4096 apr 24 16:33 . drwxr-xr-x 5 root root 4096 jan 9 12:13 .. -rwxr-xr-x 1 root root 175 jan 9 12:13 00-netreport -rwxr-xr-x 1 root root 335 okt 22 2012 04-iscsi -rwxr-xr-x 1 root root 345 jan 9 12:13 05-netfs -rwxr-xr-x 1 root root 926 sep 25 2012 10-dhclient -rwxr-xr-x 1 root root 301 apr 24 15:58 20-backuplauncher -rwxr-xr-x 1 root root 220 jun 22 2012 yum-NetworkManager-dispatcher and machine B: drwxr-xr-x. 2 root root 4096 apr 24 16:34 . drwxr-xr-x. 5 root root 4096 apr 23 12:06 .. -rwxr-xr-x. 1 root root 175 jan 9 12:13 00-netreport -rwxr-xr-x. 1 root root 345 jan 9 12:13 05-netfs -rwxr-xr-x. 1 root root 926 sep 25 2012 10-dhclient -rwxr-xr-x. 1 root root 326 apr 23 13:42 15-nfslauncher -rwxr-xr-x. 1 root root 307 apr 24 16:10 20-backuplauncher -rwxr-xr-x. 1 root root 220 jun 22 2012 yum-NetworkManager-dispatcher the difference being -rwxr-xr-x and -rwxr-xr-x. so with or without a dot (.) Does that mean anything? Thanks for any advise on this. The . means the file has an access list with SELinux. You could try disabling SELinux on machine B and seeing if that fixes the issue. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS mount auto remount in case of problems.
Why not use DRBD in lieu of shared storage? On Wed, Feb 20, 2013 at 2:52 AM, Leon Fauster leonfaus...@googlemail.comwrote: Am 20.02.2013 um 11:29 schrieb Rafał Radecki radecki.ra...@gmail.com: Hi All. I have a setup in which I have two servers serving nfs share. The nfs service is made highly available with pacemaker. When the primary server goes down the secondary starts nfs service. Service IP is floating between servers but they have NO shared storage/filesystem so NFS state/connection information in case of failover is lost. I have two clients. When the failover from primary to secondary occurs the mount is stale and I need to manually remount the share. Is there a way in linux/CentOS to automatically remount nfs share in such case? Or should I just write a script which (for example) check /proc/mounts and execute it from crontab? I am curious if it can be done with standard linux services (automounter?) ;) what is the order of the resources nfs and ip? -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ACL/permissions question
You could always try 'chattr +i /home/joe' to make it immutable. Check out the man page for details... On Jan 31, 2013 11:44 PM, Boris Epstein borepst...@gmail.com wrote: Hello listmates, If I have a regular, ACL-capable filesystem on Linux (say, ext4 or xfs) is there a way for me to establish the following: 1) There is a directory, say, /home/joe . It is owned by user joe . No one but joe (and root, of course) can read or write anything in this directory. 2) No one can change permissions on that directory, not even joe. In other words, in joe all of a sudden joe decided to open his directory up to the world (or the group he is a member of) by doing something akin to: chmod 777 /home/joe he would not succeed. Thanks in advance for any help. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] load balancer recommendations
FYI - HAProxy is in EPEL, so it's a fairly easy installation to test. Especially in virtual environments... ;) -I On Sat, Jan 19, 2013 at 4:22 PM, Boris Epstein borepst...@gmail.com wrote: Absolutely. The solution seems really robust and the price is not bad. In my case, however, this is not the answer as I need a solution that can be implemented in a whole variety of networks, including virtual ones. Thanks anyways. Boris. On Sat, Jan 19, 2013 at 7:18 PM, Joseph Spenner joseph85...@yahoo.com wrote: From: Boris Epstein borepst...@gmail.com To: CentOS mailing list centos@centos.org Sent: Saturday, January 19, 2013 5:10 PM Subject: Re: [CentOS] load balancer recommendations Joseph, Thanks! Did you mean this: https://www.barracudanetworks.com/products/loadbalancer But this looks like an integrated solution, hardware and software. I am just looking for the software part. Boris. On Sat, Jan 19, 2013 at 7:06 PM, Joseph Spenner joseph85...@yahoo.com wrote: I've had pretty good luck with Barracuda load balancers.. You can configure them to keep a user session on a single server, which is often desired, and spread new connections to other servers as they arrive. The only problem I had with them, ironically, was they would crash if I purchased their Live Updates feature. It's some sort of auto updating black-list service you can buy which helps protect the device and your resources. But after I disabled that, the device has been rock solid. Been working great since about 2006. Yes. It might be worth just getting the whole canned solution, though. It is Linux based. At the time, the thing was about $1800, which isn't really that bad, and it just works. There's a web interface to configure it, and it's relatively intuitive. If life gives you lemons, keep them-- because hey.. free lemons. ~heart~ Sticker fixer: http://microflush.org/stuff/stickers/heartFix.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] python26-memcached on centOS 5.5
On Thu, Feb 9, 2012 at 4:40 AM, Anand Jeyahar anand.jeya...@demandmedia.com wrote: Hi all, thanks a lot. Turns out that rpm is just a place holder.. i figured out the rpm -qpil command and realized i had to build from source. got it(memcached) running now. __- Thanks and Regards Anand Jeyahar Senior Systems Analyst, CSSCorp Pvt. Ltd., Mob: +91 80561 33088 Extn: 7101080 From: centos-boun...@centos.org [centos-boun...@centos.org] On Behalf Of Anand Jeyahar [anand.jeya...@demandmedia.com] Sent: Thursday, February 09, 2012 4:34 AM To: centos@centos.org Subject: [CentOS] python26-memcached on centOS 5.5 Hi, Is anyone here running memcached + python2.6 + django setup on a CentOS 5.5?? Am trying to set one up here and have trouble with the python26-memcached installation. So far i have installed (via yum): 1.python26 2. python26-memcached 3. libevent 4. memcached-devel Now when i try to run `import memcache` from the python2.6 shell i get an ImportError: No module named memcache. The python26 installation picks up other modules(django etc..) fine. So there's no configuration problem from python26 interpreter. I am not able to figure out the problem. Any ideas/suggestions? Is building from source my only way out?? uh... 'yum install memcached' would have done it... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network Situation
On Wed, Dec 14, 2011 at 11:01 AM, Denniston, Todd A CIV NAVSURFWARCENDIV Crane todd.dennis...@navy.mil wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Gene Poole Sent: Wednesday, December 14, 2011 13:08 To: centos@centos.org Subject: [CentOS] Network Situation SNIP If I install CentOS 6.0 and sometime later upgrade to CentOS 6.2, will the fact that I'm running software raid-1 on the /boot partition cause me grief? SNIP 6.2 is the kind of release that those in the community and TUV call a 'point release'. Reading the FAQ may help you. 14. What is the versioning/release scheme of CentOS and how does it compare to the upstream vendor? http://wiki.centos.org/FAQ/General#head-6e2c3746ec45ac3142917466760321e8 68f43c0e And I think the backport link to redhat in the following FAQ could be useful for you to understand. 20. Where can I get the latest version of XyZ.rpm for CentOS? I cannot find it anywhere. 1. CentOS (and upstream) 6.[012] still use the ethX convention. I expect that to continue throughout the lifetime of the 6.[0-9] series, as upstream aims for consistency throughout the lifetime of 6. 2. Yes - you can eliminate NetworkManager. I'm writing this on a CentOS 6.1 desktop that's also running KVM. I don't run NetworkManager on this, as I want a static IP address defined at boot that does not have anything else trying to mess with the network config. 3. I can't speak to Fedora 15 - CentOS 6 KVM compatibility, but if you're moving existing guests, I'd be surprised if things didn't work. 4. RAID 1 from CentOS 6.0 to 6.2? Shouldn't be a problem. 5. Software RAID from Fedora 12 working in CentOS 6.0. Problems? Probably not. 6. Caveats? Plenty. CentOS 6 is based upon RHEL6, which is based on Fedora 12/13. So going from Fedora 15, you're going a little back in time. You'd have to look at the release notes from Fedora 13 and up to see the differences, as well as the CentOS/RHEL 6 release notes to get the major changes from way back. Example: no systemd. I don't know much more, as I haven't used Fedora in years... Hope that helps... -Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] Getting guest to detect new drive without reboot
Partprobe Sent from my iPad On Sep 19, 2011, at 21:51, Emmanuel Noobadmin centos.ad...@gmail.com wrote: I've got a CentOS 5.6 guest running on 6.0 host. Using virsh attach-disk, I attached a new raw file as vdc However, the guest does not detect this new disk. In the past, I've used the following echo 0 0 0 /sys/class/scsi_host/host#/scan command to make a CentOS system scan for new drives. However in the guest, there is no host in scsi_host so this isn't an option. I can't seem to find any information on doing this any other way apart from a reboot. Does anybody know if there is any other way? ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Having trouble starting more than 8 Xen guests
On Sep 18, 2011, at 9:13, Scot P. Floess sflo...@nc.rr.com wrote: I did some google'ing and from what I cn tell that error arises due to the lack of loop back devices (there being 8 by default)... I've tried both using MAKEDEV (in my /etc/rc.local) to create a number of loop back devices and put max_loops in my grub,.conf file. For example here is what I have in grub.conf now: title CentOS (2.6.18-274.3.1.el5.centos.plusxen) root (hd0,0) kernel /xen.gz-2.6.18-274.3.1.el5.centos.plus module /vmlinuz-2.6.18-274.3.1.el5.centos.plusxen ro root=LABEL=/ max_loop=64 module /initrd-2.6.18-274.3.1.el5.centos.plusxen.img Due to wrapping, max_loop is actually on the module /vmlinuz- line... I also tried to put max_loop on the kernel line as well... As I mentioned above, I also created the loop back devices from /etc/rc.local like so: /sbin/MAKEDEV -d /dev -m 64 loop And, once I can log in to the machine, I do see everything in /dev (for example /dev/loop0 to /dev/loop64) Has anyone else had this problem? If so, how did you resolve it Actually, you have max_loops=64 in the wrong file. You want it in /etc/modprobe.conf as thus: options loop max_loop=64 Once that is in, a reboot (after shutting down the running VMs) is the quickest way to activate it. Take the makedev and grub stuff out... -I ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] how to enable Flow Control on CentOS?
On Sun, 2011-07-10 at 22:08 -0500, Les Mikesell wrote: On 7/9/11 12:18 PM, Giles Coochey wrote: Gigabit is different. No, the default of auto-negotiating works there too. In 1000BASE-T, autonegotiation is required, according to http://en.wikipedia.org/wiki/Gigabit_Ethernet#1000BASE-T Which, in turn, refers to (click through without username required) http://standards.ieee.org/getieee802/download/802.3-2008_section2.pdf that states (in section 28D.5, part a) that Auto-negotiation in 1000BASE-T is required... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.6 and KVM failure
On Thu, 2011-04-21 at 20:16 +0200, Kenni Lund wrote: 2011/4/21 Ian Forde ianfo...@gmail.com: Turns out that wasn't the only problem I faced in my migration. With 2 KVM servers, both sharing a volume mounted via NFS for VMs, I migrated all VMs to the second node, upgraded the first, them moved them all back to KVM1. Instant disk corruption on all VMs. Boom. Are you sure it was the migration and not the raw/qcow2 error which caused the disk corruption? In the second pair of KVM servers, I'd made the changes to the xml files and restarted libvirtd. Then did migration of a VM. Then watched the corruption. It's possible I may have needed to reboot the VM before migrating, so that KVM absolutely knows what it is. But nevertheless, I'm now a little gunshy about live migration... I just had two Windows Servers with image corruption after upgrading from 5.5 to 5.6 and booting the first time with the raw setting, before changing it to qcow2 :-/ These two images were both on the same host, which is plain CentOS 5 *BUT* with a 2.6.37 kernel (and therefore 2.6.37 KVM module) from elrepo... It could be my special case of running with a vanilla KVM-module + CentOS KVM userspace which allows the corruption to happen, but if other people are seeing disk corruption with the regular kernel/kmod-kvm, then this known issue should probably have a big fat red warning in the release notes.. Yeah. I completely agree. I've got a steaming mess of VMs that I now have to go and rebuild... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.6 and KVM failure
On Sun, 2011-04-10 at 03:47 -0500, Johnny Hughes wrote: On 04/09/2011 12:04 PM, compdoc wrote: A similar incident was reported during the QA. Look at the .xml file. If it says type='raw', change it to type='qcow2' and restart libvirtd. Would that fix the problem ? Akemi Thank you. After reading your message, I googled the error and found a webpage that describes a slightly different procedure than yours, but which does the same thing: http://ubuntuforums.org/showthread.php?t=1638708 Everything is working now. :) I am going to add this to the Release Notes for 5.6 on the Wiki now. Turns out that wasn't the only problem I faced in my migration. With 2 KVM servers, both sharing a volume mounted via NFS for VMs, I migrated all VMs to the second node, upgraded the first, them moved them all back to KVM1. Instant disk corruption on all VMs. Boom. I have a second pair of KVM servers. I tested one VM with my normal migrate-them-out-of-the-way procedure, and it, too, suffered MASSIVE filesystem corruption. This was even after I'd made the qcow2 mods and restarted libvirtd. The only way I was able to not have to rebuild the remaining non-corrupted VMs was to shut them down on one node then bring them back up again. Turns out live migration doesn't work in this upgrade. (Though I'll test regular live migration tomorrow, given that all 4 KVM servers have now been upgraded.) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VMware (was Re: current bind version)
On Thu, 2011-02-24 at 22:47 -0600, Les Mikesell wrote: Player isn't good for most of my usage because most of the time I don't want the console display at all - I just connect to the guests remotely with freenx/ssh/vnc when necessary. And I have Server 1.x setups that have run for years with no attention or downtime. I agree that ESXi is better, but it wasn't free when I built the VMs and I'm running some native Centos stuff on the host along with several guests. Anyway, my point was that the fabled library ABI stability of RHEL turned out not to work for VMware Server 2.0. But CentOS did come through with bug-for-bug compatibility as promised, causing the same crashing behavior after the same minor-rev update. I went through this a while back both at work and at home. At work I converted the whole shebang from VMware Server 2.0 over to KVM. At home I went with ESXi. Both were fairly painless to do, though with ESXi you need a Windows box to manage it. Eventually, I'll probably convert the home machine to KVM. Maybe. OTOH, I like not having a boot drive (other than the SD card) on the box. Hmm... (thinking aloud) Is anyone doing KVM on a box from a USB stick or SD card? Saves a disk, and that's what VMware is doing with ESXi... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
On Fri, 2011-02-18 at 15:09 -0500, Michael B Allen wrote: Are you talking about the SAQC? I run all CC transactions through one CentOS VPS webserver (actually I have two servers that I periodically wipe out and alternate between every year or two). So I don't have POS terminals or any Windows PCs in the mix. We don't save any card holder data at all. So my SAQC was a breeze. I just had to add N/A for questions like the do you run anti-virus software and explain that everything goes through the one Linux machine for which no anti-virus software exists or is necessary. You're going to want to go to www.pcisecuritystandards.org for the full scoop. I'd advise you to have your counsel examine the PCI DSS documents. IANAL, but I recall from version 2.0 of the doc found at https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf (click-through agreement required) that, and I quote from page 7: PCI DSS applies wherever account data is stored, processed or transmitted. So it's not about saving data per se. Just the act of having it transmitted to your systems may (again, IANAL) make PCI DSS apply. I've been dealing with PCI Compliance at work for a few years. It's not really something you want to skimp through, as the fines can be quite severe when things go wrong. As I said, you may want to talk to your lawyer... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
On Fri, 2011-02-18 at 15:51 -0500, John Hinton wrote: Very good information, Ed. And yes, you will almost certainly be fighting with the compliance company, as I have not yet seen any who recognized CentOS. RHEL, yes. CentOS however does not hold the same 'trusted standard' or clout as the major 'name brand' providers. Yes, the trouble is the versioning numbers used by RH. If the system 'is' RH, most of the time those 'exceptions' are noted by the scanner but you may find yourself trying to 'teach them' a lot. Hopefully they have improved on this front. McAfee (after they acquired HackerSafe) Secure recognizes the backported fixes. Even on CentOS... I really think much of this is no more than smoking mirrors. For instance they do not ask about username/password policies and obviously do not scan for such. So this scanning leaves a lot to be desired. After I met all scan problems, my affected clients discovered they just answered a question wrong and found that since CC processing was not actually happening on my systems, but instead through other processors, this all went away and ended the need to address the same issues (backports) for the same applications, sometimes still under the same version, just due to a new scan. Basically a huge waste of my time. But I must admit, I did learn of just a couple of areas which I did tighten up. The rest was just red tape and I started feeling one particular compliance company was more into self promotion of their service by showing these non-existent flaws. I suppose one could compare it to the AV companies that allow broken virus sigs to set off alarms. We just saved your computer !--from this item that had no potential of harming your computer--. Regarding CC processing, check version 2.0 of the DSS. On page 7, referring to the scope, I found the term, processed, stored or transmitted, so that may (or may not) change how you approach it. But, if you must, I did find the Nessus output was fairly close to what the compliance companies found and gave me a bit of time to tune systems before the real scan. It has been a while, but I think Nessus found some things I thought more important, which the commercial scanner did not mention. And hey, if you do breeze through with CentOS being recognized as a RHEL clone, I would love to hear about that back to this list. Yep - McAfee is just fine with it... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cron and Cluster
On Wed, 2010-03-31 at 00:33 +, Joseph L. Casale wrote:
What kind of cluster? the term cluster can mean almost
anything these days.
Sorry, my bad. RHCS
I can tell you how I did it for a 2-node heartbeat cluster. I enabled
the cron jobs on both servers, and had the following snippet at the top
of each script:
[ ! -f /usr/local/etc/db_inc.sh ] exit 3
. /usr/local/etc/db_inc.sh
getactivestatus
if [ ${activestate} = no ]; then
exit 0
fi
So in the file /usr/local/etc/db_inc.sh, I would define a function that
would return whether or not I was the active node. An example of this
would be:
getactivestatus() {
if [ `cl_status rscstatus` = all ]; then
activestate=yes
else
activestate=no
fi
}
You'll need a command that determines the active/passive status for RHCS
to put into the getactivestatus() function, then you should be all
set...
-I
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos Installation on Multiple machines
On Wed, 2010-03-24 at 09:26 -0400, Tom Diehl wrote: On Wed, 24 Mar 2010, premr...@digilink.in wrote: Hi, I want to install customized centos on multiple systems. Can PXE boot do that ? Apart from this is there any other way of doing image copy of centos OS and installing it on several client machines through network. I used clonezilla, but after image cloning, i will again have to use the clonezilla LIVE CD on client machine to do a image restore. I want to make a clone of centos OS and store it in a server and keeping installing it on multiple machines with same hardware features from network. Is this possible ? You should look at https://fedorahosted.org/cobbler/ and kickstart. This will give repeatable automated installs over a variety of hardware. Regards, Or, you can look at System Imager. Designed just for that purpose. Do an image copy, then deploy on several machines on the network... http://wiki.systemimager.org/index.php/Main_Page -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] upgrade
On Sat, 2010-03-20 at 15:31 +0100, Kai Schaetzl wrote: Mattias wrote on Sat, 20 Mar 2010 12:48:34 -: Ok but how to to do all that I use the repo on vault.centos.org Why? This contains old software. You had to specifically change the repo files for that. Just remove/go back to what it originally was. And just before you reboot, you may want to do the following: updatedb locate rpmnew ; locate rpmsave and resolve any config file changes that you see... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for Newsletter Stuff
On Mar 5, 2010, at 9:10 AM, Benjamin Donnachie benja...@py- soft.co.uk wrote: On 5 March 2010 17:07, Garry.Dale garry.d...@gmail.com wrote: I like this idea, too. However, I feel compelled to point out a violation within your Data Center [5]. [5] http://wiki.centos.org/GarryDale?action=AttachFiledo=gettarget=didiCIMG0027.jpg Mandatory in the UK! At least at my desk :) Nice! Might want to install Synergy on those boxes though and get rid of those extra keyboards! -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Clustering apache
On Wed, 2010-02-17 at 10:27 -0600, Dan Burkland wrote: I’m a greenhorn when it comes to clustering in RHEL/CentOS and recently setup an active/standby clustering using Apache Heartbeat. It seems to be a good entry step into clustering however after testing it I was disappointed in that the resource manager does not start httpd on node2 if httpd on node1 is dead (only starts httpd on node2 if the heartbeat daemon on node1 is dead). Is there anyway to achieve this setup if not with Heartbeat with some sort of other HA solution? (Bear in mind - I'm talking about Heartbeat V1 config style here, not v2/3.) I've used mon successfully to enable that. You can add mon as a clustered resource in addition to apache, then configure mon to look for the apache process. If it finds that httpd isn't running, it will kill the heartbeat process, thereby forcing a failover. In Heartbeat V2/3, I believe that pacemaker does something similar, though I'm not certain, as I'm mortally allergic to xml-based config files that have been massively overbuilt. ;) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mount USB disk at startup?
On Thu, 2010-02-04 at 14:19 -0800, Kenneth Porter wrote: --On Thursday, February 04, 2010 8:36 AM -0600 Robert Nichols rnicholsnos...@comcast.net wrote: Looks like that's about all you can do. USB devices aren't available until hotplug discovers them, and that's proceeding in parallel with the rest of the boot sequence. Be sure to put a timeout in that loop lest it hang forever if that external device is absent. Even better would be to make the script event-driven and launched by the hotplug process. Then there's no busy-wait. This page has some info: http://linux.die.net/man/8/hotplug The detail links on this page aren't working for me but look promising: http://linux-hotplug.sourceforge.net/ Since the OP is looking to have their USB drive mounted before mythtv's backend process starts up, I'd recommend disabling the mythbackend startup script: chkconfig mythbackend off Then doing a manual mount in /etc/rc.local, followed by starting mythbackend. /sbin/mount /dev/sdb1 /wherever /sbin/service mythbackend start Of course, I wouldn't recommend using a USB drive for storing myth recordings, as it eventually bite you due to USB2's limited bandwidth... -I (also a mythtv user!) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is ext4 safe for a production server?
On Dec 7, 2009, at 10:30 AM, Florin Andrei flo...@andrei.myip.org wrote: John R Pierce wrote: I've always avoided XFS because A) it wsan't supported natively in RHEL anyways, and B) I've heard far too many stories about catastrophic loss problems and day long FSCK sessions after power failures [1] or what have you I've both heard about and experienced first-hand data loss (pretty severe actually, some incidents pretty recent) with XFS after power failure. It used to be great for performance (not so great now that Ext4 is on the rise), but reliability was never its strong point. The bias on this list is surprising and unjustified. Given that I stated my experience with XFS, and my rationale for using it in *my* production environment, I take exception to your calling said experience unjustified. FWIW, I was at SGI when XFS for Linux was released, and I probably was among its first users. It was great back then, but now it's over- rated. -- Florin Andrei http://florin.myip.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is ext4 safe for a production server?
On Sat, 2009-12-05 at 22:47 -0500, Brian Mathis wrote: On Sat, Dec 5, 2009 at 10:20 AM, Miguel Medalha miguelmeda...@sapo.pt wrote: I am about to install a new server running CentOS 5.4. The server will contain pretty critical data that we can't afford to corrupt. I would like to benefit from the extra speed and features of a ext4 filesystem but I don't have any experience with it. Is there some member of the list who can enlighten me on whether ext4 is mature enough to be used on a production server without too much risk? Thank you! Regardless of the technical issues offered here, ask yourself this: Do you really want to be experimenting with a new file system on a production server with pretty critical data? Since you asked about too much risk, I think you already answered the question. Any sane process would involve installing it on a low priority test server, running for a while to see how it goes, and learning about new features or tools. After you've done that on a few lower priority servers, for maybe a year or so, then you might start to _think_ about using it on a production server like this. My guess is that any additional speed can come from tuning other areas of your server and disk subsystem. What hardware do you have? What kind of disks? Using RAID? What level? Have you looked into aligning your partitions with the RAID blocks? I'm sure that some of the hardcore disk I/O people on the list can ask better questions and give more meaningful recommendations. Funny that - that's the kind of answer I was hoping to see on this list. The key issue was the fact that it's a production server. As a data point, I've been using mythtv at home for about 6 years. (Has it really been that long? Wow!) During that time, I've been using XFS filesystems for media storage for about the last 4 or 5. I haven't had a problem with it yet, though that doesn't preclude the possibility of it occurring at some later date. (Even, now that I've written this, it may fail several seconds from now, given that I may have jinxed it!) Anyhoo - due to this experience with it for my data at home which is constantly been written and rewritten - (mythtv is pretty intensive on systems - run it for a few years and BELIEVE ME - you'll find out where the weak points in various OS components are...) I've found XFS safe enough to use at work on production database servers. It works for me. It may not for you, but I'm happy so far. Again - this may all change tomorrow, but YMMV, as there's no such thing as software liability, and open source may eat your cat, make your dog toss its cookies on your lap, and cause the universe to unspool itself in your Wheaties tomorrow. We all take our chances, and it's a matter of how much risk we're willing to shoulder. As I said, I went through my process and deemed it acceptable... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] AIDE or OSSEC on CentOS 5.4 x86_64?
On Nov 29, 2009, at 3:52 PM, David McGuffey davidmcguf...@verizon.net wrote: On Sun, 2009-11-29 at 20:31 +, John Horne wrote: On Sat, 2009-11-28 at 18:57 -0500, David McGuffey wrote: Starting with a fresh load and after I finish hardening the load following the Center for Internet Security (CIS) guidance, I'm wondering whether AIDE or OSSEC would be a better intrusion detection system. I installed AIDE and did a quick test of AIDE and after initializing the db and applying the recent cups update, I found that 1700+ files had changed. Those are a lot of changes to wade through to determine if they are legit or not. If that is all that AIDE can do, then it is not manageable. Seems to me that any IDS must be tied to the yum update process so that one is not dealing with hundreds/thousands of changes that were brought in by a yum update that I choose to apply. Is OSSEC any less noisy? More so as far as I can tell. Don't forget that prelinking will cause files to regularly change their hash value whether they have been updated or not. Aide does have a patch to cater for prelinking (as far as I know it is not in the current release so you'll have to search their archives for it). OSSEC does not know about prelinking, so will frequently report files having changed. Shameless plug: You could take a look at rootkit hunter (http://sourceforge.net/projects/rkhunter/), its file properties testof knows about prelinking and can use the local RPM database to verify files, so an updated file won't be flagged as having changed unless someone has deliberately changed it. Another alternative is Samhain. As far as I remember it can handle prelinking, but will report updated files as having been changed. Thanks. I'm not looking for a tech solution so I can sit on my butt and let the tools do their magic. What bothered me was that I did the install, configured the load the way I wanted it, ran AIDE to init the db. A couple of days later, the CentOS list informed us that cups needed to be updated. I did the update and immediately ran AIDE to see what changed. That cups update changed nearly 1,700 files. That caused me to think...there should be a way to tie the IDS to the patching (that I deliberately authorized), so that the changes related to the patching are either ignored, or collected at the end of the report under the header something like: The following changes appear to be tied to authorized patching activity...if you did not authorize these changes, then find out why they changed... I still want to see the changes, but it would be nice to see the ones I authorized through the update service to be partitioned off from the ones that seem to have no reasonable explanation. Seems to be that a yum plugin could be written that would accomplish this. Consider - it would only allow signed rpm updates, and ask for permission (or use a key) to update to LIDS database... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP updates
On Fri, 2009-11-27 at 08:34 -0500, Bob McConnell wrote: Michael Kress wrote: Craig White wrote: and if enough people actually convinced the developers that 5.2.9-2.el5.centos were feasible, then they would probably move it into the 'Extras' repository. ... here's one trying to 'convince'! ;-) I'm using that package from c5-testing since a month or so and I encountered no problems. Regards Michael I'll go one further. We run commercial web sites on CentOS 5.3 which must also be PCI compliant. Because of the security issues, the auditors have been complaining for two months that we don't have PHP 5.2.11 installed yet, putting our PCI certification in jeopardy. When 5.2.12 is released, probably next month, we will have 30 days to get it installed. We are trying to figure out how to handle this issue short of having to compile PHP ourselves. That would violate the agreement we have with the hosting service. Bob - there are many of us that are in that situation, but it's actually quite an easy requirement to satisfy. Let's start with Upstream... Because Upstream certifies/qualifies their fixes against known vulnerabilities, you shouldn't get dinged on version number checking as long as you're using up to date backported fix packages from Upstream. Now... As long as CentOS has the same backported fixes to respond to the same CVE vulnerabilities, you should be okay. Just tell your auditors to research backports. Check out the first 2 paragraphs of: http://twiki.cpanel.net/twiki/bin/view/AllDocumentation/PCIComplianceInfo/ScanningSoftware Also, search the mailing list archives... you'll find more information. For proof of CVE fixes, do a: rpm -q --changelog php |grep -i cve As long as you've resolved outstanding known vulnerabilities, you should be able to get exceptions/exemption granted for version numbers. Of course, IANAL, and this does not constitute legal advise, but it's a path that you can pursue for a speedier resolution of this issue rather than go through the pain of finding php 5.2.10 rpms and qualifying them yourself. Remember - If it weren't for fixes from Upstream/CentOS, neither Upstream nor CentOS would be able to be tested for compliancy without MAJOR source-code hoops, which would defeat the purpose of using these OSes in eCommerce in the first place! ;) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
Sent from my iPhone On Nov 23, 2009, at 6:14 PM, Les Mikesell lesmikes...@gmail.com wrote: On the contrary, having the ability to extend through external software gives you unlimited options. Note that postfix eventually got around to copying this feature. Also with mimedefang you can do most of your special configuration in perl instead of having to learn yet another syntax. Hmm... I wouldn't exactly call that an advantage... I'd much rather plug in a kilter and spend 20 minutes configuring it properly than have to wrestle custom perl for getting mail flowing... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommend Mail Server
On Nov 23, 2009, at 5:34 PM, Christopher Chan christopher.c...@bradbury.edu.hk wrote: Les Mikesell wrote: You probably really want ldap for that sort of thing. You probably really want to reconsider using ldap for anything that gets loads of changes daily. In the case of a mail relay, at one point years back I decided to drop (not bounce) all email to bogus recipients at the relay level rather than let it get to (yuck) Exchange, which would bounce it. The trick was having an updated recipient list. My first thought was to query Active Directory for each user, thus getting an up-to-date result. This turned out to be a *bad* idea for a couple of reasons. 1) if I can't reach AD, mail won't queue up on the relays, which is one of their major functions. 2) I'm making the relays directly dependent on AD latency. 3) any flood of email from outside can cause a large amount of queries against AD, causing a DOS that the relays are supposed to shield the internal network from. So instead, I found a script to gather the list of users from AD, did some modifications and wrote some wrappers. The result? A script that runs from cron to get the list of valid addresses, convert them into an access file that sendmail (or postfix, in the first case years ago) can use instead. There's a little more latency, but as long as I do some sanity checking (too many changes? Send an alert and don't change the access file) it works just fine. Ldap-based, yes. But loosely coupled. A good compromise in my experience...___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install libnet-server-perl on Centos
Sent from my iPhone On Nov 9, 2009, at 10:25 AM, m.r...@5-cent.us wrote: Dhiraj Chatpar wrote: Please help me as i am not able to find any way to install Libnet Perl Server I used to install this on debian using apt-get install libnet-server-perl Command I just cannot figure out how to install this on Centos. Please help You need the perl-Net-Server package. But this is not in the stock repositories for CentOS. You need to add a repository for RPMforge or EPEL to get it. After that, a yum install perl-Net-Server should do. Or maybe cpan install Net::Server will work Please don't suggest using cpan as a first resort. On an operating system with package management, using said package manager should always be tried first. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Bug in freeradius 1.1.3-1.5.el5_4 rpm
I upgraded one of my servers to CentOS 5.4 today. The freeradius service (radiusd) didn't start up due to permissions errors. I tracked it to the permissions on the /etc/raddb/certs/ directory being set to 640 rather than 750, so the radius user couldn't enter the directory. In the spec file from the source rpm, line 200 should read: %attr(750,root,radiusd) %config (noreplace) /etc/raddb/certs rather than the current: %attr(640,root,radiusd) %config (noreplace) /etc/raddb/certs Note that this bug also exists in the the 1.1.3-1.4.el5 version that's part of the CentOS 5.4 release. I'm not sure if it exists upstream though, but there it is... ;) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] guestbook for centos 4 or 5 ???
On Sep 12, 2009, at 7:57 PM, R-Elists list...@abbacomm.net wrote: May I ask what purpose the guestbook should serve? You could just install wordpress and moderate every comment before it's posted. Guestbooks only accumulate spams. Who writes into guestbooks nowadays? I've got a blog myself and of the 500 or so comments it has accumulated, 495 are spam. Of those that are not spam, three are useless and one commenter could also have emailed me, because she has my address. Guestbooks are sooo 90s ;-) Rainer Ranier, um basically a customer asked if i had something already for it... i said ill look into it. the first thing i also thought of was *wordpress*, yet then each person in the family will want their own blog and i havent setup wordpress where it will support multiple blogs with only one instance of wordpress in one apache virtual domain space etc Why not try wordpress mu then? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what is the best way to delete so many queue files?
Heh - I always preferred the indirect approach. Move the dir out of the
way, recreate it, and delete in your own time...
# service sendmail stop
# cd /var/spool
# mv clientmqueue clientmqueue-todelete
# mkdir clientmqueue
# chown --reference=clientmqueue-todelete clientmqueue
# chmod --reference=clientmqueue-todelete clientmqueue
# service sendmail start
# rm -rf clientmqueue-todelete
-I
On Mon, 2009-08-31 at 14:57 -0700, nate wrote:
MontyRee wrote:
What is the best way to delete fast without too much load?
If you put /var on another file system you could:
- go to single user mode
- copy all files off of /var except those in the queue directory
- re-format the file system
- copy all the files back
- go to multi user mode
If there are a TON of files that could be much much faster
than deleting them individually.
otherwise:
find /var/spool/clientmqueue -type f -exec rm -f {} \;
Another option I've never tried passing two commands to find
at the same time, but assuming doing that is not possible you
could create a script that calls rm -f and sleeps a second in
between each file deletion -
[na...@us-cfe002:/tmp]$ cat test.sh
#!/bin/bash
rm -fv $1
echo Sleeping 1 second
sleep 1
[na...@us-cfe002:/tmp]$ find blah3/ -type f -exec /tmp/test.sh {} \;
removed `blah3/pd4-ads01-splunk-diag-20090827_193250.tgz'
Sleeping 1 second
removed `blah3/pd3-ads01-splunk-diag-20090827_183136.tgz'
Sleeping 1 second
removed `blah3/pd4-ads01-splunk-listtails.log'
Sleeping 1 second
removed `blah3/pd3-bgas01-splunk-listtails.log'
Sleeping 1 second
removed `blah3/pd3-ads01-splunk-listtails.log'
Sleeping 1 second
removed `blah3/splunk-diags-multiserver-20090827_1700.tar'
Sleeping 1 second
removed `blah3/pd4-bgas01-splunk-listtails.log'
Sleeping 1 second
removed `blah3/pd3-bgas01-splunk-diag-20090827_183148.tgz'
Sleeping 1 second
removed `blah3/pd4-bgas01-splunk-diag-20090827_193229.tgz'
Sleeping 1 second
adjust sleep level as desired..
nate
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What's the configure specs for the generic Apache install of CentOS x86_64 5.3?
On Mon, 2009-07-27 at 14:09 -0700, Al Sparks wrote: I'm trying to install apache 2.2.x from a tarball. That'll pretty much break the apache rpm installation... And it works. But I'm also trying to install modsecure, and I can't get that to work. If you stick with the rpm-based Apache installation, it might be as simple as: yum install httpd-devel apxs -cia mod_security.c as listed on: http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/modsecurity-manual.html#02-installation Of course, you could also grab the RPMS from EPEL... http://download.fedora.redhat.com/pub/epel/5/x86_64/mod_security-2.5.9-1.el5.x86_64.rpm It might help to know what CentOS uses to install Apache when doing the ./configure. That'll be in the SPEC file from the source rpm... also, I believe that be default, you don't get the server-info page unless you're coming in from localhost. -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What's the configure specs for the generic Apache install of CentOS x86_64 5.3?
On Mon, 2009-07-27 at 16:06 -0700, Al Sparks wrote: Perhaps I can use that to determine what ./configure options to use when compiling, but really, I don't see any differences in the two except some directory paths, and APR version (the CentOS version uses APR 1.3.0 and my version uses APR 1.2.7). I actually did look into specifying --with-apr=PATH prefix for installed APR or the full path to apr-config --with-apr-util=PATHprefix for installed APU or the full path to I'll give it a try. === Al If you compile your own apache, you lose *ALL* of the patches that upstream has put in place, and you break the rpm-listed definition of what the apache package is. Doesn't sound like a big deal now, right? Wait until later... you'll definitely regret it... EPEL or apxs would be the way to go for this... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What's the configure specs for the generic Apache install of CentOS x86_64 5.3?
On Jul 27, 2009, at 6:28 PM, Rainer Duffner rai...@ultra-secure.de wrote: Am 28.07.2009 um 03:23 schrieb Robert Heller: Right. The other option, if there is some specific thing you need changed is to grab the source RPM and tweek the .spec file and include your own patch(es). Keep the patch(es), along with a patch file for the .spec file someplace, so you can patch future versions. But Ian is right: you need a really good reason NOT to just use the distro provided RPM, along with whatever extras from EPEL (or rpmforge, etc.) you might need. Also: check out CentOSPlus as well, if you need more bleeding edge or whatever. Ever tried moving the install-location to /usr/local by changing the spec-file? Last time I looked, there was so much hard-coded stuff in the spec- file that it was almost impossible to change. Right - that's kind of the point. If you want to customize your Apache build, then the spec file modification route is the way to go, though you should really know what you're doing and why. If all you want to do is build a non-CentOS/upstream-supplied Apache module, then building an rpm for it is the best way. Failing that, you can use Apache's built-in tool for DSO building: apxs, which is part of the httpd-devel package. Of course, if you want to build everything from source, this may not be the optimum distro for you and you may wish to explore Gentoo...;) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DRBD very slow....
On Wed, 2009-07-22 at 11:16 +0200, Coert Waagmeester wrote:
The highest speed I can get through that link with drbd is 11 MB/sec
(megabytes)
Not good...
But if I copy a 1 gig file over that link I get 110 MB/sec.
That tells me that the network connection is fine. The issue is at a
higher layer...
Why is DRBD so slow?
Let's see...
common {
protocol C;
syncer { rate 80M; }
net {
allow-two-primaries;
}
}
You want allow-two-primaries? That implies that you're using something
like ocfs2, but that's probably immaterial to the discussion... Here's a
question - do you have another syncer statement in the resource
definition that's set to a lower number? That would definitely throttle
the sync rate...
-I
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS/SNMP update breaks MRTG?
On Tue, 2009-07-14 at 12:07 +0800, Noob Centos Admin wrote: Hi, Did the update overwrite your snmpd.conf file? The 'view' on the default one may not permit access to the things mrtg needs to see. Try changing it to .1 to expose everything. It might have done so. To be honest I have no idea since I've never touched the SNMP configuration before this and simply used the default. Currently there's nothing inside the snmpd.conf except a rocommunity which is the public user. I've added lines from an online source that claims that is the default snmpd configuration and it looks like it should be allowing view all to the public user. In any case, even prior to adding these lines, I could get the relevant values off SNMP using command line with the public community user, so I don't think I was blocking any thing iv SNMP Just a couple of random suggestions... One of the things I always do after patching a box is do an 'updatedb', followed by 'locate rpmsave' and 'locate rpmnew'. Then I resolve the differences. The other suggestion comes from a recent experience I had when updating a box running cacti. Did the upgrade, then cacti broke completely. Turns out that I didn't have the default fonts that cacti expected. I ended up having to install dejavu-lgc-fonts from rpmforge to resolve it. Why do I bring this up? Because cacti depends upon rrdtool, just like mrtg... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unexplained reboots in DRBD82 + OCFS2 setup
On Wed, 2009-06-24 at 07:22 -0700, nate wrote: Kris Buytaert wrote: We're trying to setup a dual-primary DRBD environment, with a shared disk with either OCFS2 or GFS. The environment is a Centos 5.3 with DRBD82 (but also tried with DRBD83 from testing) . Both OCFS2 and GFS are meant to be used on SANs with shared storage(same LUNs being accessed by multiple servers), I just re-confirmed that DRBD is not a shared storage mechanism but just a simple block mirroring technology between a couple of nodes(as I originally thought). Actually, it's both. http://www.drbd.org/users-guide-emb/ch-fundamentals.html gives the overview. It's shared storage with local disk access. And if you're using Gig-E for the interconnect, it's *fast*. ;) I think you are mixing incompatible technologies. Even if you can get it working, just seems like a really bad idea. That functionality is built in. DRBD fully supports use of OCFS2 on top of it in dual-primary mode. See http://www.drbd.org/users-guide-emb/ch-ocfs2.html Perhaps what you could do is setup an iSCSI initiator on your DRBD cluster, export a LUN to another cluster running OCFS2 or GFS(last I checked GFS required at least 3 nodes less than that and the cluster goes to read-only mode, I didn't see any minimum requirements for OCFS2). You could do that, but it would probably be overkill. Too many moving parts. You'd also slow down the speed. You're talking about app node - Gig-E - OCFS2/GFS cluster - Gig-E - iSCSI/DRBD cluster. I'd rather have app node - Gig-E - OCFS2/DRBD cluster. And it's *much* easier to setup. GFS is a bit of a pita to setup. I used to do it for RH professionally and it's not entirely painless... Though the whole concept of DRBD just screams to me crap performance compared to a real shared storage system, wouldn't touch it with a 50 foot pole myself. Nah... performance is pretty sweet. Local disk access, sub-second resync after rebooting one of the nodes, and the cost is *much* lower than a real shared-storage system... if cost is a factor, I'd seriously consider trialing the DRBD/OCFS2 combo. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kickstart question
On Fri, 2009-06-12 at 14:54 +0200, Rainer Duffner wrote: Jerry Geis schrieb: Hi all, I have a kickstart file that works for /dev/sda. I now need to detect an HP server and use /dev/cciss instead of hard coded /dev/sda. How can I detect what the name of the device is and use /dev/cciss and not /dev/sda? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos You want to use cobbler (www.et.redhat.com). Or you can use a begin script that does a 'fdisk -l' and parses out the available disks and puts that into the ks file... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5.3 - Apache - Under Attack ? Oh hell....
On Wed, 2009-06-03 at 01:57 -0400, JohnS wrote: On Wed, 2009-06-03 at 00:46 -0500, John R. Dennison wrote: On Wed, Jun 03, 2009 at 12:30:10AM -0500, Neil Aggarwal wrote: It would be prudent to review his web code to see if he did something in an insecure way. If his code is open to attack, it will be so even if he puts it on a new machine. Hence my statements to evaluate the web-apps he has running :) I will bet dollars to donuts he had a web app with a known issue that was not patched. Also goes back to my previous statement of fully patching. --- Dollars to Donuts ehhh??? How many donuts you think it will take to pay for legal costs and clean up if there are customer data on the machine? I think right about now I would: 1. Notify Risk Management and Your Compliancy Officer. 2. Take it off the network connections. 3. Do a live rsync and dd image + ram copy = running processes/hidden. 4. Same as 3. but with the machine off. 5. The company attorney needs to be notified. 6. By State and Federal Law in the US you have so many days to report incidents like this to users (customers) and law enforcement. If, by step 4, you mean remove the drive[1], stick it into USB enclosure, make a copy of it, then stick the original into a plastic bag in full view of a witness[2] then give it to them, I agree wholeheartedly[3]. I've been through this before and this is, IMHO[4] a safer way to operate. -I [1] Assuming no RAID. If you have RAID, you can go to a separate box and make a live backup via: goodhost# ssh badhost '(cat /dev/sda)' badhost-sda.ddout [2] Your manager or corporate counsel will do in this example. Better if its both. [3] This does *NOT* constitute legal advice. Talk to your corporate counsel before taking action, as this may constitute a criminal matter. [4] See [3] above. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Random server reboot after update to CentOS 5.3
On Thu, 2009-05-21 at 15:13 +0200, Peter Hopfgartner wrote: Dear ML We upgraded a Dell Poweredge PE 1950 Server the 8th of May. Since then the server rebooted 3 times without external cause (it is located in a server farm with redundant power supply etc.). Looking at the servers monitoring infrastructure with Dell's own OpenManage tools, I get strange errors: [r...@servernew ~]# omreport system esmlog () Severity : Critical Date and Time : Mon May 11 17:46:59 2009 Description : System Software event: run-time critical stop was asserted Severity : Critical Date and Time : Fri May 15 21:07:57 2009 Description : System Software event: run-time critical stop was asserted Severity : Critical Date and Time : Wed May 20 21:00:53 2009 Description : System Software event: run-time critical stop was asserted (...) This class of errors never happened before in over a year that the server is running. There is no mention of any anomaly, except the boot messages itself, in /var/log/messages. The server runs the 64 bit flavor of CentOS hosting some XEN virtual machines and some PostgreSQL and MySQL databases. It run without any issues with CentOS 5.1 and 5.2. I interpreted these issues as some kernel/software related problem, but do not know how to make a more accurate diagnosis of the problem. Can anybody give me some hint? Has anybody had some similar issue? Hmm... you *definitely* want to take this one to the Dell Linux list. Having said that, I did some googling for: omreport run-time critical stop was asserted and found only one hit for someone that faced it in April 2007. And Dell told them that it may have been software. I'd start there. Some additional questions: What version of CentOS? What kernel version? What version of the Dell tools? -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificate system
On Fri, 2009-04-24 at 17:22 +0200, j.witvl...@mindef.nl wrote: Hi all, Can anybody inform me wether the RedHat Certificate System or actually a CentOS equivalent is available for CentOS. Just skimmed on a download site through the RPM's for 5.3 and I couldn't find it. According to their pressrelease, it the code should be gpl, allthough I can't find any rpm for RH, FC or Centos. It seems that this is one of the few CA-packages for large scale deployment of certificates. Only alternative AFAIK is OpenCA, which seems to be hardly maintained… ( binaries on their site are old, and source code yields lots of errors during build..) Build? Why build? Check out TinyCA2, for which you can find rpms in rpmforge... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Controlling log file sizes
On Sat, 2009-04-11 at 22:25 +0100, Anne Wilson wrote: My fetchmail and procmail log files are getting rather large, and there's really no reason to keep entries for ever. How do others handle this? I know I could manually delete the older stuff then re-save the file, but it doesn't seem a good method. Use logrotate - it's built-in. Check the files in /etc/logrotate.d/ for examples, as well as the logrotate man page... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rpmnew puzzles
On Thu, 2009-04-09 at 15:30 +0100, Anne Wilson wrote: On Thursday 09 April 2009 15:01:37 George Negoita wrote: On Thu, Apr 9, 2009 at 3:39 PM, Anne Wilson cannewil...@googlemail.com wrote: I'm puzzled by such statements as diff /var/clamav/daily.cvd /var/clamav/daily.cvd.rpmnew Binary files /var/clamav/daily.cvd and /var/clamav/daily.cvd.rpmnew differ I thought the point of rpmnew files was so that we could check what has been changed? You can check to see what has been changed, since you have both versions, but you should use a tool that can compare binary files (if that makes any sense to you). In your case, you can safely delete daily.cvd.rpmnew, because, most probable, freshclam already updated daily.cvd to a newer version. Thanks, both of you. I did wonder if it was a generated file, but couldn't see the need for the rpmnew if it was. I'll need to carefully go through the /etc/clamd.conf.rpmnew, though. A quick look tells me I've lost the mailto, so I need to check what else has changed. And this is where vimdiff is your best friend... ;) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gnet-2.0, gio-2.0
On Thu, 2009-03-05 at 07:59 +0100, Ondrej Filip wrote: I asked on Saturday and I didn't get reply. I'm trying again. I'm porting one project to centos where we use gnet and gio libraries. Will be these libraries part of centos in future? I'm not sure what relationship is between these libraries and glib. That seems more of a question for upstream - meaning Red Hat... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gnet-2.0, gio-2.0
On Thu, 2009-03-05 at 09:21 +0100, Ondrej Filip wrote: Who makes packages for centos? Or who makes decisions about it? Hope it's not dummy question. http://www.centos.org/modules/tinycontent/index.php?id=2 See the section entitled: CentOS : Community ENTerprise Operating System so if RH pulls them, CentOS pulls them. Unless they end up in centos-plus... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 4 X 500 gb drives - best software raid config for a backup server?
On Sat, 2009-02-21 at 18:09 -0600, Les Mikesell wrote: Yes, but raid1 in software has none of those problems, since as far as the boot loader is concerned, you are booting from a single drive. And there is a trade-off in complexity, since sw raid works the same on Linux across different hardware and you need to round up different vendors instructions and utilities for hardware raid - and have a backup controller around for recovery. RAID in software, whether RAID1 or RAID5/6, always has manual steps involved in recovery. If one is using standardized hardware, such as HP DL-x80 hardware or Dell x950 boxes, HW RAID obviates the need for a recovery procedure. It's just easier. You can still boot from a single drive, since that's what the bootloader sees. There are no vendor instructions or utilities needed for recovery. Nor is there a backup controller needed. The *only* time I'd use software RAID on Linux is if I didn't have a standard hardware base that supported hotswap and commandless recovery, which in any enterprise within which I were to be employed, I'd insist upon (and deploy)... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 4 X 500 gb drives - best software raid config for a backup server?
On Sat, 2009-02-21 at 08:40 +0800, Chan Chung Hang Christopher wrote: Ian Forde wrote: I'd have to say no on the processing power for RAID 5. Moore's law has grown CPU capabilities over the last 15 or so years. HW RAID controllers haven't gotten that much faster because they haven't needed to. It's faster to do it in software, though it's preferable to offload it to HW RAID so that any apps aren't affected directly. You will have to prove that. I have previously posted posts with links to benchmarks that show that hardware raid with sufficient processing power beat the pants of software raid when it comes to raid5/6 implementations. Hardware raid cards no longer come with crappy i960 cpus. Just by doing some quick googling, I came across: http://blogs.zdnet.com/storage/?p=126 http://storagemojo.com/2007/04/24/mo-better-zfs-performance-stats/ http://milek.blogspot.com/2007/04/hw-raid-vs-zfs-software-raid-part-iii.html Now, bear in mind that I'm no ZFS fanboy, but I'm saying that it's not so cut and dry anymore. The equation changes, of course, when we're talking about a purposed fileserver versus an application server that needs RAID. (The app server can suffer because its losing access to CPU resources.) But the point of contention is still there. Both are viable solutions, when considering that SW RAID was never a serious contender for performance over the years, look at where it is now. This tells me that it's trending up towards equaling or bettering HW RAID performance. And that's not talking about price points. When throwing that in... But again - I still like HW RAID. I think we're in agreement on this. I would agree on that cache memory is an advantage, especially when considering battery-backed cache memory. There is more to it. That cache memory also cuts down on bus traffic but the real kicker is that there is no bus contention between the board's cpu and disk data whereas software raid needs to read of the disks for its calculations and therefore suffers latencies that hardware raid boards (which have direct connections to disks) do not. Of course, if the cache size is insufficient, then the hardware raid board will not perform much better if not worse than software raid. Indeed. But those aren't the only significant areas. HW RAID allows for hot-swap and pain-free (meaning zero commands needed) disk replacement. Hmm...really? I guess it depends on the board. (okay, okay, thinking of antique 3ware 750x series may not be fair) I was thinking about when I was running a farm of 500 HP DL-x80 series boxes and disk replacement became a 9x5 job that we farmed out. Just give a list of servers and locations (first drive or second drive) and the person could pull old drives out, put new drives in, and resync was automatic. Same thing is true for Dell PERC hardware. I note that that's not necessarily true with ALL HW RAID controllers, as they have to support hot-swap, and the chassis has to have hot-swap slots. But still, I've only seen one SW RAID implementation that does auto-sync. That's the Infrant ReadyNAS (http://www.readynas.com). I wonder how they did it? Might not be a bad idea to see how they're able to use mdadm to detect and autosync drives. I don't *ever* want to go through something like: http://kev.coolcavemen.com/2008/07/heroic-journey-to-raid-5-data-recovery/ Not when a little planning can help me skip it... ;) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 4 X 500 gb drives - best software raid config for a backup server?
On Sat, 2009-02-21 at 17:24 -0600, Les Mikesell wrote: Ian Forde wrote: Might not be a bad idea to see how they're able to use mdadm to detect and autosync drives. I don't *ever* want to go through something like: http://kev.coolcavemen.com/2008/07/heroic-journey-to-raid-5-data-recovery/ Not when a little planning can help me skip it... ;) If you are really concerned about data recovery and can chunk up your filesystem mount points so things fit on a single disk (usually not too hard with 1 or 1.5 TB drives available now) just use software raid1 since you can simply mount any single disk from it and access the files. It becomes much more difficult with other raid levels or multi-disk lvm. My point is that at home, I'd rather do network mounts to a fileserver utilizing HW RAID. At work, I'd rather use HW RAID with hot-swap disks. This way, there's are no hoops to go through. Time is a more important resource to me... SW RAID is a path that I went down well over a decade ago in Solaris (DiskSuite and Veritas VM), followed by Linux mdadm. If you've ever had to do a Veritas encapsulated boot disk recovery, you'll know why I'd rather never go down that road *ever again*... ;) -I -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 4 X 500 gb drives - best software raid config for a backup server?
On Fri, 2009-02-20 at 22:52 +0800, Chan Chung Hang Christopher wrote: Bollocks. The only area in which hardware raid has a significant performance advantage over software raid is raid5/6 given sufficient cache memory and processing power. I'd have to say no on the processing power for RAID 5. Moore's law has grown CPU capabilities over the last 15 or so years. HW RAID controllers haven't gotten that much faster because they haven't needed to. It's faster to do it in software, though it's preferable to offload it to HW RAID so that any apps aren't affected directly. I would agree on that cache memory is an advantage, especially when considering battery-backed cache memory. But those aren't the only significant areas. HW RAID allows for hot-swap and pain-free (meaning zero commands needed) disk replacement. -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
On Thu, 2009-02-19 at 18:46 -0600, ward.p.fonte...@wellsfargo.com wrote: Hi, I have two servers in the same subnet, one has this arrangement: BOX A [3 ips, one real two vips] BOX B [1 ip] I need to redirect input from one of the vips (192.168.0.1:8080) on BOX A to BOX B (192.168.0.2:8080) and I'm about to pull my hair out. Can anyone lend a hand? All my searching leads me to home firewall type arrangements using DNAT. I tried to bend one of those to fit my situation but it was a no go (most likely due to my lack of knowledge with iptables) Why not keep the vip and move it over to the other box? Heartbeat is perfectly suited to such a task... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 4 X 500 gb drives - best software raid config for a backup server?
On Wed, 2009-02-18 at 08:13 -0800, dnk wrote: On 18-Feb-09, at 2:01 AM, John Doe wrote: For controller, what is the interface on your drives?? SCSI, SAS?? Dell 2950, SAS 6 Host Bus Controller. Integrated SAS 6/i(base): 4 port SAS controller (does support RAID 0/1) But I don't know if that is descent hw raid or crap raid... JD This was kind of the reason I was thinking software raid. Has anyone had any raid experience with this card? Yep - it's real HW raid, though with a 2950, I would have gone for the PERC instead. The integrated SAS is usually a Fusion-MPT (LSI/Symbios) card. Do a 'lspci' to be sure. I've got a few of these configured and I can check the raid status with the mpt-status command (from the mpt-status rpm). Note that doing a 'fdisk -l' only yields one disk when RAID is setup. So yes - it's real HW raid. Just not much in the way of cache, which is why I prefer using PERCs instead... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] realtime backup
On Wed, 2009-02-18 at 15:35 -0500, Toby Bluhm wrote: For a speedy backup, could put the db on LVM. Then your procedure would be shutdown/freeze db, make lv snapshot, startup/unfreeze db, rsync/backup data, remove snapshot. That's what I'd suggest too, but be warned that performance on that database (if gets to be of any size to be useful) would completely suck... not unlike driving at 90mph and with the ebrake on and constantly up-and-down-shifting... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] realtime backup
On Wed, 2009-02-18 at 13:57 -0800, Scott Silva wrote: on 2-18-2009 1:45 PM Scott Silva spake the following: on 2-18-2009 1:36 PM Ian Forde spake the following: On Wed, 2009-02-18 at 15:35 -0500, Toby Bluhm wrote: For a speedy backup, could put the db on LVM. Then your procedure would be shutdown/freeze db, make lv snapshot, startup/unfreeze db, rsync/backup data, remove snapshot. That's what I'd suggest too, but be warned that performance on that database (if gets to be of any size to be useful) would completely suck... not unlike driving at 90mph and with the ebrake on and constantly up-and-down-shifting... -I Would a decent alternative be a master/slave, with the dumps being done from the slave. That way if the slave bogs down during the dump, it can catch up afterwards. The master shouldn't slow down at all, or very minimally as it is caching the slave transactions. One too many would's... ;) That would work, and I've done that (though not at the 5-minute interval) in production environments. But since the OP hasn't responded to this thread with any type of follow-up detail (like the size of the db), I'm wondering how much time I want to spend putting out possible solutions... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] MySql server on Centos 5
On Mon, 2009-02-16 at 15:22 +, Tom Brown wrote: I have a question about Mysql. I use mysql 5.0.68 on Centos 4 from Centos plus repository. The old hardware steers me to Centos 5, however there is mysql 5.0.45. Some program solutions which we are using on the old server (production for 500 users) do not work properly on new one (some querys producing reports). Is there a source where I can find version for Centos 5 server equal to the Mysql version which I run on the old server. I'd like to use some kind of repository. Looking forward for sugesstions. i think the short answer is no - you'd have to package that yourself and depending on what else this box does you may or quite well may not encounter other issues. You can always use the MySQL community RPMs. http://dev.mysql.com/downloads/mysql/5.0.html#downloads -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] MySql server on Centos 5
On Mon, 2009-02-16 at 11:54 -0700, Warren Young wrote: Ian Forde wrote: You can always use the MySQL community RPMs. http://dev.mysql.com/downloads/mysql/5.0.html#downloads Second that. I'm not normally a big fan of replacing stock system packages with third-party ones, but I've never had a problem with MySQL AB's RPMs on CentOS. There is one caveat - if you're running Apache and php on the same box, you'll first have to remove both the stock mysql and php-mysql rpms. Then install the MySQL Community packages, followed by php-mysql. -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Suggestion for Server Room monitoring
On Mon, 2009-02-16 at 09:59 +0800, Fajar Priyanto wrote: Hi all, I have a situation like this: Our little server room is always on. It has an air conditioning unit, but barely enough. So sometimes during weekend, the temperature could reach unhealthy level, like 29 degree Celsius. Currently, there's no personnel to monitor it 24 hours a day. I'm thinking of using a tool to monitor the temperature, and then send sms/email when it reaches certain threshold. Anyone has an idea? Could be software based or hardware one. Thank you. If you've got an APC UPS, there's a chance you can get a temperature sensor that attaches to it. That can be checked from Nagios, which can send alerts when thresholds are reached. You can also graph temperature over time (via SNMP) using Cacti, so that you can verify that Nagios is doing the right thing. Note that even if you use lm_sensors rather than an external temperature sensor[1], it's still a good idea to use Nagios and/or Cacti in conjunction with it. I believe Nagios has a check_lmsensors plugin available. ;) -I [1] - lm_sensors reports internal temperature, which is usually much higher than external temperature. So tune your thresholds accordingly... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] network driver at installation time
On Sun, 2009-02-15 at 22:34 -0500, Jerry Geis wrote: Is there anyway to load a network driver at installation time. Centos 5.2 x86_64. Yep - it's definitely in the kickstart docs - don't remember where though... Alternatively, is there a way to do a USB network driver at boot? See above... ;) Either is fine... Presently I have a rtl 8168 that just hangs at DHCP request. I want to use all the kickstart information I have setup, but need the network to work for that. From what I recall, there's an entry to the start of the kickstart something like linux ks=whatever dd or something like that... How to automate it into unattended kickstart? I haven't done that yet, so I'm not sure. -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
On Thu, 2009-02-12 at 11:08 -0600, Les Mikesell wrote: That sounds like the kiss of death for any critical service. Can't it figure out ahead of time that this is going to happen and let the service keep running unchanged with a warning message about needing the update instead? You're missing the point. If the service is already running, the changes won't take effect until you restart the service with the new binaries. And the whole patching exercise is what maintenance windows are for, anyway. Note that it's critical SERVICE, not critical SERVER. The former is more important than the latter, so ideally you should be able to take down the latter in order to upgrade one implementation of the former. -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
On Wed, 2009-02-11 at 17:34 -0500, James B. Byrne wrote: With one very large caveat. Be aware that updating bind via yum can result in your existing bind configuration files being renamed to something.rmpsave and your name server left in a dysfunctional state. I suggest that you consider excluding bind from normal updates and only update it when you are ready and able to check for possible configuration issues. That's true of pretty much every rpm that has config files... it's part of my standard updating routine: yum update updatedb locate rpmsave locate rpmnew fix any config files... restart services and/or reboot if necessary... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] real SATA RAID
On Sun, 2009-02-08 at 15:33 -0600, Sam wrote: The software raid in linux with mdadm is very powerful. Alot of people stay away from software raid because they think that a hardware solution would be easier to work with. But with a hardware solution, how do you monitor the status of your drives? There is usually windows software for that but normally a linux client is non existent. All of the monitoring and management is built into mdadm. Once you learn it, it is very easy to use and you can move your raid array from system to system as long as mdadm is installed. You certainly can't move a hardware raid setup to another machine unless the cards are identical. While I think that Linux software RAID is both solid and stable, when running a production environment I'd much rather use hardware RAID with hot-swappable drives. Example? Dell PERC RAID. Yes - historically there have been problems - but today it's rock solid. Monitoring it? Easy - there are Nagios plugins for omreport. Drive fails? Pull the drive and put the new one in. Nothing else to do. Same thing with HP DL-[35]xx class boxes... And if you're running, say, a farm of a few hundred servers, you can just have someone go in once a week armed with a list of disks to pull and replace. In short, IMHO, hardware RAID with hot-swap capabilities, on proven, STANDARDIZED hardware makes it easier (and cheaper) to support a larger number of boxes. (If you don't have standardized hardware, and tend to run somewhat of a mishmash, you're probably better off considering software RAID...) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kickstart won't kick-off via network
On Tue, 2009-02-03 at 11:17 -0600, Les Mikesell wrote: Isaac Hailperin wrote: On Tue, 2009-02-03 at 15:42 +0100, Kai Schaetzl wrote: Isaac Hailperin wrote on Tue, 03 Feb 2009 14:45:44 +0100: append initrd=distro/centos5.2/initrd.img ramdisk_size=7494 ks=http://9.0.0.1/all/profiles/cluto_centos5.2/cnode/ks.cfg this is not enough, you have to tell PXE about the network, which nic to use etc. I think there is a tutorial about doing PXE instalaltions on the wiki. You are right: ksdevice=eth1 did the trick. Found at http://wiki.centos.org/TipsAndTricks/KickStart The order of NIC detection/naming at bootup seems to be more or less random as of Centos 5.x. How do you know which name to choose here? In order to avoid this, you can use the ksdevice=bootif to use the interface from which the system booted... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Linux HA or Heartbeat IP address question
On Tue, 2009-02-03 at 13:58 +1100, Devraj Mukherjee wrote: Hi all, I am following the guide on HowToForge to get Heartbeat going for two Apache web servers (http://www.howtoforge.com/high_availability_heartbeat_centos), a quick question for anyone who might have a similar setup. Do I have to assign the service IP to either of the NICs or does Heartbeat do that automagically? Heartbeat does it for you - basically, Heartbeat for apache can be setup in less than 5 minutes. It's no more complicated than the link you posted. Each box has its own address, then there's the VIP. To get a little more advanced, you could configure a private link between them with a crossover cable and monitor that in heartbeat if you wanted to, but it's not required. Also, I'd turn off auto_failback... but that's just me. Some notes: 1. Disable apache from automatic startup via: chkconfig httpd off 2. Enable heartbeat to startup automatically via: chkconfig heartbeat on 3. Consider using the aforementioned private link, as the broadcast traffic can be maddening on a busy segment. 4. Consider using a private vlan rather than a crossover cable. If a crossover cable, or either side of a private link dies, and you've got STONITH enabled, both nodes can, under certain circumstances, kill each other. 5. Consider installing mon as well to monitor the cluster. 6. auto_failback means that that if you default to node01, then node01 fails, as soon as its back up, it'll fail back to node01. That can be good, but it can also be very bad... think of the case of using Heartbeat with mysql, and ask yourself how often you want to fail over a live database cluster. ;) Have fun! -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] More than 2TB RAID...
On Tue, 2009-01-27 at 18:46 -0500, Joshua Baker-LePain wrote: On Tue, 27 Jan 2009 at 6:43pm, Jake wrote I should say that I STRONGLY recommend not creating ext3 file systems in the 2TB+ range - fsck takes too long and you'd hate to get hit by one of those in what is supposed to be a quick reboot...and disabling them on the file system isn't a good idea either. On the other hand, nothing is as well supported on RHEL/CentOS as is ext3. So if you're data is really important to you, think hard about using another FS. Actually, on RHEL, the *only* filesystems that upstream *officially* supports are ext2/3 and GFS. Not XFS, nor reiser, nor JFS. Nada... Well, maybe FAT for USB-attached storage... ;) But if you're using CentOS, it's entirely up to you... If I were in RHEL-land (meaning: at a company willing to pony up for licenses), I'd consider a GFS2 cluster shared out via NFS. Or maybe an OCFS2 NFS cluster. If at a company using CentOS, I'd consider an OFCS2/NFS cluster or heartbeat/XFS/NFS. For home? XFS (or JFS if you like). But then, I'm willing (and capable) of supporting the mess I create. It all depends upon one's comfort level with getting out of a jam when one strays out of the sweet spots of available help... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Shell Script - Compare packages. rpm.
On Mon, 2009-01-26 at 08:26 -0200, Tiago Dias wrote: Hi, I need a script which makes the package compação rpm's through two text files ... Since a file is the output of the command rpm-qa pkg.out And the second file is a list of several packages rpm's, multiple versions and architectures. My idea is to compare a package x file pkg.out with several packages y of the file update.out and know whether a package and has a larger version of the package x installed and with that I return I have a package to be updated. Does anyone can help me do this comparison? Looks like you want to see what the update packages are without doing the updates, and without an internet connection. About 5 years ago I would have suggest running 'rpm --freshen --test packagename-from-update.out'. Today, I'd suggest saving even more time and just a local instance of mrepo. Configure your yum repos in /etc/yum.repos.d/ to point to the repository, and install the yum-updatesd package to find out what the new packages are... Why reinvent the wheel? ;) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
On Thu, 2009-01-22 at 12:19 +1100, Amos Shapira wrote: Hi All, Yes, I know, it's really really embarrassing to have to ask but I'm being pushed to the wall with PCI DSS Compliance procedure (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why we don't need to install an anti-virus or find an anti-virus to run on our CentOS 5 servers. Note - I am *NOT* a lawyer. This advice is freely given, and may be worth exactly what you paid for it... ;) Whatever I do - it needs to be convincing enough to make the PCI compliance guy tick the box. So: 1. Has anyone here gone though such a procedure and got good arguments against the need for anti-virus? Yep - on the wikipedia page you referenced, look in the Requirements section, section 5. It says: Use and regularly update anti-virus software on all systems commonly affected by malware Note that CentOS isn't commonly affected by malware. So you should be okay here. 2. Alternatively - what linux anti-virus (oh, the shame of typing this word combination :() do you use which doesn't affect our systems performance too much. None... clamav, amavis, etc... are used for protecting Windows boxes behind the Linux boxes. If you aren't running any Windows hosts on the same network as the Linux hosts, that should take care of the sweet spot of the AV argument. (Though if you're connected to a site via VPN or private link that has Windows boxes, that may be a different story.) The reviewed servers run both Internet-facing web applications and internal systems, mostly using proprietary protocol for internal communications. They are being administrated remotely via IPSec VPN (and possibly in the future also OpenVPN). Yep - then you want to make sure that since you're using a VPN, nothing (like say, an Apache worm) can jump over... PCI Compliance can be a bear. Just make sure that you have management buy-in, and good external scanning vendor... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antivirus for CentOS? (yuck!)
On Wed, 2009-01-21 at 21:06 -0500, Adam Tauno Williams wrote: Yes, I know, it's really really embarrassing to have to ask but I'm being pushed to the wall with PCI DSS Compliance procedure (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why we don't need to install an anti-virus or find an anti-virus to run on our CentOS 5 servers. Whatever I do - it needs to be convincing enough to make the PCI compliance guy tick the box. 1. Has anyone here gone though such a procedure and got good arguments against the need for anti-virus? There is no good argument against running malware detection on any sever. That depends upon how you define malware detection. Antivirus software for Linux typically scans for Windows viruses and malware. On the other hand, if you're talking about detection in the sense of Tripwire, or a cron job that runs a 'rpm -V' every night, I completely agree that this is something that should be done. CLAMAV works well. For detecting Windows malware, which isn't really the point... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kickstart over ilo serial port
On Thu, 2009-01-15 at 11:11 +0100, Jure Pečar wrote: Hello, Has anyone managed to redirect output of kickstart install to ILO serial console? I have to test and deploy the remote install with kickstart but have trouble debugging it because I can't see the output. For kickstart using the serial console, just add console=ttyS0,9600 to the APPEND line in the kickstart profile that you use under pxelinux.cfg/ -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] xorg-x11-drv-nouveau for CentOS?
On Mon, 2008-12-29 at 14:34 -0600, Frank Cox wrote: Ultimately, you're better off to use video chipsets with good open source drivers. Currently, that means Intel and (recently) ATI. That depends upon one's purpose. If, for example, one wants to use mythtv, I would use an NVidia card with the closed-source driver. Primarily because for what I would need mythtv to do, it works *much* better than both Intel and ATI chipsets/drivers... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail problem
On Sun, 2008-12-28 at 07:27 +0100, swilting wrote:
I wish to add options to sendmail
INPUT_MAIL_FILTER(`spamassassin',
`S=local:/var/run/spamass-milter/spamass-milter.sock, F=T,
T=C:5m;S:4m;R:4m;E:5m')dnl
dnl MAILER(cyrusv2)dnl
INPUT_MAIL_FILTER(`greylist',
`S=local:/var/run/milter-greylist/milter-greylist.sock')
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')
define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')
define(`confMILTER_MACROS_ENVRCPT', `{greylist}')
and
LOCAL_CONFIG
Kstorage macro
LOCAL_RULESETS
SLocal_check_rcpt
R$+ $: $(storage {greylist} $) ${client_addr}
R$+ $: $A $1 ? +Connect $1
R$+ $* $: $(storage {greylist} $@ $1 $) $2
it does not seem to work
after retstart sendmail
I errors
[r...@r13151 ~]# /sbin/service sendmail restart
Arr�t de sm-client : [ OK ]
Arr�t de sendmail :[�CHOU]
D�marrage de sendmail :554 5.0.0 /etc/mail/sendmail.cf: line 1685:
Xspamassassin: `=' expected
WARNING: Xgreylist: local socket
name /var/run/milter-greylist/milter-greylist.sock missing
451 4.0.0 InputFilter spamassassin not defined: No such file or
directory
[�CHOU]
D�marrage de sm-client : [ OK ]
[r...@r13151 ~]#
that happens I've done yet
/sbin/servive greylistd start
/sbin/servive spamassassin start
thank you for all your returns
I can think of 2 things... 1) Is milter-greylist installed? 2) You may
have the socket file wrong. Check your milter-greylist configuration to
see the name of the socket file.
Also, make sure that both spamassassin and greylistd are started before
sendmail...
-I
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] drbd 8.3.0 is out
On Fri, 2008-12-19 at 10:20 +0100, Rainer Traut wrote: Hi, is this the right place to ask for updated -extras- packages? this seems to be the successor of the 8.2.x branch and contains various bugfixes. Uhhh... this was *just* released... that's a little quick to be asking, isn't it? ;) I'm pretty sure I won't be using this in production until it's at least at 8.2.3 or so... Of course, that's not to say that testing packages won't be produced at some point. After all, wasn't there some overlap of 8.1.x and 8.2 packages? -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] regarding vpn server for 1500 clients
On Fri, 2008-12-19 at 16:02 +0530, Dhaval Thakar wrote: I prefer non-encryption vpn. Uhh... without encryption, you take the p out of vpn... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dlink DGE-530T on CentOS 4.7
On Sun, 2008-12-07 at 13:44 -0500, Stephen Harris wrote: Has anyone had any luck getting this to work? The kernel provide skge, sky2 and sk98lin modules all fail to load. I was able to download the latest version from the syskonnect.de site, and with some hacking/klduging of their install script managed to compile the module in there (a newer version of sk98lin, it seems) which recognised the card... but this isn't really sustainable 'cos new kernels will cause problems. Um... I've been using DGE-530T (PCI-Express) cards in a couple of boxes running CentOS for a couple of years now... I'm using the sk98lin module from the atrpms.net rpm... http://atrpms.net/dist/el5/sk98lin/ -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dlink DGE-530T on CentOS 4.7
On Sun, 2008-12-07 at 16:04 -0500, Stephen Harris wrote: On Sun, Dec 07, 2008 at 12:57:05PM -0800, Akemi Yagi wrote: I was just about to suggest the same thing when I saw this reply. The OP is running CentOS-4, so this link may be relevant: http://atrpms.net/dist/el4/sk98lin/ If their driver works, set up the atrpms repository on the system so that the driver update takes place automatically. Won't I have an issue, though, were the new kernel might be available before the ATrpms module is updated? I was hoping for some sort of dkms solution. Yep - that would be an issue... But since I also use quite a few other modules from atrpms, I always check first... Otherwise I can always just recompile the module myself if there's no automatic version solution available. You could, but I prefer the simplicity of rpms... this way I don't have to do my own QA.. -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XFS or JFS on CentOS 5?
On Thu, 2008-11-20 at 12:21 +, Karanbir Singh wrote: I use xfs, i dont use jfs. but only on x86_64 Ditto. xfs in CentOS is more widely used than jfs is in centos ( impression I get from looking at logs on and off - generated at mirror.centos.org ). (much snippage) - over on the mythtv list, you'll find that there are more than a few people (including myself) that have been using XFS with CentOS for *years* without problems. XFS is better than ext3 when dealing with files in the sizes of hundreds of megs and possible a couple dozen gigs... (deleting a 60GB file on ext3 takes a *while*...) That being said, RH doesn't support XFS and would rather one used ext3. But this is CentOS. We have -plus here, and kmods for those who want to use it... remember - it's all GPL... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Oracle start up script issue with RHEL3 Cluster
On Sun, 2008-11-16 at 09:39 -0500, Lanny Marcus wrote: On Sun, Nov 16, 2008 at 8:53 AM, lingu [EMAIL PROTECTED] wrote: Thank a lot for your valuale information also we are getting lot of mails in this mailing list about debian,ubuntu,knopix and even the microsoft and the people are getting help for such mails too .I dont think anything wrong about posting RHEL related issue on this list, also i thought you know very well centos is the clone of RHEL . Yes, I know that CentOS is a clone of RHEL. But, if you paid for RHEL, probably you have a right to their support. If not, to participate in their mailing lists. On a weekend, you probably will get a quicker reply from a RH mailing list than this one. Many of the experts who participate in this list are not around on the weekends. In addition, Red Hat Cluster isn't cheap. It's usually a pretty safe assumption that if one has it deployed, then one has an active service contract with RH, and thus has access to the official support channels... which is why RHCS knowledge hasn't really percolated out to the CentOS crowd to the degree that it has on the RHEL lists... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Linux backup help
On Fri, 2008-11-14 at 15:08 -0700, Warren Young wrote: Amos Shapira wrote: Is there a way to freeze a list of installed packages and exact versions, then tell yum (or any other tool/script) to install exactly these verions either on the same or another systme? There isn't a need for an explicit feature. Just update one server, test it, then copy all of /var/cache/yum/updates/packages to the other machines. You can then say rpm -Fvh *.rpm in that directory to bring that machine up to the same level as the other one. Actually, that's the problem that Red Hat Satellite Server can solve. You can approve packages for deployment. Thus, when provisioning new servers, they get updates from the approved list. And servers are grouped by class. For the free version, one should investigate Project SpaceWalk. http://www.redhat.com/spacewalk/ -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Seeking advice about auth/home serving
On Wed, 2008-10-15 at 09:52 +0200, Laurent Wandrebeck wrote: Hi, I'm currently using nis/nfs3/autofs in a small network (20 boxes), and planning on using a more secure/elegant method. The thing is, which solution to adopt ? The network is mainly composed of Centos boxes, and a couple MS/Win ones. ldap/kerberos/nfs4 ? Directory Server ? Anything else ? Another point is, we have several servers with a local /data. Is there any solution to make each /data accessible to each server without having to maintain an awful fstab list per server ? (no way to deploy gfs). Without knowing more specifics, you could always try using the /net automount... as in: /net/servername/data It's ugly, and rarely used, but it works for small networks... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Mass installs of desktop systems on identical machines
On Wed, 2008-10-15 at 07:36 +0200, Niki Kovacs wrote: Thanks very much everybody for your numerous comments. I guess I got much more than I expected. One more suggestion... try SystemImager... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] creating a user from an RPM package
On Wed, 2008-10-15 at 16:22 +1300, Spiro Harvey wrote: What wizardry do you guys use in the SPEC file when creating/deleting a user from an RPM package? I was going to create a macro like: %define user(login,uid,gid,name,homedir,shell) \ echo $1:x:$2:$3:$4:$5:$6 /etc/passwd; \ echo $1:!!:12005:0:9:7::: /etc/shadow; \ echo $1:x:$3: /etc/group; \ mkdir -p $5; \ chown $2:$3 $5 and then appropriate sedness and rm's when removing it, but I figure there has to be a cleaner way, or a builtin as this surely is a common feature. The RPM guide doesn't seem to mention it, or if it does, I missed it. Alternatively, if you could point me to a package or a spec file that does this, I'd be much obliged. You know, you could always use the useradd command... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rpmforge, perl-dbd-mysql, yum, priorities, centos, and you
On Wed, 2008-10-08 at 10:40 -0700, Joe Pruett wrote: rpmforge has just released a new perl-DBD-mysql for el4 that has an obsoletes against perl-DBD-MySQL and the protectbase yum plugin doesn't grok obsoletes. the priorities plugin does. so if you are having issues with this, install the yum-plugin-priorities first, make sure that the CentOS-Base repo is priority 1 and the rpmforge repo is priority 2 or higher (99 is the default). also, i'd like to suggest that the priorities plugin be made added to the base install and that the centos-base repos be configured with priority 1. it looks like c4 has the priority setting, but c5 doesn't and neither have the plugin installed. it seems like this would create a little more stable setup for people when they start adding other repos. Anything like this would probably have to be an upstream thing. But it would probably be a good idea for people to put this into their kickstart configs... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] CentOS on Dell Poweredge 2850
On Wed, 2008-09-17 at 10:26 +0200, [EMAIL PROTECTED] wrote: Thx. A former unix-admin at the dept thinks it might be a little on the old side hardware-wise, this particular server is about four years old. I'm split... This particular Poweredge modell is certified for RHEL 2 and 3. If I'd try to install RHEL5 on it, would bad things happen, or is it just a support issue? Seeing how CentOS 5.2 is equivalent to RHEL5, I don't see *what* could happen though... Kernel panics?? Still don't forsee any problems... I was running RHL 7.2 and 9 on PowerEdge 2850 boxes 6 years ago without problems, though I didn't have OMSA on them (not even sure if it was available for RHL at that time). There shouldn't be a problem with CentOS 5.2 though. You've got a PERC 5/i, and I know that's supported in OMSA under RHEL 5.2. So I'd say just go for it... and if you want more confirmation that it's certified and supported for RHEL 5.2, you can check the http://support.dell.com page, specify a PowerEdge 2850, and choose RHEL5. The fact that it's there indicates that it's working for Dell, let people outside of Dell... RH had an entry at https://hardware.redhat.com/show.cgi?id=232290 but the link is busted. But it still shows that it's certified... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS on Dell Poweredge 2850
On Tue, 2008-09-16 at 11:15 +0200, [EMAIL PROTECTED] wrote: Hi all, Our department's planning to buy a refurbished Dell Poweredge 2850 running dual-xeons and with a rather big raid array (8x 146GB). *My* plan is to install CentOS on this machine and I'd like to hear with you guys if there are any gotchas' doing this. My main concern is the ability of CentOS to recognise the raid-controller of the Dell and run a raid5-array as well as drivers for the onboard NICs. Any feedback on this is appreciated. I don't forsee any problems. I'm running CentOS 5.2 on a 2950 III and omreport installs fine without any problems. I can see the RAID array and monitor via the Nagios omreport plugins (search nagios-exchange for them). Onboard NICs shouldn't be a problem either... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS on Dell Poweredge 2850
On Tue, 2008-09-16 at 16:35 +0700, Lunix1618 wrote: [EMAIL PROTECTED] wrote: Hi all, Our department's planning to buy a refurbished Dell Poweredge 2850 running dual-xeons and with a rather big raid array (8x 146GB). *My* plan is to install CentOS on this machine and I'd like to hear with you guys if there are any gotchas' doing this. My main concern is the ability of CentOS to recognise the raid-controller of the Dell and run a raid5-array as well as drivers for the onboard NICs. I am running Dell 2950 III and no issue with hardware recognization of CentOs (5.2 Final) The one small thing is I can not extend the RAID volume because at the beginning time we only have 03 HDD now when we buy new HDD we recognize that RAID controller (PERC 6/i) doesn't support add new HDD to existing volume :( so only a choice is rebuild it. Uhh... check the DRAC - you may be able to extend the RAID5 array from there underneath the OS. You also may be able to do it using omconfig after installing omsa. This question really belongs on the Dell Linux list though... I can say that I've expanded a RAID5 volume underneath Windows quite recently on a 2850 and a 2950 without incident... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS on Dell Poweredge 2850
On Wed, 2008-09-17 at 02:51 +0700, Lunix1618 wrote: Ian Forde wrote: there underneath the OS. You also may be able to do it using omconfig after installing omsa. This question really belongs on the Dell Linux list though... I can say that I've expanded a RAID5 volume underneath Windows quite recently on a 2850 and a 2950 without incident... Are you sure that? I remember I found an article on Dell support site explain that PERC 6/i doesn't support that. At the beginning I only have 3 hdd, now I get more 3 hdd and after that I figured can not add new hdd to existing volume. I am not install Open Manage yet ...will try it soon You'll definitely need to install Openmanage first. My 2950 boxes have PERC 5i controllers in them. PS: sorry all for OT Uhh... check the DRAC - you may be able to extend the RAID5 array from btw, how do you access to DRAC ? i configured IP address for it at firmware boot but can not see the interface for it. It's not part of the operating system. You get to it via web browser (https) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Changing swap resume signature location
On Mon, 2008-09-01 at 13:25 -0400, Mag Gam wrote: 1. Format the swap partition again: sudo mkswap /dev/XXX 2. Activate swap partition sudo swapon /dev/XXX 3. Replace UUID=XXX in /etc/initramfs-tools/conf.d/resume by resume=/dev/XXX 4. Regenerate the initrd: sudo mkinitramfs -o /boot/initrd.img-2.6.XX (same version as the kernel) Hmm... for CentOS this would be: Become root (or use sudo - your choice...) 1. 'mkswap /dev/xxx' 2. Put the entry into /etc/fstab 3. 'swapon -a' (This will ensure that your fstab entry is good. If it doesn't load up, something's wrong...) 4. Recreate your initial ramdisk. You could do something like: 'mkinitrd /boot/initrd-2.6.18-92.1.10.el5.img 2.6.18-92.1.10.el5' but I'd recommend creating a new ramdisk (different filename) and creating a new test grub entry... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] I need help with GRUB
On Mon, 2008-09-01 at 09:47 +0530, Sadaruwan Samaraweera wrote: Hello, And the problem that I'm having is with my two Linux distros. Ive installed CentOS Windows in my SATA HDD and I've used my complete 40GB PATA HDD for Ubuntu. Well all OS's work fine with out any problems but when I want to boot into CentOS I've to select the SATA as my booting HDD from the BIOS if I want to go to Ubuntu the I've to select my PATA as the default HDD from the menu. So what I want to do is I need to add Both distros in to one GRUB boot loader and the other thing is that both grubs that I've on both HDD s only detects the windows Partition not the Linux partion. So I need to to know how to add bothe Linux versions I've into one GRUB. I want to use the SATA HDD as my default HDD. You'll want to merge the grub boot stanzas into one file, apply it to one (or both) of the drives, and keep it in sync when you do kernel updates (because those affect the grub menu)... This way, you won't have to change the BIOS setting. -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help me
On Wed, 2008-08-27 at 12:00 +0530, Sadaruwan Samaraweera wrote: Hi, Yes I know what your saying ok! I didn't ask him any descent question but I gave a solution based on my experience. So why hell r u guy's coming after me and as you said in the world of IT there are lot of perhaps OK buddy. Yeesh. Look - I'm not starting to start a flamewar here. I'm just saying that given the little information that was given, it would be prudent to have the OP give more before catch-all answers are given. I understand that your solution worked for you, but how would any of us know that they're experiencing the same problem as you did? Oh - and incidentally, the proper Red Hat way to do this (trust me on this one - I used to work for Red Hat, have two RHCE certs, and have been a sysadmin for over 15 years) would be to get more info before changing out network drivers. Replacing stock parts of the OS is the *FASTEST* way to have RH support say we don't support you. Now, knowing that this is CentOS, things don't quite work that way here. But the general case still applies. Stick with stock as much as you can until you can demonstrably prove that it's broken and put in a workaround until the correct solution is found. That's the easiest way to get help on this list. (And, I suspect, many others...) Just look at the recent discussions on CPAN (shudder) and how it can really crap up a system based upon RPMs... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] RH's servers breached
On Tue, 2008-08-26 at 13:54 +1200, Tony Wicks wrote: So there are new packages anyway in spite of the other bits. Hi all, have I missed something or is there a CentOS update for 5x but none for 4x ? I've made sure my mirror is synced and looked around at a few others but can't seem to see an update ? I just fired up my 4.6 and did yum update. No ssh packages, so the problem is not yours. Do any of the maintainers have a comment on the 4x SSH update availability ? I have a couple of SSH bastion servers that I have shut down until the update is out just in case so was wondering as to when it would turn up. I wouldn't worry about it too much unless there are unrelated security fixes. The SSH updates are against 4.7, so it would most likely be the case that your current 4.6-based sshd package is still pretty solid... The issue was against the then-current sshd packages... which would have been issued after the ones you're currently using... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help me
On Tue, 2008-08-26 at 13:39 +0530, Sadaruwan Samaraweera wrote: Hi, I think you need to get the proper device drivers not the generic ones that comes with the CentOS. Try updating your drivers or sometimes when you install a vendor driver or any other driver after a kernel update or a full system update you've to reinstall the drivers, It can recompile tt self to mach the new kernel. So try updating or getting a new driver from the vendor. Without more information on the specific issue, the advice you just gave regarding using vendor drivers can be extraordinarily dangerous. I would recommend: 1. OP giving more info (like, for example, specifics on the problem, hw config, etc...) 2. Patching CentOS before offering any solutions that can lead one down a painful path... as an example, many vendors defer to the network drivers offered in the kernel and have deprecated their own. Nvidia, for one, comes to mind... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache
On Tue, 2008-08-26 at 10:42 +0200, Ralph Angenendt wrote: Mad Unix wrote: Am running Oracle10g on the server, I do OCI connection from php/apache to my DB 10g so how would you insert the values to apache... To quote John (reading helps!): | you would put those variable assignments in the front of /etc/init.d/httpd Though I still don't understand why that would be needed. I've run into this... the OCI component needs some information about where Oracle is... my advise would be to *NOT* modify the /etc/init.d/httpd script. Better to put the declarations into /etc/sysconfig/httpd. That's what the file is there for, and if you upgrade the Apache RPM, you don't have to worry about your startup script mods... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail with TLS, permission problem
On Tue, 2008-08-12 at 11:21 +0200, Ralph Angenendt wrote: Jussi Hirvi wrote: Ralph Angenendt ([EMAIL PROTECTED]) kirjoitteli (12.8.2008 11:24): dr-xr-xr-x 2 mail mail 4096 Aug 11 14:42 /etc/mail/certs ^^^ Even allowing group to read there and enter there might be too much. Thanks for quick reply. That didn't help yet. The error message in maillog is still the same: sendmail.pem unsafe: Permission denied. The directory perms are now: [EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs drwxr-xr-x 24 root root 4096 Mar 29 2007 / drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc drwxr-xr-x 5 root root 4096 Aug 12 12:14 /etc/mail dr-x-- 2 mail mail 4096 Aug 11 14:42 /etc/mail/certs IIRC sendmail checks from /etc/mail downwards, so /etc/mail is open too do 'chmod u-w /etc/mail/certs/sendmail.pem' and see if it works... my certs are in /etc/pki/tls/certs with perms set to 755 on the dirs on the way down and everything works fine... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail with TLS, permission problem
On Tue, 2008-08-12 at 12:38 +0300, Jussi Hirvi wrote: Ralph Angenendt ([EMAIL PROTECTED]) kirjoitteli (12.8.2008 12:21): Thanks for quick reply. That didn't help yet. The error message in maillog is still the same: sendmail.pem unsafe: Permission denied. The directory perms are now: [EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs drwxr-xr-x 24 root root 4096 Mar 29 2007 / drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc drwxr-xr-x 5 root root 4096 Aug 12 12:14 /etc/mail dr-x-- 2 mail mail 4096 Aug 11 14:42 /etc/mail/certs IIRC sendmail checks from /etc/mail downwards, so /etc/mail is open too wide still. On another machine (Fecore Core 3, Sendmail 8.13) the /etc/mail perms are 755 too, and it works - thoug there is no SMTP-AUTH on that machine. I tried it, but the error message in maillog persists after Sendmail restart. The perms are now: [EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs drwxr-xr-x 24 root root 4096 Mar 29 2007 / drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc drwx-- 5 root root 4096 Aug 12 12:37 /etc/mail dr-x-- 2 mail mail 4096 Aug 11 14:42 /etc/mail/certs [EMAIL PROTECTED] mail]# ls -l /etc/mail/certs/ total 1924 -rw--- 1 mail mail1371 Aug 11 12:15 cacert.pem -rw--- 1 mail mail 963 Aug 11 12:15 cakey.pem -rw-r--r-- 1 root root 1952422 Aug 11 14:26 revoke.crl -rw--- 1 mail mail2258 Aug 11 12:16 sendmail.pem I cannot help thinking that this is *not* actually about the permissions - it must be about something else. In addition to doing 'chmod u-w sendmail.pem', change the ownership to root:root on all of those files... sendmail drops privs down to smmsp by default... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail with TLS, permission problem
On Tue, 2008-08-12 at 02:42 -0700, Ian Forde wrote: On Tue, 2008-08-12 at 12:38 +0300, Jussi Hirvi wrote: Ralph Angenendt ([EMAIL PROTECTED]) kirjoitteli (12.8.2008 12:21): Thanks for quick reply. That didn't help yet. The error message in maillog is still the same: sendmail.pem unsafe: Permission denied. The directory perms are now: [EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs drwxr-xr-x 24 root root 4096 Mar 29 2007 / drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc drwxr-xr-x 5 root root 4096 Aug 12 12:14 /etc/mail dr-x-- 2 mail mail 4096 Aug 11 14:42 /etc/mail/certs IIRC sendmail checks from /etc/mail downwards, so /etc/mail is open too wide still. On another machine (Fecore Core 3, Sendmail 8.13) the /etc/mail perms are 755 too, and it works - thoug there is no SMTP-AUTH on that machine. I tried it, but the error message in maillog persists after Sendmail restart. The perms are now: [EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs drwxr-xr-x 24 root root 4096 Mar 29 2007 / drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc drwx-- 5 root root 4096 Aug 12 12:37 /etc/mail dr-x-- 2 mail mail 4096 Aug 11 14:42 /etc/mail/certs [EMAIL PROTECTED] mail]# ls -l /etc/mail/certs/ total 1924 -rw--- 1 mail mail1371 Aug 11 12:15 cacert.pem -rw--- 1 mail mail 963 Aug 11 12:15 cakey.pem -rw-r--r-- 1 root root 1952422 Aug 11 14:26 revoke.crl -rw--- 1 mail mail2258 Aug 11 12:16 sendmail.pem I cannot help thinking that this is *not* actually about the permissions - it must be about something else. In addition to doing 'chmod u-w sendmail.pem', change the ownership to root:root on all of those files... sendmail drops privs down to smmsp by default... and change the ownership on the certs dir to root:root while you're there... you're okay with 755 perms on /etc/mail, as long as it's root:root. Basically, stick with the stock permissions and you should be fine... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: SIGPIPE in assorted apps after yum update
On Mon, 2008-07-07 at 07:07 -0600, John Hanks wrote: Paul Bijnens pointed out that Ian Forde had similar issues with dhcpd minutes before I posted my message. I missed that one as I scanned the archives, then joined the list to ask my question. My problem is also solved by removing ldap from the services line in /etc/nsswitch, in every app that was previously failing with the SIGPIPE errors. I'm still curious to understand why, but more so I'm grateful to have a fix for it. Should have joined the list a long time ago :) Nah - 20 minutes sooner would have done it! I joined the list to get an answer too! ;) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Getting something into centosplus for 5.2?
I've got a USB to serial adapter that I picked up from Radio Shack earlier this year. The updated pl2303 driver is already in the mainstream kernel as per https://bugzilla.redhat.com/show_bug.cgi?id=429652 but I'm not getting much traction from Red Hat as far as them updating the kernel. So every time there's an updated kernel, I have to rebuild the srpm. I figure that this is the kind of situation that -plus is meant to solve... I've already had to switch one of my boxes over to plus today given that the video4linux srpm (from atrpms) won't rebuild easily on 2.6.18-92.1.6.el5, and I'm thinking that having both on plus with everything I need in them would make it a lot easier... (There's already precedent here... I found linux-2.6.18-bz443853_powernow_null_deref.patch and linux-2.6.18-bz444759_hi_iowait.patch in the srpm...) Thanks for reading... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Couple of CentOS 5.2 dhcp notes
1. Apparently, since I updated from 5.1 to 5.2, dhcpd no longer wants to stay running. The config is sound, and I can start it from the command-line with the -d flag and it serves up leases. But without the -d flag, it just silently dies... 2. Syslog contains this little snippet: dhcpd: Internet Systems Consortium DHCP Server V3.0.5-RedHat Figured you'd want to know... ;) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Getting something into centosplus for 5.2?
On Sun, 2008-07-06 at 15:57 -0700, Ray Van Dolson wrote: I won't speak on the -plus topic, but as far as upstream is concerned, you definitely need to open an RFE SR if you're a paying customer... probably won't be super speedy, but better than your bug sitting around forever ignored. :) Heh - I figured 5 months was long enough, even though there are bugs that have languished for years in upstream's bugzilla... But yes - for it to get any traction, I would need to be a paying customer... that's why I figured I'd try their route first, then plus... failing that, I'd have to look at getting a kmod rpm for pl2303 into either plus or atrpms... (FWIW, it wasn't easy getting stuff into upstream when I worked for them either... it takes time...) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Couple of CentOS 5.2 dhcp notes
On Sun, 2008-07-06 at 19:12 -0400, Marko A. Jennings wrote:
On Sun, July 6, 2008 6:57 pm, Ian Forde wrote:
1. Apparently, since I updated from 5.1 to 5.2, dhcpd no longer wants to
stay running. The config is sound, and I can start it from the
command-line with the -d flag and it serves up leases. But without
the -d flag, it just silently dies...
Mine has been working without any problems before and after the 5.2
update. You might want to consider posting your configuration file.
Well, I stripped it down as much as I could - same problem exists... (IP
addresses and domain name changed, of course...)
ddns-update-style none;
ignore client-updates;
subnet 10.0.0.0 netmask 255.255.255.0 {
range dynamic-bootp 10.0.0.101 10.0.0.200;
default-lease-time 86400;
max-lease-time 604800;
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option routers 10.0.0.1;
option domain-name-servers 10.0.0.75, 10.0.0.76;
option domain-name mydomain.com;
}
But like I was saying before, if it were a config problem, it wouldn't
have been able to start on the command-line in non-daemon mode. Same
problem when I downloaded it from www.isc.org (3.0.7) and rolled a
source build. So there's definitely something strange (or obvious that
I'm missing) going on...
-I
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Couple of CentOS 5.2 dhcp notes
On Sun, 2008-07-06 at 19:34 -0400, Marko A. Jennings wrote: On Sun, July 6, 2008 6:57 pm, Ian Forde wrote: 1. Apparently, since I updated from 5.1 to 5.2, dhcpd no longer wants to stay running. The config is sound, and I can start it from the command-line with the -d flag and it serves up leases. But without the -d flag, it just silently dies... What exit code does it return when you execute it from the command line without the -d flag? 0 In fact, here's the output... (IP, hostname, and Mac info changed...) [EMAIL PROTECTED] etc]# dhcpd Internet Systems Consortium DHCP Server V3.0.5-RedHat Copyright 2004-2006 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Wrote 0 leases to leases file. Listening on LPF/eth0/00:00:de:ad:be:ef/10.0.0/24 Sending on LPF/eth0/00:00:de:ad:be:ef/10.0.0/24 Sending on Socket/fallback/fallback-net [EMAIL PROTECTED] etc]# echo $? 0 [EMAIL PROTECTED] etc]# !ps ps -ef | grep dhcpd root 15058 11173 0 16:36 pts/000:00:00 grep dhcpd [EMAIL PROTECTED] etc]# -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Getting something into centosplus for 5.2?
On Mon, 2008-07-07 at 00:54 +0100, Karanbir Singh wrote: Ian Forde wrote: I figure that this is the kind of situation that -plus is meant to solve... open a request at http://bugs.centos.org/ - thats the *only* way to get stuff into centos_plus, and if there is a patch or a proposed src.rpm for new pkgs, things go faster. Thanks! Okay - it's done - ticket number is 2954 (http://bugs.centos.org/view.php?id=2954) -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
