Re: [CentOS] latest freeIPA on CentOS
On Mon, Jul 14, 2014 at 3:02 PM, Jitse Klomp wrote: > RH will *not* do a backport of 3.3 to RHEL 6.x. > > Alexander Bokovoy (from Red Hat) on the freeipa-users list (feb. 17): > "RHEL 6.x lacks many of the dependencies required for IPA 3.3. Newer > MIT Kerberos (with API and ABI change for KDC database driver and many > other changes required for trusts and two-factor authentication), newer > Dogtag which relies on several dozens of Java packages and newer tomcat, > systemd (we use socket activation and tmpfiles.d a lot), newer SSSD. > Kerberos ccache stored in the kernel space (KEYRING ccache type) > requires changes at kernel level which are also needed for kerberized > NFSv4 for trusts as AD users have large Kerebros tickets when they are > members of many groups and so on." > Thanks for the info. We'll stick with 6.5 / 3.0 for now and hope the upgrade path is not strenuous. From first glances, it seems the manual part is going from 3.1 to something above, with the DogTag change. Hopefully that's the only laborious part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] latest freeIPA on CentOS
We're looking to run freeipa on CentOS-6.5. It seems the version available for 6.5 is 3.0, whereas the latest 3.x is 3.3.5 (available in F19 & 20). And now I see 4.0 was just released and will be in F21 (with support for native OTP-based 2FA!). Has anyone attempted rebuilds against the F19/20 3.3.5 RPMS for CentOS? Given the dependency chain, is it worth going down this rabbit hole? Otherwise, is everyone who is running CentOS and FreeIPA pretty much using 3.0? Since it's a new build, I was hoping we could start with the latest stable, but not ready yet to run RHEL7/CentOS7 or Fedora in our environment. johnny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] load balancer recommendations
On Sat, Jan 19, 2013 at 9:42 PM, Brian Mathis < brian.mathis+cen...@betteradmin.com> wrote: > Add another vote for HAproxy. It's excellent at what it does, as long > as it meets your requirements. It's main purpose is to load balance > HTTP traffic, and it can maintain session using a cookie. It will > monitor each server and remove it from rotation if it goes down. It > also has methods to place servers into maintenance mode. > > It doesn't really handle SSL (though they have been working on it for > newer versions), but that can be handled by using Apache or nginx as > the front-end termination point for SSL, and reverse proxy into > haproxy. > > It also does generic TCP load balancing, but I don't use it so can't > comment on that. > Also throwing in my vote with HAProxy, as it meets all of the (thus-far listed) requirements of the OP. The TCP loadbalancing works great, similar to the HTTP balancing. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Migrating CentOS 5 -> 6: where to put /etc/inittab respawn scripts?
On Oct 4, 2011 5:45 PM, "Alexander Farber" wrote: > > Where should I move my line, which docs to read? Like recent Ubuntus, C6 uses upstart in place of traditional Sys V init. Likely, you will want this in /etc/init/ -- note!, not the same as /etc/init.d/ johnny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LVM lvresize/lvextend requires some space in /etc to grow a logical volume?
On Mon, Sep 19, 2011 at 10:19 PM, Keith Keller wrote: > On Mon, Sep 19, 2011 at 07:15:09PM -0400, Johnny Tan wrote: >> Anyway, here's the real issue with LVM, at least in CentOS-6: >> >> [root@jttest ~]# df >> Filesystem 1K-blocks Used Available Use% Mounted on >> /dev/mapper/vg_main-lv_root >> 1548144 1548144 0 100% / >> >> [root@jttest ~]# lvextend -L 2G /dev/vg_main/lv_root >> /etc/lvm/archive/.lvm_jttest.pp.local_5523_51321310: write error >> failed: No space left on device >> Volume group "vg_main" metadata archive failed. >> /etc/lvm/cache/.cache.tmp: write error failed: No space left on device > > Many LVM modifications make a backup of the lvm metadata, which > typically resides in /etc/lvm. You might try the -A n switch to > disable the automatic backups (after strongly heeding the advice > in man lvm; but as you said, on a test system, it's fine to play > with). That did the trick: [root@jttest~]# lvresize -L 2G /dev/vg_main/lv_root /etc/lvm/archive/.lvm_jttest.pp.local_1416_1029753972: write error failed: No space left on device Volume group "vg_main" metadata archive failed. /etc/lvm/cache/.cache.tmp: write error failed: No space left on device [root@jttest~]# lvresize -A n -L 2G /dev/vg_main/lv_root Extending logical volume lv_root to 2.00 GiB WARNING: This metadata update is NOT backed up Logical volume lv_root successfully resized /etc/lvm/cache/.cache.tmp: write error failed: No space left on device (And the subsequent resize worked too.) Thank you for pointing out the -A flag (missed the fine print of common options being in man lvm). As you noted, I would probably never run into this situation in a non-testing environment and, if I did, would have much bigger problems. This probably explains why I never saw it previously. Good to know. johnny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LVM lvresize/lvextend requires some space in /etc to grow a logical volume?
On Mon, Sep 19, 2011 at 9:38 PM, Stefan Held wrote: > Am Montag, den 19.09.2011, 19:15 -0400 schrieb Johnny Tan: >> Anyway, here's the real issue with LVM, at least in CentOS-6: >> > You would deal with the same issues in older lvm versions. Thanks Stefan. I guess I just never noticed previously. >> [root@jttest ~]# df >> Filesystem 1K-blocks Used Available Use% Mounted on >> /dev/mapper/vg_main-lv_root >> 1548144 1548144 0 100% / >> > > Do i read that correctly and 1548144 1K Blocks are about 1,5G of Root > File System? Please tell me you have a seperated /var for log files. As evidenced by the hostname, this is a test VM solely for demonstration of this problem :-). johnny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] LVM lvresize/lvextend requires some space in /etc to grow a logical volume?
Side note: In CentOS-6, I noticed a new option in lvresize / lvextend: -r, --resizefs Resize underlying filesystem together with the logical volume using fsadm(8). Nice. Two steps (lvresize and resize2fs) can now be combined into one! Works great. But that has nothing to do with my question, just thought I'd share the discovery. == Anyway, here's the real issue with LVM, at least in CentOS-6: [root@jttest ~]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/vg_main-lv_root 1548144 1548144 0 100% / [root@jttest ~]# lvextend -L 2G /dev/vg_main/lv_root /etc/lvm/archive/.lvm_jttest.pp.local_5523_51321310: write error failed: No space left on device Volume group "vg_main" metadata archive failed. /etc/lvm/cache/.cache.tmp: write error failed: No space left on device So I can't extend a logical volume if there's no space in /etc? Granted, I only need to delete like 2k worth of files in the same logical volume as /etc to make the above work, but I don't recall lvresize or lvextend requiring space in /etc to do a resize. Has this always been the case? I don't have any 5.x servers handy to test this with. Can anyone verify? If this is new, this seems less-than-ideal. /etc itself rarely fills up, so, in theory, I could make it its own LV, but that's even less ideal. For now, I'll stick to deleting just enough to do the extend/resize. johnny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] amazon ec2 and centos?
On 06/18/2010 04:55 PM, Karanbir Singh wrote: > Please dont communicate to them or anyone else that the CentOS project > or people representing it will agree to be bound under any NDA that they > didnt sign themselves. And certainly not when done by proxy. This was definitely not what we communicated nor the impression they got. As they see it, we are just developing an AKI on our own. Only from our point of view would we submit to CentOS for review. > Not being awkward here, but I'm not going to accept any such thing when > it does not involve me directly and I am fairly certain that this would > extend to all the other CentOS developers as well. Makes sense. In that case, we'll develop for our use only, and offer advice if asked. > If you can and are willing to, asking those people at AWS to ping the > guys talking with us would be a good step to take instead. Do you have a name? I'm more than happy to have our reps prod your reps. johnny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] amazon ec2 and centos?
On 06/11/2010 02:17 PM, Karanbir Singh wrote: > Ok, so since there is some level of interest and a few people have > offered to test, let me get something together and post some details Our AWS technical reps stopped by our office the other day. They said the primary issue with CentOS in terms of the AKI/ARI is that the creation process is tedious, not straightforwad, and they usually only open that up to "partners" who will sign an NDA. And they are more used to working with business entities, such as Red Hat, Oracle, etc. Maybe they're confused as to what to do with "CentOS"? I don't know. But since we have a business relation with them already and are under NDA, we did tell them we were happy to develop the proper AKI/ARIs and give those to CentOS to vet. So they will send us the API to do so, shortly. This might all be moot, as there are changes coming to AWS soon in relation to this (among many other things), but we'll wait to see what's publicly announced. johnny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] amazon ec2 and centos?
On 06/08/2010 07:45 AM, Karanbir Singh wrote: > Ideally, what I would like to do is get together some people who have an > interest in this; not associated with any $commercial provider, and see > if we can get some level of QA testing done. I dont really want anything > 'official' unless we can be sure that the user experience and > expectations dont change drastically from a stock CentOS install. We'd be willing to QA test. We also have various reps at AWS we can work with, in addition to be being beta-testers for new features (there will be some changes to AKIs/ARIs soon). johnny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] amazon ec2 and centos?
Searching through the archives, it seems this topic has come up several times in the past 2.5 years. Did anyone ever take on the tasks of creating an official CentOS AMI? We're currently using the RightScale ones, but I think it'd be ideal to have a clean CentOS AMI with the current kernels. Karanbir, you seem to have been the one on CentOS side who has had the most conversations with Amazon. Is that conversation dead? If we had a small committee with members from this list, would that help in any way? Ranging from doing the bundling work, to utilizing our account reps within Amazon to help us push this along? johnny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sox rpm for el5?
Nicolas Thierry-Mieg wrote: > > Johnny Tan wrote: >> I believe I used to pull sox for el5 from dag's site, but it doesn't >> appear to be there anymore. Nor on rpmforge, atrpms, epel. >> >> Does any (trusted/reliable) repo out there have sox built for el5? >> >> I started a rebuild of fedora-12 version, but it's a pretty major >> dependency hell. > > it's in centos, at least for x86_64. Sorry, I guess I should have specified a later version than the one provided. Again, we used to get these later versions from rpmforge, but it seems to have all but disappeared from every repo. The only ones available are for Fedora, and the rebuild is not pleasant. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] sox rpm for el5?
I believe I used to pull sox for el5 from dag's site, but it doesn't appear to be there anymore. Nor on rpmforge, atrpms, epel. Does any (trusted/reliable) repo out there have sox built for el5? I started a rebuild of fedora-12 version, but it's a pretty major dependency hell. johnny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation for PCI-e SATA RAID 5 card?
Joseph L. Casale wrote: > I use the LSI's, they are pretty solid with a good cli, snmp and rhel > support. Sorry to hijack, but really quick question. What cli do you use for the LSI cards? Do you have a URL? johnny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] "core" installs of 5.2 missing crucial packages like yum, selinux-policy-targeted, vim-minimal, etc.
Kai Schaetzl wrote: Johnny Tan wrote on Tue, 28 Oct 2008 15:34:29 -0400: I had a 5.0 kickstart server which did "core" installs of CentOS (i.e.: "%packages --nobase"). And you have a @core in there as well? No, but adding that seems to work. In our 5.0 kickstart setup, we didn't need to put that. Maybe this is one of the "kickstart changes" mentioned in 5.2 Release Notes. Thanks, johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] "core" installs of 5.2 missing crucial packages like yum, selinux-policy-targeted, vim-minimal, etc.
Filipe Brandenburger wrote: Hi, On Tue, Oct 28, 2008 at 15:34, Johnny Tan <[EMAIL PROTECTED]> wrote: I had a 5.0 kickstart server which did "core" installs of CentOS (i.e.: "%packages --nobase"). IMHO, that's a very bad idea. Unless your diskspace is very very tight (in which case you should probably look into DSL or another distribution made for that purpose), why would you want to install CentOS without the "base" packages? All machines that I've seen that have been installed with --nobase are crippled. Some programs and mainly scripts just don't work, because they need to run some utility that is not installed. Consider removing the --nobase and, if there are packages you would like to remove from base and you're positive that it's safe to do it, use -packagename. I appreciate the guidance, but all our production machines run nobase, and we are fine. I'm just looking for some ideas as to why 5.2 is not installing certain "core" files. It could very well be a misconfiguration on our part, but I just wanted to see if others have encountered this. Thanks, johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] "core" installs of 5.2 missing crucial packages like yum, selinux-policy-targeted, vim-minimal, etc.
I had a 5.0 kickstart server which did "core" installs of CentOS (i.e.: "%packages --nobase"). I recently setup a 5.2 kickstart server. Using the same kickstart configs, I notice a few packages are always missing, notably: yum (!!), selinux-policy-targeted (even though I have "selinux --enforcing" in the kickstart, it always ends up with that package missing and selinux disabled), vim-minimal, etc. Looking at comps.xml for 5.2 os tree, it shows all of these packages in the "core" group, just like 5.0 does. So it's not that the "core" group has changed. Looking at the Release Notes for 5.2, I see this entry: "Kickstart scripts that worked for 5.0 and/or 5.1 may have issues on CentOS 5.2 installation trees. So first test your kickstart scripts with CentOS 5.2 before using them in production." I'm guessing this has something to do with my problem, but there's no further details. Does anyone have any insight into the above Release Notes entry, and/or my problem in general? p.s. I setup a 2nd kickstart server in a completely different environment, and am still seeing the same issue. I'm about to try a CD-based install of 5.2 and see if that also has the issue. johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] samba & samba-common installed then erased, but by whom?
Ned Slider wrote: and the cause is likely similar. Checking /var/log/yum.log for entries 1 year ago should confirm this. Ned/Alan: You guys hit it on the head. Thanks. I wasn't aware of this little oddity. Thanks, johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] samba & samba-common installed then erased, but by whom?
I saw this in Logwatch today for one of my servers: - yum Begin Packages Installed: samba-common.i386 3.0.23c-2.el5.2.0.2 samba.i386 3.0.23c-2.el5.2.0.2 Packages Erased: samba-common samba -- yum End - No one, including myself, has even logged into this box in the past few days (verified by asking the only other two people who have access and also looking at the last & secure logs). And neither /var/log/yum.log or /var/log/rpmpkgs shows samba at all being installed/erased/present. I ran both chkrootkit and rkhunter, and both turned up clean. Since this box is behind a firewall with only a few IPs given access to it, I'm thinking that it's not been rooted, but I can't seem to find any other explanation for this. The only thing that runs on this server is httpd and jetty. Everything else is done manually including yum updates. And nothing that runs on this machine would ever need samba. Has anyone ever encountered something like this? johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] using conf.d files to override options in httpd.conf
Like many of you, I like to avoid modifying /etc/httpd/conf/httpd.conf as much as possible. Instead, modifying or adding files in /etc/httpd/conf.d However, because /var/www/html is declared within the main httpd.conf and certain directives are set along with "AllowOverride None" (thus forbidding use of .htaccess), it seems like the only way to override any of these options is to modify httpd.conf directly. If nothing else, at least setting "AllowOverride" to something besides None. Is that correct? Or does anyone know of a way to leave httpd.conf pristine, yet still override or set directives for /var/www/html? johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] rpm build machines
How similar should my rpm build machine be to my target deploy machines? Like, do you have to build on a multi-core machine if you plan to run on a multi-core machine? Or as long as the arch is the same, nothing else matters? johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog repo?
Milton Calnek wrote: Johnny Tan wrote: I've got mine working finally, but I definitely look forward to seeing v3 in your testing repo! Let me know if I can help in any way. What version are you using? I'm trying 2.0.2 and having problems with zlib. I did both 2.0.2 and 3.11.6 -- both worked. What problem with zlib are you having? johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog repo?
Karanbir Singh wrote: in the case of rsyslog, thats not the case :D I had a play with the 3.x tree today, and it *looks* ok to me. So might as well inflict it upon everyone else considering its in the Testing Repo, no sane person will use it in Production. Right ? I shall have updated packages in a couple of days, prolly over the weekend. The package queue is quite long at the moment. I've got mine working finally, but I definitely look forward to seeing v3 in your testing repo! Let me know if I can help in any way. Basically, I want to be able to log locally AND remotely. AFAICT, I have to move to v3 to get this feature. err, really ? you could do that with conventional syslog too. Yes, strange but correct. Still, rsyslog gives me other features over conventional syslog, not the least of which you mention yourself: also, running over tcp is nicer, since you atleast now get a chance to do something about bits that dont make it. ... that, and it also allows me to run over stunnel. Thanks again, johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog repo?
Milton Calnek wrote: I'm pretty keen on trying out rsyslog. So I added Karanbir's repo... or I tried. I still can't find rsyslog. fwiw, I poked around http://centos.karan.org/el5/extras/stable/x86_64/RPMS/ and I couldn't find _any_ rpms. As mentioned, it's in testing, not stable: http://centos.karan.org/el5/extras/testing/x86_64/RPMS/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog repo?
Karanbir Singh wrote: I am maintaining rsyslog quite regularly, and if you find the version lag a bit in my repo its because I found something broken or something wrong with their release. I'm definitely all for stable, non-broken software even if it lags behind -- even way behind. But I'm specifically interested in rsyslog v3 for the disk-assisted buffering. Basically, I want to be able to log locally AND remotely. AFAICT, I have to move to v3 to get this feature. Do you use it for central logging? And if you do, how do you mitigate the risk of data loss if the clients can't contact the server? johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] rsyslog repo?
Does anyone know of a CentOS-5 (el5) repo for rsyslog, that's being maintained on a relatively regular basis? I checked all the usual suspects (dag, karan, epel, etc.), but they either don't have rsyslog at all, or they have an old version. Currently, I'm doing a rebuild of the Fedora-8 srpm, but it's at version 2.0.2. I wanted to move to 3.11.x for the disk-assisted buffering, and I was able to fix the spec file such that the package installs and runs. But I'm having other troubles with it (specifically with remote logging, which I was able to get working with the 2.0.2 version). So, I'm troubleshooting those problems as I speak(type), but perhaps rather than reinvent the wheel, I just wanted to check if there's an existing 3.x repo for el5, or if there are people out there who've worked out these problems already. johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS plus mysql server
Johnny Hughes wrote: There is an enterprise version and a community version of mysql ... even numbered versions are enterprise ... odd numbered versions are community versions. The 5.0.54 version is the latest released enterprise version: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0.html (Well there is a 54a now, but I am testing that) Johnny: Where do you keep the RPMs for the CentOS versions? I looked here, but don't see it: http://mirror.centos.org/centos/5/centosplus/x86_64/ And also, do you have a 5.1 version as well for centosplus? johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Making a NAS/HFS server
Steve Campbell wrote: I have no need to use these original files other than to have them as a backup source for the originals. I think I'm hearing everyone say just to mount my Centos partition on a Mac and copy them from the Thecus to the Centos partition.. Is that the concensus here? If so what, then, is the best way to export the Centos partition so that the Mac can access it? Another possibility is to dd the drive. johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Making a NAS/HFS server
Steve Campbell wrote: I don't understand, though, how it could have been populated with Mac stuff unless it either had a Mac fs or something or the sorts. A Mac wrote the data, but I'm not sure what type of format the system had. I really don't have a clue about this or how to fix up the NAS if we ever get that far. Having almost bought one of their products (ended up going with QNap instead), I'm almost certain from my research at the time that the Thecus NAS appliances run a linux-based OS and most likely use ext3 filesystem (as a previous poster mentioned). When shared over the network (NFS, CIFS, etc.), the filesystem on the NAS or server doesn't actually matter. Macs can still mount the network share and read/write to it. It doesn't have to be HFS for this to happen. In terms of the resource forks, I'd be surprised if this is even an issue. Can you clarify what problems/issues/symptoms you are seeing that makes you believe you need to "copy" the resource forks? What kind of files are these? If they are regular documents (Office, Adobe, images, videos, etc.), you should have no problems just copying the files from the mounted drive to somewhere else (another Mac, a Windows box, or a Linux box). If they are applications or some other binaries, there *might* be issues, but even then, I'm not convinced. p.s. Unless you are still using pre-OS X Macs, in which case, all bets are off... johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] mysql 5.1 rpm spec file?
Does Red Hat make available spec files for future releases? I took the existing mysql 5.0 spec file and, with a few mods here and there, was able to build the 5.1 rpm. But there are some new things which I am curious how they will deal with (ndb stuff, primarily), and was wondering if they have available the "beta" SRPMs or spec files for future versions of software. johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] building a Xen guest image on straight LVM partitions?
Ross S. W. Walker wrote: Johnny Tan wrote: Amos Shapira wrote: When I needed to build Xen guests under Debian I could follow more or less the instructions in http://preview.tinyurl.com/2oc48r and the advantage of this approach is that it allows me to setup the Xen guest directly on the LVM partition without making it consider the LVM partition as an entire disk with a partition table. I might be missing something, but that link seems to talk about FAI and doesn't mention xen. I'm interested in seeing how it can install on the LVM partition but the OS doesn't see it as an entire disk with a partition table. What does "fdisk -l" show, then? Here is a good link: http://wiki.rpath.com/wiki/Xen_DomU_Guide Based on that link, this seems like a regular install of Xen onto a LVM partition. I thought Amos was referring to some special setup. CentOS can definitely do this. Just setup LVM, and then manually edit the /etc/xen/myvm file so that the disk line is: disk = [ 'phy:/dev/myvg/mylv,xvda,w', ] johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux and Perl script using sendmail
Miark wrote: I have a webpage feedback form that uses a Perl script to send e-mails with "| /usr/sbin/sendmail -t". It works just fine, but SELinux is complaining about it: SELinux is preventing /usr/sbin/postdrop (postfix_postdrop_t) "getattr" to pipe:[41117] (httpd_t) I'm a SELinux newb so I don't know what (if anything) to do about it. Suggestions? grep postfix /var/log/audit/audit.log | audit2allow -M myrule will create a .te and .pp file which are a module that you can load to tell SELinux to allow the above. myrule.te is a plaintext file which you can examine. If it looks good, you can then do: semodule -i myrule.pp to install the module into SELinux. johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] building a Xen guest image on straight LVM partitions?
Amos Shapira wrote: When I needed to build Xen guests under Debian I could follow more or less the instructions in http://preview.tinyurl.com/2oc48r and the advantage of this approach is that it allows me to setup the Xen guest directly on the LVM partition without making it consider the LVM partition as an entire disk with a partition table. I might be missing something, but that link seems to talk about FAI and doesn't mention xen. I'm interested in seeing how it can install on the LVM partition but the OS doesn't see it as an entire disk with a partition table. What does "fdisk -l" show, then? johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] mounting nfs as httpd_sys_content_t under selinux
I have a NFS mount that I want apache to be able to serve
files from.
According to this doc:
http://www.centos.org/docs/5/html/5.1/Deployment_Guide/rhlcommon-section-0097.html
I should be able to mount it with a context that will allow
apache to access it.
But when I try the command they suggest:
[EMAIL PROTECTED]:~] mount -t nfs -o \
context=system_u:object_r:httpd_sys_content_t \
192.168.1.100:/data/test /mnt/test
It mounts, but when I do:
[EMAIL PROTECTED]:~]# ls -lZ /mnt
drwxr-xr-x 65534 65534 system_u:object_r:nfs_t test
It doesn't show the correct context.
(I don't know if it matters that I don't have a user with
UID 65534, only the remote NFS server has that.)
And sure enough, apache still can't serve from it. I see
this in /var/log/messages:
Dec 7 17:30:14 vm-37 kernel: audit(1197066614.787:240):
avc: denied { search } for pid=18066 comm="httpd" name=
"" dev=0:14 ino=4301717509 scontext=root:system_r:httpd_t:s0
tcontext=system_u:object_r:nfs_t:s0 tclass=dir
Dec 7 17:30:14 vm-37 kernel: audit(1197066614.787:241):
avc: denied { getattr } for pid=18066 comm="httpd" name
="" dev=0:14 ino=4301717509
scontext=root:system_r:httpd_t:s0
tcontext=system_u:object_r:nfs_t:s0 tclass=dir
When I "setenforce 0", it works. But I want SELinux.
Granted, I could do:
allow httpd_t nfs_t:dir { search getattr };
Well, actually, I haven't tried it but I'm guessing that
that will work. The problem is that I have other nfs
directories that I don't want httpd to access, even
accidentally if we ever point httpd at those directories.
So... any ideas on the nfs mount with the context option?
I'm running CentOS-5.1 with latest updates of everything.
johnn
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Announcing the CentOS on Laptops initiative
Karanbir Singh wrote: The idea of profiles has been around for about 4 - 5 years on EL/CentOS/Fedora platforms. eg: http://www.centos.org/docs/5/html/5.1/Deployment_Guide/s1-network-profiles.html D'oh! I've been using Network Manager for about that many years too, and didn't realize I could create profiles! I guess since they were under the "Devices" tab, I never looked closely enough to see there were profile options. Thanks! johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Announcing the CentOS on Laptops initiative
Lorenzo Quatrini wrote: I'm actually using CentOS on 2 laptops, and I have really few issues: on the newer one (a Lenovo) the only thing that doesn't work is sound (I know the newer alsa drivers would work, but I'm too lazy to install them: I'll wait for the updates) but it isn't a big deal: I'm using it for work, and I don't need sound I have CentOS-5 on a Thinkpad X61s and also only have sound as my major issue. Otherwise, it's great and I see no reason to run Fedora/Ubuntu. One (more general, not CentOS-specific) problem that I have is that there's no network profile manager. Traveling among 4 different locations (none with DHCP) means constantly going in and changing my network settings. Anyone know of a program to do something like what OS X does? Anyway, I'll throw up my experiences on the wiki soon, though it's been a few months, so my memory's patchy. Dag, is this the correct page? http://wiki.centos.org/HowTos/Laptops/ And are we supposed to do it on our own page and then link to it? Seems like the existing ones are like that. Or, if we create a page on there, should multiple entries of the same laptop model go on the same line somehow? johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] central logging/analysis
David Hrbác wrote: BTW "upstream" Fedora goes rsyslog way. http://fedoraproject.org/wiki/Releases/FeatureRsyslog?highlight=%28syslog%29 I was reading about this just the other day. Is anyone using rsyslog? johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] central logging/analysis
I'm interested in doing centralized logging & analysis of logs from my CentOS boxes. I messed around with syslog-ng and it seems like it's a better syslog. But I noticed most of the "usual suspects" of third-party repo maintainers (Dag, Axel, etc.) don't include it. Karanbir has an el4 version, but all my boxes are CentOS 5. I was going to go ahead and roll my own RPM (or, rather, rebuild Karanbir's el4 version), but it occurred to me to check what others were using in this space. Just sticking with plain old syslogd? Paying for splunk? Is there something else I haven't heard about? johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 yum update needs gpg key import
Scott Ehrlich wrote: Could someone kindly remind me the path to the keys, or simply the one-liner rpm to import the keys? It should be right on the root of the CD, called: RPM-GPG-KEY-CentOS-5 (you can also import it off of any mirror) But that's really strange because on my CentOS 5 install, as part of the yum update process, it asks me if I want to import the key. It was only pre-C5 that I had to do this manually. johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] using centos utilities to extract windows self-extracted files
Bob Chiodini wrote: Dave wrote: Hello, I was wondering if anyone has used centos utilities to extract a windows self-extracting .exe file? I've got one that's coming in and i need to extract and scan it. Unzip should do it, if it's a self-extracting Zip file. cabextract from the extras repos should also work. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] In the market for a new (old) laptop
Robert Moskowitz wrote: I pretty much love my nc4010. I got it May, '05. It has the 'most recent' bios on it... Thanks Robert, a very good and detailed review. Some of the stuff isn't applicable to me, but others definitely are concerning (particularly the overheating and the USB connectors too close). If you do find something newer you like, I'd like to know. I'm also on the hunt. I've been seriously considering the Thinkpad X60s series as my top choice. The specs look great, but I'm trying to find more detailed reviews from an actual user (like you did for the nc4010). johnny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] In the market for a new (old) laptop
Robert Moskowitz wrote: Don't know what it will be, but I am not suppose to swap its drives out and I continue to use this HP Compaq nc4010 as my Linux workhorse. Robert: I'm also looking for an ultralight notebook to bring to datacenters with me. The nc4010 sounds pretty good (just looked it up now, had not heard of it before). What is it that you don't like about it? johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
