Re: [CentOS] followup to request for centos C/W
On Wed, 20 Jan 2010 21:43:44 +0100 (CET) fabien faye wrote: > Like i have understood, xen could be also present and support on > RHEL6 and in this case, it could be supported until the cycle of RHEL > 6. But is it preferable to migrate all your xen to kvm in a near > furtur. Not going to happen. It's extremely unlikely that RHEL 6 is going to ship with the Xen hypervisor, only support to be run as domU (this is a speculation of mine). Miguel ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is ext4 safe for a production server?
Miguel Medalha wrote: > I am about to install a new server running CentOS 5.4. The server will > contain pretty critical data that we can't afford to corrupt. > Just for the record, Theodore Ts'o marked ext4 as stable and ready for general usage more than one year ago [1]. On 25 December 2008 kernel 2.6.28 was released with ext4 considered ready for production. So, ext4 is not _that_ new anymore. One year latter that Fedora 12 and Ubuntu 9.10 began using ext4 as default. I believe for 5.5 or even on 5.6, ext4 will not be a tech preview anymore. Considering that RH has extended the support so much, and how ext3 is so limited with the current and future disk's capacities (fsck on a 1TB volume is not funny). The current ext4 module is close to the one on 2.6.29 plus lots of fixes [2] [1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=03010a3350301baac2154fa66de925ae2981b7e3 [2] rpm -q --changelog kernel|grep ext4 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RIPd not announcing routes (CentOS 5.4)
Timo Schoeler wrote: > Hi list, > > yesterday I sent this eMail to quagga mailing list, however I didn't > receive an answer yet. Unfortunately, I really need this stuff running > or have to switch to another strategy achieving the goals. > We had several issues when using CentOS original quagga package. We use this package and everything works fine: http://ftp.qb.com.au/pub/yum/RPMS/i386/quagga-0.99.4-1.fc5.i386.rpm Regards, Miguel ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kerberos + NFSv4 difficulties
Dan Burkland wrote: > > d. SECURE_NFS = “yes” > Uncomment this lines for a more much more verbose logging in /etc/sysconfig/nfs: RPCGSSDARGS="-vvv" RPCSVCGSSDARGS="-vvv" > > a. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: ERROR: GSS-API: error in > gss_acquire_cred(): Unspecified GSS failure. Minor code may provide > more information - No principal in keytab matches desired name > > b. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: Unable to obtain > credentials for 'nfs' > > c. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: unable to obtain root > (machine) credentials > > d. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: do you have a keytab > entry for nfs/@ in /etc/krb5.keytab? > Double check your /etc/krb5.keytab. On the server it must have the nfs/server.exemple.net key and on the client it must have nfs/client.exemple.net. In idmapd.conf, leave it as the default: [General] Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = localdomain [Mapping] Nobody-User = nobody Nobody-Group = nobody [Translation] Method = nsswitch Believe me, I've tried to understand[1] why Domain must be "localdomain" but I've no been lucky. Regards, Miguel [1] http://linux-nfs.org/pipermail/nfsv4/2009-September/011369.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Xen pci passthru problems with kernel -164.6.1
Pasi Kärkkäinen wrote: > > I think 5.4 adds Xen VT-d pci passthrough support.. maybe that has caused > bugs in the normal non-vt-d passthrough. > > Have you searched Redhat bugzilla about these problems? And they call this "enterprise level", anyway, as you said RH has backported a lot of stuff from xen-unstable related to VT-d, changing completely the old behavior. In this bug I've found lots of patches: https://bugzilla.redhat.com/show_bug.cgi?id=484227 There is a bug opened regarding the lack of documentation (how nice, release first, document latter): https://bugzilla.redhat.com/show_bug.cgi?id=531753 This bug relates to this new stuff, but I suppose only the paying customers have access to the solution: https://bugzilla.redhat.com/show_bug.cgi?id=519399 This one shows a problem like mine, I suppose: https://bugzilla.redhat.com/show_bug.cgi?id=514458 And finally I will read the Xen documentation, since it looks like that's the only reference available: http://wiki.xensource.com/xenwiki/VTdHowTo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Xen pci passthru problems with kernel -164.6.1
Hi there, After updating a server from CentOS 5.3 to 5.4 my Xen pci-passthru setup has some troubles. The server has two NICs, one used by dom0 and the other assigned to a domU and one SCSI controler assigned to another domU. It has been working fine since CentOS 5.1, when I did the initial setup. After upgrading to 5.4, I get this error when starting the domU with one of the NICs assigned: Error: pci: improper device assignment specified: pci: :07:00.0 must be co-assigned to the same guest with :07:00.1, but it is not owned by pciback. On the other hand, the domU with the SCSI controler boots, but the driver inside the domU prints a lot of awful errors and does not work. I've booted the domU with the SCSI controller using the -128.7.1 kernel and everything works fine as before -164.6.1. Any clues on why I can't assign just one NIC to the domU anymore? # ls -l /sys/bus/pci/drivers/pciback/ total 0 lrwxrwxrwx 1 root root0 Nov 10 09:55 :07:00.1 -> ../../../../devices/pci:00/:00:02.0/:01:00.0/:02:02.0/:07:00.1 lrwxrwxrwx 1 root root0 Nov 10 09:55 :08:03.0 -> ../../../../devices/pci:00/:00:02.0/:01:00.3/:08:03.0 --w--- 1 root root 4096 Nov 10 09:55 bind lrwxrwxrwx 1 root root0 Nov 10 09:55 module -> ../../../../module/pciback --w--- 1 root root 4096 Nov 10 09:55 new_id --w--- 1 root root 4096 Nov 10 09:55 new_slot -rw--- 1 root root0 Nov 10 08:35 permissive -rw--- 1 root root0 Nov 10 08:35 quirks --w--- 1 root root 4096 Nov 10 09:55 remove_id --w--- 1 root root 4096 Nov 10 09:55 remove_slot -r 1 root root 4096 Nov 10 09:55 slots --w--- 1 root root 4096 Nov 10 09:55 unbind # Script do create the initrds KVER="2.6.18-164.6.1.el5xen" mkinitrd -f --omit-scsi-modules --omit-raid-modules \ --with=e1000e --with=xennet --with=xenblk \ --preload=xenblk /boot/initrd-$KVER-domU.img $KVER mkinitrd -f --preload=pciback /boot/initrd-$KVER.img $KVER # cat /etc/modprobe.conf alias eth0 e1000e options netloop nloopbacks=0 options pciback hide=(:07:00.1)(:08:03.0) alias scsi_hostadapter2 megaraid_sas # this is the RAID controller alias scsi_hostadapter3 ata_piix # lspci |egrep "(Ether|SCSI)" 07:00.0 Ethernet controller: Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) (rev 01) 07:00.1 Ethernet controller: Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) (rev 01) 08:03.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 08) # uname -a Linux salvador.ic.unicamp.br 2.6.18-164.6.1.el5xen #1 SMP Tue Nov 3 16:48:13 EST 2009 x86_64 x86_64 x86_64 GNU/Linux # domU-with-NIC.cfg kernel = "/boot/vmlinuz-2.6.18-164.6.1.el5xen" ramdisk = "/boot/initrd-2.6.18-164.6.1.el5xen-domU.img" memory = "4096" name = "taquaral" disk = ['phy:/dev/volumes/taquaral-root,xvda1,w', 'phy:/dev/volumes/taquaral-home,xvda2,w', 'phy:/dev/volumes/taquaral-home-staff,xvda3,w', 'phy:/dev/volumes/taquaral-home-adm,xvda4,w', 'phy:/dev/volumes/taquaral-home-admsis,xvda5,w', 'phy:/dev/volumes/taquaral-home-phd,xvda6,w', 'phy:/dev/volumes/taquaral-home-spec,xvda9,w', 'phy:/dev/volumes/taquaral-swap,xvda7,w', 'phy:/dev/volumes/taquaral-var,xvda8,w'] vif = ['mac=00:16:3e:57:13:a5, bridge=vlan0'] vcpus = 4 extra = "console=xvc0" root = "/dev/xvda1" pci = [":07:00.1"] # domU-with-SCSI.cfg kernel = "/boot/vmlinuz-2.6.18-128.7.1.el5xen" ramdisk = "/boot/initrd-2.6.18-128.7.1.el5xen-domU.img" memory = "2048" name = "flamboyant" disk = ['phy:/dev/volumes/flamboyant-root,xvda1,w', 'phy:/dev/volumes/flamboyant-var,xvda2,w', 'phy:/dev/volumes/flamboyant-l,xvda3,w', 'phy:/dev/volumes/flamboyant-swap,xvda4,w'] vif = ['mac=00:16:e3:55:55:55, bridge=br0', 'mac=00:16:3e:55:55:10, bridge=vlan0'] vcpus = 2 extra = "console=xvc0" root = "/dev/xvda1" pci = [":08:03.0"] # menu.lst title CentOS (2.6.18-164.6.1.el5xen) root (hd0,0) kernel /xen.gz-2.6.18-164.6.1.el5 dom0_mem=1G module /vmlinuz-2.6.18-164.6.1.el5xen ro root=LABEL=/ enforcing=0 module /initrd-2.6.18-164.6.1.el5xen.img ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS build scripts (or equivalent) acessible?
Mathieu Baudier wrote: > > I'm not sure that I understand. > Is there indeed such a public repository of the build scriptds / RPM > specs used by CentOS? > > That would indeed be fascinating and useful to have a look at it. > (I rebuilt libvirt from RedHat SRPM, just to test the some new > virtualization feature of v5.4, and going through the process I kept > wondering how the CentOS team is doing it on all the packages!) http://dev.centos.org/centos/buildsys/ Have fun. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.4? anyone? - "debate"
Les Mikesell wrote: > > I think for a lot of us, the 'we'll release when it's ready' mentality > is the main reason we aren't using debian. I don't think CentOS should > repeat their mistakes. > So what do you suggest? Release the OS with known problems, just to satisfy a date and the hysteria caused by Twitter updates? Or release something that truly works and it is _very_ reliable? I stay with the 'we'll release when it's ready'. You are not using Debian nor Ubuntu because you can rely on CentOS for having all the RHEL goodies for free and thank god CentOS' developers do think the 'we'll release when it's ready' philosophy. What RPM/Red Hat-like Linux distribution provides at least ~30 months of security updates and is free of charge (like Debian)? Lets see: Fedora: extremely cutting edge, constant updates during life cycle, 12-13 months support. OpenSUSE: I don't know how cutting edge it is, was 24 months of support, new releases will be ~18 months now. Mandriva: I don't know how cutting edge it is, 18 months. Too me all of this distributions are completely out of question to use on a server. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.4? anyone?
mbneto wrote: > Hi, > > The last status (from twitter) is 2 days old with the '5.4 is baked! > centos internal network will start syncing up today. Release ~ soon!'. > Any ETA? > Just relax and wait, this is a _volunteer_ based project. Want a release date? Go pay for RHEL. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Enterprise IPA (Identity, Policy, and Audit) Server
Johnny Hughes wrote: > > I forgot to mention that the CentOS Directory Server is already part of > the regular CentOS Extras repository, and should install from there as a > dependency for CentOS EIPA > Good to know! I was thinking that is was still available on testing repository. By the way, any position about this issue? http://bugs.centos.org/view.php?id=3719 Regards, Miguel ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Storing Kerberos database in OpenLDAP
Dan Burkland wrote: Hi all, I have created a project for myself in that I would like to store an MIT Kerberos database inside LDAP (Using OpenLDAP). I have found some relevant results but most of them are extremely outdated and unreliable. I did however recently find an article for Ubuntu that was up to date however it wasn’t focused on CentOS/Red hat-based distros. Has anybody found something like this https://help.ubuntu.com/9.04/serverguide/C/kerberos-ldap.html in regards to the topic discussed earlier? It is not a good idea to do that IMHO for the following reasons: 1) You have do rebuild the MIT Kerberos packages to enable the LDAP backend. 2) The MIT Kerberos LDAP backend on version 1.6 (shipped on CentOS) is considered not mature. 3) If your LDAP server is compromised (by a bug on OpenLDAP or something else) all password's hashes could be exposed. The Heimdal Kerberos seams to have a much more mature LDAP backend (that's why Samba merged Heimdal on Samba4 I suppose) but it is not packaged by Red Hat and I have no experience with it. Regards, Miguel signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] which ldap do you like
Gregory P. Ennis wrote: > > openldap, centos-ds, and freeipa seem to be high on everyone's list. > Which one do you like, and does it have a good setup tutorial I could > use. So far the tutorials I have looked at seem out of sync with the > curent versions of ldap servers. I've just deployed OpenLDAP and finally shutdown NIS here at work (the damn thing was running for literally more than a decade). FreeIPA was not an option at all, it would a pain to us to try to integrate our current environment on it. If you are going to start from scratch, take a serious look at it. Although I think it is too RH/Fedora driven to my taste. I've setup a test environment with CentOS-DS (RH DS) and it worked fine, we did not require all the fancy stuff it provides. We decided to not go ahead with it because a) The CentOS DS packaging is not "official" yet (we are lazy and just want the "official" stuff) b) To enable simple bind having the password on Kerberos you need to recompile the package enabling a plugin called 'PAM passthrough' to authenticate against PAM. This plugin is considered experimental and RH disables it. I requested on the CentOS bug tracker[1] to enable it but I don't believe it is going to happen. RH DS has very good documentation and by looking at the wiki it supports some MS Active Directory stuff (not relevant to us either). So we decided to go with OpenLDAP. Easy setup of simple bind with Kerberos (using saslauthd), no need to recompile the package shipped by CentOS/RHEL and a big user base. The official documentation is usable but to solve some problems searching on Google and the project's mailling lists archives you can easily find answers. Regards, Miguel [1] http://bugs.centos.org/view.php?id=3719 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
