[CentOS] Processes launched from rc*.d and ulimit -n
I'm running fedora directory server on some boxes in a multi-master arrangement. The problem is that when dirsrv is lauched from init (on boot) the maximum number of allowed file descriptors (ulimit -n) is only 4096. That means that the slapd process can only accept ~4k connections, and it needs to accept ~10k or so. The value for nofile for all users in /etc/security/limits.conf (and limits.d/*) is 65536, and as soon as I restart the process (service dirsrv restart) it comes up with ulimit -n being 64K, the way it's supposed to. Why isn't it doing this at boot? Right after boot: ldap07:~ mpatenaude$ ldapsearch -x -h localhost -LLL -D 'cn=directory manager' -W -b 'cn=config' -s base nsslapd-maxdescriptors Enter LDAP Password: dn: cn=config nsslapd-maxdescriptors: 4096 ldap07:~ mpatenaude$ sudo service dirsrv restart [sudo] password for mpatenaude: Shutting down dirsrv: ldap07... [ OK ] Starting dirsrv: ldap07... [ OK ] ldap07:~ mpatenaude$ ldapsearch -x -h localhost -LLL -D 'cn=directory manager' -W -b 'cn=config' -s base nsslapd-maxdescriptors Enter LDAP Password: dn: cn=config nsslapd-maxdescriptors: 65535 Thanks, -- Mitch Patenaude ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Processes launched from rc*.d and ulimit -n
The value for nofile for all users in /etc/security/limits.conf (and limits.d/*) is 65536, and as soon as I restart the process (service dirsrv restart) it comes up with ulimit -n being 64K, the way it's supposed to. Why isn't it doing this at boot? I figured out part of this: limits.conf is read by pam_limits.so, so until you log in, it isn't effective. I don't have an elegant solution, but my hackish solution so far is just to put a ulimit -n 65536 into the init script. Does anybody have a better (more elegant) solution? -- Mitch Patenaude ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Equivalent RHEL package for CentOS httpd package?
I'm trying to find out if a particular RedHat patch has been ported to CentOS yet. In particular, this vulnerability: CVE-2011-3607 According to this: https://rhn.redhat.com/errata/RHSA-2012-0323.html it has been patched as of httpd-2.2.3-63.el5_8.1.x86_64.rpm Now, in the latest CentOS repository, I find httpd-2.2.3-63.el5.centos.1.x86_64.rpm Is this the same (or later) release? I suspect not, because the el5 != el5_8.1, but I'm not 100% sure I understand the mapping between the two sets of RPM names. Thanks, -- Mitch Patenaude mpatena...@shutterfly.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help to install horde
On 12/7/11 1:46 PM, Weplica i...@weplica.com wrote: [...] And I do that: If Apache is running, you must now configure this installation of Horde by visiting: http://127.0.0.1/horde/ and then navigating to Administration Setup Horde Documentation on configuring Horde can be found at: /usr/share/doc/horde-3.3.11/docs/INSTALL But I only have ssh access, so I do: http:// my-ip /horde/ But I have nothing... The web server is probably only bound to the localhost interface as a security measure. You could launch a remote firefox as mroth suggested, but I would use ssh port forwarding instead: ssh your_server -L8080:localhost:80 Then you can open a browser with the url: http://localhost:8080/horde/ and that should do what you want. -- Mitch Patenaudempatena...@shutterfly.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NSS ldap problems [SOLVED]
Thanks to everybody for their suggestions, and for the pointer to getent, which was a gap in my sysadmin toolchest. I figured out the problem. The problem was that nslcd wasn't starting properly because the nslcd user didn't exist. We're using the same base passwd file for both centos5 and centos6, and that extra user didn't get added. Switching /etc/nslcd.conf to use an extant uid/gid allowed nslcd to start, and that allowed the query to work, and the test user can log in. I had never heard of nslcd--and it doesn't appear to have any man pages :-/, but inspection of the config file yields the impression of nscd for ldap, and it's config either supersedes or replaces /etc/ldap.conf. Thanks for all the good ideas, -- Mitch Patenaude mpatena...@shutterfly.com From: Mitch Patenaude mpatena...@shutterfly.commailto:mpatena...@shutterfly.com Date: Mon, 31 Oct 2011 15:10:31 -0700 To: CentOS mailing list centos@centos.orgmailto:centos@centos.org Subject: NSS ldap problems I'm having trouble setting up ldap based authenication. I have a virtual (KVM) CentOS 5.4 box set up to authenticate to a 389 (fedora) directory server, and that works fine. However, I set up a virtual box running CentOS 6, and I can't get it to authenicate. I've run authconfig with the appropriate flags, ldapsearch properly finds the data, but I can't log in. /var/log/secure shows that it doesn't find the user, and as a test I came up with the following perl snippet: perl -e 'print join( ,getpwnam(testuser)),\n;' And it properly finds the test user on the 5.4 box, but not the 6.0 box. I've checked /etc/ldap.conf and /etc/openldap/ldap.conf and both seem about right. Here are the ldap related packaged installed on the 6.0 box: [root@vburntest02 ~]# rpm -qa | grep ldap openldap-2.4.19-15.el6_0.2.x86_64 pam_ldap-185-5.el6.x86_64 nss-pam-ldapd-0.7.5-3.el6.x86_64 openldap-clients-2.4.19-15.el6_0.2.x86_64 apr-util-ldap-1.3.9-3.el6.x86_64 Any idea what to check next? Thanks, -- Mitch ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] NSS ldap problems
I'm having trouble setting up ldap based authenication. I have a virtual (KVM) CentOS 5.4 box set up to authenticate to a 389 (fedora) directory server, and that works fine. However, I set up a virtual box running CentOS 6, and I can't get it to authenicate. I've run authconfig with the appropriate flags, ldapsearch properly finds the data, but I can't log in. /var/log/secure shows that it doesn't find the user, and as a test I came up with the following perl snippet: perl -e 'print join( ,getpwnam(testuser)),\n;' And it properly finds the test user on the 5.4 box, but not the 6.0 box. I've checked /etc/ldap.conf and /etc/openldap/ldap.conf and both seem about right. Here are the ldap related packaged installed on the 6.0 box: [root@vburntest02 ~]# rpm -qa | grep ldap openldap-2.4.19-15.el6_0.2.x86_64 pam_ldap-185-5.el6.x86_64 nss-pam-ldapd-0.7.5-3.el6.x86_64 openldap-clients-2.4.19-15.el6_0.2.x86_64 apr-util-ldap-1.3.9-3.el6.x86_64 Any idea what to check next? Thanks, -- Mitch ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OpenLDAP setup and bootstraping in CentOS 6
I'm having trouble getting openldap through its initial setup. I created a /etc/openldap/slap.conf file with a default rootdn and rootpw, and they didn't seem to take effect. After much wailing and gnashing of teeth I found that if there is a config directory at /etc/openldap/slapd.d, it will ignore slapd.conf. I can't figure out how to translate slapd.conf into the (new?) standard of slapd.d because all the examples I can find still use slapd.conf. Am I better off just deleting (or renaming) slapd.d? Does anybody know the proper format for slapd.d entries? Thanks, -- Mitch Patenaude ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Package updates for 5.4?
We're running a large cluster, and are leery of upgrading them all to 5.5, but would like to find the latest security patches. Is there a repo for this? I can't seem to find a 5.4 specific update repo with anything since last March. Is 5.4 EOL'd? Thanks, -- Mitch ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package updates for 5.4?
On Wed, Jan 26, 2011 at 5:42 PM, Gene bran...@bellsouth.net wrote: Can you tell us more about you cluster? Nodes? Purpose? I managed a small 90 node cluster for seismic work. 300+ nodes total, 200 in a hadoop cluster used for mapreduce, the rest in a variety of headless datacenter roles (web, mail, database, backup, etc.). They are somewhat sensitive to version updates, so I was hoping to find a way to find the security updates (patch level) without having to change versions. Upgrading to 5.6 would likely involve upgrading several core packages (mysql, ruby, python, bind, even glibc and the kernel). Is this a pipe dream? Thanks, -- Mitch ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] using kvm
On Tue, 4 Jan 2011, Jerry Geis wrote: All - I am running a virtual windows 7 (pro 64) on centos 5.5 x86_64. I was hoping to run virtual XP inside windows7 in this configuration. I get an error about cannot start virtual XP when I try this. Do I not have something setup correctly or can I not run a double virtual environment? In general, it is not possible to nest virtualization environments. The hypervisor needs to trap certain events/interrupts and reserve certain instructions to manage the guest OS. As such, those are not available to the guest OS, therefore it cannot be a hypervisor itself. You *might* be able to run an emulator (bochs, qemu, etc) within the guest OS, but the performance would be something close to abominable. I'd say you're better off running two guests, one of Win7 and one of WinXP, and use some other mechanism (virtual network) to let them communicate. -- Mitch ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
