Re: [CentOS] CentOS 6.3 - fail2ban not working properly + workaround

[Theo Band]

On 03/12/2013 05:35 PM, Timothy Murphy wrote:
> I'm running fail2ban on my server (under CentOS-6.4)
> and it seems to be running according to
> -
> [tim@grover fail2ban]$ sudo service fail2ban status
> Fail2ban (pid 31794) is running...
> Status
> |- Number of jail:  1
> `- Jail list:   ssh-iptables
> -
> I have absolutely no idea how fail2ban works,
> and I'm running it with the default /etc/fail2ban/fail2ban.conf ,
> which seems to set the logfile to /var/log/fail2ban.log .
> Should I actually study how it is meant to be configured?
>
> I just yum-installed it (from Epel, I assume)
> and hope it does its job, whatever that is.
It sets up iptables rules for every jail that is configured (iptables 
-L). You seem to have only the ssh-iptables configured. Check the date 
of the logfile. I noticed that SYSLOG is now used for logging. It used 
to be /var/log/fail2ban.log in the past. I removed the old log file.
If ssh is the only public service you want to protect against brute 
force, then you don't need to setup anything. But have a look in 
/etc/fail2ban/jail.conf and add at least your email address to get a 
notification when it blocks access. There lots of other "jails" that can 
be enabled.
Normally I receive several messages a day. So not receiving them means 
that the service is no longer protecting. Simply because it watches a 
renamed no longer updated version of /var/log/secure:

ls -l /var/log/secure*
-rw--- 1 root root 2130892 Mar 12 18:25 /var/log/secure
-rw--- 1 root root 1374710 Feb 17 01:31 /var/log/secure-20130217
-rw--- 1 root root 1482646 Feb 24 03:09 /var/log/secure-20130224
-rw--- 1 root root 1732930 Mar  3 03:13 /var/log/secure-20130303
-rw--- 1 root root  656454 Mar 10 03:12 /var/log/secure-20130310

Once a week fail2ban stops working as a new secure log file is created 
(logrotate) and it seems to watch the only old name. You will not see 
any error message and status show as running.
But I have no proof that it keeps working with the gamin fix.

Theo



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.3 - fail2ban not working properly + workaround

[Theo Band]

On 10/17/2012 05:51 PM, SilverTip257 wrote:
> I recall others on this list are using fail2ban to block brute force
> login attempts.
> Packages are from the EPEL repo, so I'm just sharing some knowledge here.
>
> For about two months now I've had a CentOS 6.3 box (web host) in
> production that occasionally is ftp brute forced.
> Oddly enough fail2ban wasn't nabbing the perpetrators.  I found that
> the iptables chain for VSFTP isn't created for one.
>
> I have finally come to find [0] that indicates there's a problem with
> the inotify backend.
> Setting backend=gamin in /etc/fail2ban/jail.conf gives me the iptables
> chain I expect to find and one blocked host.
>
> Hope this is helpful to somebody until a new version is commited to EPEL.
>
> 
> yarikoptic:
> ok -- that point was not yet good ;) now (0.8.6-95-gc0c1232) that
> branch seems to work just perfect. If I hear no complaints or do not
> see problem with my instance -- I will merge it into master tomorrow,
> thus closing this issue
> 
>
> [0] https://github.com/fail2ban/fail2ban/issues/44
>

Thanks for the tip (I know it's a very old message).
I have updated recently to 6 and see that fail2band ssh dos no longer
works. Indeed after log rotate fail2ban seems to follow the old log file
instead of the newly created /var/log/secure.
I had backend = auto in /etc/fail2ban/jail.conf and gamin and pyinotify
are both installed. I now changed backend to gamin and give it another
try. The next log rotate is next week
Anyone else using fail2ban with CentOS6 installed from epel?

fail2ban-0.8.8-2.el6.noarch on CentOS6.4

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] autofs update brakes nested automount

[Theo Band]

On my CentOS5 boxes the automounter fails after the last update to 
autofs.x86_64 1:5.0.1-0.rc2.177.el5
No update is seen on CentOS6 and things still work there.

The home directory of users is setup using an auto.home map which is 
distributed using NIS:

*fsutrecht02:/export/home/& /nobackup -noacl 
nasutrecht01:/nobackup/&/snapshot -ro fazant:/home_backup/

This maps a users home directory and and two subfolders ~/nobackup and 
~/snapshot

Now I see this in my logs:

automount[6510]: parse_mount: parse(sun): can't find multi root thba

I found that this still works:
*fsutrecht02:/export/home/&

The nested folders do no longer work. If the wildcard is removed, works:

thbafsutrecht02:/export/home/& /nobackup -noacl 
nasutrecht01:/nobackup/&/snapshot -ro fazant:/home_backup/

Any idea how wildcards can be made to work (again) with nested mounts? 
Is it a bug?

Thanks,
Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anybody running cadence on CentOS 6 ?

[Theo Band]

On 01/10/2013 10:32 AM, Roberto Nunnari wrote:
>> >Yes we are.  On Quadro and enthusiast class equipment.  CentOS 5 works 
>> >fine, but we haven't done any sufficient CentOS 6 testing because other 
>> >software vendors in Engineering are still not certified for the platform.  
>> >What kind of problems are you having?  Perhaps some of our findings will 
>> >still apply.
>> >
> YES! Thank you very much to all!
> Following your advice, I just plugged in a dedicated video card, added
> proprietary drivers, and now it works fine on CentOS 5!
> This list is wonderful!!:-)
We use Mentor (also an very expensive software toolset) and I have had a 
lot of issues getting the drivers work correctly (Ati, Nvidia). The 
price for the graphic adapter was not an issue at all. Finding one that 
works correctly with the software is another story. The newest Ati 
driver worked only once! After every session the workstation had to be 
rebooted to get it to work again.

I went over to Cento6 just a couple of weeks ago. Most workstations now 
work with the standard Nouveau driver. No problem seen yet. The only 
annoying problem is that sometimes an application windows stays "empty". 
Simply resizing the window fixes it. for me it's hard to say what 
causes. The software needs backing-store on the X server being enabled. 
I underdstand this is old technology and I suspect this is now causing 
problems. But the bottomline for us is that CentOS6 seems to be easier 
with the built-in drivers compared to CentOS5.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firefox 18

[Theo Band]

On 01/10/2013 02:39 PM, Johnny Hughes wrote:
> You guys do know that we are fairly up2date with firefox/thunderbird on
> >their ESR program right?
> >
> >The Firefox/Thunderbird we have is totally updated for security and gets
> >upstream support from Mozilla.  It does not have every feature, but it
> >has most and should stay on ESR.
> >
> >http://www.mozilla.org/en-US/firefox/organizations/
> >
Does the version bundled with Centos6 also track this schedule? It's 
currently 10.0.12 which made me decide to remove it from all desktop 
installations and install the newest on the fileserver. It's a bit of a 
hassle to do start though (the nice menu entries get lost as well).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Virtual Machine Manager Centos 6

[Theo Band]

On 12/22/2012 11:11 PM, ignasr wrote:
> try virt-top.
Yes! That's exactly what I want.
Thanks for the tip.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Virtual Machine Manager Centos 6

[Theo Band]

I upgrade to CentOS6 from 5. The new (well, for me at least) 
virt-manager is much changed with respect to the one in 5. I miss cpu 
usage percentage and memory usage (both in percentage and the absolute 
amount). Is there a way the get this information quickly in an overview?

I just want to have an idea of how much memory is consumed by the 
virtual machines and if there is enough free for a new machine. This 
information and the cpu info I need to decide if a machine should be 
migrated to another host.

When I used Xen in the past, it was easy. xm list just showed a column 
with memory. Then I went over to KVM and could only use virsh list. Or 
virsh dominfo, but that is per virtual host. So since then simply 
started virt-manager.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] SOLVED: Re: yum install make does not work

[Theo Band]

Found it.

Just a simple typo in yum .conf:

> exclude=freetype*
>
>   This is the default, if you *make* this bigger *yum* won't see if 
> the metadata
> # is newer on the remote and so you'll "gain" the bandwidth of not 
> having to

I need to exclude freetype as I compiled my own version (with BCI 
enabled). I apparently removed the # on the line below.  And that does 
not give an error message. It simply excludes "This" "is"... and "make" 
and "yum".

Thanks for all replies.

Theo


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum install make does not work

[Theo Band]

On 12/19/2012 08:34 PM, Frank Cox wrote:
> On Wed, 19 Dec 2012 20:26:58 +0100 Nicolas Thierry-Mieg wrote:
>> Theo: I suggest disabling all repos except os+updates and trying again. 
> He could go to that mirror with a web browser and see if the package 
> actually exists there. 

I have two installations. One that works, and one that does not, so I 
can compare. I want to point to a known good mirror, but haven't figured 
out how to do that. I can probably just download the make rpm and 
install it with rpm. But that feels like cheating :-). And only one 
package seems to not exist. How does yum "remember" that? Is it perhaps 
a rpm database thing?

I tried something else, reinstall yum:
# yum reinstall yum
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Reinstall Process
Loading mirror speeds from cached hostfile
  * base: mirrors.supportex.net
  * extras: mirrors.supportex.net
  * updates: mirrors.supportex.net
base | 3.7 kB 00:00
extras | 3.5 kB 00:00
updates | 3.5 kB 00:00
Installed package yum-3.2.29-30.el6.centos.noarch (from 
anaconda-CentOS-201207061011.x86_64) not available.
Nothing to do

The other machine works fine:
# yum reinstall yum
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Reinstall Process
Loading mirror speeds from cached hostfile
epel/metalink |  15 kB 00:00
  * base: nl.mirror.eurid.eu
  * epel: mirror.nl.leaseweb.net
  * extras: nl.mirror.eurid.eu
  * updates: nl.mirror.eurid.eu
base | 3.7 kB 00:00
epel | 4.3 kB 00:00
epel/primary_db | 4.9 MB 00:02
extras | 3.5 kB 00:00
updates | 3.5 kB 00:00
updates/primary_db | 4.6 MB 00:01
Resolving Dependencies
--> Running transaction check
---> Package yum.noarch 0:3.2.29-30.el6.centos will be reinstalled
--> Finished Dependency Resolution

Dependencies Resolved

==
  Package Arch Version
RepositorySize
==
Reinstalling:
  yum noarch 3.2.29-30.el6.centos   
base 990 k

Transaction Summary
==
Reinstall 1 Package(s)

Total download size: 990 k
Installed size: 4.5 M
Is this ok [y/N]: n
Exiting on user Command


What is special with this install is that I used PXE init disk to boot 
the installation disk (I added an entry to an existing boot loader and 
placed the initial ramdisk and vmlinux in /boot). Could the initial 
installation source be the reason?


# yum install make
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
  * base: mirrors.supportex.net
  * epel: mirror.nl.leaseweb.net
  * extras: mirrors.supportex.net
  * updates: mirrors.supportex.net
Setting up Install Process
No package make available.

So this is the mirror for base:
http://mirrors.supportex.net/centos/6/os/x86_64/Packages/
http://mirrors.supportex.net/centos/6/os/x86_64/Packages/make-3.81-20.el6.x86_64.rpm

The mirror looks fine to me.

# yum provides /usr/bin/make
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
  * base: mirrors.supportex.net
  * epel: mirror.nl.leaseweb.net
  * extras: mirrors.supportex.net
  * updates: mirrors.supportex.net
No Matches found

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] yum install make does not work

[Theo Band]

I try to install make (should be present in base):

yum install make
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
  * base: mirrors.supportex.net
  * epel: mirror.nl.leaseweb.net
  * extras: mirrors.supportex.net
  * rpmforge: archive.cs.uu.nl
  * updates: mirrors.supportex.net
Setting up Install Process
No package make available.
Error: Nothing to do


This is a fresh install of CentOS6 (starting with a minimal install). 
All repositories seem to be working. I issued a yum clean and even 
removed the cache manually.
A machine with a similar setup works as expected (yum remove make;yum 
install make). This problem prevents me from installing group 
server-platform.
Since I started with a core installation by accident (wanted a Desktop) 
I simply Googled for the list of groups needed:

Default grouplist:
base core debugging directory-client java-platform 
network-file-system-client
server-platform fonts print-client basic-desktop desktop-debugging
desktop-platform general-desktop graphical-admin-tools input-methods 
legacy-x
x11 internet-applications internet-browser office-suite 
remote-desktop-clients

I was able to install all these groups except server-platform. And this 
boils down to not being able to install make.

Any clue how to fix this?

# yum groupinstall server-platform
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
  * base: mirrors.supportex.net
  * epel: mirror.nl.leaseweb.net
  * extras: mirrors.supportex.net
  * rpmforge: archive.cs.uu.nl
  * updates: mirrors.supportex.net
Setting up Group Process
Checking for new repos for mirrors
Package libstdc++-4.4.6-4.el6.x86_64 already installed and latest version
Package glibc-2.12-1.80.el6_3.6.x86_64 already installed and latest version
Package zlib-1.2.3-27.el6.x86_64 already installed and latest version
Package ncurses-libs-5.7-3.20090208.el6.x86_64 already installed and 
latest version
Package openssl-1.0.0-25.el6_3.1.x86_64 already installed and latest 
version
Package krb5-libs-1.9-33.el6_3.3.x86_64 already installed and latest 
version
Package openldap-2.4.23-26.el6_3.2.x86_64 already installed and latest 
version
Package libgcc-4.4.6-4.el6.x86_64 already installed and latest version
Package 1:dbus-libs-1.2.24-7.el6_3.x86_64 already installed and latest 
version
Package pam-1.1.1-10.el6_2.1.x86_64 already installed and latest version
Package nss-3.13.5-1.el6_3.x86_64 already installed and latest version
Package db4-4.7.25-17.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package redhat-lsb.x86_64 0:4.0-3.el6.centos will be installed
--> Processing Dependency: redhat-lsb-printing for package: 
redhat-lsb-4.0-3.el6.centos.x86_64
--> Processing Dependency: redhat-lsb-graphics for package: 
redhat-lsb-4.0-3.el6.centos.x86_64
--> Processing Dependency: perl-Test-Simple for package: 
redhat-lsb-4.0-3.el6.centos.x86_64
--> Processing Dependency: perl-Test-Harness for package: 
redhat-lsb-4.0-3.el6.centos.x86_64
--> Processing Dependency: perl-ExtUtils-MakeMaker for package: 
redhat-lsb-4.0-3.el6.centos.x86_64
--> Processing Dependency: perl-CGI for package: 
redhat-lsb-4.0-3.el6.centos.x86_64
--> Processing Dependency: /usr/bin/pax for package: 
redhat-lsb-4.0-3.el6.centos.x86_64
--> Processing Dependency: /usr/bin/patch for package: 
redhat-lsb-4.0-3.el6.centos.x86_64
--> Processing Dependency: /usr/bin/make for package: 
redhat-lsb-4.0-3.el6.centos.x86_64
--> Running transaction check
---> Package patch.x86_64 0:2.6-6.el6 will be installed
---> Package pax.x86_64 0:3.4-10.1.el6 will be installed
---> Package perl-CGI.x86_64 0:3.51-127.el6 will be installed
---> Package perl-ExtUtils-MakeMaker.x86_64 0:6.55-127.el6 will be installed
--> Processing Dependency: perl-devel for package: 
perl-ExtUtils-MakeMaker-6.55-127.el6.x86_64
---> Package perl-Test-Harness.x86_64 0:3.17-127.el6 will be installed
---> Package perl-Test-Simple.x86_64 0:0.92-127.el6 will be installed
---> Package redhat-lsb.x86_64 0:4.0-3.el6.centos will be installed
--> Processing Dependency: /usr/bin/make for package: 
redhat-lsb-4.0-3.el6.centos.x86_64
---> Package redhat-lsb-graphics.x86_64 0:4.0-3.el6.centos will be installed
---> Package redhat-lsb-printing.x86_64 0:4.0-3.el6.centos will be installed
--> Processing Dependency: /usr/bin/foomatic-rip for package: 
redhat-lsb-printing-4.0-3.el6.centos.x86_64
--> Running transaction check
---> Package foomatic.x86_64 0:4.0.4-1.el6_1.1 will be installed
--> Processing Dependency: foomatic-db for package: 
foomatic-4.0.4-1.el6_1.1.x86_64
---> Package perl-devel.x86_64 4:5.10.1-127.el6 will be installed
--> Processing Dependency: perl(ExtUtils::ParseXS) for package: 
4:perl-devel-5.10.1-127.el6.x86_64
---> Package redhat-lsb.x86_64 0:4.0-3.el6.centos will be installed
--> Processing Dependency: /usr/bin/make for package: 
redhat-lsb-4.0-3.el6.centos.x86_64
--> Run

[CentOS] How to prevent host boot problems with virtual client disk?

[Theo Band]

I added one new disk to my Centos5 machine and I want to dedicate this
disk to one of my virtual machines (also Centos5). After I added the
(empty) disk the machine starts up fine and identified the disk as /dev/sdd
It makes we wander what might happen to the host during a future
(re)boot. The new disk will get a partition table and logical volumes,
all which should be private to the client. The (KVM) host however will
also see this disk during boot. My host volume group has a non standard
name to prevent collision with the volume group name of the client
(VolGroup00 for instance). I know I can even ignore the client group all
together on the host.
Now I am afraid that during boot time the host sees /dev/sdd as the
first disk and tries to boot from it (bios update/reset for instance).
Is this a real risk?
My question is thus, how can I prevent that this (physical) client disk
can be used for booting by the host without messing with the
bios/cables? Should I first partition the disk and give one partition to
the client (the disk than has a second disk layout stored on this
partition). A similar thing can be done with a logical volume, but is
this wise?

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] suggestion for filesystem or general performance optimization

[Theo Band]

On 09/04/2012 09:06 AM, Götz Reinicke wrote:
> Hi,
>
> recently I noticed, that we have some performance issues regarding our
> central samba fileserver. Red Hat EL 5.8, samba3x-3.5.10-0.109.
>
> Doing a rsync, scp or accessing a share from a client and copy large
> files (e.g. 3 GB ISO), I do get a read / write average about 60 to 90
> MB/sec. So LAN and general hardware can work at max. lan speed.
>
> But copying or syncing small files, e.g. user profiles etc. or doing a
> backup of the smaller files lets drop the average performance to 10
> MB/Sec or less :(
>
> We use ext3 (noatime), the storage is connected by iscsi, it is a sun
> storage with sas harddisk.
>
> All suggestions so far: migrate to ext4 and good luck :)
>
> I read a couple of filesystem comparisons and ext4 looks like the best
> option, but what else could I do or expect?
>
> Locking? Limits ... blocksizes, more RAM (4GB installed), we have about
> 600GB of user data. so not really much...
>
>   Thanks for any suggestion or hint . Regards . Götz
>
>
I recognize this. Also using 5.8. Simply removing a few hundred GB of
small files can take half an hour. Removing the same amount of data
consumed by a couple of big files is less than a minute (even that is
slow, why not remove the index somewhere in the file system?)
One thing that did speed up things was using a solid stated disk because
of the much lower random access time. That's most likely not an option
for you...

So I am also interested in any answer.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bash job control and signals

[Theo Band]

On 08/29/2012 11:57 PM, Stephen Harris wrote:
> On Wed, Aug 29, 2012 at 10:00:47PM +0200, Theo Band wrote:
>> and I cannot change this application. I want all processes that are
>> children also to become suspended. I tried to add a trap, but that did
>> not work.
>>
>> Any idea how to make this work?
> The magic phrase you're looking for is "process group".  When you press
> control-Z a signal is sent to all the process in the process group, but
> when you send a "kill" it's only sent to one process.
>
> So
> % ps -o pgrp $your_process
>
> That'll tell you the process group.Then you kill -STOP -pgrp
> (note the negative ID sent to kill)
>
> That'll send a signal to all processes in the group
>

Thanks Stephen

That's exactly what my application does wrong. I will ask the vendor to
change the way they signal the external script. It's basically only
adding a dash before the signal and it works!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] bash job control and signals

[Theo Band]

I want to suspend a script using a signal but that does not work as I
want. I made an example script:

$ cat script
#!/bin/bash
echo $$
gkrellm

If run this script gkrellm starts up and I can use job control from the
terminal to suspend the script (CTRL-Z) and resume it (fg or bg).
If I suspend I can see that gkrellm freezes (that's why I choose gkrellm
in this example):

$ ./script
23632
--CTRL-Z--
[3]+  Stopped ./script
$ fg
./script

Next I want to do exactly the same but from another terminal using a signal:

kill -SIGSTOP 23632

[3]+  Stopped ./script

So the bash script is indeed suspended, but the gkrellm keeps running. I
can of course signal SIGSTOP to gkrellm and then this gkrellm will
suspend as well. I have however an application that suspends my script
and I cannot change this application. I want all processes that are
children also to become suspended. I tried to add a trap, but that did
not work.

Any idea how to make this work?

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] KVM as a desktop

[Theo Band]

On 08/28/2012 04:23 PM, James B. Byrne wrote:
> I am nearing the end of a project that moved our disparate services
> and hosts onto kvm virtualized servers.  What I am now contemplating
> is setting up my desktop as a virtual host and using one of the guests
> as my primary workstation.
>
> However, I am not sure how this would work in practice.  I am
> accustomed to working with virtual instances via ssh (a terminal
> window) and with my desktop system in a Gnome window manager.  Is
> there a reference somewhere that outlines the mechanics of logging
> into a virtual guest's graphical desktop directly from the physical
> console of the kvm host system?
>
>
I'm not sure what your benefit is to not use your host but a VM running
on it.
You could consider to use XDMP. You still need a (local) X server (gdm),
but then choose remote logon usign XDMCP.
On the virtual machine use gdmsetup to allow remote access or use this link:

http://www.centos.org/docs/5/html/5.1/Installation_Guide/s2-trouble-remotex.html

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] KVM Setup for Win7 Pro on CentOS 5.x

[Theo Band]

On 08/18/2012 12:06 AM, Bill Campbell wrote:
> I got things installed yesterday, adding a routed network section
> using virt-manager linked to the private interface, eth1.  I left
> the default NAT interface as-is.
>
> After rebooting the machine, two bridge devices, virbr0 and
> virbr1 appear in 'ifconfig' output with the appropriate IP
> addresses (192.168.122.1 and 192.168.100.1 respectively).
>
> The 'route -n' command shows reasonable routes for the VMs.
>
> I am thoroughly confused by the documentation I've found so far,
> much of which seems to be out of date.
>
> When the Windows VM is active with the network virbr1 defined
> with virt-manager and all other things default, a 'vmnet0' device
> appears in 'ifconfig' output.  I can ping the IPs on the private
> lan (192.168.101.0/24 in this case), but cannot get to the
> outside world, nor can hosts on the LAN ping the VM's assigned IP
> address 192.168.100.114.
>
> If I shut down the VM, manually run 'brctl addif virbr1 eth1', then start
> the VM things change:
>
> + The IP address assigned to the VM is in the 192.168.101.0/24 block
>   instead of 192.168.100.0/24 defined in virt-manager.
>
> + I can ping the outside world from the VM.
>
> + I can ping other hosts in 192.168.101.0/24, but*NOT*  the Linux boxes
>   IP address.
>
> + I cannot ping anything in 192.168.101.0/24 from the command line on
>   the Linux host (logged in with ssh on the public interface).
>
> + The command 'brctl show' displays vmnet0 and eth1 vir virbr1.
>
> I'm more than a bit confused at this point.
>
> My main goal is to get LAN and OpenVPN access to the Windows VM.
> I really don't care about Internet access from the Windows VM,
> although Microsoft really wants it to get updates and such.
Do you have iptables enabled? If so add a rule for the bridge as well.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] KVM Setup for Win7 Pro on CentOS 5.x

[Theo Band]

On 08/16/2012 06:36 PM, Bill Campbell wrote:
> I need to:
> + Create the VM instance allowing for about 50GB total disk space which
>   will be either a single image partitioned into two Windows 'Drives'
>   for the OS and applications/data, or two images.
>> The default location for the hard disk image file is under /var/lib
>> path.This can be changed to point to a different location if you
>> are planning many such large installation.   An alternate method could
>> be to define a file or a LVM and then tell virt-manager the location
>> of this file/LVM volume.
> Thanks for that info.  It looks like everything is under
> /var/lib/libvrt.
>
> I assume that I can replace /var/lib/libvirt/images with a
> symlink to another file system with adequate space.
>
> Would it be safe to symlink the entire /var/lib/libvrt directory
> to another file system?  I just tried 'lsof /var/lib/libvirt' on
> the system with no VMs and the libvrtd service running, and it
> doesn't show anything using it at idle.
Yes, as long as SeLinux is not enforced.
But why not simply mount a dedicated partition here? The actual path is 
stored in de VM definition. So existing machines need to be changed 
(virsh edit ). I think the default path is only used as e default 
location. I have moved the images of several machines to a NFS path to 
make live migration work.
Do remember that /var/lib/libvirt/qemu/save is used to save system state 
when rebooting. Still needs several GB of space for that.
> + Set up network bridging on the private LAN so that the Windows system
>   is accessible via OpenVPN connections from the outside world and by
>   users on the LAN to run a client/server accounting application.
>> I have done KVM VLANs but I am not sure if it can be done from the
>> virt-manager.   Experiment and see how far you can go.
> I will be digging into this later today.  So far I've found the
> file /var/lib/libvirt/network/default.xml and see a vibr0
> interface defined.
>
> The documentation I found yesterday described setting up briding,
> but hopefully virt-manager has a nicer way to do it.
This I find the most difficult part. I have done it a couple of time and 
made myself a HOWTO. You need to fill in some IP figures of course. I 
assume a fixed IP address, but DHCP should work as well. The setup 
creates a bridge and adds and existing interface (ifcfg-ethx) to that 
bridge. After that you can use the bridge for the VMs:

KVM
===
yum install kvm virt-manager qemu bridge-utils
#create bridge for virt-machine
cat > /etc/sysconfig/network-scripts/ifcfg-br0 << _END_
DEVICE=br0
TYPE=Bridge
IPADDR=192.168.48.X
NETMASK=255.255.255.0
GATEWAY=192.168.48.1
BOOTPROTO=none
ONBOOT=yes
DELAY=0
NOZEROCONF=true
NM_CONTROLLED=no
_END_

Edit /etc/sysconfig/network-scripts/ifcfg-ethx :
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no

service network restart
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] server fails to boot GRUB and flashing cursor

[Theo Band]

On 08/13/2012 11:17 PM, Dan Carl wrote:
> On 8/13/2012 4:07 PM, Les Mikesell wrote:
>> On Mon, Aug 13, 2012 at 2:41 PM, Dan Carl  wrote:
>   Device Boot  Start End  Blocks   Id  System
> /dev/sda1   *   1  13  104391   83  Linux
> /dev/sda2  14 658 5180962+  82  Linux swap /
> Solaris
> /dev/sda3 659884265737980   83  Linux
>
 You said this had RAID5: what's the o/p of cat /proc/mdstat?\
>>> Its a hardware raid5 perc.
>>> I cannot mount the boot partition sda1.
>>> sda3 mounts fine this is where the OS is.
>>> What to do?
>> What kind of error do you get when you try to mount sda1?   Is it
>> something fsck will fix?   You need to load the kernel and initrd from
>> there.
>>
> #mount -t ext3 /dev/sda1 /mnt/myboot
> mount: wrong fs type, bad option, bad superblock on /dev/sda1,
> missing codepage or other error
> In some cases useful info is found in syslog - try
> dmesg | tail  or so
>
> I have nothing in my boot directory. Will I have to reload the kernel 
> and grub?
>
> ran fsck got
> Superblock has an invalid ext3 journal (inode 8).
> Clear?
>
> Should I select Y?
> Thanks
> Dan

Try to fix, but it will probably not work. It's a bit strange as this
partition is on a raid, so it should be protected by a failing disk just
as the other partitions have survived.
I would boot from a CentosOS rescue CD. It will find your OS and mount
it. Then make a new ext3 fs on /dev/sda1 and mount it under /boot (that
is after the chroot /mnt/sysimage). Copy back the files from a backup if
you have that. If not, a re-install of the kernel (again after chroot)
will place the boot files under /boot/. Then issue a grub-install. It
will copy the needed grub images under /boot/grub and re-create a
grub.conf and a boot loader on /dev/sda etc.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] How to configure time on virtual clients using KVM?

[Theo Band]

I use a CentOS5.8 server with KVM. I have several virtual machines
running on it. When I reboot the server (takes 10 minutes) all VMs are
saved and correctly restored. The time on the clients is however of by
10 minutes.
nptd is running on the clients and that is able to correct this big
mismatch. But what I don't understand is that the host does not seem to
help the client with it's timekeeping.

On a fedora16 machine I can tell that kvm-clock is being used:
cat /sys/devices/system/clocksource/clocksource0/available_clocksource
kvm-clock tsc acpi_pm
cat /sys/devices/system/clocksource/clocksource0/current_clocksource
kvm-clock

One the centos5 client I can think I see the same:
dmesg|grep time.c
time.c: Using 1.193182 MHz WALL KVM GTOD KVM timer.

If I suspend a client, I see the time is correct just after resume. If I
save and restore the time is left at the saved time:

ssh valk5 date;virsh save valk5 /var/lib/libvirt/images/save ;sleep
60;virsh restore /var/lib/libvirt/images/save;ssh valk5 date;date
Thu Jun 28 18:37:59 CEST 2012
Domain valk5 saved to /var/lib/libvirt/images/save

Domain restored from /var/lib/libvirt/images/save

Thu Jun 28 18:40:00 CEST 2012
Thu Jun 28 18:41:07 CEST 2012


So my question is, is this intended behaviour? Is there something I can
change to kick the time during a restore?

A second related question is what happens after a live migrate. I can
migrate the VMs to a different machine, but that machine has slightly
different specs. I notice that the clock speed is really off (minutes
per hour need to be corrected after a live migrate). I guess the client
gets a differt CPU clock on the other host. Is there a way to update the
client without a reboot? A reboot helps, so I guess some timer
calibration takes place then. But that defeats the purpose of a live
migrate.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 'yum update' rollback or .. ?

[Theo Band]

On 06/22/2012 01:58 PM, Nikolaos Milas wrote:
> I am interested on other solutions too, so your thread is interesting!
dump

Assuming some form of ext[n] filesystem is being used. It has the
advantage that is also works with incremental backups. You can dump the
root file system and perhaps also the /boot filesystem.
Instead of the root filesystem, I dump a snaphost that is created each
evening. The snapshot has a frozen filesystem. So databases (mysql)
should just be consistent. If you want to be 100% sure, stop the
database, make a snapshot and start the database again. This is done
within one second, so hardly any impact on the live server.
Disadvantage of this method is that you still need the have a partition
table if you need to fully restore. And LVM and boot sector need to be
recreated. In case of disaster recovery you need this documented
properly (try it out at least once).
Advantage is that you can have daily system backups automatically created.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 'yum update' rollback or .. ?

[Theo Band]

On 06/22/2012 09:42 AM, przemol...@poczta.fm wrote:
> Hello,
>
> we have several physical servers (CentOS 5.*) with rather critical 
> applications where (because of stability)
> we don't do regularly 'yum update'. In virtualized environemnts (under Vmware)
> we do a snapshot, then 'yum update', reboot and if something is wrong we 
> rollback the snapshot.
> On physical servers we cannot do that. I have read about rollback option of 
> rpm but not sure if
> this is reliable solution. What is your best practise regarding "rollbacking" 
> 'yum update' on
> physical servers ?
>
One solution would be to use lvm snapshots. Create a snapshot of the
root volume (lvcreate -s VolGroup00/LogVol00 -n rootsnapshot -L 10G), do
an update and see if it works. If not, boot into rescue mode and copy
the content from the snapshot back to the original.
Make sure the snapshot gets the same size as the original volume. This
is important if you want to copy back all the data.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XEN or KVM - performance/stability/security?

[Theo Band]

On 05/12/2012 12:46 AM, Gordon Messmer wrote:
> A late reply, but hopefully a useful set of feedback for the archives:
Well let me share my experience as well.
> On 04/20/2012 05:59 AM, Rafał Radecki wrote:
>> Key factors from my opint of view are:
>> - stability (which one runs more smoothly on CentOS?)
> I found that xenconsoled could frequently crash in Xen dom0, and that 
> guests would be unable to reboot until it was fixed.  I also found that 
> paravirt CentOS domUs would not boot if they were updated before the 
> dom0.  In short, Xen paravirt was very fragile and troublesome.  I never 
> tested Xen with hardware virtualization.
>
> I have had no such problems with KVM.  In my experience KVM is much more 
> stable than Xen paravirtualization.  Xen HVM probably would suffer at 
> least some of the same problems.
I have some machine that were very unstable under load (max uptime some
weeks, then a crash). They were running CentOS5 with XEN kernel. First I
thought it was hardware related, but once a non-Xen kernel was loaded
and I migrated the VMs to KVM the machines are rock solid.
I must say I still have two machines running Xen and they have no
problem the last year. So it's probably also related to the specified
hardware configuration.

Theo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to prevent virtual machines running twice on the disk images?

[Theo Band]

On 05/11/2012 06:06 PM, Paul Heinlein wrote:
> On Fri, 11 May 2012, Theo Band wrote:
>
>> I use KVM on two identical centos5 hosts. []
>>
>> My question is, how can I prevent host A from starting a "shut off"
>> VM that actually has been migrated to host B? The VM could actually
>> be running on any another host. It could also have been crashed. The
>> most simple solution would be some sort of lock file placed next to
>> the disk image location, so seen by all hosts. But perhaps there is
>> another way of working with virt-manager that I am not aware of?
>
> My way of dealing with that is to undefine the domain on host A after
> it's been moved to host B, e.g.,
>
>   virsh migrate --live myvm remote://host-b
>   virsh undefine myvm
>
> The CentOS 6 version of virsh allows those operations to be combined:
>
>   virsh migrate --live --persistent --undefinesource myvm ...

Thanks,  that's the tip I needed. "undefine".


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to prevent virtual machines running twice on the disk images?

[Theo Band]

On 05/11/2012 01:07 PM, Regendoerp, Achim wrote:
>> -Original Message-
>> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
>> Behalf Of Theo Band
>> Sent: 11 May 2012 11:51
>> To: CentOS mailing list
>> Subject: [CentOS] How to prevent virtual machines running twice on the disk
>> images?
>>
>> I use KVM on two identical centos5 hosts.
>>
>> I can live migrate the virtual machines from one to the other and it works
>> great. Once I do this, I can see VM definitions on both hosts using virt-
>> manager or virsh list --all On one machine the VM is running, on the other it
>> reports "shut off".
>> The disk images are accessible to both host machines and I want to have only
>> one running a the time (of course). If the VM locks up, I could by mistake
>> think that the machine is not running and try to start it on the wrong host.
>>
>> My question is, how can I prevent host A from starting a "shut off" VM that
>> actually has been migrated to host B? The VM could actually be running on
>> any another host. It could also have been crashed. The most simple solution
>> would be some sort of lock file placed next to the disk image location, so
>> seen by all hosts. But perhaps there is another way of working with virt-
>> manager that I am not aware of?
>>
>> Theo
> Are those machines clustered? I used drbd/pacemaker/corosync to achieve 
> something similar across two CentOS hosts with KVM machines, and the VM can 
> only be started on the master node where the DRBD drive is mounted and 
> accessible. Live migrations are fairly easy too with this method
>
No, not clustered.
drbd I do use, but that means a drbd block devices for every individual
vm. I tried that but find it a lot of effort to maintain. One shared
(NFS) filesystem gives a lot more freedom to move a VM to a machine host
machine that has a lower load. I don't mind doing that by hand. It's not
for high availability.

Theo


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] How to prevent virtual machines running twice on the disk images?

[Theo Band]

I use KVM on two identical centos5 hosts.

I can live migrate the virtual machines from one to the other and it
works great. Once I do this, I can see VM definitions on both hosts
using virt-manager or virsh list --all
On one machine the VM is running, on the other it reports "shut off".
The disk images are accessible to both host machines and I want to have
only one running a the time (of course). If the VM locks up, I could by
mistake think that the machine is not running and try to start it on the
wrong host.

My question is, how can I prevent host A from starting a "shut off" VM
that actually has been migrated to host B? The VM could actually be
running on any another host. It could also have been crashed. The most
simple solution would be some sort of lock file placed next to the disk
image location, so seen by all hosts. But perhaps there is another way
of working with virt-manager that I am not aware of?

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to restrict reboot/poweroff from non-admins?

[Theo Band]

On 03/28/2012 09:38 PM, Timo Neuvonen wrote:
>> Only console users (local users) are allowed to do that. It's configured
>> using pam (I use Centos5.8 so forgive me if this is not the same for
>> CentOS6). I tried to change settings in /etc/pam.d/ and that indeed works:
>>
>> /etc/pam.d/poweroff
>> /etc/pam.d/reboot
>> /etc/pam.d/halt
>>
>> I added as a second line :
>> auth   sufficient   pam_rootok.so
>> # prevent normal users to reboot
>> auth   required pam_deny.so
>> 
>>
>> But still the user locally logged on to the machine (gnome session) can
>> switch it off. So I think I also missed something.
> I can't test it right now, but reading 'man pam.d' made me wonder if
> 'required'  in the 'auth required pam_deny.so' in the example above
> should be replaced with  'requisite'.
>
Both methods should work. With requisite the following checks are not
done anymore (it fails right away). But even if the other tests succeed
(after a failing required) the final judgement is still "fail". It a way
not to tell the reason authentication fails. This makes it a little bit
more difficult for an attacker.

Note that shutdown is not in the list of pam enabled applications. So a
user cannot poweroff, but he can still shutdown :-(
I read that /etc/shutdown.allow controls shutdown but I don't understand
what the gnome desktop actually calls. Apparently it is not
poweroff/reboot/halt.

Anyone knows how to properly prevent any non root user (console and
remote) for powering off a machine?

I need this only for desktop users that switch of their machine by
accident. The machine is used as part of a compute grid as well.

Theo


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to restrict reboot/poweroff from non-admins?

[Theo Band]

On 03/28/2012 04:04 PM, Bob Hoffman wrote:
> On 3/28/2012 10:03 AM, Phil Schaffner wrote:
>> Timo Neuvonen wrote on 03/28/2012 09:17 AM:
>>> I just noticed that CentOS (6.2) by default allows any user to
>>> reboot/poweroff system without any admin rights, or without any further
>>> questions, if using commands 'reboot' or 'poweroff'. But 'shutdown' still
>>> requires admin rights.
>>>
>>> What is the preferred way to restrict any regular user from rebooting /
>>> powering off the system (by accident)?
>>>
>>> IMHO, sudo should be required for this purpose (at least in a system with
>>> shared remote access from multiple users, single-user laptops etc may be a
>>> different case)
>>>
>> OUCH! This seems to qualify as a CentOS bug.  I confirm that a normal
>> user can reboot or poweroff the system on 6.2.  On RHEL:
>>
>> $ rpm -qa redhat-release\*
>> redhat-release-server-6Server-6.2.0.3.el6.x86_64
>> $ poweroff
>> poweroff: Need to be root
>> $ reboot
>> reboot: Need to be root
>>
>> Phil
>>
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>>
> I was just reading this the other day in a book but cannot find 
> it...there is some command that limits this...not sure if it was just 
> sudo or not...
> yea, that is scary
> ___
>
Only console users (local users) are allowed to do that. It's configured
using pam (I use Centos5.8 so forgive me if this is not the same for
CentOS6). I tried to change settings in /etc/pam.d/ and that indeed works:

/etc/pam.d/poweroff
/etc/pam.d/reboot
/etc/pam.d/halt

I added as a second line :
auth   sufficient   pam_rootok.so
# prevent normal users to reboot
auth   required pam_deny.so


But still the user locally logged on to the machine (gnome session) can
switch it off. So I think I also missed something.

Theo



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cannot remove a file

[Theo Band]

On 12/12/2011 01:04 PM, Rafa Griman wrote:
> Have you checked attributes (lsattr)? Maybe it's got the immutable flag on.
Yes that was indeed the case.
>
> In any case, the file is for quota definitions though it seems you
> don't have quotas activated:
The quota is enabled on the filesystem what was backed up. But when
restored it was just a file in a subdirectory of the anotother temporary
filesystem. I'm building a rsync hard link archive of all my previous
dumps. This saves me much disk data and gives faster access when needed.
>
> # mount|grep temp
> /dev/mapper/vgraid-temprestore on /mnt/temprestore type ext3 (rw)
>
> Check if quotas are really on or off and the attributes.
Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [SOLVED] Cannot remove a file

[Theo Band]

On 12/12/2011 01:04 PM, Mogens Kjaer wrote:
> On 12/12/2011 12:45 PM, Theo Band wrote:
>> Any ideas on what else I can do to get rid of this file?
>>
> Does
>
> man lsattr
> man chattr
>
> help you?
>
> Mogens
>
Thanks this is indeed the the answer:

# lsattr aquota.user
i--A- aquota.user

   A  file  with  the 'i' attribute cannot be modified: it cannot be
deleted or renamed, no
   link can be created to this file and no data can be written to
the file.  Only the supe-
   ruser  or  a process possessing the CAP_LINUX_IMMUTABLE
capability can set or clear this
   attribute.

# chattr -i aquota.user
# rm aquota.user
rm: remove regular file `aquota.user'? y

Learned something today :-)

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Cannot remove a file

[Theo Band]

I have used restore to restore a snapshot of home data. From the root of
this restore a file called aquota.user exists but cannot be removed:

# mount|grep temp
/dev/mapper/vgraid-temprestore on /mnt/temprestore type ext3 (rw)
# cd /mnt/temprestore/home
# ll -d .
drwxr-xr-x 2 root root 4096 Dec 12 11:12 .
# ll
total 12
-rw--- 1 root root 8192 Sep 30 10:21 aquota.user
# rm aquota.user
rm: remove write-protected regular file `aquota.user'? y
rm: cannot remove `aquota.user': Operation not permitted
# mv aquota.user somethingelse
mv: cannot move `aquota.user' to `somethingelse': Operation not permitted
# chown root.root aquota.user
chown: changing ownership of `aquota.user': Operation not permitted
# setfacl -b aquota.user
# rm aquota.user
rm: remove write-protected regular file `aquota.user'? y
rm: cannot remove `aquota.user': Operation not permitted
# getfacl aquota.user
# file: aquota.user
# owner: root
# group: root
user::rw-
group::---
other::---

And yes, I did a fsck -f on the filesystem. I even re-created the
filesystem (it needs to be empty anyhow) but after I restore the file
(using restore) the same problem pops up.
Any ideas on what else I can do to get rid of this file?

CentOS 5.7
Selinux permissive.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to list virt machine size with virsh?

[Theo Band]

On 12/09/2011 01:18 PM, James Hogarth wrote:
>> What I miss in that overview is the memory size of clients. I found
>> "virsh dominfo " but that is for just that one client (and I
>> have several running).
>> The same question for "xm top". I found that there seems to exist
>> virt-top, but I could not find this in a repository for Centos5.
>>
> For the memory thing off the top of my head I can't think of anything
> in a single command... but a quick virsh list | awk '$2 ~ /running/
> {print $1}' | while read guest; do virsh dominfo $guest | grep
> memorything  adapted slightly since that's untested and just
> quickly knocked out from rough memory shoudl help...
>
> With regards to virt-top that's on CentOS 6  for the underlying
> hosts you really want to be on C6 rather than C5 at this point due to
> much improved libvirt/kvm features - things like ksm and transparent
> huge pages are new and help... and then things like the newer
> scheduler and kernel is a bonus...
>
> Leave your guests on C5 or whatever they are on while you migrate
> sensibly... but there is no good reason for the hosts systems to be
> runnin C5 at this point... if you are only just starting to migrate
> form xen to kvm seriously get on C6 and do yourself a huge favour...

Funny I was thinking about a similar script line. Then I thought, this
is silly I must have overlooked the obvious. Let's ask the list :-)
The machine is dual bootable (Xen/Kvm). It serves as a backup for two
other machines running Xen (centos5). That's basically the only reason
I'm still on C5. I use drbd to mirror disks.
The best approach for me is to take a new machine with C6 and migrate on
there.

Theo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] How to list virt machine size with virsh?

[Theo Band]

I have started to migrate one CentOS5 machine from xen to kvm. The
stability of the machine is much better (too much crashes with xen).
I was used to do a "xm list" to get a list of clients. On the KVM
machine I need to do a "virsh list".
What I miss in that overview is the memory size of clients. I found
"virsh dominfo " but that is for just that one client (and I
have several running).
The same question for "xm top". I found that there seems to exist
virt-top, but I could not find this in a repository for Centos5.

virt-manager is a little overkill on this machine (it does work though
but I like command line quick info).

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Live CD boot for KVM guest. How?

[Theo Band]

On 10/19/2011 08:15 PM, John R Pierce wrote:
> On 10/19/11 9:34 AM, Müfit Eribol wrote:
>> My host and guest are CentOS 6. The guest is going to be a web server in
>> production. I am trying to resize (extend) of the base partition of my
>> guest.  But I can of course start the installation of CentOS 6 guest all
>> over again with a larger image size. However, just for the sake of
>> better understanding I an trying to solve things not to be end up in a
>> dead end after some years.
> rather than resizing the system 'drive', I woudl have simply created 
> ANOTHER logical drive mapped to the guest, and create a new file system 
> on it, moving the stuff thats filling up your base disk (/home ?  
> /var/www ?) to it, then remounting it as the 'new' /home or /var/www or 
> whatever
Agree.
But if your system disk is now bigger, you can also create a new
partition (even while the system is live) and use this new partition.
And I would still use LVM for this new partition. This does not really
add much complexity. It does add a lot of flexibility. The steps are:

parted /dev/sda
mkpart p ext2  

pvcreate /dev/sda2 (your new second new partition?)
vgcreate vg /dev/sda2
lvcreate vg -n test -L 10G
mkfs.ext4 /dev/vg/test

The volume group does not need to be assigned completely and leaves some
room to carve new partitions in the future. Also the snapshot feature
allows to create consistent backups if needed.

I even think you can used parted to change you system partition. Simply
delete the partition and recreate with the exact same starting sector.
One mistake and you will loose a lot though, so why would you even try?

Theo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hacking Issue

[Theo Band]

On 09/26/2011 01:02 PM, Jennifer Botten wrote:
>
> Hi,
>
>  
>
> I am having an issue with someone accessing our server via a SIP/VOIP
> connection. I have changed my iptables rules to drop all UDP traffic
> from and too this IP address, but this traffic seems to still run
> through my server. These are the iptables rules that I current have on
> the server.
>
> -A INPUT -i eth0 -s 209.61.231.42 -p udp -j DROP
>
> -A INPUT -i eth0 -d 209.61.231.42 -p udp -j DROP
>
>
If your SIP server needs to be accessed from any IP address, consider to
use fail2ban. Easy to setup and it will block access to your SIP server
after so many false attempts.
I started using fail2ban to prevent the logs (Asterisk) from cluttering
failed logons.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos6: how to debug suspend?

[Theo Band]

I have a desktop installation with Centos 6. A lot works fine, but
suspend to ram or disk does not work from the KDE menu.
If I choose suspend to RAM, the screen goes dark (black-light on) but
nothing further happens. I can give my password to remove the screenlock
and continue. But the machine stays on. Obviously the suspend has failed.
If I use pm-suspend (as root) all works fine. I've looked in
/var/log/messages but there is no hint there. The question is thus, how
can I debug this? Could it be a permission issue? Do I need to add
myself to a specific group?

Thanks,
Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Safely Remove Disk on LVM

[Theo Band]

On 09/19/2011 10:59 AM, Muhammad Panji wrote:
> On Fri, Sep 16, 2011 at 5:57 PM, Theo Band  <mailto:theo.b...@greenpeak.com>> wrote:
>
> On 09/16/2011 05:03 AM, Muhammad Panji wrote:
> > Dear All,
> > I plan to replace an error disk that is part of an LV. from LVM
> how-to
> > it could be done with using pvmove to move all PE from old disk
> to new
> > disk.But the howto also said that pvmove is slow. Anyone has
> > experience using pvmove on 2TB disk?
> >
> > Is it possible to make all PE on the old disk empty so I don't
> have to
> > do pvmove (assuming that I can make a free space >= 2TB). Thank
> you in
> > advance
> > Regards
> Yes it is slow, but it works. You can condider to remove some (unused)
> LVM that have extends on the physical disk. That speeds it up, as the
> extends are marked free again. How many disks do you now have in your
> volume group? If only one, then simply try to copy the entire disk to
> another one (dd/ddrescue/clonezilla). If the disk has bad sectors,
> then
> the pvmove will most likely fail anyhow.
>
> Hi Theo,
> thank you for the reply. I have four disk in one LV. so yesterday I
> already done pvmove the 2TB disk and it took time about 20 hours. I
> think the disk is just start to fail and most part of the disk is
> still good, that's why the pvmove process didn't take time that long.
> Regards,

Four disk in a volume group? I would never do that. You increase the
chance that something breaks with a factor 4 if every disk has the same
probability of failing. If they are the same size, you better create a
raid5 for instance. You loose one disk of capacity to recover from a
single disk failure in the array. I think it's worth it, but it depends
on the data that you store on it of course. In your case, if a disk
fails dramatically, you need to start the volume group with a missing
disk. This will create a big hole (zeros or IO errors) in the place were
the disk PE should have been in your logical volume. It's just guessing
what happens to the file system that you have created on top of it...

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Safely Remove Disk on LVM

[Theo Band]

On 09/16/2011 05:03 AM, Muhammad Panji wrote:
> Dear All,
> I plan to replace an error disk that is part of an LV. from LVM how-to
> it could be done with using pvmove to move all PE from old disk to new
> disk.But the howto also said that pvmove is slow. Anyone has
> experience using pvmove on 2TB disk?
>
> Is it possible to make all PE on the old disk empty so I don't have to
> do pvmove (assuming that I can make a free space >= 2TB). Thank you in
> advance
> Regards
Yes it is slow, but it works. You can condider to remove some (unused)
LVM that have extends on the physical disk. That speeds it up, as the
extends are marked free again. How many disks do you now have in your
volume group? If only one, then simply try to copy the entire disk to
another one (dd/ddrescue/clonezilla). If the disk has bad sectors, then
the pvmove will most likely fail anyhow.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] xendomains not starting at boot

[Theo Band]

On one of my xen hosts a virtual machine does not start at boot. I can
see that xendomains gives an error:

service xendomains start
Starting auto Xen domains: fszeleNo handlers could be found for logger
"xend"
Error: Disk isn't accessible
No handlers could be found for logger "xend"
Error: Disk isn't accessible

An error occured while creating domain fszele: Usage: xm create
 [options] [vars]

Create a domain based on .

Options:

-h, --help   Print this help.
--help_configPrint the available configuration variables (vars)
 for the configuration script.
-q, --quiet  Quiet.
--path=PATH  Search path for configuration scripts. The value of
 PATH is a colon-separated directory list.
-f=FILE, --defconfig=FILE
 Use the given Python configuration script.The
 configuration script is loaded after arguments have
 been processed. Each command-line option sets a
 configuration variable named after its long option
 name, and these variables are placed in the
 environment of the script before it is loaded.
 Variables for options that may be repeated have list
 values. Other variables can be set using VAR=VAL on
 the command line. After the script is loaded, option
 values that were not set on the command line are
 replaced by the values set in the script.
-F=FILE, --config=FILE
 Domain configuration to use (SXP).
 SXP is the underlying configuration format used by
 Xen.
 SXP configurations can be hand-written or generated
 from Python configuration scripts, using the -n
 (dryrun) option to print the configuration.
-n, --dryrun Dry run - prints the resulting configuration in SXP
 but does not create the domain.
-p, --paused Leave the domain paused after it is created.
-c, --console_autoconnect
 Connect to the console after the domain is created.

!
[failed]   [FAILED]


The actual command executed turns out to be:

XMC=`xm create --quiet --defconfig $dom`
where dom=/etc/xen/auto/fszele

If I issue the command from the command line, the dom starts as
expected. After some debugging on /etc/init.d/xendomains it turns out to
work if I change this line:

diff xendomains*
283c283
<   XMC=$(xm create --quiet --defconfig $dom)
---
>   XMC=`xm create --quiet --defconfig $dom`

or

diff xendomains*
283c283
<   XMC=`echo debug;xm create --quiet --defconfig $dom`
---
>   XMC=`xm create --quiet --defconfig $dom`

So I fixed the problem using $() instead of back-ticks, but I like to
understand what can be the root cause of this problem. It seems to
happen on only one of my hosts.


cat /etc/redhat-release
CentOS release 5.6 (Final)
rpm -qf xendomains
xen-3.0.3-120.el5_6.3
uname -a
Linux xenzele.greenpeak.com 2.6.18-238.19.1.el5xen #1 SMP Fri Jul 15
08:16:59 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum list updates error

[Theo Band]

 On 10/16/2010 08:51 AM, Ritika Garg wrote:
> Before doing "yum update" on system which has CentOS5.3, I gave "yum
> list updates" but the following message comes:
> Loaded plugins: fastestmirror
> Determining fastest mirrors
> Could not retrieve mirrorlist
> http://mirrorlist.centos.org/?release=5&arch=x86_64&repo=os
>  error was
> [Errno 4] IOError: 
> Error: Cannot find a valid baseurl for repo: base
You can just give a yum update. Before any update starts you are asked
for a confirmation.
If network connection is not the problem, try a "yum clean all" and try
to update again.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone suggest a decent backup system?

[Theo Band]

 On 09/16/10 10:34, Kevin Thorpe wrote:
>   Hi all,
>
> We have a bit of a problem with backups. We've been using bacula to tape 
> and now trying to disk but it's a complete nightmare as regards tape 
> management. The backup to file storage went ok for ages and now is stuck 
> 'waiting for max storage jobs' which is odd as that's set to 20 and it's 
> the only backup running. That's totally typical of bacula.
>
> Can anyone suggest a simple backup package for us? Essentially a single 
> server, full backup to tape every day. We don't need tape management as 
> we're fully capable of reading the written label on the tape ourselves.
>
Do you need tape backups? If not, consider automatic backups to HDD
storage. For disaster recovery you can use a USB drive to take offsite.
Or an e-sata drive in a hot swappable raid setup. Exchange once a day
and bring it off-site. Or get some online backup storage to create an
off-site mirror.
I use good old dump with LVM snapshots to make daily consistent backups
(works only for ext2/3 fs). Since it's fully automated, I only have to
check the backup disk usage. Even there I automate the removal of old
daily backups.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help! Help ! i done centos upgrade

[Theo Band]

 On 09/13/10 17:48, Ernatalo su Gmail wrote:
>   i know that this is a good thing, but i've only 1 partition.
> /boot and /root are in the same partition that i convert from ext3 ti ext4.
> everything works fine until this morning. I "rebooted" the server many 
> time from the "convertion"
> but i had never upgrade the Centos before today.
> with the update the trouble begun!
> from Installation DVD i can see the /dev/sbd1/ (hd0,0) and with fdisk -l 
> i can see that it's an ext4 partition. 
Nothing to worry if you can still mount the disk while booting from the
DVD. From the grub shell you can also issue a find command (find
/boot/grub/grub.conf). Perhaps the disk is mixed up and it is now hd1
and hd0 is you external drive?

(hd1,0)/boot/grub/grub.conf

If you start typing "(hd" and then use command completion, you will see
which drives are seen by grub like hd0 or hd1 etc, and what partitions
exist).

root(hd1)
configfile /boot/grub/grub.conf
will get you back to the boot menu. (It's all from my head, so mind some
typos)

Theo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] xm console -- what should I get?

[Theo Band]

David Dyer-Bennet wrote:
> If I type "xm console 6", say (when I have a virtual machine 6 running),
> what should I get?
>
> The documentation seems to indicate that I should get something that
> behaves like a telnet to a serial console.
>
> What I actually get is a connection that might show me a couple of lines
> of output that do look like they belonged on the console, but doesn't seem
> to accept any input (except that it does exit on the documented escape
> character ^[).
>
> These virtual systems show as running, and in fact with virt-viewer I can
> get a VNC console to them.
>
> Dom0 and the guests are Centos 5.5 x64, running on Intel processors with
> modern virtualization support (turned on in the bios, and it looks like
> Xen found it from xm dmesg output).
>   
It works for para-virtualized guests (with xen kernel) not for
fully-virtualized ones.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to measure file transfer speed?

[Theo Band]

hadi motamedi wrote:
> Dear All
> I have one centos server equipped with WiFi . I want to measure data
> rate speed on this connection . Is there any utility on my centos that
> can measure data speed on one specific Ethernet connection when
> transferring large size files through WiFi connection?
> Thank you
Nobody mentioned iftop? That's my personal favorite.
Just like top, but now for traffic.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] permanently add md device

[Theo Band]

Wessel | Postoffice wrote:
> Hi All
>
> Currently i'm setting up a 5.4 server and try to create a 3rd raid device, 
> when i run:
> $mdadm  --create /dev/md2 -v  --raid-devices=15 --chunk=32 --level=raid6 
> /dev/sdc /dev/sdd /dev/sde /dev/sdf /dev/sdg /dev/sdh /dev/sdi /dev/sdj 
> /dev/sdk /dev/sdl /dev/sdm /dev/sdn /dev/sdo /dev/sdp /dev/sdq
>
> the device file "md2" is created and the raid is being configured. but 
> somehow /dev/md2 is flushed when i reboot the system , same story if i create 
> the file by mknod or MAKEDEV.
> does anyone know a way to solve this issue and permanently add md2 to devices?
>
>   
I think it helps if you set the disk flag to raid auto detect (fd =
Linux raid auto). Can be done with parted or fdisk (option t).

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Xen guest does not autostart

[Theo Band]

Jussi Hirvi wrote:
> I have a virtual machine stack which was purely Centos 5.4 the last time 
> I rebooted and experienced this problem: one of the guests does not 
> start automatically after reboot.
>
> [r...@farm1 xen]# pwd
> /etc/xen
> [r...@farm1 xen]# ls -l auto
> total 0
> lrwxrwxrwx 1 root root 8 Dec 11 17:25 name1 -> ../name1
> lrwxrwxrwx 1 root root 8 May  5 21:10 name2 -> ../name2
> lrwxrwxrwx 1 root root 8 Nov 26 11:43 name3 -> ../name3
> lrwxrwxrwx 1 root root 6 Oct 29  2009 name4 -> ../name4
>
> (I retyped the names there.)
>
> [r...@farm1 xen]# ls -l
> total 88
> drwxr-xr-x 2 root root 4096 Apr  3 15:15 auto
> -rw--- 1 root root  430 Dec 11 13:14 name1
> -rw--- 1 root root  610 May  7 12:07 name2
> -rw--- 1 root root  303 Nov  4  2009 name3
> -rw--- 1 root root  295 Oct 29  2009 name4
> (...)
>
> Here is one guest that works:
>
> name = "name3"
> uuid = "958f8695-95e0-b43c-512e-2ca8950d35de"
> maxmem = 900
> memory = 900
> vcpus = 1
> bootloader = "/usr/bin/pygrub"
> on_poweroff = "destroy"
> on_reboot = "restart"
> on_crash = "restart"
> disk = [ "tap:aio:/vm/mail3.img,xvda,w" ]
> vif = [ "mac=00:16:36:4f:d6:11,bridge=xenbr1,script=vif-bridge" ]
> ~ 
>
>
> The next one does not autostart (but starts ok with "xm create name2"). 
> This is the only guest that has two bridges. There is only 500M RAM, but 
> a third guest starts fine with 500M):
>
> name = "name2"
> uuid = "68e33ec6-ef36-9eac-27d7-65a709684551"
> maxmem = 500
> memory = 500
> vcpus = 1
> bootloader = "/usr/bin/pygrub"
> # kernel = "/var/lib/xen/boot_kernel.5g5MLq"
> # ramdisk = "/var/lib/xen/boot_ramdisk.1pSOoP"
> # extra = "ro root=LABEL=/ console=xvc0"
> on_poweroff = "destroy"
> on_reboot = "restart"
> on_crash = "restart"
> disk = [ "tap:aio:/vm/mail2.img,xvda,w" ]
> vif = [ 
> "mac=00:16:36:24:67:3c,bridge=xenbr0","mac=00:16:36:24:67:3d,bridge=xenbr1" 
> ]
> ~
>
> What might be the problem??
>   
Try to stop the xendomains and restart them:

service xendomains stop

If domains are configured to be saved then check /var/lib/xen/save to
find the saved domains.

Then start them again

service xendomains start

This at least gives you a faster way to check than actually rebooting
your host.
Needless to say, check the log files in /var/log/xen/

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] is it possible to recover LVM drive from accidental Fdisk?

[Theo Band]

nate wrote:
> Rudi Ahlers wrote:
>   
>> Hi all,
>>
>> Does anyone know if it's possible to recover an LVM partition from a drive
>> that was fdisked? I accidently fdisk'd the wrong drive (had to fdisk a lot
>> of 160GB drivers from old servers and one still has important data on that
>> client now wants) by running fdisk /dev/sdc & deleting the partitions. The
>> drive is still in a another machine and hasn't been rebooted yet, but
>> there's no no partition on it.
>> 
>
> re-create the original partition table, which is just a map, as long
> as you haven't formatted or overwritten data everything should still
> be there
>
> Also suggest if your not already doing it set your LVm partitons to
> type 8e so it's obvious they are LVM
>
> [r...@dc1-mysql001b:~]# fdisk -l /dev/sdc
>
> Disk /dev/sdc: 2197.9 GB, 2197949513728 bytes
> 255 heads, 63 sectors/track, 267218 cylinders
> Units = cylinders of 16065 * 512 = 8225280 bytes
>
>Device Boot  Start End  Blocks   Id  System
> /dev/sdc1   1  267218  2146428553+  8e  Linux LVM
>
>   
And if you don't exactly remember how the partitions where set up, you
could try parted with the rescue command. It will search the raw disk
for signatures that could be the start of a partition.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CPU usage over estimated?

[Theo Band]

Scott Silva wrote:
> on 6-4-2009 5:37 AM Theo Band spake the following:
>   
>> I have a quad core CPU running Centos5.
>>
>> When I use top, I see that running processes use 245% instead of 100%.
>> If I use gkrellm, I just see one core being used 100%.
>>
>> 
> This one is easy. 4 cpu's, 100% total each, a maximum of 400%.
>
> Since one core is at 100%, the other 145% is spread across the other 3 cores.
>   
Not quite. If I run 4 processes (4 times cpuburn-in) I see this:

Cpu(s): 50.2%us,  0.9%sy, 48.9%ni,  0.0%id,  0.0%wa,  0.0%hi,  0.0%si, 
0.0%st
14696 thba  25   0  2064  984 1080  308 R 244.9  0.0   0:40.57
cpuburn-in
14695 thba  25   0  2064  984 1080  308 R 243.2  0.0   0:43.21
cpuburn-in
14698 thba  25   0  2064  984 1080  308 R 242.9  0.0   0:34.47
cpuburn-in
14697 thba  25   0  2068  988 1080  308 R 162.0  0.0   0:25.86
cpuburn-in
14402 made  31  15  117m  24m  93m  11m R 40.9  0.4   1:11.56
eldo_64.exe
13746 kedo  39  15  696m 611m  85m  23m R 40.3 10.3  34:29.50
common_shell_ex

So in total 100% (first line) and counting the process %
(244.9+243.2+242.9+162.0+40.9+40.3=974%). One of the cores runs three
processes also totaling up to (162+40.9+40.3)=243%
To me it looks like all values are just multiplied by 2.43 (400%x2.43=972%)

I did disable hyperthreading in the bios. The machine would otherwise
show up with 8 CPU. Hyperthreading does benefit my application.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CPU usage over estimated?

[Theo Band]

Filipe Brandenburger wrote:
> Hi,
>
> On Thu, Jun 4, 2009 at 08:37, Theo Band  wrote:
>   
>> When I use top, I see that running processes use 245% instead of 100%.
>> If I use gkrellm, I just see one core being used 100%.
>> There are all single threaded programs, so it's not that more cores are
>> being used.
>> 
>
> Are you sure?
>
> You can type "H" in top to show separate threads, that way it would
> show up if you have more than one thread running in one of those
> programs
Yes I'm quite sure. For instance cpuburn on two machines, the only
difference is hardware (two versus four cores). The H option does not
show more threads:

Machine a (dual core Centos5 64 bit)
  Intel(R) Core(TM)2 Duo CPU E8400
  2.6.18-128.1.6.el5 #1 SMP Wed Apr 1 09:10:25 EDT 2009 x86_64 x86_64
x86_64 GNU/Linux

top - 09:26:00 up 62 days, 21:43,  1 user,  load average: 0.30, 0.16, 0.17
Tasks: 120 total,   3 running, 117 sleeping,   0 stopped,   0 zombie
Cpu(s): 50.0%us,  0.2%sy,  0.0%ni, 49.8%id,  0.0%wa,  0.0%hi,  0.0%si, 
0.0%st
Mem:   4050728k total,  2448800k used,  1601928k free,   405860k buffers
Swap:  3538936k total,22172k used,  3516764k free,  1762448k cached

  PID USER  PR  NI  VIRT  RES SWAP  SHR S %CPU %MEMTIME+  COMMAND
16916 thba  25   0  2068  988 1080  308 R 100.2  0.0   0:11.48
cpuburn-in



Machine b (quad core Centos5 64 bit)
  Intel(R) Core(TM) i7 CPU 940  @ 2.93GHz
  2.6.18-128.1.6.el5 #1 SMP Wed Apr 1 09:10:25 EDT 2009 x86_64 x86_64
x86_64 GNU/Linux

top - 09:28:24 up 25 days, 40 min,  2 users,  load average: 1.44, 1.83, 1.83
Tasks: 165 total,   3 running, 162 sleeping,   0 stopped,   0 zombie
Cpu(s): 25.1%us,  0.5%sy, 25.0%ni, 49.4%id,  0.0%wa,  0.0%hi,  0.0%si, 
0.0%st
Mem:   6097924k total,  4366540k used,  1731384k free,   152248k buffers
Swap:  4194296k total,  112k used,  4194184k free,  3322344k cached

  PID USER  PR  NI  VIRT  RES SWAP  SHR S %CPU %MEMTIME+  COMMAND
13873 thba  25   0  2068  988 1080  308 R 243.8  0.0   0:26.97
cpuburn-in

The total cpu reported is about correct (for the second machine two jobs
ran, one cpuburn-in=25% and one other with nice15=25%). It's just the
individual process on this quad core machine that's way off.
When I build the machine a couple of months ago, I did benchmarks and
used top as well. It did show "normal" results, most of the time 100%
for a process and sometimes a little more. So I guess an update in the
mean time has changed something.

Theo


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CPU usage over estimated?

[Theo Band]

Hakan Koseoglu wrote:
> On Thu, Jun 4, 2009 at 1:37 PM, Theo Band  wrote:
>   
>> I have a quad core CPU running Centos5.
>>
>> When I use top, I see that running processes use 245% instead of 100%.
>> If I use gkrellm, I just see one core being used 100%.
>> 
> Theo, by any chance are you using cumulative mode on top?
>   
Not that I was aware of. I did toggle Iris mode (what's that?) and then
the cpu % goes down to about 62.2% (instead of 100% as the top line
tells me). With cumulative mode on or off there is no difference in reading.

Theo

-- 
GreenPeak Technologies

Phone :  +31 30 711 5622 Catharijnesingel 30
Fax   :  +31 30 262 1159 3511 GB Utrecht
E-mail:  theo.b...@greenpeak.com The Netherlands
Skype :  Theo.Band-greenpeakhttp://www.greenpeak.com

CONFIDENTIALITY: this message, including possible attachment(s),
constitutes confidential GreenPeak information, intended for the use of
above named addressee(s) only; any other use or disclosure to anyone
other than addressee(s), is prohibited. Chamber of Commerce
NL-3210.56.42.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CPU usage over estimated?

[Theo Band]

Didi wrote:
> On Thu, Jun 4, 2009 at 1:37 PM, Theo Band  wrote:
>   
>> I have a quad core CPU running Centos5.
>>
>> When I use top, I see that running processes use 245% instead of 100%.
>> If I use gkrellm, I just see one core being used 100%.
>> 
>
> Press 1 in top to see the per CPU info
>   
Tasks: 165 total,   3 running, 162 sleeping,   0 stopped,   0 zombie
Cpu0  :  0.5%us,  0.8%sy, 19.6%ni, 79.1%id,  0.0%wa,  0.0%hi,  0.0%si, 
0.0%st
Cpu1  :  0.0%us,  1.2%sy, 98.6%ni,  0.0%id,  0.0%wa,  0.0%hi,  0.1%si, 
0.0%st
Cpu2  :  0.0%us,  0.0%sy, 13.0%ni, 87.0%id,  0.0%wa,  0.0%hi,  0.0%si, 
0.0%st
Cpu3  :  1.1%us,  0.8%sy, 74.5%ni, 23.3%id,  0.0%wa,  0.0%hi,  0.3%si, 
0.0%st
Mem:   6097924k total,  5837764k used,   260160k free,   126288k buffers
Swap:  4194296k total,  112k used,  4194184k free,  5119488k cached

  PID USER  PR  NI  VIRT  RES SWAP  SHR S %CPU %MEMTIME+  COMMAND
 4742 made  39  15  117m  24m  93m  11m R 262.8  0.4   0:49.35
eldo_64.exe
18037 thba  34  15  340m 277m  63m  45m R 244.9  4.7 275:09.10 ic

This doesn't make a difference for the listed process.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CPU usage over estimated?

[Theo Band]

I have a quad core CPU running Centos5.

When I use top, I see that running processes use 245% instead of 100%.
If I use gkrellm, I just see one core being used 100%.

top:
   PID USER  PR  NI  VIRT  RES SWAP  SHR S %CPU %MEMTIME+  COMMAND
18037 thba  31  15  304m 242m  62m  44m R 245.3  4.1 148:58.72 ic

Also in the log of some programs I see this strange factor:
  CPU Seconds = 2632   Wall Clock Seconds = 1090

There are all single threaded programs, so it's not that more cores are
being used.

[t...@fazant]$ uname -a
Linux fazant 2.6.18-128.1.6.el5 #1 SMP Wed Apr 1 09:10:25 EDT 2009
x86_64 x86_64 x86_64 GNU/Linux


[t...@fazant]$ cat /proc/cpuinfo
processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 26
model name  : Intel(R) Core(TM) i7 CPU 940  @ 2.93GHz
stepping: 4
cpu MHz : 1600.000
cache size  : 8192 KB
physical id : 0
siblings: 4
core id : 0
cpu cores   : 4
apicid  : 0
fpu : yes
fpu_exception   : yes
cpuid level : 11
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush dts acpimmx fxsr sse sse2 ss ht tm syscall nx
rdtscp lm constant_tsc ida nonstop_tsc pni monitor ds_cpl vmx est tm2
cx16 xtpr popcnt lahf_lm
bogomips: 5871.54
clflush size: 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management: [8]

Any ideas?

Thanks,
Theo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] filesystem rpm fails when /home is NFS mounted

[Theo Band]

R P Herrold wrote:
> On Wed, 1 Apr 2009, Paul Heinlein wrote:
>
>   
>> I don't know if it's a bug or a feature, but the
>> filesystem-2.4.0-2.el5.centos rpm won't upgrade cleanly if /home is an
>> NFS filesystem.
>> 
>
> I confirm this is present in 5.3 where /home is an NFS mount, 
> and that I missed it in testing.  A workaround is:
>
> 1. Boot into single user node.
> 2. run: /sbin/service network start
> 3. run: yum -y update filesystem
>
> If your system emitted the warning, but did not 'bail', it is 
> safe to retieve the rpm locally, and to run:
>
> # rpm -Uvh filesystem*rpm --force
>   
I have te same problem, an NFS mounted home share with root_squash. Yum
ignores the package, so I downloaded it and tried it with rpm:

[r...@raaf ~]# rpm -Uvh --force filesystem-2.4.0-2.el5.centos.i386.rpm
Preparing...###
[100%]
   1:filesystem ###
[100%]
error: unpacking of archive failed on file /home: cpio: chown failed -
Operation not permitted


But the package is still not installed (I don't know what you mean with
'bail' by the way). Is there another way to get this installed? Is there
perhaps an option to ignore any errors and just install (apparently
--force does not do that).
Unmounting is not an option, too many users on the machine. So a reboot
would be needed. As someone else mentioned, waiting a couple of weeks is
also an option, if it get's fixed in the end.

Theo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [SOLVED] Disks do not mount at boot

[Theo Band]

Theo Band wrote:
> I have a problem with two entries in my /etc/fstab. When I boot the
> machine, the disks are not mounted. When I give mount -a, all disks are
> present without an error. Of course I don't want to manually do that
> after each reboot. What can be the problem?
>   
Turned out that the auto.master was using the /dczele01 mountpoint as
well. This was present in a NIS map Apparently autofs removes
existing mounts so that they are not visible anymore.

Theo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Disks do not mount at boot

[Theo Band]

I have a problem with two entries in my /etc/fstab. When I boot the
machine, the disks are not mounted. When I give mount -a, all disks are
present without an error. Of course I don't want to manually do that
after each reboot. What can be the problem?

CentOS 5.2

cat /etc/fstab
/dev/vg/centos  /   ext3defaults1 1
LABEL=/boot /boot   ext3defaults1 2
LABEL=zele_common   /dczele01/  ext3defaults1 2
LABEL=users /dczele01/users ext3defaults1 2
tmpfs   /dev/shmtmpfs   defaults0 0
devpts  /dev/ptsdevpts  gid=5,mode=620  0 0
sysfs   /syssysfs   defaults0 0
proc/proc   procdefaults0 0
/dev/vg/swapswapswapdefaults0 0
arend:/home /home   nfs
proto=tcp,nfsvers=3,bg,defaults0 0
arend:/program  /programnfs
proto=tcp,nfsvers=3,bg,defaults0 0


Instead of LABEL I also tried to use the device /dev/vg2/users. The
filesystem is created on a logical volume, part of a new volume group:
lvs
  LV  VG   Attr   LSize   Origin Snap%  Move Log Copy%  Convert
  centos  vg   -wi-ao   6.91G
  swapvg   -wi-ao 992.00M
  users   vg2  -wi-ao  50.00G
  zele_common vg2  -wi-ao 100.00G

After booting /etc/mtab and mount do not list the /dczele01 entries. In
the log I see these lines:

Mar 24 08:42:02 fsutrecht kernel: md: Autodetecting RAID arrays.
Mar 24 08:42:02 fsutrecht kernel: md: autorun ...
Mar 24 08:42:02 fsutrecht kernel: md: ... autorun DONE.
Mar 24 08:42:02 fsutrecht kernel: device-mapper: multipath: version
1.0.5 loaded
Mar 24 08:42:02 fsutrecht kernel: EXT3 FS on dm-0, internal journal
Mar 24 08:42:02 fsutrecht kernel: kjournald starting.  Commit interval 5
seconds
Mar 24 08:42:02 fsutrecht kernel: EXT3 FS on sda1, internal journal
Mar 24 08:42:02 fsutrecht kernel: EXT3-fs: mounted filesystem with
ordered data mode.
Mar 24 08:42:03 fsutrecht kernel: kjournald starting.  Commit interval 5
seconds
Mar 24 08:42:03 fsutrecht kernel: EXT3 FS on dm-3, internal journal
Mar 24 08:42:03 fsutrecht kernel: EXT3-fs: mounted filesystem with
ordered data mode.
Mar 24 08:42:03 fsutrecht kernel: kjournald starting.  Commit interval 5
seconds
Mar 24 08:42:03 fsutrecht kernel: EXT3 FS on dm-2, internal journal
Mar 24 08:42:03 fsutrecht kernel: EXT3-fs: mounted filesystem with
ordered data mode.
Mar 24 08:42:03 fsutrecht kernel: Adding 1015800k swap on /dev/vg/swap. 
Priority:-1 extents:1 across:1015800k

Then I give a mount -a and see this in the log:
Mar 24 08:44:28 fsutrecht kernel: kjournald starting.  Commit interval 5
seconds
Mar 24 08:44:28 fsutrecht kernel: EXT3 FS on dm-3, internal journal
Mar 24 08:44:28 fsutrecht kernel: EXT3-fs: mounted filesystem with
ordered data mode.
Mar 24 08:44:28 fsutrecht kernel: kjournald starting.  Commit interval 5
seconds
Mar 24 08:44:28 fsutrecht kernel: EXT3 FS on dm-2, internal journal
Mar 24 08:44:28 fsutrecht kernel: EXT3-fs: mounted filesystem with
ordered data mode.

So from the log it looks like the mount is done, but nothing is actually
mounted. I'm puzzled.
The nfs shares and the /boot drive are mounted correctly. So what could
cause these two shares to not mount automatically? What else can I do to
debug?

Thanks,
Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Being Green, Time to make the servers sleep!

[Theo Band]

Hugh E Cruickshank wrote:
> From: James Bensley Sent: March 19, 2009 04:13
>   
>> I am trying to be green and put our backup servers to sleep during the
>> day and have them wake on LAN and fire back up at night for our
>> nightly backups as "sleep" is a sort of low power usage mode.
>> 
>
> I can not comment on how to do what your asking but I can see one
> potential problem. If your solution involves booting the backup server
> and during the boot an error is detected in the filesystem check the
> boot process will halt waiting for you to manually correct the problem.
> Of course you can avoid the problem by making your backup scripts on
> the primary server can implement a time limit on the wait for the
> backup server and if the wait times out then skip the backup.
>
> Someone out there more knowledgeable then I (and there are many) may
> be able to suggest a way to alter the boot to avoid the filesystem
> check (or the halt).
>   
I would not disable the filesystem check at boot. Those checks are
needed. You can lower the frequency of checking using tune2fs (not
needed to check after a certain number of boots if you boot daily). I
think it is good practice to check your backup status on a regular basis
anyway. You would notice a problem with your backup server in this way.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Being Green, Time to make the servers sleep!

[Theo Band]

Robert Heller wrote:
> At Thu, 19 Mar 2009 12:54:41 +0100 CentOS mailing list  
> wrote:
>
>   
>> James Bensley wrote:
>> 
>>> Shadies and Mentlemen;
>>>
>>> I am trying to be green and put our backup servers to sleep during the
>>> day and have them wake on LAN and fire back up at night for our
>>> nightly backups as "sleep" is a sort of low power usage mode.
>>>
>>> (At this point I would be curious to know the different levels of
>>> sleep, what can I achieve? Does my server just drop into a low power
>>> state, or can I stop the hard drives as well?)
>>>
>>> I am wondering if it is achievable to script the process of putting a
>>> server to sleep so I can cron tab its behind!
>>>
>>> I would assume it would be possible but I don't know how, does anyone
>>> have any idea?
>>>   
>>>   
>> You are probably best of putting your backup server on an already
>> running server as a virtual machine. If you really have only one server
>> running on your lan then you could also consider the following approach.
>> I use the power-on-time BIOS feature most MB have. My server start
>> itself every night at 01:55. It is then up and running just before
>> 02:00. At 02:00 I schedule a cron job to do the backup. At the end of
>> the backup, the script just powers off the machine. The only thing to
>> experiment with is the time it takes to start the machine. Sometimes the
>> startup takes longer if disks need to be checked (ext3, every so may
>> boots) and the cron might not trigger. Using anacron is perhaps the
>> safest option in this case, but I did not experiment with that.
>> I could not use wake up on LAN, since the mirror is on a remote location
>> were it is really the only server.
>> 
>
> You can also do a 'pull' backup -- the backup server runs the backup
> job, not the 'active' server(s).  In this case, instead of cron jobs on
> the active machines, you reference the backup script rc.local on the
> backup server.
>   
Yes that is what I indeed do. The initiative is taken by the backup
server, not by the server that needs to be backed up. In principle both
can be done if machines can talk to each other when up and running. In
my situation my backup server is behind a home nat router and cannot be
reached from the internet.
The rc.local is indeed also an option that does not need cron. In my
particular situation, the backup server is also used for normal use
during daytime so I don't want the backups to start always when the
machine is powered.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Being Green, Time to make the servers sleep!

[Theo Band]

James Bensley wrote:
> Shadies and Mentlemen;
>
> I am trying to be green and put our backup servers to sleep during the
> day and have them wake on LAN and fire back up at night for our
> nightly backups as "sleep" is a sort of low power usage mode.
>
> (At this point I would be curious to know the different levels of
> sleep, what can I achieve? Does my server just drop into a low power
> state, or can I stop the hard drives as well?)
>
> I am wondering if it is achievable to script the process of putting a
> server to sleep so I can cron tab its behind!
>
> I would assume it would be possible but I don't know how, does anyone
> have any idea?
>   
You are probably best of putting your backup server on an already
running server as a virtual machine. If you really have only one server
running on your lan then you could also consider the following approach.
I use the power-on-time BIOS feature most MB have. My server start
itself every night at 01:55. It is then up and running just before
02:00. At 02:00 I schedule a cron job to do the backup. At the end of
the backup, the script just powers off the machine. The only thing to
experiment with is the time it takes to start the machine. Sometimes the
startup takes longer if disks need to be checked (ext3, every so may
boots) and the cron might not trigger. Using anacron is perhaps the
safest option in this case, but I did not experiment with that.
I could not use wake up on LAN, since the mirror is on a remote location
were it is really the only server.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Thunderbird does not follow url links in Firefox

[Theo Band]

Since the recent update from firefox2 to firefox3 the links in my mails
do no longer work. No window pops up. After some debug I found the
problem. Let's share it with others that experience the same problem:

I'm using Thunderbird 2.0.0.17 (manually downloaded, that might have
caused the problem, I have not tried with 1.5)
I'm using Firefox 3.0.2 (yum installed CentOS 4.7)

To solve I created a small wrapper script that unsets LD_LIBRARY_PATH:

cat /firefox_wrap
#!/bin/bash
unset LD_LIBRARY_PATH
firefox $@


To start add :
user_pref("network.protocol-handler.app.http", "/firefox_wrap");
to
~/.thunderbird//prefs.js
(or use the advanced config editor)


The error message (for those Googling around):
/usr/lib/firefox-3.0.2/firefox-bin:
/opt/thunderbird-2.0.0.17/libnss3.so: version `NSS_3.12' not found
(requiredby /usr/lib/firefox-3.0.2/libxul.so)

Cheers,
Theo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need to restart ypserv to update the nis maps

[Theo Band]

Mogens Kjaer wrote:


Theo Band wrote:
...
The problem is however that on the client, if I try to use the new 
data, it still uses the old one. 


If you run authconfig-gtk on the client and look at the "Options" tab,
is "Cache user information" selected?

Mogens


I have not enabled this option. (Didn't realize it exists either...)

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need to restart ypserv to update the nis maps

[Theo Band]

Clint Dilks wrote:


Clint Dilks wrote:

Theo Band wrote:

Hi

I use NIS om my network (CentOS4.6). When an update on a map occurs 
(home directory changed in /etc/passwd for instance), I run make -C 
/var/yp/ and check the result on a client. On the client I use 
"ypcat passwd" and find indeed that the update has propagated (the 
clients run ypbind service). On the client I have configured 
/etc/nsswitch.conf with :

passwd: files nis
shadow: files nis
group:  files nis

The problem is however that on the client, if I try to use the new 
data, it still uses the old one. For instance "cd ~john" still 
directs me to the old path instead of to the updated path (as 
correctly reported by "ypcat passwd").
To solve it I need to restart the ypserv service on the nis server 
for every change.


Does anyone now what could be the problem or where I should look? 
Apparently the OS gets password and user info using another way than 
the ypcat tool.


(ypserv-2.13-18,ypbind-1.17.2-13)

Hi Theo,

As you are talking about the users homes I assume you are providing 
this via something like NFS?
The home directories are mounted under /home/. I don't use autofs 
for that since I had problems with that a long time ago. So all 
workstations have a /home mounted with NFS.


If so it is your autofs information that controls what home gets 
mounted not the passwd information.
I actually have problems that passwords don't get updated. I noticed 
that by changing the home directory in /etc/passwd. When I change that 
from /home/user to /nobackup/home/user it does work with ypcat passwd (I 
see the correct path on the client). When I do cd ~user however, it 
still tries to look in /home/user instead of /nobackup/home/user. I need 
to restart ypserv to get this change to propagate to the workstations. 
That explains why a user could not log on after I reset his password and 
did a "make -C /var/yp".


Theo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Need to restart ypserv to update the nis maps

[Theo Band]

Hi

I use NIS om my network (CentOS4.6). When an update on a map occurs 
(home directory changed in /etc/passwd for instance), I run make -C 
/var/yp/ and check the result on a client. On the client I use "ypcat 
passwd" and find indeed that the update has propagated (the clients run 
ypbind service). On the client I have configured /etc/nsswitch.conf with :

passwd: files nis
shadow: files nis
group:  files nis

The problem is however that on the client, if I try to use the new data, 
it still uses the old one. For instance "cd ~john" still directs me to 
the old path instead of to the updated path (as correctly reported by 
"ypcat passwd").
To solve it I need to restart the ypserv service on the nis server for 
every change.


Does anyone now what could be the problem or where I should look? 
Apparently the OS gets password and user info using another way than the 
ypcat tool.


(ypserv-2.13-18,ypbind-1.17.2-13)

Thanks,
Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] backup question

[Theo Band [GreenPeak]]

Gergely Buday wrote:

Dear CentOs users,

I have a centos server with nothing important at the moment, but I
would like to install some web-based project management tool (trac for
the curious) that would contain important data. And, as my network is
growing the configuration of the server is becoming complex. I would
like to have a proper backup so that I can restore the whole system
easily, should any problem occur. What do you recommend?

I'm not an expert on this, so my first idea is that I could do a per
application backup and create a tar file of the /etc. The latter
especially could be too naive. And, a push-the-button method that
handles all in once, not depending on the app number would be much
better.

Another thing: how I could do this to be safe across a centos upgrade?

  

I use dump (and restore). It works nice for ext3 file systems.
First you do a full dump (level 0) then you do an incremental dump (1 or 
higher):


dumplevel=0
or for incremental
dumplevel=1

# To use ssh to connect to the remote host
export RSH=ssh

# then dump
dump -${dumplevel} -u -z -f remote_host:/sda1_dump /dev/sda1

You have to fill in your device and filename of course

See man dump/restore

Cheers,
Theo

--
GreenPeak Technologies

Phone :  +31 30 711 5622 Catharijnesingel 30
Fax   :  +31 30 262 1159 3511 GB Utrecht
E-mail:  [EMAIL PROTECTED] The Netherlands
Skype :  Theo.Band-greenpeakhttp://www.greenpeak.com

CONFIDENTIALITY: this message, including possible attachment(s),
constitutes confidential GreenPeak information, intended for the use of
above named addressee(s) only; any other use or disclosure to anyone
other than addressee(s), is prohibited. Chamber of Commerce
NL-3210.56.42.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mdadm on reboot

[Theo Band [GreenPeak]]

drew einhorn wrote:

Hi,

I'm in the process of trying mdadm for the first time

I've been trying stuff out of tutorials, etc.

At this point I know how to create stripes, and mirrors.

My stripe is automatically restarting on reboot,
but the degraded mirror isn't.

Did you create  /etc/mdadm.conf ?

echo "DEVICE /dev/sd*" > /etc/mdadm.conf
mdadm --brief --examine /dev/sd* >> /etc/mdadm.conf

Check the raid with
cat /proc/mdstat

It tells you which devices are part of the array.

Finally put the raid flag on the partitions. I'm not sure whether it's 
really needed, I just do it:

parted /dev/sda
set 1 raid
set 2 raid
print
1  0.031101.975  primary   ext3boot, raid
2101.975 194474.355  primary   raid
quit

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to move my MBR

[Theo Band [GreenPeak]]

Scott Moseman wrote:

I removed an ATA drive (/home) for a new SATA and my system would not
boot.  I'm guessing that it put the MBR on that drive instead of the
drive that holds the / partition.  What's the best way confirm where
the MBR resides and, after I verify that's my problem, how I can move
(or make a copy) onto a different drive?
  
The BIOS determines which disk (the first) will be chosen to boot from. 
Sometimes hitting F12 or some other key gives you a menu to choose from. 
I have seen occasions were the bios was confused on what the "default" 
first disk was. Removing the last disk, booting, adding the disk would 
than help.


To make a plain bootsector copy:
dd if=/dev/sda of=/dev/sdb bs=512 count=1

But that the fist step of the boot loader. Next it will try to load the 
grub menu etc. from some disk (need not be the same disk, but mostly 
this disk contains a small (100MB) partition that holds these files and 
the kernel and ramdisk images. After boot this partition is normally 
mounted under /boot (for easy maintenance). So just copying the boot 
sector gives you only a grub prompt and then it stops.


So try boot with a rescues disk (or LiveCD) so that you can study your 
disks.


To install grub after booting from a resuce CD, you can use:

grub
root (hd0,1)   # press tab for command completion
setup (hd0)


With all these examples you need to verify of course which 
disks/partition (sda/sdb etc) you need to choose.
One way to search is to enter grub and use the find command with command 
completion:


Probing devices to guess BIOS drives. This may take a long time.
   GNU GRUB  version 0.95  (640K lower / 3072K upper memory)

[ Minimal BASH-like line editing is supported.  For the first word, TAB
  lists possible command completions.  Anywhere else TAB lists the possible
  completions of a device/filename.]

grub> find (hd
Possible disks are:  hd0 hd1 hd2 hd3

grub> find (hd0,(TAB>
Possible partitions are:
  Partition num: 0,  Filesystem type is ext2fs, partition type 0x83
  Partition num: 1,  Filesystem type unknown, partition type 0xfd

grub> find (hd0,0)/
Possible files are: lost+found vmlinuz-2.6.21-1.3194.fc7 grub 
System.map-2.6.21-1.3194.fc7 config-2.6.21-1
.3194.fc7 initrd-2.6.21-1.3194.fc7.img config-2.6.9-55.0.6.ELsmp 
initrd-2.6.9-55.0.6.ELsmp.img System.map-2
.6.9-55.0.6.ELsmp vmlinuz-2.6.9-55.0.6.ELsmp 
initrd-2.6.9-55.0.6.ELsmp.img_vg_new initrd-2.6.9-55.0.6.ELsmp

.img_noraid

grub> find (hd0,0)/


Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Building NFS server with LVM and snapshots enabled

[Theo Band]

carlopmart wrote:

Hi all,

 I need to build a NFS CentOS 5.1 based server with LVM and snaphosts 
for disaster recovering to serve storage to three ESX servers for a 
development dept. I have 500 GB for storage. Data that I need to store 
on this server is 150 GB and can grow to 210 GB to the end of year ...


 My questions are:

 - Is it possible to do some type of scripting to do data snapshots 
every day and then copy to a remote server?? Some example, please??

Yes of course. I would suggest to use rsync for that, see the example below.
I have experimented in the past with multiple snapshots a day over a 
week for users home space. The snapshots gave users a way to quickly 
retrieve lost data. Drawback is that snapshots tend to slow down the 
file server (it freezes temporarily to update the snaphot). A temporary 
snapshot during backup works OK.


 - How can I restore snapshot data on the production server if I need 
to recover it??
Most easy way would be to make a snapshot and make this snapshot the 
active disk. If you need to revert, just remove the snapshot and create 
a new one from the original unmodified data. But since you want to use 
NFS, you will have to reboot to free up the snapshot which is not so 
nice. The other way around is also possible. Just rsync the source NFS 
disk from the snapshot.
Again I would only make a snapshot temporarily and use it to make a copy 
(or sync) to a second file system. This second file system can than be 
setup with multiple snapshots over time. This prevents the slowdown of 
the "main" file server. If you need to revert you can use rsync again. 
(rsync works incrementally so it safes a lot of time if most data is 
still the same)


Example script to run with crontab to synchronize multiple volumes to a 
backup server:


date +"$0 started: %x %T"
PATH=$PATH:/usr/sbin

volumes="vola volb volc vold"
for i in $volumes
do
 # Create a new snapshot
 # Maximum snapshot size 7G
 DATE=$(date +%a_%y%m%d_%H%M)
 lvcreate --size 10G -n ${i}_${DATE} --permission r --snapshot 
/dev/VolGroup00/$i


 # Mount the snapshot
 mkdir -p /snapshot/${DATE}/$i
 mount -o ro /dev/VolGroup00/${i}_${DATE}  /snapshot/${DATE}/$i

 rsync -aq --delete /snapshot/${DATE}/$i/ remote_host:/mnt/$i/

 umount /snapshot/${DATE}/$i
 rmdir  /snapshot/${DATE}/$i
 rmdir  /snapshot/${DATE}
 lvremove -f /dev/VolGroup00/${i}_${DATE}

done
date +"$0 finished: %x %T"


You could create daily snapshots on the remote server as well. I use 
(incremental) dump and restore for that.


Cheers,
Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] NFS subdirectory on client is out of sync

[Theo Band [GreenPeak]]

Today a user asked me whether a file on one host can be different on 
another host. I was busy composing an answer to tell that the /home 
space on all clients are mounted using NFS from the file server. Any 
host will therefor see the same file. The user pointed me to his file 
and I copied this file from the client and compared this with the file 
on the file server. To my surprise it turned out that he was right, the 
files were different. I created a new file in this directory and it was 
not created on the file server. I renamed the file, and that was only 
seen on this single client. How can this happen?


My setup
file server (arend)
CentOS release 4.6
# grep /home /etc/exports
/home*(rw,sync,no_subtree_check)

On the clients (also CentOS release 4.6) I mount /home with these options:
arend:/home /homenfs 
proto=tcp,nfsvers=3,bg,defaults0 0


To debug I created (su stbo) on the client small test files (touch test) 
in each directory all the way to the user /home dir. It turns out that 
one subdirectory and everything below was not synchronized to the 
server. I could create files, move them, but it was just as if I was 
working on a local disk. Other users did not experience any problem on 
this machine so it was only one sub-directory (and everything below).


I checked the syslog both on the client and on the server, but no 
messages of interest.



[EMAIL PROTECTED] ~]# stat 
/home/stbo/workarea/toekan/design/dig/vhdl/fpga/fpga_top.vhd

 File: `/home/stbo/workarea/toekan/design/dig/vhdl/fpga/fpga_top.vhd'
 Size: 53214   Blocks: 112IO Block: 4096   regular file
Device: fd01h/64769dInode: 6614395 Links: 1
Access: (0664/-rw-rw-r--)  Uid: (  635/stbo)   Gid: (  635/stbo)
Access: 2008-05-14 12:46:34.0 +0200
Modify: 2008-05-14 10:08:07.0 +0200
Change: 2008-05-14 10:08:07.0 +0200

I renamed the filename on the client and did stat there as well. The 
modify time shows this file is indeed older as the user mentioned.
[EMAIL PROTECTED] /root]$stat 
/home/stbo/workarea/toekan/design/dig/vhdl/fpga/fpga_top.vhd_theo_test
 File: 
`/home/stbo/workarea/toekan/design/dig/vhdl/fpga/fpga_top.vhd_theo_test'

 Size: 53214   Blocks: 112IO Block: 32768  regular file
Device: 14h/20d Inode: 6583089 Links: 1
Access: (0664/-rw-rw-r--)  Uid: (  635/stbo)   Gid: (  635/stbo)
Access: 2008-05-14 12:47:07.0 +0200
Modify: 2008-04-09 13:09:23.0 +0200
Change: 2008-05-14 12:24:24.0 +0200

After rebooting everything is normal again:
[EMAIL PROTECTED] ~]# stat 
/home/stbo/workarea/toekan/design/dig/vhdl/fpga/fpga_top.vhd

 File: `/home/stbo/workarea/toekan/design/dig/vhdl/fpga/fpga_top.vhd'
 Size: 53214   Blocks: 112IO Block: 32768  regular file
Device: 14h/20d Inode: 6614395 Links: 1
Access: (0664/-rw-rw-r--)  Uid: (  635/stbo)   Gid: (  635/stbo)
Access: 2008-05-14 12:46:34.0 +0200
Modify: 2008-05-14 10:08:07.0 +0200
Change: 2008-05-14 10:08:07.0 +0200


Any clue what could have gone wrong? Since I trust on a working NFS, I 
like to understand what could have gone wrong. Any suggestions are welcome.



Thanks,
Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Securing SSH

[Theo Band [GreenPeak]]

Tim Alberts wrote:
So I setup ssh on a server so I could do some work from home and I 
think the second I opened it every sorry monkey from around the world 
has been trying every account name imaginable to get into the system.


What's a good way to deal with this?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


You could consider to disallow password access.
Use only public key authentication. The "attacks" will remain, but can 
never succeed. (The scripts are not smart so they keep trying for hours 
sometimes)


sshd_config:
PasswordAuthentication no

Now create a public/private ssh keypair and put the public key in 
~/.ssh/authorized_keys on the remote machine.


# local machine*
ssh-keygen -t dsa*

*scp** ~/.ssh/id_dsa.pub  remote_host:.ssh/authorized_keys

*# remote host*
**chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
*

To be really save, only allow access from a limited number of IP addresses:

**

cat ~/.ssh/authorized_keys
from="123.345.133.123,home.com,work.com" ssh-dss 
B3NzaC1kc3MAAqNY= [EMAIL PROTECTED]


Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dump on remote filesystems?

[Theo Band [GreenPeak]]

Scott Ehrlich wrote:
I have a couple C5 systems I want to back up.  My plan is to, one way 
or another, back them up to a C5 machine in my office.  I have samba 
installed on the systems to back up, the machines are mounted on the 
system in my office, and a tape library hanging of the system in my 
office.


I was hoping to perform a simple /sbin/dump of the remote systems.  I 
put together a script for another successful backup I have going on a 
system with local filesystems.  But for remote filesystems, I get 
errors of File Cannot Be Accessed (//remote_system/subdir) which does 
exist as an smb mounted filesystem.


I'd use NFS, but I would like a bit more control and some level of 
encryption for the user authentication and data being transferred.


If a direct dump of remote smb filesystems isn't possible, I may opt 
to have each system perform their own local dumps, then run a script 
locally on the tape-connected machine to dump those local dumps, or 
copy the dumps locally then dump them to tape.


If nothing else works, I can always install Windows XP and use Windows 
backup program, but I'd really like to try and get this going under 
Linux before going that route.


Thanks for insights.

Scott
What you could do is to dump from the remote machine to the main backup 
machine. For this to work I work with ssh keys (no password needed).
The example assumes the backup is started from the remote host. But in 
principle it can also be initiated from the backup server using ssh.


SRC_SERVER=this_hostname
BAK_SERVER=backup_server
DATE=$(date +%Y%m%d)
dumplevel=0
export RSH=ssh

ssh $BAK_SERVER mkdir -p /backup/${SRC_SERVER}/${DATE}_${dumplevel}
# file needs to exist
backup_file=/backup/somefile
ssh $BAK_SERVER touch ${backup_file}
dump -${dumplevel} -u -z -f $BAK_SERVER:${backup_file} 
/dev/VolGroup00/VolGroup00




Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] perl 5.8.5-36.el4_5.2

[Theo Band]

Johnny Hughes wrote:
> Tom wrote:
>> Hi all,
>>
>> Since upgrading to perl 5.8.5-36.el4_5.2 I have had no end of problems,
>> starting with needing compress::zlib which I got from rpmforge, then I
>> had to reinstall scalar::util to get mailscanner working but now I can't
>> install or upgrade any perl modules.
>> Has anyone else had problems or can someone tell me what I've done wrong
>> please?
>>
>> regards
>> tom
>
> OK ... I want to make something PERFECTLY CLEAR ...
>
> Using CPAN installed modules is NOT supported while using a Package
> Management system like RPM.
>
> You should NOT use CPAN to install perl modules, nor should you use pear
> to install pear modules.
>
> That is because when you reinstall php-pear or perl, you will loose
> these items that are updated/installed in any way other than via RPMS.
>
> If you are using CentOS. then you need to get all your perl modules and
> pear modules via RPM.  If you need something, it should probably exist
> either at RPMForge, at KBS-Centos-Extras, at EPEL or in the worst case
> condition, take one of the other modules that does exist and use it to
> create the module.
>
> Also, look in Fedora 6.7.8 and see if you can get an SRPM to make your
> modules.
>
> If you don't ... when perl or php-pear are upgraded, your install will
> absolutely, positively, beyond any and all shadow of doubt be BROKEN.
>
> (BTW, this is not to Tom .. but to the whole list ... DON'T INSTALL CRAP
> FROM CPAN )
>
> Thanks,
> Johnny Hughes
Ok, loud and clear.

What's the best way to revert back if a mess has been created. I tried
to install bugzilla on a Centos4.5 server but did not succeed. I now run
bugzilla on a Fedora installation instead. The bugzilla installation
suggested to install all kind of needed perl modules using CPAN.

So what's the best procedure to revert back the perl installation and
maintain it with yum?
I checked with rpm -V perl-5.8.5-36.el4_5.2.i386 and see a lot of
modified files. An uninstall is going to remove 266 packages, so
re-install is not a good option I guess. Yum upgrade/install will not
work, since the package is already installed of course.

Thanks for your help, and I shall never use CPAN again, never I promise.

Cheers,
Theo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: How to enable my RAID again

[Theo Band]

Scott Silva wrote:
> on 10/7/2007 10:40 PM Theo Band spake the following:
>> Scott Silva wrote:
>>> on 10/7/2007 2:41 PM Theo Band spake the following:
>>>> # mdadm -Q /dev/sda
>>>> /dev/sda: is not an md array
>>>> /dev/sda: No md super block found, not an md component.
>>>> # mdadm -Q /dev/sda1
>>>> /dev/sda1: is not an md array
>>>> /dev/sda1: No md super block found, not an md component.
>>>> # mdadm -Q /dev/sda2
>>>> /dev/sda2: is not an md array
>>>>
>>>> So it looks like all info is lost. Can I create a new array with the
>>>> existing LVM partitions and the free partitions without destroying
>>>> any data?
>>>>
>>> Your raid appears to be on /dev/sda3 /dev/sdb2 /dev/sdc2 /dev/sdd2
>>> Try  mdadm --examine --brief --scan --config=partitions
>>> and see if it sees anything.
>>>
>> # mdadm --examine --brief --scan --config=partitions
>>
>> Nothing
>> Indeed these are the partitions that are now unused and used to be part
>> of the raid. Any idea what could have gone wrong when I migrated to from
>> FC3 to Centos?
>> I also changed the mobo of this machine and changed the CPU from single
>> to a dual core one. I assume support is in the kernel, so no special
>> actions should be needed to get this to work during boot up.
>>
>> Theo
> When you upgraded you might have formatted the partitions accidentally.
> If there is no raid data there, you can try something like testdisk to
> see if you can recover it, but chances are that your data is gone.
>
No I did not format the disk. All data was present, but by LVM. Every
disk has two partitions, one unused and one added to a volume group.

Just after I send the previous mail, I moved the two physical disks out
of the volume group (pvmove). The first disk went OK, just in the middle
of the move of the second disk I got a kernel panic. I was not able to
boot anymore. Even a rescue Centos4.4 CD did not work. As soon as it
started to look for existing installation it gave the same kernel panic.
And this was on a live system, with everyone looking over my shoulder :-(
Nice moment to try whether the backup server would work. (And it did, of
course :-)

I could solve the kernel panic by booting a FC7 live CD later on. It
just found the Volume group still with four physical disk partitions in
it. No extends were present on the two disk that I wanted to pull out of
the group. Using the lvm tools on the FC7 CD I was able to finish the
job. I installed FC7 using RAID1 on the two removed disks. After that I
booted in FC7 and copied my centos installation from the two old volume
group to the new raid1. After some fiddling with mkinitrd, I got is to
boot Centos4.5 from the RAID1 created by FC7.

So I expect a problem to exist with LVM and the kernel I'm using
(2.6.9-55.0.6.ELsmp)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: How to enable my RAID again

[Theo Band]

Scott Silva wrote:
> on 10/7/2007 2:41 PM Theo Band spake the following:
>> # mdadm -Q /dev/sda
>> /dev/sda: is not an md array
>> /dev/sda: No md super block found, not an md component.
>> # mdadm -Q /dev/sda1
>> /dev/sda1: is not an md array
>> /dev/sda1: No md super block found, not an md component.
>> # mdadm -Q /dev/sda2
>> /dev/sda2: is not an md array
>>
>> So it looks like all info is lost. Can I create a new array with the
>> existing LVM partitions and the free partitions without destroying
>> any data?
>>
> Your raid appears to be on /dev/sda3 /dev/sdb2 /dev/sdc2 /dev/sdd2
> Try  mdadm --examine --brief --scan --config=partitions
> and see if it sees anything.
>
# mdadm --examine --brief --scan --config=partitions

Nothing
Indeed these are the partitions that are now unused and used to be part
of the raid. Any idea what could have gone wrong when I migrated to from
FC3 to Centos?
I also changed the mobo of this machine and changed the CPU from single
to a dual core one. I assume support is in the kernel, so no special
actions should be needed to get this to work during boot up.

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to enable my RAID again

[Theo Band]

# mdadm -Q /dev/sda
/dev/sda: is not an md array
/dev/sda: No md super block found, not an md component.
# mdadm -Q /dev/sda1
/dev/sda1: is not an md array
/dev/sda1: No md super block found, not an md component.
# mdadm -Q /dev/sda2
/dev/sda2: is not an md array

So it looks like all info is lost. Can I create a new array with the
existing LVM partitions and the free partitions without destroying any data?

Thanks,
Theo
Centos wrote:
> Find out what disk belongs to which md-set and try the --assemble
> option..
>
> This should fix it, I think
>
> Theo Band wrote:
>> Hi
>>
>> I have setup software RAID two years ago using FC3 using the graphical
>> installer (RAID1). In the mean time I installed CENTOS4.5 and everything
>> is running fine. At least that was my perception. It now turns out that
>> raid is not working and that LVS just finds 4 partitions from four disks
>> and that's it.:
>>
>>   /dev/sda2  VolGroup00 lvm2 a-   94.88G 0
>>   /dev/sdb1  VolGroup00 lvm2 a-   94.94G 10.00G
>>   /dev/sdc1  VolGroup00 lvm2 a-   94.94G 74.94G
>>   /dev/sdd1  VolGroup00 lvm2 a-   94.94G 70.81G
>>
>> These are 4 disk of each 200GB, and the disks have these partitions:
>>
>> Using /dev/sda
>> (parted) print
>> Disk geometry for /dev/sda: 0.000-194481.000 megabytes
>> Disk label type: msdos
>> MinorStart   End Type  Filesystem  Flags
>> 1  0.031101.975  primary   ext3boot
>> 2101.975  97284.243  primary   lvm
>> 3  97284.243 194474.355  primary   raid
>> Disk geometry for /dev/sdb: 0.000-194481.000 megabytes
>> Disk label type: msdos
>> MinorStart   End Type  Filesystem  Flags
>> 1  0.031  97237.177  primary   boot, lvm
>> 2  97237.178 194474.355  primary   raid
>> Disk geometry for /dev/sdc: 0.000-194481.000 megabytes
>> Disk label type: msdos
>> MinorStart   End Type  Filesystem  Flags
>> 1  0.031  97237.177  primary   boot, lvm
>> 2  97237.178 194474.355  primary   raid
>> Disk geometry for /dev/sdd: 0.000-194481.000 megabytes
>> Disk label type: msdos
>> MinorStart   End Type  Filesystem  Flags
>> 1  0.031  97237.177  primary   boot, lvm
>> 2  97237.178 194474.355  primary   raid
>>
>> So my feeling is that I need to setup the RAID again, but I don't want
>> to make any mistakes here, since this is a live system working fine. I
>> tried to read the mdadm manual but it's not quit clear to me what to do.
>> # mdadm -A --scan -v
>> mdadm: No arrays found in config file
>>
>> Shows I have to do more. The previous fedora installation is still
>> around, but is doesn't contain a /etc/mdadm.conf file.
>>
>> Can anyone help me with some steps to take to get it running again. I do
>> have backups, but if things go wrong restoring takes several hours.
>>
>> Thanks,
>> Theo
>>
>>
>> PS.
>> Send for the third time. Could it be that posting is limited to email
>> addresses that are subscribed to the list?
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>   
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] How to enable my RAID again

[Theo Band]

Hi

I have setup software RAID two years ago using FC3 using the graphical
installer (RAID1). In the mean time I installed CENTOS4.5 and everything
is running fine. At least that was my perception. It now turns out that
raid is not working and that LVS just finds 4 partitions from four disks
and that's it.:

  /dev/sda2  VolGroup00 lvm2 a-   94.88G 0
  /dev/sdb1  VolGroup00 lvm2 a-   94.94G 10.00G
  /dev/sdc1  VolGroup00 lvm2 a-   94.94G 74.94G
  /dev/sdd1  VolGroup00 lvm2 a-   94.94G 70.81G

These are 4 disk of each 200GB, and the disks have these partitions:

Using /dev/sda
(parted) print
Disk geometry for /dev/sda: 0.000-194481.000 megabytes
Disk label type: msdos
MinorStart   End Type  Filesystem  Flags
1  0.031101.975  primary   ext3boot
2101.975  97284.243  primary   lvm
3  97284.243 194474.355  primary   raid
Disk geometry for /dev/sdb: 0.000-194481.000 megabytes
Disk label type: msdos
MinorStart   End Type  Filesystem  Flags
1  0.031  97237.177  primary   boot, lvm
2  97237.178 194474.355  primary   raid
Disk geometry for /dev/sdc: 0.000-194481.000 megabytes
Disk label type: msdos
MinorStart   End Type  Filesystem  Flags
1  0.031  97237.177  primary   boot, lvm
2  97237.178 194474.355  primary   raid
Disk geometry for /dev/sdd: 0.000-194481.000 megabytes
Disk label type: msdos
MinorStart   End Type  Filesystem  Flags
1  0.031  97237.177  primary   boot, lvm
2  97237.178 194474.355  primary   raid

So my feeling is that I need to setup the RAID again, but I don't want
to make any mistakes here, since this is a live system working fine. I
tried to read the mdadm manual but it's not quit clear to me what to do.
# mdadm -A --scan -v
mdadm: No arrays found in config file

Shows I have to do more. The previous fedora installation is still
around, but is doesn't contain a /etc/mdadm.conf file.

Can anyone help me with some steps to take to get it running again. I do
have backups, but if things go wrong restoring takes several hours.

Thanks,
Theo


PS.
Send for the third time. Could it be that posting is limited to email
addresses that are subscribed to the list?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos