Re: [CentOS] x25 line xterm

2011-02-04 Thread Todd Denniston
Hal Davison wrote, On 02/04/2011 05:33 PM:
> Noted that xterm by default uses 24 lines 
> per window.
> 
> I have reviewed /etc/termcap looking for a 
> specific entry for xterm that I can edit 
> to change the ln#24 to ln#25 for our 
> application.
> 
> When I used RedHat there was an editable 
> option to change the number of displayable 
> lines as is done in putty.
> 
> 
> Any suggestions?
> 
> --Hal.
> 

find the info in man about size.
man xterm
/geometry
/geometry
and
/geometry
/geometry


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Cold install kernel .config file

2011-01-28 Thread Todd Denniston
Tom G Murphy wrote, On 01/28/2011 04:19 PM:
> 

> My goal is to be able to boot a "modified" kernel on the cold install
> step so we can download the firmware updates and eliminate the second boot.
> 
> I have tried using using the bzImage generated from the modified kernel
> build but that kernel fails to be able to load the kickstart file :-(
> 
But it does boot with out errors?
Can you install (just CentOS) using it but without using the kickstart file?

> I have done searches trying to find the .config file used to build the
> kernel booted during cold install but have had no luck.
> 
> I am guessing I have either have too much or too little included in the
> kernel.   I tried to make sure everything I thought was needed were not
> modules but included in the kernel.
> 
> Does anyone have any suggestions?
> ---

Are you starting with the kernel SRPM from CentOS?

When I did something similar for a system needing to boot from USB on RHEL 4, I 
started with the
srpm for the kernel that matched the kernel that would be installed by the 
"cold install",  and used
the config files that came in it.
I had to mod the config file to force all the USB physical devices I new were 
going to be used in
the install process to be built in, IIRC I figured out that I did not want to 
mess with all the
modules and I did not want to mess with the contents of the initrd provided by 
RH (it broke bad
anytime I did), so I ONLY forced with the USB to not be a module and let the 
other modules be
provided by the contents of the original initrd.

secondary trick, change all the "%define build*"s in the spec file that you 
don't need to 0.
it speeds up the build a lot.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Recommendation for a Linux alternative to Centos - ATH9K disaster

2011-01-28 Thread Todd Denniston
Always Learning wrote, On 01/28/2011 10:25 AM:
> On Fri, 2011-01-28 at 14:50 +, John Hodrien wrote:
> 
>> All configurable via /etc/updatedb.conf if your local needs differ.
> 
> How does one remove it ?
> 
>   yum erase updated ?
> 
> It is not present in any CRON.
> 

There is a new cron in town. :) It's name is anacron, and it runs beside|[in 
addition to] the old
cron but with different config files.  anacron has some neat features such as, 
if your box has been
of for several days, then ~1 hour after it powers up any missed jobs get ran.

/etc/cron.daily/mlocate.cron
/etc/anacrontab
/etc/updatedb.conf

ls /etc/cron.*


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Centos 5.5 - Kernel Panic while booting.

2011-01-06 Thread Todd Denniston
Scott Silva wrote, On 01/06/2011 02:20 PM:
> on 1-5-2011 3:50 AM David Latham spake the following:
>> Hi,
>>
>> When I make DVDs of Centos and any others for that matter, I take the
>> following steps:
>>
>> 1. Find an official torrent if possible.  (Centos has torrents for the DVD. 
>> Unfortunately no Jigdo so far as I know.)
>>
> Jigdo is a Debianism... Don't know too many places outside of their community
> using it. It seems to be a cross between bittorrent and rsync...
> 

from using it, I would say "bittorrent(assembly and sig checking portions) + 
rsync" does seem a
reasonable description.

It was used, at least for a while, on some Fedora spins and IIRC one or two 
fedora releases.
If you are maintaining a personal/local mirror, jigdo makes regenerating 
'official' media very fast.
 And with fedora if you were mirroring the development repo before release, 
then jigdo meant you
could quickly have the  'official' media almost before a torrent could get it 
to you especially on a
slow link (yes I know we don't do those kind of partial pre-releases in CentOS 
world).

With CentOS they would be nice for those of us who mirror the whole tree and 
need media, so we could
only download the OS directory effectively one time instead of 3 times (os dir, 
cd media iso, DVD
media iso) and then jigdo to generate the iso's as needed.  Oh, and you also 
don't have fun with
broken proxies truncating DVDs that are 4GB like happened with CentOS 5.5.  
Added bonus... unlike
bittorent, no ISPs block or mess with jigdo's traffic.

Granted, I don't know how much of the community would make use of them and they 
take some cpu+labor
time to generate.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] pcscd

2010-11-29 Thread Todd Denniston
m.r...@5-cent.us wrote, On 11/29/2010 05:20 PM:
> Todd Denniston wrote:
>> m.r...@5-cent.us wrote, On 11/22/2010 02:21 PM:
>>> Anyone working with/using it? One thing that's driving me nuts is that
>>> it keeps spitting garbage into the logs (card absent or mute!!!). I just
>>> tried editing /etc/init.d/pcscd - there's *no* way to pass parms from
>>> the config file - and set the logging level to --error, and it's still
> doing
>>> it.
>>>
>>> Clues for the poor, to shut it up?


>> Did someone make the mistake of having both pcsc and openct loaded on the
>> same machine?
> 
> Um, say *wha*? My manager told me to load both. I've got pcsc-lite,
> pcsc-lite-libs, and openct. 

Known issue, they both (pcscd and openct) need exclusive access to the card 
reader.
load one or the other. [Yes, I have been there, and got the T-shirt.]

BTW (IIRC you were working for a leg of the government in your spare time) if 
you are working with a
CAC, then  pcscd and coolkey* are enough.
*note if you are working with the latest transitional CAC/PIV you'll need a 
more current coolkey
such as coolkey-1.1.0-16.el6.src.rpm from RH.
https://bugzilla.redhat.com/show_bug.cgi?id=622916
https://bugzilla.redhat.com/show_bug.cgi?id=534172#c67

It was rumored (by some one I would trust to know) at one time (on the muscle 
list) that openct and
a different pkcs11 lib would be needed for the full on PIV, I don't know if 
this update to coolkey
makes that disappear.

> I can read the card, but when I stick it into
> a reader, it brings up two windows, one after the other: the first wants
> the phone home URL, and I tell it close, and then the one to "manage smart
> cards". It should not phone home.

[I won't be here to answer for a while, but the answer to this question will 
help anyone trying to
answer yours.]
Which product is bringing up the windows? ESC (Enterprise Security Client Smart 
Card Client)?
This may be an effect of the offending product not being able to read the card 
because the daemon it
is asking can't gain exclusive access to the card reader, and thus it can not 
identify a card that
already has an applet on it.


> 
>> * If yes, ask your question over on the muscle list, which is where the
>> fellow who maintains pcsc
>> hangs out and he may have some incantation for you.
>> http://lists.drizzle.com/mailman/listinfo/muscle
>>
> Thanks. My manager did get it working on his machine (FC, now 14). I may
> have to rebuild sshd with smartcard support, *if* I can find the source.
>> Hope this helps.

the sshd that ships with CentOS does work with smart cards.
Things have changed a little since
https://bugzilla.redhat.com/show_bug.cgi?id=186469#c8
https://bugzilla.redhat.com/show_bug.cgi?id=186469#c15

Unfortunately the best README.nss I can get you is in
http://www.redhat.com/archives/fedora-extras-commits/2007-September/msg01179.html

now days you should (after getting the daemons and pkcs11 sorted out, 
`pkcs11_inspect --debug` [with
no one looking over your shoulder] will become a friend)  be able to to do the 
following (at least
with a cac):
get nssdb filled with the CAs in ~/.ssh/
ssh-add -n #give pin
ssh-add -L > authorized_keys
ssh othermachinereadingaboveAKfile


> 
> It leads to questions I didn't know to ask. Thanks!
> 
>mark



-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
Even when this disclaimer is not here, 
the opinions expressed by me are not necessarily sanctioned by and 
do not necessarily represent those of my employer. 
Also even when this disclaimer is not here, I DO NOT have authority to 
direct you in any way to alter your contractual obligation 
and my email can NOT be used as direction to modify a contract.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] pcscd

2010-11-29 Thread Todd Denniston
m.r...@5-cent.us wrote, On 11/22/2010 02:21 PM:
> Anyone working with/using it? One thing that's driving me nuts is that it
> keeps spitting garbage into the logs (card absent or mute!!!). I just
> tried editing /etc/init.d/pcscd - there's *no* way to pass parms from the
> config file - and set the logging level to --error, and it's still doing
> it.
> 
> Clues for the poor, to shut it up?
> 
> mark
> 

Did you try --critical ??

Did someone make the mistake of having both pcsc and openct loaded on the same 
machine?

Did someone load ctapi-cyberjack with out having one of those readers? [I have 
had this ifd-handler
cause a LOT of trouble that seemed similar to yours, before I learned not to 
install it.]

BTW if the card reader thinks there is a card, but pcscd can't establish 
communication with the card
then that is an error or critical.  IIRC you only get the messages like you 
showed when pcscd thinks
there should be a card physically present.

Does anyone use a smart card with the machine?
* If no, then either
  `chkconfig pcscd off`
or
  `yum remove pcsc-lite`

* If yes, ask your question over on the muscle list, which is where the fellow 
who maintains pcsc
hangs out and he may have some incantation for you.
http://lists.drizzle.com/mailman/listinfo/muscle



Hope this helps.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] How to stop automount

2010-11-17 Thread Todd Denniston
Leonard den Ottolander wrote, On 11/17/2010 03:45 AM:
> Hello Dick,
> 
> On Tue, 2010-11-16 at 22:52 -0500, Dick Roth wrote:
>> /dev/sdb /usbdrive   ext3user,noauto,rw  0 2
> 
> The last entry is the fsck order used at boot. Setting it to 2 probably
> prompts the system to check it.
> 
> Anyway, you shouldn't need to add explicit entries to fstab to mount usb
> drives. They should get auto mounted when you plug them in (I think the
> autofs and haldaemon services are required to run for this to happen).
> 

haldaemon yes
autofs no

The auto-mounting of removable media on the local machine now happens as an 
interaction between hal
and your *windowing_environment*.


i.e. in with gnome I, as a normal user, have to go to
Start(chaos symbol) -> System -> Preferences -> Removable Drives and media
Which brings up a window titled "Removable Drives and Media Preferences"
and un-check the "Mount removable media when inserted" and the "Burn a CD or 
DVD when a blank disk
is inserted" so that I can work with rewritable CD/DVD media the way I want.



-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh prompting for password

2010-11-16 Thread Todd Denniston
bluethundr wrote, On 11/16/2010 04:05 PM:
> hello list
> 
> I have a network mounted home directory shared between all hosts on my 
> network:
> 

> 
> So therefore my RSA key should already be in my authorized_keys on any
> host. However logging into the virtual network, I always get prompted
> for a password. just for the heck of it, I scp'd the key over again to
> one of the virtual hosts:
> 
> 
> [bluethu...@lcent03:~]#scp .ssh/id_rsa.pub virt1:~
> bluethu...@virt1's password:
> id_rsa.pub
>100%  381 0.4KB/s   00:00
> 
> ssh'd in:
> 
> [bluethu...@lcent03:~]#ssh virt1
> bluethu...@virt1's password:
> Last login: Tue Nov 16 15:57:24 2010 from 192.168.1.46


> Considering that this key is internal network only and doesn't have a
> passphrase set (it does not traverse internet boundaries) why on earth
> am I being prompted for a password whenever I ssh into this machine?
> 
> thanks!

assumption 1: the private key is .ssh/id_rsa.priv (on the starting machine).
assumption 2: you have to tell ssh (actually the ssh agent) which key to use.
assumption 3: .ssh/id_rsa.priv is readable only by the user.
assumption 4: someone has not configured the other machine to disallow keyed 
login (nuts, but could
happen. PubkeyAuthentication no?).

have you done
`ssh-add .ssh/id_rsa.priv`
before you ssh?

what does
ssh-add -L
and
ssh-add -l
give?

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] hwclock problem

2010-11-15 Thread Todd Denniston
Jobst Schmalenbach wrote, On 11/11/2010 07:41 PM:
> Hi.
> 
> I run peridocally (from cron) on all of my machines
> 
>   30 * * * * root /sbin/hwclock --systohc
> 

Why?
AFAIK a kernel that is running ntpd and ntpd thinks has reasonably synced to 
the NTP server will,
every _eleven_ minutes write the system time to the hardware clock, and you 
can't stop it without
modifying the kernel or ntpd.

> All of those machines in question take their time via NTP
> from the same local server, and that server gets its time
> from a ntp pool.
> 

reasonable NTP setup.

> Now I had to reboot a couple of them two days ago and to my surprise
> all had problems with the time upon booting.
> 
> Here are the important files:
> 
> [r...@xx ~] #>l /etc/adjtime 
> 0.001687 1289518202 0.00
> 1289518202
> LOCAL
> 
> [r...@xxx ~] #>l /etc/sysconfig/clock 
> ZONE="Australia/Melbourne"
> UTC=false
> ARC=false
> 
> So from my understanding the hwclock should contain the local time.
> 
> [r...@xx ~] #>date
> Fri Nov 12 11:26:23 EST 2010
> [r...@xx ~] #>hwclock
> Fri 12 Nov 2010 11:26:42 EST  -0.167976 seconds
> [r...@xx ~] #>
> 

Is 'EST' the time zone abbreviation you expect for Melbourne?
As I am based in the US, I expect 'EST' to be "Eastern Standard Time" for New 
York/New York, so I
ask for your help in understanding.

We might be able to see a different pattern if we take the TZ out of the 
equations.
date -u ; hwclock --show --utc; date -u
date ; hwclock --show ; date



> However on boot I get the following:
> 
> Nov 10 19:08:37 XX syslogd 1.4.1: restart.
> Nov 10 19:08:37 XX kernel: klogd 1.4.1, log source = /proc/kmsg started.
> Nov 10 19:08:37 XX kernel: Linux version 2.6.18-164.11.1.el5 
> (mockbu...@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.
> 1.2-46)) #1 SMP Wed Jan 20 07:32:21 EST 2010
> Nov 10 19:08:37 XX kernel: Command line: ro root=/dev/sda2 vga=791
> Nov 10 19:08:37 XX kernel: BIOS-provided physical RAM map:
> ...
> ...
> Nov 10 19:08:51 XX kernel: IPv6 over IPv4 tunneling driver
> Nov 10 08:08:52 XX ntpdate[2464]: step time server 192.168.1.1 offset 
> -39599.950905 sec
> Nov 10 08:08:52 XX xinetd[2447]: xinetd Version 2.3.14 started with 
> libwrap loadavg labeled-networking options compiled in.
> 
> and off course dovecot falls over too "Time just moved backwards by 39599 
> seconds."
> 
> Now, 39600s is 11 hours, which is (inc DST) *MY* offset from Greenwich.
> 
> 
> So what am I doing wrong?

Running a Linux _Server_ as if it had to dual boot with windows.
i.e. the hardware clock should be kept in UTC unless you need to boot the same 
machine with windows.

> The idea of running hwclock is to make sure that 
> exactly the problem with dovecot does NOT occur, 
> and ntp does not have a coughing fit when the hardware 
> clock is not close to the correct time upon booting.

The standard start script (/etc/rc.d/init.d/ntpd) does a ntpdate before running 
(which is what you
see in your log above) to keep ntp from "coughing".


> The last time I booted some of those machine was more than 200 days ago, 
> so the hwclock will be skewed if I do not update it.

I *WAS* beginning to think like the others, that the TZ file used by hwclock 
and by date don't match.

However, I now *believe* I KNOW the source of the delta!
IIRC the kernel magic (write system time to HC every eleven minutes) I was 
writing about earlier ...
I don't think takes into account the local TZ, i.e., it ALWAYS works UTC. I 
would have to read the
kernel source again to prove it, or suggest to you to try the following:

1) *remove* your cron job that called hwclock, because it is and will cause 
problems.
2) let the machine sync with the NTP server
i.e.,
ntpdc -c kern |grep status
returns something like:
status:   0009  pll fll
2a) wait 12 minutes.
3) run:
date -u ; hwclock --show --utc; date -u ; \
date ; hwclock --show ; date
4) run
hwclock --systohc; \
date -u ; hwclock --show --utc; date -u ; \
date ; hwclock --show ; date
5) wait 23 more minutes
6) run
date -u ; hwclock --show --utc; date -u ; \
date ; hwclock --show ; date

if at 3 and 6 the utc versions of date and hwclock are in sync, then it is the 
ntpd synced kernel
that is setting a utc time into the hwclock and you need to change the last 
line in /etc/adjtime to
UTC instead of LOCAL.

Otherwise a bit more thinking is in order.

good luck.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] RPM/YUM on CentOS 5.4 issue - multiple versions of the same package installed

2010-11-15 Thread Todd Denniston
Gabriel Tabares wrote, On 11/15/2010 08:05 AM:
> On 11/11/2010 13:47, Gabriel Tabares wrote:
>> Hi all,
>>
>> We currently have an issue with multiple versions of a custom package
>> being installed. The RPM contains a liquibase script (a Java-based DB
>> change management tool) and a %post script to run liquibase.
>>
>> We are installing with scripts that run "yum update liquibase-script".
>>
>> If the %post script runs correctly, it returns 0 and the application
>> gets installed correctly but, if the %post script fails, it returns -1
>> and the application does get installed, but the old one does not get
>> unistalled, so if I run "rpm -qa | grep liquibase-script" I get a list
>> of all the versions that have been installed.
>>
>> I know that the files have been installed correctly, as the RPM contents
>> have the same name but different content and I have checked it.
>>
>> Why is this happening?
>>
>> I thought that %post scripts failing do not prevent the application to
>> installing and that RPM installation is atomic, so installing one
>> package will remove the previous verison. Is there any way to prevent
>> this issue?
>>
>> We're using CentOS 5.4 on x86_64
>>
> Any suggestion, guys?
> 
> Thanks
> 
> Gabriel
> 

The fedora folks have a pretty thorough how to:
http://fedoraproject.org/wiki/PackageMaintainers/CreatingPackageHowTo

And
man package-cleanup

Hope this helps.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] PATA Hard Drive woes

2010-11-03 Thread Todd Denniston
Keith Roberts wrote, On 11/03/2010 10:32 AM:
> On Sun, 31 Oct 2010, Keith Roberts wrote:
> 

> There were about 79 Seek errors in the SMART logs of the 
> HDD.
> 

> vivard did not show any errors when doing a full disk erase.
> 
> So I ran an Advanced r/w scan again with Hitachi DFT, and 
> the result was OK.
> 
> Any ideas what's happening please?

WFG: In writing it all, the seek motor knocked the dust out of it's way? (what 
dust?)
How about checking all the smart attributes and seeing if others are elevated.
http://en.wikipedia.org/wiki/S.M.A.R.T.#Known_ATA_S.M.A.R.T._attributes

Are you seeing any block "remap" activity?
http://en.wikipedia.org/wiki/Hard_disk_drive#Error_handling

> 
> Is this disk usable, or is it still in need of replacing?
> 

http://en.wikipedia.org/wiki/S.M.A.R.T.#Background
You have gotten SMART errors from this drive already, so:
You have to ask yourself, 'Do you feel lucky?', Well do y'a...

And the other question: If this drive up and dies shortly and I knew about the 
smart errors, will
the data owner complain more or less to me about the drive death later or drive 
replacement hassle now?

Only YOU (and the data owner) know the risk trade-off levels you have to 
consider.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] grub irritants

2010-11-01 Thread Todd Denniston
m.r...@5-cent.us wrote, On 11/01/2010 02:14 PM:
> It appears that if I do anything to grub.conf, say, take out the rhgb
> quiet, after every succeding kernel update, I have to manually edit
> grub.conf, because the kernel update - maybe the post install script? -
> will set the default to be the previous kernel. Has anyone got a solution
> to this, so that a kernel update will give the new kernel as the default?
> 
> mark
> 

Are you sure you did not also have a change from/to Xen at one point in the 
system's life?

i.e.  /etc/sysconfig/kernel
has
DEFAULTKERNEL=kernel-xen
instead of
DEFAULTKERNEL=kernel

or
UPDATEDEFAULT=no


I ask because for me it was a system that had once _been_ xen, and was not 
anymore, which kept
hanging on to old kernels, Really embarrassingly old kernels [ which fully 
proved to me that yum
will not replace the running kernel ].

And I have never had a problem getting rid of rhgb, which I do on all most all 
machines I admin.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh with shared home dir

2010-10-25 Thread Todd Denniston
Gordon Messmer wrote, On 10/24/2010 04:20 PM:
> On 10/22/2010 01:08 PM, Todd Denniston wrote:
> ...
>> 5) root_squash is in play
> ...
>> 2) Open up the _read_ perms on authorized_keys
>> 3a) IIRC you _may_ also have to open up the _read_ perms on ~/.ssh
>> 3b) IIRC you _may_ also have to open up the exec perms on ~/.ssh
> 
> root_squash doesn't affect ssh key authentication.  The SSH server 
> performs key authentication as the UID requested.

Thanks, I was not aware of that before.

some more assumptions I don't think have been confirmed:
a) does The OPs _current_ private key match any of the _current_
.ssh/authorized_keys or .ssh/identity or .ssh/id_rsa
from the perspective of the client machine?

b) can the OP use the _current_ private key to ssh into 127.0.0.1 while logged 
into either of the
machines?  i.e. are the keys setup correctly at all?

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh with shared home dir

2010-10-22 Thread Todd Denniston
Tim Dunphy wrote, On 10/22/2010 03:30 PM:
> hmm.. ok then gordon thanks for the input! how do these permissions grab ya?
> 
> 
> [bluethu...@lcent01 ~]$ ls -alh | grep .ssh
> -rw---   1 bluethundr summitnjops70 Oct 17 14:04 .lesshst
> drwx--   2 bluethundr summitnjops   512 Oct 22 14:06 .ssh
> 
> 
> [bluethu...@lcent01 ~]$ ls -lah .ssh
> total 34K
> drwx--   2 bluethundr summitnjops  512 Oct 22 14:06 .
> drwx-- 106 bluethundr summitnjops 5.5K Oct 22 14:44 ..
> -rw---   1 bluethundr summitnjops  820 Oct 22 14:19 authorized_keys
> -rw---   1 bluethundr summitnjops 1.7K Oct 22 14:18 id_rsa
> -rw-r--r--   1 bluethundr summitnjops  403 Oct 22 14:18 id_rsa.pub
> -rw-r--r--   1 bluethundr summitnjops  20K Oct 22 14:47 known_hosts
> [bluethu...@lcent01 ~]$
> 
> 

An experiment for you...

Assumptions:
1) NFS v3
2) on the NFS server the file system is named '/exportedfilesytem'
3) have root on both machines
4) on the NFS client the file system is mounted such that it contains 
bluethundr's home directory
5) root_squash is in play

On the NFS server
MYNFSFS=/exportedfilesytem
grep $MYNFSFS /etc/exports
grep $MYNFSFS /etc/exports | grep -v no_root_squash
#if you get a line back then root on the client machine is being squashed.
man exports #search down for root_squash

On the NFS client (virt1)

login as root

cd ~bluethundr/.ssh/
#you may have just gotten an error.
ls -lah ~bluethundr/.ssh/*
#you may have just gotten an error.
cat ~bluethundr/.ssh/authorized_keys
#you _have_ just gotten an error, and this is the one that stops you IIRC.


Suggestions:
1) Consider tightening up perms on id_rsa.pub & known_hosts
2) Open up the _read_ perms on authorized_keys
3a) IIRC you _may_ also have to open up the _read_ perms on ~/.ssh
3b) IIRC you _may_ also have to open up the exec perms on ~/.ssh
If you have to do one of 3a or 3b, try each individually and only give as much 
as you have to.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] excel parser (preferably perl)?

2010-10-19 Thread Todd Denniston
Les Mikesell wrote, On 10/18/2010 06:13 PM:
> I'm getting tired of converting spreadsheets that someone else updates 
> to csv so my perl scripts can push the data into a mysql database.  Is 
> there a better way?  I haven't had much luck with 
> perl-Spreadsheet-ParseExcel (and find it odd that yum prefers the .32 
> version from epel over .57 from rpmforge anyway).  Is the current CPAN 
> version better?  Or the equivalent java tools?  Or maybe a scripted 
> OpenOffice conversion would be possible.
> 
> Needs to deal with both xls and xlsx formats, the odd characters that 
> are confused with quotes even after csv conversion, numbers with $'s and 
> commas embedded, excel's date formatting nonsense, etc.
> 

Would it cause more headaches than it would solve, for you to hook the excel 
folks directly to the
mysql db and have their changes take place immediately? Assuming a LAN 
environment here instead of
'the only connection is email'.
Could you do the sanity checking you currently do by using some db functions?

"MySQL Forums :: Microsoft Access :: Connecting MS Office, MS Excel, MS Access 
to MySQL using ODBC"
http://forums.mysql.com/read.php?65,148441,148441

* OK, I often come at problems from a different direction. *
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Not receiving mail

2010-10-18 Thread Todd Denniston
Dotan Cohen wrote, On 10/18/2010 04:51 PM:
> On Mon, Oct 18, 2010 at 22:47,   wrote:
>> Bingo! DNS.
>>
> 
> No, even on the IP address telnet won't answer on port 25:
> 
> ✈dcl:~$ telnet 178.63.65.188 25
> Trying 178.63.65.188...
> telnet: Unable to connect to remote host: Connection timed out
> ✈dcl:~$
> 
> 

are you coming to it from a 178.63.65.* or from a private IP (even if through a 
NAT)?

i.e. could there be one of those router things that does not pass private IP 
traffic on through
between you and it? :)

Grasping at a straw that look like a thought.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] dhcpd rpm

2010-10-18 Thread Todd Denniston
Ausmus, Matt wrote, On 10/18/2010 01:11 PM:
> Howdy,
> 
>  

> 
> We’ve found the problem is generally caused by the time being out of 
>  sync between the servers or the dhcpd daemon on one of the boxes dies.


NTP does not keep them closely enough synchronized?
OH, and in case you were not aware of it, you could run NTP on one of them 
using local clock if you
don't have a good trust able time server available for some reason. Also making 
your DHCP machines
NTP peers would be good too.

Or are you talking about some other type of time?

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Radeon HD 4550 driver

2010-10-08 Thread Todd Denniston
m.r...@5-cent.us wrote, On 10/08/2010 02:55 PM:
> James A. Peltier wrote:
>> This is a known issue.  The next proprietary ATI driver is due to be
>> released sometime next month and will correct it.
>>
> Oh, *great*. So I wait a month before I can get his system running a
> security-fixed kernel
> 

[Fun options]
Or see if you can take the SRPMs (from last kernel and the new one) and put 
back the needed
functions with out reintroducing the code that was fixed for the security 
reasons.
Or take the patch(s) for *JUST* the CVE's from this kernel and put them into 
the SRPM for the
previous kernel.

[T much fun option]
Or see if you can mod the available ATI code to use reasonably correct new 
functions.

[pain option]
force X (mod /etc/X11/xorg.conf) to use either VESA or the supporting OSS 
driver in the interim.
(should still work, but sometimes more slowly)

* says the guy who lives with what the distro provides, so that the larger pain 
of keeping up with
the proprietary drivers can be avoided, even with nVidia equipment *

> Btw, while I was waiting for a reply, I created an account on their
> website for their fora... and then I can't find a way to post  eyes>
> 
> Thanks, James.
> 
>   mark
>> - Original Message -
>> | Upgraded the kernel to the latest, then tried to rebuild the
>> | proprietary
>> | Catalyst driver for a Radeon HD 4550 on a Dell Optiplex 980.
>> |


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] metafont on CentOS 5?

2010-09-08 Thread Todd Denniston
Nicolas Thierry-Mieg wrote, On 09/08/2010 07:05 AM:
> Timothy Murphy wrote:
>> Todd Denniston wrote:
>>
>>> is there an available package for CentOS5 which provides the metafont
>>> command, or a replacement? What is the name and which repo? please.
>> The command is mpost not metapost.
>> I have /usr/bin/mpost in the tetex-3.0-33.8.el5_5.5 package
>> under Centos-5.5
> 
> or mf instead of metafont, from tetex-fonts rpm in C5.

Until your email I did not even think about doing a
 man -k metafont #which finds mf
as the command had always been metafont before.

Thanks.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


[CentOS] metafont on CentOS 5?

2010-09-07 Thread Todd Denniston
Can someone hit me with the appropriate clue-by-4?

is there an available package for CentOS5 which provides the metafont command, 
or a replacement?
What is the name and which repo? please.

I have a font bundle I need to use (which is not provided in an RPM that I can 
find), but metafont
does not seem to be available.

tetex provides the /usr/share/texmf/metafont directory structure, but not a 
*/bin/metafont...

Thanks.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] how long to reboot server ?

2010-09-03 Thread Todd Denniston
Marko Vojinovic wrote, On 09/03/2010 04:10 PM:
> On Friday, September 03, 2010 18:34:51 Matthew Miller wrote:
>> On Fri, Sep 03, 2010 at 12:17:37PM -0500, Les Mikesell wrote:
>>> Does anyone know if this is special-cased or some config setting?  I
>> It's special-cased.
> 

> 
> So all in all, you should never be afraid that yum will leave you only with 
> untested kernels while updating.

Thank you for your description of what is supposed to happen, I was not aware 
of this safety
provision previously.

I will however probably pick a test machine and try it, just to have that 
reassuring feeling of
having seen it in action myself, as so far I have only come to that point where 
the NEXT update
would be the one which got me. :)

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] how long to reboot server ?

2010-09-02 Thread Todd Denniston
Rudi Ahlers wrote, On 09/02/2010 04:49 PM:
>

> I've had cased where a kernel didn't
> work as expected though, but we don't reboot a server every 2 months to
> see if the kernel might have failed.
> 

surprised I have not seen anyone mention the other two things which can 
conspire to cause reboot
trouble (with the kernel) with long uptimes
1) automatic updates by yum-updatesd
2) small (only 3) installonly_limit

If you are not careful, the last known working kernel is gone when you go to 
reboot. :(

I usually am mindful of both of these settings.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] slightly OT: dban

2010-08-27 Thread Todd Denniston
m.r...@5-cent.us wrote, On 08/27/2010 10:57 AM:
> m.r...@5-cent.us wrote:
>> I'm trying to nuke a Dell Optiplex GX620. I've got a perfectly good dban
>> 1.0.4 that I've used a bunch of times... but on this machine, it says
>> starting, then dies, saying "dban has finished with non-fatal errors.
>> Check the log for more information" It never gets to the interactive menu.
>>
>> Now that I've disabled the non-existant floppy drive, at least it does say
>> "to save the log file again, press enter"
> 
> *sigh*
> 
> Well, my manager actually had some CDs - dban.org only has .iso's for CDs,
> which I don't know enough to make work with a DVD, so I d/l and burned the
> new one, 2.2.6 beta, and it's working now. Interesting... before the menu
> came up, it looked like the display from lshw
> 
> Oh, and I *do* have to do at DOD full sanitization: I work at a US gov't
> agency, and the machine's being surplused
> 
>  mark
> 

Suggestion, check with your local DRMO (or whatever they are calling themselves 
now) representative
and make sure that you are allowed to send any hard drive with the machine at 
*ALL*.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
Even when this disclaimer is not here, 
the opinions expressed by me are not necessarily sanctioned by and 
do not necessarily represent those of my employer. 
Also even when this disclaimer is not here, I DO NOT have authority to 
direct you in any way to alter your contractual obligation 
and my email can NOT be used as direction to modify a contract.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] System beeps in kernel 2.6.18-194

2010-08-25 Thread Todd Denniston
Akemi Yagi wrote, On 08/25/2010 05:56 PM:
> On Wed, Aug 25, 2010 at 2:39 PM, Glenn Eychaner  wrote:
>>  Is there someplace can I find *detailed* release notes on the differences 
>>  between -164 and -194 kernels to help in looking for the problem, 
> 
> You can find kernel changelog diffs here (maintaind by Alan Bartlett):
> 
> http://www.centos.toracat.org/ajb/kernel-clog-diff/

What you get out of those diffs that
LASTKERNELINSTALLED=`rpm -qa --last kernel kernel-xen | \
  head -1|awk '{print $1}'`
#***
rpm -q --changelog $LASTKERNELINSTALLED |less
does not provide?

I was curious enough to see if that was a better resource for some of the 
research that I do to take
 a look, but _I_ only found it more confusing, so I ask what you see that I 
missed.



*** Why Oh Why, did RH&Co decide to name the xen kernel rpms something other 
than
kernel-`uname -r` kernel-2.6.18-194.11.1.el5xen seems to have the same info 
to me.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Updates offered annoyance

2010-08-25 Thread Todd Denniston
Les Mikesell wrote, On 08/25/2010 08:29 AM:
> On 8/25/10 7:14 AM, Aleksandar Stoisavljevic wrote:
>> Hi all,
>>
>> I downloaded latest CentOS 5.5 DVD i386 image from one of FTP's in a list.
>>
>> I've burned that image to DVD and created new DVD to use for fresh 
>> installations.
>> Now when I install fresh CentOS 5.5 (in VM) I am getting info that there are 
>> 50
>> packages updates.
>>
>> This is ok when I have good internet speed (@work) but when I am home, this
>> update takes a lot of time.
>>
>> I guess I can skip updates but I wasn't experiencing such annoyance with 
>> CentOS
>> 5.4. My gues is that when
>> CentOS 5.4 was finalized there is no updates to that DVD.
>>
>> Is there any suggestions ?
> 
> Updates are a good thing - they mean bugs and security issues are being 
> fixed. 
> If you like to baby-sit the update process, try it this way:
> yum install yum-downloadonly
> then you can:
> yum -y --downloadonly update
> and go away (or sleep) while the update rpms download. If this step doesn't 
> complete you can restart it as many times as necessary and it won't actually 
> install anything.  After the downloads have completed, you can do
> yum -y update
> to install them and it will run quickly.
> 

And if you are maintaining more than one machine at home, you need to realize 
that you don't need to
waste the time twice to update the same thing on two machines.  Assuming your 
home machines are
networked together.

change /etc/yum.conf
from
keepcache=0
to
keepcache=1

and then after updating the first machine, you can update the second by
scp -pr r...@machine1:/var/cache/yum/ \
   r...@machine2:/var/cache/yum/
or
rsync --relative r...@machine1:/var/cache/yum/./ \
   r...@machine2:/var/cache/yum/
(I do suggest reading the man pages on both commands and see if there are other 
things you want to
add, such as -hvaK --delete-after --hard-links --sparse on rsync.)

Then do the yum update on the second, and it will only pull in updates that are 
unique to the second
system. Of course if the second system pulls in new updates and you have 3, 4 
... N machines to
update,  you'll want to pull from the systems with more stuff to do the updates 
on later systems.

Another option would be to see if your employer would be OK with you 
occasionally making DVD or USB
copies of the CentOS & EPEL mirrors maintained at work to take home, assuming 
your employer
maintains a mirror set locally.

current Centos updates
2.0Gupdates/i386
2.1Gupdates/x86_64
(of course this is without trimming the 450MB that repomanage --nocheck -k1 -o 
i386/ might tell you
about if the mirror is maintained with out rsync)
current epel
3.7Gi386
4.2Gx86_64

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Date drift and ntpd

2010-08-17 Thread Todd Denniston
Jason Pyeron wrote, On 08/12/2010 09:27 AM:
>  
> 
>> -Original Message-----
>> From: Todd Denniston
>> Sent: Thursday, August 12, 2010 9:07
>> Jason Pyeron wrote, On 08/12/2010 08:01 AM:

>> Assumption: the time servers that you are following 
>> (192.168.1.6[57]) are:
>>  a) each following the same timeserver(s), or at least 
>> have one in common.
> 
> 192.168.1.6[567] are one machine. 

I am not sure how much trouble that fact alone is going to give you.

It at least explains why you constantly see the following repeating in your log
00:00:01 devserver21 ntpd[3475]: synchronized to 192.168.1.65, stratum 3
00:00:08 devserver21 ntpd[3475]: synchronized to 192.168.1.66, stratum 3
00:00:14 devserver21 ntpd[3475]: synchronized to 192.168.1.67, stratum 3
As each one of the VIPs "becomes better" ntp switches too it instead of 
stabilizing on one and then
stabilizing the devserver21 system clock.

> Time on that one is/has been good. Other
> machines in the enterprise follow it accurately.
> 

yes&no... I suspect they would all do a better job following it, if you picked 
only one of it's IPs
for them to use.  By quarrying the same host but by different IPs I think you 
are messing up the
integration/differentiation routines ntp tries to use.

> 
>> one problem that you have is that your timeserver farm 
>> (192.168.1.6[57]) is occasionally loosing its servers, i.e. 
>> we see "synchronized to LOCAL(0)" occasionally, which should 
> 
> That was on a ntp client, not the ntp server. Am I misunderstanting you?

Because the *client* was going back to "synchronized to LOCAL(0)", we then know 
the *server* is
loosing it's servers and thus refuses to answer time requests, either that or
a) the network between *this* client (devserver21) and the server 
(192.168.1.6[567]) is un-reliable.
   hardware, cables, network stacks, local RF generators...
b) the triplet of IPs referring to one machine confuses the ntp client.

on the client try

for i in 65 66 67;
do
  echo "data for $i"
  /usr/sbin/ntpdc  -c 'showpeer 192.168.1.$i' | \
 grep -e reach -e stratum
done

and see what the reach, unreach and stratum are, especially during one of the 1 
to 5 minute periods
devserver21 is using local clock.


> 
>> the second problem is that a machine which is not intended to 
>> be a time server is configured with a local clock with a 
>> stratum better than 15.
>>
> 
> I don't understand, I will have to read up more.
short way to say this: the machine you are asking for help on (devserver21), is 
intended to ONLY be
a ntp client, and it should not ever offer time up to other machines if it is 
running on local
clock.  The way to make that happen is push the fudged stratum to 15.

> 
>> suggestion 1: 65 should have local clock at stratum 13, 66 
>> and 67 should have local clock at stratum
> 
> They are presently one machine.

Then that one ntp *server* machine (192.168.1.65) should be configured to have 
a local clock at
stratum 13, for when it can not reach external clock but you still want all 
internal machines synced
fairly close.




In another email I thought you tried to indicate that your client machines 
refused to pickup time,
if you only had one ntp server on the network.
That _should_ not be true, unless the server:
A) had not yet gotten it's own clock disciplined to an external clock, which 
can take 10 to 15
minutes the first time, and 8 to 10 after the drift file has been built if you 
are not using the
iburst keyword. i.e., on the server `/usr/sbin/ntpdc -c kerninfo |grep ^status` 
needs to show "0001
 pll"
or
B) has no external clock available at the time of test, and local clock is not 
defined on the ntp
server(192.168.1.65) (or at low enough stratum), and it  will still take 8 to 
10 minutes (of
connected to external or local clock time) from ntp startup before the server 
provides time.

Sorry for the embedded within embedded notes. :]
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] tar - ssh - standard out

2010-08-12 Thread Todd Denniston
Robert Heller wrote, On 08/12/2010 09:18 AM:
> At Thu, 12 Aug 2010 06:05:25 -0700 CentOS mailing list  
> wrote:
> 
>> On 08/12/2010 05:33 AM, Les Mikesell wrote:
>>> Why do you need any other process involved to work with a data stream?  If 
>>> you
>>> want to collect it to a remote file, you can  | ssh remotehost 'cat>
>>> path_to_file'.  Just be sure to quote the redirection so it happens on the
>>> remote side.
>>>
>>>
>> At a guess it's the compression he is after. Over a slow link it could 
>> make a substantial difference.
> 
> Just add gzip (or bzip2) to the pipeline:
> 
> program | bzip2 | ssh -q remote-host 'bunzip2 | remote-program'
> 
> 

or even easier (though maybe not as good a compression as bzip would get if 
dealing with text only)
 program | ssh -C -q remote-host 'remote-program'

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Date drift and ntpd

2010-08-12 Thread Todd Denniston
is that your timeserver farm (192.168.1.6[57]) is 
occasionally loosing its
servers, i.e. we see "synchronized to LOCAL(0)" occasionally, which should not 
happen with a well
configured time farm for hours to days, not minutes.

the second problem is that a machine which is not intended to be a time server 
is configured with a
local clock with a stratum better than 15.

suggestion 1: 65 should have local clock at stratum 13, 66 and 67 should have 
local clock at stratum
14 or 15, all other machines should not have a local clock or should not have 
one with a stratum
better than 15. Yes I, after reading the ntp documentation, disagree with 
RedHat's default.
net result should be that you don't get any local clock loops in the setup 
because you have a
defined leader, but if even the defined leader is lost the other machines 
should do a stable drift.

suggestion 2: 65, 66 & 67 should ALL peer with one another for added stability 
in the time farm.

suggestion 3: client machines should 'prefer' one of your servers over the 
others.

suggestion 4: see if someone has been messing with the kernel ticks on the 
machine...
run `tickadj` file:///usr/share/doc/ntp-4.2.2p1/tickadj.html
I had one computer where I needed to tweak the default value up or down one (I 
don't remember) to
have it be real stable, this should be a last resort.


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Scripting for Centos security advisory database

2010-08-11 Thread Todd Denniston
Karanbir Singh wrote, On 07/05/2010 04:12 PM:
> Hi Alexander,
> 
> On 02/07/2010 13:49, Alexander Dalloz wrote:
>> with other words you are working on making the yum-security plugin usable
>> on CentOS? That would be great!
> 
> Thats where this whole thing started from. The problem is that the
> yum-security plugin needs some specific info available in the CentOS
> repo's and the place where its generated has licensing issues with us
> just using it as is.
> 

Am I being overly optimistic here, in hoping the portions the 'place where its 
generated has
licensing issues' is just with copying verbatim the collated data from their 
database (CVEs & bugs
fields) and the written prose (Description field)?

would they be OK with those fields being done like the announce messages, i.e. 
just point to the URL
for the info, not replicate it?
That is, at least for an early usable version set
title :announce msg subject info post the CESA-number
Update ID: CESA-from announce message
Issued : when did the announce msg get generated?
Type : as appropriate, and known from message
Bugs & CVEs: see URL, yes or empty (unless fills a CentOS tracker item 
too).
Description : Upstream details URL from announce msg.
Files: Well, what did the build from SRPM produce for this arch?

Over all at least have it so yum update-minimal would work, and full details 
elsewhere?


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] sshd bug?

2010-08-11 Thread Todd Denniston
Matt Keating wrote, On 08/11/2010 12:17 PM:
> On Wed, Aug 11, 2010 at 4:57 PM, Matt Keating  wrote:
>> On Wed, Aug 11, 2010 at 4:45 PM, Ray Van Dolson  wrote:
>>> On Wed, Aug 11, 2010 at 04:38:22PM +0100, Matt Keating wrote:
>>>> Hi,
>>>>

>>>>
>>>> The 'passwd' command only recognises the first 9 characters too...
>>>>
>>>> Has anyone seen this before, or know how to fix it? I feel its a major
>>>> security risk and would like it fixed ASAP.
>>> Sounds like you're using DES password hashes instead of the newer MD5
>>> style.
>>>
>>> If you take a peek at some of the password entries in your /etc/shadow
>>> do they have a $1$ at the beginning?  If not, you're probably using DES
>>> which is limited to 8 characters.
>> Sounds like you're on the money. I didn't install this server, so I
>> didn't choose the security stuff.
>> Passwords don't start with $
>>

> 
> $ sudo authconfig --usemd5 --updateall
> 
> Done!
> 
> Thanks Ray!

One subject for concern (even if it is too late, for you now), is if that box 
is serving NIS/LDAP to
an older sunos/solaris/[other old Unix] system (how IT would be up to to date 
security wise is
another question), then you may have a problem if the sun has not been updated 
to handle MD5
pass-phrase hashes.

Now you know why the old sun guy in the corner is confused about why he can't 
login. :)
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] yum-fastestmirror inconsistent exclude behavior

2010-08-06 Thread Todd Denniston
Matt Arnilo S. Baluyos (Mailing Lists) wrote, On 08/06/2010 02:48 AM:
> Hi guys,
> 
> I'm trying to figure out something wherein excluded repositories for
> the yum-fastestmirror plugin are still being used by the system.
> 
> To illustrate:
> 
> [r...@sales ~]# cat /etc/yum/pluginconf.d/fastestmirror.conf

> #exclude=.gov, facebook
> exclude=maulvi, .gov.ph, .vn
> 

Out of curiosity,
is there a way (with out editing code) to get each of the lists of mirrors 
(which were sent to the
yum client) printed before the exclude starts taking place?

i.e., for fun (in the US) I tried
exclude=.net, .com, .edu

which does show long lists of excluded items, yet a mirror for each of the 
repos was found, and yes
each of the repos found should have been in the exclude list.

A guess (as I am not familiar with reading python) is that when the number of 
repositories available
after exclusions reaches 0, the first [0 index] mirror passed to you is used 
anyway instead of
reporting no mirrors available and exiting.
see fastestmirror.py lines 194-216.

[hoping my reading is not too  far off :]
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] who uses Lustre in production with virtual machines?

2010-08-05 Thread Todd Denniston
JohnS wrote, On 08/05/2010 11:24 AM:
> On Thu, 2010-08-05 at 11:04 -0400, Todd Denniston wrote:
>> You speak of transactions in a way that makes me think you are dealing with 
>> databases.
>> If this is the case, then I suggest you take a few searches over to the drbd 
>> archives** and look for
>> database issues, IIRC ...
...
>> Not saying that having the DB on top of gluster or DRBD too would be bad, 
>> just suggesting that you
>> may want to have the DB backed by something that fully understands the 
>> transactions.
> ---
> Nice analogy have you ever done this?  Have you done this with separate
> Read Write DBs?  How about streaming to a file (constant backup).  The
> OP is talking about virtual machine images
> 

The reason I suggested the googleing (a few searches) in the drbd list, is that 
I have _read_ the
discussions on the list, and Recalled that some found it more appropriate for 
the DB to do the work.
I on the other hand have fortunately only been an observer of the discussions, 
not a participant,
nor a user of the ideas. i.e. I only have the metadata that there have been 
some good (well reasoned
and polite) discussions of database replication on that list, which I believe 
would apply equally to
a DB on DRBD and to a DB on a replicating file system.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] who uses Lustre in production with virtual machines?

2010-08-05 Thread Todd Denniston
Emmanuel Noobadmin wrote, On 08/05/2010 12:40 AM:
> That's the thing, I don't think I can tolerate a slightly behind copy
> on the system. The transaction once done, must remain done. A
> situation where a node fails right after a transaction was done and
> output to user, then recovered to a slightly behind state where the
> same transaction is then not done or not recorded, is not acceptable
> for many types of transaction.
> 

You speak of transactions in a way that makes me think you are dealing with 
databases.
If this is the case, then I suggest you take a few searches over to the drbd 
archives** and look for
database issues, IIRC in some cases you are better off (speed and admin 
understanding/sanity)
letting the database's built in replication handle the server to server 
database transactional sync
than to trust a file system or even drbd to do it, because  the db engine 
can/will make sure the
backup db server ALSO has the data before reporting the transaction done.
Not saying that having the DB on top of gluster or DRBD too would be bad, just 
suggesting that you
may want to have the DB backed by something that fully understands the 
transactions.

** http://lists.linbit.com/pipermail/drbd-user/
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] who uses Lustre in production with virtual machines?

2010-08-04 Thread Todd Denniston
Emmanuel Noobadmin wrote, On 08/04/2010 11:33 AM:
> Easier because instead of running gluster raid 0 on top of DRBD raid
> 1, we can take out the DRBD layer and just use gluster to achieve the
> equivalent by distribute on replicate.
> 
> More importantly there is the issue of cost, DRBD needs a pair of
> server per node for active-active. However, gluster allows me to get
> RAID "0.67" redundancy by "round robin" replicate.
> 

I missed this.

> i.e. If every storage node has 2 mdraid 1 block devices md0 and md1, I
> can mirror Server1 md0 to Server2 md1, Server2 md0 to Server3 md1 and
> so forth. Theoretically capable of surviving up to 50% node failure if
> no two adjacent node fails together. This for the cost of N+1 as
> compared to DRBD's Nx2 cost.

DRBD cost would still be N+1, not Nx2, if setup similarly, I think.

If Gluster is doing the mirror of "Server1 md0 to Server2..." by itself, then 
yes adding DRBD to it
would be a bit overkill, as I would be having DRBD setup to do something 
similar.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] who uses Lustre in production with virtual machines?

2010-08-04 Thread Todd Denniston
Emmanuel Noobadmin wrote, On 08/03/2010 11:13 AM:
> From what I understand, I cannot do the equivalent of network RAID 1
> with a normal DRBD/HB style cluster. Gluster with replicate appears to
> do exactly that. I can have 2 or more storage servers with real time
> duplicates of the same data so that if any one fails the cluster does
> not run into problem. By using gluster distribute over pairs of
> server, it seems that I can also easily add more storage by adding
> more pairs of replicate server.

To have more than one active server with DRBD (or other disk type shared 
between active machines)
you need to be using a file system which supports shared disk resources.
http://www.drbd.org/docs/about/
http://www.drbd.org/users-guide-emb/s-dual-primary-mode.html
http://www.drbd.org/users-guide-emb/ch-gfs.html
http://www.drbd.org/users-guide-emb/ch-ocfs2.html

and perhaps using Gluster (Raid0 on net) with DRBD (Raid 1 on net) as disk 
space to get HA into Gluster?
http://www.drbd.org/users-guide-emb/ch-xen.html

Note that it has been a while since I have ran DRBD on a set of systems and I 
only ran in
active-passive with ext3, so I only know about the resources above that someone 
would want to look at.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] When should LVM be used?

2010-08-02 Thread Todd Denniston
Ron Blizzard wrote, On 07/30/2010 05:16 PM:
> On Fri, Jul 30, 2010 at 8:33 AM, Todd Denniston
>  wrote:
> 
>> Best use for LVM I have seen...
>> Reducing the number of times you need to enter the LUKS pass phrase to once 
>> per boot, i.e., one LUKS
>> containing an LVM of / and Swap so that the system can boot with one entry 
>> of the pass phrase and if
>> you then have other partitions, such as an independent /home, /etc/crypttab 
>> can be used (with
>> appropriately constructed and protected cryptpassphrase files).
> 
> At this point I don't even know what a LUKS pass phrase is -- is this
> something I'm liable to run into on a home desktop computer?
> 

Depends on how much you value not letting other folks at your data, with out 
your permission after
you have properly powered down the machine. :)

LUKS is used with encrypted partitions/filesystems.  I have only used it at the 
partition level.
It is most easily setup at install time, because anaconda gets the incantations 
correct for you.

Suggested further reading:
http://wiki.centos.org/HowTos/EncryptedFilesystem
http://wiki.centos.org/TipsAndTricks/EncryptedFilesystem/Scripts
http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Announce list digest ??

2010-07-30 Thread Todd Denniston
Ron Loftin wrote, On 07/30/2010 10:03 AM:
> It seems that the past month or so the CentOS Announce list digest has
> no longer been sent out to the general CentOS list ( this list )
> although the CentOS Web site still says that this list is subscribed to
> the Announce list in digest form.
> 
> I've been checking, and the announce message does not seem to be getting
> caught in any spam filter that I use.
> 
> Is this broken, or am I missing something here ?
> 

I don't know if it is broken, i.e., someone may have made a choice, but not 
updated the web site.
But I too had not been receiving the digest, for a similar time period.
Initially it annoyed me to be getting the digest, until I realized that it 
*seemed* the digest
indicated that the metadata (repodata directory) had been pushed, i.e., it 
could be used as an
'interupt' to indicate the primary/secondary yum *mirrors* were ready to be 
pulled from.
Now I miss it.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] When should LVM be used?

2010-07-30 Thread Todd Denniston
Ron Blizzard wrote, On 07/30/2010 01:37 AM:
> Is there any reason to use LVM on a personal desktop install of
> CentOS? It seems to me, for my purposes, that LVM is just a pain in
> the neck -- although I've always just let CentOS set it up during the
> install in the past.  I would like to be able to use parted to resize
> partitions when I want to, and also I'd like Vector Linux to be able
> to read and write data to the CentOS partition. Would I be missing
> something by not installing LVM, or is this mostly for server purposes
> anyhow?
> 
> Thanks for any pointers.
> 

Best use for LVM I have seen...
Reducing the number of times you need to enter the LUKS pass phrase to once per 
boot, i.e., one LUKS
containing an LVM of / and Swap so that the system can boot with one entry of 
the pass phrase and if
you then have other partitions, such as an independent /home, /etc/crypttab can 
be used (with
appropriately constructed and protected cryptpassphrase files).

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ip address from range script

2010-07-29 Thread Todd Denniston
Jozsi Vadkan wrote, On 07/29/2010 09:54 AM:
> TEST-A.txt: list of ip address ranges [AS/isp's in a country]
> TEST-B.txt: list of ip addresses
> 
> I just need to know, if an ip in the TEST-B.txt is in a range of
> TEST-A.txt
> 
> cat "TEST-A.txt"
> 63.31.63.0/24;9007;44536
> 
> cat "TEST-B.txt"
> 63.31.63.2
> 
> 
> -> so is an ip address [in TEST-B.txt] is from my country [TEST-A.txt]
> or not?
> 
> thanks:\
> 

perhaps the tools linked to from the following list message(s) will be of use 
in creating the tool
you want.
http://lists.centos.org/pipermail/centos/2009-December/087863.html
and (If I read correctly) it is available in EPEL
http://lists.centos.org/pipermail/centos/2009-December/087866.html

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] wget and resulting filenames with mirror option

2010-07-28 Thread Todd Denniston
Joseph L. Casale wrote, On 07/28/2010 04:26 PM:
> I am trying to mirror a directory using wget and the resulting files as
> expected are taking the name of the string in the url after the last "/".
> 
> Anyone know a way around this? I am using the mirror option so I don't
> have to keep track of what to get making it simple.
> 
> Thanks!
> jlc

I am having a bit of trouble parsing what you wrote, but I think you are saying 
you are issuing
something like:
wget --mirror http://example.com/subdir1/subdir2/fileiwant
and getting at your location
./fileiwant
which is a little confusing, because I would have expected you to get (with 
just the --mirror option):
./example.com/subdir1/subdir2/fileiwant

please give an example command and output received and desired.

to get ./fileiwant from my example url above I think you would have to do:
wget --mirror ---cut-dirs=2 -no-host-directories \
http://example.com/subdir1/subdir2/fileiwant

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Finding DHCP IP of guest system

2010-07-19 Thread Todd Denniston
Rudi Ahlers wrote, On 07/16/2010 02:56 AM:
> On Thu, Jul 15, 2010 at 10:06 PM, David Dyer-Bennet  wrote:
>> My dom0 /var/log/messages doesn't have anything on assignments to guests.
>> bs004 (ID 9), for example, currently has 192.168.1.143, but there's
>> nothing about that IP in dom0 /var/log/messages.
>>

is the dom0 a static IP or a static DNS name?
If dom0 is static in some way, how about having the syslogs on all the domUs 
setup to all send their
logs to the dom0?
You might have to use logger(1) on boot (rc.local?) to add a message that will 
help you distinguish
between the different hosts.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] LDAP / NSCD shadow caching problem

2010-07-15 Thread Todd Denniston
Brian Marshall wrote, On 07/15/2010 11:37 AM:
> Yes but I have worked in many organizations that use directory services for 
> authentication and my machines with them have always cached authentication 
> data so I can login if I'm not online. I can't expect laptop users to always 
> have a network connection. If Mac OS and Windows can manage to cache network 
> authentication for offline use, I can't believe that linux does not have this 
> capability. 
> 
> Perhaps my wanting to cache my shadow data or use nscd for this purpose is 
> not the correct way to achieve this. But the only other well discussed option 
> I have found is nsscache which doesn't seem to work very well and their 
> library doesn't seem to install on centos 5. Unfortunately I'm way to much of 
> a hack C programmer to fix it, especially since they don't provide a 
> configure file. 
> 
> So, assuming maybe we put the conversation of nscd shadow caching aside and 
> just talk about how to cache ldap data on a centos system so it can 
> authenticate users in the absence of a network. Creating local 
> passwd/group/shadow data is not an option.
> 
> Again, I can't stress this enough. I am convinced I am doing something wrong 
> or going about this the wrong way. I'm just not understanding how to either 
> fix the problem at hand or solve it another or proper way.
> 
> Any advice?

authconfig -help

authconfig --enablecache --update

For some of the folks I work with, it works quite reliably, I on the other hand 
have had problems
_because_ it caches the info.


> 
> Thanks 
> 
> Brian
> 
> On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote:
> 
>>> The problem I am having is that shadow does not seem to get cached by
>>> nscd. Here's how I have tracked this down.
>> NSCD not caching shadow user credentials is a fact. There is nothing wrong
>> with your configuration. NSCD just does not do what you seem to expect
>> from it. You can't make it what you like to.
>>
>> If your LDAP server is gone, you will not be able to login. Run a replica
>> server to avoid a single point of failure.
>>
>>> Brian
>> Alexander
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] free

2010-07-14 Thread Todd Denniston
Flaherty, Patrick wrote, On 07/14/2010 03:49 PM:
> I did some testing a while back, and my results showed that the -/+
> buffers line seemed to be the *Minimum* amount of ram available if the
> kernel purged it's buffers/cache. Sometimes more is available.
> 
> (Roughly) The test was:
> * Turn swap off
> * Run free
> * Run 20 instances of a test program that malloc'd 100 megs of ram
> * Run free, see 2 gigs of ram + orginal amount of ram used.
> * Kill N number of those programs, which should free up N*100megs
> * Run free, output of -/+ did not reflect 2gigs - (N*100 megs).
> 
>  I followed up by running enough instances of the test program that I
> should have run out of memory free said I had, but the programs all
> started, none were killed. I ran free again got a number pretty close
> to what I thought should be free. It's a fun test to play with, I assume
> results vary from kernel to kernel (how aggressive the kernel is
> cleaning up returned ram).
> 
> Patrick

Did your test program actually USE the 100 megs of ram?
Because of "lazy allocation" or "optimistic memory allocation"*** as done by 
the kernel, the memory
is not actually consumed until used.  When I did something similar, I simply 
wrote a char to each
byte of memory(there are faster ways, but I wanted simple not fast) after each 
allocation.
You might have done this but I did not interpret your message to indicate that.


***I don't remember which is the correct term to search.
but this link has two sets of source to show the difference:
http://linuxdevcenter.com/pub/a/linux/2006/11/30/linux-out-of-memory.html
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Project Management Solutions

2010-07-12 Thread Todd Denniston
Joseph L. Casale wrote, On 07/12/2010 04:52 PM:
>> Do you mean something that is group based, that you want to run on a centos 
>> server,
>> or something to run on a desktop for just yourself, because there is a bit 
>> of a distinction. 
> 
> Group based, something I can put behind apache on a CentOS box but either 
> way, so
> long as its group based I can work around whatever exists. Just keen a reco to
> start with something solid.
> 
> Thanks!
> jlc


I have not used it this way, but planner has the option of connecting it to a 
Postgresql database.
see planner -> Help -> Configuring a Planner database

Used in a non Group way, I have found Planner to be an adequate replacement for 
Project.

 it looks like there have been some SQL fixes since the version included with 
CentOS 5.X
http://live.gnome.org/Planner
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] cpuspeed settings??

2010-06-17 Thread Todd Denniston
ken wrote, On 06/17/2010 10:46 AM:
> 
> The problem really is as I first stated.  And the solution-- good
> settings for /etc/sysconfig/cpuspeed-- is really what is needed (at
> least as far as can be discerned at this time).
> 

looking in /etc/sysconfig/cpuspeed around MAX_SPEED= they suggest looking in
/sys/devices/system/cpu/cpu*/cpufreq/scaling_available_frequencies

i.e. for me
cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_available_frequencies
returns all good settings for the cpu frequencies.
which _for_the_laptop_I_have_ is
170 140 120 100 80 60
Setting either MAX_SPEED=100 or MIN_SPEED=80, and restarting the 
system, has had desired
effect for me, i.e., keep the laptop from locking due to overheat.

However, Nicolas suggestion of messing with UP_THRESHOLD might be better for 
you, or should be done
in addition to messing with MIN_SPEED=
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] clustered file system of choice

2010-06-16 Thread Todd Denniston
Boris Epstein wrote, On 06/16/2010 03:33 PM:
> Hi all,
> 
> I am just trying to consider my options for storing a large mass of
> data (tens of terrabytes of files) and one idea is to build a
> clustered FS of some kind. Has anybody had any experience with that?
> Any recommendations?
> 
> Thanks in advance for any and all advice.
> 
> Boris.

I have not used a cluster FS, but have seen some discussions of them over on 
the drbd list[1] , and
you did not mention what kind of backing devices you were going to have for the 
filesystem.
In the drbd documentation[2] they have some discussion of gfs and ocfs2 which 
may be of some help.

In short if you are considering DRBD as a backing device, definitely ask over 
on their mailing list
and I suspect that mailing list population has a higher percentage of folks who 
use cluster FSs.


[1] http://lists.linbit.com/mailman/listinfo/drbd-user
[2] http://www.drbd.org/docs/applications/
http://www.drbd.org/users-guide-emb/ch-gfs.html#s-gfs-primer
http://www.drbd.org/users-guide-emb/ch-ocfs2.html#s-ocfs2-primer
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] rpm - diff and patch updating

2010-06-15 Thread Todd Denniston
Frank Cox wrote, On 06/15/2010 11:51 AM:
> On Tue, 2010-06-15 at 02:44 -0700, John Doe wrote:
>> I am afraid patch is not able to auto-magicaly adapt an old patch to a
>> heavily modified file...
> 
> That's what I was afraid of.  I was hoping, however, that there might be
> some way to verify that everything in the patch has now been done in the
> new version.  My best idea on that score is to inspect the contents of
> the old diff and the new diff to make sure that they are the same length
> and refer to the same stuff.
> 


> I guess I'll just have to bite the bullet and rewrite some parts of this
> thing manually to match the old patch files.  My major concern is that
> I'll get lost in the woods and miss something; hopefully comparing the
> old patch files to a new diff will allow me to check that.
> 

Frank,
Some questions that you should probably think about for yourself, and might 
help those of us on the
list help some more.

Where did the original SRPM come from?
What was it of/for?
Does the original source repository/group exist anymore?
... someone else may have already been here with the product you are looking at.

Does the person who is building the new SRPM understand _why_ the old patches 
were created, i.e.,
what did it fix?
Does the person who is building the new SRPM understand in each patch case that 
either _what_ the
patch 'fixed' has not been fixed in the upstream, or was fixed but not in the 
same way, i.e.,
contact upstream and ask if the reasons for the patches has gone away so you 
don't need to patch for
it anymore?
Would the upstream be interested in integrating the patches, or similar 
functionality changes, for you?
Would the upstream be interested in integrating the spec file for you?


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] how to install ip6tables?

2010-06-01 Thread Todd Denniston
Gary Greene wrote, On 06/01/2010 06:27 PM:
> On 6/1/10 2:12 PM, "Ron Loftin"  wrote:
>> On Tue, 2010-06-01 at 23:04 +0200, Rudi Ahlers wrote:
>>> Hi all, 
>>>
>>>
>>>
>>> I'm sorry if this is a quick dumb one, but how does one install
>>> ip6tables? 
>>>
>> Are you sure it's not already installed ??  It installs by default on my
>> systems.
>>>
>>>
>>>
>>> Doing a google search for "how to install ip6tables", ironically,
>>> returns results on how to disable it. I have disabled it previously,
>>> but now want to re-enabled it as I want to play around with IPV6 &
>>> iptables. 
>>>
>>>
>>> Any pointers will be appreciated.
>>>

How did you disable it?
rm some files?
rpm -e a package?
chkconfig ip6tables off?

My starting point for understanding this problem would be***:
/sbin/chkconfig --list |grep tables
rpm -qa  iptables\*
yum info iptables\*


*** of course you'll understand the appropriate man pages before executing what 
some random net user
wrote.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Can't print a pdf?

2010-06-01 Thread Todd Denniston
MHR wrote, On 06/01/2010 01:01 PM:
> On Thu, May 13, 2010 at 3:09 PM, MHR  wrote:
>> On Thu, May 13, 2010 at 2:18 PM, Les Mikesell  wrote:
>>> Or the yummable Adobe Reader?
>>> http://www.if-not-true-then-false.com/2010/03/install-adobe-acrobat-pdf-reader-on-fedora-centos-red-hat-rhel/
>>>
>> Yummy.
>>
>> No, seriously, I'm waiting for it to download - 61Mb(!).  Will post
>> when it's done
>>
>> Okay, that worked.
>>
> 
> And now, today, it failed again (both evince and AR), same kind of
> file.  The only difference is that this appeared in dmesg:
> 
> brcupsconfig3[1548]: segfault at 75616665 rip 00c6fcc3
> rsp ff96b9f4 error 6
> 
> Guess I have to keep running stuff back through my VMWXP.
> 

Question 1: are you running a brother (or brothers, I don't recall if the brand 
has the s or not)
printer?

If yes, then Q2: Are you running a driver from them (or one of the third party 
repos) or just the
stock CentOS stuff?

Google-ing the following groups is somewhat interesting:
brcupsconfig3
brcupsconfig3  "segfault at"

Not saying there is not a problem, but perhaps there is a problem in a deeper 
place that needs
reported to the appropriate folks.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Installing from USB flash drive

2010-05-26 Thread Todd Denniston
Bowie Bailey wrote, On 05/26/2010 10:59 AM:
> I successfully created an install media on a USB flash drive, but now I
> have a minor problem installing from it.  Whenever I run the installer,
> it insists on installing grub on /dev/sdb (the flash drive) rather than
> /dev/sda (the hard drive where I'm installing everything).
> 
> Is there a way to convince the installer to put grub in the right
> place?  

If you are installing from a kickstart, or at least preparing the install using 
KS, yes.
In my case it was easy, target of install was an IDE and source usb drive was 
detected as SCSI, in
the kickstart file I was using I set:
bootloader --driveorder=hda,sda
granted I put that in a file that kickstart included, by building the file in 
the %pre section of
the kickstart, i.e., I ran some detection routines to be sure of what I was 
putting in there.


however for yours, because both show up as sd? you will need to be aware of 
BIOS/kernel detection
order.  The detection order may be different between booting the install media 
bootloader and
booting the final system grub.

Assuming you are using a kickstart file, you could probably program the %pre to 
figure out which is
which by looking for a known UUID of the USB flash or its file system label and 
tell grub use
anything else it finds first.


I believe the final file you would need to look at is /boot/grub/device.map
grub and grub-install take options for this file.

> Should I just tell it not to install grub and then do a
> grub-install from a rescue prompt afterwards?
> 

painful, but possible.

Hopefully enough clues to be helpful.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

2010-05-25 Thread Todd Denniston
Whit Blauvelt wrote, On 05/25/2010 11:09 PM:
> On Tue, May 25, 2010 at 10:03:38PM -0400, Jason Pyeron wrote:
> 
>> If you look at it as the two different commands, then they may have different
>> permissions, owners, contexts, etc...
>>
>> /bin/sh vs /etc/init.d/smb
>>
>> I am just logically guessing here but ...
> 
> Let me follow your logic here. So the extra selinux labels differentiate
> what /bin/sh, as a shell, calling the /etc/init.d/smb script, can do from
> what /etc/init.d/smb, which in its first line invokes /bin/sh to run it, can
> do. Okay, that sort of makes sense.
> 
> So with selinux, in general any script that selinux would stop from running
> due to the script's own extra selinux file tags can be run if Evil Intruder
> simply invokes the same script with its shell first - sh or perl or python
> or whatever? That counts as security? Through what? The obscurity of this
> devious workaround?
> 

At least for some of us delving into what and how selinux is working is recipe 
for brain explosions. :)
but there are some like Daniel J Walsh & Stephen Smalley who seem to be able to 
manage the deep
diving into that system.
I am not sure if it is proper to ask RHEL/CentOS questions in the fedora list, 
but there is a
selinux list hosted for fedora where some of the folks with the non exploding 
brains hang out:
https://admin.fedoraproject.org/mailman/listinfo/selinux
you could at least ask there about a RHEL specific list, I don't see a list 
specific to CentOS:
http://www.centos.org/modules/tinycontent/index.php?id=16

I see Daniel's emails on fedora users and fedora test lists quite often, and he 
is reasonably
personable in his suggestions, solutions and explanations (at least to my 
opinion).

If you get an answer that helps, please drop a URL pointer line back on this 
thread.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

2010-05-25 Thread Todd Denniston
Whit Blauvelt wrote, On 05/25/2010 06:05 PM:
> On Tue, May 25, 2010 at 05:47:00PM -0400, Robert Heller wrote:
> 
>> Was this file *copied* from the Redhat 5.4 system(s) or created fresh
>> under CentOS?
> 
> If you mean /etc/init.d/smb, it's CentOS's version. The entire difference
> between the two, just for the record, is:
> 
> # diff smb /etc/init.d/smb
> 10a11
>> echo $PATH > path.txt
> 37c38
> < RETVAL=0
> ---
>> echo $PATH >> path.txt
> 38a40
>> RETVAL=0
> 
> where "smb" is RH's version and /etc/init.d/smb is Cent's. I can't quite
> imagine that a difference between overwriting or appending path.txt is at
> the root of what I'm seeing though.
> 

I have not been following this thread closely, but perhaps Robert was pointing 
at SELINUX and the
need to keep the SE permissions intact as you copy/edit the file.

i.e. you may need to:
A) restorecon /etc/init.d/smb and any other samba files that you have 
copied/edited.
B) look in one of the /var/log/ files for selinux messages when you are 
starting samba.

Good luck.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Mounting LVM disk

2010-05-24 Thread Todd Denniston
Weiner, Michael wrote, On 05/24/2010 11:38 AM:
> Todd Denniston, On Monday, May 24, 2010 11:15 AM
> 

>> BTW had your support contract ran out with Dell/RH?
> 
> We do have support on the box, but don't purchase a RHEL license and we
> run CentOS instead
> 
>> you might get lucky with a vgscan or lvmdiskscan, however my bet is on
> having to put all the drives
>> back in a perc array.
> 
> I will try the lvmdiskscan, but vgscan only sees the currently running
> disk. Problem is, if I put it back into the Perc then it will want to
> 'initialize' it which I believe will do a low level format :(
> 

With the Dell support, you could call Dell and ask how they expect the Perc to 
work with the disk
upon reinsertion.
Should at least letup your nerves.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Mounting LVM disk

2010-05-24 Thread Todd Denniston
Weiner, Michael wrote, On 05/24/2010 10:28 AM:
> List Readers -
> 
>  
> 
> I have a Dell server that uses the Perc 6i controller and had 5 1Tb
> disks installed (1 for OS and the other 4 in a Raid0 for a large storage
> pool). 


>  
> 
> [r...@gc-server2 ~]# fdisk -l /dev/sdc
> 
>  
> 
> Disk /dev/sdc: 2199.0 GB, 219902322 bytes
> 
> 255 heads, 63 sectors/track, 267349 cylinders
> 
> Units = cylinders of 16065 * 512 = 8225280 bytes
> 
>  
> 
> Disk /dev/sdc doesn't contain a valid partition table
> 

Are you sure that the Perc was not presenting you with a logical disk (Volume)?
One I received from dell, with RHEL on it, was setup with 8 disks in a raid5 
and the controller was
presenting the whole array as two drives, i.e., no physical drives are 
presented to the OS.

BTW had your support contract ran out with Dell/RH?

>  
> 
> Two things are a bit unusual here, first of all its not a 2Tb disk, and
> secondly why cant I read the partition table. 
> 
>  
> 
> Originally the OS was on an LVM volume and by default it was setup as
> 
>  
> 
>  /dev/VolGroup00/LogVol00 /   ext3defaults
> 1 1
> 

you might get lucky with a vgscan or lvmdiskscan, however my bet is on having 
to put all the drives
back in a perc array.

>  
> 
> My question is, is there a way to connect and mount this via USB and be
> able to get the $HOME directory stuff off that I failed to copy off
> before removing the disk?
> 
>  
> 
> Thanks in advance
> 
> Michael
> 


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Resolv.conf being overwritten

2010-05-21 Thread Todd Denniston
Keith Keller wrote, On 05/21/2010 12:13 AM:
> On Thu, May 20, 2010 at 07:02:06PM -0400, Thomas Dukes wrote:
>> I am trying to add 127.0.0.1 to my resolv.conf. I added it through the
>> system-config-network but if I reboot, its gone. I do not have the caching
>> nameserver package installed. My ISP's nameservers are there. It must have
>> something to do with DHCP.
> 
> Yes--DHCP will overwrite resolv.conf by default.  See the various
> options, in particular supersede and prepend, in the man page for
> dhclient.conf.
> 

Unfortunately trying to use dhclient.conf only leads to frustration.
RH/Fedora chose in /etc/sysconfig/network-scripts/ifup-eth to make the dhcp 
client only read
/etc/dhclient-eth#.conf and ifup-eth overwrites that file each time the 
interface is uped.

I am debating having ifup-eth concatenate dhclient.conf into dhclient-eth#.conf 
when it builds the file.

Can you tell I ran into this problem recently? :{

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Can't umount flash drive because an application has it locked

2010-05-20 Thread Todd Denniston
MHR wrote, On 05/20/2010 08:38 PM:
> This occasionally happens to me when I've been editing an OOo document
> that resides on a flash drive I use with one of my laptops.  I've
> tried poking around in ps to find out which process has the drive
> locked, and I can't figure it out.  Nothing directly refers to the
> flash drive except one of the hald processes, and it's just scanning
> the drive (I tried killing that and it made no difference).
>

> 
> What am I missing?
> 
when next it happens, you might try (note, you are playing with a root tool, it 
may or may not work
as a normal user):
/sbin/fuser -m /media/myFlashDrive/
or
/usr/sbin/lsof  /media/myFlashDrive/

What can be *really* frustrating, is when those commands (with any options) 
don't give any info, and
you cant get it unmounted (granted I have not seen that since using Fedora 1 
machines with DRBD as
an NFS server).

man fuser
"-m ... All processes accessing files on that file system are listed. ..."

man lsof

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] 5.5 ISO size vs RHEL

2010-05-19 Thread Todd Denniston
Karanbir Singh wrote, On 05/19/2010 01:11 PM:
> On 05/19/2010 05:15 PM, Todd Denniston wrote:
>>> We use CentOS and RHEL, the 5.5 RHEL ISO for x86_64 is 3.7GB (**), the 
>>> CentOS one
>>> is 4602MB (***) split over two DVDs.  Is this reasonable and correct?
>> would have been nice if the split would have been below 32 bit MS tool 
>> limits.
>>
> 
> which is what ? are '32 bit MS tools' not able to burn a regular dvd ?
> 

I had a proxy, somewhere in the chain, spit out "Arithmetic result exceeded 32 
bits."
each time it encountered the first image.
Hopefully there is a small amount of the CentOS population behind such Proxies, 
granted the CDs made
t OK.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] 5.5 ISO size vs RHEL

2010-05-19 Thread Todd Denniston
Anthony Caetano wrote, On 05/19/2010 10:46 AM:
> Hi
> 
> We use CentOS and RHEL, the 5.5 RHEL ISO for x86_64 is 3.7GB (**), the CentOS 
> one 
> is 4602MB (***) split over two DVDs.  Is this reasonable and correct? 

would have been nice if the split would have been below 32 bit MS tool limits.

>  Any ideas 
> why would there be such a discrepancy if they are built from the same (or 
> very 
> similar) source?
> 
> Regards
> Anthony Caetano
> 
> **  the md5sum checks out, and RHN lists the size as 3,532 MB
> 
> *** CentOS-5.5-x86_64-bin-DVD-1of2.iso + CentOS-5.5-x86_64-bin-DVD-2of2.iso 
> (according to ftp.heanet.ie:/pub/centos/5.5/isos/x86_64 )

perhaps the following will help in understanding.
https://www.centos.org/modules/newbb/viewtopic.php?topic_id=25548&viewmode=flat&order=ASC&start=29



-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] disable autofs timeout

2010-05-11 Thread Todd Denniston
Brian Mathis wrote, On 05/11/2010 10:35 AM:
> On Tue, May 11, 2010 at 10:01 AM, Rudi Ahlers  wrote:
>> On Sat, May 8, 2010 at 5:12 PM, Brian Mathis  wrote:
>>> A simple solution would be to setup a cron job that runs every 5
>>> minutes and does
>>>ls /mount/point > /dev/null
>> How would this fix the problem though? I'm asking cause I sit with the same
>> problem, and haven't figured out yet to tell a remote server what todo if
>> the NFS server is unavailable (be it network problems, maintenance,
>> incorrect password, etc)
>>
>> Rudi Ahlers
> 
> It doesn't fix it -- it's an ugly workaround -- but it works to keep
> them mounted.  I don't know of an elegant solution if the NFS server
> goes away.  I've seen it hang the clients until they timeout.  Maybe
> an NFS expert on the list will be able to provide a better solution.

not an expert, only a user who has been singed a few times.
in the options for the mount I suggest: hard,intr

hard because soft has had some data loss issues for me.
intr because sometimes you need to be able to interrupt a process while a 
server is down (say to be
able to reboot the client box).


BTW, keeping the mount point busy pretty much invalidates the use of autofs IAW 
the OP, i.e., the
only benefit that you get from autofs at this point is that if the server is 
down at client boot
then the client will be able to finish booting (which could have been 
accomplished by using the bg
flag in the fstab (man 5 nfs)).
The OP wrote:
"2) utilize the benefits of autofs so that when an NFS resource becomes
unavailable, the system doesn't hang."


If the file system IS mounted, then the system will hang until you can 
interrupt processes (why you
need the intr option).
If the file system is not needed then it should be unmounted so it can't hang 
the client.

A less drastic option for autocompletion issues would be to set a longer 
timeout, i.e., in
auto.master change the line
from:
/misc  /etc/auto.misc
to:
/misc  /etc/auto.misc --timeout=3600
to get an hour between disuse and unmount (the default is 600 (man 
auto.master)).



If you really want permanent mounts, then I suggest going back to using fstab 
with the bg & intr
options and ignore autofs, because it appears autofs only causes trouble for 
you.

If you want the benefits of autofs (no hung mounts if not mounted during server 
interruptions, less
net traffic/connections when clients don't need remote file systems), you might 
be better served by
using a longer timeout and re-reading James Pearson's email.


BTW what applications are you having autocompletion issues with?  I have been 
using autofs for ~15
years and have only had issues with soft mounting causing data corruption.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


[CentOS] dhclient.conf being ignored!

2010-05-04 Thread Todd Denniston
It seems that the prominent North American Enterprise Linux vendor has decided 
that dhclient.conf
should be ignored, i.e. ifup-eth causes dhclient to be called with "-cf
/etc/dhclient-$(DEVICE).conf", and then ifup-eth/ifdown-eth wipes the file out 
each time.

Through the use of "DHCP_HOSTNAME" in ifcfg-eth0 you can specify a host name, 
but because of the
above behavior of ifup-eth other options don't seem to be able to be passed to 
dhclient.

I tried placing
supersede ntp-servers
into dhclient-up-hooks, but that also seems to be ignored, and my google fu 
seems to be failing on
how to build dhclient-enter-hooks for the purpose (if that would even help).

anyone got better suggestions than:
a) mod /etc/sysconfig/network-scripts/ifup-eth to build 
/etc/dhclient-$(DEVICE).conf combining the
options I want.
b) brute forcing things with `chattr +i /etc/ntp.conf`

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Software Protection on centos

2010-05-03 Thread Todd Denniston
Jerry Franz wrote, On 05/03/2010 08:34 AM:
> On 05/03/2010 04:50 AM, premr...@digilink.in wrote:
>>
>> Hi,
>>
>> I would like to have a software protection for my hardisk. I have some
>> query regarding that
>>
>> (1) In Centos, is it possible to do a hardisk protection. Ex : Even if
>> the hardisk is taken from a PC and
>> used on another PC, it should not be executable.
>>
>> (2) Also if the entire binary of the source is mounted on a partition
>> say /tmp, is it possible
>>  to make that mount point as protected, visible only after entering a
>> password or similar to that.
> 
> I would look at TrueCrypt.
> 
> http://www.truecrypt.org/
> 
> 

Why go to TrueCrypt when LUKS is built in to CentOS?
IIRC the only partition that can't be encrypted with LUKS is /boot, perhaps use 
TrueCrypt there if
you KNOW they are out to get you.  TrueCrypt is also useful if you need to 
share a partition with
certain Non-Unix operating systems.

You do need to select the LUKS encryption when you do the CentOS install.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] need help: about remove space

2010-04-30 Thread Todd Denniston
Michel van Deventer wrote, On 04/30/2010 10:55 AM:
> Hi,
> 
> On Fri, 2010-04-30 at 07:46 -0700, adrian kok wrote:
>> Hi all
>>
>> I have big file as below 
>> and would like to know how many line eg: wc -l file
>> but can't figure out how to know
>>
>> If I type wc -l file, I only get the 1023 but it includes the space 
>> When I use cat file | tr -d "\r \n". it gives me "adrian alice.."
>> I need it as fileB and then wc -l fileB.
>>
> If those lines between the names are empty lines you might try :
> cat bigfile | egrep -v '^$' | wc -l
> 
> or if you want the names into a second file :
> cat bigfile | egrep -v '^$' > fileB
> 
>   Regards,
> 
>   Michel

Or if you don't mind loosing replicates:
cat bigfile |sort |uniq > fileB

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] burning an image

2010-04-20 Thread Todd Denniston
david walcroft wrote, On 04/20/2010 02:59 AM:

> Thanks, I tried cdrecord changing /dev/scd0 to /dev/sr0 and it burnt the 
> same as I have been getting previously,no boot.iso. So I have some
> 5 coasters that need blanking,what cdrecord command do I use to blank 
> 'dvd+rw's.
> 
> Thanks   david

As stated earlier:
The following links may be of some use for an attempt at "blanking" the disk 
before reuse.
DVD+RW
http://www.freebsd.org/doc/en/books/handbook/creating-dvds.html#AEN25355
Of course the source of growisofs may be of use
http://fy.chalmers.se/~appro/linux/DVD+RW/
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] burning an image

2010-04-16 Thread Todd Denniston
david walcroft wrote, On 04/15/2010 10:59 PM:
> On 04/15/2010 11:10 AM, Kahlil Hodgson wrote:
>> On 15/04/10 09:58, david walcroft wrote:
>>> I downloaded CentOS-5.4-x86_64-bin-DVD.iso but I haven't used Centos
>>> before and I've haven't used a -bin-DVD.iso before,every attempt so far
>>> to burn one has produced coasters,what do I do to get an image.
>> I've had graphical apps give me coasters on occasion.  From the command
>> line you can try:
>>
>>  growisofs -dvd-compat -Z /dev/dvd=CentOS-5.4-x86_64-bin-DVD.iso
> 
> [da...@reddwarf ~]$ growisofs -dvd-compat -Z 
> /dev/dvd=rpm/CentOS-5.4-x86_64-bin-DVD.iso
> :-( /dev/dvd: media is not recognized as recordable DVD: 0
> 
> I used a dvd-rw and a dvd-rw-dl with the same results.
> 
> Thanks  david

I tend to use /dev/dvdwriter, it should not make a difference as they are all 
softlinks to
/dev/YourDVDdevice, though I think I have seen some difference in behavior when 
used as /dev/dvd vs
/dev/cdrom  by gnome-mount.

As I don't think you have been clear on this point yet...is your *_MEDIA_* 
DVD+RW or DVD-RW, or one
of the DVD+R or DVD-R variety?


The following links may be of some use for an attempt at "blanking" the disk 
before reuse.
DVD+RW
http://www.freebsd.org/doc/en/books/handbook/creating-dvds.html#AEN25355
DVD-RW
http://www.freebsd.org/doc/en/books/handbook/creating-dvds.html#AEN25401
it looks like, from my quick read, DVD-RW may need an explicit blank before 
reuse

Of course the source of growisofs may be of use
http://fy.chalmers.se/~appro/linux/DVD+RW/

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh-agent

2010-04-06 Thread Todd Denniston
m.r...@5-cent.us wrote, On 04/06/2010 01:22 PM:
>> On 4/6/2010 11:56 AM, m.r...@5-cent.us wrote:
>>>>> On 4/6/2010 10:46 AM, m.r...@5-cent.us wrote:
>>>>>> Todd wrote:
>>>>>>> m.r...@5-cent.us wrote, On 04/06/2010 10:51 AM:
>>>>>>>> What I was doing: log onto my machine (system run level 5, I log
>>>>>>>> out, NOT just lock the screen, every single night; therefore, there
>>>>>>>> should be no processes running owned by me), and in a terminal
> window, do
> 
>> it.   But, you don't have to start one at all because normal X startup
>> will do it for you - and correctly.  You only need to run ssh-add.
> 
> "Normal X startup" - do you mean login, in runlevel 5, or do you mean
> runlevel 3, and startx?
> 
>    mark
> 

from my other email...
12) ...
i.e. understand /etc/X11/xinit/xinitrc-common kicks it off for you.
...
in runlevel 5, not sure if it does so in any other runlevel.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh-agent

2010-04-06 Thread Todd Denniston
m.r...@5-cent.us wrote, On 04/06/2010 11:46 AM:
> Todd wrote:
>> m.r...@5-cent.us wrote, On 04/06/2010 10:51 AM:
>>> What I was doing: log onto my machine (system run level 5, I log out,
>>> NOT just lock the screen, every single night; therefore, there should be
>>> no processes running owned by me), and in a terminal window, do
>>>ssh-agent
>>>ssh-add .ssh/private key
>>> and enter my passphrase. Then I'd go through the day merrily on my way.
>>>
>>> Now, I find that when I log out, ssh-agent IS NOT STOPPED, even though I
>>> am logged all the way out. When I log out, unless I background
>>> something, everything running as me should go away. Everything.
> 
>> question:
>> if you don't start ssh-agent in your terminal do you see something like
>> the following with ps?
>>
>> ~$ ps aux |grep agent
>> uname 12345  0.0  0.1   8916  3608 ?Ss   09:12   0:00
>> /usr/bin/ssh-agent /bin/sh -c exec -l
>> /bin/bash -c "/usr/bin/dbus-launch --exit-with-session
>> /etc/X11/xinit/Xclients"
> 
> Yep -
> ps -fu  | grep ssh
>13313 1  0 Apr02 ?00:00:00 ssh-agent
>18049 18019  0 09:09 ?00:00:00 /usr/bin/ssh-agent
> /bin/sh -c exec -l /bin/bash -c "/usr/bin/dbus-launch --exit-with-session
> /etc/X11/xinit/Xclients"
> 
> 9:09 or so was when I used ssh-add. Note that ssh-agent has been running
> since the second, and I logged out Friday and yesterday.
> 
>mark
> 

Suggestion to make everything even clearer.

1) either `killall -9 ssh-agent` or reboot.
2) logout (if not rebooted, so that _gdm_ restarts X)
3) login
4) Do *_NOT_* start ssh-agent in a terminal.
5) in a terminal execute `ps aux |grep agent`
6) record report 1
7) logout
8) login
9) Do *_NOT_* start ssh-agent in a terminal.
10) in a terminal execute `ps aux |grep agent`
11) record report 2
12) we should see ssh-agent is running in both cases, if your CentOS box is 
setup the way I think it is.
i.e. understand /etc/X11/xinit/xinitrc-common kicks it off for you.
13) we should see a delta in the agent PID from report 1 to report 2.
14) we should see only one agent in both reports.



-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh-agent

2010-04-06 Thread Todd Denniston
m.r...@5-cent.us wrote, On 04/06/2010 10:51 AM:
> What I was doing: log onto my machine (system run level 5, I log out, NOT
> just lock the screen, every single night; therefore, there should be no
> processes running owned by me), and in a terminal window, do
>ssh-agent
>ssh-add .ssh/private key
> and enter my passphrase. Then I'd go through the day merrily on my way.
> 
> Now, I find that when I log out, ssh-agent IS NOT STOPPED, even though I
> am logged all the way out. When I log out, unless I background something,
> everything running as me should go away. Everything.
> 
> What I will try tomorrow, or maybe, if I get real enthused, later today,
> is to see if, after logging all the way out, then logging back in, whether
> ssh-agent has retained the ssh key that I added in the last session. If
> so, I *will* call this an important security hole, since in the unlikely
> event that someone manages to crack into my account (I lock the screen,
> per division rules, when I walk out of the office, so they can't just sit
> down at my desk), they could get to every other machine without so much as
> a by-your-leave, with no passwords.

I believe you can specify to agent that it should forget what it knows after a 
specified time
period, at least when you are firing up the agent.

> 
> Now is this clearer?
> 

question:
if you don't start ssh-agent in your terminal do you see something like the 
following with ps?

~$ ps aux |grep agent
uname 12345  0.0  0.1   8916  3608 ?Ss   09:12   0:00 
/usr/bin/ssh-agent /bin/sh -c exec -l
/bin/bash -c "/usr/bin/dbus-launch --exit-with-session /etc/X11/xinit/Xclients"

gdm (run level 5) starts that for you automatically and puts the appropriate 
variables in the
environment.

I don't think I had to do anything special at install time to have gdm kick 
that off as I log in.

This instance does end with the end of my sessions.

Hope that helps.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] fsck problems

2010-03-23 Thread Todd Denniston
m.r...@5-cent.us wrote, On 03/23/2010 09:49 AM:
>> sync wrote:
>>> Thanks for all replies .
>>>
>>> Today, I did the following things,and also met the other errror message:
> 
>>> Then,  reboot the server and then boot it from the hard disk.
>>>
>>> This time, the screen came up with these:
>>>
>>> Checking root filesystem:
>>> --
>>> EXT3-fs error (device dm-0) :
>>> ext3_get_inode_loc: unable to read  inode block -inode=7473432,
>>> block=14942282
> 
>>> It is obvious that the fsck command maybe not to use .
>>>
>>> What could i do now ?
>>>
>>>  Maybe it is the only method to reinstall the CentOS operating system.
>>> isn't it?
>> That looks like you either have a physically bad hard disk, or
>> directory/inode corruption in the entry needed to load fsck.  Try running
> 
> Looks to me as though you definitely have a hard drive going bad. The
> thing that says that to me is "unable to read", not "error reading". I'd
> reboot from a DVD with linux rescue, do *not* mount the filesystems, and
> do an fsck -c (and any other options) on all the partitions that are
> formatted. This will check for bad blocks. If there's only a few, say, 1,
> or 10, note how many of them there are, and let it take its default to
> mark, and then fix everything else. If there's a *bunch* of them (100+),
> you need a new hard disk, now.
> 
> mark "done this too much recently"

Side question: is there encryption in use on the volumes?

And assuming you fsck ... considering  "Checking root filesystem" is where the 
error shows up, I
would be

a) reading `man rpm`
and
b) running some variation of
for i in `all the packages installed`; \
do \
  echo "looking at $i"; \
  rpm -V $i;\
done > howbadismysystem.txt 2>&1

or

rpm -Va > confusinghowbadismysystem.txt 2>&1


and look for things that are not config files that have changed.
of course on CentOS 5.x prelinking makes a mess of things.

And then there is the implicit assumption that the rpm db was not one of the 
things that got
hammered. :)

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] fsck problems

2010-03-22 Thread Todd Denniston
sync wrote, On 03/22/2010 05:11 AM:
> Thanks  for all reply...
> 
> 

A) as Nicolas HINTED please read the _text_ that follows "Guidelines for CentOS 
Mailing List posts" at
http://www.centos.org/modules/tinycontent/index.php?id=16

B) as time permits read the links in that section, I think the ones some of us 
want you to read are:
http://www.caliburn.nl/topposting.html
and a couple of supplementals:
http://en.wikipedia.org/wiki/Posting_style#Interleaved_style
or
http://en.wikipedia.org/wiki/Posting_style#Bottom-posting


> Because the boss don't let me do that .
> He said that would be dangerous and it would destroy all data in  the  hard
> disk
> 

What did the boss say would "be dangerous and ... would destroy all data"
i.e. what command and options would the boss not let you run?

It is a bit hard to comment on that which is not here.

Is the boss more qualified to be administrating the machine in critical times 
like this than you**?
If so, then it is most likely time to hand him the keyboard and tell him he 
gets to keep the bits
that are left intact (both before he starts typing and after).
Will there be someone who you both trust to work on the machine in this state 
coming into the office
soon?


I would expect that anyone who is willing to help you over email would want at 
least the following
questions answered:
Which kind of file system is being used on the volume having trouble?
Do you have backups?
Is the volume small enough and do you trust yourself enough with dd to 
duplicate it off to a
USB|firewire|esata disk? (now THIS _is_ risky. :)
have you read `man fsck` to see why it was being suggested to run it WITHOUT 
the a or p options?



** The boss "...said that would be dangerous and it would destroy all data..." 
comment, indicates to
me that either you or he or both think that.


> 
> On Mon, Mar 22, 2010 at 4:03 PM, Nicolas Thierry-Mieg <
> nicolas.thierry-m...@imag.fr> wrote:
> 
>> sync wrote:
>>> run fsck manually without a or p options?
>>>
>>> Not yet ~
>> why not?
>>

>> try reading the bottom of this page:
>> http://www.centos.org/modules/tinycontent/index.php?id=16
>>
>> it's publicly readable, unlike your link.
>>


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Desperately need help with multi-core NIC performance

2010-02-24 Thread Todd Denniston
Pete Kay wrote, On 02/24/2010 06:08 PM:
> Hi
> 
> So is that the limit?  I have heard people being able to run like 10K
> call channels before max out CPU cap.
> 

were those people running g.711 or something using less bandwidth?

And why are you thinking CPU cap?
What is the load average (from top or uptime)?
In top** (after pressing 1) are you seeing processors that are not idling or 
are in large wait states?
[purpose of these questions is to either get information for us to understand 
that you have a CPU
problem, or point it out to you that you don't]


** there are better applications than top for seeing where the processors are 
spending their time,
but my brain is mush for remembering them right now.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] very large difference between df and du (10 GB, hard to believe)

2010-02-01 Thread Todd Denniston
Robert Grasso wrote, On 02/01/2010 10:29 AM:
> Hello,

> CentOS 4.8. I noticed a difference between df and du which is hard to believe 
> :
> 
> according to df, I am using 29 GB
> [r...@cedrat-rt ~]$ df -h
> FilesystemSize  Used Avail Use% Mounted on
> /dev/sda1  33G   29G  2.8G  92% /
> none  506M 0  506M   0% /dev/shm
> 
> (there are no other partitions - ok, I could have partitioned it a bit more)
> but according to 
> 
> du -kshxc /*
> my largest directory is /var (because of mysql) and the grand total is
> 19 GB
> 
> I have a 10 GB difference between both outputs.

> e2fsck reports a clean filesystem

> Does anybody have a suggestion ?


-k is 1k block size
-h is print human readable (with appropriate extensions)
which ever of them is last wins for display... I suggest only using one though, 
to reduce possible
confusion.
for large measurements I usually use -m,
of course it could be fun to use --block-size=1024M instead, i.e., 1G.


I too would expect them to come close to matching, unless you have a lot of 
3.5k (or less) files in
a 4k inode file system.

du -shxc --count-links /*
du -shxc --apparent-size /*
du -shxc --count-links --apparent-size /*

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] APC Smart-ups "status codes" (slightly OT)

2010-02-01 Thread Todd Denniston
m.r...@5-cent.us wrote, On 01/29/2010 04:53 PM:
> We got replacement battery "kits" for some of our APC UPS' (Smart-UPS,
> rackmount). I put them into one tray (it's for an RBC 43, which takes 8,
> and weighs a ton), and put it in, and let it charge. Idiot "change
> battery" led stays on. So I hit the test button, it discharges very
> rapidly (a good number of servers on this), and the led stays on.
> 
> For some reason, apcupsd's USB test fails, with an HIDDEV i/o error. So I
> got rid of the weird APC usb cable, and put in one of their serial cables,
> and run the "smart" test (the USB does more), and get results showing
> everything's fine.
> 
> But the idiot light's still on.
> 
> So, looking at all the values that the "apcsmart" choice can give me, the
> first thing is UPS status. I've been googling for a while, and can't find
> a single reference to it. Anyone have a link to somewhere that will give
> me the status codes (and their meaning)?
> 

no idea on the status codes... but I interpret from the above and what the 
apcupsd folks have posted
to seem to indicate that you may be down to either soft or manual runtime 
calibration:

http://www.apcupsd.com/manual/manual.html#battery-replacement
http://www.apcupsd.com/manual/manual.html#battery-installation
http://www.apcupsd.com/manual/manual.html#soft-runtime-calibration
http://www.apcupsd.com/manual/manual.html#manual-runtime-calibration

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


[CentOS] Help finding the X man page.

2010-01-11 Thread Todd Denniston
I would like to tweak the way my gnome-terminals are coming up and the `man 
gnome-terminal` refers 
me to the "X" man page (specifically for --geometry).
Although I have found what is probably an adequate version on line[1] (from the 
x.org folks no 
less), I would like to have the man page from CentOS ON my system.

my yum foo is not doing so well...
$ yum  whatprovides \*/man7\*/X\*gz
Loaded plugins: fastestmirror, security
No Matches found

and
$ yum  whatprovides \*/man\*/X\*gz
... is a bit overwhelming and did not seem to have what I was looking for.


further gentle clue-by-four available?

[1] http://www.x.org/archive/X11R6.8.1/doc/X.7.html

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


[CentOS] Cent5 SELinux impacts on home exports when restoring from older systems are?

2009-12-08 Thread Todd Denniston
I am working on moving some nfs shares from an older Linux system to CentOS5 
server.
some are used by the machine and its clients as $HOME (but not mounted at 
/home) and working 
directories.
using selinux-policy-targeted.

Are there any selinux policy additions (so restorecon keeps them each time it 
is ran) I should be 
looking to make before trying to slip the new system in under the users noses? 
that is besides 
setting to permissive, which I do not want to do.

I am finding http://wiki.centos.org/HowTos/SELinux and 
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-selinux.html of 
mild use.

Thanks for any advise/informative URLs.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Autofs cannot bind LDAP server

2009-12-02 Thread Todd Denniston
Kwan Lowe wrote, On 12/02/2009 07:07 AM:
> On Fri, Nov 27, 2009 at 12:30 PM, Eric B.  wrote:
> 
>> My problem, however, is that once my ldap server is back up, autofs never
>> seems to retry to connect to it, so all my /home mounts fail.  Basically, it
>> means I have to make sure that my LDAP server is never down while another
>> server is rebooting.
>>
>> I figure there must be something in the configuration file that would allow
>> me to tweak this to indicate to autofs to recheck the ldap server
>> periodically to see if it has come back up, but can't seem to find anything.
> 
> Once the server is back up, does restarting the autofs daemon fix the
> behaviour?
> 
> Also, try setting the logging to debug.. Might give you a better idea
> of why it's not reconnecting.

Perhaps the following links from an autofs list thread will point to something 
for Eric:
subject: "[autofs] ldap and reloading"
http://linux.kernel.org/pipermail/autofs/2009-June/005775.html
http://linux.kernel.org/pipermail/autofs/2009-June/005779.html

BTW the 'how to' debug Autofs is at:
http://people.redhat.com/jmoyer/

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] High load averages with latest kernel and USB drives?

2009-11-20 Thread Todd Denniston
Benjamin Smith wrote, On 11/18/2009 06:11 PM:
> On Tuesday 17 November 2009 15:37:24 Todd Denniston wrote:
>> Benjamin Smith wrote, On 11/17/2009 01:46 PM:
>>> See comments below...
>>>
>>> On Tuesday 17 November 2009 07:52:01 Todd Denniston wrote:
>>>> Benjamin Smith wrote, On 11/16/2009 10:56 PM:
>>>>> I have a 1TB USB drive plugged into a USB2 port that I use to back up
>>>>> the production drives (which are SCSI). It's working fine, but while
>>>>> doing backups (hourly) the load average on the server shoots up from
>>>>> the normal 0.5 - 1.5 or so up to a high between 10 and 30. Strangely,
>>>>> even though the "load is high" the server is completely responsive,
>>>>> even the USB drives being accessed are!
>>>>>
>>>>> Using top to diagnose, nothing seems to be particularly high! IoWait
>>>>> seems reasonable (10-30%) and CPUs are 0.5%, Idle is 70-90%. Even
>>>>> accessing the USB partition while the load is "high" is responsive!
>> you might add another field to top while you are watching, Last used cpu
>>  (SMP), i.e., start top
>> press f
>> press j
>> press enter
>>
>> this should let you see if your process is bouncing between processors.
> 
> The process pg_dump is "adhering" fine to processor 1. I see usb-storage 
> bouncing between processors - I've seen it on 3, 4, 7 over perhaps a minute. 
> What could you recommend next? 
> 

try
#2 set the usb-storage on a particular set of processors,
# Note USBSTORPID= line prototyped on CentOS 5 machine not 4.
USBSTORPID=`ps aux |grep usb-storage|head -1 |awk '{print $2}'`
taskset -p -c 4 $USBSTORPID

and still
I have not had the taskset of the USB driver cause faults when used on a dual 
processor Xeon, but if 
any of the above breaks your system you get to keep the chunky bits. :0

so if you try it, keep an eye on it.
reversing the above taskset in your case would I _think_ be:
taskset -p -c 0-7 $USBSTORPID

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] High load averages with latest kernel and USB drives?

2009-11-17 Thread Todd Denniston
Benjamin Smith wrote, On 11/17/2009 01:46 PM:
> See comments below... 
> 
> On Tuesday 17 November 2009 07:52:01 Todd Denniston wrote:
>> Benjamin Smith wrote, On 11/16/2009 10:56 PM:
>>> I have a 1TB USB drive plugged into a USB2 port that I use to back up the
>>> production drives (which are SCSI). It's working fine, but while doing
>>> backups (hourly) the load average on the server shoots up from the normal
>>> 0.5 - 1.5 or so up to a high between 10 and 30. Strangely, even though
>>> the "load is high" the server is completely responsive, even the USB
>>> drives being accessed are!
>>>
>>> Using top to diagnose, nothing seems to be particularly high! IoWait
>>> seems reasonable (10-30%) and CPUs are 0.5%, Idle is 70-90%. Even
>>> accessing the USB partition while the load is "high" is responsive!
>>>
> 

you might add another field to top while you are watching, Last used cpu (SMP), 
i.e.,
start top
press f
press j
press enter

this should let you see if your process is bouncing between processors.

>> As workarounds perhaps asking the kernel to schedule in a specific way
>>  might help, i.e.: #1 set the backup on a particular set of processors,
>> #  replace the pg_dump line above with
>> taskset -c 3-4 pg_dump  mydatabase > \
>>  /media/backups/mydatabase.$hour.pgsql;
> 
> There are 8 cores on the machine, none of which are reporting more than 5% 
> load. That's what has me perplexed. When I run top, I see a max of about 30% 
> user. Everything else is zero. When I run the backup script to a non-USB 
> drive, the load average is completely normal (below 0.50, often below 0.10) 

USB chewing up more CPU than normal disks has been my experience all along, 
this just seems a little 
extreme.

> 
>> #2 set the usb-storage on a particular set of processors,
>> # Note USBSTORPID= line prototyped on CentOS 5 machine not 4.
>> USBSTORPID=`ps aux |grep usb-storage|head -1 |awk '{print $2}'`
>> taskset -p -c 3-4 $USBSTORPID
>> #you might even go back and reduce the processor list
>> #to just 3 or 4 instead of both.
> 
> Could you explain to me what this should accomplish? I'm curious as to why 
> you 
> went this route... 

Even though the process is not using much processor time, having it bounce 
around between processors 
can:
* thrash the cache of each processor as it goes there
* waste time context switching in the next processor
* bounce other processes around and cascade the same effects as they go along

I know that there has been some scheduler work over time to have these switches 
be less likely, but 
I have also seen some good effects by locking certain processes into a 
processor instead of letting 
it float.  Usually the best processes to do to are ones that use large amounts 
of memory, like X or 
Firefox which are large enough that they thoroughly toss anything else out of a 
processor's cache.


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] High load averages with latest kernel and USB drives?

2009-11-17 Thread Todd Denniston
Benjamin Smith wrote, On 11/16/2009 10:56 PM:
> I have a 1TB USB drive plugged into a USB2 port that I use to back up the 
> production drives (which are SCSI). It's working fine, but while doing 
> backups 
> (hourly) the load average on the server shoots up from the normal 0.5 - 1.5 
> or 
> so up to a high between 10 and 30. Strangely, even though the "load is high" 
> the server is completely responsive, even the USB drives being accessed are! 
> 
> Backup script is really simple, run via cron, pretty much just: 
> 
> #! /bin/sh 
> hour=`date +%k`;
> pg_dump  mydatabase > /media/backups/mydatabase.$hour.pgsql; 
> 
> where /media/backups is the mount point for the USB drive. 
> 
> Using top to diagnose, nothing seems to be particularly high! IoWait seems 
> reasonable (10-30%) and CPUs are 0.5%, Idle is 70-90%. Even accessing the USB 
> partition while the load is "high" is responsive! 
> 
> I'm guessing that something changed in how load average is counted?
> 
> Server Stats: 
>   Late model 8-way Xeon, SuperMicro brand. 
>   CentOS 4.x  / 64 (all updates applied, booted after last kernel update) 
>   Kernel 2.6.9-89.0.16.ELsmp
>   4 GB ECC RAM
>   300 GB SCSI HDD. 
>   Standard Apache/PHP, Postgres 8.4. 
> 
> Any idea how to revert to the old load average tracking behavior short of 
> using a stale and potentially insecure kernel? 
> 

Note, although I have a couple of ideas, I am answering/questioning more out of 
curiosity than 
experience. salt appropriately.

Are you saying that when you were running a previous kernel the same operations 
with the same 
devices did not have the high load?  Which specific kernels worked as desired 
(if someone is going 
to bisect the problem they need a start point)?

Are there other processes on the machine that are waiting to use the db while 
the dump is occurring?
How many postgres processes are waiting for the dump to finish (it has been a 
while since I ran 
postgres so I don't recall how it deals with query's during a dump)?

As workarounds perhaps asking the kernel to schedule in a specific way might 
help, i.e.:
#1 set the backup on a particular set of processors,
#  replace the pg_dump line above with
taskset -c 3-4 pg_dump  mydatabase > \
/media/backups/mydatabase.$hour.pgsql;

#2 set the usb-storage on a particular set of processors,
# Note USBSTORPID= line prototyped on CentOS 5 machine not 4.
USBSTORPID=`ps aux |grep usb-storage|head -1 |awk '{print $2}'`
taskset -p -c 3-4 $USBSTORPID
#you might even go back and reduce the processor list
#to just 3 or 4 instead of both.

#3 don't update atime
# (should at worst be a minor thing, and you say that
# the usb mounted file system is responsive,
# but perhaps it would help some.)
mount -oremount,noatime /media/backups/

I have not had the taskset of the USB driver cause faults when used on a dual 
processor Xeon, but if 
any of the above breaks your system you get to keep the chunky bits. :0
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] 2 TB limit on USB drive

2009-11-16 Thread Todd Denniston
Gareth Tupper wrote, On 11/16/2009 03:12 PM:
> Hallo
>  
> I submitted this as a bug several weeks ago, but I wanted to ask around
> & see if anyone else has come across this
what BZ and #? (mainly out of curiosity, but not enough to override the 
laziness of not wanting to 
check 2 different BZs)
>  
>   I have a USB Buffalo Drivestation Quattro, with 4 1TB disks
> configured in raid5 as one 2.8TB (or so) disk, attached to a Cent 5.4 64
> bit server (completely yum'd up to date)
> 

> After this failure, the disk is either a) inaccessible, or b) reports
> only a 2 TB partition.
> 

> [r...@myserver ~]# cat /proc/partitions
> major minor #blocks name
>...
>8 32 2147483648 sdc << the disk showing incorrectly with only 2TB of
> storage
>  
> This bug seems very similar to a previous bug:
> https://bugzilla.redhat.com/show_bug.cgi?id=502944 which was reported
> fixed in 5.4 
>  
> Anyone seen this before, or have any ideas how I can get CentOS to see
> the disk?
>  

ideas:
A1) figure out how much more/less than
http://www.linuxhq.com/kernel/v2.6/24/drivers/usb/storage/usb.c
needs patched into the kernel source to make >2TB work.
A2) get the CentOS kernel SRPM and patch it in, build, install and use.
[considering the bz you point to points to (in Comment #7) a very small patch 
for the ipbvscsi 
devices, it is _probably_ just a simple patch from the 24 version of usb.c]


B1) give a kernel dev at that prominent North American Enterprise Linux vendor 
(who runs Enterprise 
Linux instead of Fedora) a 2.8TB USB disk to play with and
B2) point them at 
http://www.linuxhq.com/kernel/v2.6/24/drivers/usb/storage/usb.c

:)

Alternatively we could find someone with a 2+TB USB disk and the ability to 
submit bugs on a 
subscription to that prominent North American Enterprise Linux vendor.
(or see if a proven change could be put in a CentOS plus kernel[module])

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] bash variable expansion moment

2009-11-16 Thread Todd Denniston
ken wrote, On 11/14/2009 07:37 PM:
> It's half a nice Saturday later and many attempts have brought no
> satisfaction.  Maybe this can't be done.
> 
> I'm trying to write a function which, when called from one function
> execute in another.  In itself, that's not the problem.  Rather, there's
> one built-in variable which is evaluated in the function definition and
> it's value is then set (too early).
> 

> 
> I want the function Line to show the line number in the second file
> where it's executed, not the line number from the sourced function.
> 
> Any mavens got the skinny on this?

As I understand the variable is interpreted from the perspective of the line of 
the file, and bash 
does not inline the function.

A trick around it can be gotten with the following modification of your scripts.
---func-file--
Line()
{
echo This is line "$MyLN" $@
}
#extra
#lines
#desired
#to
#show
#that
#execution
#not
#early, orig
#simply
#placed
#early
#in
#file
LineO()
{
echo This is line "$LINENO" $@
}
-

main-
#!/bin/bash

. ./func-file

MyLN=$LINENO Line ... it should be $LINENO
LineO ... it should be $LINENO
-

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Centos 5.4 with Rage

2009-11-09 Thread Todd Denniston
Steve Campbell wrote, On 11/09/2009 03:40 PM:
> 
> Ron Loftin wrote:
>> On Mon, 2009-11-09 at 14:44 -0500, Steve Campbell wrote:
>>   
>>> nate wrote:
>>> 
>>>> Steve Campbell wrote:
>>>>   
>>>>   
>>>>> I'm trying to install a newly downloaded Centos 5.4 on an older Dell
>>>>> PowerEdge 300. Unfortunately, it came with one of those ATI Rage 2.0
>>>>> video cards. The install screens show fine, and the initial screen does
>>>>> fine, but once it starts the "firstboot" section, where I'm supposed to
>>>>> select the firewall and such, I get two thirds of the top of the screen
>>>>> and a repeat of the top third on the bottom. Hence I don't get the
>>>>> bottom third where all of the selection buttons are.
>>>>>

>>> I found a link to something on google that sort of suggests it's a 
>>> problem with the xorg.conf file and the monitor, not the video adapter. 
>>> I'll see if I can't get it resolved and report back.
>>> 

> 
> I think I fixed it. The problem seems to have been a problem with the 
> "Monitor" section not being created in the xorg.conf file during 
> installation due to it not being detected properly. I copied a section 
> from an older Centos 3 XF86Config file and it seemed to do just fine.
> 
> This problem has been around since 5.0, as far as I could determine
> 
> steve
> 

And is probably still around in Fedora 12, so if we want CentOS 6 (and the 
upstream provider's 
version 6) to have it right, we should probably hit the hardware with some live 
CD's and BZ the results.
https://www.redhat.com/archives/fedora-test-list/2009-November/msg00106.html
https://bugzilla.redhat.com/show_bug.cgi?id=532842
https://bugzilla.redhat.com/show_bug.cgi?id=493441

I would have piled on, with info from a live CD, but my bugzilla account has 
gotten buggered by some 
.mil address protection schem.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] mock, extras vs epel

2009-11-03 Thread Todd Denniston
Karanbir Singh wrote, On 11/03/2009 04:57 AM:
> The mock in extras is what we use to build the distro against and is the 
> only version we work with on the buildsystems. depending on what you are 
> doing, that issue might or might not be relevant.
> 

Thanks for yours and Mr. X's feedback.
Off to try mock out and see if I do or don't like it. :)
And do a little thinking on the relevance of using the distro version of mock.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


[CentOS] mock, extras vs epel

2009-11-02 Thread Todd Denniston
I am looking to be a bit more standard in the builds of my CentOS rpms, and so 
I was about to 
install mock but noticed that there is one provided in the centos/5/extras and 
another in epel.

epel is obviously newer, but are there reasons/experiences in this group that 
would suggest sticking 
with the extras version instead? Or even reasons other than the shiny version 
number on the epel one 
to go with it?

Is the extras version the version used by the upstream provider and thus the 
CentOS team keeps it 
around to do the matching builds?

Thanks for the clarifications.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Inquiry:External USB modem and Remote PC Access?

2009-10-27 Thread Todd Denniston
m.r...@5-cent.us wrote, On 10/27/2009 12:31 PM:
>> John R Pierce wrote, On 10/27/2009 02:42 AM:
>>> GUI over a 28k dialup?  ouch.  there's no network connection at this
>>> remote site?   its going to be really really slow over dialup.  I'm
>>> talking minutes to paint a screen at 2-3kbyte/sec serial speeds (a
>>> 1280x1024 24bit desktop is 3.6 million bytes). use a really simple
>>> theme on the desktop with no shaded borders, no backgroun graphics
>>> ('wallpaper'), etc.Sending a single full screen 1280x1024
>>> photographic image could take a half hour or more.
>>>
>> You Kids and your full desktop hosted back...
>> back in the day I worked with individual applications across a 9.6kbps
>> connection, and yes it was
>> slow and had a bit of lag, but it worked well enough to use xemacs and
>> mozilla across.  Also when
> 
> Man, talk about a time traveller! How'd you get a copy of firefox back to
> when we only had Netscape?

Your right, I started with Mosaic &  an "andrew" mail/message program, and 
moved to Netscape.


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Inquiry:External USB modem and Remote PC Access?

2009-10-27 Thread Todd Denniston
John R Pierce wrote, On 10/27/2009 02:42 AM:
> GUI over a 28k dialup?  ouch.  there's no network connection at this 
> remote site?   its going to be really really slow over dialup.  I'm 
> talking minutes to paint a screen at 2-3kbyte/sec serial speeds (a 
> 1280x1024 24bit desktop is 3.6 million bytes). use a really simple 
> theme on the desktop with no shaded borders, no backgroun graphics 
> ('wallpaper'), etc.Sending a single full screen 1280x1024 
> photographic image could take a half hour or more.
> 

You Kids and your full desktop hosted back...
back in the day I worked with individual applications across a 9.6kbps 
connection, and yes it was 
slow and had a bit of lag, but it worked well enough to use xemacs and mozilla 
across.  Also when 
hosting the application back, you are not transferring all the pixels, but only 
the X commands to 
draw them, so unless you are running a picture editor/viewer (such as gimp) 
then a lot less than 
your 3.6 million bytes per 1280X1024x24bit will be used.  Granted, running the 
gimp full screen 
across such a link would be a near insane thing.

I was much happier when I discovered `ssh -C` (in combination with X or Y), to 
host the apps back. 
There was still a little lag but overall it was _much_ snappier.

I have yet to use X across a vnc or with freenx so I can't comment on how they 
compare to `ssh -C`.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] rpm --freshen issue

2009-10-21 Thread Todd Denniston
ken wrote, On 10/21/2009 05:12 AM:
> On 10/20/2009 12:15 PM Benjamin Franz wrote:
>> ken wrote:

>>>
>>> Yeah, this directory contains 1507 rpms (IIRC)... which is a lot, but it
>>> should still work.  This is Linux, after all.  And there's plenty enough
>>> memory and cpu to handle it.
>>>   
>> Running
>>
>> rpm --freshen --repackage * 
>>
>> for 1500+ rpms  probably exceeds the maximum character length for some 
>> part of the system after expansion of the '*'  by the shell.
> 



> Benjamin, thanks for your constructive response.  Any further such (from
> you or anyone else) will be much appreciated.
> 
> Best,
> ken
> 
>> Alternatively, use 'createrepo' to create a Yum repository of the RPMs 
>> and use yum to handle it for you.
>>

Ken,
please let me second the idea for using createrepo on the collection so that 
you can then use yum to 
resolve everything.

Assuming "/install" is where the rpms are at and createrepo is installed from 
base(at least on 5. it 
is in base), running the following commands should get the system going:

createrepo /install
cat >> /etc/yum.repos.d/quickupdate.repo << END_EOF
[expedient]
name=expedient update dir
baseurl=file:///install
enabled=0
#assume the machine already has gpg key for all rpms you have
gpgcheck=1
END_EOF
yum update --disablerepo=\* --enablerepo=expedient



alternatively if the problem is not really the shell length, then
yum localupdate /install
or
yum localupdate /install/*
might work.
https://www.centos.org/modules/news/article.php?storyid=118#comment90
http://fedoraforum.org/forum/archive/index.php/t-140404.html

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Segmentation fault

2009-09-18 Thread Todd Denniston
fous velkej wrote, On 09/18/2009 09:44 AM:
> hi
> 
> i've recently installed centos 5.3 on the machine.
> the installation went fine, but after that (on the first boot) it says
> a lot of segmentation fault errors
> 
> fe.
> # yum
> Segmentation fault
> 
> i've tried centos 5.2 and 5.0 also, but none of them works.
> but the centos 4.x works fine.
> 
> could anyone tell me where the problem is?
> thanx a lot
> fous

Warning: WAG questions follow:

was each of the 5.X tests done from install or upgrades from previous installs?
[I have seen a library get munged on first install, and a reinstall would fix 
it, but if the upgrade 
used the same version of the lib, it would not fix it.]

Just another guess, what processor do you have?

How close to being full is the disk after the 5.X install?

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos