[CentOS] OT: Sysadmin position
Apologies if this is out of line. I have an opening for a full-time Systems Administrator. Please contact me off list for details Tony Placilla aplaci...@jhu.edu IT Operations Projects Manager Physics Astronomy Johns Hopkins University 3400 N. Charles St. Baltimore MD 21218 410-516-0632 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OFFTOPIC :: IB hardware choice
Hi! I would need an advice from those that use IB (as admins :) ) i have a choice between : 1. Mellanox InfiniHost(r) III Lx HCA card, single-port CX4, DDR, PCIe x8, mem-free, tall bracket, RoHS R5 2. QLogic Single Port 20 Gb InfiniBand to x16 PCI Express Adapter (Single Pack) aside the price is there anything else that could help me make a discrimination between this two? (these will be used in twin servers for a small (up to 24 nodes) parallel cluster) Thanks! Adrian I would be curious to know what the QLogic IB card is. There was a version that was a Mellanox chip. Those things were terrible. If it's a model 7200 series I believe it's a qlogic chip known as either PathScale or TrueScale. These chips perform WAY better than the InfiniHost chips. Especially if you use an MPI library that is able to make use of QLogic's now open source PSM stuff. -- Tony Placilla aplaci...@jhu.edu ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping and traceroute...
On Fri, Jan 23, 2009 at 12:41 PM, in message a937d2190901230941v363570e3u4f64d942f847e...@mail.gmail.com, Jacques B. jjrbouc...@gmail.com wrote: On 1/23/09, John Doe jd...@yahoo.com wrote: Hi everybody, Right now, we are blocking pings and traceroutes to our website. But, in order for our members to test the connection when they are experiencing slow browsing, we are thinking about unblocking them... Are there still any security issues (flooding, etc...) in enabling them or is that an old problem fixed a long time ago? Thanks, JD Can't help you on that specific question. However do you have the luxury of having your members coming from a block of IPs so you could open pings to that block only. Even if it included more than just your members (i.e. all pings from a particular ISP or geographical area) at least it would reduce your visibility thus reduce your vulnerability should it be an issue. Jacques B. Blocking ping has always been a pet peeve of mine. Aside from violating RFC-1122 (3.2.2.6 Echo Request/Reply: RFC-792 Every host MUST implement an ICMP Echo server function that receives Echo Requests and sends corresponding Echo Replies.) It provides *no* additional security makes troubleshooting network issues that much more difficult. this was on an ipfw list. Also, when blocking incoming ICMP requests and replies, please, please, *please* take care to NOT block type 3 (destination unreachable) - blocking 'need to fragment' packets (type 3, code 4) is a way to instant gratification, if your idea of gratification is being a blackhole router which breaks the Path MTU discovery for any poor soul who decides (or simply has to) route through you, and for your own outgoing connections, too. Other useful ICMP types are 0 (echo/ping reply), 4 (source quench, for throttling down (usually) TCP connections if some device further down the path cannot handle the packet rate), 8 (echo/ping request), 30 (Windows traceroute), but you *could* block those without much harm to the TCP/IP protocol stack, the only thing harmed would be functionality - e.g. blocking types 0 and 8 would deprive you of pings, blocking type 30 would stop Windows traceroute from working, blocking type 4 would mean that TCP connections going over a much slower link somewhere down the line would be additionally slowed down by lots of retransmissions instead of simply bringing down the packet rate. However, whatever you block, please don't block type 3 code 4, and better not block any of the type 3's :) my $0.02 Tony Placilla aplaci...@jhu.edu Sr. UNIX Systems Administrator The Sheridan Libraries Johns Hopkins University ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hierarchial storage management or automated archival to tape
On Thu, Jan 8, 2009 at 10:37 AM, in message 77c4f5c60901080737ka0ee2fbr7f6badc9fc48e...@mail.gmail.com, Bent Terp b...@terp.se wrote: Hi list! While regular backup solutions like amanda or bacula are very good at their job, ie keeping point2point copies of the files currently on disk, I find them less suited for archiving - having unused files move to tape in duplo and stay there until requested. I've even read of multi-tier solutions - move to slower disks after a week and further on to tape after a month. Does anyone have some experience or suggestions for this? The project will deal with ~100 TB of growth per year, most files somewhere between 2 and 50 GB. Yes, it can be done with everything in one filesystem, but I'm concerned about running a full backup every month of 500 TB ;-) Not to mention the time required for recovery in case the filesys crashes BR Bent We use SAM-FS to do just that here in the libraries. http://opensolaris.org/os/project/samqfs/What_are_QFS_and_SAM/ It was open sourced last year. Not a simple tool to implement but it does work as advertised. Tony Placilla aplaci...@jhu.edu Sr. UNIX Systems Administrator The Sheridan Libraries Johns Hopkins University ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ZFS on Linux
On Mon, Dec 29, 2008 at 7:24 PM, in message 49596a48.4000...@bradbury.edu.hk, Christopher Chan christopher.c...@bradbury.edu.hk wrote: I agree in general with most every opinion. Especially Davide's comment above. Very good analogy Open Solaris may be your best choice. I would suggest you do pay attention to Solaris itself. It's free (as in beer) from Sun it works. Except for patches unless you want to browse Sun's website regularly to download them. You also get more hardware support on OpenSolaris and support from Sun for OpenSolaris but I suppose the latter option is probably better done with Solaris 10 + support which includes access to patch management. Unless you like the way things are done over here in Linux land which is one tool to manage them all and not one tool to install packages and another tool to install patches to packages. Agreed. Only the OP knows the criticality of his data whether or not he needs support at what level. The root answer is that if he wants to use ZFS (which is a *good* choice) he should use some flavor of Solaris Tony Placilla aplaci...@jhu.edu Sr. UNIX Systems Administrator The Sheridan Libraries Johns Hopkins University ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ZFS on Linux
On Mon, Dec 29, 2008 at 2:54 AM, in message 8e388b67-1d39-4095-95c5-132b02e4f...@ifom-ieo-campus.it, Davide Cittaro davide.citt...@ifom-ieo-campus.it wrote: On Dec 29, 2008, at 7:09 AM, John R Pierce wrote: Bill Campbell wrote: I would go with Opensolaris. for a dedicated production storage server, I would go with Solaris 10. unless there's some specific feature/capability you need thats only in OpenSolaris. Totally agree. Solaris 10 is known for its stability. OpenSolaris includes some advanced capabilities that will be included into Solaris (especially on zfs and kernel side). Solaris : OpenSolaris = CentOS : Fedora (more or less...) d I agree in general with most every opinion. Especially Davide's comment above. Very good analogy Open Solaris may be your best choice. I would suggest you do pay attention to Solaris itself. It's free (as in beer) from Sun it works. Here at the JHU libraries we manage about 1/2 PB of online data varying from images, audio, scanned documents, etc. in a ZFS instance on some massive storage. We evaluated all the iterations of ZFS on various OS's. ZFS/fuse was eliminated fairly quickly along with BSD. For the critical stuff we use Solaris on Sun H/W. For general storage it's Solaris_x86 on generic x86 H/W. Tony Placilla aplaci...@jhu.edu Sr. UNIX Systems Administrator The Sheridan Libraries Johns Hopkins University ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SERIOUSLY OT STREAM EDITING IMAGES
On Tue, Jul 15, 2008 at 3:57 PM, in message [EMAIL PROTECTED], John R Pierce [EMAIL PROTECTED] wrote: Chris Geldenhuis wrote: Hi All, I have been Googling my head off but cannot find a method to stream edit all the images in a directory and to resize them. I have a large number of images of up to 3GB in size that I want to put in albums on a website, but before I do this I need to resize them to a more realistic configuration. I know how to do this manually with the GIMP but it becomes tedious for more than a few images. imagemagick can do this, its a command line batch image editor. its a little tricky to figure out. I note its in the base Centos5 repository. docs on http://www.imagemagick.org/script/index.php for example: mogrify -size 480x320 *.jpg will convert all the jpgs to 480x320 mogrify -size 480x320 *.jpg will resize everything bigger than 480x320 down leave the smaller stuff alone. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] COBOL
Tony Placilla [EMAIL PROTECTED] Sr. UNIX Systems Administrator The Sheridan Libraries Johns Hopkins University On Wed, May 21, 2008 at 2:47 PM, in message [EMAIL PROTECTED], Michael [EMAIL PROTECTED] wrote: Just curious, maybe some old timers could help me out. I am working with a company that is migrating 20 years of Mainframe Software Development to Unix, HPUX. How much harder would it be to go to Linux, Centos Linux? Also, anyone have any experience with Fujitsu Cobol on Centos? The Fujitsu people only support Red Hat, and said I'd be on my own with Centos. In other words if it works, then I don't care about Fujitsu support. I know some of you are thinking, did someone say COBOL? Nobody uses COBOL anymore! If so, let me say You are wrong. Many large corporations are taking their old business logic that was written in COBOL decades ago, and moving it to new modern platforms, like Linux. Programatically giving these applications a GUI face-lift, while maintaining their original business logic. I know because many companies pay me to do just that. I have a client that wants to use Centos Linux with Fujistu Cobol, and Fujitsu says it's gotta be Red Hat, any help will much appreciated. Thanks, A datapoint the advice you get is worth what you pay. Where I work (in a Uni library) we encounter the same issue. The ISVs *only* support certify against RHEL. However, I do my development, test, staging, etc. on CentOS that I keep version compliant with upstream. I have had *no* problems. My short answer is, if it works on RHEL, it works on CentOS. Again, YMMV if it breaks, you get to keeps the pieces. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Tony Placilla [EMAIL PROTECTED] Sr. UNIX Systems Administrator The Sheridan Libraries Johns Hopkins University On Tue, Mar 25, 2008 at 12:48 PM, in message [EMAIL PROTECTED], Tim Alberts [EMAIL PROTECTED] wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? I am subject to this on an all too frequent basis. Here's what we've put in place that seems to work. DenyHosts. It's available through the rpmforge (or Dag's) repo. Just be sure you edit the config to allow SNYC_DOWNLOAD create an appropriate allowed.hosts file based upon your needs. sshd in protocol 2 privilege separation no root logins and a nifty little PAM trick is to create a group called ssh_users and those that should be able to access the server are put into that as their supplementary group. Edit sshd_config add AllowGroups ssh_users it's part parcel of the whole layered security idea it's cut the noise in my logs down by 99.9% plus I sleep better :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos