Re: AW: dist-upgrade on remote server
On Tue, Feb 05, 2002 at 03:38:22PM +0100, Andreas Rabus wrote: > > And that is not the case... > i need the old kernel for backup, but the 2.2 Kernel wouldn't work with > woody (devfs,...), this one is s.th i have tested... > > Any work around? or just be extar careful before re-booting? > > The way to go is by now: > - open multiple connections to the host (ssh, telnet-ssl) > - source.list points to woody > - "apt-get -d dist-upgrade" to download all packages > - apt-get dist-upgrade to install them. > - recompile new kernel for the used hardware. > - install that new kernel. > - reboot > - enjoy or curse the world... > > Am i missing s.th.? Be extra careful with network drivers! My No 1 mistake (2.2.x -> 2.4.x) is, having a rtl8139 card, and forgetting to adjust modutils entry. The driver is renamed from rtl8139 to 8139too (in fact it's a different driver). Also perhaps the driver used to be built into the kernel, and you compiled it as a module. It is getting quite relaxed, if you have two remote computers connected with two serial null-modem cables (com1-com2, com2-com1), putting the console on a serial port. In fact, except you broke lilo or removed your old known good kernel or didn't enable serial console, I cannot imagine a case where you won't have access to your remote computer after rebooting. florian -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- pgpiqwwa3kmUZ.pgp Description: PGP signature
Re: AW: dist-upgrade on remote server
On Tue, Feb 05, 2002 at 03:38:22PM +0100, Andreas Rabus wrote: > > And that is not the case... > i need the old kernel for backup, but the 2.2 Kernel wouldn't work with > woody (devfs,...), this one is s.th i have tested... > > Any work around? or just be extar careful before re-booting? > > The way to go is by now: > - open multiple connections to the host (ssh, telnet-ssl) > - source.list points to woody > - "apt-get -d dist-upgrade" to download all packages > - apt-get dist-upgrade to install them. > - recompile new kernel for the used hardware. > - install that new kernel. > - reboot > - enjoy or curse the world... > > Am i missing s.th.? Be extra careful with network drivers! My No 1 mistake (2.2.x -> 2.4.x) is, having a rtl8139 card, and forgetting to adjust modutils entry. The driver is renamed from rtl8139 to 8139too (in fact it's a different driver). Also perhaps the driver used to be built into the kernel, and you compiled it as a module. It is getting quite relaxed, if you have two remote computers connected with two serial null-modem cables (com1-com2, com2-com1), putting the console on a serial port. In fact, except you broke lilo or removed your old known good kernel or didn't enable serial console, I cannot imagine a case where you won't have access to your remote computer after rebooting. florian -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- msg05243/pgp0.pgp Description: PGP signature
Re: redundant mail servers
On Sat, Jan 26, 2002 at 01:28:39PM +1100, Russell Coker wrote: > On Sat, 26 Jan 2002 01:14, Florian Friesdorf wrote: > > > Please let me know, if I'm heading in the wrong direction. The setup > > will be for a team with 20 persons, so there won't be too much mail > > traffic. The only problem is, I won't be reachable for 2 months, and > > therefore the system should run without the need of a sysadmin. > > Well, there is another one - I've only 15 days left to set it up. > > With only 15 days you don't want something that will take a long time to > setup. Also you don't want something overly complex, the more complex the > more likely it is to break. That's what I think, too. > I suggest having a single machine with RAID-1. Then entire categories of > potential problems such as issues of accidentally mounting the same > filesystem on both machines will just disappear. > > Why do you need something special for only 20 users anyway? I'll be in South America for 2 months with only seldom Internet Access. They know their NT desktops, but not their servers. So I want a solution, where they can't do too much wrong and I don't have to worry while being away. I'm now trying heartbeat and drbd as supposed by Nicolas Bouthors. On the other hand, in the past 3 years, we had only one hardware failure (overheated cpu, due to damaged fan), and it's only 2 months... Perhaps I should leave everything as it is. ;-) -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- msg05012/pgp0.pgp Description: PGP signature
Re: redundant mail servers
On Fri, Jan 25, 2002 at 03:33:04PM +0100, Nicolas Bouthors wrote: > Florian Friesdorf said : > >> Is it possible (case 1) to mount one ext2 partition on two > >> computers at > >> the same time? > > No. Mounting may modify the superblock, and confuse the other machine > suffisently for it to crash and leave the FS in an unexpected state. That's a pity :-( > >> Well, there is another one - I've only 15 days left to set it up. > > Mmmm. Good luck :-). Thanks a lot. But with your hints, this has become more achievable. > I'm doing that kind of stuff here whith DRBD[1] and heartbeat[2]. The > main > difference is that we have only one server active at a given time and > the data is always synchronised. I just read through the drbd homepage and HOWTO. Sounds very good to me. Can you recommend it? Did anyone experience any strange/bad behaviour using it? From what I've read, I'm going to try last stable version 0.5.8 and therefore downgrade to 2.2.x kernels (at the moment I'm running 2.4.x) > If you have the cash, you can also look for a GFS or OpenGFS[3] > compatible > storage hardware. This is the ultimate trick to solve your problem, > but > it gets quite expensive... Mmmm - Well, I think I'll try drbd. thx florian -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- msg04997/pgp0.pgp Description: PGP signature
redundant mail servers
Hi,
I want to setup a redundant mail system using exim with maildirs.
I thought I use two mail servers (one scsi controller each)
and one scsi raid.
1.Server1 ---SCSI--- RAID5 ---SCSI--- Server2
or to remove the RAID as a Single Point of Failure: 2 RAIDs and 4 SCSI
controllers:
/---SCSI--- RAID5 1 ---SCSI---\
2.Server1 Server2
\---SCSI--- RAID5 2 ---SCSI---/
In both cases mail is delivered to the users homes into maildirs,
which will reside on the RAID.
Is it possible (case 1) to mount one ext2 partition on two computers at
the same time?
Is it possible (case 2) to run a software raid1 over two partitions (one
on each raid5) from both computers at the same time?
Please let me know, if I'm heading in the wrong direction. The setup
will be for a team with 20 persons, so there won't be too much mail
traffic. The only problem is, I won't be reachable for 2 months, and
therefore the system should run without the need of a sysadmin.
Well, there is another one - I've only 15 days left to set it up.
I also thought about using just 2 computers one harddrive each.
The homes on server one are mounted as /home-remote on server 2 via nfs
and vice versa. Both MTAs should deliver each mail twice (into /home and
/home-remote and the pop3/imap servers serve the mails from /home).
If one computer goes down, the other one would have all the mails.
However I think, this becomes really nasty, when using .forward files.
Any help would make me very happy.
tia
florian
--
Florian Friesdorf <[EMAIL PROTECTED]>
OpenPGP key available on public key servers
--> Save the future of Open Source <--
-> Online-Petition against Software Patents <-
--> http://petition.eurolinux.org <---
msg04994/pgp0.pgp
Description: PGP signature
Re: woody and ip masq options
On Tue, Nov 13, 2001 at 05:51:09PM -0600, Gregory Wood wrote: > Hello all, > > I've been working through 'woody', /etc/init.d/networking and > /etc/network/options but I'm missing how to set my options so that I activate > ip masq. > > I could type in the command manually or just add it to the script but that > just gets around the issue. > > Someone point me to the right HOW-TO file. Have a look at the ipmasq package. I think it will do exactly what you want. -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- pgpNlpYsxUTAm.pgp Description: PGP signature
Re: woody and ip masq options
On Tue, Nov 13, 2001 at 05:51:09PM -0600, Gregory Wood wrote: > Hello all, > > I've been working through 'woody', /etc/init.d/networking and /etc/network/options >but I'm missing how to set my options so that I activate ip masq. > > I could type in the command manually or just add it to the script but that just gets >around the issue. > > Someone point me to the right HOW-TO file. Have a look at the ipmasq package. I think it will do exactly what you want. -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- msg03988/pgp0.pgp Description: PGP signature
Re: duplicate network filesystems (was: HA mailserver (smtp, pop3, imap,imap/ssl))
On Wed, Oct 10, 2001 at 08:24:10PM +0200, Florian Friesdorf wrote: > On Wed, Oct 10, 2001 at 08:31:01AM -0400, Peter Billson wrote: > > > Then if one fileserver was down (even temporarily), then all the other > > > fileservers (all four) would have to queue a message about the data and > > > task and some heartbeat between fileservers could alert it when back up > > > and then make sure that the particular filesystem is properly updated. > > > > > > What do you all think about this? > > > > Sounds exactly like RAID except that the disks are in physically > > different machines. I wonder if you can set up software RAID to use NFS > > mounted drives... h... may be worth playing with. > > No solution, just a direction: > > The Enhanced Network Block Device Linux Kernel Module > "It makes a remote disk on a different machine act as though it were a > local disk on your machine. It looks like a block device on the local > machine where it's typically going to appear as /dev/nda." > "The intended use is for RAID over the net" > http://www.it.uc3m.es/~ptb/nbd/ > > from the Software-RAID-Howto: > "Linux RAID can work on most block devices. It doesn't matter whether > you use IDE or SCSI devices, or a mixture. Some people > have also used the Network Block Device (NBD) with more or less success." There is a thread on debian-isp "RAID over NBD" 10. AUG 2001 where this is discussed in short. Hirling Endre reports success with drbd. http://sourceforge.net/projects/drbd florian -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- pgp2SB7ZQpo2F.pgp Description: PGP signature
Re: duplicate network filesystems (was: HA mailserver (smtp, pop3, imap,imap/ssl))
On Wed, Oct 10, 2001 at 08:31:01AM -0400, Peter Billson wrote: > > Then if one fileserver was down (even temporarily), then all the other > > fileservers (all four) would have to queue a message about the data and > > task and some heartbeat between fileservers could alert it when back up > > and then make sure that the particular filesystem is properly updated. > > > > What do you all think about this? > > Sounds exactly like RAID except that the disks are in physically > different machines. I wonder if you can set up software RAID to use NFS > mounted drives... h... may be worth playing with. No solution, just a direction: The Enhanced Network Block Device Linux Kernel Module "It makes a remote disk on a different machine act as though it were a local disk on your machine. It looks like a block device on the local machine where it's typically going to appear as /dev/nda." "The intended use is for RAID over the net" http://www.it.uc3m.es/~ptb/nbd/ from the Software-RAID-Howto: "Linux RAID can work on most block devices. It doesn't matter whether you use IDE or SCSI devices, or a mixture. Some people have also used the Network Block Device (NBD) with more or less success." florian -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- pgppq44c2bhHn.pgp Description: PGP signature
Re: duplicate network filesystems (was: HA mailserver (smtp, pop3, imap,imap/ssl))
On Wed, Oct 10, 2001 at 08:24:10PM +0200, Florian Friesdorf wrote: > On Wed, Oct 10, 2001 at 08:31:01AM -0400, Peter Billson wrote: > > > Then if one fileserver was down (even temporarily), then all the other > > > fileservers (all four) would have to queue a message about the data and > > > task and some heartbeat between fileservers could alert it when back up > > > and then make sure that the particular filesystem is properly updated. > > > > > > What do you all think about this? > > > > Sounds exactly like RAID except that the disks are in physically > > different machines. I wonder if you can set up software RAID to use NFS > > mounted drives... h... may be worth playing with. > > No solution, just a direction: > > The Enhanced Network Block Device Linux Kernel Module > "It makes a remote disk on a different machine act as though it were a > local disk on your machine. It looks like a block device on the local > machine where it's typically going to appear as /dev/nda." > "The intended use is for RAID over the net" > http://www.it.uc3m.es/~ptb/nbd/ > > from the Software-RAID-Howto: > "Linux RAID can work on most block devices. It doesn't matter whether > you use IDE or SCSI devices, or a mixture. Some people > have also used the Network Block Device (NBD) with more or less success." There is a thread on debian-isp "RAID over NBD" 10. AUG 2001 where this is discussed in short. Hirling Endre reports success with drbd. http://sourceforge.net/projects/drbd florian -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- msg04228/pgp0.pgp Description: PGP signature
Re: duplicate network filesystems (was: HA mailserver (smtp, pop3, imap,imap/ssl))
On Wed, Oct 10, 2001 at 08:31:01AM -0400, Peter Billson wrote: > > Then if one fileserver was down (even temporarily), then all the other > > fileservers (all four) would have to queue a message about the data and > > task and some heartbeat between fileservers could alert it when back up > > and then make sure that the particular filesystem is properly updated. > > > > What do you all think about this? > > Sounds exactly like RAID except that the disks are in physically > different machines. I wonder if you can set up software RAID to use NFS > mounted drives... h... may be worth playing with. No solution, just a direction: The Enhanced Network Block Device Linux Kernel Module "It makes a remote disk on a different machine act as though it were a local disk on your machine. It looks like a block device on the local machine where it's typically going to appear as /dev/nda." "The intended use is for RAID over the net" http://www.it.uc3m.es/~ptb/nbd/ from the Software-RAID-Howto: "Linux RAID can work on most block devices. It doesn't matter whether you use IDE or SCSI devices, or a mixture. Some people have also used the Network Block Device (NBD) with more or less success." florian -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- msg04227/pgp0.pgp Description: PGP signature
Re: IPSec
On Tue, Oct 09, 2001 at 04:07:26PM -0700, Nick Jennings wrote: > Hello, > > I am new to IPSec and VPN's and I am trying to set up a VPN between my > house, and my work. They already have a VPN in place (using FreeSwan). > So I wanted to use my debian router and am wondering if there is a > deb package for freeswan? I am using potato with 2.4 kernel updates > (from bunk). I see the package pipsecd when searching for ipsec in > dselect, but this does not appear to be freeswan, correct? Any > help would be usefull, as I have been trying to build a freeswan > kernel and am having trouble with compilation. I don't know about potato, but kernel-patch-freeswan in woody (1.9-1), is not working with 2.4.10. I succeeded with a woody system: linux 2.4.10 kernel-patch-freeswan (1.91-3) from sid freeswan (1.91-3) from sid one end behind NAT I built a kernel-package with make-kpkg: export PATCH_THE_KERNEL=YES make-kpkg --revision 3:myhost.1 --append-to-version -ipsec \ --config menuconfig kernel-image kernel-headers I used the documentation from www.freeswan.org. - Beware of your firewall configuration - Don't try to ping one end from the other. The ends are not pingable, unless you set up SNAT rules to change source address of packets going through the tunnel to an ip (private) the other end knows how to reach. florian -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- pgpHeFLKWZtap.pgp Description: PGP signature
Re: IPSec
On Tue, Oct 09, 2001 at 04:07:26PM -0700, Nick Jennings wrote: > Hello, > > I am new to IPSec and VPN's and I am trying to set up a VPN between my > house, and my work. They already have a VPN in place (using FreeSwan). > So I wanted to use my debian router and am wondering if there is a > deb package for freeswan? I am using potato with 2.4 kernel updates > (from bunk). I see the package pipsecd when searching for ipsec in > dselect, but this does not appear to be freeswan, correct? Any > help would be usefull, as I have been trying to build a freeswan > kernel and am having trouble with compilation. I don't know about potato, but kernel-patch-freeswan in woody (1.9-1), is not working with 2.4.10. I succeeded with a woody system: linux 2.4.10 kernel-patch-freeswan (1.91-3) from sid freeswan (1.91-3) from sid one end behind NAT I built a kernel-package with make-kpkg: export PATCH_THE_KERNEL=YES make-kpkg --revision 3:myhost.1 --append-to-version -ipsec \ --config menuconfig kernel-image kernel-headers I used the documentation from www.freeswan.org. - Beware of your firewall configuration - Don't try to ping one end from the other. The ends are not pingable, unless you set up SNAT rules to change source address of packets going through the tunnel to an ip (private) the other end knows how to reach. florian -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- msg04204/pgp0.pgp Description: PGP signature
Re: Remote Resue Disk
On Sat, Jun 16, 2001 at 05:02:55PM +0800, Jason Lim wrote: > Hi all, > > I was about to develop my own "Remove Rescue Disk)... but thought maybe > you had a better idea or had already done this... > > Regularly if the hard disk fails or needs a manual fsck (usually just > pressing y throughout), then it means a trip to the datacenter at whatever > ungodly hour it may be for this relatively simple task. > > If it was possible to create a boot disk with a simple telnetd (and > minimum network support) and static e2fsck utilities, then, in theory, all > that needs to be done is to insert the disk, reboot the server, and the > telnetd binds to a special, pre-defined IP just for this emergency > purpose. Then I can telnet in from home or wherever, run e2fsck, mount the > drives, see /var/log/syslog, etc. to see what went wrong. After the > repairs, the disk can be removed, and server rebooted. > > Does this sound realistic? Even if 2 disks or even 3 were required, if it > means I can save a trip to the datacenter it would be worthwhile to do. > > Perhaps you guys have thought of something similar, or maybe there already > IS something like this out there? Any ideas/suggestions would be greatly > appreciated. Another approach would be, (however you need at least 2 computers) to connect the computers serial ports with null-modem cables and tell lilo and the kernel to use the serial port as console. You then logon on the one computer to get the console of the other. Kind of a cheap console server. I have not tried it, but I think it should work. Could someone comment on this? florian -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- pgp3JuynY9goE.pgp Description: PGP signature
Re: Remote Resue Disk
On Sat, Jun 16, 2001 at 05:02:55PM +0800, Jason Lim wrote: > Hi all, > > I was about to develop my own "Remove Rescue Disk)... but thought maybe > you had a better idea or had already done this... > > Regularly if the hard disk fails or needs a manual fsck (usually just > pressing y throughout), then it means a trip to the datacenter at whatever > ungodly hour it may be for this relatively simple task. > > If it was possible to create a boot disk with a simple telnetd (and > minimum network support) and static e2fsck utilities, then, in theory, all > that needs to be done is to insert the disk, reboot the server, and the > telnetd binds to a special, pre-defined IP just for this emergency > purpose. Then I can telnet in from home or wherever, run e2fsck, mount the > drives, see /var/log/syslog, etc. to see what went wrong. After the > repairs, the disk can be removed, and server rebooted. > > Does this sound realistic? Even if 2 disks or even 3 were required, if it > means I can save a trip to the datacenter it would be worthwhile to do. > > Perhaps you guys have thought of something similar, or maybe there already > IS something like this out there? Any ideas/suggestions would be greatly > appreciated. Another approach would be, (however you need at least 2 computers) to connect the computers serial ports with null-modem cables and tell lilo and the kernel to use the serial port as console. You then logon on the one computer to get the console of the other. Kind of a cheap console server. I have not tried it, but I think it should work. Could someone comment on this? florian -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- PGP signature
Re: An LDAP authentication howto for Debian?
On Sun, Apr 29, 2001 at 04:52:54AM -0700, Simon Tennant wrote: > I wrote a howto about 6 months back. It was tricky setting up but I think > I cover most of the potential disaster areas in my howto. > > http://www.imaginator.com/~simon/ldap/ After successfully setting up ldap authentication according to your howto, I recommend you add a section about schemas. In order to get it running with a woody server and sid client, I needed to add more includes to the interactively generated /etc/ldap/slapd.conf. # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/inetorgperson.schema Otherwise, the migration tools will fail, as they use attributetypes not defined in core.schema. I also had problems, finding documentation to pam. Which modules are available? What arguments do those take? Perhaps you can point me to a good source of information, or add some links to the HOWTO. tia florian -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- pgpXBOJTMbu4n.pgp Description: PGP signature
Re: An LDAP authentication howto for Debian?
On Sun, Apr 29, 2001 at 04:52:54AM -0700, Simon Tennant wrote: > I wrote a howto about 6 months back. It was tricky setting up but I think > I cover most of the potential disaster areas in my howto. > > http://www.imaginator.com/~simon/ldap/ After successfully setting up ldap authentication according to your howto, I recommend you add a section about schemas. In order to get it running with a woody server and sid client, I needed to add more includes to the interactively generated /etc/ldap/slapd.conf. # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/inetorgperson.schema Otherwise, the migration tools will fail, as they use attributetypes not defined in core.schema. I also had problems, finding documentation to pam. Which modules are available? What arguments do those take? Perhaps you can point me to a good source of information, or add some links to the HOWTO. tia florian -- Florian Friesdorf <[EMAIL PROTECTED]> OpenPGP key available on public key servers --> Save the future of Open Source <-- -> Online-Petition against Software Patents <- --> http://petition.eurolinux.org <--- PGP signature
