grub not seeing sata drive

[Lucas Albers]

Here's a question for you.  I Debian earlier on a machine at home that has
SATA drives.  The SATA drives are configured as IDE-3 and IDE-4 Master's. 
It installs fine, but when it boots, GRUB apparently can't find the config
file.  It defaults to a text mode prompt GRUB>.  It I enter

   root (hd2,0)
   configfile grub/grub.conf

it pops up the normal graphical GRUB menu and boots fine.
Internally, (hd2,0) is /dev/sda1. I tried setup (hd2) and that didn't make
any difference.  So, it seems that GRUB can read the MBR from the drive,
but can't or won't look for config file on the same drive. Have you seen
anything like this?


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sarge dist-upgrade today, no more keyboard

[Lucas Albers]

John A Chaves said:
> I had the same problem.  Don't know which Xserver options
> cause the problem, but restoring /etc/kde3/kdm/Xservers
> from /etc/kde3/kdm/Xservers.dpkg-old solved it for me.
...file as bug...


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

compile module without compiling it for current kernel

[Lucas Albers]

make-kpkg clean; make modules_clean;
make-kpkg --subarch=i686 --initrd --revision=6  --append-to-version=.6
--added_modules qla2x00 modules

When I compile this this will always compile the /usr/src/modules/*
packages with for the currently running kernel, not for the revision I am
passing via make-kpkg.
How to compile 3rd party modules using make-kpkg without compiling them
for the currently running kernel?
I want them compiled for an arbitrary kernel?

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

installing sarge via debootstrap

[Lucas Albers]

I'm updating a mdk box to debian via debootstrap.

when installing files via debootstrap, I get the following error:
"Couldn't download console-tools-libs"

see debootstrap log below.


"
ootstrap --verbose --arch i386 sarge /mnt/hdc6 http://htt
I: Validating
/mnt/hdc6/var/lib/apt/lists/debootstrap.invalid_dists_sarge_Release
I: Validating
/mnt/hdc6/var/lib/apt/lists/debootstrap.invalid_dists_sarge_main_binary-i386_Packages
I: Validating /mnt/hdc6/var/cache/apt/archives/adduser_3.59_all.deb
I: Validating /mnt/hdc6/var/cache/apt/archives/apt_0.5.27_i386.deb
I: Validating /mnt/hdc6/var/cache/apt/archives/aptitude_0.2.15.8-1_i386.deb
I: Validating /mnt/hdc6/var/cache/apt/archives/apt-utils_0.5.27_i386.deb
I: Validating /mnt/hdc6/var/cache/apt/archives/at_3.1.8-11_i386.deb
I: Validating /mnt/hdc6/var/cache/apt/archives/base-config_2.53.4_all.deb
I: Validating /mnt/hdc6/var/cache/apt/archives/base-files_3.1_i386.deb
I: Validating /mnt/hdc6/var/cache/apt/archives/base-passwd_3.5.7_i386.deb
I: Validating /mnt/hdc6/var/cache/apt/archives/bash_2.05b-24_i386.deb
I: Validating /mnt/hdc6/var/cache/apt/archives/bsdmainutils_6.0.17_i386.deb
I: Validating /mnt/hdc6/var/cache/apt/archives/bsdutils_1%3a2.12-10_i386.deb
I: Validating /mnt/hdc6/var/cache/apt/archives/console-common_0.7.47_all.deb
I: Validating
/mnt/hdc6/var/cache/apt/archives/console-data_2002.12.04dbs-46_all.deb
I: Retrieving
http://http.us.debian.org/debian/pool/main/c/console-tools/console-tools_0.2.3dbs-55_i386.deb
--23:52:50-- 
http://http.us.debian.org/debian/pool/main/c/console-tools/console-tools_0.2.3dbs-55_i386.deb
   =>
`/mnt/hdc6/var/cache/apt/archives/console-tools_1%3a0.2.3dbs-55_i386.deb'
Resolving http.us.debian.org... 216.37.55.114
Connecting to http.us.debian.org[216.37.55.114]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 301,986 [application/x-ar]

100%[===>]
301,986   25.35K/sETA 00:00

23:53:01 (27.06 KB/s) -
`/mnt/hdc6/var/cache/apt/archives/console-tools_1%3a0.2.3dbs-55_i386.deb'
saved [301986/301986]

I: Validating
/mnt/hdc6/var/cache/apt/archives/console-tools_1%3a0.2.3dbs-55_i386.deb
E: Couldn't download console-tools-libs
"


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Diagnosing faulty hardware

[Lucas Albers]

Kent West said:
> James Foster wrote:
>
>>I believe this is most likely a hardware problem.
>>Generally, the system is capable of staying up, although it has locked
>>completely once or twice.
You can also install the ltp kernel test program.
This is an extensive test of hte kernel, and will crash the system if you
have any amount of flakiness.
Do both.
-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Software RAID using Sarge Installer

[Lucas Albers]

Paul Gear said:

> The last time i tried, the installer didn't support installing to RAID /
> or /boot, and this was a topic of some discussion on this list, since
> some people think that the new installer is perfect and to think that
> other people want it to support more features is just shocking! :-)
>
> I used the HOWTO at http://alioth.debian.org/projects/rootraiddoc/ to
> convert my system to RAID 1 after the install, and it worked well.  I
> chose the 2nd path, which was GRUB & initrd (lilo didn't work for me for
> some reason).
or
http://rootraiddoc.alioth.debian.org
I'm surprised lilo did not work, as the lilo install has been tested a lot
more then the grub install, but good to hear grub worked.

Theoretically you can install to raid from the installer, if you load raid.
I wrote that rootraiddoc and I'm not sure of the steps to install directly
from the sarge installer onto a raid system.
If anyone from the installer team has better directions or a definitive
answer on whether you can install to raid from the installer, then let me
know, and I will update the document.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

install java plugins in firefox

[Lucas Albers]

Has anyone had any luck installing Java sun JAI and JMF java plugins in
firefox on linux?

I'm having a heck of a time trying to get those plugins to work on firefox
on linux.
Please cc me on any replies to this particular question, thanks.


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

undefined symbol: SSL_library_init

[Lucas Albers]

These errors appear in my logs:
ipop3d: relocation error: /usr/lib/libc-client.so.2001: undefined symbol:
SSL_library_init


Are they relevant?

I am running as my pop server:
rc uw-imapd   2001adebian-6
ii  uw-imapd-ssl  2001adebian-6





-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Upgrading Perl

[Lucas Albers]

Mike Ward said:

> Is doing this really going to be as simple as "apt-get upgrade perl",
> or will this at all also affect mod_perl, etc? I've googled around and
> looked on perl.apache.org but I haven't found anything one way or the
> other.
Yes.
Something like this:
apt-get -t testing install perl

It depends on what perl you are upgrading to.
Stay with stable if you are running a publicly exposed webserver.
A more important questions is, why are you upgrading perl?
If it works, dont' touch it.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: hacking attempt on Apache?

[Lucas Albers]

incidents.org discusses this.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Comparision presentation of Debian with RedHat

[Lucas Albers]

John Summerfield said:

> I don't know of any papers, but I have moved from RHL to Debian.
>
> My advice is do not convert.
>
> Instead, Replace.
> If you plan on changing distro, this might be  a good time to consider
> consolidating hardware, even changing platform. If Apple, Sun, IBM
> hardware looks good to you, Debian runs on it.

We moved our servers from redhat to debian.
A few servers moved to lineox, as their administrators were more
comfortable with the redhat-ish way of doing things.
We consolidated most of our servers to vservers as part of our migration.
This makes it trivial to replicate for failed hardware, and reduces our
hardware requirements. Makes it trivial to backup or restore full complete
configurations.

Our next step is to move to decent server hardware. We are moving to
namebrand HP proliant hardware.

Our final step is to move to full HA-Clustering+DRBD (for realtime data
synchronization)+vserver.

So we will finally have full high availability clustering for our servers,
which should give us an additional 9 on reliability.

-Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Squid ACL for Windows Updates failed

[Lucas Albers]

[stuff about squid not working for windows update deleted.]
I dont' acl limit what users can connect to.
Only users on the local domain can use the proxy cache.

I use a debian squid proxy for upwards of 3000 clients.
Works perfectly, saves tons of bandwidth, and speeds everything up.

attached is my squid.conf file with comments/whitespace removed.
Enjoy.


hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
maximum_object_size 1280096 KB
cache_dir ufs /var/spool/squid 3000 16 256
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern .   0   20% 4320
refresh_pattern http://*.windowsupdate.microsoft.com/ 0 80% 20160
reload-into-ims
refresh_pattern http://office.microsoft.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://windowsupdate.microsoft.com/ 0 80% 20160
reload-into-ims
refresh_pattern http://wxpsp2.microsoft.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://xpsp1.microsoft.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://w2ksp4.microsoft.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://download.microsoft.com/ 0 80% 20160 reload-into-ims

refresh_pattern http://download.macromedia.com/ 0 80% 20160
reload-into-ims
refresh_pattern ftp://ftp.nai.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://ftp.software.ibm.com/ 0 80% 20160 reload-into-ims
acl all src 0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl SSL_ports port 873
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 631
acl Safe_ports port 873
acl Safe_ports port 901
acl purge method PURGE
acl CONNECT method CONNECT
acl home1 src xxx.xx.133.165-255.255.255.255
acl home2 src xx.xx.0.0/16
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src xxx.xx.0.0/16
http_access allow our_networks
http_access allow localhost
http_access deny all

http_reply_access allow all
http_reply_access allow all
icp_access allow all
cache_mgr [EMAIL PROTECTED]
cachemgr_passwd mousie all
coredump_dir /var/spool/squid


--Luke


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Which Debian version?

[Lucas Albers]

Paul Johnson said:
> If you need to ask, stable is what you need.  Wait until you know how
> Debian works before moving on to the development distros (testing,
> sid).

I dont' think I'd choose debian stable as the easiest linux desktop to setup.
For a server I'd use stable.

For a desktop,
Perhaps knoppix, cause what public services do you have exposed?
Or sarge.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Which Debian version?

[Lucas Albers]

Adam Aube said:
> If it's a production server or a test for a rollout onto production
> servers,
> run Stable. You seem to have older hardware, so Woody should install on
> it.
> I would suggest using the "bf24" option to install a 2.4 kernel.

I use bonzai to install debian stable.
Bonzai is a modified debian stable installer that uses the 2.4.20 kernel
and does more automatic hardware detection.
I use it to install on all my servers.
-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Making new installations

[Lucas Albers]

Vineet Kumar said:
> If you'll be running multiple debian machines at a site, I
> highly recommend apt-proxy.  Configure one machine as an apt
> proxy and point all of the other machines' sources.list at
> it.  Then you only download each package once, on demand
> (rather than creating a whole local mirror) and it's all
> very transparent.
yes,yes,yes.
this is innumerable cool and time-saving.
Fast too!
And saves bandwidth on the debian archives.
Let me count the ways I love the apt-cacher program, another apt proxy
program.



-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt-get: mixed system

[Lucas Albers]

Paul Johnson said:
>
> Unless you have a thorough understanding of the packaging system, you
> can do more harm than good toying with how it resolves dependencies.
>
sh*t, I use it on production systems every day.
Works for me, doesn't seem to cause problems.
When stuff breaks I get 300 people in my face..
With that said, mabe I should use backports.
I've never encountered dependency hell by mixing stable/testing/unstable.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Possible convert to Debian

[Lucas Albers]

Simon Kitching said:
> Personally I would recommend the "testing" distribution. Sid/unstable
> really can be unstable at times. I upgraded last week and lost all

> Stable is really old at the moment - though hopefully a new release will
> be out within a few months. It's really more appropriate to servers than
> desktop systems.

Just do stable/testing with apt-pinning. I use that for my public services
and testing for items I need such as spamassassin, eg.

> Not quite, according to the reports I've seen. Yes, you can point a
> Knoppix installation at standard debian repositories to get updates. But
> apparently Knoppix sets up some of the system scripts etc. differently
> from debian so there can be surprises (unexpected breakage) later on.
> NB: all this is just hearsay.
My attempts to go from knoppix to debian and have a normal debian install
all puked. I use the bonzai linux installer to install a stock stable
debian system with automatic hardware detection.
I used testing on systems that need the hardware support.
I've NEVER used X on ANY debian system, I only use them for servers.
So I have no idea what it does for x/sound/usb detection, nor do I care.

>> 5.  I am interested in software RAID 1 and have 2 identical HDDs.  Is
>> there
>> an option during the install from Debian CDs (didn't see it in the
>> Knoppix

Read my amazingly detailed and concise writeup on how to convert to a raid
system. http://rootraiddoc.alioth.debian.org.

I've been very happy with the upgradability of debian systems, it has
spared me a lot of work on maintaining various computataional clusters.
You'd have to be stupid to use FC1 or FC2 on a server.
Google for the reasons.
-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: delete key doesn't work with csh in xterm session

[Lucas Albers]

Bob Proulx said:
>> For users using /bin/csh and running rxvt-xterm, their delete key does
>> not
>> work.
>> Users running /bin/bash and running rxvt-xterm, their delete key does
>> work.
>>
>> Both delete keys work on an ssh session.
>
> When you say it does not work do you mean it prints out ^H or ^? or
> something like that?  If yes then which one is it?  Here is what you
> need to know if that is the problem.

Doesn't print anything.
Bob,
Thanks for the information.
I finally fixed the problem by defining in:
.Xdefaults
*deletekey: ^H

Seems like a hack, but it works.
The stty defines did not appear to make any difference.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: mail server changing machines

[Lucas Albers]

I dealt with this problem recently, my mail server had one of it's raid
disks failed. I had to move it to another machine.
While I powered the machine off to put in a new disk.
I didn't want the downtime required for the reboot and putting in the new
disk.

I use the vserver project to use virtual server images, so it was trivial
to do a full move of the system.
Steps:
Rsync data from vserver1 for virtual host mailserver1 to vserver2.
stop mailserver on vserver1.
Rsync data again, from vserver1 for virtual host mailserver1 to vserver2.
start mailserver1 on vserver2.

Downtime:
10 seconds to stop instance of mailserver1.
30 seconds to sync changes after system shutdown.
10 seconds to start up new vserver instance.

Then the new system comes up with the exact same configuration as the old
system, and mail just starts flowing through it again.
I use this method to cluster webservers/database servers/mail servers.
If you use heartbeat and drbd you can get transparent replication of the
data in realtime, whith automatic failover if the primary server dies.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

grsecurity ending

[Lucas Albers]

It appears the grsecurity kernel hardening project is ending support,
perl slashdot:
http://developers.slashdot.org/article.pl?sid=04/05/31/1949241&mode=thread&tid=106&tid=126&tid=172&tid=185

End Of Development For Grsecurity Announced?
Posted by simoniker on Monday May 31, @03:58PM
from the future-not-so-secure dept.
vrtk writes "I received this minutes ago, from the grsecurity mailing
list, also displayed on the official site for the open-source security
project: 'Beginning today, May 31, 2004, development of grsecurity will
cease. On June 7, the website, forums, mailing list, and CVS will be shut
down. Due to a sponsor unexpectedly dropping sponsorship of grsecurity
while continually promising payment, I began the summer in debt and had to
borrow money from family to pay for food. If none of the companies that
depend on grsecurity, some of them being very large, are able to sponsor
the project, grsecurity will cease to exist. I am not looking for paypal
donations at this point, unless those that donate do so with the
recognition that despite their donation, grsecurity may still never be
returning.'"

I use this kernel extensiviely to harden my public servers.
He's looking for companies that use it to sponsor him on the development.
You'd think one of the big companies like IBM or HP would be willing to
sponsor one of these kernel security projects.
If you feel the urge to sponsor him (however big or small) , then get
ahold of him so he'll keep working on the project.
-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

grab kernel crash dump

[Lucas Albers]

What crash dump utility would you reccomend to troubleshoot a system that
hangs?
I looked at lkcd but they don't appear to have new versions available for
download from sourceforge.
I haven't been able to determen what is the most common crash dump utility
to use.
I would like to save the dump and reboot, not interactively debug it.

Are their any other kernel crash dump utilities for the 2.4.25-2.4.26 kernel?

Which would you reccomend for a debian system?

Thank you.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RE: delete key doesn't work with csh in xterm session

[Lucas Albers]

Croy, Nathan said:
>> For users using /bin/csh and running rxvt-xterm, their delete
>> key does not
>> work.
>> Users running /bin/bash and running rxvt-xterm, their delete
>> key does work.

> stty erase 
Nope, doesn't work.
Thanks though.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Replicating Debian Systems

[Lucas Albers]

Adam Aube said:
> Loren M. Lang wrote:
>
>> I may have to rapidly deploy multiple debian systems that will have
>> the same software installed and be configured the same way.  The ideal
>> way to install debian would be to stick a cd into a computer, turn it
>> on, and come back a couple hours later.
>
> I have seen System Imager (www.systemimager.org) recommended on the list
> before, though I have not yet had a chance to try it myself.

Print out the manual.
It takes awhile to setup/configure.

I use it to maintain 100 lab machines and 5-10 servers.
Works wonderful.
I have dhcp reservations for all the machines, so I can just boot off the
cd and do a complete automated install.
Or I can connect with ssh and do an upgrade from within the image to a
newer version of the image.
Don't use 3.3 yet, as they appear to still be ironing out bugs.


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody/sarge vs. stable/testing in sources.list

[Lucas Albers]

somebody said:
>>>systems every day.  I've been doing it on about 10 systems for about 2
>>>years, and haven't had a lot of trouble; indeed once my mail servers
>>> went
>>>down for a few hours for that reason, but my mail servers are always
>>> looking
>>>for an excuse to go down.
Use ssh-agent, and ssh2 public keys for passwordless login on your machines.
I use this method to update my servers every day in about 3 minutes.
http://cfm.gs.washington.edu/security/ssh/client-pkauth/

Just run monit or netsaint to monitor your machines, and you nullmailer to
mail you when a system is down.
Monit can even restart the service if it's puking.
monit is a debian package, you can download sample monit debian config
from here:

http:// www.cs.montana.edu/support/monit.debian.v1.tar.bz2
(note the space in address.)

I changed it from a monolithic config to a seperate config file for each
service so it's trivial to add services in for each system.
You juste need to include your service in monitrc and then edit
global_defines and stick it all in /etc/monit and you are good to go.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

use 2.6.5 kernel with debian patches and tg3 network card

[Lucas Albers]

I want to use the 2.6.5 kernel with the debian patches.
They are some additional patches that apply cleanly to the 2.6.5 kernel.
So I want to use this particular version.
I have the tg3 network card, and so I need to use it.
Tigeon3 support is disabled in this version, how can I enable it again?
I was trying to track down the changes made to disable the tg3 item and I
was not sure If I had tracked them all down to these files:

/usr/src/linux/drivers/net/Makefile
/usr/src/linux-2.6.5/drivers/net/Kconfig

I installed the kernel-patches and have been looking through them in order
to locate the items I need to enable.

What happens to someone upgrading to the 2.6.5 kernel if they have the tg3
network card?
Do they suddenly discover on their next reboot that their network does not
work?



-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

delete key doesn't work with csh in xterm session

[Lucas Albers]

I recently upgraded our central server from redhat 7.3 to debian woody/sarge.

Not so hard, been really happy with the new setup.

For users using /bin/csh and running rxvt-xterm, their delete key does not
work.
Users running /bin/bash and running rxvt-xterm, their delete key does work.

Both delete keys work on an ssh session.
I've looke through google, and found some items on setting delete keys
manually but they do not appear to be applying correctly for csh.
I've run accross references to two methods for setting the delete key:
bindkey "e[^H" delete-char# Delete
and
stty echoe erase ^H

But neither work for csh rxvt-xterm sessions.

Any ideas on what else I can try?

-- 
--Luke CS Sysadmin, Montana State University-Bozeman




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Howto install Debian Sarge kernel 2.6.3 on Software RAID1?

[Lucas Albers]

Joost Kraaijeveld said:
> Hi,
>
> Is there someone that has Debian Sarge with kernel 2.6.3 (from the
> installer
> beta 4) installed on a software RAID1 and is willing to hare his/her
> knowledge with me how to do that?
>
> I have followed the procedures as described in:
>
> 3. http://alioth.debian.org/projects/rootraiddoc/

I wrote this document.
It documents how to convert to software raid, not how to install directly
to software raid.
While it's possible to install directly to software raid, I have not
documented it.
The biggest recurring problem is:
Kernel does not have software raid loaded as module or compiled into kernel.

Trust me the directions on the document are correct as i've had hundreds
of people use it.
Try installing to a normal non-raid, then covert to software raid, this
will help you understand the process.
Then once you understand the process, determine how to install directly to
software raid in the installer.
Then send me the directions on what you did to install direct from the
installer, and I will include them in the document.
Contact me with any further questiosn concerning this, thanks.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: nfs-common write pid file

[Lucas Albers]

Thomas Adam said:
> Why don't you run it, and see?

duh, just needed the -m switch, did a
man start-stop-deamon and finally saw the -m switch.

I'm configuring all my service to be monitored by monit.
-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

nfs-common write pid file

[Lucas Albers]

I am running nfs-common from woody.

I was trying to modify the /etc/init.d/nfs-common script to write the pid
file of statd/lockd on startup.

Does this syntax look correct, I just need to add in a --pidfie to
start-stop-deamon to have a pidfile written for the process, correct?
Assuming I have defined LOCKDPID and STATDPID.


start)
cd /# daemons should have root dir as cwd
printf "Starting $DESC:"
printf " statd"
start-stop-daemon --start --quiet --pidfile $LOCKDPID \
--exec $PREFIX/sbin/rpc.statd
if [ "$NEED_LOCKD" = yes ]
then
printf " lockd"
start-stop-daemon --start --quiet --pidfile $STATDPID \
--exec $PREFIX/sbin/rpc.lockd
fi
echo "."
;;

  stop)
printf "Stopping $DESC:"
if [ "$NEED_LOCKD" = yes ]
then
printf " lockd"
start-stop-daemon --stop --oknodo --quiet --pidfile $LOCKDPID \
--name rpc.lockd --user 0
fi
printf " statd"
start-stop-daemon --stop --oknodo --quiet --pidfile $STATDPID \
--name rpc.statd --user 0
echo "."
;;


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Mail system setup on Debian Sarge

[Lucas Albers]

Bob Proulx said:
> Achton N. Netherclift wrote:
>> - Webmail access (Squirrelmail or Open WebMail?)
>> - Mail forwarding
>
Squirrelmail is easier/simpler to setup.
Less features, but enough features to replace my desktop mail clients.
Works fine for me for upwards of 600 users.
I use imapproxy/postfix on my webmail server.
Imapproxy vastly speeds up squirrelmail.
-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Software Raid Documentation

[Lucas Albers]

I've been working on software raid documentation.
It documents how to convert an existing system to software raid.
I just added some directions on how to use a stock kernel with it.
Specifically directions on updated directions on using initrd, as per
numerous and repeated requests.

Please let me know if you find any problems/bugs/improvements.

Note:
I will not convert it to sgml.
We the maintainers believe it is good enough in html/text form.
Homepage:
http://rootraiddoc.alioth.debian.org

It was actually quite beneficial to have access to the version control
system and bug tracking system on alioth.
Even for just a documentation project.

Alioth really makes it much easier to maintain a project.


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: newbie to Linux (Debian).

[Lucas Albers]

Frank J Bivings said:
> I am a complete newbie to Linux (Debian). I thought it would be a
> good way to get around the glut of Windows.
>
> I am having problems with the graphics card. I installed Debian
> Linux 3.0 and, during the install I included XFree86.
>
> Upon booting it I get an error stating that:
>
> "I cannot start the Xserver (your graphical interface

Perhaps my advice is poor.
But I will give it anyway.
Go install knoppix, it should auto-detect all your hardware.
Then copy the xfree86 config file to your debian install.
I like debian, but I do not reccomend it for newbies installing for
desktop systems.
Or try the testing version of debian, sarge, it autodetects a lot.


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Speeding apt by multiple connections

[Lucas Albers]

setup a local apt-cacher repository.
This drastically speeds up downloads, as it only gets new package lists
once per day (per configuration).
It saves all previously downloaded apt files to the cache.
This is good because:
Downloads are a lot faster.
You save bandwidth for everyone involved.

GCS said:
>> Or does anyone have
>> an alternative idea about how I might be able to speed-up my downloads
>> from apt-getable sources?
>  google for apt-rsync, but the server must support it.
>
> Cheers,
> GCS
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: testing versus unstable: tradeoffs?

[Lucas Albers]

Roberto Sanchez said:
>
> In this message I describe some of the cool features:
>
> http://lists.debian.org/debian-user/2004/debian-user-200403/msg00160.html
>
> Also checkout their website: www.systemimager.org
>
> -Roberto
>
systemimager has saved my so much bitch-work on managing my servers and
desktops.
It takes awhile to figure out.
If you have more then just a few computers, (I have 140)
Then systemimager is beautiful.
I can upgrade/downgrade/backup/restore completelly remotelly.
vserver is also very useful for servers.
You can boot off a cd for complete hands off install and configuration via
dhcp.


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: new installer

[Lucas Albers]

Richard Lyons said:
> On Tuesday 02 March 2004 16:47, Dr Gavin Seddon wrote:
>> Hello again,
>> A patern of my questions is emerging.  Knoppix 'recognises' all my
>> hardware and actually I am growing fond of it, but I cannot use multiple
>> partitions on my hdd as I would like to.
>
if thsi was a server install I would use the debian bonzai linux installer.
The only thing different from stable installer, is that it autodetects
hardware, and uses the 2.4.20 kernel.
Great for setting up woody production servers.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian on Dell

[Lucas Albers]

Marc Koenders said:
 > Installing Debian is something you dont do at 02:00 at night. You gotta
> make sure you are awake and alert. Read the messages Debian pops. Even
> if your only option is OK or Continue. Or else.
> I decided to do install from the netinstall iso (woody) and since the
> 2.4 kernel somehow did not recognise my usb keyboard i had to go for the
> standard kernel and do without my usb mouse till after install.
> Since I, being cocky from many successfull Redhat, Suse and Mandrake
> installs on other machines, did not follow my advice to be awake while
> installing i ran into some nice unexpected trouble. dselect is probably
> a nice tool but eh IMHO even the FreeBSD netinstall has a more
> userfriendly installer.
>
When installing debian on my servers that are use for STABLE production
machines.
I use bonzai debian linux, it uses the 2.4.20 kernel and includes
auto-detection code, as the debian installer.

BUT
and this is the important part.
IT USES ALL STABLE PACKAGES. (Ignoring the kernel.)

Saves me time, and installs a completely normal debian stable box.
Otherwise,
I have to putz around for an intel gigabit network card drive.
-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: How to install testing package in Stable distn

[Lucas Albers]

Some of servers are running testing/stable.
All the external service are stable and internal services are testing.
Example
Sendmail:stable
mimedefang,spamassassin,pyzor/python: testing
perl,clamav: unstable.

read about apt-pinning here:
http://jaqque.sbih.org/kplug/apt-pinning.html

Andreas Janssen said:
> Hello
>
> sara (<[EMAIL PROTECTED]>) wrote:
>
>> I want to install a package(OpenVPN) in
>> testing/unstable distribution in my woody
>> distribution.Is it possible?.If yes how plz explain it briefly.
>
> In many cases it is more or less impossible, for example because the
> packages in testing were built against libraries that are not available
> in Woody (at least in that version), or because a newer compiler
> version was used to build them (important for C++ programs/libraries).
> You should try to find some backported package. Go to
> .
>
> best regards
> Andreas Janssen
>
> --
> Andreas Janssen <[EMAIL PROTECTED]>
> PGP-Key-ID: 0xDC801674
> Registered Linux User #267976
> http://www.andreas-janssen.de/debian-tipps.html
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian on Dell

[Lucas Albers]

I've had nothing but success using name brand dell/hp computers with debian.
I only run servers, all my desktop linux machines run redhat-9.
If I could get the hardware auto detection working on debian, I would use
it on desktops. That is another story.
If it works with rhel, it will probable work with debian.
all my dell systems use an intel network card. (Integrated network card.)
just go download the nvidia src rpm package from nvida to recompile for
your kernel. Then debianize to install.
I think nvidia-source debs are in the repository.

Faheem Mitha said:
>> I just started a job at Duke. I've been told to put together a machine
>> quote for my office. I want to run Debian on it. I tried to persuade my
>> employer to use Monarch, but was told I have to use Dell.
>>
>> I'm not sure of the best way to go about putting together a machine from
>> Dell which has good general Linux support as opposed to Red Hat support.

>> I'd greatly appreciate hearing about people's experiences of success
>> with
>> Debian on Dell, and related advice, suggestions, and working
>> configurations. Thanks in advance.
>
> 2) They are also being rather coy about the ethernet card. I assume
> (educated guess based on a Trilug post from Daniel Chen and other info)
> that there is an onboard Intel card (which works with the e1000 driver), I
> did hear something about a Broadcom card being used too, though.
>
> 3) I managed to get the Nvidia GeForce4 MX 440 card on a Dell Optiplex
> GX270 to work under X. I could not manage to work it with the nv X driver
> (as of 4.2 in testing) but the proprietary nvidia driver (ndvidia) worked.
> I hope it will be the same with this "nVidia, Quadro NVS 280". Daniel
> Chen's message seems to confirm this.
>
>> 5) I'd welcome suggestions on changes in the configuration below to reduce
> cost while impacting functionality as little as possible.
>
> Thanks.Faheem.


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Need spamassassin startup script

[Lucas Albers]

just install it from testing or unstable repositories.
or go look at backports.org.

read about apt-pinning and setting multiple repositories.
NEVER use cpan to install stuff, just use debs.
you can use cpan2deb to convert cpan to deb files, also.

Thomas Carrié said:
> Hi,
>
> I've setup SpamAssassin via CPAN but it comes with no init.d startup
> script.
>
> Could someone send me its debian startup script for spamassassin ?
>
> Thanks
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: changing to debian from slackware

[Lucas Albers]

Joel Kaasinen said:
> Hi,
>
> I have an old dual 133mhz pentium server (64mb ram, ~8Gb scsi harddisk)
> with
> slackware 9.1 installed.


>So now I'm seriously thinking about switching to debian.
>
> Any tips (I want to keep my config the same and avoid reconffin')?
> Differences between debian and slack?
> Comments?
I'v seen numerous slack users switch to debian.
You could install debootstrap on the system and then do a debian chroot
install. Google about it.

Install debian on another system first, I use bonzai linux debian
installer for easier installation. It just uses the 2.4.20 kernel with
auto-detection of hardware enabled. Still allows me to use a stable
system.
Just determine the list of services you want to convert and then copy conf
files to your new debian install.
You need to determine what services are used on the system, eg,
mail server webserver, etc.
This sort of change is work, no way around it.
Don't go to the 2.6 kernel yet, you would have to be smoking crack to go
to a new kernel until it hits the 2.6.10 release for production systems.
Just my conservative opinion.
Only do upgrades or switch os's if you have a compelling reason, even a
security fix is not compelling, if you have no local users.
Stability is the single most important quality.
With that said, it is _much_ easier to admin debian boxes than redhat boxes.
Easier to setup a rh box with hardware/raid detection.
Much easier to install/remove configure packages resolve dependencies on
debian.  No more dependency hell. Packages are also (imo) much more stable
and tested.

I still have systems running redhat 7.2 with the 2.4.9 kernel that are
doing looong running computational jobs. It works and is not remotelly
exploitable, so I keep using it.
Part of the debian philosophy (imo) applied to general linux servers.
If it works, don't touch it.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: a good mirror to download sarge

[Lucas Albers]

Didier Caamano said:
> I'm wondering if any of you know a good mirror, preferably from Canada to
> download sarge, the isos or the network image? if the mirror is in the US
> I wouldn't mind either.

run apt-spy to find fast mirror.
install apt-cacher to cache all apt requests.
apt-cacher speeds up apt a lot!, and saves debian.org bandwidth.

--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Convert system to root software raid

[Lucas Albers]

I have finally finished my documentation on converting a system to use
software raid.
http://rootraiddoc.alioth.debian.org/
Took me about 100 hours to finish it from start to finish.
Over a 3 month period.
Surprising how long it takes.

I would like to thank the following people for their effort in creating
this document:
Thanks to: Alvin Olga, Era Eriksson, Yazz D. Atlas


Please look it over as it is going to be included in the debian mdadm
package after I get some more feedback on it.
I've been getting pretty good feedback on it for a few months, so I think
it is pretty good so far.


-- 
--Luke CS Sysadmin, Montana State University-Bozeman




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail vs Exim vs Others

[Lucas Albers]

Dan Lawrence said:
>> I am not sure why you need to upgrade postfix to a newer version
>> from stable? What new wizbang items does it do?
>
damn just do apt-get -t testing install postfix
But I was wondering was thus?
Not how to upgrade,but...
Why upgrade to the newer version of postfix?

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail vs Exim vs Others

[Lucas Albers]

Tobias Reckhard said:
> I'll throw postfix into the ring. It's very secure and still very
> flexible. You may want to use a more recent version than the one in
> woody, though, but a backport is available on http://www.backports.org.
I am not sure why you need to upgrade postfix to a newer version from stable?
What new wizbang items does it do?

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail vs Exim vs Others

[Lucas Albers]

Steve Lamb said:

>  Sendmail - so difficult to configure the configuration language needs
> a
> macro language to make sense of it.
>
>  Exim - so easy to configure that in most cases you can do it with the
> comments in the config file.
>
>  That's where the comperison ends for me.  I've never found a need for
> sendmail in the modern 'net populated with Postfix and Exim.

Sendmail does a lot, the milter interface allows you to
massage/filter/virus scan email, and reject at the 5xx level.
With sendmail+mimedefang I can do some amazing things, set some address to
send only, filter by any combination of sender,recipient,relay,message
name,size,spam score,extension type, number of relay attempts,etc.

I use postfix on all my server's clients except for my primary and
secondary mail servers.


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian list = spam and virus repeater/multiplexer

[Lucas Albers]

Pigeon said:
> On Thu, Jan 29, 2004 at 03:09:57PM -0700, Lucas Albers wrote:
>> Would be nice to have your address munged from this list, or the option.
>
> You do have the option. Add to /etc/exim/exim.conf:
All the spam comes from other machine.
I reject 99% of it anyway, I just see it on my rejection webpage,sorted by
sender,recipient.

I have a an idea for stopping this.
Post a message to teh list with an email address in the signature that is
slightly different for each recipient. Then that will tell the listmaster
which address was used to harvest the email address from.

Example: I post a message to the list and have a signature that like such
Joe Smith -Debian Lover
[EMAIL PROTECTED]

Then this address listed in the signature of the email is then subtly
modified by a pre-delivery script for each recipient.

So recipient 1 gets this address:
[EMAIL PROTECTED]

recipient2 gets this address:
[EMAIL PROTECTED]


When mail is sent to either of this address, the address the address was
harvested from is obvious.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian list = spam and virus repeater/multiplexer

[Lucas Albers]

Pigeon said:
> There was a lot of gas generated about the swen worm when that hit. That
> harvested email addresses off the web. Again, clueless Windows users
> without
> effective virus protection - only a wider base of them, ie. not just ones
> subscribed to this list.

> My solution is - for the direct garbage, mail filtering of whatever form
> one
> finds most appropriate or effective; for the garbage relayed by the list,
> the 'd' key in mutt suffices for the week or so until the list's filtering
> adapts to the new situation.

Idear,
Can you just reject messages that,
Non-english as defined via spamassassin.
I believe this was implemented.

Reject messages that are duplicates of messages sent to the same mailing
list?, or are duplicate msgids?
What problems does this cause?
This should block most worms, and duplicate postings.
I believe something similar to this is already done.
Would be nice to have your address munged from this list, or the option.

Within 15 minutes of posting to this list i start getting spam.
I use a disposable reply-to address and it gets upwards of 50-70
spam/virus's per day from somewhere within a week of posting an item.
I know the address is harvested from the list,becuase it is a unique
address used nowhere else.

Then I setup a new reply-to address and use it for a week or two, until it
gets overwhelmed with virii and spam.
Of course sa tags it, but it still annoys me.
-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

install particular version of package

[Lucas Albers]

I would like to install a particular version of sendmail using apt-get
googling says I can do it like such:

apt-get -t testing install sendmail=8.12.10-6

versions are listed here:
http://packages.qa.debian.org/s/sendmail.html

Does the central deb mirror not have multiple versions for download?

I see that it has this:
Accepted sendmail 8.12.10-6 (i386 source all)

How do I install it via apt-get?

I have testing/unstable on my sources.list.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

sendmail configuration for mail hub

[Lucas Albers]

I setup a sendmail server as a backup mx mail server for my domain.
I have configured the mailtertable and domain items so it will relay mail
destined for the two domains I am using. Everything is working great
except, the recipient address dissappears from the envelope.
When I relay mail through the mail hub it gets to the correct internal
mail server, and arrives at the correct users mailbox, but it says
"undisclosed-recipient" for the recipient address.
I have not been able to figure the correct method to use in solving this,
via google, or sendmail documentation.
I have read through the sendmail book, but am not sure what I am looking for.

Can someone please post their sendmail.mc for a mail hub they use, that
keeps the correct sender/recipient in the relay?
Any information is appreciated.

Thanks.
-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian dedicated hosting

[Lucas Albers]

Dennis Kaplan said:
>
> Check out 1and1.com I don't know if they are runing debian but they are
> hosting my http://guyscope.com there and I am very happy.

I got an account on the system and they were running (i believe) based on
the version of the tools debian 3 and with 2.4.xx-grsecurity and possibly
the vserver patch.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: reject non-english mail as spam?

[Lucas Albers]

Pascal Hakim said:
>la(reject non english email)
> This is non-trivial. The current plan is to just have some procmail
> rules to deal with this, which can be set on a per-list basis, instead
> of having different Spam Assassin configurations for different lists.
>
> Not really. This list is supposed to be in english.
>
> what was getting blocked on murphy, and what
> was going through. I posted the results (so far) on:
> http://www.redellipse.net/stuff/2004/01/12#2004011201
>
> Of the 98 messages which did make it onto debian-devel, 68 would have
> could have been blocked if we had a test on the GB2312 charset. I'm
> assuming there will be similar results on other lists at the moment.
sounds like a great idea, reduce the spam volume by 2/3rds.
When do you plan to implement this?
--Luke



-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

reject non-english mail as spam?

[Lucas Albers]

I keep getting spam on the list that is completelly foreign.

SA scores it as this in regards the foreign langauge component:
1.5 BODY_8BITS BODY: Body includes 8 consecutive 8-bit characters
 2.8 UNWANTED_LANGUAGE_BODY BODY: Message written in an undesired language
 3.2 CHARSET_FARAWAY BODY: Character set indicates a foreign language
 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in headers
 2.5 MIME_CHARSET_FARAWAY   MIME character set indicates foreign language


Can we tune the sa rules for this list to reject completelly non-english
email?
Or can it be assumed that people will be posting non-english email to this
list.
Not that I can read them.
At the very least can we add in the SA english component at perhap these
score levesl?

 1.0 BODY_8BITS BODY: Body includes 8 consecutive 8-bit characters
 1.4 UNWANTED_LANGUAGE_BODY BODY: Message written in an undesired language
 1.5 CHARSET_FARAWAY BODY: Character set indicates a foreign language
 1.5 CHARSET_FARAWAY_HEADER A foreign language charset used in headers
 1.75 MIME_CHARSET_FARAWAY   MIME character set indicates foreign language


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

secure apache webserver

[Lucas Albers]

I am exposing another machine as http mirror, and am trying to secure it.
Done with iptables.
configured portsentry to auto-block portscans.

How to block TRACE in apache?
I believe you do it with rewriting rule like such, but does not work.

#security changes
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]


How to restrict ALL product information?
I want to leak no webserver/os information, I've already configured:

ServerTokens ProductOnly

Anyone have a rule to restrict this via mod_rewrite or similar?

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

run make-kpkg with distcc

[Lucas Albers]

I installed distcc and finally got it working
kept on puking when I ran it from inetd:
with this line in inetd.conf (verbatim from the install.)

so ran it as user distcc and works great.

I am able to run  kernel compile with this command

make -j8 CC=distcc


and it is offloading the jobs to the other build hosts.


I can't seem to get it to run as make-kpkg, I have tried the same syntax
and defining CC in env variables, but it does not like it.
I have set the CONCURRENCY_LEVEL=8 so it wills spawn more jobs with
make-kpkg
I just can't get distcc to run with make-kpkg.

Any idea what I am doing wrong?





-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

install module in webmin

[Lucas Albers]

I installed webmin from testing, Version 1.121
I am unable to get install a new webmin snort module from snort.org via
teh webmin interface.
All the documentation talks about these steps for installing a module via
webmin from www.webmin.com

--If you are using Webmin version 0.88 or above, these updates can be
--installed automatically using the 2nd and 3rd forms under Webmin
Configuration -> Upgrade Webmin

I don't have this in my listing.
I've been looking at this for awhile and cannot understand what the
problem is.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Debian Software Raid FAQ

[Lucas Albers]

I finally finished my software raid FAQ for converting an existing system
to a one using software raid as it's root partition.
http://www.cs.montana.edu/faq/faqw.admin.py?query=Convert+Root+System+to+Software+Raid&querytype=simple&casefold=yes&req=search

It took me a few weeks of research and trial and error, before I worked
all the invididual steps out.
I think I hosed my test system at least 10 times trying to learn how to do
this

Thanks for information provided by friendly people on the list.
I've used it, and it works.
Please let me know if you find any errors or wish to make some corrections
to it.
It appears you could actually use initrd with software raid, but I was
unable to do so. Perhaps in my next version I will include directins for
doing so.

I would like to include this documentation in the debian.org
documentation, what are the steps to do so?


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: unsubscribe

[Lucas Albers]

Is it possible to configure the list to:
Reject mails that have a blank message, and a subject of unsubscribe as
the subject?
OR
Just forward the message to the correct unsubscribe mailing list,
OR
bounce back with the correct unsubscribe address.

I get 20 unsubscribe messages per day on this list.


Colin Watson said:
> Try sending it somewhere *other* than the mailing list. It will continue
> to have absolutely no effect if you send it to
> [EMAIL PROTECTED] See the list footer:
>
>> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
>> with a subject of "unsubscribe"
-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spamassassin on Debian HOWTO?

[Lucas Albers]

Carl Fink said:
>>Lucas Said:
>> Is their a backport of spamassassin for stable?
>
> Several.
>> I generally use the testing mimedefang/spamassassin becuase it uses the
>> newer perl version 5.8.
>
> Why is that an advantage, given SpamAssassin 2.61 with Perl 5.6?
I was not aware of backports, and I ususally stay with the standard
repositories.
No real advantage to useing 5.8 over 5.6, except for if you wish to use
the embedded perl interpreter you need to run 5.8, for mimedefang.
This lowers you memory usage, but has not been released as a mimedefang
package.
I have been amazed with the amount of spam I have been blocking with
razor+pyzor+dcc+rbl-checks+SA+Evil Rules+mimedefang+greylisting.
(razor,pyzor+dcc)=distributed checksums for spam.
SA+Evil Rules for some really good extra cf rules, my local rules way in
at over 10,000 lines.
Greylisting is delivering a temporary delivery error for 2-3 minutes, and
spammers will not reattempt delivery and regular senders will re-attempt
delivery. I have been using it on my mail server, and have not gotten any
complaints. It will lower the mail load on your server, as you can reject
wtihout performing content analysis with sa.
Go read about greylisting on google.
Mimedefang supports greylisting, and I implemented some code based on
mimedefang creater's code.
It's also possible to implement stateful greylisting in which you delay
mail from virus relays or high spam sites long enough to either reject the
mail completelly, or lower the load on your server, without interfering
with regular mail on the system.
I am still incrementally implementing this.
The idea is to add to your spamassassin score by maintaing a database of
the behavior or all the senders and ip relays in the past.
How often do they re-attempt delivery?
What is their average spam score from that relay or sender?
When do they attempt delivery?
Have they sent a virus recently?
Are they forging helo headers?
Etc...
I have the greylisting working, and am working on the throttle mail in
which you can set a threshold for how many messages a particular ip
address can send. I have a number of machines that mail cron reports, so I
throttel them back so the mail server will only accept 1 mail message from
the machines every 30 seconds.
This just builds on maintaining ip state via mimedefang.
My next step is to raise the temporary rejection time for machines that
are infected, 95% of the time a virus relay will only send virus's for an
hour or less.
The important consideration is to always generate a rejection error when a
message is rejected, and not have any false postitves. So people never
lose mail, and users don't complain.
(Obbious goals.)

--Luke

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spamassassin on Debian HOWTO?

[Lucas Albers]

Carl Fink said:
> Thanks.  I will try it this weekend

I just use procmail to remove duplicate messages when I am cc'ed.

I have not backported spamassassin to stable from testing.
Is their a backport of spamassassin for stable?


I generally use the testing mimedefang/spamassassin becuase it uses the
newer perl version 5.8.
You can pin it so you only need to upgrade perl, and 17 perl modules to
use the newer perl on a woody system.


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spamassassin on Debian HOWTO?

[Lucas Albers]

Carl Fink said:
> Finally tried today.
>
> NONE of the usual methods of installing SpamAssassin with Sendmail work,
> because they're either insanely poorly documented, or assume local
> delivery.
> This server forwards 100% of its mail to other sites and domains for final
> delivery.
>
> So I decided to try mimedefang as suggested by Lucas Albers
>
> On Mon, Dec 15, 2003 at 11:17:06PM -0700, Lucas Albers wrote:
>
>> The debian installation is by far the easiest linux installation.
>> apt-get install mimedefang.
>
> No, it isn't.  As mentioned in my original message, I use stable.  Of
> course, mimedefang isn't in the horribly obsolete stable, and there's no
> backport.  Instructions at mimedefang.org would require me to recompile
> sendmail!
>
Here are directions on recompiling testing mimedefang for stable.
It was trivial to backport it.
I made a complete new chroot installation built mimedefang for stable on a
stable from the testing release, installed it, installed sendmail, and was
done. Sent some mail and it came out alright.

It works for me.
I did a complete install from scratch to finish.

http://www.cs.montana.edu/faq/faqw.admin.py?query=mimedefang&querytype=simple&casefold=yes&req=search

Here are my headers:
by PROTECTED.cs.montana.edu (8.12.3/8.12.3/Debian-6.6) id
Date: Fri, 26 Dec 2003 02:37:40 GMT
From: root <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-MyHeader: A nice piece of text
X-Scanned-By: MIMEDefang 2.38


After you install sendmail, mimedefang you then need to go read
/usr/share/mimedefang/Readme.debian and it will tell you the last 2 things
you need to do, which involve editing sendmail.mc.
You also need to run sendmailconfig.
You also need to install spamassassin, if you want to use that.


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Compiling kernel on a different computer

[Lucas Albers]

Monique Y. Herman said:
> You might also look into distcc, which allows you to run the compile
> across multiple computers.
>
> Oh, wait, just reread - the above won't help with harddrive space =/
> but it's still a really cool tool.
>
> --
> monique
i never could get distcc to work, anyone have a simple guide to
configuring it after installation?



-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Reliable replication of installed packages

[Lucas Albers]

Evan Simpson said:
> I'm trying to come up with a reliable process for "replicating" the set
> of installed packages from one Debian installation to another.  I have
> two use-cases:
>
> 1. Restoring a system from backup.
> 2. Maintaining a secondary server.
Just use systemimager for a complete network to network backup.
You can remotelly for example(downgrade/upgrade a linux installation via
systemimager.
It allows COMPLETE replication of a system.
I had a webserver die and threw on my systemimager backup and had a new
one backup in 30 minutes.
--Luke


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: compiling kernel

[Lucas Albers]

GCS said:
> But no other problem really. Anyway, I _do agree with you strongly_:
> 2.6.0 is not for widespread yet. I will switch at ~2.6.10 on my servers,
> depending the fixes get in by that time. Until then I use
> 2.4.23+grsecurity.
You are on my same wavelength.
I thought I was the only person that did 2.4.23+grecurity on mission
critical production servers.
I run 2.4.23+grsec on my most important departmental servers, that if they
died or whatnot, I would have 300 people in my face.

I sure wish debian had a secure version of the kernel; a binary version of
grsecurity would add a huge amount of security.
Their really is no comparison between exec-shield and grsecurity.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apt-mir script.

[Lucas Albers]

Rob Weir said:

> Why not just use "dpkg -i foo.deb" to install them directly off the CD?
Then I have to resolve dependencies, by typing in all the package names.
Me real lazy.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: compiling kernel

[Lucas Albers]

GCS said:

>> Stable gcc for stable kernel, and testing gcc for testing kernel?
>  ? There's no such relationship.
>
>> I've done 2.4.22 with gcc 3.2.3 (gcc testing) and it appeared to work
>> correctly.
>  3.2.3 is _not_ a test version of gcc. There's a newer one, fe I have
> 3.3.3 installed. Please be sure that you do not mix up the Debian
> testing distribution (Sarge) with test versions of software. Sarge is
> testing because the developers assembly the packages to work _together_,
> they have correct dependencies, configuration etc. Also mostly they
> package the _stable_ version of software.
I was not implying that the testing distribution was an unstable
collection. I stand corrected I was referring to gcc 3.3 which is part of
sarge.
Thanks for correction.

> Anyway, I have many machines, three of them running with kernel 2.6.0,
> compiled with gcc 3.3; no problems.
What a man, I'm not touching 2.6.0 until it's in the 10 release.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: hardware raid and 3ware

[Lucas Albers]

If you go raid software or hardware, compile support directly into the
kernel.
I also had to have enother disk to boot of my 3ware system.
With two disks, as alvin says, go with software raid.
Use hardware raid for a monster set.
I've not found much appreciable difference in performance between my
hardware raid sysetem and software raid.
Their might be a difference but I have not noticed it.
I've used software raid on a 350gig archive/backup update server, and it
scales up to a monstrous load, maxing out the network card on file syncs,
and raid just goes along nicely.
If you use software raid, use a kernel compiled for your processor, it
speeds it up a lot.
Have not noticed any speed difference between module and compiled in raid
support.
You also MUST have some sort of notification if a disk dies.
I reccomend you have a spare disk installed in the system as a hot spare,
it will dynamically add if a disk dies.
I've had stories of raid disks dieing and no-one noticed for month's until
another disk died, destroying the volume.

Assume when setting up raid that you'll accidentally wipe your data.
I've done so on non-production systems numerous times.



-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: software raid - fun

[Lucas Albers]

Alvin Oga said:
>
> that's the 1st of the dozen magic test...
>   - power off and disconnect a disks and try for hands off reboot
>   after having written a 2-4GB file is my test for resyncing
>
>> Even if you completelly clear a partition but don't format it you can
>> still boot from hda1 to a raid volume.
>
> yes... because MBR is not inside /dev/hda1 ...
>
>> I did this accidentally and the system still booted even though hda1 had
>> no partitions on it.
>
> saved to your but eh .. :-) one remembers best from ones mistakes :-0
>
> that would depend also on mkinitrd and all of its contents it has
> and stuff you add afterward before you finally close it down to make the
> customized initrd.gz files

Whatup alvin,
I just said the hell with mkinitrd, as you know.
If you have directions on using initrd to work with raid, LET ME KNOW.
If I don't have to recompile the kernel, then great!

You can use systemimager for complete remote backup of a system.
I use it to remote upgrade/downgrade desktops.
Amazing!

The lilo entry is really really simple for raid, after much much trial
trial error.
just set root=/dev/md0
Then update fstab on your new root partition.
As mentioned before I will be posting complete directions, I am writing
them now.

Need to figure out what tests to use on my system, what are your base raid
tests you run?
Boot off disk1, boot disk2, etc


I could never figure out grub, I wish I could have, but I also gave up on
that. Stage1,Stage2 loader, never got it to work.

Once i figured out how to use mdadm I like it, because it is easier then
raidtools2 to use and it notifies you if a disk dies.


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: software raid

[Lucas Albers]

Micha Feigin said:

> Read the man page for cp, you'll need the options for preserving file
> attributes, symbolic links and remaining on the same file system.
> I believe tar is more appropriate then cp I think there is some way to
> get it to pipe to the new disk somehow instead of actually taring (you
> basically need some kind of mirroring application).
> You can then run lilo/grub/etc on the new disk to get it up and running.

Top copy from one partition to another do thus:
just mount your raid volume as /mnt/md0 then do
cp -ax / /mnt/md0

This works, I've done it, and booted off a system copied this way.

> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: software raid

[Lucas Albers]

Alvin Oga said:

>
>
> yup.. i know the feeling   so my standard answer is its 10x -100x
> faster ( cheaper for the customer too ) to just buy 2 new disks
> and than no data is lost either :-)
>   if they rather pay for day or dayz or weeks instead of buy 2 new
>   disks at $60ea .. its their $$$ to convert from non-raid to raid..
>
> and yeah... initrd isnt too bad.. once you get the hang of it and what
> its for ... and what to do to modify it .. just not enough good docs on
> "initrd" is all
>
whatup again alvin,
no, you don't have to lose data, I've done remote upgrades switching from
non-raid to raid.
Your way has more guarantee you won't lose data, and they can have a
backup disk on their system, which is nice!
I understand why you make this suggestion.
I stick in backup disks on systems I setup now...

back to what I was saying:
make raid volume, set partition bits,etc.
like such, add in new disk, set up a degraded raid 1 volume with two
members on disk2,volume only has 1 member currently.

Then mount raid volume on disk2
Then copy everything from hda1 to hdb1.
oh yeah install kernel with raid support compiled in,and network card
support compiled in, as it might have problems with modules...

Then make new lilo entry and set root to /dev/md0
reboot, and it come up in the raid volume.
Then stop the first parttion, wipe it and then hotadd it the /dev/md0
extending the raid volume to encompass both disk.
Wait for it to sync, then rewrite lilo.
Then reboot, and it should come up.
Even if you completelly clear a partition but don't format it you can
still boot from hda1 to a raid volume.
I did this accidentally and the system still booted even though hda1 had
no partitions on it.

mkinitrd also complains about not having raidtools2, and I could never
figure it out. Yes I installed raidtools2.

--Luke


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

compiling kernel

[Lucas Albers]

I've read different opinions on what gcc version to use when compiling a
kernel?
Stable gcc for stable kernel, and testing gcc for testing kernel?

I've done 2.4.22 with gcc 3.2.3 (gcc testing) and it appeared to work
correctly.


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: hardware raid and 3ware

[Lucas Albers]

Karsten M. Self said:
> I've had mixed results with 3Ware, though it's arguably among the better
> ATA/IDE RAID cards.  Software RAID is strongly recommended by several
> people I know, who have experience, though I haven't tried it myself.
I've had good results with 3ware on the 2.4.22 or later kernel.
The later kernels have better drives for 3ware raid, the drivers are much
better.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: software raid

[Lucas Albers]

Alvin Oga said:
>> I like this idea but I need help.
>> A server of mine has just one 20GB drive.
>>
>> I have 2 spare 40GB drives.  How would I make my current install on the
>> 20GB work on the 40GB drives that I want to setup RAID1 on?
>
You can do it without risk of losing data using just debian stable.
I've spent 3 weeks figuring it out in painful iterative detail.
I will be posting a howto soon.

>From start to finsih I have performed the operation twice.
Installed on a normal partition and converted it to raid.

The second time I did it remotelly via ssh.


Easy once you figure out how to do ittook me a long time to figure out
how the steps.
I am going to document in enough detail so you can do it from start to
finish.

As soon as I got it the first time I fdisked and following my initial
documentation, completed the task again, to verify my documentation was
correct.


I used raid1, lilo, a recompiled debian kernel with raid support, and
mdadm tools to perform it.

It was a nightmare trying to get mkinitrd to make the initrd image with
raid modules in it, I screwed around trying to get it to work for at least
a week. I gave up.
Don't send me any information on how to use initrd with raid, I'm sick of
initrd.img.

I'm rechecking my directions again, and reinstalling for the 3rd
time...from scratch.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

apt-mir script.

[Lucas Albers]

I want to install a testing kernel on a stable i386 system, that does not
have network yet. I can copy the debs to a cd, create a file apt
repository, and just use apt-get to install the additional packages, like
such.

I tried using apt-move to do this, but I was to dumb to figure it out.

Steps:
1.
Download necessary packages to update stable kernel to testing kernel.
2.
Create repository structure.
mkdir /tmp/kernel-update/testing/dists/
3.
Create package listing.

Copy to cd.
Stick in target system.
update /etc/apt/source.list to include new apt source.
mount cd
apt-get install kernel-image-2.4.22-1-i686

Tada, or thats the idea...

My /etc/apt/sources.list entry for the simple repository I create:
deb file:/tmp/cdrom testing main

Then the script I use to copy debs from existing archive to my repository
I am creating.

#---
#apt-move-simple
#!/usr/bin/make -f
src=/var/cache/apt/archives
mir=/tmp/cdrom
mpath=/dists/testing/main/binary-i386
M=${mir}${mpath}
all:
mkdir -p ${M}
cp  ${src}/*.deb ${M}
cd  ${M}; \
dpkg-scanpackages . /dev/null > Packages
cd ${M}; \
gzip -9 -f Packages -c > Packages.gz
chmod +r * ${M}
#---

The problem I am encountering is that apt-scanpackages is not creating the
correct pathnamewhen I run it like such,
it updates correctly but the Packages does not have the correct filename.
It needs a full filename and not a referential.
I tried to understand from apt-scanpackages but couldn't figure it out.
Any ideas?
Documentation mentions stuff, and I tried this:

cd /tmp/cdrom/dists/testing; /
dpkg-scanpackages main/binary-i386 [/tmp/cdrom/dists/testing/main/]

Doesn't like that command, and other commands I attempted.
Thanks.
Just running it like such dpkg-scanpackages . /dev/null > Packages
does not include the full path.
-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

network card in compaq

[Lucas Albers]

I have started the steady process of converting my machines from redhat to
debian.

Yeterday I got a new hp lt?330, can't remember the exact model number.
Planning to use the machine for snort analysis and the old box was too slow.

It has the broadcom bcm5700 integrated in gigabit network card.
I can find the src package for the bcm5700 card, but wanted to know if
anyone has built a stock kernel with support for this card?

Is their a standard stock kernel, that has support for all currently
supported network cards?
This would be a good thing for initial installs.


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

debootstrap,define arch

[Lucas Albers]

On some systems debootstrap runs fine like such:
debootstrap --verbose woody /root/woody-chroot http:/blahbla

On others it will only run fine like such:
debootstrap --verbose --arch i386 woody /root/woody-chroot http:/blahbla

On both systems I have dpkg installed, any idea why it acts differently?

On some systems I have to define the arch, any idea why?

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Web server Partitions - reiserfs

[Lucas Albers]

Alvin Oga said:
>> I was hoping reiser could give me better redundancy.
>
> supposed to be better
>   - i assume yoy dont mean "redundancy" but that you dont
>   want to wait around for fsck checks of the fs after
>   accidental or silly or testing power off
>
> xfs or jfs supposed to be even better for journaling ...
yeah, I'll just try one thing at a time. Don't trust xfs/jfs yet.
I just want fast fsck time

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Web server Partitions - me

[Lucas Albers]

whatup alvin,

Alvin Oga said:
>> I think I'm just going to put spare backup disk in the system.
>
> usually simpler to use 1 disk for spare.. as long as everythng
> fit and you dont have to worry about any config errors
>
>> >> I've found that some volumes just break sync,
>> I have a raid 5 partiton hde,hdf,hdg,hdh.
>> And sometimes hde gets confused and I have to raidhotadd then
>> raidhotadd.
> sounds like hd3 is a dying disk
>   - do you have "SMART" turned on it ??
>   - do you check the cables for it ??? make sure it is ata-100
>   cables instead of the cheap/fat ata-33 cables
>
> you should NOT have to do that ... raidhotremove/raidhotadd...
That disk has 3 seperate raid volumes on it, and only the one raid volume
has problems, the other raid volumes never have problems:
See /proc/mdstat: /dev/hde3 has hte problem

Personalities : [raid1] [raid5]
md2 : active raid5 hde3[0] hdf3[1] hdg3[2] hdh3[3]
  358339200 blocks level 5, 64k chunk, algorithm 0 [4/4] []

md1 : active raid5 hde2[0] hdf2[1] hdg2[2] hdh2[3]
  1536000 blocks level 5, 64k chunk, algorithm 0 [4/4] []

md0 : active raid1 hde1[0] hdf1[1] hdg1[2] hdh1[3]
  102208 blocks [3/3] [UUU]


I'm just say hte heck with tuning it, when people complain, I tune.
Until then I just use the default.
Only tuning because I dump a lot of data off this system, so want fast
disk reads.
Just remembered, turn on noatime that should speed it up.
> and if you wanna tune it more ..
>   http://www.Linux-1U.net/Tuning
>
> - there's some pretty ( partition & raid ) pics at the bottom too
> alvin



-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Web server Partitions

[Lucas Albers]

Karsten M. Self said:
> However, reiserfs (as other journaled filesystems) *does* require
> storage space for the journal file.  Which on a smallish root filesystem
> takes up a significant amount of space (32 MiB, IIRC, for reiserfs).
> Reiser uses a fixed size journal file, while ext3's is either more
> proportional to the partition size or is just smaller overall.
Good information, though; thanks for the feedback, I had not considered
why not to use reiserfs on small 100m boot partition. It makes sense to
use ext3 on a small boot partition, because of the proportional journal
size.

>
> Well, some of it's worked into standard stuff.  My partitioning notes
> are also included, in part, in the Linux Partitioning HOWTO.  My chroot
> install notes were adapted for use in the Debian Installation Manual.
>
> And there's Google.
Adding value to the world, way to go!. (You and google.)


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody - crash.

[Lucas Albers]

not sure who said what, but if your readin the thread then you know...

>> My woody - with 2.4.22 crashed today.
>> The problem is that i dont know what actually Oopsed. There is nothing
>> about it in logs.

Half of my crashes have been directly related to memory.
I do thus
run memtest86 then run the linux test project script.
This will crash your system, shake out all that instability.
Tell you if your system is solid.
I run it after every kernel upgrade. Takes a few hours.
People keep using the server, so it doesn't add to my downtime.

This summer I spend 3 months resolving a crash on a system, I finally
learned that my cpus' weren't rated for my bus, and when I clocked them
down from 1.8 to 1.1 it fixed the crash. It was a drawn out process to
figure this out.

I also enable the reboot on panic so the system will reboot on a kernel
panic.
#reboot machine 10 seconds after a kernel panic.
echo 10 > /proc/sys/kernel/panic

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Web server Partitions - reiserfs

[Lucas Albers]

Alvin Oga said:
> reiserfs-3.6 w/ linux-2.4.23 seems to work fine ( normally ) now for
>  / and lilo and everything else ( using it daily )
>   prior versions/combinations i tried failed miserably
Have you notices any corruption using reiserfs, does it sync a lot faster
on reboots compared to ext3.
I've had a 350G ext3 raid5 parttions that take hours to resync if it is
shut off accidentally.
I was hoping reiser could give me better redundancy.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Web server Partitions - me

[Lucas Albers]

Alvin Oga said:

>> I've decided to start making my raid
>> syncs into smaller sizes, so they can resync back faster.
>
> the size of the "raid" has NOTHING to do with "resync" faster in general
>
> the number of files and data that have to be sync between the
> degraded raid and the newly inserted disk does make a difference
>   - faster oyu notice a dead/dying raid disk and replace
>   it implies that there is less time wasted in degraded raid mode
>   and minimizes data loss if another disk dies
>
I did not know that.
What I meant, was if it is a partition size the resync will occur faster
then if it is a giant partition size.
I think I'm just going to put spare backup disk in the system.
>> I've found that some volumes just break sync,
>
> huh ?? curious .. what and how ??
I have a raid 5 partiton hde,hdf,hdg,hdh.
And sometimes hde gets confused and I have to raidhotadd then raidhotadd.
Happens every couple of weeks, always the same partition that decides to
go on vacation from the raid set.
>
> sync is always required for nfs or raid or whatever ther apps that like
> to have "sync" specified
>
was not referring to sync mount option.
> for clarification, i did NOT mention to use raid0 for temp ( /tmp )
>   - there is also zero point in making /tmp raid0
>   unless one is doing say some huge GB-sized app that requires
>   lots of GB-sized temp data in /tmp

No I thought about doing it.

>
> - in general, i do not recommend raid0 ( stripping ), unless you want:
>   - makes a bunch of smaller disks look like one  bigger disk
>   - allows you to read data 2x faster if you "mirror it"
>   ( raid0 across  md0 and md1
>   ( where both mdo0 and md1 is a mirror of md0 )
>
Good information, to much effort to stripe and mirror, I'll just stay with
raid1 or raid5.

> - differences in raid
>   http://www.1U-Raid5.net/Differences
>
> imho ...  a properly partitioned and installed linux, for my
> reasons/purposes is:
>   /   256MB
>   /tmp256MB
>   /var512MB
>   /usr4096MB
>   swap512MB
>   /optrest of disk ( aka /home )
>
this is what I have used;
>   /   1G
/boot   100M
>   swap512MB
>   /optrest of disk ( aka /home )

Should make seperate /tmp /var partitions on my webserver, thanks for
reminding me.

Good information on disk sizes, setting up new webserver now that I go
raid working, decided to go with reiser, now I have some ideas for
partitions.

>   -- if you need more disk space for whatever, than move that
>   directory to "user area" ( /home ) and keep the system clean so
>   you can fix or restore the system whenver needed in a few minutes
I use systemimager to rsync upgrades/downloads remotelly in a few minutes.
I can do a remote os upgrade download,backup. Works great.

>
> other partiton schmes
>   http://www.Linux-1U.net/Partitions
Will take a look at it, too much info...my belly is full.
>
>> Have you noticed any syn speed difference with differnt kernels?
>
> nope ... havent tested for it either
>
Anecdotally I noticed that optimized an athlon or similar 2.4.22 kernels
on my systems get 14meg, and stock kernels get slower on syncs.
But have not scientifically tested it.
It appears, in my completelly unsubstantiated opinionthat raid works
much faster in later kernels.

-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: debootstrap doesn't

[Lucas Albers]

Alan Chandler said:
> I am trying to set up a sid chroot on my current system to build some up
> kde
> debs from the latest cvs
>
> I try and run debootstrap as root, but it seems to fail
>
> kanger:~# debootstrap sid ./kde http://ftp.uk.debian.org/debian
> Alan Chandler
> [EMAIL PROTECTED]
I have some directions chrooting;
for cookies and giggles see if you missed something.
directions here:
http://www.cs.montana.edu/faq/faqw.admin.py?query=setup+debian+for+build+root+build+&querytype=allkeywords&casefold=yes&req=search
sample syntax
debootstrap --verbose woody /root/woody-chroot
http://ftp-mirror.internap.com/pub/debian/


-- 
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Web server Partitions

[Lucas Albers]

> See generally my guide previously posted.
>
> Use LVM.
>
this guide:
http://kmself.home.netcom.com/Linux/FAQs/partition.html

Mentions that you should not use reiserfs as your boot partition?
Can you extrapolate, I've used reiserfs as my boot partiton with no
problems, and would be interested in what you have encountered:

"The only significant consideration here was that I'm running Reiserfs on
most partitions. There are some issues reading a Reiserfs partition on
boot from LILO, so I have one ext2fs partition, mounted read-only, as
/boot."

In completelly unrelated comments, it seems a lot of people have good
documentation spread all over the net, wouldn't it be nice if more of this
was consolidated on the debian site?
--Luke CS Sysadmin, Montana State University-Bozeman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Web server Partitions

[Lucas Albers]

> on Tue, Dec 16, 2003 at 01:38:50PM +1000, Braxton Neate
> ([EMAIL PROTECTED]) wrote:

>> I'm wondering what other people would recommend in the way of
>> partitioning?
>>
> http://kmself.home.netcom.com/Linux/FAQs/partition.html
You mentioned thus their:


"Mount options typically restrict features of the partition, including
whether it can support executables, SUID files, and device files. While
content on "static" partitions can change, it typically doesn't over a
normal use cycle, and is only modified during system upgrades. Debian
provides options to allow remounting partitions as writable and/or
read-only during the upgrade process, see system documentation for more
information [Ed: I should be more specific, it's apt related stuff
2001/04/13]."

Can you provide more information about this?

This sounds like a useful security setup.
--Luke


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Web server Partitions

[Lucas Albers]

>
> hi ya andrew
> raid can break due to:
>   - (1) disk failures
>   - the silly system takes forever ( dayz ) to resync itself
>   - too many disks failures renders the entire raid useless
>   or the system can be on a non-raided disk and raid5 for data only
>   - have an 2nd system disk for backup and go live by
>   simply changing its ip# and hostname
> there is no point to raiding /tmp ...
>   - if the system dies ... all temp data in /tmp wont matter
>
>   - swap is already "semi-raided" by the kernel
>   and if it dies... swap data is generally useless anyway
>
> c ya
> alvin
I was thinking about this idea, so /tmp is on raid. Now temp dies, and you
reboot, and now apache won't start? I've decided to start making my raid
syncs into smaller sizes, so they can resync back faster. I've found that
some volumes just break sync, it's always one disk or partition
consistently pukes out, Why is always the same disk/partition?

I think I will just make a raid 0 partition for temp, as you mentioned, if
the disk dies all the partitions are dead.

Have you noticed any syn speed difference with differnt kernels?
In related news I finally got debian to boot from a software raid
partition as root.
Start to finish..yippee.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: fortran 90 for debian

[Lucas Albers]

> TimC -- http://astronomy.swin.edu.au/staff/tconnors/

> I'm doing the latter. There are various fortran 90 projects around -
> such as g95 and something else. It looks like g95 wont be integrated
> with gcc until 2005 or so.
>
>
> The ifc compiler is quite nice. It's diagnostics and error and warning
> messages are *real* nice. Only problem is they don't interface with
> emacs :(
>
> It can be told to do all sorts of runtime checks on array bounds and
> argument mismatches etc, and has found many a bug in my programs. The
> only thing it doesn't do is make sure common blocks are matches
> properly. I kept getting address errors until I found the culprit.
>
> --
So could g95 be included on a debian system?
You've used it for compilation on a debian box?
--Luke


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

fortran 90 for debian

[Lucas Albers]

I looked unsuccesfully for a fortran 90 package, using apt-cache.
Does debian have a fortran 90 package?
I am trying to get nother department to use debian in their new
computational farm.
They require a fortan compiler.
I realize debian has a fortran 77 compiler.

--Luke


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

distcc install on xinetd

[Lucas Albers]

Result:
Installation of distcc on a system running xinetd, results in reference to
non existint documentation concerning correct configuration of distcc
after installtion.
Expected Result:
Distcc should add xinetd entry if needed, or refer to existing
documentation,which should have a sample entry for distcc install on
xinetd.

Reproduction:
install xinetd, install distcc.
Packages:
xinetd   2.3.4-1.2
distcc   2.11.2-1

I believe this is a sample entry for distcc,
BUT I AM NOT SURE.
BUT I AM NOT SURE.
I want someone to look at my sample xinetd entry for distcc, _and I will
bugreport this_.


service distcc
{
socket_type = stream
protocol = tcp
wait = no
user = distccd
server = /usr/bin/distccd
server_args = --nice=1
}

Nag notification on installation:
If you are indeed using xinetd, you will have to convert the
above into /etc/xinetd.conf format, and add it manually. See
/usr/share/doc/xinetd/README.Debian for more information.

This tells not enough, as I am lazy, and I just want to look at a sample
entry.

Documentation on update xinetd.conf
Using itox

   The following command will output the appropriate xinetd.conf entry for
   this service, so you can add the output to xinetd.conf yourself:

echo "line from /etc/inetd.conf" | itox


--Luke


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

General debian questions

[Lucas Albers]

I had some general questions about debian.
Is their any fundamental reason why apt-get could not use rsync in
addition to it's current method?
This should be inherently faster.??

Creating iso image from jigdo-file.
Assume I want to add in some additional packages onto my stable install cd.
Just do thus:
apt-get -d install packages.
Then copy the deb files to my loopback mounted jigdo iso cd image.
I could then install them with dpgk -i packagename.
How hard is it to make it so apt-get when pointing to the cd as a
repositry, can install the packages correctly?

I was planning to recompile my kernel and include the 2.4.22-1-686 kernel
on the stable install cd.
The problem I am encountering is stable won't see the network card on new
machines such as the e1000 card on some integrated motherboards.
So I have to take the machine apart and stick in a old card, get the
network working, then download a new kernel.
I don't want testing,knoppix,redhat CD's.
I want a 1 cd 1 boot installation solution.

Do you think we are going to have some gpg checking of packages, as the
default for apt-get anytime soon?




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Spamassassin on Debian HOWTO?

[Lucas Albers]

> On Sun, Dec 14, 2003 at 10:48:41AM -0500, Carl Fink wrote:
> | A couple of web searches don't find a simple step-by-step guide to
> | installing Spamassassin on Debian Stable.
>
> Oh, sendmail.  I can't help with that (other than suggesting
> 'apt-get install postfix' or 'apt-get install exim' ;-)).
>

You can use mimedefang+sendmail it is a full milter interface that allows
mangling of incoming level based on any criteria (relay address,sender
recipient,attachment name, sa score.)
It is part of the apt repository.
I use it mimedefang+sendmail on a (RH) and I have installed it on a debian
stable box. Works frigging great. Love it.
I run my mail through 4 virus scanners, attachment filtering, and
spamassassin before my mail server either:rejects it, bounces it,
quarantines it, strips the harmful attachments, or accepts it.

I just wrote directions on compiling the testing version on debian stable.
http://www.cs.montana.edu/faq/faqw.admin.py?query=mimedefang+2.38+&querytype=simple&casefold=yes&req=search

Here are some general linux installation directions for linux:
http://www.rudolphtire.com/mimedefang-howto/


The debian installation is by far the easiest linux installation.
apt-get install mimedefang.
add one line to sendmail.mc restart sendmail; restart mimedefang;
tweak your filters. You need to read the documentation and man pages to
understand what it is doing, it does a lot!.
If you get stuck go ask on the mailing list for it...

--luke


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Redhat to Debian conversion

[Lucas Albers]

Debian is harder to setup then redhat.
I've used both.
Just stay with redhat, you'll really appreciate debian after you've been
doing things for awhile. At first the Debian way will seem stupid.

Then some day you'll go aha, I see why they do it this way.
I think Debian rocks, but the hard part for me is not installing, it's
maintaining my existing farm of machines.
Read the howto installation documentation for installation.
Just select the default choices for everything on the Debian install.
The hardest part for debian is getting it to guess the network card.
Once you have that done, you are home free.
Once you get apt going you have pay-back.

If you are really having problems try installing libranet, it uses the
debian archives, so you can upgrade to debian, but it is designed to
auto-detect and configure everything for a desktop.
Libranet is 100% package compatible with debian.)
(Ok, ignore the exceptions, you know what I am talking about.)


Wish I could figure out how to install discover within the installer, so I
don't have the pry the case open to see what network card it has.

>
> I am new to Linux and for 2 1/2 days I been trying to install Debian.
> Well I have the very basics installed but that is really all I got.
>
> Now I have Redhat and that is easy to install.
> Somewhere I read that it is posible to convert a Redhat install to Debian.
>
> I am wondering if that is maybe easyer then installing Debian.
>
> And what are the good and bad points.
>
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: software raid

[Lucas Albers]

>
> hi ya lucas
>
> collection of um
>   http://www.1U-Raid5.net
>
> "good sw raid" is already part of the linux kernel..
> you dont need anything else ... other than to turn on the raid options
in the kernel  and create your raid config files
>
>
> minimum testing process..
>   http://www.1U-Raid5.net

>> good idea
>   - do you raid just the data .. or the OS too ?? ( root raid )
I was planning to raid the root, and setup additional mirros for data. If
you create smaller raid volumes in raid, it's faster to sync when your
volume get's fubared.
Which happens on my redhat systems occasionally.
>   - if you use raid5 ( you supposedly cannot boot off / that is
>   raid5 .. but i think if you have a proper initrd, it works )
I'm pretty sure you cannot boot off raid5.
Everything I've seen seems to indicate it.
>
> and redundancy also comes from monitoring the raid setup
>   - lots of scripts you can write to monitor the raid system
>
I like the mdadm package as it includes a raid monitoring script.
Although I am stilling trying to get a bootable root raid working.

> for setup of a new system ( the right way?? )
>   - make sure the partition type is FD(raid) not 82(linux)
>
>   - install the / system as root  ( unfortunately, fortunately,
>   redhat/suse makes installing onto hda/hdc trivially simple )
>
Works on my redhat systems, want it to work on my debian system.
I am on teh positive side, learning how raid works which should help me
when it fubars.
>   - debians new installer should allow for root raid installs
Don't care about the new installer, as I want something now, on stable.

>
>   - simpler/faster/easier to copy the exisitng data to a backup data
>
So far I've just been trying to sync existing data with a degraded disk,
trying to get it to boot, and when it boots syncing the first disk with
the second disk. Have not lost any data yet.

>   or just start with 2 fresh disks and leave the current disk alone and
retire it after your new raid setup is testing/working and
>   been running a few months
>
>   - new disks is $70 or less for 40GB... thats 30 minutes of time or less
... ( cheaper/faster to get to 2 new disks )
>
> - for existing systems ..
>   - boot a standalone media ...
>   - partition both target disks as FD partition types
>   - config both disks and format
>   - install as usual
Got the FD stuff done.
Seems somehow that cfdisk does not completelly clean the partiion up. What
is the most comprehensive clean command for completelly rewriting all the
partitions and file systems on a disk?

>
> - make sure your final raid config is:
>
>   # allow you to boot off hda or hdc
>   #
>   boot=/dev/md0
>   ...
>
>   # root raid
>   root=/dev/md0

>> I have read most of the documentation...but they lack items.
>
> yup.. lack the key problems ...
Saw this item for mdadm which appear to be boot switches that I have not
seen on ANY other documentation.
> Support /dev/hda1 was your live boot drive, and /dev/hdc1 was second
> partition that you eventually wanted to raid1 together with /dev/hda1.
> Then
>   1/ create a degraded raid1 using /dev/hdc1 only:
>  mdadm -C /dev/md0 --level raid1 --raid-disks 2 missing /dev/hdc1
>   2/ create a filesystem on /dev/md0 and mount it:
>  mkfs /dev/md0
>  mount /dev/md0 /mnt
>   3/ copy everything from / to /mnt
>   cp -ax / /mnt
>   4/ modify /mnt/etc/fstab to think that / is on /dev/md0
>   5/ reboot with a kernel-parameter of:
> md=0,/dev/hdc1 root=/dev/md0
>   6/ If this all seems to work properly, then add /dev/hda1 to the
>  raid1 array:
>mdadm /dev/md0 -a /dev/hda1
>  and change the kernel-paramter line to
> md=0,/dev/hda1,/dev/hdc1 root=/dev/md0
>


>
>> I can recompile the kernel; use a new kernel if necessary.
Better to have a kernel with raid built in, so you don't have to bang
around with initrd.

>
> since these are for production .. you should to it the right way ... vs
copying an existing system to a 2nd disk  ( it's NOT raid
> until you get the partition type to be "raid" )
Was easy to switch partition type, didn't even lose data on a partition
switch. Just cfdisk blam blam blam. Done.


>
> raid when properly setup will be able to boot and keep running
> even if the any 1 other disk is pulled out of your system
Assuming you are using autot-detect of the file system types. Which you
are referring to.

I am going to re-attempt this process, continue to attempt this process
until I get it figured out. I'm pissed so I'm not stopping.
Then post some notes for exactly what I am doing:
"Use only debian stable, switch an existing system to boot / off  a raid-1
partition without using rescue disks, or any losing data. Use ext3 or
reiserfs, and mdadm tools as the raid tools."
Exact notes along the lines of the EXACT,EXACT steps to accomplish,
skipping no steps.

Then when I get it working once, wipe my disks and fol

software raid

[Lucas Albers]

I've been trying to get debian stable working with software raid using
various documentation.
If you can think of any good software raid (running on your root partition)
documentation for debian STABLE please send it over.
I don't want ANY testing, as these systems are for production systems.
I'm trying to setup a debian stable machines to run with software raid for
additional redundancy.
I would like to determine how to setup software raid on an new system, and
how to convert an existing system to use software raid.
I'm aware of the documentation in raidtools2 and mdadm.
I have read most of the documentation...but they lack items.
I can recompile the kernel; use a new kernel if necessary.
--Luke


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]