Re: Admin horror stories
"Ben Scott" <[EMAIL PROTECTED]> writes: > On 10/9/07, John Abreau <[EMAIL PROTECTED]> wrote: >> ... I looked in /bin for suspicious files, and that was the >> first time I ever noticed the file [ . It looked suspicious, so >> of course I deleted it. :-/ > > Did you know 'rpm' will let you remove every package from the system? Did you know tar will let you install Ultrix on a Sun ? Of course, it won't work, as SunOS seems to get very ornery when it can't read stuff recently "upgraded" to the Ultrix version in /usr/lib, etc. :) There was PEBCAK bug involved in case it wasn't obvious :) -- Seeya, Paul ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Meeting Notes: SLUG / 8 Oct / InkScape
Nine people attended the SLUG meeting last night. After some announcements, suitable heckling, and the obligatory protector fussing, Rob Anderson got underway with a presentation on InkScape. He started out explaining why he started playing with SVG in the first place. It turns out Rob knows somebody with a laser cutting/engraving machine. Rob wanted to have some designs cut, and that meant he had to supply a vector graphics file to run the machine. Vector graphics are needed because the machine can only trace lines -- this isn't an inkjet. If I was smart, I would have asked Rob to send me the URL of the pictures and graphics he used. So you'll have to make due with some description: There was the outline of some mountains, a stylized name, and a slogan. Rob started with a bitmap, which InkScape easily imported. The "Trace Bitmap" function did an amazing job of turning that into vectors -- almost perfect on the simple logo Rob had. From there, the group spent over an hour in a semi-interactive exploration of InkScape. These sorts of unstructured adventures are both educational and fun, which is grand. Unfortunately, they do tend to defy easy prose description. Suffice it to say: InkScape is a very powerful and capable tool. Random trivia: Rob asked InkScape to trace a full-color photo of a scenic overlook. It didn't choke, even when the result was an SVG with over 100,000 nodes. Upcoming SLUG meetings: Next month - Mon 12 Nov - Panoramic Photo Processing with Linux. Rob will be showing us some tools and techniques for building panoramic pictures (very wide aspect ratio) from regular digital camera photographs. The tools are "hugin", "autopano", and "enblend". The techniques... well, you'll have to attend to get those! December - Mon 10 Dec - Linus Torvalds speaks at UNH. Hah! Bet that got your attention. But sorry, we're not that lucky. In the tradition of holiday re-runs, this will be a showing of a video recording of Linus's talk at UNH, circa 1996/1997. Thanks to Rob for, well, all of the above. :) Hope to see you all next time! -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OT: Quantum Books closing...
Tom Buskey writes: > It's similar with Hardware stores. Most constructions guys I know don't > like the mega stores because they wait in line, the quality isn't what they > want and returns take too long for them. True story: I was standing in a huge hardware store one night, looking for a plumbing-related item. After looking for ten minutes for the item that I needed, I gave up and started trying to get some help. Another ten minutes passed before I got an employee to help me. The item was common enough but we both couldn't find it. Eventually, the employee of the huge hardware store gave up looking for the item and actually said to me: I don't know. I can't find it. Have you tried looking in a hardware store? The great part was that there were two other guys in the aisle at the time who overheard this. As soon as the employee uttered this bogosity, we all collectively started laughing and left. BTW: I followed his advice... --kevin -- GnuPG ID: B280F24E God, I loved that Pontiac. alumni.unh.edu!kdc -- Tom Waits ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Admin horror stories (was: Shell Quoting)
On 10/9/07, Neil Joseph Schelly <[EMAIL PROTECTED]> wrote: > But then again, if you mean to say that rpm won't warn you before doing > something like that, then that is quite scary indeed. rpm(8) didn't stop and ask "Are you sure?" when my script invoked "rpm --erase" with an argument list explicitly naming every package on the system, if that's what you mean. :) But I suspect that's something of a corner case. I blame only myself. There's only so much software can do. (There was a bug in the script, in case that isn't obvious.) -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Admin horror stories (was: Shell Quoting)
On Tuesday 09 October 2007 17:31, Ben Scott wrote: > On 10/9/07, John Abreau <[EMAIL PROTECTED]> wrote: > > ... I looked in /bin for suspicious files, and that was the > > first time I ever noticed the file [ . It looked suspicious, so > > of course I deleted it. :-/ > > Did you know 'rpm' will let you remove every package from the system? > > I do. Now. ;-) I think I'd be disappointed if it didn't and I use it as further ammunition that Debian's APT/dpkg is better than RedHat's yum/rpm stuff. APT is better because it will let you remove EVERYTHING! But then again, if you mean to say that rpm won't warn you before doing something like that, then that is quite scary indeed. -N ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: HA MySQL Setups
On 10/9/07, Lloyd Kvam <[EMAIL PROTECTED]> wrote: > On Tue, 2007-10-09 at 14:12 -0400, Flaherty, Patrick wrote: > > > What about multimaster replication? > > Multi Master made me feel a bit icky. Auto-increment offsets the same > > logshipping stuff others have had problems with. > A MySQL slave has a single master. A master can have multiple slaves. > Your set of connections forms either a tree or a loop, possibly with > branches. People use Master Master setups so they can distribute work *AND* offer high availability. It's just as plausible of a solution, but it's still icky. -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Admin horror stories (was: Shell Quoting)
On 10/9/07, John Abreau <[EMAIL PROTECTED]> wrote: > ... I looked in /bin for suspicious files, and that was the > first time I ever noticed the file [ . It looked suspicious, so > of course I deleted it. :-/ Did you know 'rpm' will let you remove every package from the system? I do. Now. ;-) -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OT: Quantum Books closing...
On 10/9/07, Tom Buskey <[EMAIL PROTECTED]> wrote: >> It's a fair bet that the demise of the printed book is inevitable. > > I think the reference book will go 1st. Books you read through, like > novels, will have longer legs. Right. And even once really good paper replacement technology is introduced, it is going to take at least as long as the time needed for the population acclimated to the old technology to die off. A few generations. Probably not within the lifetime of most people reading this list. > It's similar with Hardware stores. Most constructions guys I know don't > like the mega stores because they wait in line, the quality isn't what they > want and returns take too long for them. What's really sad is when you have no alternative but to go with the poor choice. I've been repeatedly impressed by how the local independent hardware supplier near work (Amesbury Industrial Supply) has more in stock, better variety, better customer service, and cheaper prices than Home Depot, et. al. I suppose that's why AIS is still in business. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Shell Quoting. Was: Shell tips and tricks
On Mon, October 8, 2007 2:39 pm, Steven W. Orr said: > > The history is that before [ was a builtin, it used to be an external > program. You could look on old unix boxen and there'd be a file called > test which had a hard link to a file called [. The ] at the end of the [ > was just syntactic sugar. There's no difference between > Ah, that brings back memories. Back in 1983, when I was fairly new to Unix and had only recently been given root access at my college lab, I noticed that /bin was world writable, After correcting that, I looked in /bin for suspicious files, and that was the first time I ever noticed the file [ . It looked suspicious, so of course I deleted it. :-/ -- John Abreau / Executive Director, Boston Linux & Unix IM: [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED] Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Shell Quoting. Was: Shell tips and tricks
On Tuesday, Oct 9th 2007 at 16:04 -, quoth Mark E. Mallett: =>On Tue, Oct 09, 2007 at 01:02:37PM -0400, Ben Scott wrote: =>> On 10/8/07, Steven W. Orr <[EMAIL PROTECTED]> wrote: =>> > if [[ blah1 && blah2 ]] =>> > otherwise you'd have to say =>> > if [ blah1 ]] && [ blah2 ] =>> > which I'm hoping won't generate a different set of questions. =>> =>> (I'm assuming, in the second example, the doubled =>> right-square-bracket after "blah1" is a typo.) =>> =>> Can't you just say =>> =>> [ blah1 -a blah2 ] =>> =>> for the second one? That's what I've always done. I supposed, =>> aesthetically, one might prefer the use of && over -a because it looks =>> more like C or makes one think of "and" or whatever, but beauty is in =>> the eye of the beholder and all that. => =>Notes from the autoconf folks about shell portability make interesting =>reading, if you lean that way. I'm sure there are other guides, but I =>think of this because configure scripts have lots of things that you =>might scratch your head about. Not all of which are explained by =>the notes :) => => http://www.gnu.org/software/autoconf/manual/autoconf-2.57/html_chapter/autoconf_10.html => =>Oddly there is no mention of the '==' thing, possibly they didn't =>consider that people used to 'test' syntax would use it. They do say: => =>If you need to make multiple checks using test, combine them with =>the shell operators `&&' and `||' instead of using the test =>operators `-a' and `-o'. On System V, the precedence of `-a' and =>`-o' is wrong relative to the unary operators; consequently, POSIX =>does not specify them, so using them is nonportable. If you combine =>`&&' and `||' in the same statement, keep in mind that they have =>equal precedence. And it's a good thing that the precedence is equal too. if p then something_true else something_false fi is equal to p && something_true || something_false It's nice to use this construct when it doesn't go longer than an 80 column line. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OT: Quantum Books closing...
On 10/9/07, Ben Scott <[EMAIL PROTECTED]> wrote: > > On 10/9/07, Paul Lussier <[EMAIL PROTECTED]> wrote: > > I suppose the demise of the independant book seller, especially in the > > technical space, is inevitable. > > It's a fair bet that the demise of the printed book is inevitable. I think the reference book will go 1st. Books you read through, like novels, will have longer legs. Techies are just a bit ahead of the curve. When faced with a > technical question, it's a rare event that the first thing I do is > reach for a book. Even if I know the answer can be found in a given > tome, it's often easier to just try Google first. We're still a bit > away from "A Young Lady's Illustrated Primer", but fairly amazing > electronic paper has already been produced in labs. My sister-in-law librarian says 'if it's not online, students don't research it'. She's at a technical college in Boston FWIW. It's certainly somewhat bittersweet, as browsing a bookstore, > especially a smaller one, can be quite enjoyable. Doubtless people > mourned the passing of ubiquitous horse stables in a similar way. I found that SoftPro and Quantum and Comic shops serve my niche far better then the megastores because they fit a niche. It's been awhile since I browsed a small general bookstore that met my needs better then the mega stores :-( It seems like the technical niche is getting too small. It's similar with Hardware stores. Most constructions guys I know don't like the mega stores because they wait in line, the quality isn't what they want and returns take too long for them. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OT: Quantum Books closing...
On 10/9/07, Paul Lussier <[EMAIL PROTECTED]> wrote: > I suppose the demise of the independant book seller, especially in the > technical space, is inevitable. It's a fair bet that the demise of the printed book is inevitable. Techies are just a bit ahead of the curve. When faced with a technical question, it's a rare event that the first thing I do is reach for a book. Even if I know the answer can be found in a given tome, it's often easier to just try Google first. We're still a bit away from "A Young Lady's Illustrated Primer", but fairly amazing electronic paper has already been produced in labs. It's certainly somewhat bittersweet, as browsing a bookstore, especially a smaller one, can be quite enjoyable. Doubtless people mourned the passing of ubiquitous horse stables in a similar way. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: HA MySQL Setups
On Tue, 2007-10-09 at 10:43 -0400, Flaherty, Patrick wrote: > I'm planning to set up an HA mysql cluster. Oddly enough, I just got an email from mysql.com advertising high availability training in Burlington, MA later this month. Let me know if you want a copy of the email. -- Lloyd Kvam Venix Corp DLSLUG/GNHLUG library http://www.librarything.com/catalog.php?view=dlslug ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
RE: HA MySQL Setups
On Tue, 2007-10-09 at 14:12 -0400, Flaherty, Patrick wrote: > > What about multimaster replication? > > Multi Master made me feel a bit icky. Auto-increment offsets the same > logshipping stuff others have had problems with. A MySQL slave has a single master. A master can have multiple slaves. Your set of connections forms either a tree or a loop, possibly with branches. I've written a "collector" process to short circuit the loop for pushing a replication stream through a bunch of servers. The goal was off-site backup and centralized reporting. I can't imagine using it for high-availability fail over. > There are also other > "implementations" of mmr, but they are just sets of scripts that mimic > heartbeat. In the end, it's the same as normal master/slave replication, > but now with the additional moving pieces. > > Patrick > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ -- Lloyd Kvam Venix Corp DLSLUG/GNHLUG library http://www.librarything.com/catalog.php?view=dlslug ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
OT: Quantum Books closing...
Hi all, I stopped by Quantum Books in Kendall Sq., Cambridge this morning. Some of you may remember they bought out SoftPro a couple years ago. In discussion with the woman who was helping me this morning, I learned that their lease is up next June and they won't be renewing. Rent is increasing, customers are decreasing :( Interestingly, she pointed the blame largely at Tim O'Reilly and not at Amazon. When I asked her why, she said she felt that Tim's direction of pushing everything to web has resulted in O'Reilly as a publisher going down hill. She said a) they're not publishing as many books as they used to, and b) the books they are publishing aren't of the quality that O'Reilly made their name on. She also mentioned that O'Reilly seems rather ambivalent with respect to brick'n'mortar book stores, whereas publishers like APress, Addison Wessely, etc. are doing a much better job. I suppose the demise of the independant book seller, especially in the technical space, is inevitable. Though, should you feel the need to support a local merchant, rather than a chain or on-line giant, I highly recommend Quantum Books. They're local, friendly, and provide great support. They have an on-line presence, will ship anywhere, and deal with corporate accounts as well as individuals. -- Seeya, Paul ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Linux routing fun
On 10/9/07, Ben Scott <[EMAIL PROTECTED]> wrote:
> On 10/9/07, Thomas Charron <[EMAIL PROTECTED]> wrote:
> > +apr_socket_bind(*newsock, conf->bind_addr) != APR_SUCCESS)
> > {
> Right, I did RTFS. But it looks like that is done in the context of
> a "worker". For example:
>
> +if (worker->bind_addr != NULL &&
> +apr_socket_bind(newsock, worker->bind_addr) != APR_SUCCESS) {
> I don't what a "worker" is, but it doesn't sound like the same thing
> as a "virtual host" to me. It sounds more like a worker thread. And
> worker threads are not, as far as I know, specific to any given
> virtual host. So that would imply it's a global option, and the code
> is just setting up the binding for each worker process (for when that
> process is spawned).
The options are copied in while it's being used.
> I could be way off base here, of course, but do you know what a
> "worker" is? Or have you uses this in the manner described, and so
> can say from experience it works this way? (Arguably the better
> situation anyway, since nothing beats practical experience of the
> "Yes, I've done this, and it works" variety.)
I've used that patch before, but honestly, I was only changing the
source address globally to be different then what Apache was listening
on.
> > It's configuration is local to the definition, so if in a
> > VirtualHost, it will use a different one for each VirtualHost.
> What part of the code distinguishes a global option for an option
> which can be used inside a VirtualHost?
It's overridden for any local overrides, which VirtualHosts do.
> As I said, I'm not at all familiar with Apache internals, but
> unexplained proclamations aren't changing that. :-)
:-P Not a problem.
In the end, it may be a moot point, because it doesn't appear to
actually be present in 2.x currently. :-(
--
-- Thomas
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Shell Quoting. Was: Shell tips and tricks
On Tue, Oct 09, 2007 at 01:02:37PM -0400, Ben Scott wrote: > On 10/8/07, Steven W. Orr <[EMAIL PROTECTED]> wrote: > > if [[ blah1 && blah2 ]] > > otherwise you'd have to say > > if [ blah1 ]] && [ blah2 ] > > which I'm hoping won't generate a different set of questions. > > (I'm assuming, in the second example, the doubled > right-square-bracket after "blah1" is a typo.) > > Can't you just say > > [ blah1 -a blah2 ] > > for the second one? That's what I've always done. I supposed, > aesthetically, one might prefer the use of && over -a because it looks > more like C or makes one think of "and" or whatever, but beauty is in > the eye of the beholder and all that. Notes from the autoconf folks about shell portability make interesting reading, if you lean that way. I'm sure there are other guides, but I think of this because configure scripts have lots of things that you might scratch your head about. Not all of which are explained by the notes :) http://www.gnu.org/software/autoconf/manual/autoconf-2.57/html_chapter/autoconf_10.html Oddly there is no mention of the '==' thing, possibly they didn't consider that people used to 'test' syntax would use it. They do say: If you need to make multiple checks using test, combine them with the shell operators `&&' and `||' instead of using the test operators `-a' and `-o'. On System V, the precedence of `-a' and `-o' is wrong relative to the unary operators; consequently, POSIX does not specify them, so using them is nonportable. If you combine `&&' and `||' in the same statement, keep in mind that they have equal precedence. mm ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: HA MySQL Setups
On Tue, 2007-10-09 at 10:43 -0400, Flaherty, Patrick wrote: > Replication - One master server accepts writes, on write ships it's > logs to the slave server(s). Async may not be a problem, but seems > silly there's no flag to wait for the slaves to report a write was > successful. Replication is very handy for off-site backup and situations where delayed delivery of data is OK (or even preferred due to unreliable connections). I'd be reluctant to build a fail-over strategy around replication. -- Lloyd Kvam Venix Corp. 1 Court Street, Suite 378 Lebanon, NH 03766-1358 voice: 603-653-8139 fax:320-210-3409 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Linux routing fun
On 10/9/07, Thomas Charron <[EMAIL PROTECTED]> wrote:
> +apr_socket_bind(*newsock, conf->bind_addr) != APR_SUCCESS) {
Right, I did RTFS. But it looks like that is done in the context of
a "worker". For example:
+if (worker->bind_addr != NULL &&
+apr_socket_bind(newsock, worker->bind_addr) != APR_SUCCESS) {
I don't what a "worker" is, but it doesn't sound like the same thing
as a "virtual host" to me. It sounds more like a worker thread. And
worker threads are not, as far as I know, specific to any given
virtual host. So that would imply it's a global option, and the code
is just setting up the binding for each worker process (for when that
process is spawned).
I could be way off base here, of course, but do you know what a
"worker" is? Or have you uses this in the manner described, and so
can say from experience it works this way? (Arguably the better
situation anyway, since nothing beats practical experience of the
"Yes, I've done this, and it works" variety.)
> It's configuration is local to the definition, so if in a
> VirtualHost, it will use a different one for each VirtualHost.
What part of the code distinguishes a global option for an option
which can be used inside a VirtualHost?
As I said, I'm not at all familiar with Apache internals, but
unexplained proclamations aren't changing that. :-)
-- Ben
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Linux routing fun
On 10/9/07, Ben Scott <[EMAIL PROTECTED]> wrote:
> On 10/9/07, Brian <[EMAIL PROTECTED]> wrote:
> > However, all the outbound connections seem to originate from the
> > lowest numbered IP on the /28 subnet.
> Right. Unless a program takes explicit action to bind its socket to
> a particular IP address, the kernel router will choose the source IP
> address for it. (Generally, the kernel will pick the IP address of
> the interface "closest" (in terms of the kernel IP routing table) to
> the destination.)
> I'm not sure if Thomas Charron's suggestion of ProxySourceAddress
> will work for your needs either. It would depend on how
> ProxySourceAddress is implemented. But quite often, such things
> specify a global option. So you'll be able to change everyone's
Umm, that's exactly what ProxySourceAddress does. :-)
+apr_socket_bind(*newsock, conf->bind_addr) != APR_SUCCESS) {
The bind_addr is the option for ProxySourceAddress, so the outgoing
request when ProxySourceAddress is specified will try to use the IP
given. It's configuration is local to the definition, so if in a
VirtualHost, it will use a different one for each VirtualHost.
--
-- Thomas
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Linux routing fun
On 10/9/07, Brian <[EMAIL PROTECTED]> wrote: > However, all the outbound connections seem to originate from the > lowest numbered IP on the /28 subnet. Right. Unless a program takes explicit action to bind its socket to a particular IP address, the kernel router will choose the source IP address for it. (Generally, the kernel will pick the IP address of the interface "closest" (in terms of the kernel IP routing table) to the destination.) I'm not sure if Thomas Charron's suggestion of ProxySourceAddress will work for your needs either. It would depend on how ProxySourceAddress is implemented. But quite often, such things specify a global option. So you'll be able to change everyone's source address to something in particular, but not control the source address on a client-by-client or connection-by-connection basis. A quick glance at the patch's code makes me suspect this might be the case, as it appears to be setting the socket in association with a "worker" data structure, which I would guess is the worker thread, and not the proxy client. This is more of a guess than anything else, though, so you might want to try it anyway. Assuming my guess is correct, you could work around that by running a different instance of Apache for each and every IP address, but that would be seriously ugly. I believe the Squid HTTP proxy *does* have the capability of selecting it's own source IP address based on the IP address of the client (by using the "tcp_outgoing_address" directive in combination with ACLs). I think you'd need to have an ACL for every possible source IP address, which is a bit yucky, but should work, I think. (I've only ever used tcp_outgoing_address without ACL qualification). It is possible to easily control translation of network addresses in the kernel NAT layer at the level of detail you require, so if you can live with network-layer translation rather than an application-level proxy, that might be a good alternative. Is there some other problem you're trying to solve here? Some context might yield some other ideas. :) -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
RE: HA MySQL Setups
> What about multimaster replication? Multi Master made me feel a bit icky. Auto-increment offsets the same logshipping stuff others have had problems with. There are also other "implementations" of mmr, but they are just sets of scripts that mimic heartbeat. In the end, it's the same as normal master/slave replication, but now with the additional moving pieces. Patrick ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: HA MySQL Setups
On 10/9/07, Flaherty, Patrick <[EMAIL PROTECTED]> wrote: > I'm planning to set up an HA mysql cluster. The database serves as a > backend to a set of webservers (HW loadbalanced). The DB has light load, > but when it breaks the site breaks, so I can't really get away with it > as a single point of failure. > Replication - One master server accepts writes, on write ships it's logs > to the slave server(s). Async may not be a problem, but seems silly > there's no flag to wait for the slaves to report a write was successful. What about multimaster replication? -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Linux routing fun
On 10/9/07, Brian <[EMAIL PROTECTED]> wrote: > I am trying to setup an apache proxy server on about 100 IP's, where > any one of those IP's can accept an http proxy connection from a > remote user. > I got a simple apache proxy setup, and it can accept connections on > one of several IP's (I've setup about 10 of the IP's for now on > eth1:2 - eth1:10). > However, all the outbound connections seem to originate from the > lowest numbered IP on the /28 subnet. I'd like the outbound > connections to originate from the IP address that was used for the > proxy. Ie you can connect to 10.1.1.1 or 10.1.1.2 or 10.1.1.3 for an > http proxy connection, but your IP address will appear to the remote > server as 11.1.1.1 (with the 10. net being used for example to > represent the class c subnet, and 11.x.x.x used to represent the /28). ProxySourceAddress is the name of the option for mod_proxy that you're looking for. Not sure if it's in current head, but here's where it was submitted: http://issues.apache.org/bugzilla/show_bug.cgi?id=29404 -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Linux routing fun
I have a linux box, with a publicly routable class C subnet. I also have a /28 subnet on the same box in a different address space. I am trying to setup an apache proxy server on about 100 IP's, where any one of those IP's can accept an http proxy connection from a remote user. I got a simple apache proxy setup, and it can accept connections on one of several IP's (I've setup about 10 of the IP's for now on eth1:2 - eth1:10). However, all the outbound connections seem to originate from the lowest numbered IP on the /28 subnet. I'd like the outbound connections to originate from the IP address that was used for the proxy. Ie you can connect to 10.1.1.1 or 10.1.1.2 or 10.1.1.3 for an http proxy connection, but your IP address will appear to the remote server as 11.1.1.1 (with the 10. net being used for example to represent the class c subnet, and 11.x.x.x used to represent the /28). If you connect on 10.1.1.2, I'd like the connection to the remote server to appear as coming from 10.1.1.2 If anyone has more experience with linux IP routing than I do, I would appreciate the assistance :) -- brian ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Shell Quoting. Was: Shell tips and tricks
On 10/8/07, Steven W. Orr <[EMAIL PROTECTED]> wrote: > if [[ blah1 && blah2 ]] > otherwise you'd have to say > if [ blah1 ]] && [ blah2 ] > which I'm hoping won't generate a different set of questions. (I'm assuming, in the second example, the doubled right-square-bracket after "blah1" is a typo.) Can't you just say [ blah1 -a blah2 ] for the second one? That's what I've always done. I supposed, aesthetically, one might prefer the use of && over -a because it looks more like C or makes one think of "and" or whatever, but beauty is in the eye of the beholder and all that. So I'm not really getting blown away by the practical difference between [[ ... ]] and [ ... ] here. Is there something I'm missing? > The history is that before [ was a builtin, it used to be an external > program. You could look on old unix boxen and there'd be a file called > test which had a hard link to a file called [. /usr/bin/[ still exists every time I've looked, but interestingly, it's not the same thing on my Fedora 6 box: blackfire$ cmp /usr/bin/test /usr/bin/[ /usr/bin/test /usr/bin/[ differ: byte 25, line 1 -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: HA MySQL Setups
On 10/09/2007 10:43 AM, Flaherty, Patrick wrote: > I'm planning to set up an HA mysql cluster. The database serves as a > backend to a set of webservers (HW loadbalanced). The DB has light load, > but when it breaks the site breaks, so I can't really get away with it > as a single point of failure. > > So here were my options: > http://dev.mysql.com/doc/refman/5.0/en/ha-overview.html > > Replication - One master server accepts writes, on write ships it's logs > to the slave server(s). Async may not be a problem, but seems silly > there's no flag to wait for the slaves to report a write was successful. > DRBD - Write all data onto a shared network block device. Use heartbeat > to determine which server should be running mysql which lives on that > shared block device. Use a cross overcable to prevent strange network > issues. > Cluster - Needs at least for nodes. Far to many for this setup. > > I think I've settled on the DRBD method. Using a network block device > and failing back and forth using heartbeat and a floating ip, though log > shipping seems pretty straightforward. > > Does anyone have any positive or negative feedback on any of the > methods? > I'm using DRBD and heartbeat to do HA MySQL. We've just moved our development databases over and will be moving production in a few weeks. We went this way over replication (master-master) as I was able to get replication to break in pretty easy (to me) ways. The easiest was to fill the disk. Once replication broke, it was really hard to get everything back in sync. While DRBD does have some overhead, it's only in writing, and we've got very fast disk and network between the two systems. In our testing there's about a 5-30 second failover time between failure of the primary system and the secondary system picking it up, getting primary of drbd, mounting and checking the FS, and then starting and checking MySQL. IIRC, using NDB (Cluster) requires that most of the data reside in memory. Since we have a 75GB+ database, this isn't really an option for us. -Mark ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: HA MySQL Setups
On Tuesday 09 October 2007 10:43, Flaherty, Patrick wrote: > I think I've settled on the DRBD method. Using a network block device > and failing back and forth using heartbeat and a floating ip, though log > shipping seems pretty straightforward. > > Does anyone have any positive or negative feedback on any of the > methods? I think I'd do something between the DRBD method and the replication method. I'm not overly familiar with DRBD, but I suspect that it will hamper the performance of MySQL for larger, more complicated queries if it doesn't have local storage to work from. And it's an extra variable too. I'd configure the replication method, with a floating IP. You can have one "write" server replicating all changes to another server, and have all read activity coming from the slave. If the slave goes down, you failover (via heartbeat) that IP to the master. If the master goes down, you failover that IP to the slave. In either circumstance, you can have the remaining server take over being the read and write server. You would want to ensure (especially in the second case) that servers coming back to life don't just join back into the heartbeat without some administrator intervention, but I think I would want that to be the case anyway. -N ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Ordered 'em -- thanks for the pointer [WAS Re: Linux Stickers]
Brian, per the tip I got in my GNHLUG e-mail this morning from Matt Brodur, I have now filled my need for stickers by ordering a few "Penguin Power" sticker sheets from "cheapbytes.com" -- as well as the latest Suse 10.3 DVD to save the bother of doing a download then burning one... ...Carl -- Brian Chabot wrote: Here's what I've come up with so far: A site called Washington Promotions & Printing – DemStore.com - says they can print these in 1x5/8" in 2-color gloss white paper background for $170.85 per roll of 1000 (plus shipping). My original idea was to mark items I'll be selling at the new company I recently started, but the text can easily be changed to accommodate a more general usage. My new company is called "Just Works" and will be selling linux desktops ro the general non-techie public. I think both Ubuntu and Mandriva have come a long way, and I'm taking a leap by going with Mandriva in an OEM deal. A PNG of the image I came up with is at: http://www.justworksnh.com/justworks_linux_1_x_.625_.png and my original plan was to plaster these stickers everywhere the "Works with Vista" stickers would go... In other words on every piece of hardware I sell. Other text possibilities might be: "Compatible with LINUX" "Works with LINUX" "Made for LINUX" "Powered by LINUX" ...etc. If you like, I can do the run for my company and a separate one that is more general. Any preferences on the text? Brian ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
HA MySQL Setups
I'm planning to set up an HA mysql cluster. The database serves as a backend to a set of webservers (HW loadbalanced). The DB has light load, but when it breaks the site breaks, so I can't really get away with it as a single point of failure. So here were my options: http://dev.mysql.com/doc/refman/5.0/en/ha-overview.html Replication - One master server accepts writes, on write ships it's logs to the slave server(s). Async may not be a problem, but seems silly there's no flag to wait for the slaves to report a write was successful. DRBD - Write all data onto a shared network block device. Use heartbeat to determine which server should be running mysql which lives on that shared block device. Use a cross overcable to prevent strange network issues. Cluster - Needs at least for nodes. Far to many for this setup. I think I've settled on the DRBD method. Using a network block device and failing back and forth using heartbeat and a floating ip, though log shipping seems pretty straightforward. Does anyone have any positive or negative feedback on any of the methods? Patrick ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Desparately need Postfix/smtpd/sasl on Fedora help
On Tue, 2007-10-09 at 08:23 -0400, Lloyd Kvam wrote: > > Could you be rejecting unknown (number-to-name lookup fails) IP addresses? > I've been rejecting those as a relatively easy, effective spam control ( > reject_unknown_hostname, reject_unknown_client ) I don't think so. I just added the hostname to the server /etc/hosts file and it made no difference. And the failure is a hang instead of a useful error message, which I would expect from an active rejection. I did run saslauthd with "-d" and found it produced no ouput when I tried sending mail. So it seems to me that Postfix smtpd is never successfully contacting saslauthd. I did try turning on TLS logging, but that doesn't seem to help. I don't *think* the problem is in TLS. >I'll take a stab in the dark and guess that maybe your main.cf doesn't >have the value for mynetworks set like this: > >mynetworks = 192.168.1.0/24 > >This specifies that any system in this subnet is allowed to connect the >postfix server. I did not have this before. I do not believe this feature is useful in my setup where I want to be able to relay mail remotely (i.e.: Not on the local net). I depend on sasl authorization alone for relay access. -dl ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Linux Stickers
On Sun, Oct 07, 2007 at 12:19:58AM -0400, Brian Chabot wrote: > Does anyone know of a good source for various Linux stickers/decals? > > I'm looking for anything small, like those "Made for Windows" or "Works > with Vista" stickers in quantity. I know Ubuntu stickers are around, > but I am looking for something not specific to any distribution. Looks like CheapBytes now sells the "original" Penguin Power stickers. One of the sizes on that sheet is perfect for covering up Windows stickers. http://shop.cheapbytes.com/cgi-bin/cart/110051.html?id=qYPDuBvc -- Matt Brodeur RHCE [EMAIL PROTECTED] http://www.nexttime.com PGP ID: 2CFE18A3 / 9EBA 7F1E 42D1 7A43 5884 560C 73CF D615 2CFE 18A3 A fool must now and then be right by chance. pgpFVtQsXYr1N.pgp Description: PGP signature ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: [SPAM-33] Desparately need Postfix/smtpd/sasl on Fedora help
David A. Long wrote: > OK, I have been pulling my hair out for a week trying to get a Fedora 7 > server configured to use Postfix SMTP for relaying mail from remote > clients. It seems to handle TLS fine when receiving GNHLUG mail. > testsaslauthd reports successful authentication when given appropriate > username/password's. With a telnet to port 25 I can authenticate my > cleartext (if that's what you want to call it) base64 username/password. > > This all worked fine under SUSE, albeit with an (expired) real-world > certificate. The self-signed certificate I'm using now seems to be > acceptable to GNHLUG, and I repsonded to the evolution prompt to accept > it on my client side. > > Under FC7 now though an attempt to send mail to the server for relaying > produces only the following messages: > > Oct 8 23:31:09 www postfix/smtpd[3038]: initializing the server-side TLS > engine > Oct 8 23:31:09 www postfix/smtpd[3038]: connect from unknown[192.168.1.137] > > > And then it just hangs until it times out. I've gone over the postfix > config files a thousand times. I'm confused by the total lack of an > error message in any log. Help! > > -dl > David Long > I'll take a stab in the dark and guess that maybe your main.cf doesn't have the value for mynetworks set like this: mynetworks = 192.168.1.0/24 This specifies that any system in this subnet is allowed to connect the postfix server. Dan ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Desparately need Postfix/smtpd/sasl on Fedora help
On Mon, 2007-10-08 at 23:53 -0400, David A. Long wrote: > Under FC7 now though an attempt to send mail to the server for relaying > produces only the following messages: > > Oct 8 23:31:09 www postfix/smtpd[3038]: initializing the server-side TLS > engine > Oct 8 23:31:09 www postfix/smtpd[3038]: connect from unknown[192.168.1.137] > > > And then it just hangs until it times out. I've gone over the postfix > config files a thousand times. I'm confused by the total lack of an > error message in any log. Help! > I pulled out the tls lines from my main.cf. You may need to change the loglevel to get more information. Could you be rejecting unknown (number-to-name lookup fails) IP addresses? I've been rejecting those as a relatively easy, effective spam control ( reject_unknown_hostname, reject_unknown_client ) [EMAIL PROTECTED] postfix]# grep -i tls main.cf ## TLS # client-side-tls smtp_use_tls = yes smtp_tls_key_file = /etc/postfix/postfix.key smtp_tls_cert_file = /etc/postfix/postfix-cert.pem smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_tls_loglevel = 1 # server-side-tls smtpd_use_tls = yes smtpd_tls_key_file = /etc/postfix/postfix.key smtpd_tls_cert_file = /etc/postfix/postfix-cert.pem smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom Hope this helps. > -dl > David Long > > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ -- Lloyd Kvam Venix Corp DLSLUG/GNHLUG library http://www.librarything.com/catalog.php?view=dlslug ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
