Re: kickstart resolv.conf problem with SL6
On Wed, Apr 6, 2011 at 2:50 AM, Ahmed El Zein wrote: > I am looking at the logs and the only network related log that coincides > with the resolv.conf file changing is: > <29> Arp 6 06:40:49 NetworkManager[542]: ifcfg-rh: > updating /etc/sysconfig/network-scripts/ifcfg-eth0 > > at that point /etc/sysconfig/network-scripts/ifcfg-eth0 changes and gets > an NM_CONTROLLED="yes" added to it and the /etc/resolv.conf file is > replaced with the single lined one. NetworkManager, frankly, has no use on a typical server. Its dynamic manipulations of network configuration are unpredictable, unintuitive, and far more suited to a laptop or traveling desktop in an environment where upstream DHCP is reliably configured. It is a complex and powerful tool that *STILL* has no way to configure pair-bonding, 'bridged' connections for KVM supporting hosts, or DHCP client configuration with client identifiers except to use a text editor and turn off NetworkManager by one means or another. It's one of the upstream vendors least useful development efforts. Unfortunately, we're now pretty much stuck with it, due to all the recent system dependencies on it. Ripping it out by the roots became infeasible with Scientific :Linux 6. Fortunately, pre-configuring 'NM_CONTROLLED=no' is a new capability, and doing so early in the kickstart '%post' scripts seems to be very helpful in preventing such issues. In syntax: grep -q ^NM_CONTROLLED= [filename] || \ echo 'NM_CONTROLLED=no' >> [filename] sed -i 's/NM_CONTROLLED=.*/NM_CONTROLLED=no/g' [filename] Deducing the files to do this to is a bit more awkward, since you don't want to touch '.bak' files or '~' files, but there are functions to do that already available in the /etc/sysconfig/network-scripts/ utiliti4es. Do you need help with that?
Re: Problems with VMWare tools
On Sat, Apr 9, 2011 at 4:17 PM, Lukas Press wrote: > On 04/09/2011 11:34 AM, Eero Volotinen wrote: >> >> 2011/4/9 Nikola Wenta: >>> >>> Dear all, >>> I am trying Scientific Linux and want to get VMWare tools installed. Can >>> someone tell me where I can download the required Kernel C header files, and >>> under what path they will be installed? >>> Cheers, >>> Niko >> > > kernel-headers and kernel-devel packages, both available in sl repos. The > install script will complain that the path to the c header files are wrong > if you install the header files midway through the process, even if you put > the correct path in (/usr/include i think?). If this is happening cancel > the install and re-run the vmware-install.pl script after installing the > correct packages; it should pick up the header files automatically then. > > Regards > Chris There's also a bit of nastiness when you update kernels: VMWare has not selected to incorporate the 'vmware-modules' init script I sent them, that re-runs the VMware configuration at boot time in case you're running a new kernel. This is particularly dangerous if you're using the vmxnet network drivers rather than e1000: the guest host will be unavailable after a kernel upgrade and reboot until the configuration tool is re-run, and if you have the wrong network setup, your hostname will be wrong and you'll have to reboot *AGAIN*. to get all your services configured correctly.
Re: Bridges
On Sat, Apr 9, 2011 at 10:14 PM, Todd And Margo Chester wrote: > On 04/10/2011 12:25 AM, Federico Alves wrote: >> >> Brctl addif br1 eth1 >> > Hi Federico, > > Back "in the day" before Virtual Box took care > of the bridge itself, I use to put this kind of stuff > into /etc/rc.d/rc.local. It is a bash script that > runs at the very end of your boot up. > > Just and idea. > -T > > p.s. which virtual machine are you using? Never use rc.local for this. Actually write an init script, based on those in /etc/init.d/, so that it can be turned *off* gracefully at reboot time or reset or restarted as needed. Editing rc.local directly is destabilizing, dangerous, and difficult to replicate reliably on other systems.
Re: Bridges
On Sun, Apr 10, 2011 at 1:34 AM, Todd And Margo Chester wrote: > Interesting. Why would you want to stop or restart "Brctl addif br1 eth1"? For this very specific instance, you might not. The difficulty enters when you teach or encourage other people to pull this stunt with other settings, and they adopt it as standard practice. Having to edit or verify settings in a non-modular, unified /etc/rc.local has traditionally been awkward, error-prone, and liable to make systems hang or crash at boot time. I've had far too many systems in the last. oh dear lord, I've been at this too long, over 20 yers get edited by a local "admin" who turned /etc/rc.local into a swamp of unparseable, mis-ordered, and impossible to manage personalized scripting. The whole SysV init script layout as implemented in our upstream vendor's tools was designed to provide individual configuration or service control, and includes reporting on the state. The big advantage is that you can turn it *off*, and disable it, without having to edit the potentially fragile /etc/rc.local file. Another advantage is when you tell people to edit /etc/rc.local, if they use the wrong editor, they'll break the symlink to /etc/rc.d/rc.local. Edit it with Emacs and neglect to follow the symlink, and you'll fail to record your edits in the symlinked target. And if you mishandle backing up and restoring your copy, you'll also break the symlink. It's subtle fragility that is undesirable in any production environment. > And, at least on my system, rc.local is started by S99local > > init.d]$ ls -al ../rc5.d/S99local > lrwxrwxrwx 1 root root 11 Nov 17 09:10 ../rc5.d/S99local -> ../rc.local > > I can see your point if you wanted to stop or restart things, or reverse > them > at shutdown, but if you only want to run them once, S99local (rc.local) is > a good place to put them. I have done this for many years. Never once > had a problem. What am I missing? You're missing over 20 years of pain and paranoia (which describes my IT career). It's not wildly unreasonable for a one-off. I've had to deal with lots of cluttered rc.local's, and unweave them, to stabilize systems. Deploying this kind of tweak to, say, 20 systems running kvm is a lot easier if you can put it in a separate cron script.
Re: [SCIENTIFIC-LINUX-USERS] Rsync flaws
On Mon, Apr 11, 2011 at 4:32 AM, Matt Willsher wrote: > On 11 April 2011 12:08, Federico Alves wrote: >> The limitation is not my hardware. The servers are both Dell R900 with SAS >> disk arrays. Also, from a Windows virtual machine, inside the same server, >> I get around 400 MB speed using FTP transfer, windows to windows. There >> must be a different way to do this from Linux.The files are sparse files, >> and I need to keep them that way, that's why I use rsync. > > Have you tried rsync server on the remote side? I've always found > transfers over SSH to be rather slower than I'd like although 22Mb is > slower that I'd expect. It comes down to a process of ellimination so > try and get SSH out of the equation and see if that helps. If not, > check disk performance with iostat (part of the sysstat package) and > make sure there isn't a problem with queues or disk utilisation there. > Check the network for problems - try a different protocol and some > dummy files, make sure there isn't packet loss via netstat. > If this helps, you might also review your rsync setups. Sending lots of distinct rsync requests, and thus lots of newly established SSH setups, causes considerable startup overhead for each connection, especially if the machines are not set with valid reverse DNS. (The SSH server looks up the reverse DNS of the connecting client to log the hostname of the connection: this is only really disabled by using 'sshd -u0' in the init script, instead of 'sshd'.)
Re: SL vs. RPMForge repo
On Wed, Apr 13, 2011 at 4:42 PM, Nicolas Kovacs wrote: > Le 13/04/2011 22:33, Dag Wieers a écrit : > >> >> These requirements are all SL 6.0 packages, so I assume there's >> something wrong with your yum configuration. >> >> [dag@moria ~]# rpm -qf /usr/lib64/libesd.so.0 >> esound-libs-0.2.41-3.1.el6.x86_64 >> [dag@moria ~]# rpm -qf /usr/lib64/libcppunit-1.12.so.1 >> cppunit-1.12.1-3.1.el6.x86_64 >> [dag@moria ~]# rpm -qf /usr/lib64/libglut.so.3 >> freeglut-2.6.0-1.el6.x86_64 >> [dag@moria ~]# rpm -qf /usr/lib64/liblzo2.so.2 >> lzo-2.03-3.1.el6.x86_64 >> >> I would start by cleaning the cache: yum clean all >> > > Heh, I just found out. I live in a remote village with a slow DSL > connection, and with CentOS, my first reflex always was to copy the content > of the install DVD to a web server in my local network to make a local > repository, and then configure Yum to point to that repo. Which made me > wonder if the SL install DVD contained everything there is. > > Indeed... not :o) > > Reconfigured Yum to point to a standard SL repo on the Internet, and > everything worked out fine. Our favorite upstream vendor has the same issues. Bulky materials on the DVD seem to have blocked the inclusion of some utilities, such as "audiofile-devel" on the upstream vendor's installation media. It requires registered client access to get that. Drove me *nuts* to get nx recompiled. (It's available over at CentOS, along with my updated SL 6.0 .spec file on their bugizilla.) For SL, I'd suggest grabbing the DVD images with Bittorrent, depositing them in a local repository, then adding the external repository as a separate target to be able to grab the local components first. Properly configured, this can seriously localize bandwidth use and profoundly speed system installation and "mock" setups for package building. > Cheers and thanks for the help. > > Niki > > PS: SL rocks! Yeah, I just hopped over from CentOS due to the delays in release and the invisibility of the build process there. I'm pretty happy with SL 6.0.
Re: May be a bug in SL-60-i386-2011-03-03-Everything-DVD1.iso
On Wed, Apr 13, 2011 at 4:08 PM, Todd And Margo Chester wrote: > On 04/13/2011 12:38 PM, Phil Schaffner wrote: >> >> Can't say it is perfect, but "riddled with bugs" seems a bit exaggerated. >> My overall experiences with VB have been very positive. >> >> Phil >> > Not "exaggerated". Years of pain and experience. > > Wait until you get your job threatened over it. Fortunately, as a > consultant, they are not my only customer. If loose them, I will > have to hustle and find someone else. Still sucks though, especially > when you have worked for them for over ten years and you > have become friends with many of them. > > -T > > A collection of some of my "recent" bug reports. > > http://www.virtualbox.org/ticket/7628 > http://www.virtualbox.org/ticket/7643 > http://www.virtualbox.org/ticket/7607 > http://www.virtualbox.org/ticket/7948 > http://www.virtualbox.org/ticket/7957 > http://www.virtualbox.org/ticket/7772 > > And the one I almost got and still may get fired over: > http://www.virtualbox.org/ticket/8478 These all seem to be version 3.x of VirtualBox, and with Windows guest operating systems. From your comments in them, it looks like you've been using Windows Terminal Servers. Do you have a support contract with Oracle? If not, for production servers, I'm afraid you really need one. Scientific Linux, and the various Red Hat based distributions, have been rock stable under VirtualBox for me for the last year. I'm quite pleased with it. The only reason I'd use VMWare is for LabManager or to virtualize SCO OpenServer (which I've had to do). I still avoid KVM where feasible, even under Red Hat or Scientific Linux 6.0. I still find the necessary "bridge" network manual configuraiton to be nutty for a production server, and the libvirt tools to be a poorly planned nad implemented attempt to merge distinct and incompatible virtualizaiton tools into a single interface. Give me the clean VirtualBox interface any day.
Re: May be a bug in SL-60-i386-2011-03-03-Everything-DVD1.iso
On Wed, Apr 13, 2011 at 11:58 PM, Todd And Margo Chester wrote: > I tried VB 4.0.x, but it was so much slower that 3.2.12 with my XP > guest that I ripped it back off and replaced it with 3.2.12. I > will be trying KVM on a new server to see how it fares. You need to go *straight* to VMWare. Do not stop at Xen, do not stop at KVM. Go right to commercial grade support, and install an ESX server if you can.
Re: SL vs. RPMForge repo
On Thu, Apr 14, 2011 at 7:50 PM, Phil Schaffner wrote: > Alan Bartlett wrote on 04/14/2011 06:55 PM: > ... >> >> You've obviously had similar thoughts just like mine . . . but have >> developed them that bit further. >> >> It really depends upon the need for non-PAE 32-bit kernels for EL6. > > My non-PAE-capable IBM T42p Pentium-M laptop is dead ATM from a fan failure, > but the possibility of a compatible SL6 release might prompt me to resurrect > it. Part of the reason I have not bothered to hack the hardware is the > upstream decision to drop support for non-PAE 32-bit systems. > > As a matter of principle I heartily endorse the idea. There is a lot of > functional hardware out there that does not do PAE, but still has life left > in it. Is it worth it? The first reviews on that hardware are almost 7 years old. For the time time you spend backporting and integrating modern components to it, you could probably pay for a newer and more powerful laptop, even doing burger-flipping. And that support time is quite expensive: with Fedora already a year ahead of SL 6.0, the creeping incompatibilites are going to bite anyone using it. (I'm one of the people around long enough, in enough old projects, to get called on to integrate them to new environments. It helps pay bills.)
Re: RHEL 5.6 vs. SL 5 ?
On Thu, Apr 14, 2011 at 7:20 AM, Nicolas Kovacs wrote: > Hi, > > I just took a peek at the download page for SL 5, and I only see 5.5. Does > SL 5.6 exist somewhere, or has it never be released? If that's the case, is > it simply a matter of install medium, e. g. are the updates for 5.5 (after a > 'yum update') equal to a 5.6 install? I'd like to ask specifically, because > I'd like to use SL 5 for a webserver, and AFAIK, RHEL 5.6 has replaced PHP > 5.1.6 by PHP 5.3, which would be very welcome. SL is better about the rolling updates than CentOS's slow and delayed release process. You should be able to install SL 5.5, run the updates, and be quite close to an RHEL 5.6 working environment which is kept patched. This matches the model our favorite upstream vendor tries to provide. The 5.1, 5.2, etc. release are *NOT* supposed ot represent locked in and permanent for stability releases, but rather mileposts on the ongoing software maintenance and update process for bug fixes and new platform support.
Re: May be a bug in SL-60-i386-2011-03-03-Everything-DVD1.iso
On Thu, Apr 14, 2011 at 7:47 AM, Vaclav Mocek wrote: > On 04/14/2011 05:24 AM, Nico Kadel-Garcia wrote: >> >> You need to go *straight* to VMWare. Do not stop at Xen, do not stop >> at KVM. Go right to commercial grade support, and install an ESX >> server if you can. > > Why should the better choice be ESX than KVM for somebody who is familiar > with Linux? > > Seriously, I am building my first server for virtualisation and KVM works > out of the box /two days ;-) /. Becasue libvirt was designed by goats who'd been sniffing too many pheromones. Let's just say that they were not paying attention to Eric Raymond's guidelines on open source GUI's (http://www.catb.org/~esr/writings/cups-horror.html) and leave it at that. Our favorite upstream vendor is usually quite good at writing gui's, having learned a lot of lessons over the years and having strong developers. libvirt is not one of their shining efforts. VMWare, especially its LabManager suite with which I've worked recently, does a much more thorough job. It's not perfect: the update of VMwareTools with kernel updates is hardly perfect, and its interactions with the NetworkManager of SL 6 and RHEL 6 are not good. But I'm not thrilled with NetworkManager in servers or managed environments, either. I've heard good things about KVM performance, but didn't see it in RHEL/CentOS/SL 5.x. I'll be very intersted to see the results of the Debian testing I'm doing in the near future.
Re: May be a bug in SL-60-i386-2011-03-03-Everything-DVD1.iso
On Sat, Apr 16, 2011 at 7:46 AM, Vaclav Mocek wrote: > On 04/15/2011 03:29 AM, Nico Kadel-Garcia wrote: >> >> On Thu, Apr 14, 2011 at 7:47 AM, Vaclav Mocek wrote: >>> >>> On 04/14/2011 05:24 AM, Nico Kadel-Garcia wrote: >>>> >>>> You need to go *straight* to VMWare. Do not stop at Xen, do not stop >>>> at KVM. Go right to commercial grade support, and install an ESX >>>> server if you can. >>> >>> Why should the better choice be ESX than KVM for somebody who is familiar >>> with Linux? >>> >>> Seriously, I am building my first server for virtualisation and KVM works >>> out of the box /two days ;-) /. >> >> Becasue libvirt was designed by goats who'd been sniffing too many >> pheromones. Let's just say that they were not paying attention to Eric >> Raymond's guidelines on open source GUI's >> (http://www.catb.org/~esr/writings/cups-horror.html) and leave it at >> that. >> >> Our favorite upstream vendor is usually quite good at writing gui's, >> having learned a lot of lessons over the years and having strong >> developers. libvirt is not one of their shining efforts. >> > It looks like you complain about GUI tools, which are provided with libvirt > (it is a library). Honestly, I expected some technical things KVM versus > ESX. I don't think, that the GUI is a major problem, it is a matter of > personal taste. I have no problem with the default GUI interface and I > enjoy using Python's libvirt bindings in scripts. It's more than "taste", it's actually de-stabilizing. It's a long rant, more suitable for our favorite upstream vendor. >> VMWare, especially its LabManager suite with which I've worked >> recently, does a much more thorough job. It's not perfect: the update >> of VMwareTools with kernel updates is hardly perfect, and its >> interactions with the NetworkManager of SL 6 and RHEL 6 are not good. >> But I'm not thrilled with NetworkManager in servers or managed >> environments, either. > > Well, may be for static servers, using laptops without NetworkManager would > be pain. For laptops that bounce from wired to wireless to modem use, it's useful. Not for desktops or servers. Unfortunately, it's been welded into Gnome dependencies. Again, this is an upstream problem, not one that SL can fix. >> I've heard good things about KVM performance, but didn't see it in >> RHEL/CentOS/SL 5.x. I'll be very intersted to see the results of the >> Debian testing I'm doing in the near future. > > I use 6.x KVM and performance is really good. Debian? My experience is that > almost all things being developed by Red Had, are much worse integrated in > Debian [Lenny|Squeeze]: SELinux, Network Manager, Package Kit, KVM ... I've professional reasons to use Debian right now. I'm keeping my fingers in RH based distributions out of support for projects I've done for.. too darn long.
Re: What kins of business use Linux?
On Tue, Apr 19, 2011 at 1:20 AM, Todd And Margo Chester wrote: > Hi All, > This may seems like a weird question, when I am sifting > through my lists of businesses, does anyone have an tips > as to what kinds of businesses prefer Linux? I would > like to directly target those kinds of businesses > before settling from more Windows work. Cloud computing. Enterprise grade storage and virtualization. Finance. Supercomputing. Web kiosks. Back end IT services, such spam filtering, DNS, and outward facing SMTP servers as opposed to Exchange servers. Educational. Small computers (netbooks, secure laptops, smartphones, Tivo and other deliberately limited services.) CGI farms. I've spent the last few years working for finance companies.
Re: Virtualization in SL6 32 bit.
On Wed, Apr 20, 2011 at 2:14 PM, Hostetler, David B. (JSC-IT)[DB Consulting Group, Inc.] wrote: > I have a lab box, running SL6 32 bit (AMD Sempron 3000+ 32 bit) with 2gb > RAM, I have a test I would like to run with the thing and create a small > virtual network in the box, but I am finding that I cannot do so, when I run > virt-manager I get the following error…. libvirt is not one of Red Hat's best efforts at integration. Install VirtualBox or VMware until you have time to play with this. > Unable to open connection to hypervisor URI ‘qemu:///system’: > > No connection driver available for qemu:///system > > Traceback (most recent call last): > > File “/usr/share/virt-manager/virtManager/connection.py”, line 992 > in_try_open > > > > I am guessing, but I could be wrong, since this doesn’t work in an > installation of the “upstr4eam vendor 6.0” that the issue is most likely > that KVM virtualization is not supported in the 32 bit kernel. Is that > correct? > > > > I am making do using Virtual Box, but that adds additional overhead to a > small machine to start with. I am really hoping to use kernel space > virtualization if possible… > > > > Another option, if anyone might have a lead on it, I can always upgrade the > CPU to an Athlon 64 Socket 754, but where can I find a good one? This is for > a work related, but personal project, so the funding has to come out of my > wallet… > > > > David B. Hostetler. RHCSA, Linux +, MCP > System Adminstrator, ITAMS > > JSC Building 46, Room 110A > email to: david.b.hostet...@nasa.gov > 281-483-1495 Office 832-205-1585 Mobile > > > > ITAMS - Information Technology And Multimedia Services Contract > > “One Team, One Vision >> Partnered For Innovative Solutions” > >
Re: What kins of business use Linux?
On Wed, Apr 20, 2011 at 4:55 PM, Phong Nguyen wrote: >>> Hi Chris, >>> >>> What CAD software are you running on Linux. Targeting >>> business that run that CAD may prove fruitful! >>> >>> Many thanks, >>> -T >> >> I never tried any, although I heard good things about pro/engineer - >> http://www.ptc.com/products/creo-elements-pro/ which runs natively on linux. >> > The big CAD vendors have given up on Linux (including Pro/E). There are some > open-source tools like BRL-CAD but I'm not aware of any really extensive use > of them. > > - Phong Oh? I found that for circuit design and schematic capture, the problem wasn't lack of tools: it was poverty of device models already *in* the tools for Linux. I probably contributed 200 component specifications to various CAD devices, just so they'd be in the basic libraries and I wouldn't have to redo them with the next release. And admittedly, the Windows ones had better libraries. But the Linux and UNIX ones were more stable, easier to erase stupidities like single points with wires connected to themselves only, and other foollishness.
Re: Can I skip minor revisions in a SL5 upgrade
On Tue, Apr 19, 2011 at 2:56 PM, Steven Timm wrote: > On Tue, 19 Apr 2011, William Lutter wrote: > >> basic question... >> >> It's not clear to me from the FAQ >> http://www.scientificlinux.org/documentation/howto/upgrade.5x >> >> Can I skip from SL5.0 to 5.6 or do I need to go through the intermediate >> minor updates 5.0->5.1->5.2...? >> >> For instance if I jump from 5.0 to 5.6, could I just do "For the more >> cautious" step 6: >> rpm -Uvh >> ftp://ftp.scientificlinux.org/linux/scientific/56/i386/misc/RPMS/yum-conf-latest.SL.noarch.rpm >> >> Bill Lutter > > That should work.. the worst that can happen is that you find > a few rpms that don't yum upgrade clean due to an epoch set > wrong here or there, or a few custom non-SL packages that > have crept into your distro. If so, rpm -e --nodeps > and try again until it works. > > Steve You'll want to run, and resolve" yum list extras" when you're done. Some components, such as gcc4x, and major version changes between releases. Others were discarded. I'd start with the "*-release* components and work my way, manually, up the chain, or pop in the latest 5.6 media and use those for an upgrade procedure to resolve the major component version update issues sucha as gcc4x.
Re: Virtualization in SL6 32 bit.
On Sat, Apr 23, 2011 at 6:25 PM, Vaclav Mocek wrote: > On 04/21/2011 02:32 AM, Nico Kadel-Garcia wrote: >> >> libvirt is not one of Red Hat's best efforts at integration. Install >> VirtualBox or VMware until you have time to play with this. >> > Still bad GUI or something new? ;-) No offence, please. > > Vaclav M. It's actually hard to get past that GUI, but I'll try. The attempt to mix and match the various virtualization toolkits is as ill-fated as the ancient "linuxconf" toolkit. Qemu (on which libvirt was oriiginally developed, as near as I can tell), Xen, KVM, VMWare, Virtualbox, etc., etc. all have different underlying configuration options, syntaxes, server software components, and requirements for actual use. The attempt to merge them into one single interface does not properly identify what is blocked by missing local software, (such as Xen server or KVM activation in the kernel), hardware features (such as VT activation in the BIOS or availability in the CPU), system configuration (such as appropriate shared storage or bridged networking for KVM, the only virtualization technology that mandates it). It also promulgates fairly serious handwaving of security concerns about access to the guest system disk images. Moreover, the XML used to store the Qemu based configuration is a nightmare. It's very poorly documented, but for RHEL 4 and 5 I had to keep going back and putting in local wrappers to access it directly. Don't *get* me going on how fragile doing that to raw XML is
Re: a quick poll: what are your favourite linux "power" tools?
On Sun, Apr 24, 2011 at 1:23 PM, Lukas Press wrote: > On 24/04/11 19:12, Yannick Perret wrote: >> >> Vaclav Mocek a écrit : >>> >>> On 04/24/2011 01:57 PM, Robert P. J. Day wrote: the background: i'm teaching a 2-day course later this week on unix/linux power tools, and i've already got the manual, but it looks like there's maybe 1.5 days worth of content there, so i have the freedom to fill up another 1/2 day with whatever cool utilities i want. i'll be teaching the course off of SL 6.0 so i have the flexibility to add in whatever's normally available from the SL repos. i'm going to add in some package management using yum, plus a quick tutorial on ssh. any other topics people here use on a really regular basis that they find indispensable? not necessarily admin level, just really, really handy programs. i realize it's kind of an open-ended question, i'm just curious. thanks for any suggestions. rday >>> "vim" and "bash" :-) emacs, you heretic (vim for small files and stripped operating systems, Emacs for programming enciornments). sed. awk. grep and all the regexp syntax. sort. cut. make (If I run into one more idiot who tries to replace make with their own hand-written and unmaintainable perl or python verian, I will scream: Don't *START* me on the perl's MakeMaker tool.) inetd or xinetd. syslog and its variants. .bashrc and .bash_profile, and the subtle distinctions between them. SysV init scripts: too many people try to re-invent those. Nagios and its monitoring utilits. (Again, too many people try to re-invent those unnecessarily.) Webmin. (Again, too many people try to re-invent utilities already done well in Webmin.) >> >> +1 :) >> Maybe at/cron (crontabs: how to deal with *useful* output of crontabs and >> to learn to target mails to the *good* people :)). >> Maybe also 'sudo': learn them to *not* use root access :) >> >> Regards, >> -- >> Y. > > Screen? VNC and NX, for reconnectable, X-based access.
Re: How to migrate yum installed on RHEL 6 to update from SL6 repository?
On Wed, Apr 27, 2011 at 5:06 PM, Zoran Ovcin wrote: > Recently I installed RHEL6 from an installation DVD (not Beta). > > I was aware that my yum update will not get the RHN support. This will *BREAK* things, such as "redhat-release". Don't do it. Migrate the installed packages to SL6 first, especially the "*-release" packages. Also, rip out "yum-rhn-plugin". This will turn off the attempts to access the upstream RHN repositories. > Is it possible to use the SL6 rpm repository for updating my system? > > If yes, what do I have to change in order to be able to do yum update? It's a potentially nasty interaction: packages of the same name may have subtle discrepancies, and tools that look for /etc/issue.net contents will be confused at compilation time. > Thanks, Zoran Ovcin >
Re: yum update from SL5.5 to SL6.0
On Sat, Apr 30, 2011 at 3:48 PM, Steven J. Yellin wrote: > Here's what I'd try if I were doing such an upgrade. Others can judge > whether it needs modification, or whether a disk install from .iso files is > likely to work with SL6: Folks, I've been pulling such stunts since RedHat 4.2. There are some helpful rules. * Do it on a test box first. * Bring the test box up to the *LAST* minor release of the older OS, in this case SL 5.5. * Never increment more than one major OS upgrade at a time. (Doing 3.x to 6.x would be insane.) * Prepare for big problems if you're using badly organized, out-of-band components. Locally compiled glibc, NVidia drivers, manually installed kernels and mkinitrd that are not under RPM management are all startingly risky. * Eliminate all components that are not under yum management from the main repository. * Update the '*-release" packages first. * Pray. * Be ready for manual overrides and scripting of components with odd namechanges and dependencies. gcc4x, for example, has had several major package name changes that cannot be resolved with a mere 'yum update'. And components like 'eclipse' have changed package names between major releases, requiring customized management with the installation media *do* have. Frankly, I find it easier to merge the CD or DVD contents into a local yum repository and use the small bootable installation media or PXE to network boot and point to *that*, instead of swapping CD's or DVD's. This also allows me to include kernel updates that may be critical, or out-of-band components such as subverson or rsync or lftp mock that I really want the RPMforge versons of. > Add to the end of /boot/grub/grub.conf lines > > title SL6 Installation > root (hd0,0) > kernel /vmlinuz > initrd /initrd.img > > except "(hd0,0)" should be replaced by what you see for other grub entries, > and I've assumed you have a boot partition. > > Reboot your machine, selecting in grub "SL6 Installation", and do a disk > installation from the SL6Install directory of the partition you decided to > preserve. You can alternatively install over the internet instead of from > your own disk. It needn't be local if you can use PXE or the 'bootinstall' iso's, at http://ftp.scientificlinux.org/linux/scientific/6.0/x86_64/iso/SL-60-x86_64-2011-03-03-boot.iso. Making sure that the PXE kernel and OS support your existing network hardware used to be more difficult, but has gotten far easier, so it's almost always workable ot use for an update procedure.
Re: yum update from SL5.5 to SL6.0
On Sun, May 1, 2011 at 6:34 AM, Lucian Stroe wrote: > So there is no answer to my question... > > Having SL5.5, how to get SL6.0 without burning DVD's? > > Please short and relevant answers. > > Thanks, > > Lucian. Sorry you missed it. It was here in my longer note. Heres the quote from my note, which was admittedly long. > Frankly, I find it easier to merge the CD or DVD contents into a local yum repository and use the small bootable installation media or PXE to network boot and point to *that*, I'll also point out that this is also useful for machines that don't have DVD drives.
Re: Version of GPL license
On Thu, May 12, 2011 at 1:07 PM, Stephen John Smoogen wrote: > On Thu, May 12, 2011 at 08:20, Miguel Angel Diaz > wrote: >> Hi. >> >> I agree with you that packages have their own licenses. >> >> But my question follows in other way. Imagine I want to create >> other .iso based on S.L.iso. I need to read .iso license to know if I am >> doing well. >> >> Regards. >> >> > > Ok I understand the question, and will try to better explain it to others. > > A package by itself has a license, but so does the distribution as a > whole. The Fedora distribution and original Red Hat Linux distribution > were licensed under the GPL v2. Miguel is wondering what license Fermi > is offering the distribution under as this affects how others can use > the distribution, derive child distributions etc from it. GPLv2 cannot override the licensing of GPLv3 or Apache or BSD licensed components included in the distribution, and the "original Red Hat" distributions of RHEL include licenses for oddball components like Sun's Java. (They're oftion in the "optional" software channels".) For examples of *components* under different licensing. Don't *get* me started on the licensing weirdness that used to surround Dan Bernstein's tools, such as daemontools and djbdns, or the email client pine. There are reasons those don't make it into default distribution with our favorite upstream vendor.
Re: Which Java for web browsers in SL 5.6
On Fri, May 13, 2011 at 6:14 AM, Dr Andrew C Aitchison wrote: > Which Java do people use inside web browsers in SL 5.6 > (my main interest is 32bit firefox on 64bit machines > but would consider other browsers on 64bit machines) ? > > I'm still using jdk but wondering about icedtea. > > Thanks. I've previously updated a stack of hooks for Sun^H^H^H Oracle Jave over at JPackage for such systems, in order to work with recent Tomcat and Ant. I've given up supporting it as an unnecessary mess, and the version 6 of JPackage tools works much better with the OpenJDK in SL 6. Upgrade if you can.
Others open source repos, was Re: Dag Weeirs seems to be a fan of SL...
On Fri, May 13, 2011 at 1:05 PM, curriegrad2004 wrote: > Sadly, this attitude is the plight of almost all OSS projects out > there. Not to offend anybody, but attitude issues and this mentality It happens. Let's move on here, eh? In particular, I'm delighted that SL includes in their main channels hooks to other useful open source or freeware repositories, such as rpmforge and EPEL. I'd like to mention a repository that does not integrate directly with SL, but I've found useful: PLF. The Penguin Liberation Front makes a hobby out of building software for Mandriva whose licensing prevents direct inclusion there. I've used it repeatedly for building software, such as DVD rippers and the decss library when I was in Europe, that might present patent issues in the US.
Re: SL6 liveCD installs non-repo'd packages
On Sat, May 14, 2011 at 4:04 PM, John H. Outlan CPA wrote: > > On May 14, 2011 1:36 PM, "Matthew Chan" wrote: >> >> Hi, >> >> Yes, there's an error being caused with epel. Manual intervention is >> required. >> >> EPEL will try to update ntfsprogs to 2.0, but because testdisk requires >> the libntfs.so.9 shared lib, and the EPEL build of ntfsprogs doesn't have >> it, the upgrade fails. >> >> You can work around it by using --skip-broken, but that's not really a >> great solution. >> >> For the 6.1 livecd release, I wouldn't mind having useful software (like >> testdisk etc) on the livecd either, but I'm worried that users may be >> unaware of these non-repo packages and then install the livecd like I did. >> It can be a security problem if a vulnerability is discovered in a package >> later on, since the package will almost never be updated. For packages like >> testdisk it's probably not a problem, but we also have packages like openVPN >> in the extras repo. >> >> Would it be a problem to disable the install ability of the liveCD? >> >> Matt >> > > I absolutely wouldn't go that route. The manual intervention required is > minimal. Changing the packages and leaving things as they are would be > better/easier imo. Doesn't the livecd published installation also publish yum access to a repo that contains those components?
Re: How to migrate yum installed on RHEL 6 to update from SL6 repository?
On Sun, May 15, 2011 at 9:28 AM, Zoran Ovcin wrote: > It worked out. > > Now I am on Scientific linux, yum update passed ok. Great. What does "yum list extras" say? And did you re-install all your packages, so you're not in license violation with Red Hat ? I'm including below some notes I sent to someone who asked privately about this a few days ago. A lot of my experience with this is from CentOS. RHEL 6 got better about various package management, and SL 6's numbering scheme for repackaged components is very reasonable at avoiding confusing version skew with RHEL. The policy of replacing ".el6" with ".sl6.0" seems very helpful, as well. =notes== That thread was weeks ago! I'm happy for this to be on the list. Please post, or be willing to let me post, if you're comfortable with this being public. The mismatches are subtle. Different GPG keys for the RPM based packages, subtlely different components for the "sl-release" components, mismatches of java compatibility modules, and subtle skew issues with issue.net parsing, by software building tools that need correction are particular potential flaws. Replacing redhat-release, for example, with sl-release is tricky. Simply removing redhat-release removes /etc/issue.net, and this can cause genuine pain if anything else interesting (such as software building) is in progress. The sl-release needs to be replaced cleanly, quickly, and early in the process. It's especially important to review the components that wind up with ".sl6" in their name. Take guile, for example.the RHEL SRPM is guile-1.8.7-4.el6.src.rpm. The current SL6 SRPM is guile-1.8.7-4.el6.0.sl6.src.rpm. If you've got the RHEL 'guile' component, you're in good shape. :el6.0: comes after "el6" in RPM numbering, so you should get the new components. But there's no guarantee. CentOS had it much worse, by the way: ".c5" comes before ".el5", and they weren't willing to gratuitously add the ".0.sl6" that our friends at SL use. So updates to the new distribution didn't necessarily work. There is a gotcha if your RHEL was up-to-date and SL has not yet cauught up with updates: You'll have to run "yum downgrade" commands to roll back versions to the last SL published version, and that can get hairy. Also, re-installing *everything* to be sure of getting SL licenses and binaries and copyrights is a lot of work. Some packages do overwrite config files that you may have edited manually, and if you've been using "chkconfig --del" instead of "chkconfig off", daemons might get re-installed automatically enabled. Don't get me *started* on NetworkManager and people who "just yank the symlinks in /etc/rc.d!!!" So, by the time you've done that and run a "yum dowgrade" and then "yum update" to get the SL version where necessary, and checked for non-SL packages, you've invested a lot of work.
Re: Dag Weeirs seems to be a fan of SL...
On Sun, May 15, 2011 at 10:48 AM, Chuck Munro wrote: > Now I'm beginning to think I might migrate many of my current CentOS > machines to SL as they come up for replacement or upgrade to v6. It should be fairly easy: the interwoven rhn bits from RHEL are already gracefully replaced in both OS's. But as someone who's done various migrations, I urge you to back up your old system and do clean rebuilds with SL 6, wherever possible. The reasons are individually small, but numerous. Clean new configuration files to work from, uid and gid numbering and memberships that match the latest specs rather than being inherited from a previous base install, the discarding of packages that used to fulfill dependencies but are no longer needed, a chance to review your partitioning and select ext4 for your filesystems, etc. all add up.
Re: How to migrate yum installed on RHEL 6 to update from SL6 repository?
On Sun, May 15, 2011 at 4:41 PM, Zoran Ovcin wrote: > On 05/15/2011 04:58 PM, Nico Kadel-Garcia wrote: >> >> On Sun, May 15, 2011 at 9:28 AM, Zoran Ovcin wrote: >>> >>> It worked out. >>> >>> Now I am on Scientific linux, yum update passed ok. >> >> Great. What does "yum list extras" say? And did you re-install all >> your packages, so you're not in license violation with Red Hat ? >> > > For now, since I hadn't updated RHEL6, only packages that are newer in SL6 > than matching packages in RHEL6 are updated. But, yum update works. > > What is with extras packages? Are they within SL6? Can they be updated also? > > Zoran That command shows RPM's that are not part of your currently enabled repositories. It's very handy, when switching repositories, to identify ones that you don't want sticking around. In this case, it would help reveal packages from RHEL or CentOS or whatever you switched *from* that had different versions and might cause depencency conflicts.
Re: SL6.0 floppy
On Thu, May 19, 2011 at 4:53 AM, Thomas Koppe wrote: > Hi there, > > how can I access a local floppy as normal user? It would also be nice if the > kernel module "floppy" would be loaded automatically. > > Bye Thomas L. Koppe > It's not showing up under "/media" ? If it's a FAT32 floppy, you should be able to access it with the various tools in the "mtools" package, which are much, much, much faster than read/write operations on a mounted floppy. If none of those are working, come back we can talk to you about adding user authorization for /etc/fstab mountpoints, or even using autofs.
Re: SL vs. RPMForge repo
On Thu, May 19, 2011 at 6:05 AM, Dag Wieers wrote: > On Wed, 18 May 2011, Akemi Yagi wrote: > >> On Wed, May 18, 2011 at 8:53 AM, Orion Poplawski >> wrote: >> RPMforge now offers two repos - [rpmforge] and [rpmforge-extras]. Packages in [rpmforge] will not have conflict with the distro ones whereas those in [rpmforge-extras] may overwrite distro files. >>> >>> AH yes, forgot about that. I guess the packages it is wanting to replace >>> on >>> my machine mostly come from EPEL, not the SL repositories. >>> >>> But there is one: >>> >>> # yum list environment-modules >>> Loaded plugins: downloadonly >>> Installed Packages >>> environment-modules.x86_64 3.2.7b-6.el6 >>> @anaconda-ScientificLinux-201102250955.x86_64 >>> Available Packages >>> environment-modules.x86_64 3.2.8a-1.el6.rf rpmforge >> >> That one must have been missed. I will let Dag know. Thanks for reporting. > > Yes, thanks for reporting ! > > I fixed it yesterday by moving this package to RPMforge-extras. When we > started building RHEL6 packages last year, we did a large effort to find > those duplicate packages, also for older distributions. The > environment-modules RPM is a newly introduced package (I presume for RHEL5 > only) and we obviously did not verify if it was already in RHEL6. Hi, Dag!! Nice to see you over here. There's also stil the ongoing boobytrap for RHEL and SL before version 6.x: They built, and provided, and installed, both i386 and x86_64 versions in the main x86_64 repository of many packages such as Subversion. So does EPEL. RPMforge does not, and in fact, *building* Subversion for i386 under x86_64 architecutre was a real pain in the neck: I threw in the towel on it. The result was that upgrading Subversion for x86_64 from RPMforge got... tricky if you didn't manually rip out the i386 packages before updating to RPMforge's version (of which I posted .spec files for a few releases). RHEL and SL 6 now install only the "best" architectural fit, by default, which was an excellent move and avoids this issue. > There's more than one issue here: > > - if a package is introduced for RHEL5, we need to check if it is needed > for RHEL6 and if there's a need to have a different version there. > > - we should avoid releasing a newer package in RHEL5 than is available in > upstream RHEL6. It's often better to backport the RHEL6 package to > RHEL5. Subversion is one of these. The continuing updates from RPMforge are welcome, RHEL's upstream version is going to continue to lag, especially after Subversion 1.7 comes out. > - we need a (preferably) automated check to avoid this in the future. It > would be nice if the packager could easily check before doing any > effort at all, but as a last resort the buildsystem should refuse by > default. (It's easier to automate on the buildsystem side as a DAR > plugin, even when it's still bash :-/) > > So I am sorry for this mishap, I hope we can avoid it in the future. And this sort of thing is why RPMforge is so respected. When an issue pops up, it gets fixed *FAST*.
Re: How to migrate yum installed on RHEL 6 to update from SL6 repository?
On Thu, May 19, 2011 at 5:49 PM, Zoran Ovcin wrote: > On 05/16/2011 06:22 AM, Nico Kadel-Garcia wrote: >> >> On Sun, May 15, 2011 at 4:41 PM, Zoran Ovcin wrote: >>> >>> On 05/15/2011 04:58 PM, Nico Kadel-Garcia wrote: >>>> >>>> On Sun, May 15, 2011 at 9:28 AM, Zoran Ovcin wrote: >>>>> >>>>> It worked out. >>>>> >>>>> Now I am on Scientific linux, yum update passed ok. >>>> >>>> Great. What does "yum list extras" say? And did you re-install all >>>> your packages, so you're not in license violation with Red Hat ? >>>> >>> For now, since I hadn't updated RHEL6, only packages that are newer in >>> SL6 >>> than matching packages in RHEL6 are updated. But, yum update works. >>> >>> What is with extras packages? Are they within SL6? Can they be updated >>> also? >>> >>> Zoran >> >> That command shows RPM's that are not part of your currently enabled >> repositories. It's very handy, when switching repositories, to >> identify ones that you don't want sticking around. In this case, it >> would help reveal packages from RHEL or CentOS or whatever you >> switched *from* that had different versions and might cause depencency >> conflicts. > > Here is the output: > # yum list extras > Loaded plugins: aliases, changelog, downloadonly, fastestmirror, presto, > protect-packages, refresh-packagekit, > : rhnplugin, security, tmprepo, verify, versionlock > This system is not registered with RHN. > RHN support will be disabled. > Loading mirror speeds from cached hostfile > * epel: mirror01.th.ifl.net > * epel-testing: mirror01.th.ifl.net > * sl: ftp.scientificlinux.org > * sl-security: ftp.scientificlinux.org > * sl6x: ftp.scientificlinux.org > * sl6x-security: ftp.scientificlinux.org > Extra Packages > Red_Hat_Enterprise_Linux-Release_Notes-6-en-US.noarch > 1-21.el6 > @anaconda-RedHatEnterpriseLinux-201009221801.x86_64 > acroread.i686 9.4.0-1.el6 > @SupplementInstallMedia/6Workstation > flash-plugin.x86_64 10.3.162.29-0.1.el6.rf > @rpmforge/6Workstation > java-1.6.0-sun.x86_64 1:1.6.0.22-1jpp.1.el6 > @/java-1.6.0-sun-1.6.0.22-1jpp.1.el6.x86_64/6Workstation > java-1.6.0-sun-demo.x86_64 1:1.6.0.22-1jpp.1.el6 > @/java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el6.x86_64/6Workstation > java-1.6.0-sun-devel.x86_64 1:1.6.0.22-1jpp.1.el6 > @/java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el6.x86_64/6Workstation > java-1.6.0-sun-jdbc.x86_64 1:1.6.0.22-1jpp.1.el6 > @/java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el6.x86_64/6Workstation > java-1.6.0-sun-plugin.x86_64 1:1.6.0.22-1jpp.1.el6 > @/java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el6.x86_64/6Workstation > java-1.6.0-sun-src.x86_64 1:1.6.0.22-1jpp.1.el6 > @/java-1.6.0-sun-src-1.6.0.22-1jpp.1.el6.x86_64/6Workstation > kmod-kspiceusb-rhel60.x86_64 4.9-14.el6 > @SupplementInstallMedia/6Workstation > libavcore0.x86_64 0.6.1-38.1_git20110115.el6 @atrpms/6Workstation > libssh2.x86_64 1.2.7-1.el5.rf > @rpmforge/6Workstation > libva-0.32.0.1_1.x86_64 0.32.0-3_sds1.el6 @atrpms/6Workstation > libva-x11-0.32.0.1_1.x86_64 0.32.0-3_sds1.el6 @atrpms/6Workstation > perl-XML-Writer.noarch 0.612-1.el6.rf > @rpmforge/6Workstation > skype.i586 2.2.0.25-fc10 > @/skype-2.2.0.25-fedora.i586 > spice-usb-share.x86_64 4.9-9.el6 > @/spice-usb-share-4.9-9.el6.x86_64/6Workstation > tetex-xdvi.x86_64 3.0-33.8.el5_5.6 installed > virtio-win.noarch 1.1.16-0.el6 > @/virtio-win-1.1.16-0.el6.noarch/6Workstation > zhongyi-song-fonts.noarch 0.1.20020329.1-15.el6 > @SupplementInstallMedia/6Workstation > zhongyi-song-fonts-ghostscript.noarch > 0.1.20020329.1-15.el6 > @SupplementInstallMedia/6Workstation > > I had some conflicts so I disabled some testing repositories. > > Is there a repository from which I can update Java? Rip it out and replace it with openjdk. You'll be using what both Oracle and the upstream RHEL are collaborating on, and avoid a stack of Java incompatibility issues. If you need the Sun version of Java, you can grab RPM's from Oracle, but integration with older RHEL/CentOs/SL releases was awkward dueo to various integration components oriented around RHEL's particular rebundling of it for commercial customers in the "optional" channels. > But since I switched to SL, there have been no updates on the SL repo. Is > that ok? See above. Those are not GPL or freeware or normally "open sourced" packages: that's why JPackage does not provide bundled RPM's for them, but only framework ".nosrc.rpm"' packages that require manual download and agreement to the Java licensing to build. I published a few updates for those, and threw in the towel as wasted effort with RHEL 6 and RHEL 6 came out with very successful openjdk bundles. > Zoran > > -- > Zoran Ovcin, University of Novi Sad Faculty of Technical Sciences > Serbia, +381-(0)21-485-2298, mailto:zov...@uns.ac.rs > > >
Re: How to migrate yum installed on RHEL 6 to update from SL6 repository?
On Fri, May 20, 2011 at 1:45 AM, Natxo Asenjo wrote: > On Fri, May 20, 2011 at 2:01 AM, Nico Kadel-Garcia wrote: >> On Thu, May 19, 2011 at 5:49 PM, Zoran Ovcin wrote: >>> On 05/16/2011 06:22 AM, Nico Kadel-Garcia wrote: > >>> Is there a repository from which I can update Java? >> >> Rip it out and replace it with openjdk. You'll be using what both >> Oracle and the upstream RHEL are collaborating on, and avoid a stack >> of Java incompatibility issues. If you need the Sun version of Java, >> you can grab RPM's from Oracle, but integration with older >> RHEL/CentOs/SL releases was awkward dueo to various integration >> components oriented around RHEL's particular rebundling of it for >> commercial customers in the "optional" channels. > > In my daily experience, the openjdk does not correctly run lots of > java(ws) apps I need to get my work done whereas the sun/oracle jre > does. Maybe it is an app problem (probably, most developpers only test > the oracle jre), but I stll need to get the job done :-) and install > the 'official' oracle jre. OpenJDK *is* the official open source Java release out of Sun, now Oracle, with direct Red Hat involvement. So if you want future compatibility, your Java developers and applications will need to switch. I think you really need to support the switchover. That said, you'll need to go directly to Oracle and manually grab their "java-*-rpm.bin" packages and unpack those. For licensing reasons, they are *not* available in yum compatibile repositories, unless perhaps you set up one internally for your site and accept the responsibility for the licensing personally. You can also look at http://www.jpackage.org/browser/rpm.php?jppversion=5.0&id=489: and you're welcome to my .spec file updates: I've never successfully gotten into the CVS "write" setup for that package: the more I think about it, the more I'm scared of using CVS for that.
Re: is there a javaws in java-1.6.0-openjdk?
On Fri, May 20, 2011 at 5:29 PM, Troy Dawson wrote: > With RHEL 6.1 there is a package called "icedtea-web" > This not only have javaws, but it has "IcedTeaPlugin", which I am assuming > is equal to openjdk's plugin. > > So, right now, no there isn't a java plugin in SL6. But it should be in > there soon. > > Troy One might also recompile and thest the SRPM.
Re: seeking help
On Sun, May 22, 2011 at 1:51 AM, Zack Yovel wrote: > Hi, I'm also new to SL, have it on my laptop and intend to install it on my > desktop for virtualization. I'm a little confused by GParted not being > talked about here. It installed with the live cd image on my laptop, and I'm > used to resizing partitions with that, wouldn't it work on SL? Gparted is a reasonable *first attempt* at providing a usable GUI for partition management. Under the hood, it's all parted and other command line tools. It provides no useful features not available from the command line, and in fact lacks some critical ones. (Specific block allocation size of 64 for the "DOS combatility" space at the start of a disk, for example, prevents 4096 byte block alignment for virtualized guest images. This *matters* for NetApp or other 4096 byte block servers for virtualized guests, which have no way to directliy detect the alignment and take an amazing performance hit.) If possible, it's worth learning the basic tools. parted is really cool, and learning some of the options and settings of the fsck variants for ext2, ext3, and ext4 can help tune things for performance. For example, most people don't need "atime" and get a nice performance benefit from turning it the heck off. And frankly, most peopple don't need LVM at all. Modern Linuxes do quite well booting directly from the primary partition, and since swap space is so rarely used, swap can gracefully be a file *on* the main filesystem. And backup systems are no longer disk based (such as the old and deprecated "dump" tool) but are active fileystem based (such as rsync, or star to include SELinux metadata). So unless you have performance tuning or overflow protection you need, most desktop and server environments do very well with a sinigle, large partition occupying the whole drive. This bamkes space allocation and backup a lot easier unless you want to, say, limit /home to only 800 Gig out of a 1000 Gig drive to protect your base operating system from family members who download too much.
Re: is there a javaws in java-1.6.0-openjdk?
On Sat, May 21, 2011 at 5:04 PM, Phil Schaffner wrote: > Nico Kadel-Garcia wrote on 05/21/2011 12:15 AM: >> >> On Fri, May 20, 2011 at 5:29 PM, Troy Dawson wrote: >>> >>> With RHEL 6.1 there is a package called "icedtea-web" >>> This not only have javaws, but it has "IcedTeaPlugin", which I am >>> assuming >>> is equal to openjdk's plugin. >>> >>> So, right now, no there isn't a java plugin in SL6. But it should be in >>> there soon. >>> >>> Troy >> >> One might also recompile and thest the SRPM. >> > > The EL6.1 SRPM builds and installs on SL6, but hangs Firefox on an attempt > to verify the plugin. > > http://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/icedtea-web-1.0.2-3.el6.src.rpm Are you using the EL6.1 rebuilt Firefox?
Re: ntfs read/write on SL 6
On Mon, May 23, 2011 at 1:46 AM, Garrett Holmstrom wrote: > On 5/22/2011 22:38, Zack Yovel wrote: >> >> hi, I'm new to SL, and I want to add ntfs support. I have SL 6 installed >> on my laptop, and I intend to install it on my desktop also. >> so: >> 1. What is the best way to add ntfs support to my running SL laptop? >> 2. Is there a way to add ntfs support to the desktop as part of the >> installation proccess? > > 1. Install ntfs-3g from EPEL. > 2. If your goal is to install to a NTFS disk, no. Otherwise you might be > able to add the EPEL repository as part of the installation process and > select it that way. You need kernel modifications that are not part of the default kernel from upstream in able to write. NTFS also has a *lot* of options which do not map to normal POSIX ownership and permissions: they're possible to emulate, badly, with NFSv4 and other more sophisticated fileystem toolkits, but *nothing* does one-to-one mapping between NTFS permissions and *anything* else. That said, over in CentOS, they used to publish kernels with the modules built-in as part of the "centosplus" repository. It's a single flag difference in the kernel configuraiton files: you could grab the SRPM, edit the flags appropriately, and build the kernels for testing.
Re: Install SL6 on RAID 0 on GA-890GPA-UD3H (chipset: AMD SB850 )
On Wed, May 25, 2011 at 7:42 AM, Zack Yovel wrote: > > 2011/5/25 >> >> Zack Yovel writes: >> >>> « HTML content follows » >>> >>> >>> Install SL6 on RAID 0 on GA-890GPA-UD3H (chipset: AMD SB850 ) >>> >>> >>> Does anyone know of a raid driver for this motherboard or chipset? >> >> Yes, it's called linux raid and it's probably 1000 times better/reliable >> than that fake raid. >> >> -- >> Nux! >> www.nux.ro > > I don't think I like your tone! so here's for you: > >> In short - I have two disks, I want them both on raid 0, and I want >> dual-boot with windows. > > I'd appriciate it if you'd assume that I know about the obviouse, and that I > ask a specific question for a reason... Not everyone who asks actually knows the issues, and you're facing conflicting requirements. I assume you're using modern, bulky, SATA drives and want to use the onboard "I'm not really RAID, I just play one on TV" controller on that motherboard? And that you're aware of the awkwardness of setting aside an accessible "/boot" partition to boot with that does not require the software RAID drivers? And can we safely assume that you do *NOT* need the RAID0 for your Windows setup? If these are the case, I'm going to urge you to spend $30 on Ebay and save yourself a lot of awkward support time and buy a real SATA RAID card. I just went through this mess with OpenBSD and have been through it with Linux before: it's pesky, and I've dealt with people insisting that they really wanted their 40 TB array as a single RAID set, and dealing with the 16 TB limits of their 32-bit controllers, so I've been through some of the issues. What performance benefit are you expecting from RAID0 that justifies your investment in effort? Is it just the very large partition size available with merged, bulky partitions?
Re: Some questions about the SL repositories
On Wed, May 25, 2011 at 3:31 AM, Marc Muehlfeld wrote: > Hi, > > we're currently evaluating a migration from Centos 5 to SL6. But I have some > questions about repositories: > > We have a local repository were our servers get their updates from. But I'm > unsure, what I exaclty have to mirror. On the FTP there are the following > directories: > > - 6 > - 6.0 > - 6rolling > - 6x > > Question 1: What are the differences? > > Question 2: The default *.repo uses the $releasever variable, which is > resolved to "6.0". If we plan to always have the newest (minor) version > after every update, I think I have to replace that. Is there an other > variable for that or do I have to hardcode it? > > Question 3: Do I have to block any package that would recreate the SL repo > files after an upgrade? Don't knock yourself out. Like RHEL and CentOS, if you simply continue with updates, your "$releasever" will be updated automatically when SL 6.1 is released, and if you look inside the "6x" directory on an FTP or rsync server, you'll see that it has symlinks to the "6" and "6x" directories. you'll see that they have symlinks to the "6.0" directory. Those will be updated when SL does a 6.1 release. The effect is overall similar to, and more transparent than, what RHEL's use of the "yum-rhn-plugin" does. If you're setting up an internal mirror for whatever reason (which I do for running "mock"), be sure to use rsync or ftp in order to replicate the symlinks and save a *lot* of download and disk resource.
Re: I've insalled minimal installation, /etc/my.cnf is still in my system.
On Thu, May 26, 2011 at 10:22 AM, Andreas Petzold wrote: > On Thursday, May 26, 2011 16:03:31 Stefan Eriksson wrote: >> torsdagen den 26 maj 2011 14.38.32 skrev du: >> > Hi, >> > >> > On Thursday, May 26, 2011 14:03:06 Stefan Eriksson wrote: >> > > Hi I've just now installed a minimal installation but still there is a >> > > file called /etc/my.cnf >> > > >> > > ls -l /etc/my.cnf >> > > -rw-r--r--. 1 root root 251 20 jan 23.36 /etc/my.cnf >> > > >> > > I have never installed mysql-server on this system. >> > >> > you can ask RPM which package this file belongs to: >> > >> > rpm -qf /etc/my.cnf >> > >> > If the file doesn't belong to an RPM, it gets a little tricky. >> > >> > Cheers, >> > >> > Andreas >> >> Thanks seems like mysql-libs-5.1.52-1.el6_0.1.x86_64 >> >> rpm -qf /etc/my.cnf >> mysql-libs-5.1.52-1.el6_0.1.x86_64 >> >> I'm guessing this is installed per default. > > there's no need to guess :-) . Simply run > > repoquery --whatrequires mysql-libs > > and it will tell you which installed RPMs require mysql-libs. If nothing comes > up, then you either explicitly requested the RPM or it is in the default list > of packages. > > repoquery is provided by the yum-utils package. So is "rpm -q --whatrequires mysql-libs" and "rpm -q --whatrequires /etc/my.cnf". Unfortunately, MySQL has that !@#$!@$#@ file hardcoded. So even if you want to put your specific settings such as port numbers and database locations somewhere else and write a config file for it, the binaries *INSIST* on looking at /etc/my.cnf. This makes one database server tuning /etc/my.cnf very risky to any other MySQL databases on this host, even with their own init scripts and config files and databases. Drove me *NUTS* a few years back when testing parallel configurations before deployment
Re: gdm install question
On Thu, May 26, 2011 at 11:07 PM, Todd And Margo Chester wrote: > Hi All, > > I only installed SL6 Basic server. This means I have no graphics and am > sitting at run level 3. Now that Xfce 4.8 x86_64 is out, I am about to get > my graphics. I will not be able to physically get at my new server until > Monday. So, some stupid question till I can see for myself. > > I plan on installing kmod-nvidia and nvidia-x11-drv from elrepo > and group installing xfce from epel. > > Just out of curiosity, do I need to install gdm as well? Or, will it > get caught in a tidal wave of dependencies? > > Also, do you see any flaws in my plan? > > Many thanks, > -T gdm is most useful for runlevel 5. You don't *HAVE* to use this: you can log in at the console or other windows and use "startx" to start your X session. The big question is, what *else* did you leave out in doing a basic installation? xauth? xterm? Firefox? OpenOffice? Emacs with X capibility, rather than emacs-nox? I'll urge you to take a look at "yum list" and pick out application syou want, and pre-install them.
Re: pbone
On Tue, May 31, 2011 at 1:03 AM, Todd And Margo Chester wrote: > Hi All, > > I ask the guys over at > > http://rpm.pbone.net/ > > to add a line for FC14, FC15, RHEL6, and SL6 over on > their advanced search and they actually did. > > Now we can search for SL6 and RHEL6 specific > RPMS at pbone. Very cool. > > -T >
Re: pbone
On Tue, May 31, 2011 at 1:03 AM, Todd And Margo Chester wrote: > Hi All, > > I ask the guys over at > > http://rpm.pbone.net/ > > to add a line for FC14, FC15, RHEL6, and SL6 over on > their advanced search and they actually did. > > Now we can search for SL6 and RHEL6 specific > RPMS at pbone. Very cool. > > -T Thanks very much indeed. I do some testing with FC15, now that it's out.
Re: pbone
On Tue, May 31, 2011 at 12:36 PM, Todd And Margo Chester wrote: > On 05/31/2011 05:12 AM, Nico Kadel-Garcia wrote: >> >> On Tue, May 31, 2011 at 1:03 AM, Todd And Margo Chester >> wrote: >>> >>> Hi All, >>> >>> I ask the guys over at >>> >>> http://rpm.pbone.net/ >>> >>> to add a line for FC14, FC15, RHEL6, and SL6 over on >>> their advanced search and they actually did. >>> >>> Now we can search for SL6 and RHEL6 specific >>> RPMS at pbone. Very cool. >>> >>> -T >> >> Thanks very much indeed. I do some testing with FC15, now that it's out. >> > You guys are all welcome! Thank you for noticing. :-) > > Nico, > > FC15 changed their network adapter naming convention. See: > > http://fedoraproject.org/wiki/Features/ConsistentNetworkDeviceNaming > > And, they substituted "nm-connection-editor" for "system-config-network". > My eth0 became p2p1. "ifconfig -a" will show the new names. (We will > probably see these changes in EL sometime soon.) This is not likely. This would be a substantial change to the most basic configuration tools on the installation media and their default interfaces. I would not expect to see a feature like that in an RHEL release, and thus in SL, until after all the kinks are worked out of it in Fedora, and RHEL 7 and thus SL 7 is released.
Re: Disk Space Utilization
On Fri, Jun 3, 2011 at 6:50 AM, James Holland wrote: > So, just mount your 4TB on /home. Stick it in the fstab as LABEL=/home /home > ext3 defaults 1 2 Whoaa!!! Slow down there, pardner! You'll want to select a reasonable chunk of that 4 TB, perhaps all of it, as the new /home partition. Mount it temporarily, then *backup the contents of /home to the new mountpoint*. When ready, announce some downtime, get people off the system, move aside /home, do a finaly mirroring, verify that nothing is writing to the old /home with "lsof", then remount the new partition as /home. Keep the old /home around, say as "/home.old", for a while foe people to settle in. If you can schedule time, try to do this in single user mode, it's a lot safer. Simply slapping new disk space on top of your old /home will hide the old /home directories, and you won't be able to *access* it to do copies. Worse, processes can still be writing to the old files *under* your new mount point, and chaos can ensue without some elementary caution.
Re: rpm --verify skipping checks on some files?
On Fri, Jun 3, 2011 at 8:47 PM, Gilberto Ficara wrote: > Hello everyone, > > I'm not familiar with rpm internals, but I was toying with the rpm > command and found out that it seems to be skipping some files in the > --verify action, for example it didn't check /etc/hosts and passwd: > > [root@sltest02 ~]# echo '# some comment' >> /etc/hosts > [root@sltest02 ~]# echo '# some comment' >> /etc/hosts.allow > [root@sltest02 ~]# echo '# some comment' >> /etc/bashrc > [root@sltest02 ~]# useradd -m foobar > [root@sltest02 ~]# sync > > [root@sltest02 ~]# grep foobar /etc/passwd > foobar:x:500:500::/home/foobar:/bin/bash > > [root@sltest02 ~]# rpm --verify setup > S.5T. c /etc/bashrc > S.5T. c /etc/hosts.allow > > [root@sltest02 ~]# rpm -v --verify setup | grep passwd > . c /etc/passwd > > [root@sltest02 ~]# rpm -v --verify setup | grep hosts > . c /etc/hosts > S.5T. c /etc/hosts.allow > . c /etc/hosts.deny > > seems like /etc/hosts and /etc/passwd are not being checked, is this > normal? I made the same test on CentOS 5.6 and it seems that passwd is > not being checked there too (/etc/hosts is not part of the setup package). Those are "configuration" files, and marked as such in the RPM's that provide them. As such, they're permitted to be modified without tripping verification reports. If they weren't every time you changed your network settings or added a package with a dedicated user, you'd wind up breaking the RPM verification reports. > some infos on my test system: rpm-4.8.0-12.el6.x86_64, > rpm-libs-4.8.0-12.el6.x86_64 > linux kernel 2.6.32-71.29.1.el6.x86_64 > > thanks in advance for any info or advice :) > > Gilberto "Velenux" Ficara >
Re: SL6: NIS, AUTOFS incompatible with NetworkManager
On Mon, Jun 6, 2011 at 8:18 PM, Konstantin Olchanski wrote: > Here I am reporting a compatibility problem between the newly introduced > in SL6 NetworkManager and the traditional ypbind and automount programs. > > In the nutshell, after a reboot, automount does not "see" any mount points > defined in the NIS auto.master map file. > > The boot sequence I am observing goes like this: > 1) network manager runs, does it's stuff > 2) ypbind starts, init script falsely reports successful start (ypwhich > reports "not bound" but > this is redirected into /dev/null) > 3) automount starts (and only if one enables automount logging in > /etc/sysconfig/autofs, > would one see that it reports failure to access auto.master NIS map) > 4) some time later, network manager finally starts the network interface > 5) NIS ypbind becomes happy > 6) but too late for automount, it does not know to reload auto.master > > There are other problems with the NetworkManager, so simplest solution > is to "chkconfig NetworkManager off; service NetworkManager stop". And rip it out by the roots. NetworkManager is a bad tool in any production environment, even if it's useful for traveling laptops and as an auto-detect tool at OS installation time. Fortunately, you can re-install system-config-network manually. It is available, even if it's not in your particular base installation setup.
Re: SL6: NIS, AUTOFS incompatible with NetworkManager
On Wed, Jun 8, 2011 at 9:30 AM, James Holland wrote: > On 07/06/11 19:15, Konstantin Olchanski wrote: >> >> On Tue, Jun 07, 2011 at 01:44:05PM -0400, Lamar Owen wrote: >>> >>> ... The GUI network config tools are all for NetworkManager in upstream >>> EL6. >>> >> >> >> Hmm... I am blind and I do not see any GUI tools for the NetworkManager. >> What am I supposed >> to use? (I do see the desktop applet, but I cannot use it unless I am >> standing in front >> of the computer logged in as a root user. A neat trick, if the computer is >> in Japan >> and I am in Vancouver). > > The worrying thing for me is when I installed it ifcfg-eth0 was disabled > onboot leaving it to me to enable it in networkmanager. Not very useful for > a remote install... The curses based, text compatible system-config-network needs everything a typical desktop or server needs. It lacks some of the foofiness of NetworkManager, but that's both unnecessary and dangerous on a stable desktop or server, as we've seen happen repeatedly for new installations of RHEL based systems over the last 5 years or so.
Re: value of RAM reported not correct in SLC 5.6
On Wed, Jun 8, 2011 at 7:49 PM, Aldo F. Saavedra wrote: > Hi, > > I'm having the following problem with an invariant of SL56, the cern > flavour. I thought perhaps that someone may have come across this > with SL56 > > Here in Sydney, we installed slc56 x86_64 on a Dell Power Edge R510 with > 48Gb of RAM. > > The problem we have is that once the os is installed slc56 top, free and > vmstat only reports 32Gb. All the yum updates were performed. > > To check we booted with the rescue mode, SLC 5.6 and all the commands report > 48Gb . > > A further check we installed RHEL 5.6 x86_64 it reports 48Gb . > > Is there some tweak to the kernel that needs to be done? Or any cause to the > problem. Any ideas are much appreciated. That's a significant chunk of RAM for such an old codebase. Is there any reason not to simply update to SL 6.0 and avoid the support problems?
Re: Java 6u26
On Thu, Jun 9, 2011 at 12:13 PM, Dr Andrew C Aitchison wrote: > Sorry to be a pain, but should I expect Java 6u26 (Sun/Oracle) > updates for java-1.6.0-sun-compat and jdk or do I now need to > download direct from Oracle ? > > These would replace > java-1.6.0-sun-compat1.6.0.24-3.sl5.jpp.i586.rpm > jdk1.6.0_24-fcs.i586.rpm > and 64bit equivalents. > > Thanks, I used to update these over at JPackage. I gave up, on the grounds that RHEL 6 and its rebuilds rely on OpenJDK, Red Hat has gotten squarely behind OpenJDK, and Oracle *bought Sun* and is tring to itself support OpenJDK. So there's very little point to it anymore in the development or stable environment world.
Re: Java 6u26
On Fri, Jun 10, 2011 at 12:46 AM, Dr Andrew C Aitchison wrote: > On Thu, 9 Jun 2011, Nico Kadel-Garcia wrote: > >> On Thu, Jun 9, 2011 at 12:13 PM, Dr Andrew C Aitchison >> wrote: >>> >>> Sorry to be a pain, but should I expect Java 6u26 (Sun/Oracle) >>> updates for java-1.6.0-sun-compat and jdk or do I now need to >>> download direct from Oracle ? >>> >>> These would replace >>> java-1.6.0-sun-compat1.6.0.24-3.sl5.jpp.i586.rpm >>> jdk1.6.0_24-fcs.i586.rpm >>> and 64bit equivalents. > > >> I used to update these over at JPackage. I gave up, on the grounds >> that RHEL 6 and its rebuilds rely on OpenJDK, Red Hat has gotten >> squarely behind OpenJDK, and Oracle *bought Sun* and is tring to >> itself support OpenJDK. So there's very little point to it anymore in >> the development or stable environment world. > > Thanks. > > Unfortunately that doesn't really address the point I was trying to make. > > Until about SL5.5, SL (but not RHEL) included an rpm which worked > in browsers. I know Troy has to fiddle a bit to sign the i386 package > and could not sign the x86_64, but it was very convenient for at > least this user. > > What I'm trying to ask is; will SL5 continue to include an rpm > which provides java for browsers ? > I don't remember Troy or anyone else saying one way or the other. > > Thanks again. Does the one over at JPackage work for you? Because it is a "non-free" package, i.e. cooperating with Sun's old licensing, It's a .nosrc.rpm, but you could build it and test it. There's also a fiddly bit in the jpackage-utils-compat that keeps trying to yank in older, gcj based components, that I publshed a .spec to resolve for RHEL 5.x based operating systems. Would you like a copy? If so, that's relatively easy to update: I just no longer have release 5.x boxes to test such components on, but I've got the .spec files and the patches for anyone who wants them.
Re: SL6: NIS, AUTOFS incompatible with NetworkManager
On Fri, Jun 10, 2011 at 10:55 AM, Lamar Owen wrote: > On Thursday, June 09, 2011 07:21:29 PM you wrote: >> The curses based, text compatible system-config-network needs >> everything a typical desktop or server needs. It lacks some of the >> foofiness of NetworkManager, but that's both unnecessary and dangerous >> on a stable desktop or server, as we've seen happen repeatedly for new >> installations of RHEL based systems over the last 5 years or so. > > Heh. Why would you want to stick with such an old codebase, Nico? The TUI > system-config-network is deprecated in upstream EL6 and will at some point in > time be removed, once the NM config tools are able to duplicate all > functionality. And they are most definitely getting closer. This is part of > what going to EL6 is and will be about. Because it works well over SSH remote connections, headless serial port based access for clusters, virtualized system consoles where GUI's are ill supported and burden the VM and the host, micro-installations, and systems where some sucker installed NVidia drivers, updated their OpenGL libraries, and broke X but hard. It's dealing with flat text files in a well devined, shell compatible format: there is no XML or complex databases to deal with, just some simple configuration files. And if you make a mistake in the network configuration, you again break X services. Should I go on? This is an old subject, and I've got plenty more reasons.
Re: value of RAM reported not correct in SLC 5.6
On Fri, Jun 10, 2011 at 10:55 AM, Lamar Owen wrote: > On Thursday, June 09, 2011 07:22:56 PM you wrote: >> That's a significant chunk of RAM for such an old codebase. Is there >> any reason not to simply update to SL 6.0 and avoid the support >> problems? > > What are you talking about, being large for an old codebase? On x86_64 > upstream has supported far more than 48GB since version 3 days (128GB to be > exact, according to http://www.redhat.com/rhel/compare/ ). It can work, I've done it. It's problematic, especially if one leaves the 32-bit versions of components and libraries dual-installed with the 64-bit, deletes one and not the other. The codebase for SL 5 and RHEL 5 uses significantlyou out of date kernels, glibc, and other core utilities. so yes: if you stretch the environment beyond the common resources at the time it was originally designed, you can enter the world of surprising corner cases. It's worse with old systems: kernel patches to deal with outlier, wierd hardware aren't necessarily backported, they're more likely to get in the much more recent kernel codebase, and scheduling downtime to do BIOS updates gets even harder when someone keeps saying "n-o-o-o! I've got an uptime of 635 days, we can't reboot it! prove to me that this will fix things first!" > While I don't have a machine with more than 32GB of RAM currently, I wouldn't > have any problem using CentOS or SL 5.6 (or either SLC or SLF) on x86_64 with > that much RAM. The EL5.6 kernel isn't aged yet, not by a long shot. > > SLC5 to SLC6 is not an update, it is a major upgrade. There may be very > significant reasons to not upgrade for the OP. > > In any case, this doesn't answer the OP's question of why SLC5.6 doesn't see > the same thing as upstream EL5.6 but being built from the same source. I > would ask the OP to see what both SL (non-C) and CentOS 5.6 say about the > machine and see if either see things like SLC or like upstream. It should be > a pretty simple and quick test, especially if the OP uses the LiveCD to do it > (which should work ok, assuming all the tools are there). The LiveCD is a good idea.
Re: SL6: NIS, AUTOFS incompatible with NetworkManager
On Fri, Jun 10, 2011 at 9:21 PM, Konstantin Olchanski wrote: > On Fri, Jun 10, 2011 at 10:55:33AM -0400, Lamar Owen wrote: >> On Thursday, June 09, 2011 07:21:29 PM you wrote: >> > The curses based, text compatible system-config-network needs >> > everything a typical desktop or server needs. It lacks some of the >> > foofiness of NetworkManager, but that's both unnecessary and dangerous >> > on a stable desktop or server, as we've seen happen repeatedly for new >> > installations of RHEL based systems over the last 5 years or so. >> >> Heh. Why would you want to stick with such an old codebase, Nico? > > > I think the wrong question was asked and a different wrong question was > answered. > > One issue is GUI vs TUI. > > Gui is okey when you are standing in front of the computer > console and the X11 graphics are working and you have a working monitor > of reasonable size. And a network connection needing attention is very likely to disable the X services, especially for remote X servers. > If you are not standing in front of the computer, you have to tunnel > X11 graphics through an ssh tunnel. Okey for a computer in the office > next door, but good luck doing this through a trans-Atlantic > or trans-Pacific link. (You say "use VNC!", well good luck getting > a VNC connection to a computer behind a firewall on the other side > of a VPN connection. Hint - it can be done by tunneling a reverse > connection (server to client) through an ssh tunnel). Oh, my, you've brought back laughs. I wrote one of the early VNC ports, to SunOS 4.1.x. Yeah, it's fun to get that working internationally or over a messed up network. I've been encouraging a switch to NX from www.nomachine.com, to save money on X servers and get a much better connection than VNC provides. > On my side, I have the instructions for setting up new computers > written up on a web page. I want to be able to cut-and-paste them > to a command line, so "authconfig --enablenis --nisdomain xxx --update" is > cool, > but "run system-config-users, then push these buttons with mouse" is not cool. Now, *THAT* is when it's nice to have a Windows box with a remote serial connection or, if the network is working well, and SSH session. And yeah, being able to configure such settings in an init script or as part of a system update is also prize, especially for clusters or scattered servers.
Re: value of RAM reported not correct in SLC 5.6
On Sat, Jun 11, 2011 at 12:45 PM, Lamar Owen wrote: > On Friday, June 10, 2011 08:29:49 PM you wrote: >> It's problematic, especially if one leaves >> the 32-bit versions of components and libraries dual-installed with >> the 64-bit, deletes one and not the other. > > Multilib support can indeed be a problem. In a very large memory system one > would be wise to make sure that the system is 'pure' 64 bit on x86_64. > (other 64-bit systems vary as to recommendations.) > >> The codebase for SL 5 and >> RHEL 5 uses significantlyou out of date kernels, glibc, and other core >> utilities. so yes: if you stretch the environment beyond the common >> resources at the time it was originally designed, you can enter the >> world of surprising corner cases. > > Given the fact of backporting, how 'out-of-date' the kernel, glibc, and other > core utilities are is difficult to determine. But one person's out-of-date > is another's 'stable' instead. Reminds me of this VAX in the corner, driving > a microdensitometer > > But that doesn't address the problem for the OP: why does SLC5.6 see things > so differently than upstream's code of the same version and built from the > same source? That's what the OP was asking about; and I'm looking forward to > seeing the OP post back about any new information. Me, too. I'm not assuming that our OP actually had identically configured RHEL 5.x and SL 5.x environments. But the CD based reports are interesting. > But what were the 'common' resources at the time of EL5's initial release? > What were the 'extreme' resources? IA64 systems were certainly available > with >32GB of RAM prior to EL5's introduction. I specified and got quoted an > Appro quad socket Opteron system with 64GB of RAM a year or more before EL5's > introduction in November of 2007; it was very expensive, too, with over 75% > of the cost of the whole machine being RAM, at the time. And my current > VMware hosts are a little over 4 years old; and they have 32GB of RAM (Dell > PE6950's, quad socket dual-core Opterons; wouldn't mind upgrading to quad > core or hex core chips if they were supported, and 64GB of RAM is an option > with all four sockets populated as they are). And those PE6950's shipped 8 > months before EL5.0 went GA. That may not have been common, though; I do > know they were expensive. But Dell at least has been pretty good about > keeping drivers, BIOS's, and other critical things like SAS controller and > DRAC firmware updated through the years, even for that hardware. It was bloody expensive. Let's see, 4 years ago I'd finished some work helping build, and design, blade servers, including a lot of RHEL 4 and some singificant SuSE integration. 8 Gig was considered hefty: 64 Gig was considered wonderful because they were so expensive and the profit was so high. > Uptime junkies need to get a life. Uptime isn't the be-all, end-all.even > if it is a part of the whole availability equation As you probably agree, > Nico. In an HA VMware situation, uptime of the hosts, as long as the > downtime is planned, is a non-issue. That should be valid for other > virtualization solutions, too, as long as you've configured it HA. Virtualization and its high availability is useful, but also not a be-all and end-all. It doesn't exercise kernels, it doesn't break locks, and if some error has eroded your filesystem, it doesn't give you a chance to fsck unless you actually reboot. It *does* massively reduce the cost of a reboot.
Re: Problem with cut
On Tue, Jun 14, 2011 at 4:43 PM, Chetan Tiwari wrote: > Hi Valery, > > My LANG was set to en_US.utf8. I changed it to C as you suggested and that > worked! Thanks much for that tip. > > Best regards, > > Chetan Yeah, "LANG" is messing with a lot of programs that used to work well. It's worse with the "sort" utility. en_US.utf8 is case insensitive, and there is no way to restore proper case sensitivity to ordering except to set LANG to something sane, like 'C' or 'POSIX'.
Re: Scientific Linux 5.6 is officially released
On Tue, Jun 21, 2011 at 2:19 PM, Troy Dawson wrote: > June 21, 2011 > Scientific Linux 5.6 is now officially released and available. > We want to thank all those who have contributed helping us build and test > this release. Thanks! I'ver personally hopped to SL 6 and similarly recent releases, and not looked back: the focus on getting SL 6 published before completing the point release for SL 5.6 was well decided, and the rolling updates for SL 5.x has worked very well.
Re: Use this for MySQL backup
On Fri, Jun 24, 2011 at 6:32 AM, Timmy Siu wrote: > Dear ALL SL users: > Why do you bother spending your precious life time on writing programming? > > Physicist should "use" programme, not write programme. ;) This is insulting. A smiley does not fix it. I'm not a physicist, but I've worked in research and industry. I solve problems, and get paid for it. Robust backup systems are an ongoing problem, and needs change. > Use this for MySQL backup, a complete FREE enterprise solution: > http://www.zmanda.com/backup-mysql.html I like the Amanda software. It's powerful, flexible, and I personally wrote the SunOS port of it, and wrote the old Exabyte 2.3 Gig specs for it, and worked with its MySQL features then. Zmanda seems to be doing good work, and I actually did some RHEL/CentOS 4 work with Zmanda, which seems to be competently rebundling it for commercial grade support. You see, some of us in various science and business fields actually need features that are not built into those tools. For example, for MySQL backup, there's a problem of having to do a regular dump of the databases and use *that* for backup and recovery., rather than being able to simply image the filesystem as the built-in "tar" based tools of Amanda provide. *THAT* is a lengthy and grotesquely inefficient process, especially for a large database. What works better? Installing MySQL on an LVM filesystem, locking the database for a few seconds to get the last atomic operations committed as part of a nightly scheduled service pause, making an LVM snapshot, and using Amanda to backup the snapshot. But that's a more sophisticated approach and requires fairly sophisticated system management, which *is not* easily integrated into Zmanda's write-up. Alternatie, one can set up a master/master setup (refered to as MMM, look it up), and perform the Amanda backup against the nominally secondary master. But that's not built into the Zmanda published toolkits. This is one reason why people who actually need to run the systems for physicists, doctors, lawyers, or non-profiits write freeware: to have access to the components, solve the real problemss, and be able to do it completely and well. After all, where did Zmanda's products come from? They're a repackaged "AMANDA", the University of Maryland published backup system.
Re: "lpr" is broken again - someone needs to watch the kids at Fedora
On Sun, Jun 26, 2011 at 12:27 PM, Larry Linder wrote: > Hate to be a complainer, but stuff that has worked well for 20 years is now > broken again. This is the second time in less than a year. Look again. lpr lives on top of Postscript, or ghostscript, and a stack of printer drivers. Maintaining those has been a nightmare of reverse engineering: I give enormous credit to the ghostscipt maintainers over at Aladdin, and the weird flipping drivers used for PCL and other proprietary printing languages who either do ont publish, or randomly violate, their own specs. The modern "lpr" command in Fedora and SL and RHEL derivates is no longer part of the "lpr" or freeware "LPRng" suite of tools, it's a backwards compatibility interface to CUPS, so it's really not the same tool. I believe you that things are unstable in Fedora: that's what Fedora is for, to work these details out: thanks for testing this soft of thing for the rest of us. > The script searches my data base and prints labels for parts in the inventory > is broken again. It uses awk to search the data base and prints the labels > using lpr with a bunch of options. In the last few weeks "lpr" has changed The lpr command hands it off to CUPS: CUPS is famous for having a very powerful, complex, and often utterly useless configuration interface. (See Eric Raymond's essay, "The Luxury of Ignorance", and my comments he thoughtfully quoted at the bottom.) The interface in SL 6, the "system-config-printer" interface, is actually a lot better. > and now pops up a GUI for a printer - prints a bunch of garbage to my screen > and Pops a GUI - it also pick up the printer margins and host of other crap > that I can't change from the GUI. As a result the labels are off set by 1/2 A. I think I see the issue. CUPS chose, years ago, to use the old port 631, formerly used by lpr, for their configuration interface. After all, they seemed to reason, it's available for printing and no one will use lpr anymore, right? Unfortunately, some people do, and I suspect your printing command is feeding it to the CUPS configuration interface. Not deliberately: the setting can be enabled and disabled. Use "system-config-printer" to do this, if Fedora hasn't changed things lately. > inch and now run over the end of the page. > Looked on the internet and asked the question and there is no real answers - a > bunch of dumb replys. It's a problem. What format is the output from your awk cleverness in? Flat text, which will then get transformed by the print drivers to Postscript or PCL: or whatever for actual printing? There are some fascinating, underdocumented, and long-standing problems with the text->postscript tool not being manageable from the GUI. If you can, get your output into PDF before feeding it to the printer. It's fairly easy, and and *LOT* more robust than most other formats, even flat text. > On is a vector to the cups manual - no way to search it. Can't spend a week > reading all of it. > > I wish the people tinkering with the print stuff would quit working on stuff > that has worked a long time. A new rule is that "first do no harm". Its ok > to add new but don't clobber the stuff we depend on. It's a historic problem with CUPS. They're pursuiing new features, and the "do no harm" is unfortunately a real impediment to adding new features or fixing things that have been broken for years but some folks have implicitly relied on. (Been there, done that.) > Does anyone have any idea of how to turn this stuff off or get back the > real "lpr" utility. A freeware version of the ancient "lpr" utility is in the "LPR" package. That's been out of Fedora since... Fedora 9? You might be able to find one compatible with SL 5 or older Fedoras, or recompile one, but I don't recommend it for stability. > So far I have a lot of time invested in this - by the way this is Sunday > Afternoon. That should tell you the urgency of the problem. Monday we have > a lot of stuff to ship - even if I have spend all night hand printing the > labels. > > Thank You > Larry Linder Sorry about this.
Re: "lpr" is broken again - someone needs to watch the kids at Fedora
On Sun, Jun 26, 2011 at 9:36 PM, William Scott wrote: > On 27 June 2011 07:38, Nico Kadel-Garcia wrote: > >> >> A. I think I see the issue. CUPS chose, years ago, to use the old >> port 631, formerly used by lpr, for their configuration interface. >> After all, they seemed to reason, it's available for printing and no >> one will use lpr anymore, right? Unfortunately, some people do, and I >> suspect your printing command is feeding it to the CUPS configuration >> interface. Not deliberately: the setting can be enabled and disabled. >> Use "system-config-printer" to do this, if Fedora hasn't changed >> things lately. >> > > I'll have to check to see if I'm close to being correct but I thought.. > > 515 - Lpr > 631 - IPP > 9100 - HP "jetdirect" > > Probably more out there. Lord, I'm digging back here into the yestercentury of multi-OS printing here. Wikipedia confirms your numbers, as does /etc/services. I'm misremembering the port 631 management as bing directly from LPR, as opposed to the weird mutliple usages of the port 631 for IPP and configuration of CUPS. That still ties the "lpr" based printing to the cups based services in this problem report, not to the old and unsupported "lpr" services.
Re: Free, open source, full-featured mail server solution for Scientific Linux 5.x
On Tue, Jun 28, 2011 at 12:10 AM, Zhang Huangbin wrote: > Dear Scientific Linux users, > > Just want to let you know, there's a free and open source mail server > solution, iRedMail, works well on Scientific Linux 5.x, supports both > i386 and x86_64. Web site: http://www.iredmail.org/ And Postfix. And Sendmail. And Exim. And Qmail. And look, it's available only as an installer which reaches out and downloads things from your website without actually mentioning what they are in advance. Wow, I could go on with the obvious issues from the website, but given that there's not even a GPG signature for the installation widget, this is actively unsafe.
Re: Free, open source, full-featured mail server solution for Scientific Linux 5.x
On Tue, Jun 28, 2011 at 3:08 AM, Zhang Huangbin wrote: > > On Jun 28, 2011, at 1:41 PM, Nico Kadel-Garcia wrote: > >> On Tue, Jun 28, 2011 at 12:10 AM, Zhang Huangbin >> wrote: >>> Dear Scientific Linux users, >>> >>> Just want to let you know, there's a free and open source mail server >>> solution, iRedMail, works well on Scientific Linux 5.x, supports both >>> i386 and x86_64. Web site: http://www.iredmail.org/ >> >> And Postfix. >> >> And Sendmail. >> >> And Exim. >> >> And Qmail. >> >> And look, it's available only as an installer which reaches out and >> downloads things from your website without actually mentioning what >> they are in advance. Wow, I could go on with the obvious issues from >> the website, but given that there's not even a GPG signature for the >> installation widget, this is actively unsafe. > > > Sorry about unclear description. That is, perhaps, the *least* of the problems. Downloading unsigned binary packages from a third-party for a production system like email services is begging for trouble. All we need is your domain hijacked, and your clients will be installing rootkits without your or their awareness. > iRedMail is just shell scripts, it will install and configure mail server > related components automatically for you. That's why i call it a 'solution' > instead of a 'software'. Source code of iRedMail is available in Google > Code: http://code.google.com/p/iredmail/source/list And the *source* should be published > Used major components: > > - Postfix (SMTP) > - Dovecot (POP3, IMAP, Managesieve) > - Apache (Web server) > - MySQL (Storing application data and/or mail accounts) > - OpenLDAP (Storing mail accounts) > - Amavisd + SpamAssassin + ClamAV (anti-spam, anti-virus) > - Roundcube (Webmail) > - Awstats (Apache and Postfix log analyzer) Good. Now put that on your web page, please. > Since RHEL doesn't provide all of them, iRedMail project has to provide > some of them. As we mentioned in README[1] file under yum repository > directory, most of them comes from third-party repositories, some were > packed by iRedMail project, SRPMS are avalable: See above. It should really be in the web page, *long* before setting up yum repositories. > > Most packages come from: > > - Dag Wieers: http://packages.sw.be/ > - EPEL: http://download.fedora.redhat.com/pub/epel/ > - ATrpms.net: http://atrpms.net/ > > Thank you all :) > > Packages which contains 'ired' tag in package name are packed > by iRedMail project, you can find source RPM here: > http://iredmail.org/yum/srpms/ > Which should be. wait for it.. on the web page. I also note that the packages there lack GPG signatures. Worse is your listing for 'License' under your SRPM's. "Public Domain and BSD" is not a license. It's a legal morass, begging for a client to step in it and lose a boot. Pick one! > iRedMail will verify packages with command 'md5sum'[2] after downloaded > to make sure they're truly downloaded from iredmail.org. Which is not the same as a GPG signature. That's merely a transmission verification, not a sign that the original package actually came from anyone you trust. The lack of a checksum for the installer tarball is, in particularly, hazardous, since a malicious person could replace the contents of *that*. Security takes attention. This lack of attention to basic security steps is frightening in a tool that expects to integrate numerous, password handling components such as jabber, Postfix, Dovecot, and MySQL. > [1] README: http://iredmail.org/yum/rpms/5/00README > [2] Verify packages with 'md5sum': it's defined in some files: > o iRedMail-x.y.z/pkgs/get_all.sh > o iRedMail-x.y.z/pkgs/MD5.* And nothing in the srpms or source directories. Defining checksums inside the already downloaded installer for 3rd-party downloads is missing the point, and does nothing to alleviate concerns abou the authenticity of the package, especially if an RPM is built and replaced by a malicious third party from their own, unpublished SRPM. It's very important for security to tie the binary RPM's to the source RPM's from the same author. This is pretty basic security practice for software repositories. Can I, or someone else, find you a guideline on this? Even if I distruct your product outright due to these missing features, I'm happy for people to learn how to do these security practices better. > > Zhang Huangbin > > iRedMail: Open Source Mail Server Solution for Red Hat Enterprise Linux, > CentOS, Debian, Ubuntu, openSUSE, FreeBSD: http://www.iredmail.org/
Re: problem with ypbind on SL6
On Tue, Jun 28, 2011 at 9:22 AM, Nagaraj Panyam wrote: > Hi, > > Are there any known issues with ypbind on SL6 server? > or any other new configuration issues that are showing up as this problem? > Other than ypbind, other network services are ok (nfs, etc) > > I have ypserv running on the SL6 machine. > Remote yp clients have no problems binding with this ypserv. > But a local ypbind is failing to connect! > I hope the pasted screen dump explains the situation. > > I have this single line in yp.conf of the SL6 box > ypserver 127.0.0.1 This is not the same IP address your other clients use. Try use the same IP address they use and see wshat happens. And what does 'ypdomainname' say? The same as your other clients? And what about 'ypwhich'? And 'ypcat -d "domain" -h 127.0.0.1 passwd' > [root@lnx5 ]# service ypserv status > ypserv (pid 2629) is running... > > [root@lnx5 ]# service ypbind start > Starting NIS service: [ OK ] > Binding NIS service: . [ OK ] > > [root@lnx5 ]# service ypbind status > ypbind (pid 6594) is running... > > > [root@lnx5 ]# ypwhich > ypwhich: Can't communicate with ypbind > > > There is no clue in system log except this single line: > (NIS server name is missing) > > Jun 28 18:34:00 lnx5 ypbind: NIS domain: DHEP-D0, NIS server: > > > Someone responded to similar problem from me, but I am still stuck! > This worked trivially when before I upgraded from SL5 to SL6. > Thanks for any clue about this. > > Nagaraj >
Re: Free, open source, full-featured mail server solution for Scientific Linux 5.x
On Tue, Jun 28, 2011 at 10:28 AM, Zhang Huangbin wrote: > > On Jun 28, 2011, at 9:24 PM, Nico Kadel-Garcia wrote: >> >>> iRedMail is just shell scripts, it will install and configure mail server >>> related components automatically for you. That's why i call it a 'solution' >>> instead of a 'software'. Source code of iRedMail is available in Google >>> Code: http://code.google.com/p/iredmail/source/list >> >> And the *source* should be published > > > iRedMail installer is shell scripts, that means it's source code too. It's not published that way. See my previous comments about checksums and GPG signatures. It's too easy, historically, to steal a domain or steal access to a software repository and change the source code without signatures. Dig back the the SSH vulnerabilities in SSHD that were used against sourceforge.net roughly. 12 years ago? And the more recent break-ins to our favorite upstream vendor's build machines that caused re-signing of RPM's and new keys published. >>> Used major components: >> >> Good. Now put that on your web page, please. > > > It's now listed in home page of web site: http://www.iredmail.org/ > Thanks for your suggestion. Cool. > >> Even if I distruct your product outright due to these missing >> features, I'm happy for people to learn how to do these security >> practices better. > > > Thanks very much for your comments and time, will try to improve it. :) I'm cheered and pleased by your quick response to those concerns. While it's not a tool I, personally, need right now, I'll keep it in mind as worth investigating for peoople who haven't already hammered their way through all those individual components. I do urge you to review GPG signature handling, especially for RPM packages. It can be integrated well with the updated versions of 'mock' available for SL 6.
Re: Top posting versus bottom posting
On Thu, Jun 30, 2011 at 4:39 PM, Robert P. J. Day wrote: > rday (who is getting seriously tired of, every week, reading the same > swill on a mailing list somewhere) Then, perhaps, you should unsubscribe from thos one? We're seeing people coming over from CentOS, and peopls coming from other communities interested in testing things out, and they could use help. A polite word with actual reasons for an opinion will sway them far more than yelling at them about standards that they may have learned elsewhere, and that may in fact be mandated by their workplace policies. (Seen that: got yelled at for bottom posting, even though it suited the point by point analysis I was doing far better. I was confusing "big picture" people with the facts, and it was driving them nuts.)
Re: Installing scientific linux 5.5
On Fri, Jul 1, 2011 at 4:01 AM, vivek chalotra wrote: > Dear all, > I have an external USB HDD of make seagate and capacity 1TB. I want to > install scientific linux on it so that i can boot from it when i need it. > Any help is appreciated. OK: Good for you. Do you already have an operating system on your machine, and are you willing to touch the boot loader on your existing hard drive? Because if not, you're going to need to configure your BIOS to talk to your external drive first for boot loading.
Re: Java SE 6 for SL6?
On Fri, Jul 1, 2011 at 11:52 AM, Kenneth Hoste wrote: > Hello, > > I was looking into installing a Java JDK 1.6.0 on our Scientific Linux 6 > systems, and found it to fail. > We need to install Java under a non-default path, e.g. /path/to/java, > and therefore extract the RPM found on the Oracle website from the RPM > binary installer using: > > ./jdk-6u26-linux-x64-rpm.bin -x > > We then install the RPM obtained this way as follows: > > rpm --initdb --dbpath /rpm --root /path/to/java > rpm -i --dbpath /rpm --root /path/to/java --relocate /=/path/to/java > --nopre --nopost --nodeps jdk-6u26-linux-amd64.rpm > > The last command is failing with: > > error: Unable to change root directory: Operation not permitted > > This way of installing the Java JDK has worked fine in our previous SL5 > setup. > > I should add that RHEL6 or SL6 is not listed as supported on the Oracle > website, see > http://www.oracle.com/technetwork/java/javase/system-configurations-135212.html This is partly because they're re-wrapping RHEL 6 as "Oracle Enterprise Linux 6", and breaking free software best practices by merging in their proprietary code. This is in distinct contrast to what Scientific Linux does. It means that the compatibility with Oacle Enterprise releases is a good indicator that it should work, but not in any way a guarantee. Mind you, Oracle, and Red Hat and a lot of others are collaborating on openjdk. This is helping a number of long-term licensing, compatibility, and installation issues for JDK's, and has cleaned up that "rpm.bin" extraction and nastiness. If possible, please use openjdk, I think we can expect to see the old "sun" based Java packages cease development as efforts migrate to openjdk. That said, the "--relocate" command has always been tricky, and requires specific RPM bundling practices to work. See http://www.rpm.org/max-rpm/ch-rpm-reloc.html. And I do sympathize: I used ot have to install parallel 32-bit and 64-bit JDK's on the same host, and it turned out to be pretty tricky and order sensitive and required disabling of '%pre' and '%post' for one package, not the other. > Has anyone been able to install an Oracle Java JDK 6 RPM on SL6 (or RHEL6)? I did some JPackage integration attempts (I used to publish updates to their various java nosrc.rpm packages.) Gave it up as pointless when SL 6 came out and openjdk was obviously mature enough, and the JPackage 6 repository reflects this successful switchover. I'm frankly quite surprised if you really need the "Oracle JDK". Because Sun, now Oracle could not publish their SRPM's (for licensing reasons), they were quite difficult to debug, especially for this sort of installation issue. OpenJDK does not have this issue. > greetings, > > Kenneth > kenneth.ho...@ugent.be >
Re: Top posting versus bottom posting
On Fri, Jul 1, 2011 at 9:02 AM, Dr Andrew C Aitchison wrote: > Over the years I've found that my opinions of what makes for > "good" and "bad" netiquette are heavily influenced by features > of my message (mail or news) reader. > > SL5 doesn't add many packages to those supplied by TUV, but one > of them is pine/alpine. > > pine is not good at threading, which means that pine users don't really > understand when some people complain when people take an unrelated > message, reply to it and change the subject. I wrote the early SunOS ports for pine, and did some early Linux testing. Don't *get* me going on the Pine SSL historical support issues. Just don't.. But there were a number of long-standing issues, such as the poor integration with the included IMAP daemon, that caused endless trouble. And pine's licensing is... funky, and its code base has not been updated in 6 years. I'd say it's no longer safe to use: if you need it, you an grab the SRPM's from the "Penguin Liberation Front" at http://plf.zarb.org/. Their SRPM's are Mandriva based, but they publish tools that are useful but which our favorite upstream vendor would be unable to publish. (Pine is one of them, due to funky licensing, and libdvdcss is another, which I used when in the EU.)
Re: RPM: file versions
On Fri, Jul 15, 2011 at 2:51 PM, Phil Perry wrote: > On 15/07/11 19:28, Andrew Z wrote: >> >> Hello, >> i just got curios (google is not helping me @ the moment)... >> What is the right way to handle versions of the files during >> installation and removal of the rpm? >> Example: >> ls -l ./ >> >> >> rpm -uhv lib_andrew-123.rpm: >> lib_andrew.so -> lib_andrew.so.123 >> >> rpm -uhv lib_andrew-456.rpm: >> lib_andrew.so -> lib_andrew.so.456 >> >> ls -l ./ >> lib_andrew.so -> lib_andrew.so.456 >> lib_andrew.so.123 >> >> now, what if i want to remove version 123 ??? >> >> Andrew >> > > You need to have your SPEC file create the symlinks in the buildroot so that > they are a part of the package, i.e, the symlinks are owned by the rpm > package. Then when you uninstall or update the package rpm will > remove/update the symlinks for you rather than leave them dangling as per > your example above. This is normally handled by "autoconf" based installations installing the software into the RPM build environments "buildroot", and RPM collecting up a list of the files, based on the SPEC file settings. RPM is also good about reporting discrepancies. I've done amazing amounts of turning sloppy, hard coded build structures into autoconf and RPM compatible structures. > Take a look in any relevant package SPEC file from the distro for examples > of how this should be handled. >
Re: question about ssh packages in SL5 Contrib
On Fri, Jul 15, 2011 at 4:16 PM, Troy Dawson wrote: > On 07/15/2011 02:25 PM, Steve Gaarder wrote: >> >> I notice that there are alternative SSH packages in the contrib >> repository for SL 5. In what way do these differ from the standard >> packages? >> >> thanks, >> > > Those were contributed by Fermilab. > The client is patched so that it does both gssapi and gssapi-with-mic ... > and a couple other authentication methods as well that I can't remember. > > Troy The missing GSSAPI in the old OpenSSH 4.x releases in RHEL 5 are an ongoing security issue. The GSSAPI modules allow genuine "single-sign-on" behavior with an appropriate Kerberos or upstream Active Directory setup (which is partly based on Kerberos). Coupled with the Putty 0.61 release that came out a few days ago, It makes single sign on in mixed environments a lot safer and easier to manage, and helps avoid the security problems of ill-managed SSH keys and people's refusal to properly protect, or even password protect, the private keys they wander around with. It's well worth the effort to switch to such better manageable, revokable, and updatable authentication.
Re: Changing mode, owner, group for /dev/*
On Thu, Jul 14, 2011 at 10:21 AM, Jack Allen wrote: > Hello: > > I have an application that needs to be able to read and write a > Logical Volume directly and it does not run as root. Then you need to learn about suid wrappers, or possibly even "sudo" to limit command line access to the relevant software to use the targeted LVM as an argument. > On RHEL 5.X I could change the mode, owner and group of a LV and it > would stay changed until the system was rebooted. This was fine because I > could run a rc script at boot time. Ahh. Welcome to "udev". Take a look in /etc/udev/ to learn more about how to set up specific device ocnfigurations. > On RHEL 6.X if I do the same thing, as soon as the application opens > the LV for writing the first time the mode, owner and group are changed > back. This means the LV is not accessible by other application processes. Nor should it be, in general. The fact that it's an LV is irrelevant, it's a "block device" as far as the kernel and libc and udev care. > I know this is a Scientific-Linux list, but because it is based on > Red Hat the problem and solution would be the same and I have post the same > thing on a Red Hat list and gotten no replies, I thought I would try here. I > don’t know if it is selinux or udev that is doing this. I am sure someone > may have some questions and want more details and I will provide them if > requested. I just did not want to take up a lot of space with all kinds of > examples, etc. > > I cannot start supporting the application on RHEL 6.X until I find a > solution to this problem. You can test by turning off SELinux, but that wouldn't normally reset ownership. It would control access according to some complex rules, but not reset ownership. I'd strongly consider sidestepping this problem with "sudo", depending on what the programs are that need LVM access. Virtualization accessible block devices, for example, might be much safer if you cna restrict the programs and users who can ruun them. > Thanks > > Jack Allen
Re: Changing mode, owner, group for /dev/*
On Sun, Jul 17, 2011 at 10:31 AM, Jack Allen wrote: > Nico: > See answers, comments and possible questions below. > -Original Message- > From: Nico Kadel-Garcia [mailto:nka...@gmail.com] > Sent: Sunday, July 17, 2011 3:17 AM > To: Jack Allen > Cc: SCIENTIFIC-LINUX-USERS@listserv.fnal.gov > Subject: Re: Changing mode, owner, group for /dev/* > > On Thu, Jul 14, 2011 at 10:21 AM, Jack Allen > wrote: >> Hello: >> >> I have an application that needs to be able to read and write a >> Logical Volume directly and it does not run as root. > > Then you need to learn about suid wrappers, or possibly even "sudo" to > limit command line access to the relevant software to use the targeted > LVM as an argument. > [Jack Allen] I know all about suid wappers and I could even make the > programs them self SUID, open the device and then do setuid() back to the > real user. But I was looking for a solution that did not require making > changes to the Application itself just to be able to run on RHEL 6.X. Most > of the user of the Application never see a shell prompt to be able to use > the sudo command. Their shell is overlaid with the Application program by > doing "exec Application" in their .profile. Good. Then I hope you've thought out the security implicatoins of leaving your LVM "device" with a secruty structure that is unique to your application. Oracle has historically done this, and it drives people doing setups and ports of Oracle *insane*, and leads to people putting in some terrible, terrible hacks to cope with, even when it works. >> On RHEL 5.X I could change the mode, owner and group of a LV and > it >> would stay changed until the system was rebooted. This was fine because I >> could run a rc script at boot time. > > Ahh. Welcome to "udev". Take a look in /etc/udev/ to learn more about > how to set up specific device ocnfigurations. > [Jack Allen] My point was there was a big change between RHEL 5.X and RHEL > 6.X that has caused me a problem. Yes, that is the price of progress. I have Understandable. There are real security and behavioral advantages to udev. Even though it's made your particular application more difficult to integrate, I think the change to keeping the permissions more restrictive all the time was a sound one for basic security reasons. > and I now have a udev rule that only changes the mode, owner and group of > certain LVs based on the name. But again that was something I did not have > to do in RHEL 5.X and means more things to setup when installing the > Application. Great! This is an old problem with software getting more sophisticated and security steps being taken to prevent old hacks from leaving gaping holes. >> On RHEL 6.X if I do the same thing, as soon as the application > opens >> the LV for writing the first time the mode, owner and group are changed >> back. This means the LV is not accessible by other application processes. > > Nor should it be, in general. The fact that it's an LV is irrelevant, > it's a "block device" as far as the kernel and libc and udev care. > [Jack Allen] Yes but LVs is what the Application uses, not block device like > sdb. So it is specific block device names that I needed to have a certain > mode, owner, group. Why? Is your software manipulating logical volumes for the user's benefit, or as an initial configuration step only? I could see this for manipulating virtualized disk images, for example, or providing applicatoin access to the LVM snapshots or for backup systems. I've pulled stunts like that for MySQL backups. Put MySQL on a dedicated LVM, when necessary pause the server, do a "sync", then LVM snapshot the database partition. Then, run the backup, very low priority, from the mounted snapshot.
Re: RPM: file versions
On Tue, Jul 19, 2011 at 9:50 AM, Andrew Z wrote: > > On Fri, Jul 15, 2011 at 10:58 PM, Nico Kadel-Garcia > wrote: >> >> On Fri, Jul 15, 2011 at 2:51 PM, Phil Perry wrote: >> > On 15/07/11 19:28, Andrew Z wrote: >> >> >> >> Hello, >> >> i just got curios (google is not helping me @ the moment)... >> >> What is the right way to handle versions of the files during >> >> installation and removal of the rpm? >> >> Example: >> >> ls -l ./ >> >> >> >> >> >> rpm -uhv lib_andrew-123.rpm: >> >> lib_andrew.so -> lib_andrew.so.123 >> >> >> >> rpm -uhv lib_andrew-456.rpm: >> >> lib_andrew.so -> lib_andrew.so.456 >> >> >> >> ls -l ./ >> >> lib_andrew.so -> lib_andrew.so.456 >> >> lib_andrew.so.123 >> >> >> >> now, what if i want to remove version 123 ??? >> >> >> >> Andrew >> >> >> > >> > You need to have your SPEC file create the symlinks in the buildroot so >> > that >> > they are a part of the package, i.e, the symlinks are owned by the rpm >> > package. Then when you uninstall or update the package rpm will >> > remove/update the symlinks for you rather than leave them dangling as >> > per >> > your example above. >> >> This is normally handled by "autoconf" based installations installing >> the software into the RPM build environments "buildroot", and RPM >> collecting up a list of the files, based on the SPEC file settings. >> RPM is also good about reporting discrepancies. >> >> I've done amazing amounts of turning sloppy, hard coded build >> structures into autoconf and RPM compatible structures. >> > > Nico, mind to shed more light on how to do this ? Oh, boy, where do I start Have you worked with autoconf and Makefiles? Does your software have an autoconf or other "Makefile" based setup for compiling and installing it? Do the Makefiles support the use of "DESTDIR", a prefix used for instaling the software and which most .spec files use to say "actually put the binaries and links and man pages over here, where we can bundle it up safely, rather than on the local system"? If not be ready to upgrade the software's build system and installers to do support DESTDIR, and to include the full installed configuration or enough for someone deploying the software to complete themselves after installation. This would run in the '%install' part of your .spec file, to put all the important bits, including symlinks, in the build target directory. Take a good look at the upstream vendor's SRPM's and .spec files for examples of how this works.
Re: xen on Scientific Linux 6 32-Bit or 64-Bit
On Tue, Jul 19, 2011 at 5:00 PM, Steven Haigh wrote: > On 20/07/2011 6:54 AM, Eero Volotinen wrote: >> >> 2011/7/19 Stephen John Smoogen: >>> >>> On Tue, Jul 19, 2011 at 13:30, Justin Sandy >>> wrote: Is there a way to install xen on 32-bit or 64-bit Scientific Linux 6? >>> >>> Probably not easily. The kernels are optimized to work with KVM. You >>> would need to tear out that kernel and build one for Xen and a xen >>> image >> >> http://wiki.xensource.com/xenwiki/RHEL6Xen4Tutorial >> >> if it breaks, you can keep both pieces ;) > > Or even easier - use the kernel & Xen packages I build: > http://www.crc.id.au/xen-on-rhel6-scientific-linux-6-centos-6-howto/ > > Its still in the testing phase - but I use them both on my setup without > issues. Bug reports welcome! :) Or install Virtualbox, or VMWare. I'm afraid that I find the KVM and Xen integration with the libvirt tools such as virt-manager to be not only confusing, but actually poor. The integration with VirtualBox is surprisingly good, even if its long term fate with Oracle is uncertain.
Re: SL Minor Version Upgrade Question
On Thu, Jul 21, 2011 at 12:03 PM, Dormition Skete wrote: > Hello. > > We already have a server using SL6.0. I see that 6.1 is probably going to be > coming out soon. If we just keep our server updated, will it automatically > "become" a 6.1 server, or do we need to download a new 6.1 DVD when it comes > out, and go through the upgrade process to make the server 6.1? > > Any help with this will be appreciated. Almost entirely, yes. There may be subtle distinctions, but this is actually what the upstream vendor dues for supported systems: simply keep the systems subscribed to the update channels, and the configurations will be close enough for production work. Discrepancies may include subtle format changes in configuration files that were edited locally and did not get replaced, and old packages such as kernels that were left in place and not removed with the upgrade process, but our favorite upstream vendor works *amazingly hard* to make sure those are correctly handled to preserve your local configuratoins safely, not create compatibility problems or leave debris behind. It can get tricky, especially if the "fasttrack" or "optional" packages were activated and later moved to "updates" from upstream, but I'm overall very impressed with our favorite upstream vendor's handling of this.
Re: Update
On Fri, Jul 22, 2011 at 12:26 AM, Federico Alves wrote: > Dear Friends > I need urgently to update to the current version of the virtualization stack > from Red Hat, KVM, and specifically, virtualization manager. The most recent > version is > virt-manager-0.8.6-4.el6.noarch > When I Google like this: > "virt-manager-0.8.6-4.el6.noarch download" (please try it) > I get a link that seems to come from Scientific Linux, but when I do a "yum > update", I get nothing. > I wonder what is going on. We are taking too long to release the current > version. Cern alone is forging ahead they already have a beta version that > tracks RedeHat 6.1. > Thanks > Federico
Re: bind error: none:0: open: /etc/named.conf: permission denied
On Fri, Jul 22, 2011 at 9:45 PM, Todd And Margo Chester
wrote:
> Hi Guys,
>
> sl6, 64 bit
> bind
> bind-chroot
>
> I am trying to migrate my DNS (bind, named) over from Cent OS 5.6
> to SL 6. (Yes, I am a refugee who liked the SL community and decided
> to stay.) When I try starting /etc/rc.d/init.d/named, I get
>
> # service named start
> Starting named:
> Error in named configuration:
> none:0: open: /etc/named.conf: permission denied
>
> There is no permission problem. (Setting named.conf to 2777
> proved that.)
>
> I have isolated the problem down to this line of code in
> ../init.d/named:
>
> if [ -x /usr/sbin/named-checkconf ] && \
> [ -x /usr/sbin/named-checkzone ] && \
> /usr/sbin/named-checkconf $ckcf_options ${named_conf} >/dev/null
> 2>&1; then
>
> Placing the following proofing statements in ..init.d/named:
>
> echo ""
> echo "you are here"
> echo "`whoami`"
> if [ -x /usr/sbin/named-checkconf ]; then echo "yes"; else echo "no";
> fi
> if [ -x /usr/sbin/named-checkzone ]; then echo "yes"; else echo "no";
> fi
> /usr/sbin/named-checkconf $ckcf_options ${named_conf}; echo $?
>
> gives:
>
> you are here
> root
> yes
> yes
> + /usr/sbin/named-checkconf -z -t /var/named/chroot /etc/named.conf
> none:0: open: /etc/named.conf: permission denied
> 1
>
> So the problem is specifically:
>
> /usr/sbin/named-checkconf -z -t /var/named/chroot /etc/named.conf
>
> Now here is the rub. If I run the above command as the same user (root)
> from the command line, it works!
>
> # /usr/sbin/named-checkconf -z -t /var/named/chroot /etc/named.conf;
> echo $?
> zone foo.local/IN: loaded serial 100
> zone 255.168.192.in-addr.arpa/IN: loaded serial 100
> zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
> 0
>
> [Editorial comment] H! [/editorial comment]
>
> Help!
Youve got named running in the chrooted environment in
/var/named/chroot. Yank out the bind-chroot package for now, restorie
it when you've had a chance to read and review the documentaiton.
Re: bind error: none:0: open: /etc/named.conf: permission denied
On Sat, Jul 23, 2011 at 2:14 AM, Todd And Margo Chester wrote: > On 07/22/2011 10:41 PM, Nico Kadel-Garcia wrote: >> Youve got named running in the chrooted environment in >> /var/named/chroot. Yank out the bind-chroot package for now, restorie >> it when you've had a chance to read and review the documentaiton. > > Hi Nico, > > When I had originally ported, I copied the computer directory tree > > /var/named/chroot This looks like part of your problem. When you "copied" it, did your copying preserve ownership of all the files? Did you use tar, rsync, scp, or what? > over from the old computer. I did not have bind-chroot installed, > so of course, bind could not find anything. Then I remembered > chroot, so I yum'ed bind-chroot. But you'd already copied over the material, and probably tried to merge /etc/named contents on top of your already written material. Chaos ensued. > > I got stuck on > > /usr/sbin/named-checkconf -z -t /var/named/chroot /etc/named.conf > > working from the command line, but not from > > /etc/rc.d/init.d/named > > I do believe my next step will be what you and William suggested: > start without bind-chroot and everything in its normal location. Then > upgrade to bind-chroot > > Thank you for the help. I will let everyone know what happens. Do take a look at what the bind-chroot package does. It's mostly a bunch of '%post" scripts in the RPM installation.
Re: Problems with a cron task under SL6.x
On Mon, Jul 25, 2011 at 8:46 AM, carlopmart wrote:
> Hi all,
>
> I have configured a cron task to start certain virtual machines when kvm
> host starts at a certain runlevel (3 or 4). My script:
>
> #!/bin/sh
>
> which_rulevel=`runlevel | awk '{print $2}'`
>
> if [ "$which_rulevel" == 3 ]; then
> sleep 60
> virsh start vmfw01
> sleep 140
> virsh start vmfw02
> elif [ "$which_rulevel" == 4 ]; then
> sleep 60
> virsh start vmfw03
> fi
>
> .. And my cron task is located under /etc/cron.d with the following config
> file:
>
> SHELL=/bin/bash
> PATH=/sbin:/bin:/usr/sbin:/usr/bin
> MAILTO=""
> HOME=/
Hold it. None of this is necessary, and a blank $MAILTO can cause
issues. MAILTO should point to an actual email address, not be set
blank, if you need it. And why are you resetting $SHELL and $PATH?
Yoou should only need those if you use non-standard values.
> @reboot * * * * root /root/bin/launch_vms
You have a syntax problem: @reboot, @hourly, etc. replace all the
tiime selection fields in crontab. What you probably want is:
@reboot root/root/bin/launch_vms
> But it doesn't works ... Under cron log I see this message:
>
> Jul 25 14:25:11 srvkvm01 crond[2235]: (CRON) bad command
> (/etc/cron.d/launch_kvms)
>
> I can't see where is the problem. KVM host is a SL6.1 (but with SL6.0
> doesn't works also)...
>
> Any help??
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
Re: SL Minor Version Upgrade Question
On Tue, Jul 26, 2011 at 5:16 PM, Connie Sieh wrote: > On Tue, 26 Jul 2011, Yasha Karant wrote: > >> On 07/26/2011 12:48 PM, Troy Dawson wrote: >>> >>> On 07/21/2011 11:03 AM, Dormition Skete wrote: Hello. We already have a server using SL6.0. I see that 6.1 is probably going to be coming out soon. If we just keep our server updated, will it automatically "become" a 6.1 server, or do we need to download a new 6.1 DVD when it comes out, and go through the upgrade process to make the server 6.1? Any help with this will be appreciated. >>> >>> Hi, >>> This is one place where Scientific Linux differs from RHEL. >>> >>> The default setting for Scientific Linux is for you to "sit on a >>> release". This means that you do not automatically update to the next >>> release, unless you want to. So if you install SL 5.4, you will stay at >>> SL 5.4, getting security updates, until you manually update to whichever >>> release you want. >>> >>> If you want the same functionality as RHEL (your machine is >>> automatically updated to the latest release) you need to install >>> yum-conf-sl6x. >>> yum-conf-sl6x >>> >>> Troy >> >> Will yum-conf-sl6x automatically update to the latest production release >> (e.g., SL 6.1) but will not update to beta/testing/release candidates? > > It updates to the latest production release. > >> I assume that one can pick and choose -- for example, if one is running >> a higher (later) revision kernel and kernel firmware than the production >> release, one may simply skip the kernel portion of the update. > > Note that the kernel is never updated automatically. This is controlled by > the contents of the "EXCLUDE" line in /etc/sysconfig/yum-autoupdate . That's not "never". That's "never updated automatically by default". There are a stack of historical reasons, especially including systems with manually applied device drivers or customized optimizations, and the possibility of accidentally updating to a kernel incompatible with the existing system. I've actually had that happen, not with default kernels, but with locally "optimized" kernels and kernel developers who were very careless of integrating their tweaks software with package management, source control, or as far as I could tell, the laws of thermodynamics. Our favorite upstream vendor has been quite good about this, and about keeping the distinct kernels available on the same system.
Re: WD Advanced Format hard drive issues
On Wed, Jul 27, 2011 at 2:13 AM, jdow wrote: > On 2011/07/26 21:30, Yasha Karant wrote: >> >> For reasons that are irrelevant to this discussion, we have ended up with >> a >> number of new workstations with WD Advanced Format "green" 1.5 TByte >> drives. >> We have been experiencing a number of difficulties that had to do with >> partition boundaries, etc. After a bit of digging, I found: >> >> >> http://community.wdc.com/t5/Desktop/Problem-with-WD-Advanced-Format-drive-in-LINUX-WD15EARS/td-p/6395 >> >> >> Is anyone using a WD Advanced Format drive with SL 6? We are not and >> probably will/can not use LVM, but rather standard ext 2, 3, or 4 >> partitions, included the extended partition model. >> >> If you are using this type of drive, information on the specifics of the >> formatting command(s) and syntax to use these WD drives would be >> appreciated. Any link to a detailed document or URL would be appreciated. >> >> Yasha Karant > > I know what I would attempt in a pinch. I sort of "dig" partition formats > having been one of the guilty parties for the Amiga partitioning scheme. > It led me to doing obscene things and realize they often work. > > I notice that fdisk has a mode for creating partitions based on block > number rather than artificial cylinders. fdisk is a mother and a half to script. Parsing its output to find appropriate values, then feeding them through an "expect" wrapper to get them entered through any automated process, has turned into unnecessary pain since "parted" was written. parted is my friend for this. Unfortunately, the "Gnome parted", or "gparted, does not give access to the sector selection options, so it's quite useless for this work. I've previously written tools to actually do the pre-alignment in kickstart. It makes a tremendous difference in virtualization guests, whose disk images have no way to detect the underlying architectures 4096 byte block alignments but who can benefit tremendously from doing so, especially if the server for the guest images is a NetApp on the back end.
Re: Unable to install SL6.1 with only 1GB of RAM?
On Fri, Jul 29, 2011 at 11:30 AM, Kenni Lund wrote: > Hi > > Is it expected behaviour that SL6.1 requires more than 1GB of RAM to > install when using anaconda for the install? I've just had the > installer crash on me twice due to low memory, when I had 1024MB > dedicated to the VM. I didn't create any swap partition when I did the > partition layout within the installer, so if Anaconda expects to use > such swap partition for the install, that could explain the issue. Perhaps not, but our favorite upstream vendor's default setups do create a swap partition, by default. While RAM is not the same thing as swap and I'm having good success now with VM's that have 1 Gig of RAM, I use some swap space. ignoring thoste standards is something you do at your own peril, both for installation and for operations.
Re: password for singleuser - benefits?
2011/7/29 夜神 岩男 : > On 07/29/2011 11:16 PM, Jeremiah Jahn wrote: >> >> On the servers you REALLY care about you can use luks and encrypted USB >>You could consider someone having physical access to your system, to >>be able to walk away with the harddisk anyway (encrypted filesystem >>not taken into account), but at least that's not something you can >>do without being noticed. > > Coming originally from secret squirrel land, one of the cardinal security > rules for us was simply "If the attacker has physical access, you don't have > security". Genuine physical security is painful and expensive. And there is so much remote network vulnerability exploitation and scanning that it's not an excuse to ignore security whatsoever once they're inside the network. I've been through this in contract work, wtith the cry of "if they'e inside our network, we have much worse problems". This was something that made me wince every time I heard it, because it's often an excuse to not bother with SSH key passphrases, not to bother to use HTTPS instead of HTTP, and not to bother updating or testing passwords for easy crackability. The result is that a bit of leverage, such a a poorly secured SSH key or email password from a rootkitted system or stolen from the mistyped login entries in system logs give tremendous access to people who attack mail servers, backup systems, and log servers. The internal network access used to get done acts as a springboard for attackers. Yes, I remember the !@#$!#@!$ Morris Worm: it was my first big security mess to clean up after, and emblazoned a long-standing lesson of "keeping your security patches up to date is part of the job". > Physical acces to a system is where coded security gives way in absolute > terms to physical security measures. But again, that is if we're talking > about serious security environments and almost none of our use cases > probably represent that -- so we're left simply balancing usability vs > security like normal people. > > -Iwao Yes, it's an interesting balancing act.
Re: upgrading from SL5 to SL6
On Fri, Jul 29, 2011 at 6:25 PM, Chris Tooley wrote: > Hello all, > > Do you still need to upgrade with media to go from SL5 to SL6, or can I do > it from a CLI? > > thanks, > -Chris There are enough changes in the core libraries and utilities, especially glibc and RPM, that I strongly urge you to use the installation media or use the network installation to point to a Scientific Linux local repository. That's worked well for Red Hat based systems since.. dear lord, the original 4.2 in my personal experience.
Re: sl6.1 rsync tree link missing
On Fri, Jul 29, 2011 at 11:24 PM, d tbsky wrote: > hi: > just try to rsync sl 6.1, and found link missing errors below: > > rsync rsync.scientificlinux.org::scientific/6.1/i386/os/images/xen/ > rsync: link_stat "/6.1/i386/os/images/xen/." (in scientific) failed: > No such file or directory (2) Looking at a local mirror. It's a symlink to /mnt/src/scientific/6rolling/i386/os/images/pxeboot. Looks like it should be a symlink to pxeboot. Oh faithful and wonderful maintainers, could you perhaps reset that absolute symlink to the appropriate relative symlink?
Re: Kickstart from original load plus added packages
On Sat, Jul 30, 2011 at 4:14 PM, Jack Allen wrote:
> Hello:
>
> I have installed sl6 and have the anaconda-ks.cfg file which has all
> the packages that were installed originally. I had to add a few more via yum
> later to get things setup the way I wanted it. Now I would like to copy the
> anaconda-ks.cfg file and add the additional packages so it can be used to
> setup another system just like this one during the install.
>
> So the question is how can I determine what is currently installed
> based on package names and/or groups with plus and/or minus certain packages
> to be able to update the kickstart file?
>
> Thanks:
>
> Jack Allen
This is actually one of the more problematic configuration issues for
our favorite upstream vendor. The only working GUI for this is
"system-config-kickstart", which tends to re-arrange source
configuration files and replace their comments, and which does not
understand the concept of multiple '%post' scripts even though this
works quite well if manually added to ks.cfg files. This is coupled
with the confusing and difficult to read "comps.xml" files which
provide a highly organized set of dependencies and packages so that
selecting a group will provide mandatory packages and recommended and
optional ones, but which cannot therefore be reverse engineered
because the package may be mandatory for multiple "groups", optional
for multiple "groups", or brought in by dependencies in entirely
distinct "groups". And the "groups" of the RPM labeling may have
nothing to do with the "groups" of configuration categories in the
relevant comps.xml.
So don't use it. Go through a test install once, of whichever
approximate configuration you consider reasonable, to get a rough list
of packages. Install any relevant add-ons, being cautions to enable
third-praty repositories as needed,, and tack on any packages you feel
you need. Then get a package list with:
rpm -qa --qf '%{name}.%{arch}\n' | sort
Use *that* that as the list of packages to install in your kiclstart
files, and run a second test run to assure that you get what you asked
for. Provide any necessary exclusions, to help avoid
So the simple answer is "don't bother trying to figore out the
groupings". Just use the actual list of installed components from a
similar host. This especailly helps avoid NetworkManager, which is
useful for laptops and perhaps some VPN setups, but has no use and is
actively destabilizing to servers.
Re: (SL) Problem loading a guest in SL6.1
On Tue, Aug 2, 2011 at 2:32 PM, El cucu007 wrote: > Dear users, > I have been faced with the problem in which I am loading a paravirt guest in > a SL6.1 box, I am trying to do the http, nfs install and they both failed to > retrieved the packages and anaconda, all I can see is "retrieving..." but > nothing gets retrieve. Any ideas as to what can be wrong in the guest > installing is greatly appreciated. Which virtualizaton technology are you using? KVM, Xen, Qemu, or have you decided that the merged interface for those is unsuitable for casual use and simply installed VirtualBox? From your "paravirt" comment, I assume you're using Xen. Can you use a CD image to walk manually through the installation procedures, and especially check your network ocnfigurations for validity? And is the virtual host pingable when this step fails? Can you do "Ctrl-Alt-F2" and get a text screen to check your network setup and ping and verify access to your NFS or HTTP servers?
Re: KVM virtualized Windows x64 machines crash
On Wed, Aug 3, 2011 at 5:12 AM, Matej HALAC wrote: > Hello Gentlemen, > > we have two HP ProLiant DL380 G6 servers with Intel Xeon E5530 > processors running libvirt on SL(kernel 2.6.32-131.6.1.el6.x86_64) to > host our Linux and Windows servers. (We migrated from Citrix XenServer) I like the G6's, they seem to be nice hardware. Do you have those ghods-awful Broadcom 10G network cards on them? The ones that try to let you split up the 10G into a stack of different slices of bandwidth? Those weren't stable enough to use last year, and I doubt the drivers or the firmware on those cards has gotten any better. I'm coming to the harsh conclusion that our favorite upstream vendor's "KVM" toolkit is still not ready for production use, especially due to the truly awful configuration tool. This was based on horrible experience with their 5.5, 5.6, and 6.0 releases. If you have only a few hosts to virtualize, why not test Oracle's "VirtualBox" tool (which has far better configuration tools and good client integration), or VMWare's well supported home editions? Since you seem to be using freeware where feasible, such as > The problem is that Windows servers (64bit) running on KVM crash > periodically. With the following event log message: > Error code 003b, parameter1 8003, parameter2 > f80001039900, parameter3 fadfe125fd50, parameter4 > . Have you done all the updates on both your base system and the virtualized systems? > The host servers have this in their dmesg that looks suspicious to me: > Performance Events: PEBS fmt1+, Nehalem events, Broken BIOS detected, > complain to your hardware vendor. > [Firmware Bug]: the BIOS has corrupted hw-PMU resources (MSR 38d is > 330) > > Also host servers get this message in the logs: > kernel: kvm: 2323: cpu0 unimplemented perfctr wrmsr: 0xc1 data 0xabcd > > I myself have a ML150 G6 with Intel Xeon E5504 that runs SL6 and libvirt > with a Windows server without a hitch. > > Any advice is appreciated since I tried looking for the solution and > nothing helped me. You get this on both servers? If you can spare the time, test one of the other virtualization technologies.
Re: Can't get PHP working on apache(httpd) server.Scientific Linux 6.1.
On Wed, Aug 3, 2011 at 11:26 AM, Luca Renaud wrote: > It seems PHP is not enabled by default when httpd starts on SL > 6.1.So,I installed packages php php-common etc. and when I read > through httpd.conf I do not see any LoadModule item related to PHP It's in /etc/httpd/conf.d/php.conf. Our favorite upstream vendor, quite sensibly, includes all the config files from /etc/httpd/conf.d/*.conf as a means to allow packages to publish their own configurations and not require direct editing of httpd.conf. I personally like to add a separate include statement in httpd.conf for SSL related configurations, to grab conf.d/*.conf.ssl files, and allow me to have different behavior for HTTP and HTTPS. This is very handy for separating services like Subversion for read-only on HTTP, and password based access via HTTPS for write access, or for pointing people on HTTP access to a refresh page that says "You should be using HTTPS, switching in a moment to this URL". > (but in /usr/lib/httpd/modules/ there is a libphp5.so) and when I do > httpd -l it is not statically integrated.More specifically,I deployed > the Pimcore CMS on apache DocumentRoot /var/www/html/ creating a > directory pimcore: /var/www/html/pimcore/ and to easily test if PHP is > working I put a index.php file with just this: and I > go to firefox and put http://localhost:80/ and apache is working I see > the splash screen,then I put http://localhost:80/pimcore/index.php the > browser finds the file but the PHP splash screen does not appear just > a blank page meaning apache is not using PHP.So what is the trick to > put apache working with PHP on SL 6.1? Thanks. > It should be available. What happes if you set up a simple "index.php" file in /var/www/html/test/index.php and go to http://hostname/test/ ?
Re: KVM virtualized Windows x64 machines crash
On Wed, Aug 3, 2011 at 11:04 AM, Matej HALAC wrote: > On Wed, 2011-08-03 at 10:41 -0400, Nico Kadel-Garcia wrote: >> On Wed, Aug 3, 2011 at 5:12 AM, Matej HALAC wrote: >> > Also host servers get this message in the logs: >> > kernel: kvm: 2323: cpu0 unimplemented perfctr wrmsr: 0xc1 data >> > 0xabcd >> > >> > I myself have a ML150 G6 with Intel Xeon E5504 that runs SL6 and libvirt >> > with a Windows server without a hitch. >> > >> > Any advice is appreciated since I tried looking for the solution and >> > nothing helped me. >> >> You get this on both servers? If you can spare the time, test one of >> the other virtualization technologies. > > Yes these messages are present on both machines and also the Windows > image crashes on both as well. The specific machine worked without > problems on my ML150 so I doubt it's a problem with the Guest image. I'm afraid this is a level of problem where buying a server license from our favorite upstream vendor would help get you access to the technical support of the people who are actually writing it. And I'm afraid I'm not personally very happy with KVM based virtualization. If the GUI is that bad, it makes me concerned about the quality of the rest of the backend.
Re: {confused} kernel re-compile
On Wed, Aug 3, 2011 at 9:54 PM, Andrew Z wrote: > On Thu, Jul 14, 2011 at 5:35 PM, Tom H wrote: >> >> On Wed, Jul 13, 2011 at 11:26 PM, Andrew Z wrote: >> > On Wed, Jul 13, 2011 at 10:03 PM, Tom H wrote: >> >> On Wed, Jul 13, 2011 at 9:49 PM, Andrew Z wrote: >> >>> >> >>> so how do i modify the kernel and recompile it in SL6? >> >> >> >> What steps are you following? >> >> >> >> Anything different or missing compared to >> >> http://fedoraproject.org/wiki/Building_a_custom_kernel >> > >> > aha! looks like the guide i need. On my own i pretty much completed >> > everything up to "Configure Kernel Options" section of the guide. >> > Thank you Tom i'll give it a try tonight. >> >> You're welcome. Good luck. > > Last night finally got to this. > I followed the guide Tom shared. The only difference was that i did > everything using mock. All-in-all it was smooth sailing. The only change i > made to the current kernel config was compiling USB as module. > Compilation took over 2 hours > Today i installed this modified kernel and.. well, i have vlc, mplayer > showing some movies; firefox playing some youtube,; yum updating packages > and me clicking with the mouse on the screen hoping for it to go kaboom... > So far ( 2 hours now ) it's still going all right. Excellent for you! Can you post a diff between your .config file and the standard /boot/config-[whatever] configuration file, for our reference? Did you build a tweaked RPM, or simply install from the "mock" environment?
Re: {confused} kernel re-compile
On Thu, Aug 4, 2011 at 9:36 PM, Andrew Z wrote: > > On Wed, Aug 3, 2011 at 11:37 PM, Nico Kadel-Garcia wrote: >> Excellent for you! Can you post a diff between your .config file and >> the standard /boot/config-[whatever] configuration file, for our >> reference? Did you build a tweaked RPM, or simply install from the >> "mock" environment? > > Nico, > that's a good idea. I'm not sure i understand what you meant under "tweaked > rpm"... > Here is the result of the diff: Well, yes, now when i'm looking @ the diff, > i recalled that i switched olpc off. So there you have 2 changes Got it. The reason I asked abot building modified RPM's is that, when I deploy modified kernels, I tend to take an SRPM, tweak the config files, and change the 'release' setting in the .spec file to build an SRPM and RPM's for deployment. It helps me keep track of what I've done, and rebuild or modify as necessary.
Re: SL6.1 kickstart persistent networkmanager prevents unattended install
On Thu, Aug 11, 2011 at 8:22 AM, Johnson, Kent A (GE Healthcare) wrote: > Hi Artem, > > Just to reiterate, this is the stock SL6.1 single DVD ISO image I'm using. > SL6.1 is the first time that networkmanager is introduced for installation. > > I've tried your network line and several others as well as no network line in > the kickstart, but, the networkmanager still pops up to configure the network > device. Everything works great if I configure the network at the popup, even > if eth0 is already fully configured by the KS. > > By hitting CANCEL on the networkmanager popup and then looking at CTRL-ALT-F3 > output, I've now determined that it is trying to get security updates from > the SL ftp repo. And, even though I've tried fully configuring the only > ethernet device (eth0), networkmanager still pops up exactly at this point > (preparing to get security updates from the SL ftp repo. > > I'm thinking that I may have to reroll the stock image to eliminate this if > possible, ulness there is some other boot or KS option that will stop > networkmanager from popping up... Hold it. Is it first asking you to *select* among several available network devices? And have you included the "ksdevice=eth0", or whatever is your relevant network port, in your command line options at the beginning of your kickstart selections? I'm sorry if you've already said and I don't have it, but I'm remember problems I've had with multiple network devices and explaining to the anaconda system that I want *THAT* one, no, I'm not kidding, don't bother me about the rest. And Anaconda has been getting updated, upstream, to suppport new hardware and resolve some old issues, so there well may have been a subtle bug introduced upstream.
Re: What is the current ctrl-alt-backspace X win restart?
On Thu, Aug 11, 2011 at 9:34 AM, Ray Van Dolson wrote: > On Thu, Aug 11, 2011 at 06:00:15PM +1000, William Scott wrote: >> On 11 August 2011 12:55, Ray Van Dolson wrote: >> >> > >> > Try adding >> > >> > Option "DontZap" "false" >> > >> > To the ServerFlags section in xorg.conf. >> >> Is there even a xorg.conf out of the box now? >> > > No, but it can still be created. This process may work, though I > haven't tested it: > > https://fedoraproject.org/wiki/How_to_create_xorg.conf It's deprecated, and should be. Like manually editing your web configuraiton in a single httpd.conf file, it precludes modular updates of individual components and nails your configuration to a static, awkward to edit, potentially very fragile configuration file. I went through precisely this with a Debian client in the recent past who has not, so far as I could tell, bought into my setting up an /etc/X11/ xinit.d/ tool for them that flexibly and legibly configured dual monitors in a way that could be published to multiple servers without interfering with their other X settings. But that's life
Re: migrating disk with SL 6.1 from one machine to another
2011/8/14 Marek Andreánsky : > I have a single running server that I can't meddle with and another older > machine, that can be used for testing purposes. > If I install SL 6.1 on my testing machine and configure services that I want > to use on it, will it be portable and work when I move the disk and boot > from it on my server? THis is basically the same problem as using a backup of one machine to run on another machine. There are potential issues: The biggest one is that the drivers for the disk controllers for the new "target" machine need to be available in the "initrd" file on the old "source" machine or its backup. Anything else can be managed by someone at the console after the system boots successfully. You can do that in advance by looking at the "target" machine's The relevant controller drivers, especially for SCSI controllers, used to be in /etc/modprobe.conf, but that changed with the 6.x releases, and I've not poked the new modprobe structure. > I won't do any customization to the x-server and I'll use the default > drivers that are in the Linux kernel. > The only problem I'm thinking about is when I set up and configure Bind and > meddle with the network settings - don't know how the network interfaces are > loaded or stored on Linux - will the new network card be added as another > interface to the old one or will it use the old interface configuration? Or > will it purge the old network settings altogether when it detects that the > device is no longer present and another one is in it's place? SL 5 and its like used to leave the old /etc/sysconfig/network-scripts/iccfg-* files in place, with the wrong MAC addresses, which simply needed to be corrected and the network restarted. SL 6 is using this "UUID" setting to identify particular devices consistently, which I've not personally played with. You may need to reset those manually with the "system-config-network" tool, if this is just a one-off job, > Has anyone tried doing this? I know that in theory it should work, but don't > want to fly into this blind. I've done something like it, using a backup based installation, on.. roughly 15,000 servers with different, older Red Hat releases. I've not done it under SL 6, which has re-arranged the module loading and network configuration tools for boot time somewhat. > Cheers and thanks for any input, > Marek
Re: Terrible disk/network performance with kvm
On Mon, Aug 15, 2011 at 6:05 PM, Orion Poplawski wrote: > I have a server that I recently migrated from CentOS 5.6 to SL6.1. The host > install serves as a basic disk server and runs our nightly backups with > amanda. We also have several virtual machines running on it, so of which > are mostly idle and others which can be quite busy. Since making the move > I'm seeing the disk and network response/performance go to hell if I have > any non-idle VMs running. One barometer - I have a raid10 rebuild running > at the moment. With no VMs I can reach 200,000K/sec resync speed. I'm > getting 131,000K with two idle VMs and some other basic activity. If I > start a busy vm, it drops to a few hundred K/sec and all disk access is very > slow. Response to keystrokes in a network shell can be very slow as well. > > As anyone else experienced problems like this? I'm not seeing any error > messages on the host or VMs. Have you rebuilt the virtual images? And does the underlying RAID, and the disks, have 4096 byte blocks? If so, you will need to be quite cautious in partitioning your disk images, because no installer in the world can tell from scratch, inside a virtualized host, what the block size is on the underlying hardware, and this can *kill* your performance if it's mis-set.
Re: Tesla c1060 driver installation
On Sat, Aug 20, 2011 at 12:08 AM, Predrag Punosevac wrote: > Nico Kadel-Garcia wrote: > >> On Fri, Aug 19, 2011 at 10:25 PM, Predrag Punosevac >> wrote: >> > Deal All, >> > >> > I apologize to all of you who find this question trivial. I am >> > completely new to Linux and to Scientific Linux in particular albeit >> > Unix (OpenBSD and Solaris) user of over 20 years. >> > >> > I have been entrusted with the installation and configuration of NVidia >> > Tesla c1060 on our university test rig running i386_64 Scientific Linux >> > 5.5. >> >> Wonderful for you you! First, May I suggest that you figure out wither >> you mean "i386" or "x86_64" Scientific Linux? And second, if feasible, > > x86_64 (amd64) of course because I have a lot of RAM which can not be > fully accessed even with PAE enabled kernel on i386. In my baby tests SL > 5.5 i386 was limited to 12GB of RAM. Cool. >> can I encourage you to update to version 5.6? There are a number of >> very useful updates and integration improvements in that release. > > I could install even 6.1. The only reason I went with 5.5 was that > NVidia claimed that was "officially supported" version. I am also a bit > concern about other applications and their availability for SL 6.1. This > thing must run MATLAB, Maple, Mathematica, SciPy, Numpy and be > accessible not only via ssh but also via NoMachine NX. In particular NX > is closed source for version 4.0 and above so I am not sure if the free > version of server will even install let alone run on SL 6.1. Wow, you do have a suite of tools that might add up to some support issues. Since our favorite upstream vendor's version 6 has been out since October of 2010, I suspect that all of those packages are now compatible with SL 6.0 or SL 6.1 can attest to NoMachine NX version 3 being compatible: SL 6 has the same bugs as SL 5, because the OpenSSH is actually compiled on RHEL 3 adn the "xauth" command is not where the customized SSH server expects it by default. Just remember to set "XauthLocation" in the relevant sshd_config file. I wouldn't sweat the binary NoMachine implementation. While I dislike intensely closed source code, the freeware rebuilds of NX based tools, such as neatx and freenx, are all abandonware, and NoMachine's implementation is noticeably superios, especially for the Windows clients. And hey, with Putty 0.61 out and supporting genuine GSSAPI, I'm hoping that it can support genuine single-sign-on.. >> > After a bit of pocking around I managed to kill X server, install gcc as >> > directed by NVidia driver installation script. However, due to the lack >> > of pre-compiled kernel interfaces on NVidia ftp server I am forced by >> > installer to compile a kernel interface. This is where my troubles If you have to do this again, you should be able to run "su" or "sudo" and run the command "telinit 3". That should switch you to "runlevel 3", which doesn't have that X server running. >> The NVidia installer scripts can !@#$!@@@#$ my !@!@$#!$. I've >> personally had to rewrite them far too many times, and my updated >> versions have been ignored. They do not play well with updates to the >> OpenGL libraries, which they replace without informing the RPM system >> of the replacement, they do not uninstall gracefully unless they've >> been heavily edited since I last looked, and RPM has no way of knowing >> about them to deal with kernel updates. > > I have heard of the "update issues". Obviously, I am not happy running > NVidia binary blobs period but I have no choice. By the way, if this hasn't changed: if you ever have to update the manually installed NVidia drivers, first *uninstall* the old ones, then install the updates. >> There are good RPM's, and notes,on the process, at >> http://rpmfusion.org/Howto/nVidia. Scientific Linux plays as nicely as >> it feasibly can with such third party repositories. >> > > Thank you so much for that info! > >> > begin. I have no source code for the kernel. I used yum to install >> > kernel-devel.rpm and all other rpms (since I didn't find kernel-src.rpm) >> > which contain kernel in the name. Never the less script still complains >> > about the lack of the kernel source code. Could you please tell me where >> > can I get kernel source and where is supposed to be placed on Linux? >> >> Have you updated the kernel and rebooted since the last kernel update? >> One thing that the NVidia installers have traditionally been horrid >> about is detecting what you
Re: Tesla c1060 driver installation
On Sat, Aug 20, 2011 at 6:43 PM, Akemi Yagi wrote: > On Sat, Aug 20, 2011 at 6:59 AM, Nico Kadel-Garcia wrote: >> On Sat, Aug 20, 2011 at 12:08 AM, Predrag Punosevac >> wrote: > >>> I am also a bit >>> concern about other applications and their availability for SL 6.1. This >>> thing must run MATLAB, Maple, Mathematica, SciPy, Numpy and be >>> accessible not only via ssh but also via NoMachine NX. In particular NX >>> is closed source for version 4.0 and above so I am not sure if the free >>> version of server will even install let alone run on SL 6.1. >> >> Wow, you do have a suite of tools that might add up to some support >> issues. Since our favorite upstream vendor's version 6 has been out >> since October of 2010, I suspect that all of those packages are now >> compatible with SL 6.0 or SL 6.1 > > I wouldn't be surprised if some of the applications mentioned are not > compatible with EL 6. I have an EL-5 box running VMWare Workstation 7 > but cannot upgrade it to EL 6 because this VMWare product does not > support RHEL-6.0 as host, does not support RHEL 6.1 as host/guest. > This is rather surprising; nine months after the release of RHEL 6.0, > it is still not supported. VMware WS is not free, and one would think > a company like VMware should do a better job for paying customers. > >> I wouldn't sweat the binary NoMachine implementation. While I dislike >> intensely closed source code, the freeware rebuilds of NX based tools, >> such as neatx and freenx, are all abandonware, and NoMachine's >> implementation is noticeably superios, especially for the Windows >> clients. And hey, with Putty 0.61 out and supporting genuine GSSAPI, >> I'm hoping that it can support genuine single-sign-on.. > > nx/freenx is indeed nice. Unfortunately, the version for EL6 is still > under testing. I have been running it just fine on EL6.0 as well as on > 6.1. It just has to be finalized and published (from the CentOS extras > repository). Anyone wishing to give it a try can download the testing > version from: > > http://centos.toracat.org/misc/nx-freenx/6/ > > The current version is: > > freenx-0.7.3-7.el6.ay > nx-3.4.0-7.el6.ay And the nx code is about to leave GPL licensing (according to the company that owns it, www.nomachine.com), with the release of version 4. And FreeNX hasn't had a software update in over three years. It's abandonware, like all the other freeware NX wrappers. And by the way, I do believe I personally *wrote* the last updates from CentOS for those tools: I certainly submitted my updates for RHEL 5.6 and RHEL 6.0 compatibility, and I haven't noticed anyone tackling the project of porting the features of the commercial NX 4.x alpha releases to any other new GPL releases. I do wish that NoMachine would publish them under GPL, and wrote to them about it, in combination with buying some licenses.
Re: How to run Java 32, on SL5.5 x86_64??
On Tue, Aug 23, 2011 at 10:53 PM, Pablo Cavero wrote: > Hi, > > I have this question: > > How I can run the Alternative Java 32 for i586 included in the SL5.5, but, > in a SL x86_64 installation. > > What can happend if I install the Open Java for i586??? > And in this case, where I can running this?? > Home Java Directory?? > > I have installed the follow RPMs: > > java-1.6.0-sun-compat-1.6.0.26-3.sl5.jpp.i586 > java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.el5_6.x86_64 > java-1.6.0-sun-compat-1.6.0.26-3.sl5.jpp.x86_64 Pick *one* x86_64, first. Install it first. Do not try to run the "sun-compat" packages at the same time as the openjdk package: go with openjdk if you can. Then install the 32-bit JDK with the Scientific Linux RPM, but with the "--noscript" and the "--location" options to select another installation directory. This will help prevent it from resetting all your relevant symlinks and update-alternatives setups. This should install the 32-bit in parallel, and leave it where you can reset "JAVA_HOME" to find it. > but always run the Java for 64bits environment. > > Where is enable the Java for i586?? > > The idea is not use Java Downloaded from Sun Microsystem or Oracle, to use > Only Updates or Patches, like the tzdate-java from Scientific Linux. > > Best Regards, > > -- > Pablo Cavero > System Engineer > +569 8920 9509 >
Detecting AD server for Kerberized authentication on SL 5.6 and 6.1
I'm quite aware that it's possible to authenticate local users against the Kerberos services of Active Directory, but seek a way to detect what the actual local KDC is in an environment that does not seem to publish the relevant SRV records for its Active Directory servers. Does anyone know a graceful way to deduce this, without running a full-blown nmap across the local network or trying to bother the Active Directory admins to reveal their secrets?
Re: SL6.1: Missing dependencies in SL repos
On Fri, Sep 2, 2011 at 6:23 PM, Maciej Puzio wrote: > Pat, "yum clean all" had no effect, however your reply pushed my > investigation into a new direction and I was able to figure out what was > wrong. Following an advice from this list, some time ago I had modified the > repo file for sl-fastbugs, by replacing "$releasever" with "6x". I believed > (wrongly) that this was all that was necessary to upgrade the system to 6.1. > In fact I should have replaced every occurrence of "$releasever" in all SL > repo files. Not having done that I ended with a 6.0/6.1 hybrid, which > explains the dependency problems. I have now modified all repo files and > with this change all dependencies resolve correctly. So I consider the > problem solved. Since the server works OK and is current with security > updates, the proper upgrade to 6.1, including the packages that I complained > about, will have to wait until next maintenance day. Or, you could have installed the "sl-release-6.1" package manually, or half a dozen other tricks.
