Re: [SCIENTIFIC-LINUX-USERS] yum error, SL 6.3, file is encrypted or is not a database
Forgot to say that one should do a 'yum clean all' and then 'yum update' works. - Larry P. Larry Nelson wrote on 4/23/16 9:49 PM: Fixed! Thanks Pat! - Larry Pat Riehecky wrote on 4/23/16 5:52 PM: Weird, the only change to the on April 21 was a security errata that was published just like the rest. I'll rebuild the metadata across the board just to be safe. Pat On 04/23/2016 05:38 PM, P. Larry Nelson wrote: I am having same problem with 3 of my SL5.x systems. One is 5.1 and two are 5.4. All my other SL 5.x are 5.5 and have had no problems, nor have I seen this problem with any of my SL6.x systems. The problem seems to be with sl-security repo. If I do a 'yum update --disablerepo=sl-security' on the 5.1 and 5.4 systems I do NOT get the: Error: file is encrypted or is not a database This just started happening with the early morning auto yum update on 4/22/16. - Larry Joseph Areeda wrote on 4/23/16 4:35 PM: I see people are having the same problem with some of the version 7 repos. But I don't understand how to figure out which repo is causing the problem. Are people disabling star and enabling one at a time? Thanks, Joe On 4/23/16 1:53 PM, Joseph Areeda wrote: We started getting this error couple of days ago machine that has been auto updating for years. I would assume that it was a corruption of a local database but it happened on two systems simultaneously. Googling for that error message produces nothing on yum but several hits on's SQLite. I'd appreciate any insight into what the error means and how to track down exactly which repo or file on my system is causing it the problem. Below is what I see, yum update also produces the same error message. Thanks, Joe [root@mavraki yum.repos.d]# yum clean all Loaded plugins: fastestmirror, refresh-packagekit, security Cleaning repos: CONDOR-stable VDT-Production-sl6 elrepo lscsoft-epel lscsoft-pegasus lscsoft-production sl sl-security Cleaning up Everything Cleaning up list of fastest mirrors [root@mavraki yum.repos.d]# yum repolist Loaded plugins: fastestmirror, refresh-packagekit, security Determining fastest mirrors * elrepo: elrepo.org * sl: ftp1.scientificlinux.org * sl-security: ftp1.scientificlinux.org CONDOR-stable | 2.9 kB 00:00 CONDOR-stable/primary_db | 427 kB 00:00 VDT-Production-sl6 | 1.3 kB 00:00 VDT-Production-sl6/primary | 35 kB 00:00 VDT-Production-sl6 11/11 elrepo | 2.9 kB 00:00 elrepo/primary_db | 732 kB 00:00 lscsoft-epel | 2.7 kB 00:00 lscsoft-epel/primary_db | 4.2 MB 00:02 lscsoft-pegasus | 2.6 kB 00:00 lscsoft-pegasus/primary_db | 5.8 kB 00:00 lscsoft-production | 2.9 kB 00:00 lscsoft-production/primary_db | 301 kB 00:00 sl | 3.5 kB 00:00 sl/primary_db | 4.2 MB 00:03 sl-security | 3.0 kB 00:00 sl-security/primary_db | 12 MB 00:06 Error: file is encrypted or is not a database [root@mavraki yum.repos.d]# -- P. Larry Nelson (217-244-9855) | IT Administrator 457 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo: lnel...@illinois.edu | http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: [SCIENTIFIC-LINUX-USERS] yum error, SL 6.3, file is encrypted or is not a database
Fixed! Thanks Pat! - Larry Pat Riehecky wrote on 4/23/16 5:52 PM: Weird, the only change to the on April 21 was a security errata that was published just like the rest. I'll rebuild the metadata across the board just to be safe. Pat On 04/23/2016 05:38 PM, P. Larry Nelson wrote: I am having same problem with 3 of my SL5.x systems. One is 5.1 and two are 5.4. All my other SL 5.x are 5.5 and have had no problems, nor have I seen this problem with any of my SL6.x systems. The problem seems to be with sl-security repo. If I do a 'yum update --disablerepo=sl-security' on the 5.1 and 5.4 systems I do NOT get the: Error: file is encrypted or is not a database This just started happening with the early morning auto yum update on 4/22/16. - Larry Joseph Areeda wrote on 4/23/16 4:35 PM: I see people are having the same problem with some of the version 7 repos. But I don't understand how to figure out which repo is causing the problem. Are people disabling star and enabling one at a time? Thanks, Joe On 4/23/16 1:53 PM, Joseph Areeda wrote: We started getting this error couple of days ago machine that has been auto updating for years. I would assume that it was a corruption of a local database but it happened on two systems simultaneously. Googling for that error message produces nothing on yum but several hits on's SQLite. I'd appreciate any insight into what the error means and how to track down exactly which repo or file on my system is causing it the problem. Below is what I see, yum update also produces the same error message. Thanks, Joe [root@mavraki yum.repos.d]# yum clean all Loaded plugins: fastestmirror, refresh-packagekit, security Cleaning repos: CONDOR-stable VDT-Production-sl6 elrepo lscsoft-epel lscsoft-pegasus lscsoft-production sl sl-security Cleaning up Everything Cleaning up list of fastest mirrors [root@mavraki yum.repos.d]# yum repolist Loaded plugins: fastestmirror, refresh-packagekit, security Determining fastest mirrors * elrepo: elrepo.org * sl: ftp1.scientificlinux.org * sl-security: ftp1.scientificlinux.org CONDOR-stable | 2.9 kB 00:00 CONDOR-stable/primary_db | 427 kB 00:00 VDT-Production-sl6 | 1.3 kB 00:00 VDT-Production-sl6/primary | 35 kB 00:00 VDT-Production-sl6 11/11 elrepo | 2.9 kB 00:00 elrepo/primary_db | 732 kB 00:00 lscsoft-epel | 2.7 kB 00:00 lscsoft-epel/primary_db | 4.2 MB 00:02 lscsoft-pegasus | 2.6 kB 00:00 lscsoft-pegasus/primary_db | 5.8 kB 00:00 lscsoft-production | 2.9 kB 00:00 lscsoft-production/primary_db | 301 kB 00:00 sl | 3.5 kB 00:00 sl/primary_db | 4.2 MB 00:03 sl-security | 3.0 kB 00:00 sl-security/primary_db | 12 MB 00:06 Error: file is encrypted or is not a database [root@mavraki yum.repos.d]# -- P. Larry Nelson (217-244-9855) | IT Administrator 457 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo: lnel...@illinois.edu | http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: yum error, SL 6.3, file is encrypted or is not a database
I am having same problem with 3 of my SL5.x systems. One is 5.1 and two are 5.4. All my other SL 5.x are 5.5 and have had no problems, nor have I seen this problem with any of my SL6.x systems. The problem seems to be with sl-security repo. If I do a 'yum update --disablerepo=sl-security' on the 5.1 and 5.4 systems I do NOT get the: Error: file is encrypted or is not a database This just started happening with the early morning auto yum update on 4/22/16. - Larry Joseph Areeda wrote on 4/23/16 4:35 PM: I see people are having the same problem with some of the version 7 repos. But I don't understand how to figure out which repo is causing the problem. Are people disabling star and enabling one at a time? Thanks, Joe On 4/23/16 1:53 PM, Joseph Areeda wrote: We started getting this error couple of days ago machine that has been auto updating for years. I would assume that it was a corruption of a local database but it happened on two systems simultaneously. Googling for that error message produces nothing on yum but several hits on's SQLite. I'd appreciate any insight into what the error means and how to track down exactly which repo or file on my system is causing it the problem. Below is what I see, yum update also produces the same error message. Thanks, Joe [root@mavraki yum.repos.d]# yum clean all Loaded plugins: fastestmirror, refresh-packagekit, security Cleaning repos: CONDOR-stable VDT-Production-sl6 elrepo lscsoft-epel lscsoft-pegasus lscsoft-production sl sl-security Cleaning up Everything Cleaning up list of fastest mirrors [root@mavraki yum.repos.d]# yum repolist Loaded plugins: fastestmirror, refresh-packagekit, security Determining fastest mirrors * elrepo: elrepo.org * sl: ftp1.scientificlinux.org * sl-security: ftp1.scientificlinux.org CONDOR-stable | 2.9 kB 00:00 CONDOR-stable/primary_db | 427 kB 00:00 VDT-Production-sl6 | 1.3 kB 00:00 VDT-Production-sl6/primary | 35 kB 00:00 VDT-Production-sl6 11/11 elrepo | 2.9 kB 00:00 elrepo/primary_db | 732 kB 00:00 lscsoft-epel | 2.7 kB 00:00 lscsoft-epel/primary_db | 4.2 MB 00:02 lscsoft-pegasus | 2.6 kB 00:00 lscsoft-pegasus/primary_db | 5.8 kB 00:00 lscsoft-production | 2.9 kB 00:00 lscsoft-production/primary_db | 301 kB 00:00 sl | 3.5 kB 00:00 sl/primary_db | 4.2 MB 00:03 sl-security | 3.0 kB 00:00 sl-security/primary_db | 12 MB 00:06 Error: file is encrypted or is not a database [root@mavraki yum.repos.d]# -- P. Larry Nelson (217-244-9855) | IT Administrator 457 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo: lnel...@illinois.edu | http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: RHEL 5/6/7 "rosetta stone"
With a Mac (running OSX Mavericks), I can do a screenshot or individual window shot. To take a screenshot of a window: Press Command-Shift-4. The pointer changes to a crosshair pointer. Press the Space bar. The pointer changes to a camera pointer. Move the camera pointer over a window to highlight it. Click your mouse. To cancel, press the Escape (esc) key before you click. Find the screenshot as a .png file on your desktop. First I use Chrome to pull down the pdf. Chrome, seeing it's a pdf, automatically gives you fade-away + and - controls in the lower right of the browser window. What I did (for personal use only) was just manipulate the view size and scroll up/down, left/right until it's readable and I have a reasonable bit of the overall poster to print. Took about 7 window shots that way to get the whole thing. - Larry Keith Lofstrom wrote on 2/1/16 12:51 PM: "W.L." provided this URL, for a poster that shows commonly used commands for RHEL 5, 6, and 7: https://access.redhat.com/sites/default/files/attachments/rhel_5_6_7_cheatsheet_27x36_1014_jcs_web.pdf It is a large poster (approaching the Rosetta Stone in size), but it is very useful for understanding what's what in RHEL7. This, plus the man pages for the tools, is a good approximation of what I was asking for. Reducing it to manageable size might involve: 1) Using Imagemagick "convert" with increased density to convert the image into a huge png. 2) Using "gimp" to move chunks of the image around, then crop them into 4 page size png images. 3) Using "convert" again to make a 4 page pdf out of those images. This may be a violation of copyright, so I would never ever EVER do this. If copies of a 4 page rhel pdf ever show up in your mailbox, do the right thing with them. Keith -- P. Larry Nelson (217-244-9855) | IT Administrator 457 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo: lnel...@illinois.edu | http://www.brf-llc.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: SL 7.1 not installing from DVD on unpartitioned disk
Konstantin Olchanski wrote on 9/23/15 7:19 PM: On Sun, Sep 20, 2015 at 03:54:18PM -0400, Nico Kadel-Garcia wrote: Hilarity ensued. I had to explain to several engineers, for both VM's and for repurposing hardware, that you should really clear the first blocks of a disk before handing it off to an installer, precisely to clear this and other kinds of confusion. First few blocks is not good enough. I had trouble with RHEL/SL installer finding some old md raid signatures or superblocks or something and refusing to use the disk (after asking and answering all the installer question, injury+insult). I ran into the same problem when building a SL6.x cluster using scrounged old disks (academia ya know...). Several times Anaconda would pop up a message window saying something like: "I'm terribly sorry, but this disk has unidentified BIOS Raid Metadata and I am just not going to use it." What the.. I don't care! This is a bare metal installation! Use the damn disk! Which promptly fell on deaf ears. Fortunately, I discovered that if I take said disk and plop it into another system, I can use LVM (GUI or command line) to force the initialization of the device. In the GUI, at the upper left, click on Tools -> Initialize Block Device. Then enter the device name - in my case /dev/sdb. Bingo. I can now use the disk in an installation or whatever. The installer must have a button for "yes, I want to use this disk, yes, I know it has/had some data, yes, I am know what I am doing, just use this disk already". But people who write installers have no brains. How else you explain multiple disks being presented as "you have 6 disks: wdc, wdc, wdc, wdc, wdc and wdc, you *must* chose the right one to install the bootloader". (some installers helpfully tell you the disk size, so you know which one of the identically listed "6tb wdc disk" to use). Aparently the thinking is that presenting users with disk serial numbers will confuse them (and forger about telling them the physical SATA ports or SATA topology). -- P. Larry Nelson (217-244-9855) | IT Administrator 457 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo: lnel...@illinois.edu | http://www.brf-llc.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Linux UID/GID issues
[I'm starting a new thread here as I know many of our colleagues out
there prefer that to happen when a current thread starts to veer a
little off the original topic. So I've copy/pasted the last entry
under the old thread to this reply.]
Thanks Chris for the info on login.defs. I did not realize that
file existed. Other than the occasional rants on this list, I pretty
much learn something new every day, and I've been at this a long time.
It is humbling.
Further comments in-line below.
- Larry
> Forwarded Message
> Subject: Re: Bizarre bug
> Date: Tue, 3 Mar 2015 17:00:31 -0600
> From: Ken Teh
> Organization: Argonne National Laboratory
> To: Chris Schanzle ,
scientific-linux-us...@fnal.gov
>
> I set mine at uid/gid=2000 and pray it's good till I retire :)
Years ago ('89 I think was my first foray into unix - SunOS), I
chose 666 for my UID and I've made it follow me everywhere since.
Devilishly clever, I thought. :-)
There's more. Scroll on down
> On 03/03/2015 04:44 PM, Chris Schanzle wrote:
>> On 03/03/2015 03:33 PM, P. Larry Nelson wrote:
>> That used to happen in the old days before
>> system-config-users pretty much kept generated UIDs/GIDs well out
>> of the range that an installed piece of software might use.
>> I believe the rule is now that real people users get a UID > 500
>> and installed apps (like ntop, UID:103, GID:160) use UIDs < 500,
>> but I don't know if that's a hard and fast rule with apps or not.
>> I do the same thing with any local group I create - give it a
>> GID > 500.
>
> The authoritative source used by useradd (perhaps others) is
/etc/login.defs:
>
> grep ^UID_MIN /etc/login.defs
> UID_MIN 500
>
> Historically it was UID >= 500 (note 500 was the first), in recent
Fedora's and EL7, it's now 1000:
>
> grep ^UID_MIN /etc/login.defs
> UID_MIN 1000
>
>
> Note new systems also have min/max values for system accounts in
login.defs:
>
> # Min/max values for automatic uid selection in useradd
> #
> UID_MIN 1000
> UID
> # System accounts
> SYS_UID
> SYS_UID_MAX 999
>
So, as I understand this, login.defs is only used by useradd (which
I assume system-config-users must invoke)?
What is to govern (other than perhaps some sort of gentleman's
agreement in the app world) what UID/GID an application decides
to grab upon install?
I used the ntop app as an example in a previous post under the
previous thread and noted that it grabbed UID:103, GID:160.
What's to prevent an app from grabbing a UID and GID > 500
(or 1000 in newer releases)?
BTW, as an aside, if you haven't discovered and installed ntop
(epel repo), I highly recommend it. An amazing admin net tool
that's web based and I'm still learning what all it can do and
display.
- Larry
--
P. Larry Nelson (217-244-9855) | IT Administrator
461 Loomis Lab | High Energy Physics Group
1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill.
MailTo:lnel...@illinois.edu| http://www.brf-llc.com/lnelson/
---
"Information without accountability is just noise." - P.L. Nelson
Re: Bizarre bug
On 3/3/15 1:08 PM, Stephen John Smoogen wrote: [snip...] Oh aye, many mouths have poo-pooed NIS as insecure and old fashioned. And I have considered leveraging our campus's AD or LDAP and do away with my NIS service. But then I'd have to deal with the campus Windows people. I have collaborators from all over the world in my passwd file. They are not university faculty staff or students. Very hard to get them into the campus AD or LDAP. I'll stick with my own NIS. It takes me all of about 2 minutes to add a new user. If they are not part of the university, that could take days if I used campus services. So NIS is not getting as much testing anymore as it is being listed as a no-no in various .gov/.mil/PCI/HIPAA audits. So a lot of NIS problems seem to have crept in and are only showing up now because large deployments of Dark-Matter computers are beginning to move from an 8 year old OS to a 5 year old OS. I list this as the Dark Matter of systems because there are large numbers that no one seems to know about until the gravity of the situation hits them. The things I would look at for this are: 1) Put in the ip address of the nis server into /etc/hosts and see if that fixes things. If it does.. it is a bug, but one similar to something I ran into with SunOS 4.1.4 a loong time ago. [Solaris 2.4 also had a similar one.. and IRIX 6.2 (I think). ] 2) Turn off nscd (or sssd? in EL7) to see if it changes how the system reacts. It may be caching hosts which aren't reachable but portmap is going to try and talk because it thinks its still available. 3) strace of closing processes might be useful with strace writing to a file so it isn't lost when the box shuts down completely. Thanks Stephen! If I ever get some free time and curiosity overwhelms me, I'll try some of your suggestions, but I think I'll just resort to the old 'files nis' order and move on. Could you tell me which file and lines you commented out? [Thanks] Are you talking about /etc/nsswitch.conf? I didn't comment out any lines - I merely snipped out the default lines that already had comments so it was easier to read. Thanks, - Larry -- Stephen J Smoogen. -- P. Larry Nelson (217-244-9855) | IT Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@illinois.edu| http://www.brf-llc.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Bizarre bug
Well, that's the question I am now asking myself. As I mentioned before, it was because it was in my "notes" to switch the order. But I don't remember why exactly. And yes, the passwd, shadow, and group content are all on my nismaster and nisslave systems as NIS maps to override the same files on all NIS clients. There are no "real person" entries in the password file on any of my systems, so real people login to my systems using credentials from the NIS maps. I believe the thinking for the 'nis files' order was in case some app got installed that wanted to create a /sbin/nologin entry in /etc/passwd and its own group in /etc/group that might conflict with a users UID/GID from our NIS maps. That used to happen in the old days before system-config-users pretty much kept generated UIDs/GIDs well out of the range that an installed piece of software might use. I believe the rule is now that real people users get a UID > 500 and installed apps (like ntop, UID:103, GID:160) use UIDs < 500, but I don't know if that's a hard and fast rule with apps or not. I do the same thing with any local group I create - give it a GID > 500. I think it was many years ago (circa mid-90's) when I came on board and we were transitioning from old Sun systems (that someone else had set up) to RedHat that I discovered some legacy users with UIDs/GIDs that conflicted with some stock entries in the RedHat passwd file necessitating changing the users' UIDs/GIDs everywhere. Messy! - Larry On 3/3/15 1:41 PM, Ken Teh wrote: Just out of curiosity, why *do* you switch them around? Are you overriding the password/group/etc, content? My NIS maps only contain content that is local to the cluster. Leaves the system accounts, etc, untouched. On 03/03/2015 01:33 PM, P. Larry Nelson wrote: Hi Ken, On 3/3/15 1:06 PM, Ken Teh wrote: I wonder if the loopback shutdown is a red herring. The "files nis" switch around seems more like a clue. Perhaps some outstanding RPC after the network shutdowns (ethx's are down before the loop, no?) Correct - all other net interfaces go down first. I'd try playing around the shutting down these bits manually in various permutations leaving the system running to see if it hangs. I have SL6.x systems running NIS without problems but then I did not reverse the "files nis" in nsswitch.conf. Actually, I think that is really the problem (but the "why" may just have to wait until another day or just file it away in my big file cabinet of unsolved linux weirdities). I took a look at a sampling of some older SL5.x nodes that have been up and running for years and see that they all have 'files nis' order, all apparently without any problems or complications. Thing is, I have in my "notes" on bringing up a new node, "Don't forget to edit nsswitch.conf with 'nis files' order. But the problem is I just don't remember why I wrote that! I'd like to think that my "notes" are things I figured out once so I don't have to revisit the issue every time. Apparently I didn't figure it out well enough. So, I guess I'll just return to the default order of 'files nis' and forget the whole thing and get some sleep. :-) But it's still a weird bug, which bugs me.. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | IT Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@illinois.edu| http://www.brf-llc.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Bizarre bug
Hi Ken, On 3/3/15 1:06 PM, Ken Teh wrote: I wonder if the loopback shutdown is a red herring. The "files nis" switch around seems more like a clue. Perhaps some outstanding RPC after the network shutdowns (ethx's are down before the loop, no?) Correct - all other net interfaces go down first. I'd try playing around the shutting down these bits manually in various permutations leaving the system running to see if it hangs. I have SL6.x systems running NIS without problems but then I did not reverse the "files nis" in nsswitch.conf. Actually, I think that is really the problem (but the "why" may just have to wait until another day or just file it away in my big file cabinet of unsolved linux weirdities). I took a look at a sampling of some older SL5.x nodes that have been up and running for years and see that they all have 'files nis' order, all apparently without any problems or complications. Thing is, I have in my "notes" on bringing up a new node, "Don't forget to edit nsswitch.conf with 'nis files' order. But the problem is I just don't remember why I wrote that! I'd like to think that my "notes" are things I figured out once so I don't have to revisit the issue every time. Apparently I didn't figure it out well enough. So, I guess I'll just return to the default order of 'files nis' and forget the whole thing and get some sleep. :-) But it's still a weird bug, which bugs me.. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | IT Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@illinois.edu| http://www.brf-llc.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Bizarre bug
Hi Stephen, Replies in-line below. Thanks, - Larry On 3/3/15 11:49 AM, Stephen John Smoogen wrote: On Mar 3, 2015 8:49 AM, "P. Larry Nelson" mailto:lnel...@illinois.edu>> wrote: > > I am seeing a bizarre bug where an SL6.x system hangs on either > shutdown or reboot at the point where it wants to shutdown the > loopback interface. > > Let me start off by saying I'm running a mixed shop of SL5.x servers > (DNS, NIS, NTP, DHCP, NFS, etc.) along with a bunch of new cluster-esque > nodes running SL6.x. All new SL6 nodes are Dell R410, R510, R710, for > whatever that's worth, but I don't believe they have anything to do > with the bug, per se. > > Since building these new SL6 nodes many weeks back, they have all > exhibited this extremely annoying habit of hanging on shutdown or > reboot at the shutdown of the loopback interface. > Eventually (for the most part) they stop spinning whatever wheels > they're spinning and do manage to complete either the shutdown or > reboot, but it takes upwards of 15, 20, or 30 minutes! Usually > I can't wait that long and just do a power off/on of the node. > > No amount of trying to find out what they are doing has worked, > from trying to open another console window (Alt-F1, etc.) at > shutdown/reboot to having top running in one terminal window while > doing a 'service network restart' in another. Everything just freezes! > > I tried any number of things over the past several weeks, including > ripping out NetworkManager knowing that it has had a history of mucking > things up. No luck. They still hang. > > On another front, I was having some UID/GID problems with the mix of > NFS v3 from my SL5.x file servers and NFS v4 on the SL6 nodes, so > I forced all mounts to use NFS v3. I thought maybe that could be > the problem, but again, no luck - still hanging. > > Revisiting it again in earnest this weekend via Google, I came up > empty as all hits seemed to have something to do with scenarios that > just did not apply, including many hits about a problem with running > the iscsi daemon (and there was a patch for that). But I'm not running > the iscsi daemon. It's not even installed. > > One comment by someone who also had the same problem was that he, not > ever figuring out the cause, just commented out the line in > /etc/init.d/network that shuts down the loopback interface, saying it's > not a real device anyway, so what the hell. > > So yesterday I thought I'd try the commenting out the loopback shutdown tactic on a test system. Sure enough, the reboot was normal with no > hangs. > > Ok, at least now I have a workaround, though that seems pretty kludgy. > > I decided to try and nail the culprit down with a fresh rebuild of > a test system and see just where in the build process the bug appears. > > After the basic install of SL6, the system reboots just fine. > Then do a 'yum update' with all its hundreds of patches. > It reboots just fine, as I expected. > > So the first "local" change was to configure NIS. > Try the reboot. Reboots fine. > > [ok, here is where it becomes bizarre] > Modify /etc/nsswitch.conf to switch the order of "files nis" to > "nis files" for passwd, shadow, and group, as I've always done. > Reboot. Boom! It hangs at loopback interface shutdown! > I want to thank you for giving all the details of your testing. I would like to use it as a future example of how to be constructive and helpful to other people needing help. Thanks. Yep, feel free to use this as an example. I suppose it comes from being in the biz for over 46 years and shaking my head at *SO* many ill conceived requests for help on listservs. So have you looked at nscd any? Does having nscd turned on or off alter this problem. Nay, I have not, and frankly, it didn't occur to me till you asked. I will explore that when I get a chance and see if it alters the problem. Also what is in hosts and is the NIS server listed. Thanks I assume you're talking about /etc/hosts on the clients. The SL6.x clients just have the following in hosts: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 > I repeated this many times to be sure, and it happens the same on > every SL6.x node. > > Bug or feature? I can't imagine it to be a feature nor can I > fathom what the order of "files" and "nis" in /etc/nsswitch.conf > has to do with the hanging of the loopback interface shutdown. > It's possible that an SL6.x NIS server might correc
Re: Bizarre bug
Contents of /etc/nsswitch.conf (minus the comments): passwd: nis files shadow: nis files group: nis files hosts: files nis dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc:files services: files netgroup: nis files publickey: nisplus automount: files nisplus aliases:files nisplus Thanks, - Larry On 3/3/15 11:55 AM, Stephan Wiesand wrote: On Mar 3, 2015, at 18:49 , Stephen John Smoogen wrote: On Mar 3, 2015 8:49 AM, "P. Larry Nelson" wrote: I am seeing a bizarre bug where an SL6.x system hangs on either shutdown or reboot at the point where it wants to shutdown the loopback interface. [...] [ok, here is where it becomes bizarre] Modify /etc/nsswitch.conf to switch the order of "files nis" to "nis files" for passwd, shadow, and group, as I've always done. Reboot. Boom! It hangs at loopback interface shutdown! I want to thank you for giving all the details of your testing. I would like to use it as a future example of how to be constructive and helpful to other people needing help. Indeed. So have you looked at nscd any? Does having nscd turned on or off alter this problem. Also what is in hosts and is the NIS server listed. Thanks And are you sure it's only passwd/group/shadow you set to "nis files"? Nothing else, in particular not hosts or ethers? Interesting issue ;-) -- P. Larry Nelson (217-244-9855) | IT Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@illinois.edu| http://www.brf-llc.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Bizarre bug
All my NIS clients point to nismaster.blah.blah.blah where nismaster is a CNAME in my DNS for the system that's running the NIS service. It's been like that for nearly 20 years with no problems. Plus there's an NIS slave server with its own CNAME of nisslave.blah.blah.blah I use hostnames and CNAMES instead of IP addresses in case the actual server has to be moved to a different host and thus has a new IP address. Don't want to have to go around to all the NIS clients and re-key the IP address of the NIS server. - Larry On 3/3/15 11:39 AM, Antonio Querubin wrote: On Tue, 3 Mar 2015, P. Larry Nelson wrote: Modify /etc/nsswitch.conf to switch the order of "files nis" to "nis files" for passwd, shadow, and group, as I've always done. Reboot. Boom! It hangs at loopback interface shutdown! I repeated this many times to be sure, and it happens the same on every SL6.x node. Bug or feature? I can't imagine it to be a feature nor can I fathom what the order of "files" and "nis" in /etc/nsswitch.conf has to do with the hanging of the loopback interface shutdown. It's possible that an SL6.x NIS server might correct the situation, but I have no time right now to spend a week on that not knowing it would even work. Comments and suggestions are welcome. Are you using hostnames instead of IP addresses anywhere in your NIS config? Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com -- P. Larry Nelson (217-244-9855) | IT Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@illinois.edu| http://www.brf-llc.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Bizarre bug
I am seeing a bizarre bug where an SL6.x system hangs on either shutdown or reboot at the point where it wants to shutdown the loopback interface. Let me start off by saying I'm running a mixed shop of SL5.x servers (DNS, NIS, NTP, DHCP, NFS, etc.) along with a bunch of new cluster-esque nodes running SL6.x. All new SL6 nodes are Dell R410, R510, R710, for whatever that's worth, but I don't believe they have anything to do with the bug, per se. Since building these new SL6 nodes many weeks back, they have all exhibited this extremely annoying habit of hanging on shutdown or reboot at the shutdown of the loopback interface. Eventually (for the most part) they stop spinning whatever wheels they're spinning and do manage to complete either the shutdown or reboot, but it takes upwards of 15, 20, or 30 minutes! Usually I can't wait that long and just do a power off/on of the node. No amount of trying to find out what they are doing has worked, from trying to open another console window (Alt-F1, etc.) at shutdown/reboot to having top running in one terminal window while doing a 'service network restart' in another. Everything just freezes! I tried any number of things over the past several weeks, including ripping out NetworkManager knowing that it has had a history of mucking things up. No luck. They still hang. On another front, I was having some UID/GID problems with the mix of NFS v3 from my SL5.x file servers and NFS v4 on the SL6 nodes, so I forced all mounts to use NFS v3. I thought maybe that could be the problem, but again, no luck - still hanging. Revisiting it again in earnest this weekend via Google, I came up empty as all hits seemed to have something to do with scenarios that just did not apply, including many hits about a problem with running the iscsi daemon (and there was a patch for that). But I'm not running the iscsi daemon. It's not even installed. One comment by someone who also had the same problem was that he, not ever figuring out the cause, just commented out the line in /etc/init.d/network that shuts down the loopback interface, saying it's not a real device anyway, so what the hell. So yesterday I thought I'd try the commenting out the loopback shutdown tactic on a test system. Sure enough, the reboot was normal with no hangs. Ok, at least now I have a workaround, though that seems pretty kludgy. I decided to try and nail the culprit down with a fresh rebuild of a test system and see just where in the build process the bug appears. After the basic install of SL6, the system reboots just fine. Then do a 'yum update' with all its hundreds of patches. It reboots just fine, as I expected. So the first "local" change was to configure NIS. Try the reboot. Reboots fine. [ok, here is where it becomes bizarre] Modify /etc/nsswitch.conf to switch the order of "files nis" to "nis files" for passwd, shadow, and group, as I've always done. Reboot. Boom! It hangs at loopback interface shutdown! I repeated this many times to be sure, and it happens the same on every SL6.x node. Bug or feature? I can't imagine it to be a feature nor can I fathom what the order of "files" and "nis" in /etc/nsswitch.conf has to do with the hanging of the loopback interface shutdown. It's possible that an SL6.x NIS server might correct the situation, but I have no time right now to spend a week on that not knowing it would even work. Comments and suggestions are welcome. - Larry -- P. Larry Nelson (217-244-9855) | IT Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@illinois.edu| http://www.brf-llc.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: nmap to find mac addressees
On 8/22/14 12:03 AM, ToddAndMargo wrote: Hi All, I have a Windows program http://sourceforge.net/projects/autoscan/ that will find all the MAC address on a Ethernet. Last time I used it, it found stuff on 192.168.1.0/24 and 192.168.88.0/24. Helped me fix everything so they were on the same network. There is a Linux tarball for autoscan, but I can not find an RPM for it. And, the tarball has no spec file in it. I could really use this functionality on Linux. As far as I can tell, nmap will only locate stuff on the current network, not everything on the Ethernet. Any idea how to do this with nmap or similar? I would really like to use nmap, if I could. I have tried "overlook fing", but it only finds stuff on the current network. Many thanks, -T fing can find MAC addresses on a different network if you run it on a system that connects to multiple nets. I have it installed on one of my SL5.x systems that has connections to our main net as well as all 5 of our firewalled subnets (192.168.x.x) By default, it just checks the net on what it thinks is your primary nic, but you can tell it to check any other net you have configured on that box. Use (for example) 'fing -n 192.168.1.0/24' Incredibly useful tool! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@illinois.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Security ERRATA Important: openssl on SL5.x i386/x86_64
and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. -- SL5 x86_64 openssl-0.9.8e-27.el5_10.3.i686.rpm openssl-0.9.8e-27.el5_10.3.x86_64.rpm openssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.3.x86_64.rpm openssl-perl-0.9.8e-27.el5_10.3.x86_64.rpm openssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm openssl-devel-0.9.8e-27.el5_10.3.i386.rpm openssl-devel-0.9.8e-27.el5_10.3.x86_64.rpm i386 openssl-0.9.8e-27.el5_10.3.i386.rpm openssl-0.9.8e-27.el5_10.3.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm openssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm openssl-perl-0.9.8e-27.el5_10.3.i386.rpm openssl-devel-0.9.8e-27.el5_10.3.i386.rpm - Scientific Linux Development Team -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@illinois.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: [SCIENTIFIC-LINUX-USERS] OpenSSL Vulnerability
In case this helps, here's what our campus security folks sent out this morning.
==
Mitigation:
"Affected users should upgrade to OpenSSL 1.0.1g. Users unable to
immediately upgrade can alternatively recompile OpenSSL with
- -DOPENSSL_NO_HEARTBEATS."
Quick remote test for potential vulnerability (from linux):
echo ""|openssl s_client -connect $MYHOST:443 -tlsextdebug 2>&1 \
| egrep 'heartbeat'
An example response of a potentially vulnerable host would be:
TLS server extension "heartbeat" (id=15), len=1
Quick local check for vulnerability:
openssl version -a
Any version other than 1.0.1 through 1.0.1f should be safe. In any
1.0.1 version if the -DOPENSSL_NO_HEARTBEATS flag listed in the
compiler flags that should mean you're safe.
Spot check:
openssl version -a| grep -oE '1.0.1[a-g]{1}?|DOPENSSL_NO_HEARTBEATS'
This should give you the version, if it's 1.0.1, and if the
OPENSSL_NO_HEARTBEATS was listed.
Adding to the spot checks above, once you patch with the official
patches from Ubuntu/Debian/RHEL these simple openssl checks will still
show the heartbeat extension enabled but it shouldn't be vulnerable
anymore. If you have access to Qualys for scanning, the QID for
scanning for this vulnerability is 42430.
The http://heartbleed.com/ site recommends re-issuing certificates
in case of prior compromise of existing private keys as there is no
way to differentiate from normal traffic.
We are recommending to our users to do this as well as any credentials
used over the SSL connection, especially in the last few days. The
vulnerability is easily exploitable and a few tests have returned
valid session cookies at the very least. Supposedly the server's
private key can be exposed as well. Passively there's no way to
determine if this is being exploited. I haven't had time to test with
debugging enabled.
===
Jamie Duncan wrote on 4/8/2014 12:44 PM:
The bug was only applicable to RHEL/CentOS/OEL/SL 6.5+
https://access.redhat.com/site/solutions/781793
On Tue, Apr 8, 2014 at 1:36 PM, Jeffrey Anderson mailto:jdander...@lbl.gov>> wrote:
Is SL5 vulnerable, and will there be a patch?
On Tue, Apr 8, 2014 at 7:10 AM, Pat Riehecky mailto:riehe...@fnal.gov>> wrote:
The updated package should be available now.
Pat
On 04/08/2014 05:43 AM, Adam Bishop wrote:
Good Morning,
I’ve not seen a fixed OpenSSL package drop into the repo’s as of
yet.
Apologies for asking the question, but how quickly will this be
packaged and made available (i.e. should I start building the
package myself)?
Regards,
Adam Bishop
Systems Development Specialist
gpg: 0x6609D460
t: +44 (0)1235 822 245
xmpp: ad...@jabber.dev.ja.net <mailto:ad...@jabber.dev.ja.net>
Janet, the UK's research and education network.
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No.
2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
--
Pat Riehecky
Scientific Linux developer
http://www.scientificlinux.__org/ <http://www.scientificlinux.org/>
--
--
Jeffrey Anderson| jdander...@lbl.gov
<mailto:jdander...@lbl.gov>
Lawrence Berkeley National Laboratory |
Office: 50A-5104E | Mailstop 50A-5101
Phone: 510 486-4208 | Fax: 510
486-4204
--
Thanks,
Jamie Duncan
@jamieeduncan
--
P. Larry Nelson (217-244-9855) | Systems/Network Administrator
461 Loomis Lab | High Energy Physics Group
1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill.
MailTo:lnel...@illinois.edu| http://www.roadkill.com/lnelson/
---
"Information without accountability is just noise." - P.L. Nelson
Re: Web server breaks after nss/nspr update
Update... Scratch the bit at the end about the [warn] messages in the ssl_error_log. Looking way back into the logs, I get them all the time. So, that's not a clue anymore. - Larry P. Larry Nelson wrote on 12/13/2013 12:09 PM: Wondering if anyone else has seen this... I have a web server with following details: - 2.6.18-371.3.1.el5 #1 SMP Thu Dec 5 11:39:02 CST 2013 x86_64 x86_64 x86_64 GNU/Linux - Scientific Linux SL release 5.5 (Boron) - httpd-2.2.3-82.sl5.x86_64 The server has been running fine for years. I am not the author of the website, I just maintain the box (security and kernel updates). On Dec 10, yum updated to the following (among others): - nspr-4.10.2-2.el5_10.i386 - nspr-4.10.2-2.el5_10.x86_64 - nss-3.15.3-3.el5_10.i386 - nss-3.15.3-3.el5_10.x86_64 - nss-tools-3.15.3-3.el5_10.x86_64 - nspr-devel-4.10.2-2.el5_10.x86_64 - nss-devel-3.15.3-3.el5_10.x86_64 - mod_nss-1.0.8-8.el5_10.x86_64 The httpd daemon was not restarted at that point (because I missed the instructions in the errata email). Then on Dec 11, with the php security update, I *did* restart httpd. But now when httpd starts, I see in /var/log/httpd/error_log lots and lots of: [error] NSS_Initialize failed. Certificate database: /etc/httpd/alias. [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED And httpd daemons start and then fail with: [notice] child pid 9784 exit signal Segmentation fault (11) And in /var/log/httpd/ssl_error_log I see: [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? As a temp workaround, I've moved /etc/httpd/conf.d/nss.conf to nss.conf.BAK and restarted httpd, which works, and it's up and running, but I'm assuming the nss/nspr was there to provide encryption for a login mechanism. The P.I. (principal investigator) of the site says logins still work, but, as I said, they won't be encrypted (if that was the norm before). Not knowing much about nss/nspr for a web site, I'm also guessing that the ssl_error_log message about: `localhost.localdomain' does NOT match server name!? is the clue to the problem, but why all of a sudden with the latest nss/nspr update? Perhaps more to the point, how to fix? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@illinois.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Web server breaks after nss/nspr update
Wondering if anyone else has seen this... I have a web server with following details: - 2.6.18-371.3.1.el5 #1 SMP Thu Dec 5 11:39:02 CST 2013 x86_64 x86_64 x86_64 GNU/Linux - Scientific Linux SL release 5.5 (Boron) - httpd-2.2.3-82.sl5.x86_64 The server has been running fine for years. I am not the author of the website, I just maintain the box (security and kernel updates). On Dec 10, yum updated to the following (among others): - nspr-4.10.2-2.el5_10.i386 - nspr-4.10.2-2.el5_10.x86_64 - nss-3.15.3-3.el5_10.i386 - nss-3.15.3-3.el5_10.x86_64 - nss-tools-3.15.3-3.el5_10.x86_64 - nspr-devel-4.10.2-2.el5_10.x86_64 - nss-devel-3.15.3-3.el5_10.x86_64 - mod_nss-1.0.8-8.el5_10.x86_64 The httpd daemon was not restarted at that point (because I missed the instructions in the errata email). Then on Dec 11, with the php security update, I *did* restart httpd. But now when httpd starts, I see in /var/log/httpd/error_log lots and lots of: [error] NSS_Initialize failed. Certificate database: /etc/httpd/alias. [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED And httpd daemons start and then fail with: [notice] child pid 9784 exit signal Segmentation fault (11) And in /var/log/httpd/ssl_error_log I see: [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? As a temp workaround, I've moved /etc/httpd/conf.d/nss.conf to nss.conf.BAK and restarted httpd, which works, and it's up and running, but I'm assuming the nss/nspr was there to provide encryption for a login mechanism. The P.I. (principal investigator) of the site says logins still work, but, as I said, they won't be encrypted (if that was the norm before). Not knowing much about nss/nspr for a web site, I'm also guessing that the ssl_error_log message about: `localhost.localdomain' does NOT match server name!? is the clue to the problem, but why all of a sudden with the latest nss/nspr update? Perhaps more to the point, how to fix? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@illinois.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: how do I disable background updates?
On 7/14/12 8:31 AM, William Scott wrote: On 11 July 2012 04:47, Todd And Margo Chester wrote: <> on the prior version. Thank you for the help, -T Something of interest if you have to roll back. http://yum.baseurl.org/wiki/YumHistory Very cool! But which version of yum has this? The web page (above) says the 'history' command was added sometime around the end of 2009. The yum we are currently using (in SL 5.5) is yum-3.2.22-26 with a build date of 04 May 2010 and does *not* have the 'history' command. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: how do I disable background updates?
Hi Todd, On 7/9/12 7:05 PM, Todd And Margo Chester wrote: On 07/09/2012 04:26 PM, P. Larry Nelson wrote: On 7/9/12 6:11 PM, Alan Bartlett wrote: On 10 July 2012 00:03, Todd And Margo Chester wrote: Hi All, According to /var/log/yum.log, something is doing back ground updates. This morning the flash-plugin updated after I downgraded it yesterday and I got a libvirt updated that crashed my VMs. I did not ask for these updates. I am afraid to go on the Internet! How do I turn off these background updates? I'd suggest looking at the output returned by -- sudo yum list yum-\* Alan. Todd, More importantly - why are you not being notified by yum when the background updates occur? Yum should be sending email to root when that happens. Who does "root" point to in your /etc/aliases file (last line of the file)? Also, I strongly suggest you subscribe to the scientific-linux-errata email list (non-discussion) wherein Pat Riehecky sends out notices of impending errata updates a day in advance. - Larry Hi Larry, I usually do not read root's mail. I wonder if there is a way to read it with Thunderbird without setting up sendmail. Hmmm. -T Ok, first off, IMHO, you should read email to root Back in the early days of unix, it was pretty much an unwritten rule (sometimes it was a written local policy) that "root" in /etc/aliases *had* to point to an email address which would be reliably read by a human. I don't think the new generation of admins follows that as much anymore. But then again, unix systems back then were always servers of some sort or another. Second, sendmail should always be part of any SL installation. By default, the standard sendmail, as provided by TUV, does not "listen" for incoming email, i.e., it is not acting as an email server and thus is not a worry to have to deal with - just install it. Third, if "root" in /etc/aliases has not been modified to send to an email address, email to root stays on the local machine. You can easily read root's email on the local machine with /bin/mail (if you're logged in as root or su to root), which is an ascii text bare-bones email reader dating back to the Pleistocene. Doesn't matter much since system email sent to root is just ascii text anyway. Make it a point to check root's email, if not daily, at least once a week. If you have logwatch enabled, there will be daily emails. My $.02 - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: how do I disable background updates?
On 7/9/12 6:11 PM, Alan Bartlett wrote: On 10 July 2012 00:03, Todd And Margo Chester wrote: Hi All, According to /var/log/yum.log, something is doing back ground updates. This morning the flash-plugin updated after I downgraded it yesterday and I got a libvirt updated that crashed my VMs. I did not ask for these updates. I am afraid to go on the Internet! How do I turn off these background updates? I'd suggest looking at the output returned by -- sudo yum list yum-\* Alan. Todd, More importantly - why are you not being notified by yum when the background updates occur? Yum should be sending email to root when that happens. Who does "root" point to in your /etc/aliases file (last line of the file)? Also, I strongly suggest you subscribe to the scientific-linux-errata email list (non-discussion) wherein Pat Riehecky sends out notices of impending errata updates a day in advance. - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Policy on SL lifetimes
zxq9 wrote on 6/13/2012 12:32 AM: On 06/13/2012 06:44 AM, Konstantin Olchanski wrote: (On this list, are we really required to say "TUV" instead of "***censored***", as if we were playing a 1984 double-speak live action game?) Yes, because lawyers have made even casual conversation a legal minefield for reasons other than getting disappeared by the Thought Police. Pretty much anything trademarked, burdened by customer guarantees of any sort, or otherwise encumbered in any way should be referred to obliquely on this list. This sounds silly, I know, but the reason is that the labs who support this project don't have the bandwidth or the desire to even open a conversation about how to open a proper, legal, trade protections unencumbered conversation, and to that end terms like "TUV" are used around here. Not that TUV is a bad player -- *far* from it -- but why even open the door in case the wind starts blowing the other way? Could someone who maintains this list (Connie? Pat?) please confirm or deny this seemingly absurd policy! I have not searched the archives of this list, but of the 1824 messages I have saved locally over the years, for one reason or another, 333 of them contain "Redhat" in the body of the message, while another 74 contain "Red Hat". I don't recall anyone ever getting their typing fingers slapped. Thanks! -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: How do i change hostname?
Arnav, Before spending your money, you might just try any number of online resources. Google is your friend. A few sites that come to mind immediately are: - The Linux Documentation Project (http://tldp.org/guides.html) - The Linux System Administrator's Guide from the same site as above. (http://tldp.org/LDP/sag/html/index.html) And since you're running SL6.x, which is really Red Hat Enterprise 6, Red Hat has a plethora of documentation. See the following, in particular: https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/index.html Arnav Kalra wrote on 5/2/2012 12:45 PM: Any recommendations? Regards, Arnav Kalra 104, Sector 14 Karnal - 132001 Mobile - +91 9896961018 Home - +91 184 4030104 On Wed, May 2, 2012 at 11:13 PM, Luke Teyssier mailto:luke.teyss...@riverbed.com>> wrote: Dear Arnav, __ __ Please consider investing in a good Linux System administration book. __ __ Regards____ -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: questions about how to get access to the files under windows 7 system when using a linux system on VMware
DreamCatcher wrote on 8/10/2010 8:35 AM: Hi, I have made a SL5.3 system installed on VMware. BUT I have no idea about get access to the files in my Window 7 Operating System. Can anybody give me some advices? I have try to find the hardware which may be windows partitions. Yet gain nothing. What I have done is as follows: System->Administration->Hardwares. After I get through the lists, nothing about the Windows 7 Partitions was found. The list is shown as in the attach file. Looking forward for your suggestions. Thanks in advance. Cheers, Shuping I use the Shared Folders feature to access files on my Windows XP host operating system from my virtual SL5.5 system, including (but not limited to) my entire XP Desktop (which is really just a folder). It works just fine. See: http://www.vmware.com/support/ws5/doc/ws_running_shared_folders.html - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Security ERRATA Moderate: lvm2-cluster,lvm2 for SL5
Hi Connie, Troy, We are also seeing this dependency failure on both SL5.4 and SL5.5 systems and for both the .i386 and .x86_64 versions of the lvm2 security release. Our SL5.4 systems have: device-mapper-1.02.32-1.el5 Our SL5.5 systems have: device-mapper-1.02.39-1.el5.i386 Sample email from overnight yum cron: YUM - security lvm2-2.02.56-8.el5_5.6.x86_64 from sl-security has depsolving problems --> Missing Dependency: device-mapper >= 1.02.39-1.el5_5.1 is needed by package lvm2-2.02.56-8.el5_5.6.x86_64 (sl-security) Error: Missing Dependency: device-mapper >= 1.02.39-1.el5_5.1 is needed by package lvm2-2.02.56-8.el5_5.6.x86_64 (sl-security) You could try using --skip-broken to work around the problem You could try running: package-cleanup --problems package-cleanup --dupes rpm -Va --nofiles --nodigest The program package-cleanup is found in the yum-utils package. - Larry On 8/1/10 2:21 AM, Hervé Riboulot wrote: Hello, I cannot process the security update due to dependencies issues: 'Error: Missing Dependency: device-mapper >= 1.02.39-1.el5_5.1 is needed by package lvm2-2.02.56-8.el5_5.6.x86_64 (sl-security)'. Device-mapper (i386 and 86_64) are installed: rpm -qa device-mapper device-mapper-1.02.39-1.el5.x86_64 device-mapper-1.02.39-1.el5.i386 Package-cleanup --problems does not report any flaw ... I'm running SL 5.5 on the following configuration: 2.6.18-194.8.1.el5 #1 SMP Thu Jul 1 16:05:53 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux. Best regards, Le 01.08.2010 06:29, Connie Sieh a écrit : Issue date: 2010-07-28 CVE Names: CVE-2010-2526 Description: It was discovered that the cluster logical volume manager daemon (clvmd) did not verify the credentials of clients connecting to its control UNIX abstract socket, allowing local, unprivileged users to send control commands that were intended to only be available to the privileged root user. This could allow a local, unprivileged user to cause clvmd to exit, or request clvmd to activate, deactivate, or reload any logical volume on the local system or another system in the cluster. (CVE-2010-2526) Note: This update changes clvmd to use a pathname-based socket rather than an abstract socket. As such, the lvm2 update 2010:0569, which changes LVM to also use this pathname-based socket, must also be installed for LVM to be able to communicate with the updated clvmd. All lvm2-cluster users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the updated package, clvmd must be restarted for the update to take effect. 5. Bugs fixed CVE-2010-2526 lvm2-cluster: insecurity when communicating between lvm2 and clvmd 6. Package List: SRPM: lvm2-cluster-2.02.56-7.el5_5.4.src.rpm i386: lvm2-cluster-2.02.56-7.el5_5.4.i386.rpm x86_64: lvm2-cluster-2.02.56-7.el5_5.4.x86_64.rpm lvm2 update included because of dependency. i386: lvm2-2.02.56-8.el5_5.6.i386.rpm x86_64: lvm2-2.02.56-8.el5_5.6.x86_64.rpm -Connie Sieh -Troy Dawson -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: OpenSSL 1.x
Hi Troy, Troy Dawson wrote on 1/28/2010 1:55 PM: P. Larry Nelson wrote: Hi, I just received a "HIGH criticality" email from secur...@opensciencegrid.org stating: "Do NOT upgrade to OpenSSL 1.x. The new OpenSSL version breaks the certificate authentication for OSG/VDT." Not having my ear to the ground vis-a-vis openssl, does anyone know if that version is due to be released soon? Will it come from TUV or directly from openssl.org? (Troy/Connie question) Right now, we have openssl-0.9.8e-12.el5_4.1. I suppose the thing to do is to go and edit the yum.cron.excludes on all our OSG nodes to block openssl* until this issue is fixed. [sigh...] - Larry Scientific Linux, and RHEL are enterprise linux distributions. This means that they do *not* just update to the latest versions of packages. RedHat and SL will *not* just update to the latest version of openssl, just because it was released. SL 4.0 had openssl 0.9.7a SL 4.8 has openssl 0.9.7a Thas is after five years, we still have the same version of openssl. RedHat backports all the security fixes into the 0.9.7a version for RHEL4 (and hense SL4). SL 5.0 had openssl 0.9.8b SL 5.4 has openssl 0.9.8e After 3 years, SL5 is still at version 0.9.8, although we have moved from b to e. I cannot say for 100% certain, because we are not RedHat. But according to all their policies, goals, statements and past history, they are not going to move openssl above version 0.9.8 for RHEL 5 (and hense SL5) Troy Thanks for the info and history lesson. I didn't know and didn't want to assume. As far as I knew, openssl 1.x might have been a big hairy deal security fix that was imminent. - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: OpenSSL 1.x
Hi Doug, Doug Olson wrote on 1/28/2010 1:48 PM: Hi Larry, I am on the OSG security team. The message also stated that no action is required at this point. The email I got did not say that. It did say: "We have proposals to fix this issue and you will be notified when we become compatible with OpenSSL." So it was not clear that we did not need to take action at this point. If you block openssl updates you might miss important updates before the v1.x comes out. It should be that updated OSG software that can handle openssl 1.x will be out before openssl v1.x comes through the OS distribution channels. Doug Thanks for the clarification. Maybe a followup email to g...@opensciencegrid.org with that explanation might put some nerves at ease. :-) - Larry On 1/28/2010 11:25 AM, P. Larry Nelson wrote: Hi, I just received a "HIGH criticality" email from secur...@opensciencegrid.org stating: "Do NOT upgrade to OpenSSL 1.x. The new OpenSSL version breaks the certificate authentication for OSG/VDT." Not having my ear to the ground vis-a-vis openssl, does anyone know if that version is due to be released soon? Will it come from TUV or directly from openssl.org? (Troy/Connie question) Right now, we have openssl-0.9.8e-12.el5_4.1. I suppose the thing to do is to go and edit the yum.cron.excludes on all our OSG nodes to block openssl* until this issue is fixed. [sigh...] - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
OpenSSL 1.x
Hi, I just received a "HIGH criticality" email from secur...@opensciencegrid.org stating: "Do NOT upgrade to OpenSSL 1.x. The new OpenSSL version breaks the certificate authentication for OSG/VDT." Not having my ear to the ground vis-a-vis openssl, does anyone know if that version is due to be released soon? Will it come from TUV or directly from openssl.org? (Troy/Connie question) Right now, we have openssl-0.9.8e-12.el5_4.1. I suppose the thing to do is to go and edit the yum.cron.excludes on all our OSG nodes to block openssl* until this issue is fixed. [sigh...] - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Yum off after upgrade to 4.8
Hi Connie, Connie Sieh wrote: On Wed, 27 Jan 2010, P. Larry Nelson wrote: Hi Troy, Troy Dawson wrote: Here is the script that yum-conf (not yum) runs on install to turn itself on. /sbin/chkconfig --add yum /sbin/chkconfig yum on /sbin/service yum restart >> /dev/null If you had previously turned yum off /sbin/chkconfig --level 2345 yum off Then it is going to *stay* off. This has been in every yum-conf since SL 4.0, so I'm not quite sure what is happening on your machines Steve. Troy I can't vouch for Steve, but in my case, I've never intentionally turned yum off. All our remaining 4.8 systems started out life as 4.6. The nightly yum always ran. Then after I upgraded to 4.8, that's when What method did you use to do the upgrade? I followed the "Impatient" instructions here, skipping no steps: http://www.scientificlinux.org/documentation/howto/upgrade.4x I started noticing that the systems weren't running the nightly yum. At the time, I was too busy to worry or care much about it as we started transitioning to 5.4. But I just had to rebuild a couple of compute servers that still need to run 4.8, and being too lazy to download and burn 4.8 discs, I used my old 4.6 discs and then followed the upgrade HowTo. Paid attention to what happened this time - thus my Which I assume says to update via yum? Yes. - Larry -Connie Sieh posting to the list. - Larry Steven Timm wrote: Bug, I think On sl 4.6 and before, yum wasn't listed as a service in chkconfig, now it is. Got to chkconfig it on manually. Have seen this happen on several machines. Steve On Wed, 27 Jan 2010, P. Larry Nelson wrote: Hi, this is probably a Troy or Connie question, but I've noticed that after upgrading systems installed with SL4.6 to SL4.8, following the HowTo instructions on the SL web page, that yum is turned off. [r...@cx07 ~]# chkconfig --list yum yum 0:off 1:off 2:off 3:off 4:off 5:off 6:off Bug or feature? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Yum off after upgrade to 4.8
Hi Troy, Troy Dawson wrote: Here is the script that yum-conf (not yum) runs on install to turn itself on. /sbin/chkconfig --add yum /sbin/chkconfig yum on /sbin/service yum restart >> /dev/null If you had previously turned yum off /sbin/chkconfig --level 2345 yum off Then it is going to *stay* off. This has been in every yum-conf since SL 4.0, so I'm not quite sure what is happening on your machines Steve. Troy I can't vouch for Steve, but in my case, I've never intentionally turned yum off. All our remaining 4.8 systems started out life as 4.6. The nightly yum always ran. Then after I upgraded to 4.8, that's when I started noticing that the systems weren't running the nightly yum. At the time, I was too busy to worry or care much about it as we started transitioning to 5.4. But I just had to rebuild a couple of compute servers that still need to run 4.8, and being too lazy to download and burn 4.8 discs, I used my old 4.6 discs and then followed the upgrade HowTo. Paid attention to what happened this time - thus my posting to the list. - Larry Steven Timm wrote: Bug, I think On sl 4.6 and before, yum wasn't listed as a service in chkconfig, now it is. Got to chkconfig it on manually. Have seen this happen on several machines. Steve On Wed, 27 Jan 2010, P. Larry Nelson wrote: Hi, this is probably a Troy or Connie question, but I've noticed that after upgrading systems installed with SL4.6 to SL4.8, following the HowTo instructions on the SL web page, that yum is turned off. [r...@cx07 ~]# chkconfig --list yum yum 0:off 1:off 2:off 3:off 4:off 5:off 6:off Bug or feature? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Yum off after upgrade to 4.8
Hi, this is probably a Troy or Connie question, but I've noticed that after upgrading systems installed with SL4.6 to SL4.8, following the HowTo instructions on the SL web page, that yum is turned off. [r...@cx07 ~]# chkconfig --list yum yum 0:off 1:off 2:off 3:off 4:off 5:off 6:off Bug or feature? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: yum-complete-transaction
Troy Dawson wrote on 11/13/2009 8:53 AM: P. Larry Nelson wrote: ... IMO, yum-utils should be part of the default yum package for SL. Is there a good reason they are not? [Troy/Connie question] We try to install by default what get's installed by default in a normal RHEL 5 system. yum-utils does *not* get installed by default in a normal RHEL 5 system. Troy Ah. I was inferring from Steve Timm's posting that yum-utils *was* a part of RHEL 5 and that it was left out of SL for some reason. Apologies. Thanks Troy! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: yum-complete-transaction
Steve, Steven Timm wrote on 11/12/2009 3:03 PM: On Thu, 12 Nov 2009, P. Larry Nelson wrote: [snip...] The concerned part: I know I can easily install yum-utils (now that I know about it), but why is it not included in SL, and more importantly is there a possibility that something gets screwed up by *not* running yum-complete-transaction, when my SL5 yum says to? Instead, I ignored that and just went ahead with a 'yum update' and as far as I can tell, things are ok. If yum update exited clean then you are good to go, no yum-complete-transaction is necessary. Steve Nope, all 3 systems that hung on the update still needed a dose of yum-complete-transaction. I decided to 'yum install yum-utils' on the 3 and in doing so, yum informed me that I had unfinished transactions. So, after installing the yum-utils, I ran 'yum-complete-transaction' and 3 packages (popt, cups-libs, and nfs-utils-lib) apparently had not completed what they needed to do when yum hung. I believe it had not erased the old versions of these 3 packages. IMO, yum-utils should be part of the default yum package for SL. Is there a good reason they are not? [Troy/Connie question] Thanks again! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
yum-complete-transaction
Hi Steve, starting a new thread here as this has segued off the original subject. Steven Timm wrote on 11/12/2009 1:59 PM: > It's part of the yum-utils rpm which is not > installed by default in SL but is available via yum install > If you're running a Red Hat 5 system (as opposed to SL5) > it's indispensable to have yum-complete-transaction; you end > up using it a lot. > > Steve So, now I'm a bit curious and concerned. The curious part: What is it about yumming in RHEL 5, and apparently not in SL5, that makes yum-complete-transaction indispensable? :-) The concerned part: I know I can easily install yum-utils (now that I know about it), but why is it not included in SL, and more importantly is there a possibility that something gets screwed up by *not* running yum-complete-transaction, when my SL5 yum says to? Instead, I ignored that and just went ahead with a 'yum update' and as far as I can tell, things are ok. - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Last nite's update
Troy Dawson wrote on 11/12/2009 1:43 PM:
OK, just shows that no matter how well you test something, you never
know until it goes live.
Well, I'll pull the cups update out of the repo's, and leave the rpm
part in. I'll make a note to push cups out in a couple weeks.
Sorry about that.
Troy
No prob. But I am curious about this 'yum-complete-transaction' command
that's mentioned in the 5.x version of the yum man page (not in 4.x)
but is not found as a command.
Thanks again!
- Larry
P. Larry Nelson wrote:
Troy,
Troy Dawson wrote on 11/12/2009 1:18 PM:
Back when we originally tried to release this version of cups, we
determined that a newer version of rpm was needed.
But in our tests, we didn't have any systems just hang. They all
were spewing these odd messages.
What happens if you update rpm before updating cups?
That works. (at least on one system I'm testing on).
For the detail-minded:
I tried killing off the hung processes - the first two, the yum.cron
and the awk, died just fine. The python needed a 'kill -9'.
Then doing a 'yum update rpm*', I got the message:
There are unfinished transactions remaining. You might consider running
yum-complete-transaction first to finish them.
Turns out, 'yum-complete-transaction' *is* mentioned in the man page
for yum, but my system can't find it - command not found. I tried
running it after the rpm update. Instead, I just ran another 'yum
update'
and the cups and nfs-utils (the only other one left to do) updated
just fine.
Thanks Troy!
- Larry
Maybe we need to pull cups out of the repo for a week or two while
rpm get's updated on older SL 5 systems.
Troy
Steven J. Yellin wrote:
I saw it last night, too, and it happened again when I tried
"yum update" a few minutes ago (not long after noon CST) after
rebooting an SL5.1 machine.
Steven Yellin
On Thu, 12 Nov 2009, P. Larry Nelson wrote:
Hi,
Is anyone else seeing last nite's update "hang" on SL5.1 systems?
Near as I can tell, it's hanging on cups-1.3.7-11.el5_4.3.
I have 3 SL5.1 systems (all the 5.3 systems updated just fine)
that I did not get yum cron email from this morning, so went
investigating.
A 'ps auxw | grep yum' on one of the 5.1 systems yields:
root 10050 0.0 0.0 2372 960 ?S02:55 0:00
/bin/sh /etc/cron.daily/yum.cron
root 10051 0.0 0.0 2124 580 ?S02:55 0:00
awk -v progname=/etc/cron.daily/yum.cron progname {? print
progname ":\n"? progname=""; } { print; }
root 11422 0.1 3.1 58104 49768 ?S03:53 0:46
/usr/bin/python /usr/bin/yum -c /tmp/yum.temp.config -e 0 -d 1 -y
update
=
Looking at /var/log/yum.log, I see:
Nov 12 03:58:58 Updated: popt-1.10.2.3-18.el5.i386
Nov 12 03:58:59 Updated: nfs-utils-lib-1.0.8-7.6.el5.i386
Nov 12 03:59:02 Updated: 1:cups-libs-1.3.7-11.el5_4.3.i386
Nov 12 03:59:03 Installed: nspr-devel-4.7.6-1.el5_4.i386
Nov 12 03:59:05 Installed: nss-devel-3.12.3.99.3-1.el5_3.2.i386
=
So, the cups-libs got installed.
On one of the 5.1 systems, last nite's yum did not run for some
reason,
so I did it by hand and sure enough, it's stalled on cups (see end of
screen output below)
Screen output from the manual update:
[r...@elog ~]# yum update --exclude=evolution*
Loaded plugins: kernel-module
sl-security 100% |=| 951
B00:00
primary.xml.gz100% |=| 817
kB00:00
sl-security
2157/2157
sl-base 100% |=| 1.1
kB00:00
Excluding Packages in global exclude list
Finished
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package nfs-utils.i386 1:1.0.9-42.el5 set to be updated
---> Package cups.i386 1:1.3.7-11.el5_4.3 set to be updated
---> Package nfs-utils-lib.i386 0:1.0.8-7.6.el5 set to be updated
---> Package rpm-python.i386 0:4.4.2.3-18.el5 set to be updated
---> Package popt.i386 0:1.10.2.3-18.el5 set to be updated
---> Package rpm-devel.i386 0:4.4.2.3-18.el5 set to be updated
--> Processing Dependency: nss-devel for package: rpm-devel
---> Package rpm.i386 0:4.4.2.3-18.el5 set to be updated
---> Package cups-libs.i386 1:1.3.7-11.el5_4.3 set to be updated
---> Package rpm-libs.i386 0:4.4.2.3-18.el5 set to be updated
---> Package rpm-build.i386 0:4.4.2.3-18.el5 set to be updated
--> Running transaction check
---> Package nss-devel.i386 0:3.12.3.99.3-1.el5_3.2 set to be updated
--> Processing Dependency: nspr-devel >= 4.6.99 for package: nss-devel
--&
Re: Last nite's update
Troy,
Troy Dawson wrote on 11/12/2009 1:18 PM:
Back when we originally tried to release this version of cups, we
determined that a newer version of rpm was needed.
But in our tests, we didn't have any systems just hang. They all were
spewing these odd messages.
What happens if you update rpm before updating cups?
That works. (at least on one system I'm testing on).
For the detail-minded:
I tried killing off the hung processes - the first two, the yum.cron
and the awk, died just fine. The python needed a 'kill -9'.
Then doing a 'yum update rpm*', I got the message:
There are unfinished transactions remaining. You might consider running
yum-complete-transaction first to finish them.
Turns out, 'yum-complete-transaction' *is* mentioned in the man page
for yum, but my system can't find it - command not found. I tried
running it after the rpm update. Instead, I just ran another 'yum update'
and the cups and nfs-utils (the only other one left to do) updated
just fine.
Thanks Troy!
- Larry
Maybe we need to pull cups out of the repo for a week or two while rpm
get's updated on older SL 5 systems.
Troy
Steven J. Yellin wrote:
I saw it last night, too, and it happened again when I tried "yum
update" a few minutes ago (not long after noon CST) after rebooting an
SL5.1 machine.
Steven Yellin
On Thu, 12 Nov 2009, P. Larry Nelson wrote:
Hi,
Is anyone else seeing last nite's update "hang" on SL5.1 systems?
Near as I can tell, it's hanging on cups-1.3.7-11.el5_4.3.
I have 3 SL5.1 systems (all the 5.3 systems updated just fine)
that I did not get yum cron email from this morning, so went
investigating.
A 'ps auxw | grep yum' on one of the 5.1 systems yields:
root 10050 0.0 0.0 2372 960 ?S02:55 0:00
/bin/sh /etc/cron.daily/yum.cron
root 10051 0.0 0.0 2124 580 ?S02:55 0:00 awk
-v progname=/etc/cron.daily/yum.cron progname {? print progname
":\n"? progname=""; } { print; }
root 11422 0.1 3.1 58104 49768 ?S03:53 0:46
/usr/bin/python /usr/bin/yum -c /tmp/yum.temp.config -e 0 -d 1 -y update
=
Looking at /var/log/yum.log, I see:
Nov 12 03:58:58 Updated: popt-1.10.2.3-18.el5.i386
Nov 12 03:58:59 Updated: nfs-utils-lib-1.0.8-7.6.el5.i386
Nov 12 03:59:02 Updated: 1:cups-libs-1.3.7-11.el5_4.3.i386
Nov 12 03:59:03 Installed: nspr-devel-4.7.6-1.el5_4.i386
Nov 12 03:59:05 Installed: nss-devel-3.12.3.99.3-1.el5_3.2.i386
=
So, the cups-libs got installed.
On one of the 5.1 systems, last nite's yum did not run for some reason,
so I did it by hand and sure enough, it's stalled on cups (see end of
screen output below)
Screen output from the manual update:
[r...@elog ~]# yum update --exclude=evolution*
Loaded plugins: kernel-module
sl-security 100% |=| 951 B
00:00
primary.xml.gz100% |=| 817 kB
00:00
sl-security2157/2157
sl-base 100% |=| 1.1 kB
00:00
Excluding Packages in global exclude list
Finished
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package nfs-utils.i386 1:1.0.9-42.el5 set to be updated
---> Package cups.i386 1:1.3.7-11.el5_4.3 set to be updated
---> Package nfs-utils-lib.i386 0:1.0.8-7.6.el5 set to be updated
---> Package rpm-python.i386 0:4.4.2.3-18.el5 set to be updated
---> Package popt.i386 0:1.10.2.3-18.el5 set to be updated
---> Package rpm-devel.i386 0:4.4.2.3-18.el5 set to be updated
--> Processing Dependency: nss-devel for package: rpm-devel
---> Package rpm.i386 0:4.4.2.3-18.el5 set to be updated
---> Package cups-libs.i386 1:1.3.7-11.el5_4.3 set to be updated
---> Package rpm-libs.i386 0:4.4.2.3-18.el5 set to be updated
---> Package rpm-build.i386 0:4.4.2.3-18.el5 set to be updated
--> Running transaction check
---> Package nss-devel.i386 0:3.12.3.99.3-1.el5_3.2 set to be updated
--> Processing Dependency: nspr-devel >= 4.6.99 for package: nss-devel
--> Running transaction check
---> Package nspr-devel.i386 0:4.7.6-1.el5_4 set to be updated
--> Finished Dependency Resolution
Beginning Kernel Module Plugin
Finished Kernel Module Plugin
Dependencies Resolved
===
Package Arch Version
Repository Size
=
Last nite's update
sl-security 112 k nss-devel i386 3.12.3.99.3-1.el5_3.2 sl-security 228 k Transaction Summary === Install 2 Package(s) Update 10 Package(s) Remove 0 Package(s) Total download size: 8.1 M Is this ok [y/N]: y Downloading Packages: (1/12): nfs-utils-lib-1.0 100% |=| 55 kB00:00 (2/12): rpm-python-4.4.2. 100% |=| 59 kB00:00 (3/12): popt-1.10.2.3-18. 100% |=| 74 kB00:00 (4/12): nspr-devel-4.7.6- 100% |=| 112 kB00:00 (5/12): cups-libs-1.3.7-1 100% |=| 195 kB00:00 (6/12): nss-devel-3.12.3. 100% |=| 228 kB00:00 (7/12): rpm-build-4.4.2.3 100% |=| 301 kB00:00 (8/12): nfs-utils-1.0.9-4 100% |=| 381 kB00:00 (9/12): rpm-libs-4.4.2.3- 100% |=| 927 kB00:00 (10/12): rpm-4.4.2.3-18.e 100% |=| 1.2 MB00:00 (11/12): rpm-devel-4.4.2. 100% |=| 1.2 MB00:00 (12/12): cups-1.3.7-11.el 100% |=| 3.4 MB00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : popt[ 1/22] Updating : nfs-utils-lib [ 2/22] Updating : cups-libs [ 3/22] Installing : nspr-devel [ 4/22] Installing : nss-devel [ 5/22] Updating : cups ## [ 6/22] ========= And there it sits, not getting any more cpu time. Any ideas Troy & Connie? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: SL 4.8 Live CD questions
Urs, Urs Beyerle wrote: [snip...] However, you can save the changes on an USB stick, see http://www.livecd.ethz.ch/save.html [Larry scratching his embarrassed beard and chuckling at his own oversite...] Well, it seems that the same page I referenced in my previous email about the CERN Howto, has the link you referenced above. Dohp! Dunno how I missed that - obviously I was in a bit of a tunnel vision trying to figure out the initial steps to create a LiveCD. Thanks Urs! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: SL 4.8 Live CD questions
Ken, Urs, et al., Thanks for the comments! Re: the CERN Howto, one can get to it via the scientificlinux.org home page by clicking on "Scientific Linux Live CD/DVD 4.8" in the far left column, under "news". On that page, scroll down to the very end and you'll see a link to More information can be found at http://www.livecd.ethz.ch On that page, you will see a link to "Read how to build your own LiveCD.", which will take you here in case you don't want to go thru all that. :-) http://www.livecd.ethz.ch/build.html Ken Teh wrote: Hi Larry, I would also be interested in the CERN Howto on building a Live CD. I have my own script for building my own SL Live CD. The live CD is not as full fledged as Urs'; I use the live image only for embedded purposes, but one can always learn new tricks. Please post the URL when you get a chance. I share Urs' opinion that an up-to-date Linux box is secure enough for online banking. Ken Urs Beyerle wrote: Hi Larry, some comments from my side ... First, good to hear that you like the SL LiveCD. The LiveCD is just build after SL releases a new version. Normally the LiveCD is not updated afterwards. You have to wait for the next SL release to get an updated LiveCD. The LiveCD comes with a write/read file system. All changes are written to RAM. Just run "yum update" and the software on the LiveCD will be updated. This can take some time depending on your internet connection and age of your LiveCD and maybe fill up your memory or maybe not. Or you can just run "yum update firefox" to get the latest firefox. Because all changes are stored in memory, after a reboot they are lost again. However, you can save the changes on an USB stick, see http://www.livecd.ethz.ch/save.html This should lead to an uptodate LiveCD. One thing you cannot do: You cannot update the kernel of a LiveCD. Editing the LiveCD iso image would be theoretically possible, but I would not do it, because the data is stored in a special way (compressed, etc.) Hope this helps, Urs PS. I would be interested in the CERN excellent Howto of building an own live CD. PS. I use for internet banking an uptodate Linux installation. In my option this is enough secure. P. Larry Nelson wrote: Hi all, the following article has convinced me to go the Live CD route when doing online banking. I had been using a squeaky-clean and bare-bones Windows XP installation (and the latest Firefox) as a guest OS in VMware, but even that method, I've read, has potential security issues. http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html To that end, I've downloaded and burned my first LiveCD (SL 4.8) and have been playing around with it - quite slick, I must say! However, it has raised some questions, particularly in regards to what I'm using it for. First (probably a Troy/Connie question), how often do security updates get incorporated into the ISO image? For example, there was just a security fix for xpdf/gpdf and the firefox in the SL4.8 LiveCD certainly does not have the latest bug fixes. And if the ISO image doesn't get updated then what's the best course for maintaining a patched LiveCD? I know that one can build one's own LiveCD, and the CERN site has an excellent Howto, so conceivably I could build one and keep it up to date with the latest bug/security fixes, but I'm also aware that there seems to be software out there that will let one edit ISO images to extract or add files (ISO Master for Linux is one I found, but not tried). Any thoughts on this and/or does anyone have experience editing an ISO image? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
SL 4.8 Live CD questions
Hi all, the following article has convinced me to go the Live CD route when doing online banking. I had been using a squeaky-clean and bare-bones Windows XP installation (and the latest Firefox) as a guest OS in VMware, but even that method, I've read, has potential security issues. http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html To that end, I've downloaded and burned my first LiveCD (SL 4.8) and have been playing around with it - quite slick, I must say! However, it has raised some questions, particularly in regards to what I'm using it for. First (probably a Troy/Connie question), how often do security updates get incorporated into the ISO image? For example, there was just a security fix for xpdf/gpdf and the firefox in the SL4.8 LiveCD certainly does not have the latest bug fixes. And if the ISO image doesn't get updated then what's the best course for maintaining a patched LiveCD? I know that one can build one's own LiveCD, and the CERN site has an excellent Howto, so conceivably I could build one and keep it up to date with the latest bug/security fixes, but I'm also aware that there seems to be software out there that will let one edit ISO images to extract or add files (ISO Master for Linux is one I found, but not tried). Any thoughts on this and/or does anyone have experience editing an ISO image? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
latest kernel and CVE-2692
Hi Troy, Connie, So, there's a new kernel out for SL4x, 2.6.9-89.0.7. From the ERRATA you sent out (see edited email below), it appears this does *not* fix the vulnerability (CVE-2009-2692) that I just mitigated with the module-remove/move-to-a-safedir script I just ran over the weekend - true? (re: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2692) Downloading and installing this new kernel, I now have the bluetooth and the other offending modules in the /lib/modules area. So I assume I now need to run the script again? (actually I did anyway on a test box and it moved bluetooth.ko, sctp.ko, pppoe.ko, and pppox.ko to the safedir.) Thanks! - Larry Original Message Subject: Security ERRATA Important: kernel on SL4.x i386/x86_64 Date: Tue, 18 Aug 2009 16:53:33 -0500 From: Troy Dawson To: scientific-linux-err...@fnal.gov Synopsis: Important: kernel security and bug fix update Issue date: 2009-08-13 CVE Names: CVE-2009-1389 CVE-2009-1439 CVE-2009-1633 CVE-2009-1439 kernel: cifs: memory overwrite when saving nativeFileSystem field during mount CVE-2009-1633 kernel: cifs: fix potential buffer overruns when converting unicode strings sent by server CVE-2009-1389 kernel: r8169: fix crash when large packets are received [snip...] End Original Message -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Security ERRATA Important: bind security for SL 4.x on i386/x86_64
Connie, Thanks! The 'yum clean all' did the trick. I can now get the latest bind version. - Larry Connie Sieh wrote on 7/30/2009 3:55 PM: Larry, It takes a really long time to move a errata to our ftp server. The time is in the createrepo and repoview creation. It should be there soon. I think that 47 , 46, 45 are done now for x86_64 and all of the i386 ones are not done. You also may need to do a clean all to clean out the yum cache. -Connie Sieh On Thu, 30 Jul 2009, P. Larry Nelson wrote: Connie, On every SL4.7 system I tried, doing a 'yum update', I'm getting "No Packages marked for Update/Obsoletion". Checking which bind-libs and bind-utils I have, I'm getting version: 9.2.4-30.el4_7.1. Now, the weird part - I first tried (after the message below arrived) on my test virtual system SL4.7 (guest OS on VMWare) with 'yum update' and (besides the new kernel) I got version: 9.2.4-30.el4_8.4 of the bind rpm's. - Larry Connie Sieh wrote on 7/30/2009 12:31 PM: Synopsis: Important: bind security and bug fix update CVE: CVE-2009-0696 CVE-2009-0696 bind: DoS (assertion failure) via nsupdate packets A flaw was found in the way BIND handles dynamic update message packets containing the "ANY" record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion failure. (CVE-2009-0696) Note: even if named is not configured for dynamic updates, receiving such a specially-crafted dynamic update packet could still cause named to exit unexpectedly. This update also fixes the following bug: * when running on a system receiving a large number of (greater than 4,000) DNS requests per second, the named DNS nameserver became unresponsive, and the named service had to be restarted in order for it to continue serving requests. This was caused by a deadlock occurring between two threads that led to the inability of named to continue to service requests. This deadlock has been resolved with these updated packages so that named no longer becomes unresponsive under heavy load. (BZ#512668) After installing the update, the BIND daemon (named) will be restarted automatically. SRPM: bind-9.2.4-30.el4_8.4.src.rpm i386: bind-9.2.4-30.el4_8.4.i386.rpm bind-chroot-9.2.4-30.el4_8.4.i386.rpm bind-devel-9.2.4-30.el4_8.4.i386.rpm bind-libs-9.2.4-30.el4_8.4.i386.rpm bind-utils-9.2.4-30.el4_8.4.i386.rpm x86_64: bind-9.2.4-30.el4_8.4.x86_64.rpm bind-chroot-9.2.4-30.el4_8.4.x86_64.rpm bind-devel-9.2.4-30.el4_8.4.x86_64.rpm bind-libs-9.2.4-30.el4_8.4.i386.rpm bind-libs-9.2.4-30.el4_8.4.x86_64.rpm bind-utils-9.2.4-30.el4_8.4.x86_64.rpm -Connie Sieh -Troy Dawson -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Security ERRATA Important: bind security for SL 4.x on i386/x86_64
Connie, On every SL4.7 system I tried, doing a 'yum update', I'm getting "No Packages marked for Update/Obsoletion". Checking which bind-libs and bind-utils I have, I'm getting version: 9.2.4-30.el4_7.1. Now, the weird part - I first tried (after the message below arrived) on my test virtual system SL4.7 (guest OS on VMWare) with 'yum update' and (besides the new kernel) I got version: 9.2.4-30.el4_8.4 of the bind rpm's. - Larry Connie Sieh wrote on 7/30/2009 12:31 PM: Synopsis: Important: bind security and bug fix update CVE: CVE-2009-0696 CVE-2009-0696 bind: DoS (assertion failure) via nsupdate packets A flaw was found in the way BIND handles dynamic update message packets containing the "ANY" record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion failure. (CVE-2009-0696) Note: even if named is not configured for dynamic updates, receiving such a specially-crafted dynamic update packet could still cause named to exit unexpectedly. This update also fixes the following bug: * when running on a system receiving a large number of (greater than 4,000) DNS requests per second, the named DNS nameserver became unresponsive, and the named service had to be restarted in order for it to continue serving requests. This was caused by a deadlock occurring between two threads that led to the inability of named to continue to service requests. This deadlock has been resolved with these updated packages so that named no longer becomes unresponsive under heavy load. (BZ#512668) After installing the update, the BIND daemon (named) will be restarted automatically. SRPM: bind-9.2.4-30.el4_8.4.src.rpm i386: bind-9.2.4-30.el4_8.4.i386.rpm bind-chroot-9.2.4-30.el4_8.4.i386.rpm bind-devel-9.2.4-30.el4_8.4.i386.rpm bind-libs-9.2.4-30.el4_8.4.i386.rpm bind-utils-9.2.4-30.el4_8.4.i386.rpm x86_64: bind-9.2.4-30.el4_8.4.x86_64.rpm bind-chroot-9.2.4-30.el4_8.4.x86_64.rpm bind-devel-9.2.4-30.el4_8.4.x86_64.rpm bind-libs-9.2.4-30.el4_8.4.i386.rpm bind-libs-9.2.4-30.el4_8.4.x86_64.rpm bind-utils-9.2.4-30.el4_8.4.x86_64.rpm -Connie Sieh -Troy Dawson -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: MP3s on SL4.6
Troy, et al., After playing around with this at home over the weekend (sparing you all the number of frustrating iterations I went thru... :-), turns out all I needed was the two that Troy originally suggested, gstreamer-plugins-mp3 and xmms-mp3. However, with those 2, I still was never able to get either Helix or Noatun to work. I finally found an app called (I think) Music Player in the Sound Menu, and that worked. But when right-clicking on an MP3 file in order to "open with...", I could not find "Music Player" as an app. So, while Music Player was open and playing an MP3 file, I did a 'ps auxw' to see just what the hell it was really called. Turns out to be something called rhythmbox. Then I was able to right-click on an MP3 file, and "Open with..." and browse to /usr/bin/ and select rhythmbox and make that the default app when clicking on an MP3. Did the same thing with Firefox, so when the user hits a web site that has MP3 files, Firefox opens rhythmbox by default. Thanks for all the suggestions! - Larry P.S. trying to install xmms resulted in some transaction checking error that I can't recall now. Oh, and the original problem manifested itself in both KDE and Gnome. P. Larry Nelson wrote on 6/5/2009 3:59 PM: Hi Troy, Thanks, but no joy. Installed the 2 you mentioned, restarted firefox and same sequence of events occurs - Helix fires up but another box pops up right away saying I need RealPlayer. This doesn't need a reboot does it? Then I tried saving the MP3 file and double-clicked on it. This time an app called Noatun pops up, but none of its buttons do a damn thing. - Larry Troy Dawson wrote on 6/5/2009 3:46 PM: P. Larry Nelson wrote: Hi, I've always done linux admin on just servers, so I've never needed to know about such things as playing MP3 files on linux. Well, now I've got a user with a fully patched SL4.6 laptop and is trying to get an MP3 file to play. Go to a web page with an MP3 sample and click on it. A dialog box pops up asking whether to save or use the default application, which is something called Helix. Choose Helix. Helix app box pops up but then another box opens and says one needs to get RealPlayer. Fine, except I can only find RealPlayer-11 which doesn't install on SL4.6 due to dependencies. So, my question is (at its simplest) how does one play MP3 files on an SL4.6 box? Is there something other than Helix that doesn't need RealPlayer? Or, if RealPlayer is indeed needed, where can I find a version of RealPlayer that works on SL4.6? Googling, so far, hasn't helped - but then it hasn't been an exhaustive search. Thanks! - Larry yum install gstreamer-plugins-mp3 xmms-mp3 Troy -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: MP3s on SL4.6
Hi Troy, Thanks, but no joy. Installed the 2 you mentioned, restarted firefox and same sequence of events occurs - Helix fires up but another box pops up right away saying I need RealPlayer. This doesn't need a reboot does it? Then I tried saving the MP3 file and double-clicked on it. This time an app called Noatun pops up, but none of its buttons do a damn thing. - Larry Troy Dawson wrote on 6/5/2009 3:46 PM: P. Larry Nelson wrote: Hi, I've always done linux admin on just servers, so I've never needed to know about such things as playing MP3 files on linux. Well, now I've got a user with a fully patched SL4.6 laptop and is trying to get an MP3 file to play. Go to a web page with an MP3 sample and click on it. A dialog box pops up asking whether to save or use the default application, which is something called Helix. Choose Helix. Helix app box pops up but then another box opens and says one needs to get RealPlayer. Fine, except I can only find RealPlayer-11 which doesn't install on SL4.6 due to dependencies. So, my question is (at its simplest) how does one play MP3 files on an SL4.6 box? Is there something other than Helix that doesn't need RealPlayer? Or, if RealPlayer is indeed needed, where can I find a version of RealPlayer that works on SL4.6? Googling, so far, hasn't helped - but then it hasn't been an exhaustive search. Thanks! - Larry yum install gstreamer-plugins-mp3 xmms-mp3 Troy -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
MP3s on SL4.6
Hi, I've always done linux admin on just servers, so I've never needed to know about such things as playing MP3 files on linux. Well, now I've got a user with a fully patched SL4.6 laptop and is trying to get an MP3 file to play. Go to a web page with an MP3 sample and click on it. A dialog box pops up asking whether to save or use the default application, which is something called Helix. Choose Helix. Helix app box pops up but then another box opens and says one needs to get RealPlayer. Fine, except I can only find RealPlayer-11 which doesn't install on SL4.6 due to dependencies. So, my question is (at its simplest) how does one play MP3 files on an SL4.6 box? Is there something other than Helix that doesn't need RealPlayer? Or, if RealPlayer is indeed needed, where can I find a version of RealPlayer that works on SL4.6? Googling, so far, hasn't helped - but then it hasn't been an exhaustive search. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: CUPS access control
Great! Thanks Jon! Guess I never dug deep enough into the conf file to see how it's actually done - the GUI for the old version always handled things quite nicely (given our very simple setup). The syntax is foreign and a bit confusing, so it looks like further research is in order here to figure it out. Thanks, - Larry Jon Peatfield wrote on 5/29/2009 3:34 PM: On Fri, 29 May 2009, P. Larry Nelson wrote: I have a CUPS access control question. This relates to cups-1.3.7-8.el5_3.4 on a SL 5.1 system fully patched. This also relates to using CUPS as a printer server where all my other linux boxes use the browsing feature of CUPS to print thru the print server. With an older version of CUPS (1.1.17-13.3.58) I'm currently using on an older RHEL3 system, I can control access to all our printers by specifying either a network or specific IP address in a CUPS white list. This is done via redhat-config-printer, which has, via a pulldown menu, a "sharing..." option, which then opens a box that allows one to specify a single host or a network that is allowed to access individual print queues. This is very important for us in order to keep others, on different networks, from finding and using our printers (yes, I'm talking about those crafty grad students in other departments.) as well as allowing (via specific hostname) a user *not* on our network to print to our printers. Needing to migrate from RHEL3, I set up a test SL 5.1 box and was able to duplicate the printer server function of our old RHEL3 box, *except* that now, with the latest CUPS version, access control is only by user! - and even that seems to be broken when going thru system-config-printer. I'm only able to add a user via the web interface (http://localhost:631). That functionality via system-config-printer is grayed out! And just what does "user" mean? Where does it look for the "user" entry one might include? Passwd file? NIS? Is the CUPS administrator expected to enter hundreds of user names? And what about allowing someone, *not* in our NIS or passwd file to print to our printers? Anyway, we need to control access via network and hostname as in the past. Is there no way to do that type of access control anymore? I don't know about the gui interfaces, but in cupsd.conf for cups 1.3.x you can still use the stuff to allow/deny access to specific netblocks or hosts. > We don't do this for specific printers, but we do for access to the entire server using , e.g (with the addresses hidden) Order Deny,Allow Deny From All Allow From 127.0.0.1 # allow general requests from any host in damtp Allow From /24 Allow From /24 Allow From /24 ## # and from the printers (is this actually sensible, probably not!) ## Allow From 10.16.1.0/24 # and from laptop machines (not NAT'd) Allow From /23 # and from new range for laptop machines (not NAT'd) Allow From /22 # allow from (hidden) for testing! Allow From Allow From Allow From there used to be a block of comments in the default cupsd.conf which said: # # # You may wish to limit access to printers and classes, either with Allow # and Deny lines, or by requiring a username and password. # # # # # You may wish to limit access to printers and classes, either with Allow # and Deny lines, or by requiring a username and password. # so I'd guess that to restrict access to a particular printer called foobar (say) you could use Order Deny,Allow Deny From All Allow From 127.0.0.1 Allow From ... etc etc All this assumes that you trust the addresses and networks in between :-) BTW we do the following, which may or may not be sensible for you: AuthType Basic Require user @SYSTEM ## Restrict access to localhost Order Deny,Allow Deny From All # MUST not let non-privelaged users log into the print server! Allow From 127.0.0.1 but is good enough for my needs (we only do cups config locally on the print servers and only as SYSTEM users, but then we only use the lpadmin commands etc)... -- Jon -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
CUPS access control
I have a CUPS access control question. This relates to cups-1.3.7-8.el5_3.4 on a SL 5.1 system fully patched. This also relates to using CUPS as a printer server where all my other linux boxes use the browsing feature of CUPS to print thru the print server. With an older version of CUPS (1.1.17-13.3.58) I'm currently using on an older RHEL3 system, I can control access to all our printers by specifying either a network or specific IP address in a CUPS white list. This is done via redhat-config-printer, which has, via a pulldown menu, a "sharing..." option, which then opens a box that allows one to specify a single host or a network that is allowed to access individual print queues. This is very important for us in order to keep others, on different networks, from finding and using our printers (yes, I'm talking about those crafty grad students in other departments.) as well as allowing (via specific hostname) a user *not* on our network to print to our printers. Needing to migrate from RHEL3, I set up a test SL 5.1 box and was able to duplicate the printer server function of our old RHEL3 box, *except* that now, with the latest CUPS version, access control is only by user! - and even that seems to be broken when going thru system-config-printer. I'm only able to add a user via the web interface (http://localhost:631). That functionality via system-config-printer is grayed out! And just what does "user" mean? Where does it look for the "user" entry one might include? Passwd file? NIS? Is the CUPS administrator expected to enter hundreds of user names? And what about allowing someone, *not* in our NIS or passwd file to print to our printers? Anyway, we need to control access via network and hostname as in the past. Is there no way to do that type of access control anymore? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: NFS default protocol change
Hi Stephan, Stephan Wiesand wrote on 2/27/2009 2:00 AM: Hi Larry, On Thu, 26 Feb 2009, P. Larry Nelson wrote: Hi Connie, Connie Sieh wrote on 2/26/2009 2:00 PM: [snip...] My main question is, lacking any explicit protocol designation in the fstab, how can one tell which protocol a client is using? mount Actually, 'mount' does not show what protocol nfs is using unless the protocol has been explicitly entered in the fstab. "cat /proc/mounts" does. Regards, Stephan Excellent! It also shows other parameters that are "default" yet not explicitly contained in the fstab file. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: NFS default protocol change
Hi Miles, Miles O'Neal wrote on 2/26/2009 2:04 PM: P. Larry Nelson said... ... |I am currently going thru and adding "udp" to all the SL4.7 clients' fstab |entries so they will use UDP rather than TCP. | |My main question is, lacking any explicit protocol designation in the fstab, |how can one tell which protocol a client is using? You can find the tcp connections using netstat -a | grep nfs Right, that sort of works. :-) If a client *is* using TCP for nfs, then those connections show up. If a client is using UDP for nfs, then nothing shows up. or just run cat /etc/mtab to see each mount. That, like running the 'mount' command, only shows the protocol *if* the protocol has been explicitly entered in the fstab. |And lastly, why wasn't the change documented in the release notes? | | From what I've gleaned about the two protocols from googling, it appears |that TCP has advantages on a lossy network but that's not our scenario. |It also is not a stateless protocol, like UDP, so if a server crashes in |the middle of a packet transmission, the client will hang and filesystems |will need to be unmounted and remounted. So it would seem UDP is better, |at least in our case. We found things to be much more robust, and only very slightly slower, using tcp. We had plenty of hangs using udp, but that was many kernel revs and other bugs back, so who knows? -Miles Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: NFS default protocol change
Hi Connie, Connie Sieh wrote on 2/26/2009 2:00 PM: [snip...] My main question is, lacking any explicit protocol designation in the fstab, how can one tell which protocol a client is using? mount Actually, 'mount' does not show what protocol nfs is using unless the protocol has been explicitly entered in the fstab. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
NFS default protocol change
Hi all, while troubleshooting an odd NFS error, I discovered that apparently (if you can believe the man pages) the default protocol for nfs clients to mount from servers is now TCP. And it apparently started with SL4.7, tho I could find no mention of such a default protocol change while perusing the release notes for SL4.7. The following excerpts are from the man page for nfs(5) from a 4.6 system and then from a 4.7 system. Note the change in the default protocol. Under "Options for the nfs file system type" in the man page for nfs(5), - For SL4.6 (man page comes from util-linux-2.12a-17.el4_6.1): tcp Mount the NFS filesystem using the TCP protocol instead of the default UDP protocol. Many NFS servers only support UDP. - - For SL4.7 (man page comes from util-linux-2.12a-20.el4): tcp Mount the NFS filesystem using the TCP protocol. This is the default. - I am currently going thru and adding "udp" to all the SL4.7 clients' fstab entries so they will use UDP rather than TCP. My main question is, lacking any explicit protocol designation in the fstab, how can one tell which protocol a client is using? And lastly, why wasn't the change documented in the release notes? From what I've gleaned about the two protocols from googling, it appears that TCP has advantages on a lossy network but that's not our scenario. It also is not a stateless protocol, like UDP, so if a server crashes in the middle of a packet transmission, the client will hang and filesystems will need to be unmounted and remounted. So it would seem UDP is better, at least in our case. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
lam-lib cleanup error
Hi, This is probably a Troy or Connie question (or a TUV question), but in the course of doing a manual 'yum update' on one of my servers, I happened to notice the following error pass by on the screen (which I normally don't watch - just glanced over to see how it was going). I've included the line before and after for context. Cleanup : tcl # [308/345] error: %preun(lam-libs-7.1.2-8.i386) scriptlet failed, exit status 2 Cleanup : xorg-x11-doc # [309/345] I don't think this really affects anything on the system - didn't even know that LAM was installed or even what it does until I did a 'yum info lam'. Not sure why it's installed but seriously doubt that we make use of it. Anyway, thought I'd pass it on in case there's something in the script that needs fixing. Then again, it might have failed due to something wrong on my system An 'rpm -qa | grep lam' yields: lam-7.1.2-15.el4 lam-libs-7.1.2-8 lam-libs-7.1.2-15.el4 - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:lnel...@uiuc.edu| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Upgrade question
Troy Dawson wrote on 12/4/2008 4:14 PM: Hi Larry, Yes, there is a difference, but at the beginning they are the same. If you do a "yum upgrade" and it replaced yum-conf-44 with yum-conf-4x, that is going to keep you at 4x. Which means that when we have our new release 4.8, and we move the link of 4x to point to 48, then your system is going to automatically be updated to 48. This might be what some people want, which is why there is a yum-conf-4x. If you just use the long rpm command rpm -Uvh ftp://ftp.scientificlinux.org/linux/scientific/4x/i386/misc/RPMS/yum-conf-latest.SL.noarch.rpm Then that will just get you the normal yum-conf wich is in the latest release. So currently that will install yum-conf-4.7. That will then update you to SL 4.7. But when we release 4.8, and the 4x link get's changed, you will not be automatically updated to 4.8, but will still be at 4.7. This might be what some people want, which is why yum-xonf-4x isn't installed by default. Does that help? Troy Yep! After thinking a bit on it after my posting, I surmised that that's exactly what you have just described. Now, (surmising further) if I had just done a 'yum upgrade' rather than the long rpm command, and I'm now at SL47, and *maybe* do not wish to automatically go to SL48 when it's out, can I issue the long rpm command and thus download the yum-conf-4.7 replacing the yum-conf-4x and I'm done? Or do I need to do something after that like a 'yum clean all'? I suspect not but thought I'd ask. Thanks! - Larry P. Larry Nelson wrote: This is most likely a Troy or Connie question but thought I'd post here in case others might have the same question burning in the back of their brains. Is there much, if any, difference between upgrading from one minor release to another (say, SL44 to SL46) using the rpm command as stated in the instructions in the HowTo here: (https://www.scientificlinux.org/documentation/howto/upgrade.4x) and just doing a 'yum upgrade; yum clean all; yum update' ? It seems that the 'yum upgrade' grabbed the yum-conf-4x.noarch 4:1-5.SL and replaced the yum-conf.noarch 4:44-1.SL, which is what I assume the lonnng rpm command would do? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Upgrade question
This is most likely a Troy or Connie question but thought I'd post here in case others might have the same question burning in the back of their brains. Is there much, if any, difference between upgrading from one minor release to another (say, SL44 to SL46) using the rpm command as stated in the instructions in the HowTo here: (https://www.scientificlinux.org/documentation/howto/upgrade.4x) and just doing a 'yum upgrade; yum clean all; yum update' ? It seems that the 'yum upgrade' grabbed the yum-conf-4x.noarch 4:1-5.SL and replaced the yum-conf.noarch 4:44-1.SL, which is what I assume the lonnng rpm command would do? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: ganglia
fowler wrote on 10/1/2008 2:33 PM: Hello All, Does anyone have any experience with installing ganglia, the cluster monitor tool? I'm try to do so on an SLF 4.5 x86_64 machine. When I run the ./configure it fails with: - Checking for python checking for python... /usr/local/bin/python checking Python version... can't exec python/Linux-2-4/v2_1/bin/python:: No such file or directory can't exec python/Linux-2-4/v2_1/bin/python:: No such file or directory can't exec python/Linux-2-4/v2_1/bin/python:: No such file or directory checking Python support... no Checking for apr checking for apr-1-config... no configure: error: apr-1-config binary not found in path -- I'm not sure where to go from here. Any help is appreciated. thanks, Jack Ha! I had similar troubles trying to install it on SL 4.6, so I gave up and decided to go with a separate, dedicated box I loaded with SL 5.1. I don't think I had the same config errors you show, but there were a lot and trying to resolve all the dependencies was causing me many days of head scratching and lost sleep. It just seemed to me that Ganglia did not want to play in the same sandbox as SL 4.x, hence the move up to SL 5.x. My dedicated box runs both the web server and the gmetad daemon (plus its own gmond daemon for collecting data on itself). Here's the steps I did (if I recall correctly and my notes are correct - I'm also currently running ganglia-3.0.7): - load SL 5.1 (including apache web server) on its own platform - download ganglia rpms (gmond, gmetad, web) - install gmond rpm - download rpmforge-release-0.3.6-1 rpm (got mine from dag.wieers.com) - install rpmforge-release-0.3.6-1 rpm (this allows the next step) - yum install rrdtool - install gmetad rpm - yum install php-gd - install ganglia-web rpm (this creates /var/www/html/ganglia which then needs to be 'chown -R apache:apache' - edit gmond.conf to suit your situation - edit gmetad.conf to suit your situation - add the following firewall rules (I'm using port 8650 instead of the default, and I'm sorry, I've lost the web reference I had for these rules - don't remember in what documentation I found them) -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8650 -j ACCEPT -A RH-Firewall-1-INPUT -m udp -p udp -d 239.2.11.71 --dport 8650 -j ACCEPT - add the following to httpd.conf (per http://www.linux-mag.com/id/1433, which incidentally is a wonderful article on the whole Ganglia setup - I highly recommend reading it before preceding with a Ganglia installation): LoadModule php4_module extramodules/libphp4.so AddType application/x-httpd-php .php .php4 .php3 .phtml AddType application/x-httpd-php-source .phps - install gmond rpm on all clients to be monitored and edit gmond.conf to suit your situation The above may not be the best way to do it, but it worked for me. I'm leaving out a lot of config details which you'll just have to play with, tho there's not much to really configure. I'd also be interested in other folk's experiences with getting Ganglia to install, work, and behave properly. - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Recent openssh problem
Yep, 'ssh -X -Y' does the trick. Thanks!! - Larry Stephen John Smoogen wrote on 8/27/2008 11:38 AM: On Wed, Aug 27, 2008 at 10:31 AM, P. Larry Nelson <[EMAIL PROTECTED]> wrote: We've run into a problem with ssh X11 forwarding, apparently since the 8/23/2008 yum update of openssh packages. In the very recent past we were able to 'ssh -X' from an SL 4.6 host to another SL 4.6 system, and from there do an 'ssh -X' to a third SL 4.6 system and have X11 traffic pipe its way back to the original host with no problems. Now, in the last few days, we find that the 'ssh -X' from first host to second works fine, but then an 'ssh -X' to the third results in: Warning: untrusted X11 forwarding setup failed: xauth key data not generated Warning: No xauth data; using fake authentication data for X11 forwarding. And firing up any X11 app on the third host fails with: X11 connection rejected because of wrong authentication. X connection to localhost:12.0 broken (explicit kill or server shutdown). This actually sounds like the security fix is working. Does ssh -X -Y do what you want? Say hi to Andy at roadkill for me :). I've started googling for this, but thought I'd throw it out in case others are experiencing the same problem or maybe Troy/Connie have a thought or fix. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Recent openssh problem
We've run into a problem with ssh X11 forwarding, apparently since the 8/23/2008 yum update of openssh packages. In the very recent past we were able to 'ssh -X' from an SL 4.6 host to another SL 4.6 system, and from there do an 'ssh -X' to a third SL 4.6 system and have X11 traffic pipe its way back to the original host with no problems. Now, in the last few days, we find that the 'ssh -X' from first host to second works fine, but then an 'ssh -X' to the third results in: Warning: untrusted X11 forwarding setup failed: xauth key data not generated Warning: No xauth data; using fake authentication data for X11 forwarding. And firing up any X11 app on the third host fails with: X11 connection rejected because of wrong authentication. X connection to localhost:12.0 broken (explicit kill or server shutdown). I've started googling for this, but thought I'd throw it out in case others are experiencing the same problem or maybe Troy/Connie have a thought or fix. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Bind patch
Troy, Connie, Can we expect the bind patch soon? RedHat released it yesterday. I've already patched one of our DNS servers running RHEL3, but we have another running SL4.6. https://rhn.redhat.com/errata/RHSA-2008-0533.html Thanks!! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
hugemem
Original Message Subject: Re: Access disc too slow Date: Thu, 29 May 2008 22:05:11 +0100 (BST) From: Rhys Morris <[EMAIL PROTECTED]> To: Eduardo Bach <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED], Marco André Ferreira Dias <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> Hi Eduardo, Try running kernel-hugemem instead of the normal kernel, I recently had similar problems to you which were fixed by running kernel-hugemem. I upgraded the RAM in a machine from 2gb to 4gb and it ran really slowly with the normal kernel, but fine with kernel-hugemem yum install kernel-hugemem rebboot and pick kernel-hugmem on boot. Good luck, Rhys - Starting a new thread here... Speaking of kernel-hugemem, I'm now curious - I've seen the term before but never gave it much thought, thinking it must be for those huge servers with 16 Gbytes or more of ram. Rhys comment about using kernel-hugemem on a 4GB system has now prompted me to ask at what point does one go or should go (or need to go) to the hugemem kernel? We have a couple of systems at 4GB and will probably get more systems with even more memory. And what were your metrics for slow running vs. fine running? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: Grub question
Jan Kundrát wrote on 4/18/2008 10:52 AM: P. Larry Nelson wrote: Here's what I assume to be a simple grub question OT: please don't click "reply" when you have a question that isn't realted to previous message, it breaks message threading. Really!! How bizarre! I changed the subject so it wouldn't be part of a previous thread. I always use reply since it fills in the To: address, which is easier than typing it in and possibly making a mistake. I apologize to the list but don't understand why, if I changed the subject, it would be part of a previous thread. I always thought threads keyed off the subject line, and I've been using email since it was invented back in the 70's. Oh well - learn something new every day Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Grub question
Here's what I assume to be a simple grub question On one of my systems, /boot is getting quite full with all the kernel updates and I'd like to delete most of the old ones, keeping a couple of the most recent ones. Does one then need to delete the corresponding lines for the deleted kernels in grub.conf? Does anything have to be done after that so grub is aware, like one had to do with the old lilo.conf, i.e., run lilo after any changes that were made? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: NAT service?
This what I used a couple years ago to set up our IP masquerade (or IPMASQ) server, a form of NAT. http://tldp.org/HOWTO/IP-Masquerade-HOWTO/ I'm running it on RHEL_3, 2.4 kernel. The server is triple NIC'd and has one interface to the public LAN and two interfaces to private LANs (192.168.x.x) where we have all our compute and file servers. The IPMASQ server allows me to get software updates from the web but they're invisible to the outside world. The HOWTO does have a section on configuring for a 2.6 kernel. - Larry Mark Van Crombrugge wrote on 4/15/2008 8:00 AM: I would like to activate NAT (Network Address Translation)on my SL v5.1 which is used as a router (2 NIC). But after searching the web, all I can find are general theoretical articles, not how to set this up for real. Many thanks! Mark -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
Re: SL 4.4 systems upgraded to SL 4.6
Thanks Troy! Yes, yum-conf on the systems that went to SL 4.6 is yum-conf-4x-1-7.SL, whereas the systems that stayed at SL 4.4 have yum-conf-44-1.SL. But how that happened is now yet another mystery. ALL my systems were installed using the same set of SL 4.4 CD's. How could some wind up with a different yum-conf? Granted, they were all built at different times over the past couple of years. Could they have picked up a different yum-conf depending on WHEN they were built? The only thing I can think is that my office mate built some of the 40 systems, so maybe he did something different. Of course, that begs the question: how would one specify a different yum-conf during installation? And then the next question: what's the best way to make them all the same (assuming we decide to take them all to SL 4.6) - do a 'yum remove yum-conf' followed by a 'yum install yum-conf-4x-1-7.SL' ? Thanks! - Larry Troy Dawson wrote on 3/14/2008 1:23 PM: P. Larry Nelson wrote: Looking thru my yum email logs today, I noticed that ten of my SL 4.4 systems (I have some 40 SL 4.4 systems - servers of one form or another - all nearly identical installations) had big updates to the tune of something over 140 packages. Odd, I thought since I had not received anything of late from the [EMAIL PROTECTED] list relating to SL4. I wondered why my other 30 systems had not updated, so I went to a couple and did a 'yum update' and they came back with "No Packages marked for Update/Obsoletion". How odd. What's going on, I wondered. Then I did a 'cat /etc/redhat-release' on a system that had the 140 updates and on one that did not and noticed that the ones with the updates are now at SL 4.6 while the other 30 are still SL 4.4. So, why did 1/4 of my systems suddenly decide to update themselves to SL 4.6 and the other 3/4 did not - not even with a manual 'yum update' ?? - Larry Sounds like they were not all identically installed. The odds are that the ones that did the update were pointing to 4x and not 44. Two things to look at rpm -qa | grep yum-conf grep 4x /etc/yum.repos/* Troy -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
SL 4.4 systems upgraded to SL 4.6
Looking thru my yum email logs today, I noticed that ten of my SL 4.4 systems (I have some 40 SL 4.4 systems - servers of one form or another - all nearly identical installations) had big updates to the tune of something over 140 packages. Odd, I thought since I had not received anything of late from the [EMAIL PROTECTED] list relating to SL4. I wondered why my other 30 systems had not updated, so I went to a couple and did a 'yum update' and they came back with "No Packages marked for Update/Obsoletion". How odd. What's going on, I wondered. Then I did a 'cat /etc/redhat-release' on a system that had the 140 updates and on one that did not and noticed that the ones with the updates are now at SL 4.6 while the other 30 are still SL 4.4. So, why did 1/4 of my systems suddenly decide to update themselves to SL 4.6 and the other 3/4 did not - not even with a manual 'yum update' ?? - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/ --- "Information without accountability is just noise." - P.L. Nelson
XFS file system
Speaking of the XFS filesystem, we might need to go that route in the near future, so I thought I'd try mucking around with it. A rudimentary google search turned up a posting to the xfs-list from Dan Yocum where he states that he had merged the xfs bits back into the kernel (looks like in SL302) and to enable xfs support during the install, type 'linux xfs' at the boot prompt. I've tried that with SL44, but when I get to the disk setup portion of the installation, I don't see any options that would allow xfs, just ext2, ext3, LVM, software RAID, swap, and vfat. Question - are the xfs bits incorporated in the SL44 kernel? If so, how does one enable it? If not, how does one go about enabling an xfs filesystem? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.uiuc.edu/ph/www/lnelson --- "Information without accountability is just noise." - P.L. Nelson
yum test option?
I'm still used to years and years of using the rpm command but now am trying to get used to yum, which, as we migrate from RedHat to SL, it all just more or less works via cron so I rarely invoke it manually. However, I want to do a manual yum install of a package and I don't see a "test" option in the man page, similar to the rpm --test option - an option I relied on heavily to keep from shooting myself in the foot. Is there a way to do a "test" with yum? So far google hasn't helped, or I'm not looking in the right places. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.uiuc.edu/ph/www/lnelson --- "Information without accountability is just noise." - P.L. Nelson
Re: loading drivers at install time
Chris Stevens wrote on 3/23/2007 6:29 PM: Another thought... I need to add the Intel RAID driver at install time and Anaconda is only giving me the choice of sda (I'm assuming that's the hard disk) or hdb (is that the CDROM drive?) at the "Driver Disk Source" page. Did you try the /dev/sda option with the floppy in the drive? If the floppy is USB and being treated as SCSI, then /dev/sda might be the floppy. I'm thinking that /dev/sda probably isn't the hard drive. If the installer could see the internal hard disk(s) and assign it to /dev/sda then you wouldn't need a driver in the first place. Chris Bingo! Chris wins the prize! It *is* sda for the floppy. However, the driver I'm trying to load is for the embedded RAID controller and not for the hard disk - the installer sees the disk just fine without any additional driver, which is why I was thrown off by the sda choice - assuming that it was the hard drive. Thanks to all who responded! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.uiuc.edu/ph/www/lnelson --- "Information without accountability is just noise." - P.L. Nelson
Re: loading drivers at install time
Thanks again Connie! I'll check the [Auto] setting on Monday and see if it's got an [Enabled] setting. That may do it But, given that I may just not be able to use the floppy, I still don't understand how you get a driver .img file onto a cd-r. After all, systems *are* being shipped these days sans floppy drives. - Larry Connie Sieh wrote on 3/23/2007 3:20 PM: On Fri, 23 Mar 2007, P. Larry Nelson wrote: Thanks Connie! In the bios, under "Advanced", I see: ++ - Processor Configuration - Memory Configuration - ATA Controller Configuration - Serial Port Configuration - USB Configuration - PCI Configuration - System Acoustic and Performance Configuration ++ Ok, I'm assuming it can't be in the ATA Controller Configuration. Everything there is Enabled anyway. In the USB Configuration, I see: ++ - Detected USB Devices 1 Drive - USB Controller [Enabled] - Legacy USB Support [Disabled] - Port 60/64 Emulation[Disabled] - USB Mass Storage Device Configuration - Device Reset Timeout[20 sec] - Storage Emulation - TEAC FD-05PUB 3000 [Auto] This looks like the floppy. Any choice there other than "auto". -Connie Sieh - USB 2.0 Controller [Enabled] +---+ Now, I hope you don't say I have to enable the Legacy USB Support and the Port 60/64 Emulation, because (from a previous posting last month) I have to have those disabled otherwise the keyboard and mouse don't work. Side question: is the "1 Drive" it detected the cdrom or the floppy? Further data points: Under the "Boot Options" in the BIOS, I see: +---+ - Boot Option #1 [PATA: SR244W ...] - Boot Option #2 [Intel(R) MB RAID] - Boot Option #3 [IBA GE Slot 0500 v...] - Boot Option #4 [[EFI Shell]] +---+ Is one of the above a floppy? Ideas? - Larry Connie Sieh wrote on 3/23/2007 2:33 PM: On Fri, 23 Mar 2007, P. Larry Nelson wrote: Ok, here's my dumb question of the week (might have more next week). Does SL 4.4 not support floppy drives? I indeed does support floppy drives. You should check that your bios has the floppy enabled. Sometimes the floppy will show as a scsi device.(because it is really usb and usb shows as a scsi device) -Connie Sieh Reason I ask is I have an Intel Server System SR1500AL (mother board is Intel Server Board S5000PAL), 1U rack mount, that came with two internal disks (set up to be RAID 1, mirrored), a CDROM drive, and a floppy drive. I need to add the Intel RAID driver at install time and Anaconda is only giving me the choice of sda (I'm assuming that's the hard disk) or hdb (is that the CDROM drive?) at the "Driver Disk Source" page. If I choose hdb and have the appropriate floppy loaded and hit "ok", it just comes back asking me to insert the driver disk again. I'm pretty sure the floppy device should be /dev/fdb (or fd0 or something like that). So, my suspicion is that SL 4.4 does not support floppies, which is a bummer since our entire legacy server installation and rebuild process (that I need to migrate to SL 4.4) is based on floppy diskette kickstarts. Now, pending resolution of that major hurdle, I'm wondering (assuming /dev/hdb is indeed the cdrom) how do I get the .img driver file properly onto a cdrom from my Windows desktop (none of our linux servers has a CD burner)? The rawrite program works only (I suspect) with floppies. I tried using Roxio to put the dd.img file on a cd-r, but that didn't seem to work either. I suspect it's not in the right format. When I open the cd on my Windows box, all I see is a file called dd.img, which, of course, I can't open. When I do the same with the floppy I created with rawrite, I can see the files contained in the dd.img. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.uiuc.edu/ph/www/lnelson - "Information without accountability is just noise." - P.L. Nelson
Re: loading drivers at install time
Ah, Google... In my head scratching on this, I neglected to check Google. Thanks! - Larry Chris Stevens wrote on 3/23/2007 3:40 PM: - Storage Emulation - TEAC FD-05PUB 3000 [Auto] Side question: is the "1 Drive" it detected the cdrom or the floppy? Google of TEAC FD-05PUB shows it as a USB Floppy drive. So as another has posted, probably need to check for a SCSI device name. I haven't used one so don't know what the device name might be. Further data points: Under the "Boot Options" in the BIOS, I see: +---+ - Boot Option #1 [PATA: SR244W ...] - Boot Option #2 [Intel(R) MB RAID] - Boot Option #3 [IBA GE Slot 0500 v...] - Boot Option #4 [[EFI Shell]] +---+ Is one of the above a floppy? Google shows that SR244W is a Mitsumi CDROM drive. The second one down looks like your RAID device (when it is set up). No idea what the bottom two are. See if one is the devices match the TEAC name. Chris -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.uiuc.edu/ph/www/lnelson - "Information without accountability is just noise." - P.L. Nelson
Re: loading drivers at install time
Donald Tripp wrote on 3/23/2007 3:24 PM: Is the floppy internal? If so, it can't be USB. Also, it can't be ATA (Hard Drives and CD-ROM drives only). You're boot options also don't If by "internal" you mean that it's part of the system and not attached with an external cable, yes, it sits just below the cdrom in the chassis. Why can't it be USB? Couldn't it be wired internally to a motherboard USB port? show a floppy. It is common to have more boot devices than can fit in the list, so does it give you the option to change the devices? Usually if you highlight it with the keyboard and hit enter or something. Not sure about that. Can't get to it right now - I'm home having a beer! I'll check on Monday. If you watch the machine boot, is there an option F12 or something, to select boot devices? Some motherboard have this. Not sure about that, either - will investigate. Thanks! - Larry - Donald Tripp [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> -- HPC Systems Administrator High Performance Computing Center University of Hawai'i at Hilo 200 W. Kawili Street Hilo, Hawaii 96720 http://www.hpc.uhh.hawaii.edu On Mar 23, 2007, at 10:11 AM, P. Larry Nelson wrote: Thanks Connie! In the bios, under "Advanced", I see: ++ - Processor Configuration - Memory Configuration - ATA Controller Configuration - Serial Port Configuration - USB Configuration - PCI Configuration - System Acoustic and Performance Configuration ++ Ok, I'm assuming it can't be in the ATA Controller Configuration. Everything there is Enabled anyway. In the USB Configuration, I see: ++ - Detected USB Devices 1 Drive - USB Controller [Enabled] - Legacy USB Support [Disabled] - Port 60/64 Emulation [Disabled] - USB Mass Storage Device Configuration - Device Reset Timeout [20 sec] - Storage Emulation - TEAC FD-05PUB 3000 [Auto] - USB 2.0 Controller [Enabled] +---+ Now, I hope you don't say I have to enable the Legacy USB Support and the Port 60/64 Emulation, because (from a previous posting last month) I have to have those disabled otherwise the keyboard and mouse don't work. Side question: is the "1 Drive" it detected the cdrom or the floppy? Further data points: Under the "Boot Options" in the BIOS, I see: +---+ - Boot Option #1 [PATA: SR244W ...] - Boot Option #2 [Intel(R) MB RAID] - Boot Option #3 [IBA GE Slot 0500 v...] - Boot Option #4 [[EFI Shell]] +-------+ Is one of the above a floppy? Ideas? - Larry Connie Sieh wrote on 3/23/2007 2:33 PM: On Fri, 23 Mar 2007, P. Larry Nelson wrote: Ok, here's my dumb question of the week (might have more next week). Does SL 4.4 not support floppy drives? I indeed does support floppy drives. You should check that your bios has the floppy enabled. Sometimes the floppy will show as a scsi device.(because it is really usb and usb shows as a scsi device) -Connie Sieh Reason I ask is I have an Intel Server System SR1500AL (mother board is Intel Server Board S5000PAL), 1U rack mount, that came with two internal disks (set up to be RAID 1, mirrored), a CDROM drive, and a floppy drive. I need to add the Intel RAID driver at install time and Anaconda is only giving me the choice of sda (I'm assuming that's the hard disk) or hdb (is that the CDROM drive?) at the "Driver Disk Source" page. If I choose hdb and have the appropriate floppy loaded and hit "ok", it just comes back asking me to insert the driver disk again. I'm pretty sure the floppy device should be /dev/fdb (or fd0 or something like that). So, my suspicion is that SL 4.4 does not support floppies, which is a bummer since our entire legacy server installation and rebuild process (that I need to migrate to SL 4.4) is based on floppy diskette kickstarts. Now, pending resolution of that major hurdle, I'm wondering (assuming /dev/hdb is indeed the cdrom) how do I get the .img driver file properly onto a cdrom from my Windows desktop (none of our linux servers has a CD burner)? The rawrite program works only (I suspect) with floppies. I tried using Roxio to put the dd.img file on a cd-r, but that didn't seem to work either. I suspect it's not in the right format. When I open the cd on my Windows box, all I see is a file called dd.img, which, of course, I can't open. When I do the same with the floppy I created with rawrite, I can see the files contained in the dd.img. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administra
Re: loading drivers at install time
Thanks Connie! In the bios, under "Advanced", I see: ++ - Processor Configuration - Memory Configuration - ATA Controller Configuration - Serial Port Configuration - USB Configuration - PCI Configuration - System Acoustic and Performance Configuration ++ Ok, I'm assuming it can't be in the ATA Controller Configuration. Everything there is Enabled anyway. In the USB Configuration, I see: ++ - Detected USB Devices 1 Drive - USB Controller [Enabled] - Legacy USB Support [Disabled] - Port 60/64 Emulation [Disabled] - USB Mass Storage Device Configuration - Device Reset Timeout [20 sec] - Storage Emulation - TEAC FD-05PUB 3000 [Auto] - USB 2.0 Controller [Enabled] +---+ Now, I hope you don't say I have to enable the Legacy USB Support and the Port 60/64 Emulation, because (from a previous posting last month) I have to have those disabled otherwise the keyboard and mouse don't work. Side question: is the "1 Drive" it detected the cdrom or the floppy? Further data points: Under the "Boot Options" in the BIOS, I see: +---+ - Boot Option #1 [PATA: SR244W ...] - Boot Option #2 [Intel(R) MB RAID] - Boot Option #3 [IBA GE Slot 0500 v...] - Boot Option #4 [[EFI Shell]] +---+ Is one of the above a floppy? Ideas? - Larry Connie Sieh wrote on 3/23/2007 2:33 PM: On Fri, 23 Mar 2007, P. Larry Nelson wrote: Ok, here's my dumb question of the week (might have more next week). Does SL 4.4 not support floppy drives? I indeed does support floppy drives. You should check that your bios has the floppy enabled. Sometimes the floppy will show as a scsi device.(because it is really usb and usb shows as a scsi device) -Connie Sieh Reason I ask is I have an Intel Server System SR1500AL (mother board is Intel Server Board S5000PAL), 1U rack mount, that came with two internal disks (set up to be RAID 1, mirrored), a CDROM drive, and a floppy drive. I need to add the Intel RAID driver at install time and Anaconda is only giving me the choice of sda (I'm assuming that's the hard disk) or hdb (is that the CDROM drive?) at the "Driver Disk Source" page. If I choose hdb and have the appropriate floppy loaded and hit "ok", it just comes back asking me to insert the driver disk again. I'm pretty sure the floppy device should be /dev/fdb (or fd0 or something like that). So, my suspicion is that SL 4.4 does not support floppies, which is a bummer since our entire legacy server installation and rebuild process (that I need to migrate to SL 4.4) is based on floppy diskette kickstarts. Now, pending resolution of that major hurdle, I'm wondering (assuming /dev/hdb is indeed the cdrom) how do I get the .img driver file properly onto a cdrom from my Windows desktop (none of our linux servers has a CD burner)? The rawrite program works only (I suspect) with floppies. I tried using Roxio to put the dd.img file on a cd-r, but that didn't seem to work either. I suspect it's not in the right format. When I open the cd on my Windows box, all I see is a file called dd.img, which, of course, I can't open. When I do the same with the floppy I created with rawrite, I can see the files contained in the dd.img. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.uiuc.edu/ph/www/lnelson --- "Information without accountability is just noise." - P.L. Nelson
loading drivers at install time
Ok, here's my dumb question of the week (might have more next week). Does SL 4.4 not support floppy drives? Reason I ask is I have an Intel Server System SR1500AL (mother board is Intel Server Board S5000PAL), 1U rack mount, that came with two internal disks (set up to be RAID 1, mirrored), a CDROM drive, and a floppy drive. I need to add the Intel RAID driver at install time and Anaconda is only giving me the choice of sda (I'm assuming that's the hard disk) or hdb (is that the CDROM drive?) at the "Driver Disk Source" page. If I choose hdb and have the appropriate floppy loaded and hit "ok", it just comes back asking me to insert the driver disk again. I'm pretty sure the floppy device should be /dev/fdb (or fd0 or something like that). So, my suspicion is that SL 4.4 does not support floppies, which is a bummer since our entire legacy server installation and rebuild process (that I need to migrate to SL 4.4) is based on floppy diskette kickstarts. Now, pending resolution of that major hurdle, I'm wondering (assuming /dev/hdb is indeed the cdrom) how do I get the .img driver file properly onto a cdrom from my Windows desktop (none of our linux servers has a CD burner)? The rawrite program works only (I suspect) with floppies. I tried using Roxio to put the dd.img file on a cd-r, but that didn't seem to work either. I suspect it's not in the right format. When I open the cd on my Windows box, all I see is a file called dd.img, which, of course, I can't open. When I do the same with the floppy I created with rawrite, I can see the files contained in the dd.img. Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.uiuc.edu/ph/www/lnelson --- "Information without accountability is just noise." - P.L. Nelson
Re: SL 4.4 and RAID 0
Connie Sieh wrote on 3/2/2007 3:33 PM: On Fri, 2 Mar 2007, P. Larry Nelson wrote: I'm guessing this is not necessarily an SL 4.4 problem, but since that's what I'm trying to install, I thought I'd try the question here. When trying to install SL 4.4 on a box with either an embedded RAID controller or an add-on card, and having two identical Most embedded raid controlers are not really raid controllers at all. They are just disk controllers with software that does raid. This is known as fake raid. hard disks, and having configured the RAID controller to use RAID 0 (mirrored disks), the installation process still sees two separate disks (sda & sdb). When the same setup is used to install Windows, Windows sees the two disks presented as just one disk by the controller, and mirroring takes place. Is there some special parameter one needs to pass to the linux installation program in order for it to recognize that the two physical disks are hardware RAID 0 and that it should only see one disk designation from the controller? What raid controller do your have? A lspci should show it. -Connie Sieh The raid controller is an LSI Logic on an Intel Server System SR1500AL (mother board is Intel Server Board S5000PAL). This has also happened with a Promise TX2000 onboard raid controller. In both cases, a Windows installation sees the mirrored raid set as a single disk, whereas linux still sees two separate disks. ?? Thanks! - Larry -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[EMAIL PROTECTED]| http://www.uiuc.edu/ph/www/lnelson --- "Information without accountability is just noise." - P.L. Nelson
