[CentOS] opened OpenSSL port
Main question: is it safe, to open a port for an openssl server? e.g.: server side - generate a self-signed cert. time openssl req -x509 -nodes -days 365 -newkey rsa:8192 -keyout mycert.pem -out mycert.pem openssl s_server -accept 52310 -cert mycert.pem Is it secure? - it could be DOSed' [DenialofService] or could it be attacked in any way? Are there any iptables rule for restricting connections to dyndns names? e.g.: only allow connection from asdfasdf.dyndns.com and asdfasdf2.dyndns.com and asdfasdf3.dyndns.com? How could i restrict the openssl server to only accept traffic from given clients? Please help me think.. Or are there any production ready methods, that can do authentication too? [+using ssl]. openssl s_server and openssl s_client would be perfect, but the problem is it doesn't has username/password auth :\ Thank you for any help. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] opened OpenSSL port
On 02/27/11 1:50 AM, erikmccaskey64 wrote: Main question: is it safe, to open a port for an openssl server? e.g.: server side - generate a self-signed cert. time openssl req -x509 -nodes -days 365 -newkey rsa:8192 -keyout mycert.pem -out mycert.pem openssl s_server -accept 52310 -cert mycert.pem Is it secure? - it could be DOSed' [DenialofService] or could it be attacked in any way? Are there any iptables rule for restricting connections to dyndns names? e.g.: only allow connection from asdfasdf.dyndns.com and asdfasdf2.dyndns.com and asdfasdf3.dyndns.com? any host names used in iptables rules are looked up at the time the rule is created, and if the hostname-IP later changed, the iptables would not be aware of this until the next time they are reloaded. How could i restrict the openssl server to only accept traffic from given clients? Please help me think.. Or are there any production ready methods, that can do authentication too? [+using ssl]. openssl s_server and openssl s_client would be perfect, but the problem is it doesn't has username/password auth :\ aren't those openssl s_server and s_client intended just for testing protocols? If you want to secure an application, you implement ssl in your application via libssl, or you use a vpn tunnel such as openvpn (which uses SSL itself) anyways, the whole idea of SSL is to use certificate based authentication rather than username/password. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IP6 Anyone?
On 27/02/11 06:46, Always Learning wrote: Octets Thanks for pointing-out my misunderstanding. I'll remember 2 octets are really 2 characters (IBM's bytes) = 2 digits, 4 octal numbers or 4 hexadecimal numbers. This is a confusing summary. 3 bits = 1 octal number (values 0-7) 4 bits = 1 nibble (values 0-15 or in hex 0x0-0xF) 8 bits = 2 nibbles = 1 byte or 1 octet (values 0-255 or in hex 0x00-0xFF) Don't mix in octal numbers, as that's a completely different numeric system which is very seldom used nowadays. Octal numbers are smaller than nibbles, which is usually the smallest unit referred to in today's computers. IPv4 uses 32 bits addresses, hence 4 bytes (4 bytes * 8 bits per byte = 32 bits). Organised into 4 group, separated by dot. Each group contains 1 byte, where user interfaces uses decimal notation, with values from 0 to 255 IPv6 uses 128 bits addresses, hence 16 bytes (16 bytes * 8 bits per byte = 128 bits). Organised into 8 groups separated by colon. Each group contains of 2 bytes, where user interfaces uses hexadecimal notation, with values 0x to 0x. That's basically it. kind regards, David Sommerseth ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Octet (was: IP6 Anyone?)
--On Saturday, February 26, 2011 9:04 PM + Always Learning cen...@g7.u22.net wrote: Are you sure 'octets' is correct? https://secure.wikimedia.org/wikipedia/en/wiki/Octet_%28computing%29 Those of us who've used older mainframes (such as the PDP-10) remember byte being a synonym for bit field and a byte could be any number of bits, typically from 1 to 36 (on a 36-bit-wide machine). 7-bit and 9-bit bytes were quite common on such machines. The PDP-11 and microcomputers used 8-bit bytes, and their popularity meant most people using computers at home or in small businesses assumed that that was the only size a byte could be. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Standard location for hotplug-time hdparm invocation
I need to disable the spin-down on an external USB drive because it spins down spontaneously while in use. The drive forgets the spindown-disable state across power outage so I need to reissue the hdparm command with each boot or hotplug. Where should I put the hdparm command to do this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Octet (was: IP6 Anyone?)
On Sun, 2011-02-27 at 04:12 -0800, Kenneth Porter wrote: Those of us who've used older mainframes (such as the PDP-10) remember byte being a synonym for bit field and a byte could be any number of bits, typically from 1 to 36 (on a 36-bit-wide machine). 7-bit and 9-bit bytes were quite common on such machines. PDP being a 'main franme'? Baby mainframe perhaps when compared to Honeywell's (later Bull's) Level 66? Level 66 had 36 bit words which could be used as 6 BCD characters or 4 ASCII characters. The PDP-11 and microcomputers used 8-bit bytes, and their popularity meant most people using computers at home or in small businesses assumed that that was the only size a byte could be. Those *were* the days. With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IP6 Anyone?
On Sun, 2011-02-27 at 00:38 -0600, Larry Vaden wrote: On Sat, Feb 26, 2011 at 2:12 PM, Always Learning cen...@g7.u22.net wrote: Today I received an allocation of IP6 addresses for some servers. I can 'play' with the last 2 of the 8 IP6 address segments. I guess Will Rogers was correct after all :) You can label yourself as special since others get assignments of IPv4 and IPv6 addresses. https://www.arin.net/policy/archive/ipv6_policy.html#25 says, in part: 2.5. Allocate To allocate means to distribute address space to IRs for the purpose of subsequent distribution by them. 2.6. Assign To assign means to delegate address space to an ISP or end-user, for specific use within the Internet infrastructure they operate. Assignments must only be made for specific purposes documented by specific organizations and are not to be sub-assigned to other parties. I was actually wrong. I can 'play' with not 2 but 4 groups of the IP6 allocation. Golly, what can I do with 64 x 64 x 64 x 64 address combinations? Hire then out? Have a different IP6 address for every hour of the year? Put the IP4 address in the last 4 groups? (2001::10.2.2.191) That vast surplus of IP6 addresses is just for one server - I have several. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IP6 Anyone?
On Sun, Feb 27, 2011 at 3:44 PM, Always Learning cen...@g7.u22.net wrote: I was actually wrong. I can 'play' with not 2 but 4 groups of the IP6 allocation. Golly, what can I do with 64 x 64 x 64 x 64 address combinations? Hire then out? Have a different IP6 address for every hour of the year? Put the IP4 address in the last 4 groups? (2001::10.2.2.191) That vast surplus of IP6 addresses is just for one server - I have several. -- Assign a new IP to every service, every port and every instance of every service you can ever think of running ;) -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IP6 Anyone?
On Sun, Feb 27, 2011 at 01:44:17PM +, Always Learning wrote: I was actually wrong. I can 'play' with not 2 but 4 groups of the IP6 allocation. Golly, what can I do with 64 x 64 x 64 x 64 address That's an odd combination. 64 is 6 bits, which has nothing to do with an IPv6 group. Many IPv6 allocations to end users are a /64, which means you get something like ::::::: to play with; the a-d are fixed, you get the rest on your own. That's actually 2^64 (or 65536*65536*65536*65536, or 18,446,744,073,709,551,616) addresses. IPv4 only has 2^32 addresses in total! I have 2 /64s via tunnelbroker.net (one for home, one for my linode) and a native /80 from Panix for my v-colo. Organisations may actually get /48 networks, just in case they're gonna run out. Actually it's if they want to subnet and route; a /64 is the best smallest subnet in many cases because of address autoconfiguration, so a /48 allows them to build 2^16=65536 subnets. combinations? Hire then out? Have a different IP6 address for every hour of the year? Put the IP4 address in the last 4 groups? (2001::10.2.2.191) Well, you won't have 2001:0:0:0:0:0, but there are mechanisms for this actually :-) 2001::10.2.2.191 is a perfectly valid way of writing 2001::0a02:02bf and is designed to help with the transition. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Standard location for hotplug-time hdparm invocation
On Sun, 27 Feb 2011, Kenneth Porter wrote: To: CentOS mailing list centos@centos.org From: Kenneth Porter sh...@sewingwitch.com Subject: [CentOS] Standard location for hotplug-time hdparm invocation I need to disable the spin-down on an external USB drive because it spins down spontaneously while in use. The drive forgets the spindown-disable state across power outage so I need to reissue the hdparm command with each boot or hotplug. Where should I put the hdparm command to do this? Not sure about hotpluging, but for the reboot /etc/rc.d/rc.local might be a good place to try this: #!/bin/sh # # This script will be executed *after* all the other init # scripts. You can put your own initialization stuff in here # if you don't want to do the full Sys V style init stuff. touch /var/lock/subsys/local # turn off DMA for hde WD drive # -d0 = off # -d1 = on # hdparm -d0 /dev/hde # set sector count for multiple sector I/O # WD drives like a low setting # to prevent I/O data errors. # hdparm -m2 /dev/hde Kind Regards, Keith Roberts - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IP6 Anyone?
On 27/02/11 14:44, Always Learning wrote: I was actually wrong. I can 'play' with not 2 but 4 groups of the IP6 allocation. Golly, what can I do with 64 x 64 x 64 x 64 address combinations? Hire then out? Have a different IP6 address for every hour of the year? If you got allocated a /48 net from you ISP you will have this setup: ISP prefix, 48 bit:16bit subnetting:64 bit address scope This gives you 65536 subnets with 64 bit subnet mask (/64). An example, 'AA' indicates the ISP, 'BB' indicates the subnet: :::::/64 ISP prefix 16 + 16 + 16 = 48 bits Your own subnets + 16= 64 bits If you are given a /56 net from you ISP, it will look more like this: ISP prefix, 48 bit:cont. ISP prefix 8 bit8 bit subnetting:64 bit addr This gives you 256 subnets with 64 bit subnet mask. An example: :::AABB::/64 ISP prefix 16 + 16 + 16 + 8 = 56 bits Your own subnets+ 8 = 64 bits It is really not recommended to segment your own networks in smaller subnets than /64 nets. F.ex. if you want to use radvd for stateless auto-configuration, it will expect 64 bit subnets. It is doable to make smaller subnets, but don't do that unless you really know what you're doing. Using 64bit subnets makes it so easy to handle them. You know that the first 64bits of an address is the prefix to your own subnet. As there are no network address (like 192.168.0.0), no broadcast address (like 192.168.0.255), any addresses within a /64 subnet will be a valid IPv6 address for that subnet. And it will be a global IP address in addition. The rest, is just firewalling and routing. Which is basically the same as in the IPv4 world, just with different address syntax. Put the IP4 address in the last 4 groups? (2001::10.2.2.191) I recommend you to *not* mix in stuff like this, at least in the very beginning. Run a dual stack IPv4 and IPv6 environment. It's easier to maintain, and they both run fine together in the same physical network segment. That vast surplus of IP6 addresses is just for one server - I have several. Yes, IPv6 gives every site a lot of more possibilities. And in IPv6 each NIC can have multiple IPv6 addresses, without using aliasing which is needed for IPv4. If you want to allocate 30 IPv6 addresses to one adapter, you may do so very easily. Just use 'ip -6 addr add ipv6 addr dev eth0' kind regards, David Sommerseth ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IP6 Anyone?
On 2/27/11 8:00 AM, Rudi Ahlers wrote: On Sun, Feb 27, 2011 at 3:44 PM, Always Learningcen...@g7.u22.net wrote: I was actually wrong. I can 'play' with not 2 but 4 groups of the IP6 allocation. Golly, what can I do with 64 x 64 x 64 x 64 address combinations? Hire then out? Have a different IP6 address for every hour of the year? Put the IP4 address in the last 4 groups? (2001::10.2.2.191) That vast surplus of IP6 addresses is just for one server - I have several. -- Assign a new IP to every service, every port and every instance of every service you can ever think of running ;) Just keep in mind that you'll have to remember them all to configure your firewalling appropriately - which will be painful if you don't arrange some sort of sensible ranges. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IP6 Anyone?
On 2/27/11 9:38 AM, David Sommerseth wrote: Yes, IPv6 gives every site a lot of more possibilities. And in IPv6 each NIC can have multiple IPv6 addresses, without using aliasing which is needed for IPv4. If you want to allocate 30 IPv6 addresses to one adapter, you may do so very easily. Just use 'ip -6 addr addipv6 addr dev eth0' Is there any difference in efficiency in how well the NIC hardware filters the assigned addresses? What about multicast - is there a good place to look for documentation? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could CentOS 5.5 on newer hardware make it freeze or shutdown?
On Mon, Jan 24, 2011 at 22:48, cwlists cwli...@gmail.com wrote:
On Sun, Jan 23, 2011 at 00:14, compdoc comp...@hotrodpc.com wrote:
I have built a new PC on which I've installed CentOS 5.5 64-bit (with
updates) which after some hours of running suddenly either hard freeze
or instant power off.
Can you check a setting in the bios - see if there's an option named: PCI
Latency Timer
No, only some frequency adjustment of the PCI-Express bus.
Update:
After some more days of running Fedora 14 those disk timeouts has
started to appear. After a search on the net about similar NCQ
problems I added this to /etc/rc.local yesterday, and so far I haven't
seen any disk timeouts since then:
for D in sd{b,c,d,e,f,g} ; do
echo 1 /sys/block/$D/device/queue_depth
done
Eventually I wish to install CentOS 6 and hopefully I will not have
the same problem as with CentOS 5.5. In the mean time I will make a
try with Scientific Linux 6 alpha or RHEL 6 beta2 and see what
happens.
Update 2:
Since the 25:th of January the PC has been running SL 6 (6rolling,
dated 2011-01-21) without any problems at all (except the NCQ problem
which has been solved by the earlier mentioned solution above).
I'm still a bit confused that an OS can make a PC to suddenly power
off, but at least now I feel confident that I don't have to replace
any part of the newly bought hardware if I run RHEL/CentOS/SL 6.
//Christian
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Octet
On 02/27/11 5:32 AM, Always Learning wrote: On Sun, 2011-02-27 at 04:12 -0800, Kenneth Porter wrote: Those of us who've used older mainframes (such as the PDP-10) remember byte being a synonym for bit field and a byte could be any number of bits, typically from 1 to 36 (on a 36-bit-wide machine). 7-bit and 9-bit bytes were quite common on such machines. PDP being a 'main franme'? Baby mainframe perhaps when compared to Honeywell's (later Bull's) Level 66? Level 66 had 36 bit words which could be used as 6 BCD characters or 4 ASCII characters. the PDP-10 was in fact considered a mainframe in the 1960s. They were more commonly called DECsystem-10, or KA10, KL10. the CPU was multiple cabinets, the KL10 supported up to 4 megawords of ram (where a word was 36 bits). They were commonly used as timesharing systems which was relatively uncommon in the late 1960s ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IP6 Anyone?
On 02/27/11 9:16 AM, Les Mikesell wrote: Is there any difference in efficiency in how well the NIC hardware filters the assigned addresses? NIC's work in MAC addresses, not IP. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Recover botched drdb gfs2 setup .
Hi.
The short story... Rush job, never done clustered file systems before,
vlan didn't support multicast. Thus I ended up with drbd working ok
between the two servers but cman / gfs2 not working, resulting in what
was meant to be a drbd primary/primary cluster being a primary/secondary
cluster until the vlan could be fixed with gfs only mounted on the one
server. I got the single server working and left to for the contractor
to do there bit. Two months down the line and a few other hiccups in the
mix I have a server that wont mount the gfs partition.. assuming that
drbd hasn't gotten confused and lost the data on the drive..
If I can how do I fix this.
Drbd is currently as follows:
[root@mcvpsam01 init.d]# drbd-overview
1:r0 WFConnection Primary/Unknown UpToDate/DUnknown C r
Cman:
[root@mcvpsam01 init.d]# /etc/init.d/cman status
groupd is stopped
gfs2 mount
[root@mcvpsam01 init.d]# ./gfsmount.sh start
Mounting gfs2 partition
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: gfs_controld not running
/sbin/mount.gfs2: error mounting lockproto lock_dlm
[root@mcvpsam01 init.d]#
And log/messages
Feb 28 09:20:39 mcvpsam01 openais[3328]: [TOTEM] The consensus timeout
expired.
Feb 28 09:20:39 mcvpsam01 openais[3328]: [TOTEM] entering GATHER state
from 3.
Feb 28 09:20:54 mcvpsam01 openais[3328]: [TOTEM] The consensus timeout
expired.
Feb 28 09:20:54 mcvpsam01 openais[3328]: [TOTEM] entering GATHER state
from 3.
Feb 28 09:21:09 mcvpsam01 openais[3328]: [TOTEM] The consensus timeout
expired.
Feb 28 09:21:09 mcvpsam01 openais[3328]: [TOTEM] entering GATHER state
from 3.
cluster.conf
[root@mcvpsam01 init.d]# cat /etc/cluster/cluster.conf
?xml version=1.0?
cluster alias=cluster-setup config_version=1 name=cluster-setup
rm log_level=4/
fence_daemon clean_start=1 post_fail_delay=0
post_join_delay=3/
clusternodes
clusternode name=mcvpsam01 nodeid=1 votes=1
fence
method name=2
device name=LastResortNode01/
/method
/fence
/clusternode
clusternode name=drvpsam01 nodeid=2 votes=1
fence
method name=2
device name=LastResortNode02/
/method
/fence
/clusternode
/clusternodes
cman expected_votes=1 two_node=1/
fencedevices
fencedevice agent=fence_manual name=LastResortNode01
nodename=mcvpsam01/
fencedevice agent=fence_manual name=LastResortNode02
nodename=drvpsam01/
/fencedevices
rm/
totem consensus=4800 join=60 token=1
token_retransmits_before_loss_const=20/
/cluster
[root@mcvpsam01 init.d]#
Drbd.conf
[root@mcvpsam01 init.d]# cat /etc/drbd.conf
resource r0 {
protocol C;
syncer { rate 1000M; }
startup {
wfc-timeout 120;# wait 2min for other peers
degr-wfc-timeout 120; # wait 2min if peer was already
# down before this node was
rebooted
become-primary-on both;
}
net {
allow-two-primaries;
#cram-hmac-alg sha1; # algo to enable peer
authentication
#shared-secret 123456;
# handle split-brain situations
after-sb-0pri discard-least-changes;# if no primary auto sync from
the
# node that touched more blocks
during
# the split brain situation.
after-sb-1pri discard-secondary;# if one primary
after-sb-2pri disconnect; # if two primaries
# solve the cases when the outcome
# of the resync decision is incompatible
# with the current role assignment in
# the cluster
rr-conflict disconnect; # no automatic resynchronization
# simply disconnect
}
disk {
on-io-error detach; # detach the device from its
# backing storage if the driver
of
# the lower_device reports an
error
# to DRBD
#fencing resource-and-stonith;
}
on mcvpsam01 {
device /dev/drbd1;
disk /dev/sdb1;
address 202.37.1.133:7789;
meta-disk internal;
}
on drvpsam01 {
device
[CentOS] log time formats - where is this defined
One of my servers is using ISO datetime formats (2011-02-27T15:22:15.519857-05:00) in the logs the rest use the default redhat/CentOS format (Feb 27 15:10:21). After a couple of hours searching google I cannot find where this is defined. I know I changed it some months ago as an experiment but forgotten where this was done. the ISO format breaks logwatch - thus I need to revert. TIA attachment: rkampen.vcf___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] log time formats - where is this defined
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Rob Kampen Sent: Sunday, February 27, 2011 3:34 PM To: CentOS mailing list Subject: [CentOS] log time formats - where is this defined One of my servers is using ISO datetime formats (2011-02-27T15:22:15.519857-05:00) in the logs the rest use the default redhat/CentOS format (Feb 27 15:10:21). After a couple of hours searching google I cannot find where this is defined. I know I changed it some months ago as an experiment but forgotten where this was done. the ISO format breaks logwatch - thus I need to revert. I had problems with that, here's the fix: Add to first line of /etc/rsyslog.conf: $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat Here's the Bugzilla for this problem: https://bugzilla.redhat.com/show_bug.cgi?id=583621 Al ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] log time formats - where is this defined
On Sun, 27 Feb 2011 15:33:57 -0500 Rob Kampen rkam...@kampensonline.com wrote: One of my servers is using ISO datetime formats (2011-02-27T15:22:15.519857-05:00) in the logs the rest use the default redhat/CentOS format (Feb 27 15:10:21). After a couple of hours searching google I cannot find where this is defined. I know I changed it some months ago as an experiment but forgotten where this was done. the ISO format breaks logwatch - thus I need to revert. Have you changed that box to use rsyslog instead of the default syslog? If so, there's a post on HowToForge with some info on how to put it back into traditional format: http://www.howtoforge.com/forums/showthread.php?t=49642 More detail is in man rsyslog.conf in the TEMPLATES section. -- Spiro Harvey Knossos Networks Ltd (04) 460-2531 : (021) 295-1923 www.knossos.net.nz signature.asc Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IP6 Anyone?
On 2/27/11 12:50 PM, John R Pierce wrote: On 02/27/11 9:16 AM, Les Mikesell wrote: Is there any difference in efficiency in how well the NIC hardware filters the assigned addresses? NIC's work in MAC addresses, not IP. Sort-of. Most NICs know enough about IPv4 multicast to at least help filter unwanted addresses without bothering the CPU. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Octet
--On Sunday, February 27, 2011 10:48 AM -0800 John R Pierce pie...@hogranch.com wrote: the PDP-10 was in fact considered a mainframe in the 1960s. They were more commonly called DECsystem-10, or KA10, KL10. the CPU was multiple cabinets, the KL10 supported up to 4 megawords of ram (where a word was 36 bits). They were commonly used as timesharing systems which was relatively uncommon in the late 1960s https://secure.wikimedia.org/wikipedia/en/wiki/PDP-10 I used them at MIT in the early 80's and also at Systems Concepts, which designed a clone. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Standard location for hotplug-time hdparm invocation
--On Sunday, February 27, 2011 3:37 PM + Keith Roberts ke...@karsites.net wrote: Not sure about hotpluging, but for the reboot /etc/rc.d/rc.local might be a good place to try this: Googling turned up that suggestion a lot. But I realized that since this is a backup drive, it would be more useful to do it when it's plugged in. It seems like invoking hdparm from udev or one of its downstream relatives (hald, etc.) would be the logical place. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Standard location for hotplug-time hdparm invocation
BTW, this came up because the drive is a Seagate GoFlex Desk which spins down and then won't come back up reliably. Googling around turned up this patch that looks like it shows up in a much later kernel, no earlier than 2.6.24: http://comments.gmane.org/gmane.linux.usb.devel/58653 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Octet
On Sun, 2011-02-27 at 10:48 -0800, John R Pierce wrote: the PDP-10 was in fact considered a mainframe in the 1960s. They were more commonly called DECsystem-10, or KA10, KL10. the CPU was multiple cabinets, the KL10 supported up to 4 megawords of ram (where a word was 36 bits). They were commonly used as timesharing systems which was relatively uncommon in the late 1960s What type of memory did it have? At my second computer job in 1967 on a Honeywell H-120 (a baby machine with 3 tapes which took 1 hour to do a Cobol compilation ... and then another hour for a recompile to correct the 400 errors the Punch Room had mysteriously added to 'verified' coding sheets) the memory was magnetic cores using 3 wires physically through each hollow core or ring. The memory total was, I think, octal 3. I can still read punch cards held upto the light to see where the holes are :-) -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recover botched drdb gfs2 setup .
Hi.
No worries it was a firewall issue. Not quite as bad as I though J .
Greg Machin
Systems Administrator - Linux
Infrastructure Group, Information Services
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Machin, Greg
Sent: Monday, 28 February 2011 9:33 a.m.
To: CentOS mailing list
Subject: [CentOS] Recover botched drdb gfs2 setup .
Hi.
The short story... Rush job, never done clustered file systems before,
vlan didn't support multicast. Thus I ended up with drbd working ok
between the two servers but cman / gfs2 not working, resulting in what
was meant to be a drbd primary/primary cluster being a primary/secondary
cluster until the vlan could be fixed with gfs only mounted on the one
server. I got the single server working and left to for the contractor
to do there bit. Two months down the line and a few other hiccups in the
mix I have a server that wont mount the gfs partition.. assuming that
drbd hasn't gotten confused and lost the data on the drive..
If I can how do I fix this.
Drbd is currently as follows:
[root@mcvpsam01 init.d]# drbd-overview
1:r0 WFConnection Primary/Unknown UpToDate/DUnknown C r
Cman:
[root@mcvpsam01 init.d]# /etc/init.d/cman status
groupd is stopped
gfs2 mount
[root@mcvpsam01 init.d]# ./gfsmount.sh start
Mounting gfs2 partition
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: can't connect to gfs_controld: Connection refused
/sbin/mount.gfs2: gfs_controld not running
/sbin/mount.gfs2: error mounting lockproto lock_dlm
[root@mcvpsam01 init.d]#
And log/messages
Feb 28 09:20:39 mcvpsam01 openais[3328]: [TOTEM] The consensus timeout
expired.
Feb 28 09:20:39 mcvpsam01 openais[3328]: [TOTEM] entering GATHER state
from 3.
Feb 28 09:20:54 mcvpsam01 openais[3328]: [TOTEM] The consensus timeout
expired.
Feb 28 09:20:54 mcvpsam01 openais[3328]: [TOTEM] entering GATHER state
from 3.
Feb 28 09:21:09 mcvpsam01 openais[3328]: [TOTEM] The consensus timeout
expired.
Feb 28 09:21:09 mcvpsam01 openais[3328]: [TOTEM] entering GATHER state
from 3.
cluster.conf
[root@mcvpsam01 init.d]# cat /etc/cluster/cluster.conf
?xml version=1.0?
cluster alias=cluster-setup config_version=1 name=cluster-setup
rm log_level=4/
fence_daemon clean_start=1 post_fail_delay=0
post_join_delay=3/
clusternodes
clusternode name=mcvpsam01 nodeid=1 votes=1
fence
method name=2
device name=LastResortNode01/
/method
/fence
/clusternode
clusternode name=drvpsam01 nodeid=2 votes=1
fence
method name=2
device name=LastResortNode02/
/method
/fence
/clusternode
/clusternodes
cman expected_votes=1 two_node=1/
fencedevices
fencedevice agent=fence_manual name=LastResortNode01
nodename=mcvpsam01/
fencedevice agent=fence_manual name=LastResortNode02
nodename=drvpsam01/
/fencedevices
rm/
totem consensus=4800 join=60 token=1
token_retransmits_before_loss_const=20/
/cluster
[root@mcvpsam01 init.d]#
Drbd.conf
[root@mcvpsam01 init.d]# cat /etc/drbd.conf
resource r0 {
protocol C;
syncer { rate 1000M; }
startup {
wfc-timeout 120;# wait 2min for other peers
degr-wfc-timeout 120; # wait 2min if peer was already
# down before this node was
rebooted
become-primary-on both;
}
net {
allow-two-primaries;
#cram-hmac-alg sha1; # algo to enable peer
authentication
#shared-secret 123456;
# handle split-brain situations
after-sb-0pri discard-least-changes;# if no primary auto sync from
the
# node that touched more blocks
during
# the split brain situation.
after-sb-1pri discard-secondary;# if one primary
after-sb-2pri disconnect; # if two primaries
# solve the cases when the outcome
# of the resync decision is incompatible
# with the current role assignment in
# the cluster
rr-conflict disconnect; # no automatic resynchronization
# simply disconnect
}
disk {
on-io-error detach; # detach the device from its
#
[CentOS] Centos 6
Any word on approximate release date of Centos 6? Cheers, JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6
On Sun, Feb 27, 2011 at 07:13:32PM -0800, JD wrote: Any word on approximate release date of Centos 6? Cheers, JD Seriously? Seriously?! Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6
On Feb 27, 2011, at 7:13 PM, JD wrote: Any word on approximate release date of Centos 6? Wow, I'm stunned. - aurf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6
On Sun, Feb 27, 2011 at 07:13:32PM -0800, JD wrote: Any word on approximate release date of Centos 6? Sometime in 2011 would be a fair bet. John -- Anybody can win unless there happens to be a second entry. -- George Ade (1866 - 1944), American writer, newspaper columnist, and playwright pgpHpplY44A1C.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6
Am 28.02.2011 um 04:15 schrieb Ray Van Dolson: On Sun, Feb 27, 2011 at 07:13:32PM -0800, JD wrote: Any word on approximate release date of Centos 6? Cheers, JD Seriously? Seriously?! It's like Sesame Street, you know... There's a new audience coming every week ;-) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6
On Feb 27, 2011, at 7:13 PM, JD wrote: Any word on approximate release date of Centos 6? Seriously though. Nothing wrong with asking. Its been discussed several time to an order of magnitude. No word, not even a peep, at least that I can gather. We're all frustrated in anticipation so I daily check the main page. Meanwhile, dl Scientific Linux and mess around. Believe me, when it happens, the moon will shine like Michelob. I dunno, just felt like sayin it. - aurf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6
JD wrote: Any word on approximate release date of Centos 6? Yes [1]. [1] http://lists.centos.org/pipermail/centos/2011-February/106135.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6
On Sun, Feb 27, 2011 at 07:29:16PM -0800, aurfal...@gmail.com wrote: We're all frustrated in anticipation so I daily check the main page. We are? Funny, I don't feel frustrated. John -- The machine has got to be accepted, but it is probably better to accept it rather as one accepts a drug -- that is, grudgingly and suspiciously. Like a drug, the machine is useful, dangerous, and habit-forming. The oftener one surrenders to it the tighter its grip becomes. -- George Orwell (1903-1950), novelist pgpyEjPTyTuj2.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - OT
On Sun, 2011-02-27 at 21:46 -0600, John R. Dennison wrote: The machine has got to be accepted, but it is probably better to accept it rather as one accepts a drug -- that is, grudgingly and suspiciously. Like a drug, the machine is useful, dangerous, and habit-forming. The oftener one surrenders to it the tighter its grip becomes. -- George Orwell (1903-1950), novelist Over here we are perhaps a little more aware he was one of us and he wrote in 'our' language. Our language is so successful at enabling expressive communications that others around the world have mutilated our language whilst attempting to improve upon it :-) Eric Arthur Blair (25 June 1903 – 21 January 1950). 1984 arrived a few years late. With the introduction of fibre optics telecommunications in residential dwellings (coming to our town in July 2011), just how long is the TV set going to stay unidirectional ? -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - OT
On Feb 27, 2011, at 8:00 PM, Always Learning wrote: On Sun, 2011-02-27 at 21:46 -0600, John R. Dennison wrote: The machine has got to be accepted, but it is probably better to accept it rather as one accepts a drug -- that is, grudgingly and suspiciously. Like a drug, the machine is useful, dangerous, and habit-forming. The oftener one surrenders to it the tighter its grip becomes. -- George Orwell (1903-1950), novelist Over here we are perhaps a little more aware he was one of us and he wrote in 'our' language. Our language is so successful at enabling expressive communications that others around the world have mutilated our language whilst attempting to improve upon it :-) Eric Arthur Blair (25 June 1903 – 21 January 1950). 1984 arrived a few years late. With the introduction of fibre optics telecommunications in residential dwellings (coming to our town in July 2011), just how long is the TV set going to stay unidirectional ? Ok that was weird. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - OT
On Sun, 2011-02-27 at 20:04 -0800, aurfal...@gmail.com wrote: Ok that was weird. The book or my posting or both ? -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - OT
On Feb 27, 2011, at 8:07 PM, Always Learning wrote: On Sun, 2011-02-27 at 20:04 -0800, aurfal...@gmail.com wrote: Ok that was weird. The book or my posting or both ? Really? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6
On 02/27/2011 07:29 PM, aurfal...@gmail.com wrote: On Feb 27, 2011, at 7:13 PM, JD wrote: Any word on approximate release date of Centos 6? Seriously though. Nothing wrong with asking. Its been discussed several time to an order of magnitude. No word, not even a peep, at least that I can gather. We're all frustrated in anticipation so I daily check the main page. Meanwhile, dl Scientific Linux and mess around. Believe me, when it happens, the moon will shine like Michelob. I dunno, just felt like sayin it. - aurf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos OK, as a measuring yardstick: approximately how many months after RHEL5's release date was Centos 5 released? That might give people an approximate idea. Currently, I have no RHEL installed. I just joined this list to enquire about RHEL 6. A couple responses were in the good spirit of cooperation; thank you kindly. The rest completely violated the netiquet of posting to this list. No one needs the replies of anally retentive people; and that's my $.02's worth of violating the netiquet rules. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6
On Sun, 2011-02-27 at 19:51 -0800, JD wrote: OK, as a measuring yardstick: approximately how many months after RHEL5's release date was Centos 5 released? That might give people an approximate idea. Currently, I have no RHEL installed. I just joined this list to enquire about RHEL 6. Should that be C6 and not RH6 ? Delivery of Centos 5.6 will precede Centos 6. The development team are doing their best. Most of us are willing to wait without criticism or adverse comment. Like everyone else I really don't know the dates. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6
On Sun, Feb 27, 2011 at 07:51:49PM -0800, JD wrote: On 02/27/2011 07:29 PM, aurfal...@gmail.com wrote: On Feb 27, 2011, at 7:13 PM, JD wrote: Any word on approximate release date of Centos 6? Seriously though. Nothing wrong with asking. Its been discussed several time to an order of magnitude. No word, not even a peep, at least that I can gather. We're all frustrated in anticipation so I daily check the main page. Meanwhile, dl Scientific Linux and mess around. Believe me, when it happens, the moon will shine like Michelob. I dunno, just felt like sayin it. - aurf OK, as a measuring yardstick: approximately how many months after RHEL5's release date was Centos 5 released? That might give people an approximate idea. Currently, I have no RHEL installed. I just joined this list to enquire about RHEL 6. A couple responses were in the good spirit of cooperation; thank you kindly. The rest completely violated the netiquet of posting to this list. No one needs the replies of anally retentive people; and that's my $.02's worth of violating the netiquet rules. Assuming you're being sincere here and not trolling, any reason _you_ didn't follow proper netiquette and search the archives (say -- back one day?) for an answer to your question? You'd have seen discussions along this vein have been ongoing for weeks and could have anticipated the reactions you received. CentOS will be ready when it's ready -- that's how it's always been and that's how it'll be for the next release as well. There has NEVER been any point to asking when -- and asking after weeks and weeks of arguing has gone on is literally like tossing a live grenade in the midst of everything all over again. And you lecture us about netiquette? Apologies to the rest of the list for taking the bait. No more for me I promise. :) Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6
On Sun, Feb 27, 2011 at 07:51:49PM -0800, JD wrote: On 02/27/2011 07:29 PM, aurfal...@gmail.com wrote: On Feb 27, 2011, at 7:13 PM, JD wrote: Any word on approximate release date of Centos 6? Nothing wrong with asking. Its been discussed several time to an order of magnitude. OK, as a measuring yardstick: approximately how many months after RHEL5's release date was Centos 5 released? That might give people an approximate idea. Currently, I have no RHEL installed. I just joined this list to enquire about RHEL 6. This is understandable, and a better answer would have been, take a look at the list archives--the somewhat harsh reaction is because there have been several acrimonious discussions about it. We do tend to forget that not everyone has been on the list through that discussion--that is why, however, part of the reaction was, Is this a joke? (When I saw the thread title, I thought it was a joke.) The RHEL5 and CentOS 5 isn't all that good a yardstick, because, in this case, RH also made some point releases, 5.6 and 4 something--errm, 9? (sorry, not using it so haven't paid much attention.) Seriously, you should take a look at the list archives for this month (it'll be easy to tell by title what threads are relevant), and that will, hopefully, allow you to understand why you've gotten the sorts of answers that you have received. I honestly don't think that it's a good thing to join a list and start criticizing the answers you receive before looking at archives and getting a feeling for the particular list. Anyway, there really isn't a short answer to the question, as you'll see if you view said archives. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Giles: This one? Buffy: Amethyst. Giles: Used for? Buffy: Breath mints? Giles: Charm bags, money spells and for cleansing one's aura. Buffy: Okay, so how do you know if one's aura's dirty? Somebody comes by with a finger and writes 'wash me' on it? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6
OK, as a measuring yardstick: approximately how many months after RHEL5's release date was Centos 5 released? That might give people an approximate idea. It's difficult to make predictions, especially about the future. While extrapolating from past data is legitimate, it does not apply to this case, unfortunately. The rest completely violated the netiquet of posting to this list. No one needs the replies of anally retentive people; and that's my $.02's worth of violating the netiquet rules. Netiquette also requires to check the archives first. Google exists, too. Just because the big G didn't spit out a date when you hit the 'I'm feeling lucky button doesn't mean that it's a good idea to bring up that subject ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Octet - off topic
On Sun, 2011-02-27 at 22:38 -0600, Larry Vaden wrote: On Sun, Feb 27, 2011 at 5:48 PM, Always Learning cen...@g7.u22.net wrote: At my second computer job in 1967 on a Honeywell H-120 (a baby machine with 3 tapes which took 1 hour to do a Cobol compilation ... I have always hoped to find someone who was involved with COBOL back in the days to ask this question of: What influence did Commander Grace Hopper have on COBOL? Don't know. Grace was occasionally mentioned in the computer press for getting awards in the USA (I think she was in the USA Navy) but we programmers, new to a new world of computing, just wrote programmes, debugged them, did some systems analysis and ventured into assembler coding and system programming. Grace never ever influenced me or anyone else I knew who did Cobol. She was just a name to the majority who programmed in Cobol. I used to think it took someone 2 years of writing in Cobol to become efficient in using it and visualising solutions which could be implemented in it. Well written Cobol was easy to maintain but some clowns never properly used the self documenting features of the language (i.e. meaningful data names - contrast with add csum to itotal). The alternative was longer data names, for example inv-gross-total, inv-delivery-cost and overdue-3-mths-total etc. Many programmed in Cobol but fewer used the language to its designed extent. The worse thing about Cobol was the long windiness of it before one came to the Procedure Division. Later on Picture became Pic and very useful string handling was introduced (the alternative was refining the same field multiple times). It used to be my favourite language, after Easycoder and 6502 assembler, then I discovered PHP. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - OT
On Sun, 2011-02-27 at 21:46 -0600, John R. Dennison wrote: The machine has got to be accepted, but it is probably better to accept it rather as one accepts a drug -- that is, grudgingly and suspiciously. Like a drug, the machine is useful, dangerous, and habit-forming. The oftener one surrenders to it the tighter its grip becomes. -- George Orwell (1903-1950), novelist Over here we are perhaps a little more aware he was one of us and he wrote in 'our' language. Our language is so successful at enabling expressive communications that others around the world have mutilated our language whilst attempting to improve upon it :-) Eric Arthur Blair (25 June 1903 - 21 January 1950). 1984 arrived a few years late. With the introduction of fibre optics telecommunications in residential dwellings (coming to our town in July 2011), just how long is the TV set going to stay unidirectional ? Ok that was weird. Entertaining as always... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
