[CentOS] Xen3.3 rpm for 32Bit?
Hi folks, I would like to test Xen3.3 on CentOS 5.5 on an older machine which is not 64bit capable. Since this is just a first impression test I do not want to fuzz with compiling the kernels and tools myself (that comes in a later step). Can someone please point me to a repo with 32bit Xen3.3 kernels for CentOS 5? GITCO supplies 64bit kernels only, and googling brought up nothing else. Thanks for any hint or help. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] No live migration for xen virtual machines any more
Hi folks, I have upgraded my CentOS RHCS cluster hosts to the recent packages, and now live migration of the xen virtual machines does not work any more: [r...@node ~]# clusvcadm -M vm:XenVM -m othernode Trying to migrate vm:XenVM to othernode...Invalid operation for resource I have googled the net but found no recent entries for that problem, just older posts. Has anyone had the same problem recently? If yes: is there any workaround? Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] vsftpd saving uploads twice
I have configured my vsftpd instances to use virtual users and map them to a system user. So all uploads should be written with owner and group of this system user (let's call it ftpsystemuser). But in the the last weeks/months it appears that uploads are written twice, on instance as it should (owner and group of the system user used to map the virtual user that did the upload), and the other instance as root. Lik this: -rw-r--r-- 1 root root 19968 16. Mär 11:24 Termine Leistungspr%FCfungen.doc -rw-r--r-- 1 ftpsystemuser ftpsystemuser 19968 16. Mär 11:24 Termine Leistungspr?fungen.doc As you can see both instance use different syntax for the file name in case of German umlauts. In vsftpds log only the correct file is mentioned. Can anybody tell me what is happening here? Is this something I can get rid off using certain configuration? Is it a security problem? Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vsftpd saving uploads twice
Kai, Am 08.04.10 12:31, schrieb Kai Schaetzl: Dirk H. Schulz wrote on Thu, 08 Apr 2010 11:29:53 +0200: Can you please stop this? You are repeating your messages to the list with slightly changed subjects and content because you apprently don't get the answers you want. This is unfriendly, please stop this! And spare lame excuses. Did you consider to talk to the vsftpd author/list? I think it's obvious that your problem is easier solvable with/by them. Yes, I thought so too. I did not receive any reply from the author, and there is no vsftpd list - at least I did not find one on the project site. -rw-r--r-- 1 root root 19968 16. Mär 11:24 Termine Leistungspr%FCfungen.doc -rw-r--r-- 1 ftpsystemuser ftpsystemuser 19968 16. Mär 11:24 Termine Leistungspr?fungen.doc In the other thread from two days ago you got an answer that you elected to ignore. I am sorry, I must have overlooked the answer. I would have been happy to find it. But this answer may have a clue to your problem. If it is true that the file is first written as root and then rewritten (instead of chowned) to another user then the above can be the result of an encoding conversion problem. The filename contain umlauts and the first filename is uploaded with a %encoded name. I may be wrong but I think this encoding should be only transitory and re-transcribed to the characters fitting there in with the system's character-set when the file is written to storage. The % encoding for that character is correct, maybe the filesystem cannot or need not handle %encoding, but nevertheless tries to convert to an existing character instead of letting the %FC live as is. And this fails. What's obvious, is that the file then gets written with an unknown character in it. So, some part of the character conversion either doesn't work correctly or cannot work correctly, for instance because a character-set is set incorrectly on one of the involved systems and clients. If you used ASCII filenames the problem wouldn't exist, of course. If I could force the users of the ftp server to use ASCII filenames I gladly would. This could be a bug in vsftpd or in the OS or a combination or in your client or something else. So, again, you should go to the source, which is vsftpd. Since the source is no way to go I had hoped to find other people with similar experience to find a workaround or a solution. I am sorry for disturbing. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] vsftpd writing files 2 times - once as root
I have configured my vsftpd with virtual users all of which are mapped to a system user for file system permissions (let's call him 'ftpsystemuser'). That means, if someone uploads files they are writting using owner and group of the system user: -rw-r--r-- 1 ftpsystemuser ftpsystemuser 19968 16. Mär 11:24 Termine Leistungspr?fungen.doc Now we have the phenomenon that some files and folders are written twice, one instance as it should be and the other with owner and group 'root' and with html-like file name syntax. For example: -rw-r--r-- 1 root root 19968 16. Mär 11:24 Termine Leistungspr%FCfungen.doc -rw-r--r-- 1 ftpsystemuser ftpsystemuser 19968 16. Mär 11:24 Termine Leistungspr?fungen.doc This looks like a security problem: the process writing these files should not be able to do this as root, should it? And then it is very annoying. Has anyone seen that? Is that something I can configure off somehow? Any hint or help is appreciated, any deeper insight very welcome. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] VSFTPD accepting same user/session from different IP addresses
Hi folks, I have found the following in my logs: Wed Mar 10 15:52:33 2010 [pid 15232] [uploaduser] OK MKDIR: Client 195.200.70.*40*, /04 LV gelieferte Daten 04_2010/04 LV Seiten/Jungz?chter Wed Mar 10 15:52:33 2010 [pid 15231] [uploaduser] FAIL MKDIR: Client 195.200.70.*41*, /04 LV gelieferte Daten 04_2010/04 LV Seiten/Jungz?chter Wed Mar 10 15:52:36 2010 [pid 15232] [uploaduser] OK UPLOAD: Client 195.200.70.*40*, /04 LV gelieferte Daten 04_2010/04 LV Seiten/Jungz?chter/Kooperationsseminar.doc, 23552 bytes, 13.89Kbyte/sec Wed Mar 10 15:52:37 2010 [pid 15231] [uploaduser] OK UPLOAD: Client 195.200.70.*41*, /04 LV gelieferte Daten 04_2010/04 LV Seiten/Jungz?chter/Veranstaltungen der Jungz?chter im Jahr 2010.doc, 23552 bytes, 9.07Kbyte/sec Wed Mar 10 15:52:38 2010 [pid 15232] [uploaduser] OK UPLOAD: Client 195.200.70.*40*, /04 LV gelieferte Daten 04_2010/04 LV Seiten/Jungz?chter/Foto Kooperationsseminar von laura weber.JPG, 13445 bytes, 9.90Kbyte/sec What I am concerned about is the fact that the client sends out using various gateways at once. Is there some configuration item in VSFTPD which can prevent this and reject packets from the additional ip addresses? Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VSFTPD accepting same user/session from different IP addresses
Hi Kai, Am 22.03.10 15:31, schrieb Kai Schaetzl: Dirk H. Schulz wrote on Mon, 22 Mar 2010 13:41:50 +0100: What I am concerned about is the fact that the client sends out using various gateways at once. Is there some configuration item in VSFTPD which can prevent this and reject packets from the additional ip addresses? Note, this is not the same session, it's a different connect with the same user credentials. I don't see a problem with this. It's not a security problem and it's hardly a load problem. Users usually don't have more than one IP at their disposal at the same time. This is one of the few cases where this is different. Thanks for the fast answer - and sorry for insisting. This Wed Mar 10 15:52:33 2010 [pid 15232] [uploaduser] OK MKDIR: Client 195.200.70.40, /04 LV gelieferte Daten 04_2010/04 LV Seiten/Jungz?chter Wed Mar 10 15:52:33 2010 [pid 15231] [uploaduser] FAIL MKDIR: Client 195.200.70.41, /04 LV gelieferte Daten 04_2010/04 LV Seiten/Jungz?chter makes me think that the same session with the same commands is delivered via 2 outgoing gateways, because it would be very complicated to have two ftp clients issue the same command in the same second. Know what I mean? By the way, vsftpd seems not to handle this situation securely, so I want to prevent any occurance of it. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix 2.6.5 in CentOSplus?
Joseph L. Casale schrieb: according to several findings on the web I tried to find postfix-2.6.5 If you actually need a feature in 2.6.5, Simon Mudd has been releasing them officially for postfix for ages... http://www.postfix.org/packages.html Which leads to - http://ftp.wl0.org/official/2.6/RPMS-rhel5-x86_64/ Afaik they are 64bit packages, and besides that he adds mysql support and patches I do not know (and hopefully not need). I tried using the spec file from the regular CentOS postfix src.rpm to rpmbuild 2.6.5 with it (I just changed version numbering in the spec). That did not work, applying some patches failed. Has anybody tried that successfully before? I do not want to end up compiling manually on a production machine, but I am not deep enough into rpmbuilding to tweak my own spec file. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Postfix 2.6.5 in CentOSplus?
Hi folks, according to several findings on the web I tried to find postfix-2.6.5 in centosplus adding this to my /etc/yum.repos.d/CentOS-Base.repo: [base] exclude=postfix [centosplus] includepkgs=postfix in the right places. But when I yum remove and yum install postfix then, it's only 2.3.3-2.1 with added mysql/pqsql support. Is there anything I am doing wrong? Or is there just no postfix 2.6.5 in centosplus? Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix 2.6.5 in CentOSplus?
Kai Schaetzl schrieb: Dirk H. Schulz wrote on Tue, 26 Jan 2010 10:14:30 +0100: Is there anything I am doing wrong? Or is there just no postfix 2.6.5 in centosplus? yes. Kai Ahem, sorry for insisting: yes one or yes two? Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix 2.6.5 in CentOSplus?
Kai Schaetzl schrieb: Yes to the last one quoted. There is no newer package on centos-plus. You know you can browse the repositories on the web in case you mistrust your yum? Kai Thanks for clarifying. Since several people on the web referred to postfix 2.6.5 in centosplus: Is that nonsense or has it been withdrawn (and if yes, for what reason?). By the way, you are right, I did not know the repositories can be browsed on the web. How can I do that? Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix 2.6.5 in CentOSplus?
Kai Schaetzl schrieb: Dirk H. Schulz wrote on Tue, 26 Jan 2010 13:19:09 +0100: Is that nonsense it's absolute nonsense. There is at least one source for a very new postfix. http://www.w3bservice.de/index.php? option=com_remositoryItemid=13func=selectid=1 (haven't used any package from it, just found it yesterday) Thanks, just gave it a try, but their download functions seems to misbehave - just an empty html page coming back. I don't know if rpmforge, EPEL or Atrpms have newer postfix. What functionality are you looking for. I found that I can dow ith the current postfix in CentOS quite well. Normally it is sufficient, but for a certain project I need the multi instance manager. By the way, you are right, I did not know the repositories can be browsed on the web. How can I do that? You can do a simple yum list postfix* for a listing in yum. If you want to surf the repos, they are all at http://mirror.centos.org/centos-5/5/ Thanks. If you haven't read these yet, read them now: http://wiki.centos.org/AdditionalResources/Repositories http://wiki.centos.org/PackageManagement/Yum/Priorities I will! Thanks alot. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Newer Rsyslog than in distro
Stephen Nelson-Smith schrieb: Hello, I am just starting work on a project that is going to require a recent (ie version 4 or 5) rsyslog. The distro has 2.0. KB - I think you have a 3.x kicking about, but it's not on cko - any idea how much work it would be to adapt your spec to version 4 or 5? Rawhide seems to have a 4.x package, so I could start from there if there's no other options available. Anyone else using a modern / recent syslog? What are you using and where from? S. ___ This was posted on the rsyslog mailing list a few days ago: If anyone is interested, an RPM engineer I know has packaged RHEL5 rsyslog4 rpms. These are available for public download and testing @ http://dl.iuscommunity.org/pub/ius Any comments can be emailed directly to him at ius-core...@lists.launchpad.net rpms are regularly packaged by him so let him know what you think. I believe you just have to add the yum repo. --Daniel M. Anson --Linux Systems Engineer Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] gconfd problem : cannot create /usr/share/tomcat5/.gconfd
Hi folks, after several updates and a reboot I get errors concerning gconfd wanting to create a directory /usr/share/tomcat5/.gconfd which fails and other errors - when I start Tomcat5. Why is gconfd (suddenly) needed/activated if Tomcat5 is started? Can I disable that - and how? Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bonding modes
Hi, Thanks for you input. 802.3ad seems better but I am not in a position to terminate both links in the same switch or same stack. Some switches support LACP across several devices - for example the cisco 3750 with extended image can glue several switches together to one virtual switch and thus provide LACP support over several devices. Of course there is a good deal of money involved. By the way, using other modes over multiple switches involves using ISLs (inter switch links, that means direct connections between switches)*. If you use that you have to make sure algorithms that take time for recalculation (like spanning tree) do not interfere at the moment of a link failure because then your cluster communication maybe runs into a timeout also. Dirk * the reason is that you have to handle the following case: server a bonds to switch 1 and switch 2 with link 1a and 2a server b bonds to switch 1 and switch 2 with link 1b and 2b Now link 1a failes. And before you fix that, link 2b fails as well. Now you are glad to have an ISL. :-) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] conga and virsh nodeinfo
Hi Fabian, Fabian Arrotin schrieb: - snip - Yes you're right and normally the updated luci/ricci RPMS (0.12.2-6.1) should have been already pushed to the mirrors but it seems that they are blocked somewhere ... I'm myself running such cluster with the appropriate RPMS and they run fine (Xen VMs) Thanks for the hint. You are right, I do not have the patched rpms installed (should have compared version numbers more exactly). Now I have to get along doing it manually. Could you send me your cluster.conf (or the rm part of it) as a working example? And could you point me to documentation on the possible parameters? I have read the relevant man pages and searched the web for it, but found nothing in depth. My main problem is: there are examples out there (a few I found) that use parameters I find no documentation for, not even on http://sources.redhat.com/cluster/wiki/RGManager. Thanks for any further help. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] conga and virsh nodeinfo
Hi all, I found the descriptions in /usr/share/cluster/vm.sh, so most of the parameters are clear to me now. But I did not find anything useful on the snapshot=PATH parameter. Could someome please explain what it is used for? Is it possible to use clusvcadm (or some other cluster tool) to make snapshots of vm resources? And if yes, does that make use of xm's save feature? Best reagards, Dirk Dirk H. Schulz schrieb: Hi Fabian, Fabian Arrotin schrieb: - snip - Yes you're right and normally the updated luci/ricci RPMS (0.12.2-6.1) should have been already pushed to the mirrors but it seems that they are blocked somewhere ... I'm myself running such cluster with the appropriate RPMS and they run fine (Xen VMs) Thanks for the hint. You are right, I do not have the patched rpms installed (should have compared version numbers more exactly). Now I have to get along doing it manually. Could you send me your cluster.conf (or the rm part of it) as a working example? And could you point me to documentation on the possible parameters? I have read the relevant man pages and searched the web for it, but found nothing in depth. My main problem is: there are examples out there (a few I found) that use parameters I find no documentation for, not even on http://sources.redhat.com/cluster/wiki/RGManager. Thanks for any further help. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] conga and virsh nodeinfo
Hi folks, I have run into a confusing problem. My initial problem is: Conga does not offer Add a virtual machine service. So I googled and found a RedHat advisory on that: http://rhn.redhat.com/errata/RHBA-2009-1623.html which points updates that should fix this. I checked on my cluster, but the relevant packages are current (and even if ALL packages are current it does not work). So I tried manually what is described in the above advisory: virsh nodeinfo --readonly throws an error saying that --readonly is not implemented. That seems to be the problem. Running virh nodeinfo as a non-root user (like Conga does) leads to an error as described in the above advisory. Reading the man page on virsh suggests that there is a --readonly flag to URIs, not to simple virsh commands. Now I am stuck. Googleing does not lead to anything helpful. Has anyone else run into this and resolved it? Or can someone send me a valid vm ressource entry for the /etc/cluster/cluster.conf file so I can adapt that? I have not found really enlightening examples on the web, and docs on this seem quite sparse. Thanks for any hint or help. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Postfix, Milters and SELinux
Hi folks, I want to run Postfix with external milter application on a CentOS 5.3 mailgateway. At the moment SELinux is preventing postfix' cleanup daemon from accessing sockets. Before I to through the process of audit2allow trial and error - has anybody out there successfully gone though this and can send me a policy I can work with? Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Init checking for processes that are configured to respawn
Hi folks, I have a sophisticated question for which I can't find any hints on the web: If you configure init (via /etc/inittab) to respawn processes (like the getty processes) when they exit - how often does init check for the existence of such a process? Does it check actively at all or does it rely on some kind of inter process communication? I am not a programmer, so maybe the second question is completely nonsense. Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] pam_access.so restrictions not working - syntax errors?
Hi folks, I want to restrict root access via ssh to certain (internal) hosts. That is what pam_access.so is for, I thought, so I configured: in /etc/security/access.conf I added (nothing in there before): + : root : 192.168.123.0/24 10.72.0.0/16 - : root : ALL in /etc/pam.d/ssh I added at the end: account required pam_access.so Then I restarted the ssh server. Basically, this kinda works. Cron suddenly had no right to do it's job, so I had to add + : root : LOCAL to /etc/security/access.conf But there still is no restriction on ssh logins by root - I can still login from anywhere. Next I tried putting it in one line in /etc/security/access.conf: - : root : ALL EXCEPT LOCAL 192.168.123.0/24 10.72.0.0/16 That did not change anything, still I can log in via ssh. I am stuck. According to documentation and the examples on the net this should be the right syntax. And, by the way, in my /etc/ssh/ sshd_config I have UsePAM yes. Any help or hint is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vsftpd and SElinux
Thanks, Filipe, that has lead me to exactly what I was looking for. Dirk --On 9. Dezember 2008 17:18:30 -0500 Filipe Brandenburger [EMAIL PROTECTED] wrote: Hi, On Tue, Dec 9, 2008 at 15:02, Dirk H. Schulz [EMAIL PROTECTED] wrote: I have configured vsftpd with virtual users for webserver users (that means, a virtual users chrooted home is the document root of a virtual host in apache). That works fine so far - as long as SElinux ist not enforcing. Look at man ftpd_selinux. HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Dirk H. Schulz IT Systems Service Wiesenweg 12, 85567 Grafing Tel. 0 80 92/86 25 68 Fax. 0 80 92/86 25 72 -- Technik vom Feinsten - und das nötige Tuning ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 4.7 httpd error messages
This does not look like httpd errors. These are missing MIBs, presumably you have installed and (mis)configured NetSNMP. Dirk --On 10. Dezember 2008 09:50:28 + Vandaman [EMAIL PROTECTED] wrote: I have the following error messages on a CentOS server. Googling did not identify the error. [Wed Dec 10 09:22:02 2008] [notice] caught SIGTERM, shutting down No log handling enabled - turning on stderr logging Cannot find module (IP-MIB): At line 0 in (none) Cannot find module (IF-MIB): At line 0 in (none) Cannot find module (TCP-MIB): At line 0 in (none) Cannot find module (UDP-MIB): At line 0 in (none) Cannot find module (HOST-RESOURCES-MIB): At line 0 in (none) Cannot find module (SNMPv2-MIB): At line 0 in (none) Cannot find module (SNMPv2-SMI): At line 0 in (none) Cannot find module (NOTIFICATION-LOG-MIB): At line 0 in (none) Cannot find module (UCD-SNMP-MIB): At line 0 in (none) Cannot find module (UCD-DEMO-MIB): At line 0 in (none) Cannot find module (SNMP-TARGET-MIB): At line 0 in (none) Cannot find module (NET-SNMP-AGENT-MIB): At line 0 in (none) Cannot find module (HOST-RESOURCES-TYPES): At line 0 in (none) Cannot find module (UCD-DISKIO-MIB): At line 0 in (none) Cannot find module (LM-SENSORS-MIB): At line 0 in (none) Cannot find module (DISMAN-EVENT-MIB): At line 0 in (none) Cannot find module (IPV6-ICMP-MIB): At line 0 in (none) Cannot find module (IPV6-MIB): At line 0 in (none) Cannot find module (IPV6-TCP-MIB): At line 0 in (none) Cannot find module (IPV6-UDP-MIB): At line 0 in (none) Cannot find module (SNMP-VIEW-BASED-ACM-MIB): At line 0 in (none) Cannot find module (SNMP-COMMUNITY-MIB): At line 0 in (none) Cannot find module (UCD-DLMOD-MIB): At line 0 in (none) Cannot find module (SNMP-FRAMEWORK-MIB): At line 0 in (none) Cannot find module (SNMP-MPD-MIB): At line 0 in (none) Cannot find module (SNMP-USER-BASED-SM-MIB): At line 0 in (none) Cannot find module (SNMP-NOTIFICATION-MIB): At line 0 in (none) Cannot find module (SNMPv2-TM): At line 0 in (none) Regards, Vandaman. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] vsftpd and SElinux
Hi folks, I have configured vsftpd with virtual users for webserver users (that means, a virtual users chrooted home is the document root of a virtual host in apache). That works fine so far - as long as SElinux ist not enforcing. I have tried to audit2allow out the problem, but did not succeed. Virtual vsftpd users are denied access to directories: virtual users are mapped to a system user with vsftpd; after login the vsftpd process changes into the system users home directory, then into the virtual users chroot. And the first step (changing into the system users home dir) is denied by SElinux. But there is no avc denial in audit log any more - I have policied these out completely. There seems to be a dontaudit denial working - which I cannot make visible on CentOS since the -D flag is not available for semodule (as it is in Fedora 9, e.g.). So I am quite stuck here. Is there anything I can do to find the denial I need to feed into audit2allow? Or some other way to make SElinux accept vsftpds access? Perhaps someone out there has already gone through this process. Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Fedora 9 domU on CentOS 5.2 dom0 - very unstable?
I am running a Fedora 9 domU on CentOS 5.2 dom0, and it is quite unreliable. Every few days I have the following phenomenon: - many applications do not work at all (e. g. Nagios 3.05 stops checking, but the cgis work perfectly, the web server works as well) - system processes run into time outs (e. g. logging in via ssh runs into timeouts connection reset by peer after many seconds, logging into the console does not get finished ever, no error, no refusal) and similiar All I can do then is destroy the domain (xm shutdown does not lead to anything either). Is this a known phenomenon? Is there any way to work around it? I do not have these problems with CentOS 5.2 domUs on the same machine (at least not that massive). Every hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Xen-Version in CentOS 5.3?
Hi folks, I tried to find out what xen version upstream intends to use in 5.3, but did not find anything. So now I hope that there is some secret knowledge among the CentOS people you could share? :-) Any hint or link would be helpful. Thanks in advance, Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP problems
Anne, please check your /etc/ntp.conf for the server statement; CentOS original is server 0.rhel.pool.ntp.org server 1.rhel.pool.ntp.org server 2.rhel.pool.ntp.org These 2 server ips you listed do not belong to this pool (you can check via dns), and resolved backwardly their names do not sound like they are ntp servers. You should find out why your ntp tries to send to them (and what). The total synchronizations ... line at least seems to say that your ntp sync works - you could check that with ntpdate against a server from the above pool to be sure. Dirk --On 15. November 2008 09:54:19 + Anne Wilson [EMAIL PROTECTED] wrote: My server is supposed to be using ntp, with nothing changed from the defaults set up by CentOS5. However, daily I see log entries like Total synchronizations 2 (hosts: 2) **Unmatched Entries** sendto(193.6.222.20) (fd=21): Invalid argument: 1 time(s) sendto(141.89.226.2) (fd=21): Invalid argument: 1 time(s) Does this mean that ntp is failing? I assume so, and if so, how do I change the sources to something that will work? Anne -- Dirk H. Schulz IT Systems Service Wiesenweg 12, 85567 Grafing Tel. 0 80 92/86 25 68 Fax. 0 80 92/86 25 72 -- Technik vom Feinsten - und das nötige Tuning ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centralized logs server and also storing the logs on the local server
Ankush, --On 9. November 2008 13:27:42 +0530 ankush grover [EMAIL PROTECTED] wrote: Hi Friends, I am running most of my company's Linux Servers on Centos 4.x/5.x 32 and 64-bit. I am now trying to configure a centralized logging server where logs of all the linux servers will be stored and also I want to store all the logs on the local server aka means logs will be sent to the central log server but also will be stored on the local server. The reason for storing the logs locally is because we have offices in different cities and few more offices are coming up and it is good to store the logs locally so that when the connectivity b/w the offices break the logs does not get lost. There are lots of configuration available on internet which tells how to send the logs to the centralized log server but I did not find any configuration where logs can be stored locally as well as send to the centralized log. If you use rsyslog from base repo that is easy to achieve. Rsyslog replaces syslog; thus you can copy your existing syslog.conf into rsyslog.conf and just add an enty for sending everything to the central log host additionally, like e.g. *.* @@your.loghost.tld On the loghost you switch to rsyslog as well and open it up for remote logging in /etc/sysconfig/rsyslog (it is documented there). Be aware to upen up your loghost's local firewall, if you use it. On of the advantages of using rsyslog is that on the central loghost you can stuff everything in a mysql database (again additionally to plain log files) quite easy - that makes automated evaluation of log entries much more convenient. Moreover I am also looking for logs analyzer tool which can generate reports separately for each host for ex there are logs of 15 servers are stored on the server and this logs analyzer tool should generate reports separately for each host. What exactly do yo want the analyzer to do? The simplest thing would be to use logwatch on the servers and customize it, but that depends on what kind of analyzation you have in mind. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Perl Trouble
Dave, --On 8. November 2008 10:04:25 + Dave Cross [EMAIL PROTECTED] wrote: The module that you want is already build as an rpm. It is contained within perl-Class-Accessor. Thanks, installing that has helped. Your local Perl installation is, however, somewhat broken by the sounds of it. My recommendation would be to remove all of the modules that you have installed using CPAN (you'll find them in the site-perl directory) and reinstall them from rpms. I will stick to installing the modules from rpms. By the way, seems that there are some missing dependencies: The module I installed for usage is perl-Nagios-Plugin, but that did not lead to installation of perl-Class-Accessor. Should I inform someone of that (whom? how?). Thanks for your help, Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Perl Trouble
I am running several CentOS 5.2 servers with similar configuration. On all of them I received the following error when using a certain perl module: Base class package Class::Accessor::Fast is empty. (Perhaps you need to 'use' the module which defines that package first.) On most of the servers installing Class::Accessor::Fast manually via CPAN shell has resolved the problem, but there is two of them where this did not help. I know that during setup of these hosts I used yum and cpan shell both to install perl modules; I guess that was wrong to do. Now even an install Bundle::CPAN in cpan shell does not solve the problem. How can I find out what exactly goes wrong there? Googling for the error message does not show up anything helpful. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What keeps logging to my console?
Hi folks, --On 17. Oktober 2008 10:45:08 -0400 Michael H. Warfield [EMAIL PROTECTED] wrote: On Fri, 2008-10-17 at 12:13 +0200, Dirk H. Schulz wrote: Hi folks, I have lots of messages like these appearing on my local CentOS 5.2 consoles: Oct 17 12:03:29 machine kernel: printk: 1 messages suppressed. Oct 17 12:03:29 machine kernel: pbond0: received packet with own address as source address So the question is: What process logs directly to the console bypassing syslog/kernel log facilities? How can I find where to stop that? It's the kernel itself. In a VC: setterm --msg off That did the trick, many thanks. But now I have 1000s of messages like printk: 4 messages suppressed in my /var/log/messages. Can I get rid of that, too? Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] What keeps logging to my console?
Hi folks, I have lots of messages like these appearing on my local CentOS 5.2 consoles: Oct 17 12:03:29 machine kernel: printk: 1 messages suppressed. Oct 17 12:03:29 machine kernel: pbond0: received packet with own address as source address I have disabled console logging in syslog.conf, and even if I shut down syslog and kernel logger, the messages keep coming on the local consoles (not on remote consoles). So the question is: What process logs directly to the console bypassing syslog/kernel log facilities? How can I find where to stop that? Thanks for any hint or help. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] problem talking to server postgrey/socket: Permission denied
Ned, --On 5. Oktober 2008 11:07:54 +0100 Ned Slider [EMAIL PROTECTED] wrote: Dirk H. Schulz wrote: Hi folks, I have installed postgrey from the rpmforge repo, but it does not work well with postfix from CentOS 5.2: I always get the error: warning: connect to postgrey/socket: Permission denied problem talking to server postgrey/socket: Permission denied - snip You're correct in your assumption that this is an SELinux issue. You need to write a custom policy to allow connection and writing to the socket. How to do this is covered in the SELinux Wiki guide here: http://wiki.centos.org/HowTos/SELinux#head-faa96b3fdd922004cdb988c1989e56 191c257c01 and luckily for you, the example used is for postgrey/postfix so you can use the example provided. Hope that helps. That did it. Thanks alot! Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] problem talking to server postgrey/socket: Permission denied
Hi folks, I have installed postgrey from the rpmforge repo, but it does not work well with postfix from CentOS 5.2: I always get the error: warning: connect to postgrey/socket: Permission denied problem talking to server postgrey/socket: Permission denied But the permissions on the socket seem okay (postfix could write to it): srw-rw-rw- 1 postgrey postgrey0 4. Okt 14:48 socket I also tried restorecon -R /var/spool/postfix/postgrey, but that did not change anything, either. Googling does not show anything recent and helpful. Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] conntrack-tools and Session syncing
Hello Nataraj, --On 12. August 2008 22:56:48 -0700 Nataraj [EMAIL PROTECTED] wrote: On Sun, 2008-08-10 at 20:28 +0200, Dirk H. Schulz wrote: - snip - The setup works - using conntrackd -e I can see the connection table entries the other router's conntrackd has synchronized. What I cannot check is if the receiving conntrackd writes the received entries into the kernels connection tracking table. - snip - Also: cat /proc/net/nf_conntrack Okay, that was good (it is ip_conntrack, but never mind). Now I now that the kernel connection table does NOT get updated. Just have to find out why. The doc says you must have kernel 2.6.18 or later. It looks like there are some iptables features that you can use that will not allow this to work. Are you in compliance with all of the dependencies listed in http://conntrack-tools.netfilter.org/conntrackd.html ? Yes, the libraries are installed. The kernel should meet the prerequisites: CONFIG_NF_CONNTRACK=m: yes CONFIG_NF_CONNTRACK_IPV4=m: no, did not find it, could not enable it CONFIG_NETFILTER_NETLINK=m: yes, CONFIG_NF_CT_NETLINK=m: yes, it is called NF_CONNTRACK_NETLINK=m CONFIG_NF_CONNTRACK_EVENTS=y: yes So only CONFIG_NF_CONNTRACK_IPV4 module is missing, but I thought that connection tracking would not work at all (even on just one netfilter instance) if a dedicated module für IPv4 additionally to the general NF_CONNTRACK module would really be needed. Is there a debug mode for conntrackd where I can get more verbose logging to find out why conntrackd does not update the kernel connection table? Docs do not mention a debug mode, but maybe ... By the way, when committing manually (conntrackd -c) I get the following entries in the log: [Tue Aug 12 12:51:49 2008] (pid=22668) [notice] Committed 139 new entries [Tue Aug 12 12:51:49 2008] (pid=22668) [notice] 2 entries can't be committed [Tue Aug 12 12:51:54 2008] (pid=22671) [notice] committing external cache [Tue Aug 12 12:51:54 2008] (pid=22671) [ERROR] commit: Invalid argument Tue Aug 12 12:51:54 2008 tcp 6 180 SYN_SENT src=88.217.141.81 dst=93.94.80.2 sport=54930 dport=22 [UNREPLIED] src=93.94.80.2 dst=88.217.141.81 sport=22 dport=54930 [Tue Aug 12 12:51:54 2008] (pid=22671) [ERROR] commit: Invalid argument Tue Aug 12 12:51:54 2008 tcp 6 180 SYN_SENT src=88.217.141.81 dst=93.94.80.2 sport=54929 dport=22 [UNREPLIED] src=93.94.80.2 dst=88.217.141.81 sport=22 dport=54929 [Tue Aug 12 12:51:54 2008] (pid=22671) [notice] Committed 139 new entries [Tue Aug 12 12:51:54 2008] (pid=22671) [notice] 2 entries can't be committed Why can not all cache entries be committed? I did not find much about this. My kernel is a 2.6.18-92.1.6.el5 (CentOS 5). Thanks for your help. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kerio Mailserver on Centos 5
Hi Dk, we will be testing that from the end of september onwards, but until now we have only run it on MacOS X. --On 12. August 2008 15:54:06 -0700 dnk [EMAIL PROTECTED] wrote: I was wondering if any of the mail admins on here have used the kerio mail server on centos, and their thoughts on it. My initial testing is going very well - but was hoping for some unbiased opinions (as opposed to asking on the kerio forum) on it's use with centos (5 in particular if possible). THE typical q's - IE performance, issues, etc. I would be interested in that, too. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question about Open SSH Public Keys
You could start the ssh server on that machine with -vvv to get a detailled, verbose logging. That does not always lead to entries making clear what happens, but to entries you can use for googling (or asking here). I would also have a look at DNS - compare forward and reverse lookups (are they the same for the from=... entry?), does that Centos4-Box reach the DNS RELIABLY etc. SSH lies much emphasis on a working DNS. Dirk --On 11. August 2008 15:50:38 +1200 Clint Dilks [EMAIL PROTECTED] wrote: Hi People I am setting up some systems with ssh public keys and as part of this I am using the from directive inside .ssh/authorized_keys. Currently I am using the IP address to control the source. eg from=10.0.0.1 but on one CentOS 4 System that is up to date this will only work if I replace the IP with the DNS name of the server. I have verified that DNS is resolving the DNS Name to the correct IP address on the server in question and all seems to be fine. Aside from this CentOS Box have only been able to test this out on some old FC6 Machines and they behave as I expected. Anyone got any ideas why this might be happening ? I have compared the sshd config between the FC6 Machines and the CentOS Box and can't spot anything that would explain the issue. Thanks for any ideas, and have a nice day :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Dirk H. Schulz IT Systems Service Wiesenweg 12, 85567 Grafing Tel. 0 80 92/86 25 68 Fax. 0 80 92/86 25 72 -- Technik vom Feinsten - und das nötige Tuning ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] df to get total disk usage on all filesystems?
As long as you only want the absolute amount of data (not the percentage of total file space that is used) you could use du -sh / on that server. --On 11. August 2008 14:00:09 -0500 Sean Carolan [EMAIL PROTECTED] wrote: Is there a flag for the df command to get the total disk space used on all filesystems as one number? I have a server with a lot of mounted shares. I'm looking for a simple way to measure rate of data growth across all shares as one total value. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] conntrack-tools and Session syncing
Hi folks, I have 2 firewalls, setup with Centos 5.2. They are also routers, connected to 2 upstream routers. I have some cases where connections from servers to the internet leave my network via router2 and answers come back via router1. So I added conntrack tools to both routers/firewalls to synchronize the session tables (using ftfw procotol). That works as expected. If e.g. I ping from an inside server to somewhere outside, ICMP request leaves via router2, the answer comes back via router1. conntrack -e on router1 shows this session (as unreplied), BUT the firewall blocks it as new connection - that means iptables does not recognize conntrackd's addition to the session table. Seems that I have a conceptional misunderstanding here - but I do not find anything that could be wrong. Could somebody please help? I am stuck. Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] conntrack-tools and Session syncing
Hi Robert, --On 10. August 2008 10:04:37 -0400 Robert Spangler [EMAIL PROTECTED] wrote: On Sunday 10 August 2008 08:36, Dirk H. Schulz wrote: That works as expected. If e.g. I ping from an inside server to somewhere outside, ICMP request leaves via router2, the answer comes back via router1. conntrack -e on router1 shows this session (as unreplied), BUT the firewall blocks it as new connection - that means iptables does not recognize conntrackd's addition to the session table. First off if you have traffic leaving one router and coming back on another router that is Asynchronous routing and is not a good thing, as you are seeing. Firewall 1 doesn't know what firewall 2 is doing so firewall 1 is going to block this traffic as it was setup to do. Firewall 1 is thinking this is a new connection. That is why I used conntrack-tools to synchronize the session tables of both firewalls. According to conntrackd -e it works - it shows (e. g. on router 1) the sessions that have been synchronized over (e.g. from router 2). But the sync'd sessions seem not to bother netfilter. Since I don't know your setup my question is; 1. how many Internet connections do you have? This is still in setup phase, but they will be very many. 2. does router 2 have a valid public ip on the interface connecting to the Internet? Yes. Both routers have public ips as they both are connected to upstream routers. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] conntrack-tools and Session syncing
Hi Robert,
--On 10. August 2008 13:56:22 -0400 Robert Spangler
[EMAIL PROTECTED] wrote:
- snip -
OK, I don't know this tool you are using to syn the conntracking of all
the firewalls. Could you post a link to it?
Yes, of course:
http://www.netfilter.org/projects/conntrack-tools/index.html
Now for the fun stuff. Why would you have many Internet connection that
do not return the same path they go out on? sounds like you really only
have one true connection with one true IP to the Internet. That would
explain why traffic leaving on interface 2 comes back on interface 1.
It is two routers that are connected to 2 upstream routers; all four use
OSPFv2 for routing between them.
I have not finetuned OSPF so far to avoid asynchronous routing - I want to
to do the connection table synchronization stuff before because I have to
do it anyway (in case of a router crash) and now I have an ideal testbed
(because of the asynchronous routing).
Without knowing your setup I'm not going to guess at this.
The setup is as follows: Every Router has
- an external interface with public ip address each resting in a small
separate subnet that connects to the upstream router
- an interface for inter router connections (private ip addresses)
- 2 additional interfaces to server LANs - both routers have an interface
to both of the 2 server LANs
both server LAN interface use shared virtual ips additionally
If you need more detailed information I could offer the OSFP configuration
(XORP).
Here is the configuration for conntrackd (I have omitted buffer sizes
etc.):
Sync {
Mode FTFW {
ResendBufferSize 262144
CommitTimeout 180
ACKWindowSize 20
}
Multicast {
IPv4_address 225.0.0.50
IPv4_interface 192.168.11.1
Interface eth1
Group 3780
}
Checksum on
CacheWriteThrough On
}
General {
HashSize 8192
HashLimit 65535
- snip -
IgnoreTrafficFor {
IPv4_address INTER_ROUTER_INTERFACE
IPv4_address EXTERNAL_INTERFACE
IPv4_address INTERNAL_INTERFACE1
IPv4_address INTERNAL_VIRTUAL_IP
IPv4_address INTERNAL_INTERFACE2
}
IgnoreProtocol {
IGMP
VRRP
}
The setup works - using conntrackd -e I can see the connection table
entries the other router's conntrackd has synchronized. What I cannot check
is if the receiving conntrackd writes the received entries into the kernels
connection tracking table.
Example:
udp 17 30 src=124.165.230.206 dst=93.94.81.82 sport=2040 dport=1434
[UNREPLIED] [active since 6s]
tcp 6 120 SYN_SENT src=93.185.115.91 dst=93.94.80.133 sport=4290
dport=135 [UNREPLIED] [active since 46s]
So I hope to find someone on the list have done this kind of setup before.
Thanks for your interest so far.
Dirk
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Xen and bonding on Centos 5.2
Francesco, --On 10. August 2008 20:18:28 +0200 Francesco Camisa [EMAIL PROTECTED] wrote: If you are using kernel 92.1.6 it's because apparently there is a bug. I haven't tried 92.1.10 to check if it has been solved. On 5.2 stock kernel on the other hand I have no problems. The server that has no problem with bonding at all has been using 92.1.6 for weeks now - the server having the problem is still running 53 - I try updating it to 92.1.10 now. Dirk Francesco Policlinico San Marco Italy - Original Message - From: Dirk H. Schulz [EMAIL PROTECTED] To: CentOS mailing list centos@centos.org Sent: Friday, 8 August, 2008 5:33:09 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna Subject: [CentOS] Xen and bonding on Centos 5.2 Hi folks, I am stuck with a weird phenomenon. I have set up two servers as xen servers with bonded interfaces (mode 1). The bond interface works fine on both servers as long as xen is not used. When using xen's network-bridge script (with netdev=bond0), one server works fine without problems, and the other starts upping and downing the slave interfaces of the bond in a very fast manner (several runs per second). Both configurations are identical, the only difference is: - the working server has tg3 nic drivers - the dysfunctional server has e100 nic drivers. Does it really depend on the nic driver if bonding works? And why does it not work in xen, but work fine without xen? What can I do to analyse the problem? I know I could ask this on the xen list, but I fear that this is a redhat/centos specific phenomenon. Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Dirk H. Schulz IT Systems Service Wiesenweg 12, 85567 Grafing Tel. 0 80 92/86 25 68 Fax. 0 80 92/86 25 72 -- Technik vom Feinsten - und das nötige Tuning ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mount a Xen disk image file
Kai, I am sorry, but I simply do not understand at the moment. I thought xvda is the method the disks are mounted into the VM - you sound like it being the format of the disk itself. Please explain. Dirk --On 8. August 2008 20:31:15 +0200 Kai Schaetzl [EMAIL PROTECTED] wrote: Dirk H. Schulz wrote on Fri, 08 Aug 2008 14:54:20 +0200: What is the problem with xvda? And what is the alternative? Didn't we just discuss that? xvda doesn't allow you simple mounting of the disk from the host, be it file or LV. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Dirk H. Schulz IT Systems Service Wiesenweg 12, 85567 Grafing Tel. 0 80 92/86 25 68 Fax. 0 80 92/86 25 72 -- Technik vom Feinsten - und das nötige Tuning ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mount a Xen disk image file
Hi Kai, --On 8. August 2008 10:31:18 +0200 Kai Schaetzl [EMAIL PROTECTED] wrote: - snip - If you don't mind ending up with xvda it's a good way. What is the problem with xvda? And what is the alternative? Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Xen and bonding on Centos 5.2
Hi folks, I am stuck with a weird phenomenon. I have set up two servers as xen servers with bonded interfaces (mode 1). The bond interface works fine on both servers as long as xen is not used. When using xen's network-bridge script (with netdev=bond0), one server works fine without problems, and the other starts upping and downing the slave interfaces of the bond in a very fast manner (several runs per second). Both configurations are identical, the only difference is: - the working server has tg3 nic drivers - the dysfunctional server has e100 nic drivers. Does it really depend on the nic driver if bonding works? And why does it not work in xen, but work fine without xen? What can I do to analyse the problem? I know I could ask this on the xen list, but I fear that this is a redhat/centos specific phenomenon. Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Mount a Xen disk image file
Hi Folks, I search for a way to mount the .img files virt-install creates for Xen VMs. Using fdisk -lu I found it contains to 2 partitions: # fdisk -lu /var/lib/xen/images/BaseCentos.img last_lba(): I don't know how to handle files with mode 81ed Sie müssen angeben Zylinder. Sie können dies im Zusatzfunktionsmenü tun. Platte /var/lib/xen/images/BaseCentos.img: 0 MByte, 0 Byte 255 heads, 63 sectors/track, 0 cylinders, zusammen 0 Sektoren Einheiten = Sektoren von 1 × 512 = 512 Bytes Gerät boot. AnfangEnde Blöcke Id System /var/lib/xen/images/BaseCentos.img1 * 63 208844 104391 83 Linux /var/lib/xen/images/BaseCentos.img2 208845 8177084 3984120 8e Linux LVM And I can mount the first partition with no problem using the offset (start) from the partition table: mount -o loop,offset=$((63*512) /PATH/TO/IMAGE.img /MOUNTPOINT But I cannot mount the second partition using the offset of it: mount -o loop,offset=$((208845*512)) /PATH/TO/IMAGE.img /MOUNTPOINT mount: you have to specify the file system type Even using ext3, ext2 does not work. I do not think the offset is incorrect - I venture it is because the second partition is LVM (8e). Did anybody out there succeed in mounting an LVM partition out of an image file? Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mount a Xen disk image file
Hi Fabian, --On 7. August 2008 16:22:36 +0200 Fabian Arrotin [EMAIL PROTECTED] wrote: Dirk H. Schulz wrote: snip- I venture it is because the second partition is LVM (8e). Did anybody out there succeed in mounting an LVM partition out of an image file? That's why kpartx (for lvm) and lomount exist ;-) Don't forget after you've used kpartx -a to use lvscan to discover your lv and vgchange ... - snip - I had hoped for some other way because there is an open bug in kpartx on recent CentOS which leads to failed to stat() /var/lib/xen/images/BaseCentos.img Seems to work only with rather small img files. Do you have any other idea? Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mount a Xen disk image file
Hi Kai, --On 7. August 2008 20:31:22 +0200 Kai Schaetzl [EMAIL PROTECTED] wrote: Dirk H. Schulz wrote on Thu, 07 Aug 2008 16:46:47 +0200: Do you have any other idea? Do you want to regularly access it that way or do you just need to access the files onetime? I do not like this xvda stuff at all. So I created a basic setup with virt-install You are talking about a basic vm installation to a partition instead of an image file? and copied all content off (I don't know what I used, I assume cp or rsync or so). I used these files for a new VM based on ext3 formatted disks (you can either use files or LV). Can be done within 15 minutes or so. I tweaked that a bit to my liking and now use it as a template for new VMs. As the disks are ext3 I can now easily access the drives by mounting that LV. I should have done that. I always did it when I compiled xen on my own using Debian. Now I tried to use the easy way the RedHat tools suggest, but more and more I come to regret it. If they work at all you one way or the other do not like the outcome. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] rsyslog and imuxsocks
Hi folks, I have installed rsyslog and rsyslog-mysql from the base repository, but the loadable module imuxsocks seems not to be part of these packages. Does this have a certain reason? And is there any other way to get this module besides compiling rsyslog on my own? Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Restricting User Rights massively
Hi folks, is it possible to restrict the rights of a user to only do few, defined actions, e.g. only look up cpu and memory usage, but not walk around in the file system, not see any other hardware details, run any binaries/scripts? I know several different techniques to achieve parts of this (like chrooting him), but is there one technique to get it all? Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Restricting User Rights massively
Thanks to all who helped - rbash seems to be a good starting point since selinux is quite complex and takes some time to get into. Dirk --On 29. Juli 2008 09:40:31 -0400 William L. Maltby [EMAIL PROTECTED] wrote: On Tue, 2008-07-29 at 13:05 +0200, Dirk H. Schulz wrote: Hi folks, is it possible to restrict the rights of a user to only do few, defined actions, e.g. only look up cpu and memory usage, but not walk around in the file system, not see any other hardware details, run any binaries/scripts? I know several different techniques to achieve parts of this (like chrooting him), but is there one technique to get it all? Man bash. /-r and /RESTRICTED SHELL It'll take a little setup to custom taylor it. Permissions, PATH and a user or group specific bin directory (new one, not one of the standards) in their PATH. Some copy/symlink (careful with that) of existing executables may be useful. Be careful with scripts made available. There is a caveat that restrictions are removed when a script is being processed. Carefully constructed .bashrc, bash_profile. IMO, this is easier to setup than selinux, *may* meet all your needs and will not be affected by upgrades. Dirk snip sig stuff HTH -- BILL ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Dirk H. Schulz IT Systems Service Wiesenweg 12, 85567 Grafing Tel. 0 80 92/86 25 68 Fax. 0 80 92/86 25 72 -- Technik vom Feinsten - und das nötige Tuning ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Cluster: understanding virtual IP
Hi folks, I have set up a cluster on CentOS 5.2 using /etc/cluster/cluster.conf - and it works fine. It's only purpose is to switch a virtual IP between two routers. Now the service is running, I can ping the virtual IP from outside - but this virtual IP is not bound to any interface. How does this work? Can I force the cluster to bind it to a certain interface? I need this because the routing daemon (xorp) does not make use of an ip address that is not bound to an interface. Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cluster: understanding virtual IP
Okay, I found that ifconfig does not show the virtual IP address, but ip addr show shows it bound to an interface. Seems that ifconfig can only handle old style aliases. dirk --On 13. Juli 2008 14:28:29 +0200 Dirk H. Schulz [EMAIL PROTECTED] wrote: Hi folks, I have set up a cluster on CentOS 5.2 using /etc/cluster/cluster.conf - and it works fine. It's only purpose is to switch a virtual IP between two routers. Now the service is running, I can ping the virtual IP from outside - but this virtual IP is not bound to any interface. How does this work? Can I force the cluster to bind it to a certain interface? I need this because the routing daemon (xorp) does not make use of an ip address that is not bound to an interface. Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Dirk H. Schulz IT Systems Service Wiesenweg 12, 85567 Grafing Tel. 0 80 92/86 25 68 Fax. 0 80 92/86 25 72 -- Technik vom Feinsten - und das nötige Tuning ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Problem with Bonding Driver
Hi, --On 5. Juli 2008 09:45:16 -0700 Art Age Software [EMAIL PROTECTED] wrote: Hi, could you describe in more detail? What exactly is ignored? The options do not look much different. As I said, I am trying to set a different primary interface for each bond: eth0 for bond0, and eth2 for bond1. Does the second bonding interface have no primary interface, then? What exactly happens? Did you try without renaming? I do not use it, but it works nonetheless: alias bond0 bonding options bond0 mode=2 alias bond1 bonding options bond1 mode=2 You are setting identical options for both bonds. This masks the fact that your second options line is ignored and essentially does nothing. Try changing an option on bond1 (eg. set a different mode or a different miimon value), and I think you will see that it is ignored. I had tested different setups during conception phase and had different results. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with Bonding Driver
Hi, could you describe in more detail? --On 4. Juli 2008 13:11:45 -0700 Art Age Software [EMAIL PROTECTED] wrote: - snip - Changing to this eliminates the errors, but bond1 ignores the different options: What exactly is ignored? The options do not look much different. alias bond0 bonding options bond0 -o bond0 miimon=100 mode=active-backup primary=eth0 max_bonds=1 alias bond1 bonding options bond1 -o bond1 miimon=100 mode=active-backup primary=eth2 max_bonds=1 NOTE: It has been observed that some Red Hat supplied kernels are apparently unable to rename modules at load time (the -o bond1 part). Did you try without renaming? I do not use it, but it works nonetheless: alias bond0 bonding options bond0 mode=2 alias bond1 bonding options bond1 mode=2 Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
