Re: [CentOS] NFSv4: Using fsid=0 but *not* exporting the root filesystem [solved]

[Frank Thommen]

On 3/29/19 12:56 PM, James Pearson wrote:

Frank Thommen wrote:


I would like to use the NFSv4 ability to create a "root" filesystem with
fsid=0, so that I don't have to refer to the whole path of the exported
filesystem when I mount it.  However I do *not* want this root
filesystem to be mountable by any host.  Is that possible and how?

E.g
Filesystem:
    /exports/data1
    /exports/data2
    /exports/data3

/etc/exports:
    /exports *(ro,no_subtree_check,fsid=0)
    /exports/data1   host1(rw)
    /exports/data2   host1(rw)
    /exports/data3   host2(rw)


host1 and host2 can mount fileserver:/ and access any of the dataN
directories at least read-only.  That is unwanted.  I'd like
/exports/data1 and /exports/data2 to be exclusively accessible by host1
and /exports/data3 by host2.  But I'd still like to be able to mount
e.f. as fileserver:/data1 instead of fileserver:/exports/data1.

I've search around a lot and I have found the question several times,
but no solution yet.


It appears to work for me ... host1 will still see data3 under the mount
point - but its contents will be empty - similarly, host2 will see data1
and data2 under the mount point, but their contents will be empty

Or have I missed something ?

James Pearson



[better late then never...]

You haven't missed anything and /we/ made a mistake:  We hadn't 
realized, that "fsid" relates to "real" filesystems and not just 
directories.  We had this


   /storage  /exports  none  bind  0  0

in /etc/fstab, which made all individual shares (subdirectories of 
/storage) members of the same fsid and hence they had the same export 
settings applied.  After changing the bind mounts to


   /storage/data1  /exports/data1  none  bind  0  0
   /storage/data2  /exports/data2  none  bind  0  0

all exports now work as expected.

Cheers
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] NFSv4: Using fsid=0 but *not* exporting the root filesystem

[Frank Thommen]

Hi,

I would like to use the NFSv4 ability to create a "root" filesystem with 
fsid=0, so that I don't have to refer to the whole path of the exported 
filesystem when I mount it.  However I do *not* want this root 
filesystem to be mountable by any host.  Is that possible and how?


E.g
Filesystem:
  /exports/data1
  /exports/data2
  /exports/data3

/etc/exports:
  /exports *(ro,no_subtree_check,fsid=0)
  /exports/data1   host1(rw)
  /exports/data2   host1(rw)
  /exports/data3   host2(rw)


host1 and host2 can mount fileserver:/ and access any of the dataN 
directories at least read-only.  That is unwanted.  I'd like 
/exports/data1 and /exports/data2 to be exclusively accessible by host1 
and /exports/data3 by host2.  But I'd still like to be able to mount 
e.f. as fileserver:/data1 instead of fileserver:/exports/data1.


I've search around a lot and I have found the question several times, 
but no solution yet.


Cheers
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Tools/mechanisms for the management of access permissions in big filebased datasets

[Frank Thommen]

Thank you.  Basically our problem are not the ACLs or their support per 
se, but that we have to manage a huge number of individual ACLS (several 
hundred users in more than hundred projects) in multi-petabyte 
filesystem and still have to keep overview and control.  Our problem is 
more the management side.  Effectively we are looking for a tool that 
helps us manage these permissions and we would accept whatever 
permissions mechanism this tool uses (UGO/ACLs).


Cheers
frank


On 11/27/2018 03:06 PM, Leroy Tennison wrote:

Well, there are extended ACLs if they're available in CentOS, when I first 
worked with them (long ago) they were new (and on a different Distro).  I hope 
support for them has improved.  They allow multiple users/groups to be assigned 
permissions to a file/directory.  The problem then was that chmod (and other 
programs) were not extended-ACL-aware and could over-ride extended ACLs.  There 
was a mechanism to recover from the situation but what it basically came down 
to was eternal vigilance - the system administrators had to understand (and 
agree about) extended ACLs and be careful/diligent in applying them.  There are 
hacks which could possibly help (rename chmod and replace it with a script 
warning about extended ACLs) but, in the final analysis, it's not a decision to 
be undertaken lightly (unless the situation has changed dramatically).


Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: CentOS  on behalf of Frank Thommen 

Sent: Tuesday, November 27, 2018 7:25 AM
To: CentOS mailing list
Subject: [EXTERNAL] [CentOS] Tools/mechanisms for the management of access 
permissions in big filebased datasets

Hello,

we are currently managing access permissions through classical
user-group-others permissions on a multi-petabyte directory tree with
partially very deep and broad directories.  Projects are represented by
directory trees and mapped through GIDs.  Lately we had lots of
"singular" permission request (one single user needs access to a single
dataset but should not be able to see all other datasets belonging to
the same project).  We realized, that the UGO model doesn't scale and is
becoming more and more unmanageable.

Can you recommend tools/mechanisms/technologies to overcome the
drawbacks of the UGO model?  We are thinking about some purely ACL based
mechanism (but are open to other ideas).  All filesystems in question
are mounted via NFSv4 and the clients are (almost) completely CentOS 7.x
hsots.  Ideally the tool would have some web UI and some kind of
(REST)API which allows us to modify permissions from our inhouse data
management application (which does /not/ manage permissions, just the
structure of the data).  Additionally it should be able to
visualize/report permissions in directory.

I wasn't very successful in googling possible candidates, hence the
question to the list.

Cheers
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Tools/mechanisms for the management of access permissions in big filebased datasets

[Frank Thommen]

Hello,

we are currently managing access permissions through classical 
user-group-others permissions on a multi-petabyte directory tree with 
partially very deep and broad directories.  Projects are represented by 
directory trees and mapped through GIDs.  Lately we had lots of 
"singular" permission request (one single user needs access to a single 
dataset but should not be able to see all other datasets belonging to 
the same project).  We realized, that the UGO model doesn't scale and is 
becoming more and more unmanageable.


Can you recommend tools/mechanisms/technologies to overcome the 
drawbacks of the UGO model?  We are thinking about some purely ACL based 
mechanism (but are open to other ideas).  All filesystems in question 
are mounted via NFSv4 and the clients are (almost) completely CentOS 7.x 
hsots.  Ideally the tool would have some web UI and some kind of 
(REST)API which allows us to modify permissions from our inhouse data 
management application (which does /not/ manage permissions, just the 
structure of the data).  Additionally it should be able to 
visualize/report permissions in directory.


I wasn't very successful in googling possible candidates, hence the 
question to the list.


Cheers
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PostgreSQL port accessible even though it should be blocked by firewall

[Frank Thommen]

On 31/10/18 18:32, Gordon Messmer wrote:

On 10/30/18 8:31 AM, Frank Thommen wrote:
I am still puzzled that it is possible to circumvent firewalld so 
easily.  Basically it means, that firewalld is not to be trusted as 
soon as containers with port forwarding are running on a system. 


It's hard to see this as a security or trust problem.  The root user can 
modify the firewall, which is provided by the kernel. firewalld is just 
a front-end.  Adding rules to the kernel's firewall is not 
"circumventing" the management front-end.


You do have to bear in mind that the firewall-cmd output reflects the 
*configuration* and not the *state*.  When docker adds rules, it 
modifies the state, but not the configuration.


I see that (=have learned that :-) now, but for me it means, that 
firewalld-cmd is not to be trusted (even though it is the recommended 
tool to manage the local firewall).  I'll have to go back and try to 
understand confusing and hard-to-understand iptables output. :-(



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PostgreSQL port accessible even though it should be blocked by firewall

[Frank Thommen]

On 10/29/2018 08:43 PM, Keith Keller wrote:

On 2018-10-29, Frank Thommen  wrote:


PostgreSQL is running in a docker container:

$ docker ps
CONTAINER IDIMAGE COMMAND
CREATED STATUS  PORTSNAMES
6f11fc41d2f0postgres  "docker-entrypoint..."   4
days ago  Up 4 days   0.0.0.0:5432->5432/tcp   postgres
$

The various docker interfaces and virtual bridges are not assigned to
any specific zone.

Why is port 5432/tcp open?


It may be Docker manipulating the iptables rules.  If you don't want it
open at all, remove the port argument from the docker run command line
(or moral equivalent) and recreate the container (make sure you have
saved your data first, either with a volume mount or by dumping first).


Unfortunately I can't control how users start their containers and I 
cannot force them not to forward ports.  But I will see if I can prevent 
Docker from manipulating iptables as described in the very helpful link 
below.




If you need something more complex, here's some docs on how Docker
interacts with iptables, and how you can insert rules into its chains:

https://docs.docker.com/network/iptables/

--keith


frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PostgreSQL port accessible even though it should be blocked by firewall

[Frank Thommen]

On 10/29/2018 08:18 PM, Alexander Dalloz wrote:

Am 29.10.2018 um 20:03 schrieb Frank Thommen:

PostgreSQL is running in a docker container:

$ docker ps
CONTAINER ID    IMAGE COMMAND 
CREATED STATUS  PORTS    NAMES
6f11fc41d2f0    postgres  "docker-entrypoint..."   
4 days ago  Up 4 days   0.0.0.0:5432->5432/tcp   postgres

$


The various docker interfaces and virtual bridges are not assigned to 
any specific zone.



Why is port 5432/tcp open?


You will see it if you check the netfilter rules with:

iptables -L -n -v --line -t filter
iptables -L -n -v --line -t nat


In fact these rules forward port 5432 to docker:

$ iptables -L -n -v --line -t filter  | grep 5432
10 0 ACCEPT tcp  --  !docker0 docker0  0.0.0.0/0 
   172.17.0.2   tcp dpt:5432

$ iptables -L -n -v --line -t nat  | grep 5432
10   0 0 MASQUERADE  tcp  --  *  *   172.17.0.2 
 172.17.0.2   tcp dpt:5432
20 0 DNAT   tcp  --  !docker0 *   0.0.0.0/0 
  0.0.0.0/0tcp dpt:5432 to:172.17.0.2:5432

$

I am still puzzled that it is possible to circumvent firewalld so 
easily.  Basically it means, that firewalld is not to be trusted as soon 
as containers with port forwarding are running on a system.


frank




frank


Alexander
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] PostgreSQL port accessible even though it should be blocked by firewall

[Frank Thommen]

Hi,

this puzzles me: On one of our developer workstations, all ports with 
the exception of SSH are closed:


$ firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eno1
  sources:
  services: ssh dhcpv6-client
  ports: 22/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

$

but still port 5432/tcp (PostgreSQL) is open:

$ nmap -P0 devel-host

Starting Nmap 6.40 ( http://nmap.org ) at 2018-10-29 19:46 CET
Nmap scan report for devel-host (xxx.xxx.xxx.xxx)
Host is up (0.94s latency).
rDNS record for xxx.xxx.xxx.xxx: devel-host.our.domain
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp   open  ssh
5432/tcp open  postgresql

Nmap done: 1 IP address (1 host up) scanned in 57.26 seconds
$


PostgreSQL is running in a docker container:

$ docker ps
CONTAINER IDIMAGE COMMAND 
  CREATED STATUS  PORTSNAMES
6f11fc41d2f0postgres  "docker-entrypoint..."   4 
days ago  Up 4 days   0.0.0.0:5432->5432/tcp   postgres

$


The various docker interfaces and virtual bridges are not assigned to 
any specific zone.



Why is port 5432/tcp open?

frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox and Thunderbird freeze/crash followed by "nfs4_reclaim_open_state: Lock reclaim failed!" syslog messages

[Frank Thommen]

I was afraid someone would say that :-).  I am currently at 
3.10.0-862.3.2 and downgrading to a 3.10.0-6xx kernel breaks some of the 
other packages.


Is the mentioned bug documented somewhere?

Cheers
frank


On 07/06/18 06:22, James Peltier wrote:
There was a kernel bug that affected all NFSv4 traffic that we ran into 
and we had to downgrade the kernel to and older version 
(3.10.0-693.2.2.el7.x86_64) which seemed to help with our NFSv4 issues.  
We have not upgraded to a newer kernel to see if the issue has been 
resolved.





*From:* CentOS  on behalf of James Pearson 


*Sent:* June 6, 2018 2:49 PM
*To:* CentOS mailing list; Frank Thommen
*Subject:* Re: [CentOS] Firefox and Thunderbird freeze/crash followed by 
"nfs4_reclaim_open_state: Lock reclaim failed!" syslog messages

Frank Thommen wrote:


Hi,

since I updated my workstation from CentOS 7.4 to 7.5, Firefox and
Thunderbird (both 52.8.0, from CentOS repos) regularly freeze (or crash)
and cannot be restarted afterwards.? Trying to start them results in a
"Bus error (core dumped)" (Firefox) and "Killed" (Thunderbird).? The
system log then shows:

?  kernel: NFS: nfs4_reclaim_open_state: Lock reclaim failed!

each time I try to start the applications (our homedirectories are
mounted via NFS4).? As far as I can see, no other applications are
affected.? The workstation needs to be rebooted to fix the situation.

Has anyone else seen that or knows how to debug or fix this issue? I
tried with strace and wireshark w/o finding anything helpful.


I'm not sure what the el7 default for the Firefox
'storage.nfs_filesystem' pref is - but you could try setting it to
'true' to see if that makes a difference ?

James Pearson
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox and Thunderbird freeze/crash followed by "nfs4_reclaim_open_state: Lock reclaim failed!" syslog messages

[Frank Thommen]

On 06/06/18 23:49, James Pearson wrote:

Frank Thommen wrote:


Hi,

since I updated my workstation from CentOS 7.4 to 7.5, Firefox and
Thunderbird (both 52.8.0, from CentOS repos) regularly freeze (or crash)
and cannot be restarted afterwards.  Trying to start them results in a
"Bus error (core dumped)" (Firefox) and "Killed" (Thunderbird).  The
system log then shows:

   kernel: NFS: nfs4_reclaim_open_state: Lock reclaim failed!

each time I try to start the applications (our homedirectories are
mounted via NFS4).  As far as I can see, no other applications are
affected.  The workstation needs to be rebooted to fix the situation.

Has anyone else seen that or knows how to debug or fix this issue? I
tried with strace and wireshark w/o finding anything helpful.


I'm not sure what the el7 default for the Firefox
'storage.nfs_filesystem' pref is - but you could try setting it to
'true' to see if that makes a difference ?

James Pearson



I'll give that a try.  Thanks for the hint.

That's one of Firefox' problems: There doesn't seem to be a decent 
documentation for all the available configuration settings.


Cheers
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Firefox and Thunderbird freeze/crash followed by "nfs4_reclaim_open_state: Lock reclaim failed!" syslog messages

[Frank Thommen]

Hi,

since I updated my workstation from CentOS 7.4 to 7.5, Firefox and 
Thunderbird (both 52.8.0, from CentOS repos) regularly freeze (or crash) 
and cannot be restarted afterwards.  Trying to start them results in a 
"Bus error (core dumped)" (Firefox) and "Killed" (Thunderbird).  The 
system log then shows:


 kernel: NFS: nfs4_reclaim_open_state: Lock reclaim failed!

each time I try to start the applications (our homedirectories are 
mounted via NFS4).  As far as I can see, no other applications are 
affected.  The workstation needs to be rebooted to fix the situation.


Has anyone else seen that or knows how to debug or fix this issue? I 
tried with strace and wireshark w/o finding anything helpful.


Cheers
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Various applications freeze regularly since CentOS 7.5 update

[Frank Thommen]

Hi,

since we have upgraded to CentOS 7.5 (from CentOS 7.4), we experience 
frequent, but not reproducible, freezes of various applications: 
Thunderbird, Firefox, LibreOffice.  Usually the application process 
keeps running with PPID 1 w/o being killable (not even with SIGKILL). 
Freezes of Thunderbird are usually followed by Firefox crashing a few 
minutes later.  The only possible solution we found is a complete 
workstation reboot :-(.


Other problems are that many Gnome extensions are not working any more 
and also cannot be installed from extensions.gnome.org any more and 
logging in via gdm (LDAP, homedirectories on NFS share) is considerably 
slower than with 7.4.


I don't know if these issues are related, if they are symptoms of a more 
global problem and I am at a loss on how to debug them, as they appear 
from time to time but not not reproducibly..


Any hints or reports of own experiences are highly appreciated.

Cheers
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to blacklist a device driver (sysemd)

[Frank Thommen]

On 11/15/2017 07:50 PM, Gordon Messmer wrote:

On 11/15/2017 10:35 AM, Frank Thommen wrote:


I tried with the files
  /etc/modprobe.d/blacklist
  /etc/modprobe.d/blacklist.conf
and with entries
  blacklist mlx5_core
  blacklist mlx5_ib


The "blacklist" entries prevent a module being loaded by its alias
(typically a PCI ID), but not from being loaded if something explicitly
loads it by module name.  Most likely, those modules are included in
your initrd.

I'd suggest using the entries described above, and editing grub.conf to
add arguments to the kernel command line:
rd.driver.blacklist=mlx5_core rd.driver.blacklist=mlx5_ib
... then rebuilding your initrd using "dracut --force"


Thanks for the hint.  However as this should only be a temporary measure 
and needs to be done on ca. 100 hosts I'm not sure if we want to go 
through the hassles.  Deploying a textfile is no problem, but creating 
new initrds for differing hardware


frank
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] How to blacklist a device driver (sysemd)

[Frank Thommen]

Hi,

how can a specific device driver in CentOS 7 be blacklisted, so that it 
doesn't load at boot time?  We have Infiniband adapters which are not 
completely supported by CentOS and we want to silence the error messages 
for the time being.


I tried with the files

  /etc/modprobe.d/blacklist
  /etc/modprobe.d/blacklist.conf

and with entries

  mlx5_core
  mlx5_ib

  blacklist mlx5_core
  blacklist mlx5_ib

  install mlx5_core /dev/null
  install mlx5_ib /dev/null

all found on different websites.

None of these entries helps.  mlx5_core and mlx5_ib are still loaded and 
the system is flooded with error messages.


Cheers
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kickstart: dracut-initqueue fails due to unresolvable hostname even though network config looks perfectly ok

[Frank Thommen]

On 05/16/2017 12:25 AM, Darr247 wrote:

On Mon, 15 May 2017 at 20:05 zulu, Frank Thommen wrote:


lustre driver


https://downloads.hpdd.intel.com/public/lustre/latest-feature-release/el7.3.1611/


We have a special appliance attached and get the lustre driver from the 
appliance vendor to ensure maximum compatibility and maintenance.  So 
https://downloads.hpdd.intel.com/public/lustre/latest-feature-release/el7.3.1611/ 
unfortunately doesn't apply to us.


An then there are still FPGA and Infiniband where the vendors of our 
hardware currently don't support CentOS 7.3 (yet).


frank
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kickstart: dracut-initqueue fails due to unresolvable hostname even though network config looks perfectly ok

[Frank Thommen]

Hi

On 15/05/17 19:30, Tru Huynh wrote:

Hi,

On Mon, May 15, 2017 at 03:04:03PM +0200, Frank Thommen wrote:

This problem still bites us.  I've tried to play around with DHCP
settings (rd.net.timeout.dhcp, rd.net.dhcp.retry) to no avail.

I'm happy about /any/ hint.

1) ip route seems ok, but what does your /etc/resolv.conf looks like?


/etc/resolv.conf is 100% ok once I am in the dracut emergency shell and 
name resolution works fine.  However I don't know how it looks at the 
time of the error message - that is during dracut-initqueue - and I have 
no idea how I could check that.




2) could you try with 7.3.1611, 7.2.1511 is no longer supported.


Unfortunateyl not.  Due to special hardware (Infiniband, FPGA) and 
special lustre drivers we are currently bound to this specific release.


frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] How can kickstart be (re)started manually from the dracut emergency shell?

[Frank Thommen]

Hi,

this is a side question to my other thread regarding dracut-initqueue 
network issues.  Once I'm thrown into a dracut emergency shell (PXE 
booted system): How can I restart the kickstart installation process 
manually from there?  Can I at all?


Background is, that I'd like to add some debugging output to some of the 
dracut scripts and rerun the installation process to see why it fails.


Thanks
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kickstart: dracut-initqueue fails due to unresolvable hostname even though network config looks perfectly ok

[Frank Thommen]

This problem still bites us.  I've tried to play around with DHCP 
settings (rd.net.timeout.dhcp, rd.net.dhcp.retry) to no avail.


I'm happy about /any/ hint.

Cheers
frank



On 04/24/2017 11:57 PM, Frank Thommen wrote:

Hi,

kickstarting fails due to problems with host resolution, even though the
network seems to be properly configured through DHCP.  eno1 and eno2 are
both attached to the network, but only eno1 gets an IP via DHCP.  Still
`curl` cannot resolve the mirror host and the kickstart host during
dracut-initqueue:

rdsosreport.txt

[...]
[   14.780428] localhost kernel: IPv6: ADDRCONF(NETDEV_UP): eno1: link
is not ready
[   19.977052] localhost kernel: tg3 :0b:00.0 eno1: Link is up at
1000 Mbps, full duplex
[   19.977118] localhost kernel: tg3 :0b:00.0 eno1: Flow control is
off for TX and off for RX
[   19.978880] localhost kernel: tg3 :0b:00.0 eno1: EEE is disabled
[   19.980693] localhost kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eno1:
link becomes ready
[   19.829468] localhost dracut-initqueue[992]: dhcp: PREINIT eno1 up
[   19.853734] localhost dhclient[1393]: DHCPDISCOVER on eno1 to
255.255.255.255 port 67 interval 6 (xid=0x4df19201)
[   26.030151] localhost dhclient[1393]: DHCPDISCOVER on eno1 to
255.255.255.255 port 67 interval 13 (xid=0x4df19201)
[   26.033472] localhost dhclient[1393]: DHCPREQUEST on eno1 to
255.255.255.255 port 67 (xid=0x4df19201)
[   26.033668] localhost dhclient[1393]: DHCPOFFER from 10.128.196.98
[   26.038851] localhost dhclient[1393]: DHCPACK from 10.128.196.98
(xid=0x4df19201)
[   26.067534] localhost dracut-initqueue[992]: dhcp: BOND setting eno1
[   28.082735] localhost dhclient[1393]: bound to 10.128.196.20 --
renewal in 21301 seconds.
[   28.456131] localhost kernel: tg3 :0b:00.1: irq 153 for MSI/MSI-X
[   28.456149] localhost kernel: tg3 :0b:00.1: irq 154 for MSI/MSI-X
[   28.456165] localhost kernel: tg3 :0b:00.1: irq 155 for MSI/MSI-X
[   28.456180] localhost kernel: tg3 :0b:00.1: irq 156 for MSI/MSI-X
[   28.456196] localhost kernel: tg3 :0b:00.1: irq 157 for MSI/MSI-X
[   28.570450] localhost kernel: IPv6: ADDRCONF(NETDEV_UP): eno2: link
is not ready
[   34.024621] localhost kernel: tg3 :0b:00.1 eno2: Link is up at
1000 Mbps, full duplex
[   34.026347] localhost kernel: tg3 :0b:00.1 eno2: Flow control is
off for TX and off for RX
[   34.028069] localhost kernel: tg3 :0b:00.1 eno2: EEE is disabled
[   34.029776] localhost kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eno2:
link becomes ready
[   33.803606] localhost dracut-initqueue[992]: dhcp: PREINIT eno2 up
[   33.827664] localhost dhclient[1570]: DHCPDISCOVER on eno2 to
255.255.255.255 port 67 interval 7 (xid=0x1e8bdc4b)
[   41.000199] localhost dhclient[1570]: DHCPDISCOVER on eno2 to
255.255.255.255 port 67 interval 15 (xid=0x1e8bdc4b)
[   55.588353] localhost dhclient[1570]: DHCPDISCOVER on eno2 to
255.255.255.255 port 67 interval 18 (xid=0x1e8bdc4b)
[   74.172423] localhost dhclient[1570]: DHCPDISCOVER on eno2 to
255.255.255.255 port 67 interval 12 (xid=0x1e8bdc4b)
[   86.446514] localhost dhclient[1570]: DHCPDISCOVER on eno2 to
255.255.255.255 port 67 interval 9 (xid=0x1e8bdc4b)
[   95.253443] localhost dhclient[1570]: No DHCPOFFERS received.
[   95.253648] localhost dhclient[1570]: No working leases in persistent
database - sleeping.
[   95.282175] localhost dracut-initqueue[992]: dhcp: FAIL
[   95.353255] localhost dracut-initqueue[992]: RTNETLINK answers: File
exists
[  102.502688] localhost dracut-initqueue[992]: Warning: can't find
installer mainimage path in .treeinfo
[  102.517568] localhost dracut-initqueue[992]: % Total% Received %
Xferd  Average Speed   TimeTime Time  Current
[  102.525942] localhost dracut-initqueue[992]: Dload  Upload   Total
SpentLeft  Speed
[  102.534277] localhost dracut-initqueue[992]: 0 00 00
   0  0  0 --:--:-- --:--:-- --:--:-- 0Warning: Transient
problem: timeout Will retry in 1 seconds. 3 retries left.
[  103.527190] localhost dracut-initqueue[992]: 0 00 00
   0  0  0 --:--:-- --:--:-- --:--:-- 0Warning: Transient
problem: timeout Will retry in 2 seconds. 2 retries left.
[  105.533677] localhost dracut-initqueue[992]: 0 00 00
   0  0  0 --:--:-- --:--:-- --:--:-- 0Warning: Transient
problem: timeout Will retry in 4 seconds. 1 retries left.
[  109.542329] localhost dracut-initqueue[992]: 0 00 00
   0  0  0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not
resolve host: our.centos.mirror; Unknown error
[  109.551613] localhost dracut-initqueue[992]: Warning: Downloading
'http://our.centos.mirror/7.2.1511/os/x86_64/LiveOS/squashfs.img' failed!
[  109.615143] localhost dracut-initqueue[992]: % Total% Received %
Xferd  Average Speed   TimeTime Time  Current
[  109.624698] localhost dracut-initqueue[992]: Dload  Upload   Total
SpentLeft  Speed

[CentOS] Bonding mode balance-alb (6): How to control the assigned MAC address?

[Frank Thommen]

Hi,

we are trying to switch our bonding modes from 1 (active-backup) to 6 
(balance-alb).  However it seems, that these bond devices are not always 
getting the MAC address from the same slave.  Sometimes the device gets 
the MAC address of the first and sometimes of the second slave.  Since 
only the MAC address of the first slave device is (can be) registered in 
DHCP, this breaks connectivity (about) every second time we boot the 
computer.


Is there a way to control which MAC address is assigned to the bonding 
device w/o configuring it explicitely in the ifcfg file?


Cheers
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] kickstart: dracut-initqueue fails due to unresolvable hostname even though network config looks perfectly ok

[Frank Thommen]

Hi,

kickstarting fails due to problems with host resolution, even though the 
network seems to be properly configured through DHCP.  eno1 and eno2 are 
both attached to the network, but only eno1 gets an IP via DHCP.  Still 
`curl` cannot resolve the mirror host and the kickstart host during 
dracut-initqueue:


rdsosreport.txt

[...]
[   14.780428] localhost kernel: IPv6: ADDRCONF(NETDEV_UP): eno1: link 
is not ready
[   19.977052] localhost kernel: tg3 :0b:00.0 eno1: Link is up at 
1000 Mbps, full duplex
[   19.977118] localhost kernel: tg3 :0b:00.0 eno1: Flow control is 
off for TX and off for RX

[   19.978880] localhost kernel: tg3 :0b:00.0 eno1: EEE is disabled
[   19.980693] localhost kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eno1: 
link becomes ready

[   19.829468] localhost dracut-initqueue[992]: dhcp: PREINIT eno1 up
[   19.853734] localhost dhclient[1393]: DHCPDISCOVER on eno1 to 
255.255.255.255 port 67 interval 6 (xid=0x4df19201)
[   26.030151] localhost dhclient[1393]: DHCPDISCOVER on eno1 to 
255.255.255.255 port 67 interval 13 (xid=0x4df19201)
[   26.033472] localhost dhclient[1393]: DHCPREQUEST on eno1 to 
255.255.255.255 port 67 (xid=0x4df19201)

[   26.033668] localhost dhclient[1393]: DHCPOFFER from 10.128.196.98
[   26.038851] localhost dhclient[1393]: DHCPACK from 10.128.196.98 
(xid=0x4df19201)

[   26.067534] localhost dracut-initqueue[992]: dhcp: BOND setting eno1
[   28.082735] localhost dhclient[1393]: bound to 10.128.196.20 -- 
renewal in 21301 seconds.

[   28.456131] localhost kernel: tg3 :0b:00.1: irq 153 for MSI/MSI-X
[   28.456149] localhost kernel: tg3 :0b:00.1: irq 154 for MSI/MSI-X
[   28.456165] localhost kernel: tg3 :0b:00.1: irq 155 for MSI/MSI-X
[   28.456180] localhost kernel: tg3 :0b:00.1: irq 156 for MSI/MSI-X
[   28.456196] localhost kernel: tg3 :0b:00.1: irq 157 for MSI/MSI-X
[   28.570450] localhost kernel: IPv6: ADDRCONF(NETDEV_UP): eno2: link 
is not ready
[   34.024621] localhost kernel: tg3 :0b:00.1 eno2: Link is up at 
1000 Mbps, full duplex
[   34.026347] localhost kernel: tg3 :0b:00.1 eno2: Flow control is 
off for TX and off for RX

[   34.028069] localhost kernel: tg3 :0b:00.1 eno2: EEE is disabled
[   34.029776] localhost kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eno2: 
link becomes ready

[   33.803606] localhost dracut-initqueue[992]: dhcp: PREINIT eno2 up
[   33.827664] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 
255.255.255.255 port 67 interval 7 (xid=0x1e8bdc4b)
[   41.000199] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 
255.255.255.255 port 67 interval 15 (xid=0x1e8bdc4b)
[   55.588353] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 
255.255.255.255 port 67 interval 18 (xid=0x1e8bdc4b)
[   74.172423] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 
255.255.255.255 port 67 interval 12 (xid=0x1e8bdc4b)
[   86.446514] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 
255.255.255.255 port 67 interval 9 (xid=0x1e8bdc4b)

[   95.253443] localhost dhclient[1570]: No DHCPOFFERS received.
[   95.253648] localhost dhclient[1570]: No working leases in persistent 
database - sleeping.

[   95.282175] localhost dracut-initqueue[992]: dhcp: FAIL
[   95.353255] localhost dracut-initqueue[992]: RTNETLINK answers: File 
exists
[  102.502688] localhost dracut-initqueue[992]: Warning: can't find 
installer mainimage path in .treeinfo
[  102.517568] localhost dracut-initqueue[992]: % Total% Received % 
Xferd  Average Speed   TimeTime Time  Current
[  102.525942] localhost dracut-initqueue[992]: Dload  Upload   Total 
SpentLeft  Speed
[  102.534277] localhost dracut-initqueue[992]: 0 00 00 
   0  0  0 --:--:-- --:--:-- --:--:-- 0Warning: Transient 
problem: timeout Will retry in 1 seconds. 3 retries left.
[  103.527190] localhost dracut-initqueue[992]: 0 00 00 
   0  0  0 --:--:-- --:--:-- --:--:-- 0Warning: Transient 
problem: timeout Will retry in 2 seconds. 2 retries left.
[  105.533677] localhost dracut-initqueue[992]: 0 00 00 
   0  0  0 --:--:-- --:--:-- --:--:-- 0Warning: Transient 
problem: timeout Will retry in 4 seconds. 1 retries left.
[  109.542329] localhost dracut-initqueue[992]: 0 00 00 
   0  0  0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not 
resolve host: our.centos.mirror; Unknown error
[  109.551613] localhost dracut-initqueue[992]: Warning: Downloading 
'http://our.centos.mirror/7.2.1511/os/x86_64/LiveOS/squashfs.img' failed!
[  109.615143] localhost dracut-initqueue[992]: % Total% Received % 
Xferd  Average Speed   TimeTime Time  Current
[  109.624698] localhost dracut-initqueue[992]: Dload  Upload   Total 
SpentLeft  Speed
[  109.625018] localhost dracut-initqueue[992]: 0 00 00 
   0  0  0 --:--:-- --:--:-- --:--:-- 0Warning: Transient 
problem: timeout Will retry 

Re: [CentOS] How to PXE kickstart hosts with little memory (Error: "Warning: /dev/root does not exist")?

[Frank Thommen]

On 04/21/2017 10:25 PM, Gordon Messmer wrote:

On 04/21/2017 12:49 PM, Frank Thommen wrote:


It seems, that this is not related to local disk space - as I initally
thought - but to too small memory.  It only happens with VMs with
little RAM (1024 MB).  As soon as we raise the available memory to
2048 MB, kickstarting works fine.  The RHEL 7 installation guide
states, that the minimal memory requirement is 1 GB, so the network
installation /should/ work.


Yeah, I filed a bug report against the documentation some time ago.

https://bugzilla.redhat.com/show_bug.cgi?id=1410948

...though bugzilla is currently down.


Is there a way to install such hosts w/o having to temporarily raise
the available memory?



None that I'm aware of, as of 7.3.  If you have a 7.2 install tree, you
can boot the older installer and then update the installed system.
Seems easier to boost the memory, typically.


I gave it a try with 7.2.1511 and that works fine as long as I have 
"ip=eth0:dhcp" in my PXE config.  As soon as I expand it to 
"ip=eth0:dhcp ip=eno1:dhcp rd.neednet=1" (I do that to make sure 
kickstart works independently from the name of the network interface), 
kickstart enters into emergency mode w/o any error message after a lot 
of timeout warnings.  However that's something we can work around.


Thanks for the 7.2 hint.

frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] How to PXE kickstart hosts with little memory (Error: "Warning: /dev/root does not exist")?

[Frank Thommen]

Hi,

while kickstarting our virtual machines with PXE we often run into 
kickstart/anaconda failing with



[...]
[...] dracut-mount[xxx]: Warning: Can't mount root filesystem
[...] dracut-mount[xxx]: Warning: /dev/root does not exist
[...] dracut-mount[xxx]:/lib/dracut-lib.sh: line 1030: echo write error: 
No space left on device

Starting Dracut Emergency Shell...
Warning: /dev/root does not exist

Generating "/run/initramfs/rsdosreport.txt"

[...]


It seems, that this is not related to local disk space - as I initally 
thought - but to too small memory.  It only happens with VMs with little 
RAM (1024 MB).  As soon as we raise the available memory to 2048 MB, 
kickstarting works fine.  The RHEL 7 installation guide states, that the 
minimal memory requirement is 1 GB, so the network installation /should/ 
work.


Is there a way to install such hosts w/o having to temporarily raise the 
available memory?


Cheers
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] anaconda/kickstart: bonding device not created as expected

[Frank Thommen]

Hi Tris,

On 04/19/2017 06:07 PM, Tris Hoar wrote:

On 18/04/2017 15:54, Frank Thommen wrote:

Hi,

I am currently struggling with the right way to configure a bonding
device via kickstart (via PXE).

I am installing servers which have "eno" network interfaces.  Instead of
the expected bonding device with two active slaves (bonding mode is
balance-alb), I get a bonding device with only one active slave and an
independent, non-bonded network device.  Also the bonding device gets
its MAC address from the second instead of from the first device.

[...]

The used PXE configuration is

LABEL CentOS-7
kernel centos-7/vmlinuz
append initrd=centos-7/initrd.img ip=dhcp nameserver=xx.xx.xx.xx
ksdevice=eno1 inst.repo=http://our.mirror.server/7/os/x86_64
inst.ks.sendmac inst.ks=http://our.kickstart.server/ks.cgi


and the network settings in the kickstart file are

network --device bond0 --bondslaves=eno1,eno2
--bondopts=mode=balance-alb --bootproto=dhcp --hostname=myhost --activate


[...]



Hi Frank,

This is from my satellite kickstart where I'm building the bond at the
point of PXE booting, and using static (I'm working on doing this with
DHCP and tagged VLANs but currently cant get to the hardware needed
since messing up the BMC config :( )

LABEL linux
KERNEL boot/RedHat-7.3-x86_64-vmlinuz
APPEND initrd=boot/RedHat-7.3-x86_64-initrd.img
ks=http://example.com/host.ks ks.device=bootif network ks.sendmac
bond=bond0:eno1,eno2:mode=802.3ad vlan=bond0.10:bond0
ip=10.10.0.2::10.10.0.1:255.255.255.0:host.example.com:bond0.10:none
nameserver=10.10.0.1


Then in the KS we have
network  --bootproto=static --device=link --gateway=10.10.0.1
--hostname=host.example.com --ip=10.10.0.2
--nameserver=10.10.0.1,10.11.0.1 --netmask=255.255.255.0

It should be fairly simple to convert that to use DHCP as you just need
to change the IP line in the kernel parameters and ensure you have
--device=link in the kickstart.

BTW cat /proc/net/bonding/bond0 shows more info on how the bond is
actually setup and working.



Finally the issue was a simple and stupid syntax error in the ks config. 
 I had omitted the equal sign between "--device" and "bond0":


network --device=bond0 --bondslaves=eno1,eno2 
--bondopts=mode=balance-alb --bootproto=dhcp --hostname=myhost --activate


works much better :-).  Since the PXE config is global for all hosts 
(being configured with or without bonding device), I cannot use bonding 
definitions at that point.  However the idea of using --device=link is 
interesting and I might use it in an other context in the future.


Thanks a lot
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] anaconda/kickstart: bonding device not created as expected

[Frank Thommen]

Hi,

I am currently struggling with the right way to configure a bonding 
device via kickstart (via PXE).


I am installing servers which have "eno" network interfaces.  Instead of 
the expected bonding device with two active slaves (bonding mode is 
balance-alb), I get a bonding device with only one active slave and an 
independent, non-bonded network device.  Also the bonding device gets 
its MAC address from the second instead of from the first device.


I appreciate any hint (or rtfm with the name of the correct fm ;-) on 
how to achieve the desired setup through kickstart.  Please find the 
used PXE and kickstart settings and resulting network configuration below.


I did this with CentOS 7.2.1511.  We cannot go further due to Infiniband 
and lustre drivers which are currently only supported for this CentOS 
7.x version


Cheers
frank

--

The used PXE configuration is

LABEL CentOS-7
kernel centos-7/vmlinuz
append initrd=centos-7/initrd.img ip=dhcp 
nameserver=xx.xx.xx.xx ksdevice=eno1 
inst.repo=http://our.mirror.server/7/os/x86_64 inst.ks.sendmac 
inst.ks=http://our.kickstart.server/ks.cgi



and the network settings in the kickstart file are

network --device bond0 --bondslaves=eno1,eno2 
--bondopts=mode=balance-alb --bootproto=dhcp --hostname=myhost --activate



I would have expected to get a bonding device with eno1 and eno2 as 
slave devices, the bonding device inheriting the MAC address from eno1 
(otherwise DHCP won't work).  Instead the result is a bonding device 
with eno2 as - sole - slave device and eno1 as a single active device 
with the main IP address of the host:



bond0: flags=5187  mtu 1500
inet6 fe80::42f2:e9ff:fec7:b5f1  prefixlen 64  scopeid 0x20
ether 40:f2:e9:c7:b5:f1  txqueuelen 0  (Ethernet)
RX packets 29  bytes 5274 (5.1 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 39  bytes 3486 (3.4 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno1: flags=4163  mtu 1500
inet xx.xx.xx.xx  netmask 255.255.255.0  broadcast xx.xx.xx.xx
inet6 fe80::42f2:e9ff:fec7:b5f0  prefixlen 64  scopeid 0x20
ether 40:f2:e9:c7:b5:f0  txqueuelen 1000  (Ethernet)
RX packets 4303  bytes 798163 (779.4 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 1686  bytes 481585 (470.2 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
device interrupt 16

eno2: flags=6211  mtu 1500
ether 40:f2:e9:c7:b5:f1  txqueuelen 1000  (Ethernet)
RX packets 29  bytes 5274 (5.1 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 39  bytes 3486 (3.4 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
device interrupt 17


The ifcfg-files look basically ok, but there are two for the eno1 device.

ifcfg of the bonding device:

$ cat ifcfg-bond0
# Generated by parse-kickstart
IPV6INIT="yes"
DHCP_HOSTNAME="myhost"
NAME="Bond connection bond0"
BONDING_MASTER="yes"
BOOTPROTO="dhcp"
BONDING_OPTS="mode=balance-alb"
DEVICE="bond0"
TYPE="Bond"
ONBOOT="yes"
UUID="35910614-4a7c-43c9-8e44-dcf44b783358"
$


ifcfg of the two slave devices

$ cat ifcfg-bond0_slave_1
# Generated by parse-kickstart
NAME="bond0 slave 1"
MASTER="35910614-4a7c-43c9-8e44-dcf44b783358"
HWADDR="40:f2:e9:c7:b5:f0"
TYPE="Ethernet"
ONBOOT="yes"
UUID="f3a0a007-861c-42b6-8264-6efba62232ce"
$


$ cat ifcfg-bond0_slave_2
# Generated by parse-kickstart
NAME="bond0 slave 2"
MASTER="35910614-4a7c-43c9-8e44-dcf44b783358"
HWADDR="40:f2:e9:c7:b5:f1"
TYPE="Ethernet"
ONBOOT="yes"
UUID="ee3f7c84-d4cb-412e-887d-6b1c753eb913"
$


ifcfg of eno1 (which physically has the MAC address 40:f2:e9:c7:b5:f0, 
which is the same as ifcfg-bond0_slave_1


$ cat ifcfg-eno1
# Generated by dracut initrd
NAME="eno1"
DEVICE="eno1"
ONBOOT=yes
NETBOOT=yes
UUID="d20645a0-8093-45f3-9630-d0249f76726b"
IPV6INIT=yes
BOOTPROTO=dhcp
TYPE=Ethernet
DNS1="192.55.188.177"
$


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mounting NFS subdirectories individually or just the parent?

[Frank Thommen]

On the server side, the export is defined for /export/base, not for 
/export/base/x.  But I see the points.  It seems, that we should 
probably revisit our export/mount setup :-)


frank



On 07/28/2016 12:40 AM, Sean Brisbane wrote:

There is a slight performance related reason for exporting disk partitions
individually, the performance boost is server-side as Paul says.  The
advantage is that the no_subtree_check can be used without any additional
security risk.

It is probably the case that the /export/base/a is a partition, is exported
with no_subtree_check, and therefore there is a small performance boost.

Preventing server side mount point traversal can also form part of a
security mechanism if servers have different security options for different
mount points, but in this case mounting server:/export/base wouldn't give
you the same client view of the filesystem tree as mounting each
individually if it worked at all.

Cheers,
Sean

On 27 July 2016 at 23:21, Paul Heinlein <heinl...@madboa.com> wrote:


On Wed, 27 Jul 2016, Frank Thommen wrote:

Hello,


does it in any respect (throughput/performance, cpu load, I/O load,
resilience, ...) matter, if one mounts subdirectories of an NFS (v3) export
into separate directories or if one just mounts the parent directory?

I.e. like this:

 server: /export/base/a -> /mnt/a
 server: /export/base/b -> /mnt/b
 server: /export/base/c -> /mnt/c
 server: /export/base/d -> /mnt/d
 server: /export/base/e -> /mnt/e

or simply like this:

 server:/export/base   -> /mnt



Performance wise, any bottleneck will almost certainly be tied to the
disks on the back end, not the nfs process itself.

There are a couple good reasons for splitting up the mounts:

1. They can have different export restrictions (e.g., for different
   client hosts, ro vs. rw permissions, user squashing).

2. /base/[a-e] live on different RAID arrays and might benefit from
   different management cycles; that'd also be a case where multiple
   exports might be a good idea. That said, I've never managed an
   exported filesystem consisting of different arrays; we've always
   exported at the RAID level or below.

--
Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mounting NFS subdirectories individually or just the parent?

[Frank Thommen]

On 07/28/2016 12:21 AM, Paul Heinlein wrote:

On Wed, 27 Jul 2016, Frank Thommen wrote:


Hello,

does it in any respect (throughput/performance, cpu load, I/O load,
resilience, ...) matter, if one mounts subdirectories of an NFS (v3)
export into separate directories or if one just mounts the parent
directory?

I.e. like this:

 server: /export/base/a -> /mnt/a
 server: /export/base/b -> /mnt/b
 server: /export/base/c -> /mnt/c
 server: /export/base/d -> /mnt/d
 server: /export/base/e -> /mnt/e

or simply like this:

 server:/export/base   -> /mnt


Performance wise, any bottleneck will almost certainly be tied to the
disks on the back end, not the nfs process itself.

There are a couple good reasons for splitting up the mounts:

1. They can have different export restrictions (e.g., for different
   client hosts, ro vs. rw permissions, user squashing).


I'm not sure you can define individual restrictions for subdirectories 
of exported filesystems?  In our case export permissions are set for 
"server:/export/base".




2. /base/[a-e] live on different RAID arrays and might benefit from
   different management cycles; that'd also be a case where multiple
   exports might be a good idea. That said, I've never managed an
   exported filesystem consisting of different arrays; we've always
   exported at the RAID level or below.



Agreed, but this is not the case in our situation.


frank
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Mounting NFS subdirectories individually or just the parent?

[Frank Thommen]

Hello,

does it in any respect (throughput/performance, cpu load, I/O load, 
resilience, ...) matter, if one mounts subdirectories of an NFS (v3) 
export into separate directories or if one just mounts the parent directory?


I.e. like this:

  server:/export/base/a -> /mnt/a
  server:/export/base/b -> /mnt/b
  server:/export/base/c -> /mnt/c
  server:/export/base/d -> /mnt/d
  server:/export/base/e -> /mnt/e

or simply like this:

  server:/export/base   -> /mnt


I would guess, that it doesn matter at all, but at $work the standard 
setup on all cluster nodes is, to mount >20 subdirectories from the NFS 
server individually and the justification is, that is more performant 
and reliable.


Can this be confirmed (or denied)?

I couldn't find this method of "NFS performance tuning" mentioned 
anywhere and from a management perspective the sheer amount of mounted 
filesystems makes the list confusing and harder to troubleshoot.


Any thoughts?

Regards
frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] TB Top/Bottom posting (was: Re: google chrome future / centos 7)

[Frank Thommen]

On 17.12.15 22:19, m.r...@5-cent.us wrote:

Alice Wonder wrote:


Oh and sorry for the top posting, is there a way in Thunderbird for
CentOS to change that default?


That's odd, Alice - my t-bird at work, and at home, both set me for bottom
posting. Even in the config editor, I don't seen anything that looks like
that setting to top post.

mark



per account: Account Settings -> Composition & Addressing -> 
"Automatically quote the original message when replying, Then, " -> 
start my reply above the quote | start my reply below the quote | select 
the quote


HTH
f.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Rsync and differential Backups

[Frank Thommen]

Ciao Alessandro,

On 11/09/2015 05:01 PM, Alessandro Baggi wrote:

Hi list,
how to perform a differential backup using rsync?

On web there is a great confusion about diff backup concept when
searched with rsync.

Users says diff because it copy only differences. For me differential is
backup from last full backup.


Which is basically the same...if you always use your last full backup as 
"base" directory.  Use rsyn's --link-dest option to achieve this.  Nice 
thing: Unchanged files will just be hardlinked to the original files and 
won't use additional disk space, but still each dataset is a coopmlete 
backup.  There is no need to combine several incremental or differential 
backups to restore a certain state.


Mike Rubel's page has already been mentioned.  On 
http://www.drosera.ch/frank/computer/rsync.html I describe an alternate 
mechanism (using above mentioned --link-dest and an rsync-server) which 
overcomes some of the - imho - shortcomings of Mike's setup.


And: rsync is a fan-tas-tic backup tool ;-)

HTH
Frank


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] ldapsearch w. SSL refuses to connect to server with openssl 1.0.1 (worked with openssl 1.0.0)

[Frank Thommen]

Hi,

ldapsearch with an ldaps-URL stopped working recently, probably with the 
update from openssl 1.0.0 to openssl 1.0.1.

On a server with up-to-date packages (openssl-1.0.1e-16.el6_5.x86_64, 
openldap-clients-2.4.23-32.el6_4.1.x86_64) I get the following errors 
when issuing an ldapsearch (some parts anonymized):


[bad]# ldapsearch -H ldaps://ldap.domain.org:6636/ -D binddn -x -W 
-b searchbase -d1 -s sub -v uid=ME
ldap_url_parse_ext(ldaps://ldap.domain.org:6636/)
ldap_initialize( ldaps://ldap.domain.org:6636/??base )
ldap_create
ldap_url_parse_ext(ldaps://ldap.domain.org:6636/??base)
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.domain.org:6636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 12.34.56.78:6636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS: certdb config: configDir='/etc/openldap/cacerts' 
tokenDescription='ldap(0)' certPrefix='' keyPrefix='' flags=readOnly
TLS: cannot open certdb '/etc/openldap/cacerts', error -8018:Unknown 
PKCS #11 error.
TLS: error: connect - force handshake failure: errno 0 - moznss error -12226
TLS: can't connect: TLS error -12226:SSL peer rejected a handshake 
message for unacceptable content..
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
[bad]#


while on a system with slightly older OpenSSL package 
(openssl-1.0.0-27.el6_4.2.x86_64, same openldap-clients package 
version), I get the following error:

[good]# ldapsearch -H ldaps://ldap.domain.org:6636/ -D binddn -x -W 
-b searchbase -d1 -s sub -v uid=me
ldap_url_parse_ext(ldaps://ldap.domain.org:6636/)
ldap_initialize( ldaps://ldap.domain.org:6636/??base )
ldap_create
ldap_url_parse_ext(ldaps://ldap.domain.org:6636/??base)
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.domain.org:6636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 12.34.56.78:6636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS: certdb config: configDir='/etc/openldap' tokenDescription='ldap(0)' 
certPrefix='cacerts' keyPrefix='cacerts' flags=readOnly
TLS: cannot open certdb '/etc/openldap', error -8018:Unknown PKCS #11 error.
TLS: could not get info about the CA certificate directory 
/etc/openldap/cacerts - error -5950:File not found.
TLS: certificate [CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign 
nv-sa,C=BE] is not valid - error -8172:Peer's certificate issuer has 
been marked as not trusted by the user..
TLS: error: connect - force handshake failure: errno 2 - moznss error -8172
TLS: can't connect: TLS error -8172:Peer's certificate issuer has been 
marked as not trusted by the user..
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
[good]#


It /does/ see the certificate, even though it has a problem with it. 
Since I know the LDAP server is trustable - despite the certificate 
issue -, I can work around it with TLS_REQCERT never in 
/etc/openldap/ldap.conf or by prefixing the ldapsearch line with 
LDAPTLS_REQCERT=never:

[good]# LDAPTLS_REQCERT=never ldapsearch -H 
ldaps://ldap.domain.org:6636/ -D binddn -x -W -b searchbase -d1 -s 
sub -v uid=me
ldap_url_parse_ext(ldaps://ldap.domain.org:6636/)
ldap_initialize( ldaps://ldap.domain.org:6636/??base )
ldap_create
ldap_url_parse_ext(ldaps://ldap.domain.org:6636/??base)
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.domain.org:6636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 12.34.56.78:6636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS: certdb config: configDir='/etc/openldap' tokenDescription='ldap(0)' 
certPrefix='cacerts' keyPrefix='cacerts' flags=readOnly
TLS: cannot open certdb '/etc/openldap', error -8018:Unknown PKCS #11 error.
TLS: could not get info about the CA certificate directory 
/etc/openldap/cacerts - error -5950:File not found.
TLS: certificate [CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign 
nv-sa,C=BE] is not valid - error -8172:Peer's certificate issuer has 
been marked as not trusted by the user..
TLS certificate verification: subject: CN=ldap.domain.org,OU=Domain 
Control Validated,C=DE, issuer: CN=GlobalSign Domain Validation CA - 
G2,O=GlobalSign nv-sa,C=BE, cipher: AES-256, security level: high, 
secret key bits: 256, total key bits: 256, cache hits: 0, cache misses: 
0, cache not reusable: 0
[... ldapsearch results here ...]
[good]#


If I do the same on the system with OpenSSL 1.0.1e, I get the same error 
as w/o this setting.


It could be a problem with the OpenSSL 1.0.1 package - hopefully not - 
or just a configuration issue.  I just have no idea which one.  Any 
pointer is highly appreciated.

Cheers
frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ldapsearch w. SSL refuses to connect to server with openssl 1.0.1 (worked with openssl 1.0.0)

[Frank Thommen]

On 17.12.13 20:42, m.r...@5-cent.us wrote:
 Frank Thommen wrote:
 Hi,

 ldapsearch with an ldaps-URL stopped working recently, probably with the
 update from openssl 1.0.0 to openssl 1.0.1.
 snip

 Question #0: is selinux enforcing?

SELinux is disabled.

frank

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Xorg fills up /var/log/Xorg.0.log with AUDIT messages (up to system crash) [solved]

[Frank Thommen]

Problem solved: A user had configured his preferred browser to be 
Thunderbird(!).  As soon as he clicked on a link in an email, he ended 
in an endless loop with TB trying to open the link with the preferred 
browser (aka itself) again and again. This resulted in 40 MB audit 
loglines/hour in /var/log/Xorg.0.log.

Cheers
frank


On 03.10.13 17:15, Frank Thommen wrote:
 Hi,

 on a CentOS 6.4-workstation we have the problem, that Xorg fills up
 /var/log/Xorg.0.log with AUDIT messages faster than one can read. Within
 four hours the logfile grew to 160 MB and usually within 1-2 days
 applications and sometimes the OS crash because /var becomes full.

 Here a small extract of /var/log/Xorg.0.log:

 [...]
 [ 24272.458] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
 [ 24272.487] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected
 from local host ( uid=9435 gid=577 pid=24951 )
 Auth name: MIT-MAGIC-COOKIE-1 ID: 572
 [ 24272.490] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
 [ 24272.500] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 disconnected
 [ 24272.516] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected
 from local host ( uid=9435 gid=577 pid=24948 )
 Auth name: MIT-MAGIC-COOKIE-1 ID: 572
 [ 24272.516] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 connected
 from local host ( uid=9435 gid=577 pid=24952 )
 Auth name: MIT-MAGIC-COOKIE-1 ID: 572
 [ 24272.521] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
 [ 24272.549] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected
 from local host ( uid=9435 gid=577 pid=24957 )
 Auth name: MIT-MAGIC-COOKIE-1 ID: 572
 [ 24272.552] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
 [ 24272.564] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 disconnected
 [ 24272.575] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected
 from local host ( uid=9435 gid=577 pid=24954 )
 Auth name: MIT-MAGIC-COOKIE-1 ID: 572
 [ 24272.577] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 connected
 from local host ( uid=9435 gid=577 pid=24958 )
 Auth name: MIT-MAGIC-COOKIE-1 ID: 572
 [ 24272.585] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
 [ 24272.612] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected
 from local host ( uid=9435 gid=577 pid=24963 )
 Auth name: MIT-MAGIC-COOKIE-1 ID: 572
 [ 24272.616] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
 [ 24272.628] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 disconnected
 [ 24272.630] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected
 from local host ( uid=9435 gid=577 pid=24960 )
 Auth name: MIT-MAGIC-COOKIE-1 ID: 572
 [ 24272.633] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 connected
 from local host ( uid=9435 gid=577 pid=24964 )
 Auth name: MIT-MAGIC-COOKIE-1 ID: 572
 [ 24272.644] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
 [ 24272.673] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected
 from local host ( uid=9435 gid=577 pid=24969 )
 Auth name: MIT-MAGIC-COOKIE-1 ID: 572
 [ 24272.679] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
 [ 24272.691] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 disconnected
 [ 24272.692] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected
 from local host ( uid=9435 gid=577 pid=24966 )
 Auth name: MIT-MAGIC-COOKIE-1 ID: 572
 [ 24272.697] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 connected
 from local host ( uid=9435 gid=577 pid=24970 )
 Auth name: MIT-MAGIC-COOKIE-1 ID: 572
 [ 24272.711] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
 [...]

 The client numbers are just a small repeating set, but trying to find
 the associated processes through the pids fails, because when the
 logfile entry is written, the processes are already gone.  For sure
 these messages are associated with something the user(s) do, because
 as soon as nobody is logged in, these messages stop.  We have lots of
 CentOS 6 machines, but this is the only one with such an issue, even
 though there are more or less the same applications running on all machines.


 Xorg is running with the following options (CentOS 6 default settings):
 /usr/bin/Xorg :0 -nr -verbose -audit 4 -auth
 /var/run/gdm/auth-for-gdm-jQ4DVP/database -nolisten tcp vt1


 Questions:

 * How can one find out which processes are responsible for these
   audit messages?

 * How can I stop auditing completely?  With CentOS 5 Xorg ran
   with audit 0 and I was unable to find the place where the
   audit level is set.

 * (more generally) What's auditing good/used for anyway?


 Any hint is appreciated.

 Cheers
 frank

 [cross-posted on lopsa-tech maillist]
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



-- 
Frank Thommen - Structures IT Management and Support - EMBL Heidelberg
frank.thom

[CentOS] Xorg fills up /var/log/Xorg.0.log with AUDIT messages (up to system crash)

[Frank Thommen]

Hi,

on a CentOS 6.4-workstation we have the problem, that Xorg fills up 
/var/log/Xorg.0.log with AUDIT messages faster than one can read. Within 
four hours the logfile grew to 160 MB and usually within 1-2 days 
applications and sometimes the OS crash because /var becomes full.

Here a small extract of /var/log/Xorg.0.log:

[...]
[ 24272.458] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
[ 24272.487] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected 
from local host ( uid=9435 gid=577 pid=24951 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 572
[ 24272.490] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
[ 24272.500] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 disconnected
[ 24272.516] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected 
from local host ( uid=9435 gid=577 pid=24948 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 572
[ 24272.516] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 connected 
from local host ( uid=9435 gid=577 pid=24952 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 572
[ 24272.521] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
[ 24272.549] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected 
from local host ( uid=9435 gid=577 pid=24957 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 572
[ 24272.552] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
[ 24272.564] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 disconnected
[ 24272.575] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected 
from local host ( uid=9435 gid=577 pid=24954 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 572
[ 24272.577] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 connected 
from local host ( uid=9435 gid=577 pid=24958 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 572
[ 24272.585] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
[ 24272.612] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected 
from local host ( uid=9435 gid=577 pid=24963 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 572
[ 24272.616] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
[ 24272.628] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 disconnected
[ 24272.630] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected 
from local host ( uid=9435 gid=577 pid=24960 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 572
[ 24272.633] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 connected 
from local host ( uid=9435 gid=577 pid=24964 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 572
[ 24272.644] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
[ 24272.673] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected 
from local host ( uid=9435 gid=577 pid=24969 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 572
[ 24272.679] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
[ 24272.691] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 disconnected
[ 24272.692] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 connected 
from local host ( uid=9435 gid=577 pid=24966 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 572
[ 24272.697] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 30 connected 
from local host ( uid=9435 gid=577 pid=24970 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 572
[ 24272.711] AUDIT: Wed Oct  2 15:41:44 2013: 2625: client 28 disconnected
[...]

The client numbers are just a small repeating set, but trying to find 
the associated processes through the pids fails, because when the 
logfile entry is written, the processes are already gone.  For sure 
these messages are associated with something the user(s) do, because 
as soon as nobody is logged in, these messages stop.  We have lots of 
CentOS 6 machines, but this is the only one with such an issue, even 
though there are more or less the same applications running on all machines.


Xorg is running with the following options (CentOS 6 default settings):
/usr/bin/Xorg :0 -nr -verbose -audit 4 -auth 
/var/run/gdm/auth-for-gdm-jQ4DVP/database -nolisten tcp vt1


Questions:

   * How can one find out which processes are responsible for these
 audit messages?

   * How can I stop auditing completely?  With CentOS 5 Xorg ran
 with audit 0 and I was unable to find the place where the
 audit level is set.

   * (more generally) What's auditing good/used for anyway?


Any hint is appreciated.

Cheers
frank

[cross-posted on lopsa-tech maillist]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5.5 latest revisions seem really slow

[Frank Thommen]

Mark wrote:
 I recently updated to OpenOffice 3.2 and I noticed that it, and the
 latest Evolution, seem to be incredibly slow for some operations.
 
 E.g., in OO, about half the time when I'm editing something, it takes
 anywhere from 10-30 seconds for OO to respond to a click on one of the
 icons or menu items, and Evo is taking forever to format messages.
 
 During these times the gnome-system-monitor icon on my panel is
 showing almost no activity, and if I expand it to the full window, it
 shows the same.
 
 Is anyone else seeing this?
 
 I'm running the x86_64 release on an Athlon II X4, 2.6GHz with 4GB of
 memory and lots of available space in memory and on disk.
 
 Thanks in advance.
 
 Mark

I'm experiencing similar problems on a DELL Optiplex 740 with the same 
CPU (AMD Athlon 64 X2 Dual Core Processor 5000+ @ 2.60 GHz, 4 GB RAM, 80 
GB Hitachi Deskstar 7K80 HD).  But in my case the slowness is not 
restricted to OO, but the whole systems is slowed down.  Even simple 
actions (e.g. starting a Gnome Console) bring the load up to over 2. 
Right after booting, the load is usually over 2, sometimes even up to 4. 
  The slowness can literally be seen during the boot process.  The 
problem occurs since kernel 2.6.18-194.el5.  I measured the boot times 
(from GRUB to gdmgreeter, booted with 'noapic'):


kernel 2.6.18-164.el5  103', load after boot: 0.5

kernel 2.6.18-194.el5  335', load after boot: 2.5
kernel 2.6.18-194.3.1.el5  330', load after boot: 2.3
kernel 2.6.18-194.8.1.el5  335', load after boot: 1.9


When shutting down from kernel 2.6.18-194.x, I often (around 7 of 10 
times) get the following error on the console:

---
[...]
Shutting down hidd: [  OK  ]
[  OK  ] Bluetooth services:[  OK  ]
Shutting down interface eth0:  BUG: soft lockup - CPU#1 stuck for 10s!
[ip:3539]

CPU 1:
Modules linked in: autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc
ip_conntrack
_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink iptable_filter
ip_tables
ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables x_tables ipv6 xfrm_nalgo
crypto
_api cpufreq_ondemand powernow_k8 freq_table dm_multipath scsi_dh video
backligh
t sbs power_meter i2c_ec dell_wmi wmi button battery asus_acpi
acpi_memhotplug a
c lp sr_mod cdrom snd_hda_intel sg snd_seq_dummy snd_seq_oss
snd_seq_midi_event
snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer
snd_page_allo
c snd_hwdep parport_pc tg3 k8_edac snd parport i2c_nforce2 floppy k8temp
shpchp
i2c_core edac_mc hwmon pcspkr soundcore dm_raid45 dm_message
dm_region_hash dm_m
em_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod sata_nv libata sd_mod
scsi_
mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd
Pid: 3539, comm: ip Not tainted 2.6.18-194.8.1.el5 #1
RIP: 0010:[8000c9f6]  [8000c9f6] __delay+0x8/0x10
RSP: 0018:810125741c60  EFLAGS: 0297
RAX: 539a8625 RBX: 1388 RCX: 52518896
RDX: 012b RSI: c206044c RDI: 0291ae58
RBP: 393a7993 R08: 0002 R09: 810125741d1c
R10: 0018 R11: 05e10300 R12: 0002
R13: 810125741d1c R14: 004c R15: 80225929
FS:  2b3ee841a800() GS:81010438d7c0()
knlGS:
CS:  0010 DS:  ES:  CR0: 8005003b
CR2: 00365a6cc640 CR3: 000122af CR4: 06e0

Call Trace:
  [882444e7] :tg3:tg3_readphy+0x77/0xdf
  [88246d90] :tg3:tg3_setup_copper_phy+0x86a/0xb35
  [88247d62] :tg3:tg3_setup_phy+0xd07/0xe39
  [80158813] pci_bus_read_config_word+0x71/0x83
  [80158647] pci_bus_write_config_dword+0x5f/0x6e
  [88248080] :tg3:tg3_set_power_state+0x1ec/0x96e
  [88252c34] :tg3:tg3_close+0x103/0x113
  [8022f4ea] dev_close+0x53/0x72
  [8022e609] dev_change_flags+0x5a/0x119
  [80262fd8] devinet_ioctl+0x235/0x59c
  [80225d4f] sock_ioctl+0x1c1/0x1e5
  [8004206a] do_ioctl+0x21/0x6b
  [800300ca] vfs_ioctl+0x457/0x4b9
  [800b7605] audit_syscall_entry+0x180/0x1b3
  [8004c549] sys_ioctl+0x59/0x78
  [8005d28d] tracesys+0xd5/0xe0

[  OK  ]
Shutting down loopback interface:  [  OK  ]
[...]
---

The complete console of the boot process can be seen on 
http://pastebin.de/8808, the console output of the shutdown/reboot 
process is on http://pastebin.de/8809.  Bootcharts of the two boot 
processes can be seen on http://www.drosera.ch/kernelproblem/.

Memtest has been run w/o result.

Is there a way to narrow down the problem before posting a bug report?

Cheers

 frank

-- 
Frank Thommen - Structures IT Management and Support - EMBL Heidelberg
frank.thom...@embl-heidelberg.de - +49 6221 387 8353
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5.5 latest revisions seem really slow

[Frank Thommen]

James Pearson wrote:
 Frank Thommen wrote:
 
 I'm experiencing similar problems on a DELL Optiplex 740 with the same 
 CPU (AMD Athlon 64 X2 Dual Core Processor 5000+ @ 2.60 GHz, 4 GB RAM, 80 
 GB Hitachi Deskstar 7K80 HD).  But in my case the slowness is not 
 restricted to OO, but the whole systems is slowed down.  Even simple 
 actions (e.g. starting a Gnome Console) bring the load up to over 2. 
 Right after booting, the load is usually over 2, sometimes even up to 4. 
 
 Can you post the output of lspci and lsmod ?


sorry, forgot to copy-paste these in my original post:

[r...@shelley ~]# uname -a
Linux shelley 2.6.18-194.8.1.el5 #1 SMP Thu Jul 1 19:04:48 EDT 2010 
x86_64 x86_64 x86_64 GNU/Linux
[r...@shelley ~]# lspci
00:00.0 RAM memory: nVidia Corporation C51 Host Bridge (rev a2)
00:00.1 RAM memory: nVidia Corporation C51 Memory Controller 0 (rev a2)
00:00.2 RAM memory: nVidia Corporation C51 Memory Controller 1 (rev a2)
00:00.3 RAM memory: nVidia Corporation C51 Memory Controller 5 (rev a2)
00:00.4 RAM memory: nVidia Corporation C51 Memory Controller 4 (rev a2)
00:00.5 RAM memory: nVidia Corporation C51 Host Bridge (rev a2)
00:00.6 RAM memory: nVidia Corporation C51 Memory Controller 3 (rev a2)
00:00.7 RAM memory: nVidia Corporation C51 Memory Controller 2 (rev a2)
00:02.0 PCI bridge: nVidia Corporation C51 PCI Express Bridge (rev a1)
00:03.0 PCI bridge: nVidia Corporation C51 PCI Express Bridge (rev a1)
00:04.0 PCI bridge: nVidia Corporation C51 PCI Express Bridge (rev a1)
00:09.0 RAM memory: nVidia Corporation MCP51 Host Bridge (rev a2)
00:0a.0 ISA bridge: nVidia Corporation MCP51 LPC Bridge (rev a3)
00:0a.1 SMBus: nVidia Corporation MCP51 SMBus (rev a3)
00:0a.2 RAM memory: nVidia Corporation MCP51 Memory Controller 0 (rev a3)
00:0b.0 USB Controller: nVidia Corporation MCP51 USB Controller (rev a3)
00:0b.1 USB Controller: nVidia Corporation MCP51 USB Controller (rev a3)
00:0e.0 IDE interface: nVidia Corporation MCP51 Serial ATA Controller 
(rev a1)
00:0f.0 IDE interface: nVidia Corporation MCP51 Serial ATA Controller 
(rev a1)
00:10.0 PCI bridge: nVidia Corporation MCP51 PCI Bridge (rev a2)
00:10.1 Audio device: nVidia Corporation MCP51 High Definition Audio 
(rev a2)
00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] 
HyperTransport Technology Configuration
00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] 
Address Map
00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] 
DRAM Controller
00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] 
Miscellaneous Control
02:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5754 
Gigabit Ethernet PCI Express (rev 02)
03:00.0 VGA compatible controller: nVidia Corporation NV43GL [Quadro FX 
550] (rev a2)
[r...@shelley ~]# lsmod
Module  Size  Used by
autofs463049  11
hidp   83521  2
rfcomm104681  0
l2cap  89281  10 hidp,rfcomm
bluetooth 118853  5 hidp,rfcomm,l2cap
lockd 101553  0
sunrpc199945  2 lockd
ip_conntrack_netbios_ns36033  0
ipt_REJECT 38977  1
xt_state   35265  2
ip_conntrack   91621  2 ip_conntrack_netbios_ns,xt_state
nfnetlink  40457  1 ip_conntrack
iptable_filter 36161  1
ip_tables  55201  1 iptable_filter
ip6t_REJECT38849  1
xt_tcpudp  36289  10
ip6table_filter36033  1
ip6_tables 50049  1 ip6table_filter
x_tables   50505  6 
ipt_REJECT,xt_state,ip_tables,ip6t_REJECT,xt_tcpudp,ip6_tables
ipv6  435489  23 ip6t_REJECT
xfrm_nalgo 4  1 ipv6
crypto_api 42945  1 xfrm_nalgo
cpufreq_ondemand   42449  1
powernow_k856025  1
freq_table 38977  2 cpufreq_ondemand,powernow_k8
dm_multipath   56921  0
scsi_dh42177  1 dm_multipath
video  53197  0
backlight  39873  1 video
sbs49921  0
power_meter47053  0
i2c_ec 38593  1 sbs
dell_wmi   37601  0
wmi41985  1 dell_wmi
button 40545  0
battery43849  0
asus_acpi  50917  0
acpi_memhotplug40516  0
ac 38729  0
lp 47121  0
joydev 43969  0
snd_hda_intel 639265  0
snd_seq_dummy  37061  0
snd_seq_oss65473  0
snd_seq_midi_event 41025  1 snd_seq_oss
snd_seq8  5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
snd_seq_device 41557  3 snd_seq_dummy,snd_seq_oss,snd_seq
snd_pcm_oss77377  0
snd_mixer_oss  49985  1 snd_pcm_oss
snd_pcm   116681  2 snd_hda_intel,snd_pcm_oss
snd_timer  57161  2 snd_seq,snd_pcm
snd_page_alloc 44113  2 snd_hda_intel,snd_pcm
sr_mod 50789  0

Re: [CentOS] CentOS 5.5 latest revisions seem really slow

[Frank Thommen]

James Pearson wrote:
 Frank Thommen wrote:
 Can you post the output of lspci and lsmod ?
 sorry, forgot to copy-paste these in my original post:

 [r...@shelley ~]# lspci
 ...
 00:10.1 Audio device: nVidia Corporation MCP51 High Definition Audio 
 (rev a2)

 [r...@shelley ~]# lsmod
 ...
 snd_hda_intel 639265  0
 
 Could this be related to BZ #586532 
 https://bugzilla.redhat.com/show_bug.cgi?id=586532
 
 ???


Yes it is.  Same symptoms and the fix proposed there resolved the 
problem:  Add the option enable_msi=0 to the snd-hda-intel line in 
/etc/modprobe.conf:

   options snd-hda-intel [your other options] enable_msi=0

Thanks for the hint.

frank

-- 
Frank Thommen - Structures IT Management and Support - EMBL Heidelberg
frank.thom...@embl-heidelberg.de - +49 6221 387 8353
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5.5 latest revisions seem really slow

[Frank Thommen]

Mark wrote:
 On Thu, Aug 5, 2010 at 7:35 AM, James Pearson
 jame...@moving-picture.com wrote:
 Frank Thommen wrote:
 Can you post the output of lspci and lsmod ?
 sorry, forgot to copy-paste these in my original post:

 [r...@shelley ~]# lspci
 ...
 00:10.1 Audio device: nVidia Corporation MCP51 High Definition Audio
 (rev a2)

 [r...@shelley ~]# lsmod
 ...
 snd_hda_intel 639265  0
 Could this be related to BZ #586532
 https://bugzilla.redhat.com/show_bug.cgi?id=586532

 ???

 
 I'm not having sound problems
 
 00:05.0 Audio device: nVidia Corporation MCP61 High Definition Audio (rev a2)
 
 Nit: I have an X4, not an X2, but that might not be relevant.


The problem was reported for

00:10.1 Audio device: nVidia Corporation MCP51 High Definition Audio 
(rev a2)

it seems you're lucky having the MCP61 ;-)


frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Adaptec SCSI Card 2930LP supported by CentOS 5.x?

[Frank Thommen]

Hi, this is the OP writing...

John R Pierce wrote:
 Rainer Duffner wrote:
 Except that nowadays, some cheap desktop-motherboards may not know how
 to enable booting from such a card. 
 
 I seriously doubt a SCSI card with a 50 pin (max 10 or 20MB/sec?) 
 external connector is going to be used as a boot device.   more likely, 
 this is for some older tape class device like a DAT.

Almost right.  No booting from this card is required.  It's for the 
connection to a X-ray data collection system.


 btw, the original poster should know, you can convert wide (68 pin) SCSI 
 to narrow (50 pin) SCSI with a 'half-terminator' cable adapter, [...]

I've been told by the vendor of the said X-ray data collection system, 
that 68pin connectors never worked with Linux for their device.


Cheers

frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Adaptec SCSI Card 2930LP supported by CentOS 5.x?

[Frank Thommen]

Hi,

for a specific application we need a low-profile SCSI card (PCI) with 
external 50pin connector.  I thought about getting an Adaptec SCSI Card 
2930LP.  However I was not able to find any usable information about 
wether this card is supported by Linux/CentOS 5.x or not.  Does anyone 
have this card working with a CentOS 5.x machine?

Alternatively: Are there any linux-supported low-profile PCI SCSI cards 
with 50pin connector which are supported by CentOS 5.x and which you can 
recommend?

Thanks in advance

frank

-- 
Frank Thommen - Structures IT Management and Support - EMBL Heidelberg
frank.thom...@embl-heidelberg.de - +49 6221 387 8353
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Adaptec SCSI Card 2930LP supported by CentOS 5.x?

[Frank Thommen]

 for a specific application we need a low-profile SCSI card (PCI) with 
 external 50pin connector.  I thought about getting an Adaptec SCSI Card 
 2930LP.  However I was not able to find any usable information about 
 wether this card is supported by Linux/CentOS 5.x or not.  Does anyone 
 have this card working with a CentOS 5.x machine?
 
 ALL Adaptec SCSI Cards (except for a few bleeding edge 64-bit PCI cards)
 are supported, out-of-the-box using stock kernels on all versions of
 CentOS (3.x, 4.x, and 5.x):

Great  thanks


 sauron.deepsoft.com% strings 
 /lib/modules/2.6.9-89.0.16.EL/kernel/drivers/scsi/aic7xxx/aic7xxx.ko |grep 
 2930
 [...]

I'll use this string search next time I'm looking for device support.  I 
didn't know I could do that.

Greetings from my host (balrog) to your's :-)


frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Newsletter feedback

[Frank Thommen]

Hi,

 We have now published the sixth version of the Newsletter [...]

What newsletter are you referring to?  I cannot find any newsletter 
offer on centos.org.

frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] scp with tty

[Frank Thommen]

Warren Young wrote:
 Les Mikesell wrote:
 [...]
 
 This requires that the public key for localuser on host1 exists in 
 host2:.ssh/authorized_keys.  It also requires PermitRootLogin yes in 
 /etc/ssh/sshd_config, which is unfortunately the default on CentOS.  (I 
 usually turn it off.)

Unfortunately?  I could not live w/o it ;-)


 Also realize that remotecmd can be a very complex thing, not just a 
 simple command.  You can use pipes and other things through ssh.

If using IO redirections or pipes, be sure to quote them correctly:

   [localu...@host1 ~]$ ssh r...@host2 remotecmd  /tmp/file

will create /tmp/file with the output of remotecmd on host1 (!), while

   [localu...@host1 ~]$ ssh r...@host2 remotecmd  /tmp/file

will create /tmp/file on host2.


Cheers

frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can't download large files

[Frank Thommen]

 :(
 wget? I've tried download using other utilities on my windows pc's, on 
 my desktop [Ubuntu] I using rsync and scp to download, but get same 
 problem :(
 
 Btw John, thank You for your advise...
 
 Really confused :(

This might be either a problem on the server you are downloading from 
(try an other one) or maybe of a firewall at your site (we had similiar 
problems and corrupted packages due to a firewall bug).

Cheers

frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] resolv.conf rewritten every reboot. How to figure out who and why?

[Frank Thommen]

Dave wrote:
 On Thu, Oct 8, 2009 at 11:44 AM, Craig White craigwh...@azapple.com wrote:
 On Thu, 2009-10-08 at 11:19 -1000, Dave wrote:
 [r...@lee1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
 [snip]
 PEERDNS=yes
 - ^^^
 change to PEERDNS=no
 
 
 What man page would tell me what this means? How should I have known
 that's what I should do, if I were lacking the luxury of being told by
 one wiser than myself?

It's in /usr/share/doc/initscripts-version/sysconfig.txt


Cheers

   frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dualboot CentOS and Windows

[Frank Thommen]

frank.brodb...@klingel.de wrote:
 Hi,
 
 I have to install CentOS on a spare partition of a laptop with 
 Windows pre installed. Is there anything I have to watch out for? 
 Couldn't find anything in the wiki or does the installer handle this 
 well without me doing some magic, or so?

The installer will handle this perfectly if you select the correct 
partition for your CentOS installation :-)

Cheers

 frank

-- 
Frank Thommen - Structures IT Management and Support - EMBL Heidelberg
frank.thom...@embl-heidelberg.de - +49 6221 387 8353
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dualboot CentOS and Windows

[Frank Thommen]

   I have to install CentOS on a spare partition of a laptop with
   Windows pre installed. Is there anything I have to watch out for?
   Couldn't find anything in the wiki or does the installer handle this
   well without me doing some magic, or so?
  
  The installer will handle this perfectly if you select the correct
  partition for your CentOS installation :-)
 
 
 usually, you need at least two partitions: one for / and one for swap. 
 best is to setup first a small /boot partition. i'm sure somewhere there 
 are some docs about it :)

You can do that from within the installer...or just let the installer 
create a default layout.

frank


-- 
Frank Thommen - Structures IT Management and Support - EMBL Heidelberg
frank.thom...@embl-heidelberg.de - +49 6221 387 8353
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Auto-installing security updates?

[Frank Thommen]

 [...]
 Like a previous poster, I'd also suggest, that you use an other 
 distibution in this case.  Ubuntu might be a good choice or maybe SuSE. 
   Both are probably better suited for non-commandline techies :-).
 
 That is utter bullshit. The neat thing about CentOS as a Desktop is that
 the system (mostly) stays the same over 7 years. 

I was referring to the ease of use regarding updating etc.  Not the 
desktop itself.


 Both distributions offer easy-to-use update tools.
 
 Oh, CentOS doesn't?

Not in such an integrated way as e.g. SuSE (yast).  Or maybe I just 
don't know them?


 I'd also suggest not to use Fedora or OpenSuse.  They have both very 
 fast release cycles, forcing you to updating very often.
 
 Ermm. You advise to use SuSE, but then suggest to not use it? Or were
 you talking about the Enterprise version?

exactly.


frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Auto-installing security updates?

[Frank Thommen]

Hi Anne,

 [...] he feels very insecure.
 
 It seems to me that CentOS would be perfect for him except for the need to 
 keep it securely patched.  [...]
 
 I'd be glad of any advice.

Like a previous poster, I'd also suggest, that you use an other 
distibution in this case.  Ubuntu might be a good choice or maybe SuSE. 
  Both are probably better suited for non-commandline techies :-).

Both distributions offer easy-to-use update tools.

I'd also suggest not to use Fedora or OpenSuse.  They have both very 
fast release cycles, forcing you to updating very often.

On the other hand, showstoppers can always happen and in this case 
probably nothing will save you a personal appearance :-)

Cheers

frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Calendar server

[Frank Thommen]

Scott Silva wrote:
 on 5-12-2009 4:24 AM Max Hetrick spake the following:
 Scott Silva wrote:

 [...]

 I had looked at Horde some time ago, but brushed it off. I think I'll 
 check it out though again and get it up and running.

 Thanks!
 Max
 Most of my users seem OK with it. I was running it side by side with roundcube
 as a test, and most users seem to like the extra bits. Besides, horde keeps
 compatibility with less than brand new PHP versions, but Roundcube insists you
 have the newest PHP installed everytime they generate a new version. I just
 can't hack a production server every few months at the whim of developers that
 want to play in a new sandbox every week.


As far as I know, Horde/IMP doesn't play well with mailboxes that 
contain square brackets in their name (which is a common pattern for 
maillist mailboxes at our site...).  They are always reported as being 
empty and one cannot move/copy mails to them.

frank




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Update Issue

[Frank Thommen]

John Hinton wrote:
 I seem to be able to get all of the 5.x update except for the kernel. 
 Each attempt results in this...
 
 (1/1): kernel-2.6.18-128. 100% |=|  15 MB
 00:16
 http://centos.mirror.nac.net/5.3/updates/i386/RPMS/kernel-2.6.18-128.1.6.el5.i686.rpm:
  
 [Errno -1] Package does not match intended download
 Trying other mirror.
 http://mirrors.usc.edu/pub/linux/distributions/centos/5.3/updates/i386/RPMS/kernel-2.6.18-128.1.6.el5.i686.rpm:
  
 [Errno 9] Requested Range Not Satisfiable
 [...]


The last time I saw these errors it was with Fedora Core 6 updates.  I 
usually got rid of them by either trying later and/or trying lots and 
lots of times and/or by removing all installed PGP keys and re-importing 
them.  As I usually tried a combination of the above methods I can't 
really say which one is the best option.

My hypothesis - for the problems *we* had - is, that it was a firewall 
issue on our side.

Cheers

  frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Newby- New install forgot Login - pwd

[Frank Thommen]

Joseph L. Casale wrote:
 Which is why I should password protect grub on my desktop -- have done so 
 now on my laptop.
 
 Don't bother, that's the dumbest feature I ever saw. You can edit the 
 password out of the grub
 line to...

I think that shouldn't be?

http://www.gnu.org/software/grub/manual/grub.html#password;

-
13.2.10 password
— Command: password [--md5] passwd [new-config-file]

 If used in the first section of a menu file, disable all 
interactive editing control (menu entry editor and command-line) and 
entries protected by the command lock. [...]
-

frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] need trouble ticket system

[Frank Thommen]

Darrin Khan wrote:
 [...]
 We make good use of RT by Best Practical, it services an ISP and a NOC.
 
 http://www.bestpractical.com/rt
 [...]

I'd support RT, too.  I've made some experiences with Kayako and RT and 
while I find Kayako far too complex (especially if you want to customize 
it), RT is just fine for most purposes and it's quickly installed.

RT is one of my top five sysadmin/support tools.

frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Getting asciidoc

[Frank Thommen]

[somehow my mail hasn't gone through yesterday evening.  trying again...]

Brian Mathis wrote:
 You need to set enabled=1 in the config file.  Currently you have 
 enabled=0

I don't think you need enabled=1 in the repo file if you are using
`yum --enablerepo=dag ...` on the command line, but...


 [dag]
 [...]
 enabled=0
 gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
 includepkgs=acsiidoc* bitt* perl*
^
...this should probably read 'asciidoc'? :-)

Cheers

 frank

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Minimal Install?

[Frank Thommen]

 2) Is it possible, using yum, to know which packages holds what file?
 (like dpkg -S in Debian/Ubuntu)

yum provides filename
rpm -q --whatprovides filename

frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] manage different profile with a laptop

[Frank Thommen]

Hi Rachid,

 I need to use different profile with some linux CentOS  laptops.

I'm managing such profiles with a custom init script.  The scripts 
checks what IP address (if any) the machine got and according to this 
address, I disable/enable some services (NIS, sendmail, automounter, 
local vs. remote homedirectories etc.).  It's not very elaborate but 
works fine until now.

Cheers

frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img

[Frank Thommen]

John Doe wrote:
 Frank Thommen wrote:
 To modify the initrd.img, I took the original CentOS 5.2 image, unpacked 
 with cpio/gunzip and replaced modules/2.6.18-92.el5/x86_64/e1000e.ko 
 with a current version.  This driver module had been created on a 
 freshly installed CentOS 5.2 host with kernel 2.6.18-92.el5 and w/o any 
 updates.  After adding the driver, I re-archived and re-packed the image 
 and replaced the initrd.img on my tftp server.
  
 The new image is considerably bigger than the old one (12 MB vs. 5.7 MB) 
 which puzzles me, as the driver file itself is 2.8 MB (compared to the 
 old e1000e.ko with ca 170 KB) but the resulting modules.cgz is only 
 around 700 KB bigger than the original one.  All files have been 
 compressed with `gzip -9`.
 
 Just wondering... can you safely strip modules like you would strip 
 executables?

Unfortunately stripping didn't help.  Same error message at boot.


frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img

[Frank Thommen]

Tru Huynh wrote:
 On Thu, Mar 26, 2009 at 05:27:10PM +0100, Frank Thommen wrote:
 What cpio options did you use to re-create modules/modules.cgz and then 
 the initrd.img?
 I used `cpio -ovF file` and `cpio -ov -H crc -F file` (I found the 
 latter on http://sial.org/howto/linux/initrd/).  However I could not 
 find any officially looking information about how the 
 initrd.img/modules.cgz is created.
 
 find ./ | cpio -H newc -o | | gzip -c9  /path/to/my/initrd.img


This give a slightly different error message:

[...]
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
VFS: Cannot open root device NULL or unknown-block(253,3)
Please append a correct root= boot option
Kernel panic - not syncing: VFS: Unable to mount root fs on
unknown-block(253,3)


The two RAMDISK error lines have gone.  I have archived 
modules/modules.cgz *and* initrd.img with -H newc.


frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img

[Frank Thommen]

Tru Huynh wrote:
 On Fri, Mar 27, 2009 at 04:04:40PM +0100, Frank Thommen wrote:
 This give a slightly different error message:

 [...]
 md: Autodetecting RAID arrays.
 md: autorun ...
 md: ... autorun DONE.
 VFS: Cannot open root device NULL or unknown-block(253,3)
 Please append a correct root= boot option
 Kernel panic - not syncing: VFS: Unable to mount root fs on
 unknown-block(253,3)


 The two RAMDISK error lines have gone.  I have archived 
 modules/modules.cgz *and* initrd.img with -H newc.
 only the initrd needs -H newc

I tried also with non-newc for modules.cgz but this doesn't help. 
However when I look at the original, gunzipped modules.cgz wich `file`, 
then I get ASCII cpio archive (SVR4 with no CRC) which would also be 
'newc'.


 This one works for me
 LABEL centos5
  MENU LABEL ^1) centos 5 x86_64 raid1 ks
  KERNEL centos5.x86_64/vmlinuz
 APPEND initrd=centos5.x86_64/initrd.img 
 method=http://10.0.0.4/pub/linux/c5/os/x86_64  noipv6 syslog=10.0.0.4 
 kssendmac ip=dhcp ks=http://10.0.0.4/ks/c5-raid1-64-min.cfg


That is more or less what we have:

   KERNEL CentOS-5.2_64/vmlinuz
   APPEND initrd=CentOS-5.2_64/initrd.img ramdisk_size=5940 kssendmac
ks=http://srv/ks/ks.cgi noipv6


This should not be the problem as it works fine for the unmodified 
initrd.img.


frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Getting asciidoc

[Frank Thommen]

Brian Mathis wrote:
 You need to set enabled=1 in the config file.  Currently you have 
 enabled=0

I don't think you need enabled=1 in the repo file if you are using 
`yum --enablerepo=dag ...` on the command line, but...


 [dag]
 [...]
 enabled=0
 gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
 includepkgs=acsiidoc* bitt* perl*
^
...this should probably read 'asciidoc'? :-)

Cheers

 frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Getting ready for CentOS 5.4

[Frank Thommen]

nate wrote:
 Les Mikesell wrote:
 
 [...]
 
 I think it's safe to assume that the majority of CentOS users out
 there run CentOS on servers, not on desktops/laptops/etc.

So I'm one from the minority then :-).  CentOS 5 is running on (almost) 
all servers and (really) all Linux clients here.  Being used to the 
RedHat way from a former job and not being happy with the fast release 
cycles of Fedora, CentOS was a logical choice.  No more system 
instabilities and no more package incompatibilities since we switched 
from Fedora (let's keep fingers crossed).  That's what I call 
Enterprise grade :-)

I don't care if the CentOS release comes days or weeks (or months) after 
the RedHat release as long as it comes one day.

And sincerely: I don't understand, why RedHat/CentOS should not be used 
on desktops.

Cheers

 frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB, AutoMount VNC

[Frank Thommen]

Guy Boisvert wrote:
 MHR wrote:
 On Fri, Mar 27, 2009 at 6:35 AM, Guy Boisvert boisvert@videotron.ca 
 wrote:
 Hi!

I'm trying to figure out how to make automount do its job when nobody
 is logged at the console and the user access the server by VNC.  Does
 anybody knows how to make CentOS automount USB Hard Drives / Pendrive
 when accessed by VNC?

 Could you describe the problem a little more clearly?  Separation of
 console from USB-accessible hardware, how VNC fits in in this
 scenario, etc.

 It sounds like someone wants to log in remotely (VNC), plug in a
 (local) USB device and access it (remotely), which doesn't make sense
 to me.

 Thanks.

 mhr
 ___
 
 Hi,
 
   It make senses if you're running a box headless (it will be headless 
 soon, now i'm testing it with K+V+M attached).  We're using a CentOS box 
 to plug USB Flash drive  external hard drive into it.  The CentOS box 
 is then used to FTP the content of these external drives to a Winblows 
 box, all that filtered by a firewall between the 2 boxes.  Only FTP is 
 allowed.
 
   Doing some tests on the CentOS box, i saw that if i log into the 
 console, then the local session and the remote VNC sessions will see the 
 drives automounted.  If i log out of the console, then the VNC session 
 won't see anything.  It's like the automount works only if somebody is 
 logged at the console.

I assume that with console you mean X11/desktop manager.  In this case 
Gnome or KDE handle the mounting of removable devices for you.  The 
automounter hasn't anything to do with it.

If you want the automounter to handle removable devices, then you'll 
have to add appropriate automounter map entries.  Something like

/etc/auto.master:
/media /etc/auto.media

/etc/auto.media:
usb:/dev/sda1


or you could use a program map like the following (not my invention, I 
took this from the autofs mailing list):

-
#!/bin/sh
if ntfs-3g.probe /dev/sda1; then
echo -fstype=ntfs-3g,other-opts :/dev/sda1
else
echo -fstype=vfat,other-opts :/dev/sda1
fi
-

You'll probably find other examples on the net.

I'm not sure if such an automounter setup collides with Gnome/KDE 
automounting.

Cheers

 frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img

[Frank Thommen]

Hi,

to install current PC models (with new Intel NICs) via Kickstart/PXE, I 
wanted to add the newest e1000e-Treiber to initrd.img.  With this 
modified image, the Kickstart kernel crashes with the following error 
messages:


[...]
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
RAMDISK: Compressed image found at block 0
RAMDISK: incomplete write (20480 != 32768) 6062080
VFS: Cannot open root device NULL or unknown-block(253,3)
Please append a correct root= boot option
Kernel panic - not syncing: VFS: Unable to mount root fs on 
unknown-block(253,3)


To modify the initrd.img, I took the original CentOS 5.2 image, unpacked 
with cpio/gunzip and replaced modules/2.6.18-92.el5/x86_64/e1000e.ko 
with a current version.  This driver module had been created on a 
freshly installed CentOS 5.2 host with kernel 2.6.18-92.el5 and w/o any 
updates.  After adding the driver, I re-archived and re-packed the image 
and replaced the initrd.img on my tftp server.


The new image is considerably bigger than the old one (12 MB vs. 5.7 MB) 
which puzzles me, as the driver file itself is 2.8 MB (compared to the 
old e1000e.ko with ca 170 KB) but the resulting modules.cgz is only 
around 700 KB bigger than the original one.  All files have been 
compressed with `gzip -9`.


My PXE bootsettings are:

   KERNEL CentOS-5.2_64/vmlinuz
   APPEND initrd=CentOS-5.2_64/initrd.img ramdisk_size=5940 kssendmac 
ks=http://srv/ks/ks.cgi noipv6


Even raising ramdisk_size doesn't help.  At around ramdisk_size=7100 
there seems to be an overflow and the size is recounted from zero (?).


Any Ideas, how one can/should create an updated and working initrd.img 
for Kickstart/PXE?


A similar question has been asked before on this list and a 
recommendation was to wait for 5.3.  Unfortunately I cannot wait for the 
next release.


Thanks in advance

 frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img

[Frank Thommen]

 What cpio options did you use to re-create modules/modules.cgz and then 
 the initrd.img?

I used `cpio -ovF file` and `cpio -ov -H crc -F file` (I found the 
latter on http://sial.org/howto/linux/initrd/).  However I could not 
find any officially looking information about how the 
initrd.img/modules.cgz is created.

 
 Did you gzip the initrd.img after cpio'ing it?

yes, with `gzip -9`.


 It might be better to wait for CentOS 5.3 - as that has an updated 
 e1000e module - hopefully 5.3 might be out this week end ...

OK, I could wait this long (better: short) :-)

frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img

[Frank Thommen]

 to install current PC models (with new Intel NICs) via Kickstart/PXE, I
 wanted to add the newest e1000e-Treiber to initrd.img.  With this
 modified image, the Kickstart kernel crashes with the following error
 messages:
 
 Maybe you need to increase the memory allocated to ramdisk? by
 default I use ramdisk_size=16384 as a kernel parameter for booting
 the installer.

with ramdisk_size=16384 the error message is:

[...]
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
RAMDISK: Compressed image found at block 0
RAMDISK: incomplete write (-28 != 32768) 16777216
VFS: Cannot open root device NULL or unknown-block(253,3)
Please append a correct root= boot option
Kernel panic - not syncing: VFS: Unable to mount root fs on
unknown-block(253,3)


There is probably an exact way to determine a valid ramdisk_size, buth 
which? :-}


frank


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img

[Frank Thommen]

John Doe wrote:
 Frank Thommen wrote:
 [...]
  
 The new image is considerably bigger than the old one (12 MB vs. 5.7 MB) 
 which puzzles me, as the driver file itself is 2.8 MB (compared to the 
 old e1000e.ko with ca 170 KB) [...]
 
 Just wondering... can you safely strip modules like you would strip 
 executables?


Don't know. Admittedly I don't even know what stripping is...[reading in 
Wikipedia]...now having some half-knowledge...  

`strip e1000e.ko` results in a 148K file (compared to the 2.8MB 
original).  I'll try to put this one into the initrd.ing tomorrow.

Thanks

frank
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos