Re: [CentOS] NFSv4: Using fsid=0 but *not* exporting the root filesystem [solved]
On 3/29/19 12:56 PM, James Pearson wrote: Frank Thommen wrote: I would like to use the NFSv4 ability to create a "root" filesystem with fsid=0, so that I don't have to refer to the whole path of the exported filesystem when I mount it. However I do *not* want this root filesystem to be mountable by any host. Is that possible and how? E.g Filesystem: /exports/data1 /exports/data2 /exports/data3 /etc/exports: /exports *(ro,no_subtree_check,fsid=0) /exports/data1 host1(rw) /exports/data2 host1(rw) /exports/data3 host2(rw) host1 and host2 can mount fileserver:/ and access any of the dataN directories at least read-only. That is unwanted. I'd like /exports/data1 and /exports/data2 to be exclusively accessible by host1 and /exports/data3 by host2. But I'd still like to be able to mount e.f. as fileserver:/data1 instead of fileserver:/exports/data1. I've search around a lot and I have found the question several times, but no solution yet. It appears to work for me ... host1 will still see data3 under the mount point - but its contents will be empty - similarly, host2 will see data1 and data2 under the mount point, but their contents will be empty Or have I missed something ? James Pearson [better late then never...] You haven't missed anything and /we/ made a mistake: We hadn't realized, that "fsid" relates to "real" filesystems and not just directories. We had this /storage /exports none bind 0 0 in /etc/fstab, which made all individual shares (subdirectories of /storage) members of the same fsid and hence they had the same export settings applied. After changing the bind mounts to /storage/data1 /exports/data1 none bind 0 0 /storage/data2 /exports/data2 none bind 0 0 all exports now work as expected. Cheers frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] NFSv4: Using fsid=0 but *not* exporting the root filesystem
Hi, I would like to use the NFSv4 ability to create a "root" filesystem with fsid=0, so that I don't have to refer to the whole path of the exported filesystem when I mount it. However I do *not* want this root filesystem to be mountable by any host. Is that possible and how? E.g Filesystem: /exports/data1 /exports/data2 /exports/data3 /etc/exports: /exports *(ro,no_subtree_check,fsid=0) /exports/data1 host1(rw) /exports/data2 host1(rw) /exports/data3 host2(rw) host1 and host2 can mount fileserver:/ and access any of the dataN directories at least read-only. That is unwanted. I'd like /exports/data1 and /exports/data2 to be exclusively accessible by host1 and /exports/data3 by host2. But I'd still like to be able to mount e.f. as fileserver:/data1 instead of fileserver:/exports/data1. I've search around a lot and I have found the question several times, but no solution yet. Cheers frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Tools/mechanisms for the management of access permissions in big filebased datasets
Thank you. Basically our problem are not the ACLs or their support per se, but that we have to manage a huge number of individual ACLS (several hundred users in more than hundred projects) in multi-petabyte filesystem and still have to keep overview and control. Our problem is more the management side. Effectively we are looking for a tool that helps us manage these permissions and we would accept whatever permissions mechanism this tool uses (UGO/ACLs). Cheers frank On 11/27/2018 03:06 PM, Leroy Tennison wrote: Well, there are extended ACLs if they're available in CentOS, when I first worked with them (long ago) they were new (and on a different Distro). I hope support for them has improved. They allow multiple users/groups to be assigned permissions to a file/directory. The problem then was that chmod (and other programs) were not extended-ACL-aware and could over-ride extended ACLs. There was a mechanism to recover from the situation but what it basically came down to was eternal vigilance - the system administrators had to understand (and agree about) extended ACLs and be careful/diligent in applying them. There are hacks which could possibly help (rename chmod and replace it with a script warning about extended ACLs) but, in the final analysis, it's not a decision to be undertaken lightly (unless the situation has changed dramatically). Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Frank Thommen Sent: Tuesday, November 27, 2018 7:25 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] Tools/mechanisms for the management of access permissions in big filebased datasets Hello, we are currently managing access permissions through classical user-group-others permissions on a multi-petabyte directory tree with partially very deep and broad directories. Projects are represented by directory trees and mapped through GIDs. Lately we had lots of "singular" permission request (one single user needs access to a single dataset but should not be able to see all other datasets belonging to the same project). We realized, that the UGO model doesn't scale and is becoming more and more unmanageable. Can you recommend tools/mechanisms/technologies to overcome the drawbacks of the UGO model? We are thinking about some purely ACL based mechanism (but are open to other ideas). All filesystems in question are mounted via NFSv4 and the clients are (almost) completely CentOS 7.x hsots. Ideally the tool would have some web UI and some kind of (REST)API which allows us to modify permissions from our inhouse data management application (which does /not/ manage permissions, just the structure of the data). Additionally it should be able to visualize/report permissions in directory. I wasn't very successful in googling possible candidates, hence the question to the list. Cheers frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Tools/mechanisms for the management of access permissions in big filebased datasets
Hello, we are currently managing access permissions through classical user-group-others permissions on a multi-petabyte directory tree with partially very deep and broad directories. Projects are represented by directory trees and mapped through GIDs. Lately we had lots of "singular" permission request (one single user needs access to a single dataset but should not be able to see all other datasets belonging to the same project). We realized, that the UGO model doesn't scale and is becoming more and more unmanageable. Can you recommend tools/mechanisms/technologies to overcome the drawbacks of the UGO model? We are thinking about some purely ACL based mechanism (but are open to other ideas). All filesystems in question are mounted via NFSv4 and the clients are (almost) completely CentOS 7.x hsots. Ideally the tool would have some web UI and some kind of (REST)API which allows us to modify permissions from our inhouse data management application (which does /not/ manage permissions, just the structure of the data). Additionally it should be able to visualize/report permissions in directory. I wasn't very successful in googling possible candidates, hence the question to the list. Cheers frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PostgreSQL port accessible even though it should be blocked by firewall
On 31/10/18 18:32, Gordon Messmer wrote: On 10/30/18 8:31 AM, Frank Thommen wrote: I am still puzzled that it is possible to circumvent firewalld so easily. Basically it means, that firewalld is not to be trusted as soon as containers with port forwarding are running on a system. It's hard to see this as a security or trust problem. The root user can modify the firewall, which is provided by the kernel. firewalld is just a front-end. Adding rules to the kernel's firewall is not "circumventing" the management front-end. You do have to bear in mind that the firewall-cmd output reflects the *configuration* and not the *state*. When docker adds rules, it modifies the state, but not the configuration. I see that (=have learned that :-) now, but for me it means, that firewalld-cmd is not to be trusted (even though it is the recommended tool to manage the local firewall). I'll have to go back and try to understand confusing and hard-to-understand iptables output. :-( ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PostgreSQL port accessible even though it should be blocked by firewall
On 10/29/2018 08:43 PM, Keith Keller wrote: On 2018-10-29, Frank Thommen wrote: PostgreSQL is running in a docker container: $ docker ps CONTAINER IDIMAGE COMMAND CREATED STATUS PORTSNAMES 6f11fc41d2f0postgres "docker-entrypoint..." 4 days ago Up 4 days 0.0.0.0:5432->5432/tcp postgres $ The various docker interfaces and virtual bridges are not assigned to any specific zone. Why is port 5432/tcp open? It may be Docker manipulating the iptables rules. If you don't want it open at all, remove the port argument from the docker run command line (or moral equivalent) and recreate the container (make sure you have saved your data first, either with a volume mount or by dumping first). Unfortunately I can't control how users start their containers and I cannot force them not to forward ports. But I will see if I can prevent Docker from manipulating iptables as described in the very helpful link below. If you need something more complex, here's some docs on how Docker interacts with iptables, and how you can insert rules into its chains: https://docs.docker.com/network/iptables/ --keith frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PostgreSQL port accessible even though it should be blocked by firewall
On 10/29/2018 08:18 PM, Alexander Dalloz wrote: Am 29.10.2018 um 20:03 schrieb Frank Thommen: PostgreSQL is running in a docker container: $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6f11fc41d2f0 postgres "docker-entrypoint..." 4 days ago Up 4 days 0.0.0.0:5432->5432/tcp postgres $ The various docker interfaces and virtual bridges are not assigned to any specific zone. Why is port 5432/tcp open? You will see it if you check the netfilter rules with: iptables -L -n -v --line -t filter iptables -L -n -v --line -t nat In fact these rules forward port 5432 to docker: $ iptables -L -n -v --line -t filter | grep 5432 10 0 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:5432 $ iptables -L -n -v --line -t nat | grep 5432 10 0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:5432 20 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0tcp dpt:5432 to:172.17.0.2:5432 $ I am still puzzled that it is possible to circumvent firewalld so easily. Basically it means, that firewalld is not to be trusted as soon as containers with port forwarding are running on a system. frank frank Alexander ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] PostgreSQL port accessible even though it should be blocked by firewall
Hi, this puzzles me: On one of our developer workstations, all ports with the exception of SSH are closed: $ firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eno1 sources: services: ssh dhcpv6-client ports: 22/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: $ but still port 5432/tcp (PostgreSQL) is open: $ nmap -P0 devel-host Starting Nmap 6.40 ( http://nmap.org ) at 2018-10-29 19:46 CET Nmap scan report for devel-host (xxx.xxx.xxx.xxx) Host is up (0.94s latency). rDNS record for xxx.xxx.xxx.xxx: devel-host.our.domain Not shown: 998 filtered ports PORT STATE SERVICE 22/tcp open ssh 5432/tcp open postgresql Nmap done: 1 IP address (1 host up) scanned in 57.26 seconds $ PostgreSQL is running in a docker container: $ docker ps CONTAINER IDIMAGE COMMAND CREATED STATUS PORTSNAMES 6f11fc41d2f0postgres "docker-entrypoint..." 4 days ago Up 4 days 0.0.0.0:5432->5432/tcp postgres $ The various docker interfaces and virtual bridges are not assigned to any specific zone. Why is port 5432/tcp open? frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox and Thunderbird freeze/crash followed by "nfs4_reclaim_open_state: Lock reclaim failed!" syslog messages
I was afraid someone would say that :-). I am currently at 3.10.0-862.3.2 and downgrading to a 3.10.0-6xx kernel breaks some of the other packages. Is the mentioned bug documented somewhere? Cheers frank On 07/06/18 06:22, James Peltier wrote: There was a kernel bug that affected all NFSv4 traffic that we ran into and we had to downgrade the kernel to and older version (3.10.0-693.2.2.el7.x86_64) which seemed to help with our NFSv4 issues. We have not upgraded to a newer kernel to see if the issue has been resolved. *From:* CentOS on behalf of James Pearson *Sent:* June 6, 2018 2:49 PM *To:* CentOS mailing list; Frank Thommen *Subject:* Re: [CentOS] Firefox and Thunderbird freeze/crash followed by "nfs4_reclaim_open_state: Lock reclaim failed!" syslog messages Frank Thommen wrote: Hi, since I updated my workstation from CentOS 7.4 to 7.5, Firefox and Thunderbird (both 52.8.0, from CentOS repos) regularly freeze (or crash) and cannot be restarted afterwards.? Trying to start them results in a "Bus error (core dumped)" (Firefox) and "Killed" (Thunderbird).? The system log then shows: ? kernel: NFS: nfs4_reclaim_open_state: Lock reclaim failed! each time I try to start the applications (our homedirectories are mounted via NFS4).? As far as I can see, no other applications are affected.? The workstation needs to be rebooted to fix the situation. Has anyone else seen that or knows how to debug or fix this issue? I tried with strace and wireshark w/o finding anything helpful. I'm not sure what the el7 default for the Firefox 'storage.nfs_filesystem' pref is - but you could try setting it to 'true' to see if that makes a difference ? James Pearson ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox and Thunderbird freeze/crash followed by "nfs4_reclaim_open_state: Lock reclaim failed!" syslog messages
On 06/06/18 23:49, James Pearson wrote: Frank Thommen wrote: Hi, since I updated my workstation from CentOS 7.4 to 7.5, Firefox and Thunderbird (both 52.8.0, from CentOS repos) regularly freeze (or crash) and cannot be restarted afterwards. Trying to start them results in a "Bus error (core dumped)" (Firefox) and "Killed" (Thunderbird). The system log then shows: kernel: NFS: nfs4_reclaim_open_state: Lock reclaim failed! each time I try to start the applications (our homedirectories are mounted via NFS4). As far as I can see, no other applications are affected. The workstation needs to be rebooted to fix the situation. Has anyone else seen that or knows how to debug or fix this issue? I tried with strace and wireshark w/o finding anything helpful. I'm not sure what the el7 default for the Firefox 'storage.nfs_filesystem' pref is - but you could try setting it to 'true' to see if that makes a difference ? James Pearson I'll give that a try. Thanks for the hint. That's one of Firefox' problems: There doesn't seem to be a decent documentation for all the available configuration settings. Cheers frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Firefox and Thunderbird freeze/crash followed by "nfs4_reclaim_open_state: Lock reclaim failed!" syslog messages
Hi, since I updated my workstation from CentOS 7.4 to 7.5, Firefox and Thunderbird (both 52.8.0, from CentOS repos) regularly freeze (or crash) and cannot be restarted afterwards. Trying to start them results in a "Bus error (core dumped)" (Firefox) and "Killed" (Thunderbird). The system log then shows: kernel: NFS: nfs4_reclaim_open_state: Lock reclaim failed! each time I try to start the applications (our homedirectories are mounted via NFS4). As far as I can see, no other applications are affected. The workstation needs to be rebooted to fix the situation. Has anyone else seen that or knows how to debug or fix this issue? I tried with strace and wireshark w/o finding anything helpful. Cheers frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Various applications freeze regularly since CentOS 7.5 update
Hi, since we have upgraded to CentOS 7.5 (from CentOS 7.4), we experience frequent, but not reproducible, freezes of various applications: Thunderbird, Firefox, LibreOffice. Usually the application process keeps running with PPID 1 w/o being killable (not even with SIGKILL). Freezes of Thunderbird are usually followed by Firefox crashing a few minutes later. The only possible solution we found is a complete workstation reboot :-(. Other problems are that many Gnome extensions are not working any more and also cannot be installed from extensions.gnome.org any more and logging in via gdm (LDAP, homedirectories on NFS share) is considerably slower than with 7.4. I don't know if these issues are related, if they are symptoms of a more global problem and I am at a loss on how to debug them, as they appear from time to time but not not reproducibly.. Any hints or reports of own experiences are highly appreciated. Cheers frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to blacklist a device driver (sysemd)
On 11/15/2017 07:50 PM, Gordon Messmer wrote: On 11/15/2017 10:35 AM, Frank Thommen wrote: I tried with the files /etc/modprobe.d/blacklist /etc/modprobe.d/blacklist.conf and with entries blacklist mlx5_core blacklist mlx5_ib The "blacklist" entries prevent a module being loaded by its alias (typically a PCI ID), but not from being loaded if something explicitly loads it by module name. Most likely, those modules are included in your initrd. I'd suggest using the entries described above, and editing grub.conf to add arguments to the kernel command line: rd.driver.blacklist=mlx5_core rd.driver.blacklist=mlx5_ib ... then rebuilding your initrd using "dracut --force" Thanks for the hint. However as this should only be a temporary measure and needs to be done on ca. 100 hosts I'm not sure if we want to go through the hassles. Deploying a textfile is no problem, but creating new initrds for differing hardware frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] How to blacklist a device driver (sysemd)
Hi, how can a specific device driver in CentOS 7 be blacklisted, so that it doesn't load at boot time? We have Infiniband adapters which are not completely supported by CentOS and we want to silence the error messages for the time being. I tried with the files /etc/modprobe.d/blacklist /etc/modprobe.d/blacklist.conf and with entries mlx5_core mlx5_ib blacklist mlx5_core blacklist mlx5_ib install mlx5_core /dev/null install mlx5_ib /dev/null all found on different websites. None of these entries helps. mlx5_core and mlx5_ib are still loaded and the system is flooded with error messages. Cheers frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kickstart: dracut-initqueue fails due to unresolvable hostname even though network config looks perfectly ok
On 05/16/2017 12:25 AM, Darr247 wrote: On Mon, 15 May 2017 at 20:05 zulu, Frank Thommen wrote: lustre driver https://downloads.hpdd.intel.com/public/lustre/latest-feature-release/el7.3.1611/ We have a special appliance attached and get the lustre driver from the appliance vendor to ensure maximum compatibility and maintenance. So https://downloads.hpdd.intel.com/public/lustre/latest-feature-release/el7.3.1611/ unfortunately doesn't apply to us. An then there are still FPGA and Infiniband where the vendors of our hardware currently don't support CentOS 7.3 (yet). frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kickstart: dracut-initqueue fails due to unresolvable hostname even though network config looks perfectly ok
Hi On 15/05/17 19:30, Tru Huynh wrote: Hi, On Mon, May 15, 2017 at 03:04:03PM +0200, Frank Thommen wrote: This problem still bites us. I've tried to play around with DHCP settings (rd.net.timeout.dhcp, rd.net.dhcp.retry) to no avail. I'm happy about /any/ hint. 1) ip route seems ok, but what does your /etc/resolv.conf looks like? /etc/resolv.conf is 100% ok once I am in the dracut emergency shell and name resolution works fine. However I don't know how it looks at the time of the error message - that is during dracut-initqueue - and I have no idea how I could check that. 2) could you try with 7.3.1611, 7.2.1511 is no longer supported. Unfortunateyl not. Due to special hardware (Infiniband, FPGA) and special lustre drivers we are currently bound to this specific release. frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] How can kickstart be (re)started manually from the dracut emergency shell?
Hi, this is a side question to my other thread regarding dracut-initqueue network issues. Once I'm thrown into a dracut emergency shell (PXE booted system): How can I restart the kickstart installation process manually from there? Can I at all? Background is, that I'd like to add some debugging output to some of the dracut scripts and rerun the installation process to see why it fails. Thanks frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kickstart: dracut-initqueue fails due to unresolvable hostname even though network config looks perfectly ok
This problem still bites us. I've tried to play around with DHCP settings (rd.net.timeout.dhcp, rd.net.dhcp.retry) to no avail. I'm happy about /any/ hint. Cheers frank On 04/24/2017 11:57 PM, Frank Thommen wrote: Hi, kickstarting fails due to problems with host resolution, even though the network seems to be properly configured through DHCP. eno1 and eno2 are both attached to the network, but only eno1 gets an IP via DHCP. Still `curl` cannot resolve the mirror host and the kickstart host during dracut-initqueue: rdsosreport.txt [...] [ 14.780428] localhost kernel: IPv6: ADDRCONF(NETDEV_UP): eno1: link is not ready [ 19.977052] localhost kernel: tg3 :0b:00.0 eno1: Link is up at 1000 Mbps, full duplex [ 19.977118] localhost kernel: tg3 :0b:00.0 eno1: Flow control is off for TX and off for RX [ 19.978880] localhost kernel: tg3 :0b:00.0 eno1: EEE is disabled [ 19.980693] localhost kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eno1: link becomes ready [ 19.829468] localhost dracut-initqueue[992]: dhcp: PREINIT eno1 up [ 19.853734] localhost dhclient[1393]: DHCPDISCOVER on eno1 to 255.255.255.255 port 67 interval 6 (xid=0x4df19201) [ 26.030151] localhost dhclient[1393]: DHCPDISCOVER on eno1 to 255.255.255.255 port 67 interval 13 (xid=0x4df19201) [ 26.033472] localhost dhclient[1393]: DHCPREQUEST on eno1 to 255.255.255.255 port 67 (xid=0x4df19201) [ 26.033668] localhost dhclient[1393]: DHCPOFFER from 10.128.196.98 [ 26.038851] localhost dhclient[1393]: DHCPACK from 10.128.196.98 (xid=0x4df19201) [ 26.067534] localhost dracut-initqueue[992]: dhcp: BOND setting eno1 [ 28.082735] localhost dhclient[1393]: bound to 10.128.196.20 -- renewal in 21301 seconds. [ 28.456131] localhost kernel: tg3 :0b:00.1: irq 153 for MSI/MSI-X [ 28.456149] localhost kernel: tg3 :0b:00.1: irq 154 for MSI/MSI-X [ 28.456165] localhost kernel: tg3 :0b:00.1: irq 155 for MSI/MSI-X [ 28.456180] localhost kernel: tg3 :0b:00.1: irq 156 for MSI/MSI-X [ 28.456196] localhost kernel: tg3 :0b:00.1: irq 157 for MSI/MSI-X [ 28.570450] localhost kernel: IPv6: ADDRCONF(NETDEV_UP): eno2: link is not ready [ 34.024621] localhost kernel: tg3 :0b:00.1 eno2: Link is up at 1000 Mbps, full duplex [ 34.026347] localhost kernel: tg3 :0b:00.1 eno2: Flow control is off for TX and off for RX [ 34.028069] localhost kernel: tg3 :0b:00.1 eno2: EEE is disabled [ 34.029776] localhost kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eno2: link becomes ready [ 33.803606] localhost dracut-initqueue[992]: dhcp: PREINIT eno2 up [ 33.827664] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 255.255.255.255 port 67 interval 7 (xid=0x1e8bdc4b) [ 41.000199] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 255.255.255.255 port 67 interval 15 (xid=0x1e8bdc4b) [ 55.588353] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 255.255.255.255 port 67 interval 18 (xid=0x1e8bdc4b) [ 74.172423] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 255.255.255.255 port 67 interval 12 (xid=0x1e8bdc4b) [ 86.446514] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 255.255.255.255 port 67 interval 9 (xid=0x1e8bdc4b) [ 95.253443] localhost dhclient[1570]: No DHCPOFFERS received. [ 95.253648] localhost dhclient[1570]: No working leases in persistent database - sleeping. [ 95.282175] localhost dracut-initqueue[992]: dhcp: FAIL [ 95.353255] localhost dracut-initqueue[992]: RTNETLINK answers: File exists [ 102.502688] localhost dracut-initqueue[992]: Warning: can't find installer mainimage path in .treeinfo [ 102.517568] localhost dracut-initqueue[992]: % Total% Received % Xferd Average Speed TimeTime Time Current [ 102.525942] localhost dracut-initqueue[992]: Dload Upload Total SpentLeft Speed [ 102.534277] localhost dracut-initqueue[992]: 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: Transient problem: timeout Will retry in 1 seconds. 3 retries left. [ 103.527190] localhost dracut-initqueue[992]: 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: Transient problem: timeout Will retry in 2 seconds. 2 retries left. [ 105.533677] localhost dracut-initqueue[992]: 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: Transient problem: timeout Will retry in 4 seconds. 1 retries left. [ 109.542329] localhost dracut-initqueue[992]: 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: our.centos.mirror; Unknown error [ 109.551613] localhost dracut-initqueue[992]: Warning: Downloading 'http://our.centos.mirror/7.2.1511/os/x86_64/LiveOS/squashfs.img' failed! [ 109.615143] localhost dracut-initqueue[992]: % Total% Received % Xferd Average Speed TimeTime Time Current [ 109.624698] localhost dracut-initqueue[992]: Dload Upload Total SpentLeft Speed
[CentOS] Bonding mode balance-alb (6): How to control the assigned MAC address?
Hi, we are trying to switch our bonding modes from 1 (active-backup) to 6 (balance-alb). However it seems, that these bond devices are not always getting the MAC address from the same slave. Sometimes the device gets the MAC address of the first and sometimes of the second slave. Since only the MAC address of the first slave device is (can be) registered in DHCP, this breaks connectivity (about) every second time we boot the computer. Is there a way to control which MAC address is assigned to the bonding device w/o configuring it explicitely in the ifcfg file? Cheers frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] kickstart: dracut-initqueue fails due to unresolvable hostname even though network config looks perfectly ok
Hi, kickstarting fails due to problems with host resolution, even though the network seems to be properly configured through DHCP. eno1 and eno2 are both attached to the network, but only eno1 gets an IP via DHCP. Still `curl` cannot resolve the mirror host and the kickstart host during dracut-initqueue: rdsosreport.txt [...] [ 14.780428] localhost kernel: IPv6: ADDRCONF(NETDEV_UP): eno1: link is not ready [ 19.977052] localhost kernel: tg3 :0b:00.0 eno1: Link is up at 1000 Mbps, full duplex [ 19.977118] localhost kernel: tg3 :0b:00.0 eno1: Flow control is off for TX and off for RX [ 19.978880] localhost kernel: tg3 :0b:00.0 eno1: EEE is disabled [ 19.980693] localhost kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eno1: link becomes ready [ 19.829468] localhost dracut-initqueue[992]: dhcp: PREINIT eno1 up [ 19.853734] localhost dhclient[1393]: DHCPDISCOVER on eno1 to 255.255.255.255 port 67 interval 6 (xid=0x4df19201) [ 26.030151] localhost dhclient[1393]: DHCPDISCOVER on eno1 to 255.255.255.255 port 67 interval 13 (xid=0x4df19201) [ 26.033472] localhost dhclient[1393]: DHCPREQUEST on eno1 to 255.255.255.255 port 67 (xid=0x4df19201) [ 26.033668] localhost dhclient[1393]: DHCPOFFER from 10.128.196.98 [ 26.038851] localhost dhclient[1393]: DHCPACK from 10.128.196.98 (xid=0x4df19201) [ 26.067534] localhost dracut-initqueue[992]: dhcp: BOND setting eno1 [ 28.082735] localhost dhclient[1393]: bound to 10.128.196.20 -- renewal in 21301 seconds. [ 28.456131] localhost kernel: tg3 :0b:00.1: irq 153 for MSI/MSI-X [ 28.456149] localhost kernel: tg3 :0b:00.1: irq 154 for MSI/MSI-X [ 28.456165] localhost kernel: tg3 :0b:00.1: irq 155 for MSI/MSI-X [ 28.456180] localhost kernel: tg3 :0b:00.1: irq 156 for MSI/MSI-X [ 28.456196] localhost kernel: tg3 :0b:00.1: irq 157 for MSI/MSI-X [ 28.570450] localhost kernel: IPv6: ADDRCONF(NETDEV_UP): eno2: link is not ready [ 34.024621] localhost kernel: tg3 :0b:00.1 eno2: Link is up at 1000 Mbps, full duplex [ 34.026347] localhost kernel: tg3 :0b:00.1 eno2: Flow control is off for TX and off for RX [ 34.028069] localhost kernel: tg3 :0b:00.1 eno2: EEE is disabled [ 34.029776] localhost kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eno2: link becomes ready [ 33.803606] localhost dracut-initqueue[992]: dhcp: PREINIT eno2 up [ 33.827664] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 255.255.255.255 port 67 interval 7 (xid=0x1e8bdc4b) [ 41.000199] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 255.255.255.255 port 67 interval 15 (xid=0x1e8bdc4b) [ 55.588353] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 255.255.255.255 port 67 interval 18 (xid=0x1e8bdc4b) [ 74.172423] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 255.255.255.255 port 67 interval 12 (xid=0x1e8bdc4b) [ 86.446514] localhost dhclient[1570]: DHCPDISCOVER on eno2 to 255.255.255.255 port 67 interval 9 (xid=0x1e8bdc4b) [ 95.253443] localhost dhclient[1570]: No DHCPOFFERS received. [ 95.253648] localhost dhclient[1570]: No working leases in persistent database - sleeping. [ 95.282175] localhost dracut-initqueue[992]: dhcp: FAIL [ 95.353255] localhost dracut-initqueue[992]: RTNETLINK answers: File exists [ 102.502688] localhost dracut-initqueue[992]: Warning: can't find installer mainimage path in .treeinfo [ 102.517568] localhost dracut-initqueue[992]: % Total% Received % Xferd Average Speed TimeTime Time Current [ 102.525942] localhost dracut-initqueue[992]: Dload Upload Total SpentLeft Speed [ 102.534277] localhost dracut-initqueue[992]: 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: Transient problem: timeout Will retry in 1 seconds. 3 retries left. [ 103.527190] localhost dracut-initqueue[992]: 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: Transient problem: timeout Will retry in 2 seconds. 2 retries left. [ 105.533677] localhost dracut-initqueue[992]: 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: Transient problem: timeout Will retry in 4 seconds. 1 retries left. [ 109.542329] localhost dracut-initqueue[992]: 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: our.centos.mirror; Unknown error [ 109.551613] localhost dracut-initqueue[992]: Warning: Downloading 'http://our.centos.mirror/7.2.1511/os/x86_64/LiveOS/squashfs.img' failed! [ 109.615143] localhost dracut-initqueue[992]: % Total% Received % Xferd Average Speed TimeTime Time Current [ 109.624698] localhost dracut-initqueue[992]: Dload Upload Total SpentLeft Speed [ 109.625018] localhost dracut-initqueue[992]: 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: Transient problem: timeout Will retry
Re: [CentOS] How to PXE kickstart hosts with little memory (Error: "Warning: /dev/root does not exist")?
On 04/21/2017 10:25 PM, Gordon Messmer wrote: On 04/21/2017 12:49 PM, Frank Thommen wrote: It seems, that this is not related to local disk space - as I initally thought - but to too small memory. It only happens with VMs with little RAM (1024 MB). As soon as we raise the available memory to 2048 MB, kickstarting works fine. The RHEL 7 installation guide states, that the minimal memory requirement is 1 GB, so the network installation /should/ work. Yeah, I filed a bug report against the documentation some time ago. https://bugzilla.redhat.com/show_bug.cgi?id=1410948 ...though bugzilla is currently down. Is there a way to install such hosts w/o having to temporarily raise the available memory? None that I'm aware of, as of 7.3. If you have a 7.2 install tree, you can boot the older installer and then update the installed system. Seems easier to boost the memory, typically. I gave it a try with 7.2.1511 and that works fine as long as I have "ip=eth0:dhcp" in my PXE config. As soon as I expand it to "ip=eth0:dhcp ip=eno1:dhcp rd.neednet=1" (I do that to make sure kickstart works independently from the name of the network interface), kickstart enters into emergency mode w/o any error message after a lot of timeout warnings. However that's something we can work around. Thanks for the 7.2 hint. frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] How to PXE kickstart hosts with little memory (Error: "Warning: /dev/root does not exist")?
Hi, while kickstarting our virtual machines with PXE we often run into kickstart/anaconda failing with [...] [...] dracut-mount[xxx]: Warning: Can't mount root filesystem [...] dracut-mount[xxx]: Warning: /dev/root does not exist [...] dracut-mount[xxx]:/lib/dracut-lib.sh: line 1030: echo write error: No space left on device Starting Dracut Emergency Shell... Warning: /dev/root does not exist Generating "/run/initramfs/rsdosreport.txt" [...] It seems, that this is not related to local disk space - as I initally thought - but to too small memory. It only happens with VMs with little RAM (1024 MB). As soon as we raise the available memory to 2048 MB, kickstarting works fine. The RHEL 7 installation guide states, that the minimal memory requirement is 1 GB, so the network installation /should/ work. Is there a way to install such hosts w/o having to temporarily raise the available memory? Cheers frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anaconda/kickstart: bonding device not created as expected
Hi Tris, On 04/19/2017 06:07 PM, Tris Hoar wrote: On 18/04/2017 15:54, Frank Thommen wrote: Hi, I am currently struggling with the right way to configure a bonding device via kickstart (via PXE). I am installing servers which have "eno" network interfaces. Instead of the expected bonding device with two active slaves (bonding mode is balance-alb), I get a bonding device with only one active slave and an independent, non-bonded network device. Also the bonding device gets its MAC address from the second instead of from the first device. [...] The used PXE configuration is LABEL CentOS-7 kernel centos-7/vmlinuz append initrd=centos-7/initrd.img ip=dhcp nameserver=xx.xx.xx.xx ksdevice=eno1 inst.repo=http://our.mirror.server/7/os/x86_64 inst.ks.sendmac inst.ks=http://our.kickstart.server/ks.cgi and the network settings in the kickstart file are network --device bond0 --bondslaves=eno1,eno2 --bondopts=mode=balance-alb --bootproto=dhcp --hostname=myhost --activate [...] Hi Frank, This is from my satellite kickstart where I'm building the bond at the point of PXE booting, and using static (I'm working on doing this with DHCP and tagged VLANs but currently cant get to the hardware needed since messing up the BMC config :( ) LABEL linux KERNEL boot/RedHat-7.3-x86_64-vmlinuz APPEND initrd=boot/RedHat-7.3-x86_64-initrd.img ks=http://example.com/host.ks ks.device=bootif network ks.sendmac bond=bond0:eno1,eno2:mode=802.3ad vlan=bond0.10:bond0 ip=10.10.0.2::10.10.0.1:255.255.255.0:host.example.com:bond0.10:none nameserver=10.10.0.1 Then in the KS we have network --bootproto=static --device=link --gateway=10.10.0.1 --hostname=host.example.com --ip=10.10.0.2 --nameserver=10.10.0.1,10.11.0.1 --netmask=255.255.255.0 It should be fairly simple to convert that to use DHCP as you just need to change the IP line in the kernel parameters and ensure you have --device=link in the kickstart. BTW cat /proc/net/bonding/bond0 shows more info on how the bond is actually setup and working. Finally the issue was a simple and stupid syntax error in the ks config. I had omitted the equal sign between "--device" and "bond0": network --device=bond0 --bondslaves=eno1,eno2 --bondopts=mode=balance-alb --bootproto=dhcp --hostname=myhost --activate works much better :-). Since the PXE config is global for all hosts (being configured with or without bonding device), I cannot use bonding definitions at that point. However the idea of using --device=link is interesting and I might use it in an other context in the future. Thanks a lot frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] anaconda/kickstart: bonding device not created as expected
Hi, I am currently struggling with the right way to configure a bonding device via kickstart (via PXE). I am installing servers which have "eno" network interfaces. Instead of the expected bonding device with two active slaves (bonding mode is balance-alb), I get a bonding device with only one active slave and an independent, non-bonded network device. Also the bonding device gets its MAC address from the second instead of from the first device. I appreciate any hint (or rtfm with the name of the correct fm ;-) on how to achieve the desired setup through kickstart. Please find the used PXE and kickstart settings and resulting network configuration below. I did this with CentOS 7.2.1511. We cannot go further due to Infiniband and lustre drivers which are currently only supported for this CentOS 7.x version Cheers frank -- The used PXE configuration is LABEL CentOS-7 kernel centos-7/vmlinuz append initrd=centos-7/initrd.img ip=dhcp nameserver=xx.xx.xx.xx ksdevice=eno1 inst.repo=http://our.mirror.server/7/os/x86_64 inst.ks.sendmac inst.ks=http://our.kickstart.server/ks.cgi and the network settings in the kickstart file are network --device bond0 --bondslaves=eno1,eno2 --bondopts=mode=balance-alb --bootproto=dhcp --hostname=myhost --activate I would have expected to get a bonding device with eno1 and eno2 as slave devices, the bonding device inheriting the MAC address from eno1 (otherwise DHCP won't work). Instead the result is a bonding device with eno2 as - sole - slave device and eno1 as a single active device with the main IP address of the host: bond0: flags=5187mtu 1500 inet6 fe80::42f2:e9ff:fec7:b5f1 prefixlen 64 scopeid 0x20 ether 40:f2:e9:c7:b5:f1 txqueuelen 0 (Ethernet) RX packets 29 bytes 5274 (5.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 39 bytes 3486 (3.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno1: flags=4163 mtu 1500 inet xx.xx.xx.xx netmask 255.255.255.0 broadcast xx.xx.xx.xx inet6 fe80::42f2:e9ff:fec7:b5f0 prefixlen 64 scopeid 0x20 ether 40:f2:e9:c7:b5:f0 txqueuelen 1000 (Ethernet) RX packets 4303 bytes 798163 (779.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1686 bytes 481585 (470.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 16 eno2: flags=6211 mtu 1500 ether 40:f2:e9:c7:b5:f1 txqueuelen 1000 (Ethernet) RX packets 29 bytes 5274 (5.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 39 bytes 3486 (3.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 17 The ifcfg-files look basically ok, but there are two for the eno1 device. ifcfg of the bonding device: $ cat ifcfg-bond0 # Generated by parse-kickstart IPV6INIT="yes" DHCP_HOSTNAME="myhost" NAME="Bond connection bond0" BONDING_MASTER="yes" BOOTPROTO="dhcp" BONDING_OPTS="mode=balance-alb" DEVICE="bond0" TYPE="Bond" ONBOOT="yes" UUID="35910614-4a7c-43c9-8e44-dcf44b783358" $ ifcfg of the two slave devices $ cat ifcfg-bond0_slave_1 # Generated by parse-kickstart NAME="bond0 slave 1" MASTER="35910614-4a7c-43c9-8e44-dcf44b783358" HWADDR="40:f2:e9:c7:b5:f0" TYPE="Ethernet" ONBOOT="yes" UUID="f3a0a007-861c-42b6-8264-6efba62232ce" $ $ cat ifcfg-bond0_slave_2 # Generated by parse-kickstart NAME="bond0 slave 2" MASTER="35910614-4a7c-43c9-8e44-dcf44b783358" HWADDR="40:f2:e9:c7:b5:f1" TYPE="Ethernet" ONBOOT="yes" UUID="ee3f7c84-d4cb-412e-887d-6b1c753eb913" $ ifcfg of eno1 (which physically has the MAC address 40:f2:e9:c7:b5:f0, which is the same as ifcfg-bond0_slave_1 $ cat ifcfg-eno1 # Generated by dracut initrd NAME="eno1" DEVICE="eno1" ONBOOT=yes NETBOOT=yes UUID="d20645a0-8093-45f3-9630-d0249f76726b" IPV6INIT=yes BOOTPROTO=dhcp TYPE=Ethernet DNS1="192.55.188.177" $ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mounting NFS subdirectories individually or just the parent?
On the server side, the export is defined for /export/base, not for /export/base/x. But I see the points. It seems, that we should probably revisit our export/mount setup :-) frank On 07/28/2016 12:40 AM, Sean Brisbane wrote: There is a slight performance related reason for exporting disk partitions individually, the performance boost is server-side as Paul says. The advantage is that the no_subtree_check can be used without any additional security risk. It is probably the case that the /export/base/a is a partition, is exported with no_subtree_check, and therefore there is a small performance boost. Preventing server side mount point traversal can also form part of a security mechanism if servers have different security options for different mount points, but in this case mounting server:/export/base wouldn't give you the same client view of the filesystem tree as mounting each individually if it worked at all. Cheers, Sean On 27 July 2016 at 23:21, Paul Heinlein <heinl...@madboa.com> wrote: On Wed, 27 Jul 2016, Frank Thommen wrote: Hello, does it in any respect (throughput/performance, cpu load, I/O load, resilience, ...) matter, if one mounts subdirectories of an NFS (v3) export into separate directories or if one just mounts the parent directory? I.e. like this: server: /export/base/a -> /mnt/a server: /export/base/b -> /mnt/b server: /export/base/c -> /mnt/c server: /export/base/d -> /mnt/d server: /export/base/e -> /mnt/e or simply like this: server:/export/base -> /mnt Performance wise, any bottleneck will almost certainly be tied to the disks on the back end, not the nfs process itself. There are a couple good reasons for splitting up the mounts: 1. They can have different export restrictions (e.g., for different client hosts, ro vs. rw permissions, user squashing). 2. /base/[a-e] live on different RAID arrays and might benefit from different management cycles; that'd also be a case where multiple exports might be a good idea. That said, I've never managed an exported filesystem consisting of different arrays; we've always exported at the RAID level or below. -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mounting NFS subdirectories individually or just the parent?
On 07/28/2016 12:21 AM, Paul Heinlein wrote: On Wed, 27 Jul 2016, Frank Thommen wrote: Hello, does it in any respect (throughput/performance, cpu load, I/O load, resilience, ...) matter, if one mounts subdirectories of an NFS (v3) export into separate directories or if one just mounts the parent directory? I.e. like this: server: /export/base/a -> /mnt/a server: /export/base/b -> /mnt/b server: /export/base/c -> /mnt/c server: /export/base/d -> /mnt/d server: /export/base/e -> /mnt/e or simply like this: server:/export/base -> /mnt Performance wise, any bottleneck will almost certainly be tied to the disks on the back end, not the nfs process itself. There are a couple good reasons for splitting up the mounts: 1. They can have different export restrictions (e.g., for different client hosts, ro vs. rw permissions, user squashing). I'm not sure you can define individual restrictions for subdirectories of exported filesystems? In our case export permissions are set for "server:/export/base". 2. /base/[a-e] live on different RAID arrays and might benefit from different management cycles; that'd also be a case where multiple exports might be a good idea. That said, I've never managed an exported filesystem consisting of different arrays; we've always exported at the RAID level or below. Agreed, but this is not the case in our situation. frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Mounting NFS subdirectories individually or just the parent?
Hello, does it in any respect (throughput/performance, cpu load, I/O load, resilience, ...) matter, if one mounts subdirectories of an NFS (v3) export into separate directories or if one just mounts the parent directory? I.e. like this: server:/export/base/a -> /mnt/a server:/export/base/b -> /mnt/b server:/export/base/c -> /mnt/c server:/export/base/d -> /mnt/d server:/export/base/e -> /mnt/e or simply like this: server:/export/base -> /mnt I would guess, that it doesn matter at all, but at $work the standard setup on all cluster nodes is, to mount >20 subdirectories from the NFS server individually and the justification is, that is more performant and reliable. Can this be confirmed (or denied)? I couldn't find this method of "NFS performance tuning" mentioned anywhere and from a management perspective the sheer amount of mounted filesystems makes the list confusing and harder to troubleshoot. Any thoughts? Regards frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] TB Top/Bottom posting (was: Re: google chrome future / centos 7)
On 17.12.15 22:19, m.r...@5-cent.us wrote: Alice Wonder wrote: Oh and sorry for the top posting, is there a way in Thunderbird for CentOS to change that default? That's odd, Alice - my t-bird at work, and at home, both set me for bottom posting. Even in the config editor, I don't seen anything that looks like that setting to top post. mark per account: Account Settings -> Composition & Addressing -> "Automatically quote the original message when replying, Then, " -> start my reply above the quote | start my reply below the quote | select the quote HTH f. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync and differential Backups
Ciao Alessandro, On 11/09/2015 05:01 PM, Alessandro Baggi wrote: Hi list, how to perform a differential backup using rsync? On web there is a great confusion about diff backup concept when searched with rsync. Users says diff because it copy only differences. For me differential is backup from last full backup. Which is basically the same...if you always use your last full backup as "base" directory. Use rsyn's --link-dest option to achieve this. Nice thing: Unchanged files will just be hardlinked to the original files and won't use additional disk space, but still each dataset is a coopmlete backup. There is no need to combine several incremental or differential backups to restore a certain state. Mike Rubel's page has already been mentioned. On http://www.drosera.ch/frank/computer/rsync.html I describe an alternate mechanism (using above mentioned --link-dest and an rsync-server) which overcomes some of the - imho - shortcomings of Mike's setup. And: rsync is a fan-tas-tic backup tool ;-) HTH Frank ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] ldapsearch w. SSL refuses to connect to server with openssl 1.0.1 (worked with openssl 1.0.0)
Hi, ldapsearch with an ldaps-URL stopped working recently, probably with the update from openssl 1.0.0 to openssl 1.0.1. On a server with up-to-date packages (openssl-1.0.1e-16.el6_5.x86_64, openldap-clients-2.4.23-32.el6_4.1.x86_64) I get the following errors when issuing an ldapsearch (some parts anonymized): [bad]# ldapsearch -H ldaps://ldap.domain.org:6636/ -D binddn -x -W -b searchbase -d1 -s sub -v uid=ME ldap_url_parse_ext(ldaps://ldap.domain.org:6636/) ldap_initialize( ldaps://ldap.domain.org:6636/??base ) ldap_create ldap_url_parse_ext(ldaps://ldap.domain.org:6636/??base) Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap.domain.org:6636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 12.34.56.78:6636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: certdb config: configDir='/etc/openldap/cacerts' tokenDescription='ldap(0)' certPrefix='' keyPrefix='' flags=readOnly TLS: cannot open certdb '/etc/openldap/cacerts', error -8018:Unknown PKCS #11 error. TLS: error: connect - force handshake failure: errno 0 - moznss error -12226 TLS: can't connect: TLS error -12226:SSL peer rejected a handshake message for unacceptable content.. ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) [bad]# while on a system with slightly older OpenSSL package (openssl-1.0.0-27.el6_4.2.x86_64, same openldap-clients package version), I get the following error: [good]# ldapsearch -H ldaps://ldap.domain.org:6636/ -D binddn -x -W -b searchbase -d1 -s sub -v uid=me ldap_url_parse_ext(ldaps://ldap.domain.org:6636/) ldap_initialize( ldaps://ldap.domain.org:6636/??base ) ldap_create ldap_url_parse_ext(ldaps://ldap.domain.org:6636/??base) Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap.domain.org:6636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 12.34.56.78:6636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: certdb config: configDir='/etc/openldap' tokenDescription='ldap(0)' certPrefix='cacerts' keyPrefix='cacerts' flags=readOnly TLS: cannot open certdb '/etc/openldap', error -8018:Unknown PKCS #11 error. TLS: could not get info about the CA certificate directory /etc/openldap/cacerts - error -5950:File not found. TLS: certificate [CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user.. TLS: error: connect - force handshake failure: errno 2 - moznss error -8172 TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.. ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) [good]# It /does/ see the certificate, even though it has a problem with it. Since I know the LDAP server is trustable - despite the certificate issue -, I can work around it with TLS_REQCERT never in /etc/openldap/ldap.conf or by prefixing the ldapsearch line with LDAPTLS_REQCERT=never: [good]# LDAPTLS_REQCERT=never ldapsearch -H ldaps://ldap.domain.org:6636/ -D binddn -x -W -b searchbase -d1 -s sub -v uid=me ldap_url_parse_ext(ldaps://ldap.domain.org:6636/) ldap_initialize( ldaps://ldap.domain.org:6636/??base ) ldap_create ldap_url_parse_ext(ldaps://ldap.domain.org:6636/??base) Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap.domain.org:6636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 12.34.56.78:6636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: certdb config: configDir='/etc/openldap' tokenDescription='ldap(0)' certPrefix='cacerts' keyPrefix='cacerts' flags=readOnly TLS: cannot open certdb '/etc/openldap', error -8018:Unknown PKCS #11 error. TLS: could not get info about the CA certificate directory /etc/openldap/cacerts - error -5950:File not found. TLS: certificate [CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user.. TLS certificate verification: subject: CN=ldap.domain.org,OU=Domain Control Validated,C=DE, issuer: CN=GlobalSign Domain Validation CA - G2,O=GlobalSign nv-sa,C=BE, cipher: AES-256, security level: high, secret key bits: 256, total key bits: 256, cache hits: 0, cache misses: 0, cache not reusable: 0 [... ldapsearch results here ...] [good]# If I do the same on the system with OpenSSL 1.0.1e, I get the same error as w/o this setting. It could be a problem with the OpenSSL 1.0.1 package - hopefully not - or just a configuration issue. I just have no idea which one. Any pointer is highly appreciated. Cheers frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ldapsearch w. SSL refuses to connect to server with openssl 1.0.1 (worked with openssl 1.0.0)
On 17.12.13 20:42, m.r...@5-cent.us wrote: Frank Thommen wrote: Hi, ldapsearch with an ldaps-URL stopped working recently, probably with the update from openssl 1.0.0 to openssl 1.0.1. snip Question #0: is selinux enforcing? SELinux is disabled. frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Xorg fills up /var/log/Xorg.0.log with AUDIT messages (up to system crash) [solved]
Problem solved: A user had configured his preferred browser to be Thunderbird(!). As soon as he clicked on a link in an email, he ended in an endless loop with TB trying to open the link with the preferred browser (aka itself) again and again. This resulted in 40 MB audit loglines/hour in /var/log/Xorg.0.log. Cheers frank On 03.10.13 17:15, Frank Thommen wrote: Hi, on a CentOS 6.4-workstation we have the problem, that Xorg fills up /var/log/Xorg.0.log with AUDIT messages faster than one can read. Within four hours the logfile grew to 160 MB and usually within 1-2 days applications and sometimes the OS crash because /var becomes full. Here a small extract of /var/log/Xorg.0.log: [...] [ 24272.458] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.487] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24951 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.490] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.500] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 disconnected [ 24272.516] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24948 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.516] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 connected from local host ( uid=9435 gid=577 pid=24952 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.521] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.549] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24957 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.552] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.564] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 disconnected [ 24272.575] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24954 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.577] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 connected from local host ( uid=9435 gid=577 pid=24958 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.585] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.612] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24963 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.616] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.628] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 disconnected [ 24272.630] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24960 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.633] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 connected from local host ( uid=9435 gid=577 pid=24964 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.644] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.673] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24969 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.679] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.691] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 disconnected [ 24272.692] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24966 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.697] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 connected from local host ( uid=9435 gid=577 pid=24970 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.711] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [...] The client numbers are just a small repeating set, but trying to find the associated processes through the pids fails, because when the logfile entry is written, the processes are already gone. For sure these messages are associated with something the user(s) do, because as soon as nobody is logged in, these messages stop. We have lots of CentOS 6 machines, but this is the only one with such an issue, even though there are more or less the same applications running on all machines. Xorg is running with the following options (CentOS 6 default settings): /usr/bin/Xorg :0 -nr -verbose -audit 4 -auth /var/run/gdm/auth-for-gdm-jQ4DVP/database -nolisten tcp vt1 Questions: * How can one find out which processes are responsible for these audit messages? * How can I stop auditing completely? With CentOS 5 Xorg ran with audit 0 and I was unable to find the place where the audit level is set. * (more generally) What's auditing good/used for anyway? Any hint is appreciated. Cheers frank [cross-posted on lopsa-tech maillist] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Frank Thommen - Structures IT Management and Support - EMBL Heidelberg frank.thom
[CentOS] Xorg fills up /var/log/Xorg.0.log with AUDIT messages (up to system crash)
Hi, on a CentOS 6.4-workstation we have the problem, that Xorg fills up /var/log/Xorg.0.log with AUDIT messages faster than one can read. Within four hours the logfile grew to 160 MB and usually within 1-2 days applications and sometimes the OS crash because /var becomes full. Here a small extract of /var/log/Xorg.0.log: [...] [ 24272.458] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.487] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24951 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.490] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.500] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 disconnected [ 24272.516] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24948 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.516] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 connected from local host ( uid=9435 gid=577 pid=24952 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.521] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.549] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24957 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.552] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.564] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 disconnected [ 24272.575] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24954 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.577] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 connected from local host ( uid=9435 gid=577 pid=24958 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.585] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.612] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24963 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.616] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.628] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 disconnected [ 24272.630] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24960 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.633] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 connected from local host ( uid=9435 gid=577 pid=24964 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.644] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.673] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24969 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.679] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.691] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 disconnected [ 24272.692] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24966 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.697] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 connected from local host ( uid=9435 gid=577 pid=24970 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.711] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [...] The client numbers are just a small repeating set, but trying to find the associated processes through the pids fails, because when the logfile entry is written, the processes are already gone. For sure these messages are associated with something the user(s) do, because as soon as nobody is logged in, these messages stop. We have lots of CentOS 6 machines, but this is the only one with such an issue, even though there are more or less the same applications running on all machines. Xorg is running with the following options (CentOS 6 default settings): /usr/bin/Xorg :0 -nr -verbose -audit 4 -auth /var/run/gdm/auth-for-gdm-jQ4DVP/database -nolisten tcp vt1 Questions: * How can one find out which processes are responsible for these audit messages? * How can I stop auditing completely? With CentOS 5 Xorg ran with audit 0 and I was unable to find the place where the audit level is set. * (more generally) What's auditing good/used for anyway? Any hint is appreciated. Cheers frank [cross-posted on lopsa-tech maillist] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.5 latest revisions seem really slow
Mark wrote: I recently updated to OpenOffice 3.2 and I noticed that it, and the latest Evolution, seem to be incredibly slow for some operations. E.g., in OO, about half the time when I'm editing something, it takes anywhere from 10-30 seconds for OO to respond to a click on one of the icons or menu items, and Evo is taking forever to format messages. During these times the gnome-system-monitor icon on my panel is showing almost no activity, and if I expand it to the full window, it shows the same. Is anyone else seeing this? I'm running the x86_64 release on an Athlon II X4, 2.6GHz with 4GB of memory and lots of available space in memory and on disk. Thanks in advance. Mark I'm experiencing similar problems on a DELL Optiplex 740 with the same CPU (AMD Athlon 64 X2 Dual Core Processor 5000+ @ 2.60 GHz, 4 GB RAM, 80 GB Hitachi Deskstar 7K80 HD). But in my case the slowness is not restricted to OO, but the whole systems is slowed down. Even simple actions (e.g. starting a Gnome Console) bring the load up to over 2. Right after booting, the load is usually over 2, sometimes even up to 4. The slowness can literally be seen during the boot process. The problem occurs since kernel 2.6.18-194.el5. I measured the boot times (from GRUB to gdmgreeter, booted with 'noapic'): kernel 2.6.18-164.el5 103', load after boot: 0.5 kernel 2.6.18-194.el5 335', load after boot: 2.5 kernel 2.6.18-194.3.1.el5 330', load after boot: 2.3 kernel 2.6.18-194.8.1.el5 335', load after boot: 1.9 When shutting down from kernel 2.6.18-194.x, I often (around 7 of 10 times) get the following error on the console: --- [...] Shutting down hidd: [ OK ] [ OK ] Bluetooth services:[ OK ] Shutting down interface eth0: BUG: soft lockup - CPU#1 stuck for 10s! [ip:3539] CPU 1: Modules linked in: autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc ip_conntrack _netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink iptable_filter ip_tables ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables x_tables ipv6 xfrm_nalgo crypto _api cpufreq_ondemand powernow_k8 freq_table dm_multipath scsi_dh video backligh t sbs power_meter i2c_ec dell_wmi wmi button battery asus_acpi acpi_memhotplug a c lp sr_mod cdrom snd_hda_intel sg snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_allo c snd_hwdep parport_pc tg3 k8_edac snd parport i2c_nforce2 floppy k8temp shpchp i2c_core edac_mc hwmon pcspkr soundcore dm_raid45 dm_message dm_region_hash dm_m em_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod sata_nv libata sd_mod scsi_ mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd Pid: 3539, comm: ip Not tainted 2.6.18-194.8.1.el5 #1 RIP: 0010:[8000c9f6] [8000c9f6] __delay+0x8/0x10 RSP: 0018:810125741c60 EFLAGS: 0297 RAX: 539a8625 RBX: 1388 RCX: 52518896 RDX: 012b RSI: c206044c RDI: 0291ae58 RBP: 393a7993 R08: 0002 R09: 810125741d1c R10: 0018 R11: 05e10300 R12: 0002 R13: 810125741d1c R14: 004c R15: 80225929 FS: 2b3ee841a800() GS:81010438d7c0() knlGS: CS: 0010 DS: ES: CR0: 8005003b CR2: 00365a6cc640 CR3: 000122af CR4: 06e0 Call Trace: [882444e7] :tg3:tg3_readphy+0x77/0xdf [88246d90] :tg3:tg3_setup_copper_phy+0x86a/0xb35 [88247d62] :tg3:tg3_setup_phy+0xd07/0xe39 [80158813] pci_bus_read_config_word+0x71/0x83 [80158647] pci_bus_write_config_dword+0x5f/0x6e [88248080] :tg3:tg3_set_power_state+0x1ec/0x96e [88252c34] :tg3:tg3_close+0x103/0x113 [8022f4ea] dev_close+0x53/0x72 [8022e609] dev_change_flags+0x5a/0x119 [80262fd8] devinet_ioctl+0x235/0x59c [80225d4f] sock_ioctl+0x1c1/0x1e5 [8004206a] do_ioctl+0x21/0x6b [800300ca] vfs_ioctl+0x457/0x4b9 [800b7605] audit_syscall_entry+0x180/0x1b3 [8004c549] sys_ioctl+0x59/0x78 [8005d28d] tracesys+0xd5/0xe0 [ OK ] Shutting down loopback interface: [ OK ] [...] --- The complete console of the boot process can be seen on http://pastebin.de/8808, the console output of the shutdown/reboot process is on http://pastebin.de/8809. Bootcharts of the two boot processes can be seen on http://www.drosera.ch/kernelproblem/. Memtest has been run w/o result. Is there a way to narrow down the problem before posting a bug report? Cheers frank -- Frank Thommen - Structures IT Management and Support - EMBL Heidelberg frank.thom...@embl-heidelberg.de - +49 6221 387 8353 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.5 latest revisions seem really slow
James Pearson wrote: Frank Thommen wrote: I'm experiencing similar problems on a DELL Optiplex 740 with the same CPU (AMD Athlon 64 X2 Dual Core Processor 5000+ @ 2.60 GHz, 4 GB RAM, 80 GB Hitachi Deskstar 7K80 HD). But in my case the slowness is not restricted to OO, but the whole systems is slowed down. Even simple actions (e.g. starting a Gnome Console) bring the load up to over 2. Right after booting, the load is usually over 2, sometimes even up to 4. Can you post the output of lspci and lsmod ? sorry, forgot to copy-paste these in my original post: [r...@shelley ~]# uname -a Linux shelley 2.6.18-194.8.1.el5 #1 SMP Thu Jul 1 19:04:48 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux [r...@shelley ~]# lspci 00:00.0 RAM memory: nVidia Corporation C51 Host Bridge (rev a2) 00:00.1 RAM memory: nVidia Corporation C51 Memory Controller 0 (rev a2) 00:00.2 RAM memory: nVidia Corporation C51 Memory Controller 1 (rev a2) 00:00.3 RAM memory: nVidia Corporation C51 Memory Controller 5 (rev a2) 00:00.4 RAM memory: nVidia Corporation C51 Memory Controller 4 (rev a2) 00:00.5 RAM memory: nVidia Corporation C51 Host Bridge (rev a2) 00:00.6 RAM memory: nVidia Corporation C51 Memory Controller 3 (rev a2) 00:00.7 RAM memory: nVidia Corporation C51 Memory Controller 2 (rev a2) 00:02.0 PCI bridge: nVidia Corporation C51 PCI Express Bridge (rev a1) 00:03.0 PCI bridge: nVidia Corporation C51 PCI Express Bridge (rev a1) 00:04.0 PCI bridge: nVidia Corporation C51 PCI Express Bridge (rev a1) 00:09.0 RAM memory: nVidia Corporation MCP51 Host Bridge (rev a2) 00:0a.0 ISA bridge: nVidia Corporation MCP51 LPC Bridge (rev a3) 00:0a.1 SMBus: nVidia Corporation MCP51 SMBus (rev a3) 00:0a.2 RAM memory: nVidia Corporation MCP51 Memory Controller 0 (rev a3) 00:0b.0 USB Controller: nVidia Corporation MCP51 USB Controller (rev a3) 00:0b.1 USB Controller: nVidia Corporation MCP51 USB Controller (rev a3) 00:0e.0 IDE interface: nVidia Corporation MCP51 Serial ATA Controller (rev a1) 00:0f.0 IDE interface: nVidia Corporation MCP51 Serial ATA Controller (rev a1) 00:10.0 PCI bridge: nVidia Corporation MCP51 PCI Bridge (rev a2) 00:10.1 Audio device: nVidia Corporation MCP51 High Definition Audio (rev a2) 00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTransport Technology Configuration 00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map 00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller 00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control 02:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5754 Gigabit Ethernet PCI Express (rev 02) 03:00.0 VGA compatible controller: nVidia Corporation NV43GL [Quadro FX 550] (rev a2) [r...@shelley ~]# lsmod Module Size Used by autofs463049 11 hidp 83521 2 rfcomm104681 0 l2cap 89281 10 hidp,rfcomm bluetooth 118853 5 hidp,rfcomm,l2cap lockd 101553 0 sunrpc199945 2 lockd ip_conntrack_netbios_ns36033 0 ipt_REJECT 38977 1 xt_state 35265 2 ip_conntrack 91621 2 ip_conntrack_netbios_ns,xt_state nfnetlink 40457 1 ip_conntrack iptable_filter 36161 1 ip_tables 55201 1 iptable_filter ip6t_REJECT38849 1 xt_tcpudp 36289 10 ip6table_filter36033 1 ip6_tables 50049 1 ip6table_filter x_tables 50505 6 ipt_REJECT,xt_state,ip_tables,ip6t_REJECT,xt_tcpudp,ip6_tables ipv6 435489 23 ip6t_REJECT xfrm_nalgo 4 1 ipv6 crypto_api 42945 1 xfrm_nalgo cpufreq_ondemand 42449 1 powernow_k856025 1 freq_table 38977 2 cpufreq_ondemand,powernow_k8 dm_multipath 56921 0 scsi_dh42177 1 dm_multipath video 53197 0 backlight 39873 1 video sbs49921 0 power_meter47053 0 i2c_ec 38593 1 sbs dell_wmi 37601 0 wmi41985 1 dell_wmi button 40545 0 battery43849 0 asus_acpi 50917 0 acpi_memhotplug40516 0 ac 38729 0 lp 47121 0 joydev 43969 0 snd_hda_intel 639265 0 snd_seq_dummy 37061 0 snd_seq_oss65473 0 snd_seq_midi_event 41025 1 snd_seq_oss snd_seq8 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event snd_seq_device 41557 3 snd_seq_dummy,snd_seq_oss,snd_seq snd_pcm_oss77377 0 snd_mixer_oss 49985 1 snd_pcm_oss snd_pcm 116681 2 snd_hda_intel,snd_pcm_oss snd_timer 57161 2 snd_seq,snd_pcm snd_page_alloc 44113 2 snd_hda_intel,snd_pcm sr_mod 50789 0
Re: [CentOS] CentOS 5.5 latest revisions seem really slow
James Pearson wrote: Frank Thommen wrote: Can you post the output of lspci and lsmod ? sorry, forgot to copy-paste these in my original post: [r...@shelley ~]# lspci ... 00:10.1 Audio device: nVidia Corporation MCP51 High Definition Audio (rev a2) [r...@shelley ~]# lsmod ... snd_hda_intel 639265 0 Could this be related to BZ #586532 https://bugzilla.redhat.com/show_bug.cgi?id=586532 ??? Yes it is. Same symptoms and the fix proposed there resolved the problem: Add the option enable_msi=0 to the snd-hda-intel line in /etc/modprobe.conf: options snd-hda-intel [your other options] enable_msi=0 Thanks for the hint. frank -- Frank Thommen - Structures IT Management and Support - EMBL Heidelberg frank.thom...@embl-heidelberg.de - +49 6221 387 8353 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.5 latest revisions seem really slow
Mark wrote: On Thu, Aug 5, 2010 at 7:35 AM, James Pearson jame...@moving-picture.com wrote: Frank Thommen wrote: Can you post the output of lspci and lsmod ? sorry, forgot to copy-paste these in my original post: [r...@shelley ~]# lspci ... 00:10.1 Audio device: nVidia Corporation MCP51 High Definition Audio (rev a2) [r...@shelley ~]# lsmod ... snd_hda_intel 639265 0 Could this be related to BZ #586532 https://bugzilla.redhat.com/show_bug.cgi?id=586532 ??? I'm not having sound problems 00:05.0 Audio device: nVidia Corporation MCP61 High Definition Audio (rev a2) Nit: I have an X4, not an X2, but that might not be relevant. The problem was reported for 00:10.1 Audio device: nVidia Corporation MCP51 High Definition Audio (rev a2) it seems you're lucky having the MCP61 ;-) frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adaptec SCSI Card 2930LP supported by CentOS 5.x?
Hi, this is the OP writing... John R Pierce wrote: Rainer Duffner wrote: Except that nowadays, some cheap desktop-motherboards may not know how to enable booting from such a card. I seriously doubt a SCSI card with a 50 pin (max 10 or 20MB/sec?) external connector is going to be used as a boot device. more likely, this is for some older tape class device like a DAT. Almost right. No booting from this card is required. It's for the connection to a X-ray data collection system. btw, the original poster should know, you can convert wide (68 pin) SCSI to narrow (50 pin) SCSI with a 'half-terminator' cable adapter, [...] I've been told by the vendor of the said X-ray data collection system, that 68pin connectors never worked with Linux for their device. Cheers frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Adaptec SCSI Card 2930LP supported by CentOS 5.x?
Hi, for a specific application we need a low-profile SCSI card (PCI) with external 50pin connector. I thought about getting an Adaptec SCSI Card 2930LP. However I was not able to find any usable information about wether this card is supported by Linux/CentOS 5.x or not. Does anyone have this card working with a CentOS 5.x machine? Alternatively: Are there any linux-supported low-profile PCI SCSI cards with 50pin connector which are supported by CentOS 5.x and which you can recommend? Thanks in advance frank -- Frank Thommen - Structures IT Management and Support - EMBL Heidelberg frank.thom...@embl-heidelberg.de - +49 6221 387 8353 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adaptec SCSI Card 2930LP supported by CentOS 5.x?
for a specific application we need a low-profile SCSI card (PCI) with external 50pin connector. I thought about getting an Adaptec SCSI Card 2930LP. However I was not able to find any usable information about wether this card is supported by Linux/CentOS 5.x or not. Does anyone have this card working with a CentOS 5.x machine? ALL Adaptec SCSI Cards (except for a few bleeding edge 64-bit PCI cards) are supported, out-of-the-box using stock kernels on all versions of CentOS (3.x, 4.x, and 5.x): Great thanks sauron.deepsoft.com% strings /lib/modules/2.6.9-89.0.16.EL/kernel/drivers/scsi/aic7xxx/aic7xxx.ko |grep 2930 [...] I'll use this string search next time I'm looking for device support. I didn't know I could do that. Greetings from my host (balrog) to your's :-) frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Newsletter feedback
Hi, We have now published the sixth version of the Newsletter [...] What newsletter are you referring to? I cannot find any newsletter offer on centos.org. frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp with tty
Warren Young wrote: Les Mikesell wrote: [...] This requires that the public key for localuser on host1 exists in host2:.ssh/authorized_keys. It also requires PermitRootLogin yes in /etc/ssh/sshd_config, which is unfortunately the default on CentOS. (I usually turn it off.) Unfortunately? I could not live w/o it ;-) Also realize that remotecmd can be a very complex thing, not just a simple command. You can use pipes and other things through ssh. If using IO redirections or pipes, be sure to quote them correctly: [localu...@host1 ~]$ ssh r...@host2 remotecmd /tmp/file will create /tmp/file with the output of remotecmd on host1 (!), while [localu...@host1 ~]$ ssh r...@host2 remotecmd /tmp/file will create /tmp/file on host2. Cheers frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can't download large files
:( wget? I've tried download using other utilities on my windows pc's, on my desktop [Ubuntu] I using rsync and scp to download, but get same problem :( Btw John, thank You for your advise... Really confused :( This might be either a problem on the server you are downloading from (try an other one) or maybe of a firewall at your site (we had similiar problems and corrupted packages due to a firewall bug). Cheers frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] resolv.conf rewritten every reboot. How to figure out who and why?
Dave wrote: On Thu, Oct 8, 2009 at 11:44 AM, Craig White craigwh...@azapple.com wrote: On Thu, 2009-10-08 at 11:19 -1000, Dave wrote: [r...@lee1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 [snip] PEERDNS=yes - ^^^ change to PEERDNS=no What man page would tell me what this means? How should I have known that's what I should do, if I were lacking the luxury of being told by one wiser than myself? It's in /usr/share/doc/initscripts-version/sysconfig.txt Cheers frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dualboot CentOS and Windows
frank.brodb...@klingel.de wrote: Hi, I have to install CentOS on a spare partition of a laptop with Windows pre installed. Is there anything I have to watch out for? Couldn't find anything in the wiki or does the installer handle this well without me doing some magic, or so? The installer will handle this perfectly if you select the correct partition for your CentOS installation :-) Cheers frank -- Frank Thommen - Structures IT Management and Support - EMBL Heidelberg frank.thom...@embl-heidelberg.de - +49 6221 387 8353 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dualboot CentOS and Windows
I have to install CentOS on a spare partition of a laptop with Windows pre installed. Is there anything I have to watch out for? Couldn't find anything in the wiki or does the installer handle this well without me doing some magic, or so? The installer will handle this perfectly if you select the correct partition for your CentOS installation :-) usually, you need at least two partitions: one for / and one for swap. best is to setup first a small /boot partition. i'm sure somewhere there are some docs about it :) You can do that from within the installer...or just let the installer create a default layout. frank -- Frank Thommen - Structures IT Management and Support - EMBL Heidelberg frank.thom...@embl-heidelberg.de - +49 6221 387 8353 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Auto-installing security updates?
[...] Like a previous poster, I'd also suggest, that you use an other distibution in this case. Ubuntu might be a good choice or maybe SuSE. Both are probably better suited for non-commandline techies :-). That is utter bullshit. The neat thing about CentOS as a Desktop is that the system (mostly) stays the same over 7 years. I was referring to the ease of use regarding updating etc. Not the desktop itself. Both distributions offer easy-to-use update tools. Oh, CentOS doesn't? Not in such an integrated way as e.g. SuSE (yast). Or maybe I just don't know them? I'd also suggest not to use Fedora or OpenSuse. They have both very fast release cycles, forcing you to updating very often. Ermm. You advise to use SuSE, but then suggest to not use it? Or were you talking about the Enterprise version? exactly. frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Auto-installing security updates?
Hi Anne, [...] he feels very insecure. It seems to me that CentOS would be perfect for him except for the need to keep it securely patched. [...] I'd be glad of any advice. Like a previous poster, I'd also suggest, that you use an other distibution in this case. Ubuntu might be a good choice or maybe SuSE. Both are probably better suited for non-commandline techies :-). Both distributions offer easy-to-use update tools. I'd also suggest not to use Fedora or OpenSuse. They have both very fast release cycles, forcing you to updating very often. On the other hand, showstoppers can always happen and in this case probably nothing will save you a personal appearance :-) Cheers frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Calendar server
Scott Silva wrote: on 5-12-2009 4:24 AM Max Hetrick spake the following: Scott Silva wrote: [...] I had looked at Horde some time ago, but brushed it off. I think I'll check it out though again and get it up and running. Thanks! Max Most of my users seem OK with it. I was running it side by side with roundcube as a test, and most users seem to like the extra bits. Besides, horde keeps compatibility with less than brand new PHP versions, but Roundcube insists you have the newest PHP installed everytime they generate a new version. I just can't hack a production server every few months at the whim of developers that want to play in a new sandbox every week. As far as I know, Horde/IMP doesn't play well with mailboxes that contain square brackets in their name (which is a common pattern for maillist mailboxes at our site...). They are always reported as being empty and one cannot move/copy mails to them. frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update Issue
John Hinton wrote: I seem to be able to get all of the 5.x update except for the kernel. Each attempt results in this... (1/1): kernel-2.6.18-128. 100% |=| 15 MB 00:16 http://centos.mirror.nac.net/5.3/updates/i386/RPMS/kernel-2.6.18-128.1.6.el5.i686.rpm: [Errno -1] Package does not match intended download Trying other mirror. http://mirrors.usc.edu/pub/linux/distributions/centos/5.3/updates/i386/RPMS/kernel-2.6.18-128.1.6.el5.i686.rpm: [Errno 9] Requested Range Not Satisfiable [...] The last time I saw these errors it was with Fedora Core 6 updates. I usually got rid of them by either trying later and/or trying lots and lots of times and/or by removing all installed PGP keys and re-importing them. As I usually tried a combination of the above methods I can't really say which one is the best option. My hypothesis - for the problems *we* had - is, that it was a firewall issue on our side. Cheers frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Newby- New install forgot Login - pwd
Joseph L. Casale wrote: Which is why I should password protect grub on my desktop -- have done so now on my laptop. Don't bother, that's the dumbest feature I ever saw. You can edit the password out of the grub line to... I think that shouldn't be? http://www.gnu.org/software/grub/manual/grub.html#password; - 13.2.10 password — Command: password [--md5] passwd [new-config-file] If used in the first section of a menu file, disable all interactive editing control (menu entry editor and command-line) and entries protected by the command lock. [...] - frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] need trouble ticket system
Darrin Khan wrote: [...] We make good use of RT by Best Practical, it services an ISP and a NOC. http://www.bestpractical.com/rt [...] I'd support RT, too. I've made some experiences with Kayako and RT and while I find Kayako far too complex (especially if you want to customize it), RT is just fine for most purposes and it's quickly installed. RT is one of my top five sysadmin/support tools. frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Getting asciidoc
[somehow my mail hasn't gone through yesterday evening. trying again...] Brian Mathis wrote: You need to set enabled=1 in the config file. Currently you have enabled=0 I don't think you need enabled=1 in the repo file if you are using `yum --enablerepo=dag ...` on the command line, but... [dag] [...] enabled=0 gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt includepkgs=acsiidoc* bitt* perl* ^ ...this should probably read 'asciidoc'? :-) Cheers frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Minimal Install?
2) Is it possible, using yum, to know which packages holds what file? (like dpkg -S in Debian/Ubuntu) yum provides filename rpm -q --whatprovides filename frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] manage different profile with a laptop
Hi Rachid, I need to use different profile with some linux CentOS laptops. I'm managing such profiles with a custom init script. The scripts checks what IP address (if any) the machine got and according to this address, I disable/enable some services (NIS, sendmail, automounter, local vs. remote homedirectories etc.). It's not very elaborate but works fine until now. Cheers frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img
John Doe wrote: Frank Thommen wrote: To modify the initrd.img, I took the original CentOS 5.2 image, unpacked with cpio/gunzip and replaced modules/2.6.18-92.el5/x86_64/e1000e.ko with a current version. This driver module had been created on a freshly installed CentOS 5.2 host with kernel 2.6.18-92.el5 and w/o any updates. After adding the driver, I re-archived and re-packed the image and replaced the initrd.img on my tftp server. The new image is considerably bigger than the old one (12 MB vs. 5.7 MB) which puzzles me, as the driver file itself is 2.8 MB (compared to the old e1000e.ko with ca 170 KB) but the resulting modules.cgz is only around 700 KB bigger than the original one. All files have been compressed with `gzip -9`. Just wondering... can you safely strip modules like you would strip executables? Unfortunately stripping didn't help. Same error message at boot. frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img
Tru Huynh wrote: On Thu, Mar 26, 2009 at 05:27:10PM +0100, Frank Thommen wrote: What cpio options did you use to re-create modules/modules.cgz and then the initrd.img? I used `cpio -ovF file` and `cpio -ov -H crc -F file` (I found the latter on http://sial.org/howto/linux/initrd/). However I could not find any officially looking information about how the initrd.img/modules.cgz is created. find ./ | cpio -H newc -o | | gzip -c9 /path/to/my/initrd.img This give a slightly different error message: [...] md: Autodetecting RAID arrays. md: autorun ... md: ... autorun DONE. VFS: Cannot open root device NULL or unknown-block(253,3) Please append a correct root= boot option Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(253,3) The two RAMDISK error lines have gone. I have archived modules/modules.cgz *and* initrd.img with -H newc. frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img
Tru Huynh wrote: On Fri, Mar 27, 2009 at 04:04:40PM +0100, Frank Thommen wrote: This give a slightly different error message: [...] md: Autodetecting RAID arrays. md: autorun ... md: ... autorun DONE. VFS: Cannot open root device NULL or unknown-block(253,3) Please append a correct root= boot option Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(253,3) The two RAMDISK error lines have gone. I have archived modules/modules.cgz *and* initrd.img with -H newc. only the initrd needs -H newc I tried also with non-newc for modules.cgz but this doesn't help. However when I look at the original, gunzipped modules.cgz wich `file`, then I get ASCII cpio archive (SVR4 with no CRC) which would also be 'newc'. This one works for me LABEL centos5 MENU LABEL ^1) centos 5 x86_64 raid1 ks KERNEL centos5.x86_64/vmlinuz APPEND initrd=centos5.x86_64/initrd.img method=http://10.0.0.4/pub/linux/c5/os/x86_64 noipv6 syslog=10.0.0.4 kssendmac ip=dhcp ks=http://10.0.0.4/ks/c5-raid1-64-min.cfg That is more or less what we have: KERNEL CentOS-5.2_64/vmlinuz APPEND initrd=CentOS-5.2_64/initrd.img ramdisk_size=5940 kssendmac ks=http://srv/ks/ks.cgi noipv6 This should not be the problem as it works fine for the unmodified initrd.img. frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Getting asciidoc
Brian Mathis wrote: You need to set enabled=1 in the config file. Currently you have enabled=0 I don't think you need enabled=1 in the repo file if you are using `yum --enablerepo=dag ...` on the command line, but... [dag] [...] enabled=0 gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt includepkgs=acsiidoc* bitt* perl* ^ ...this should probably read 'asciidoc'? :-) Cheers frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Getting ready for CentOS 5.4
nate wrote: Les Mikesell wrote: [...] I think it's safe to assume that the majority of CentOS users out there run CentOS on servers, not on desktops/laptops/etc. So I'm one from the minority then :-). CentOS 5 is running on (almost) all servers and (really) all Linux clients here. Being used to the RedHat way from a former job and not being happy with the fast release cycles of Fedora, CentOS was a logical choice. No more system instabilities and no more package incompatibilities since we switched from Fedora (let's keep fingers crossed). That's what I call Enterprise grade :-) I don't care if the CentOS release comes days or weeks (or months) after the RedHat release as long as it comes one day. And sincerely: I don't understand, why RedHat/CentOS should not be used on desktops. Cheers frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] USB, AutoMount VNC
Guy Boisvert wrote: MHR wrote: On Fri, Mar 27, 2009 at 6:35 AM, Guy Boisvert boisvert@videotron.ca wrote: Hi! I'm trying to figure out how to make automount do its job when nobody is logged at the console and the user access the server by VNC. Does anybody knows how to make CentOS automount USB Hard Drives / Pendrive when accessed by VNC? Could you describe the problem a little more clearly? Separation of console from USB-accessible hardware, how VNC fits in in this scenario, etc. It sounds like someone wants to log in remotely (VNC), plug in a (local) USB device and access it (remotely), which doesn't make sense to me. Thanks. mhr ___ Hi, It make senses if you're running a box headless (it will be headless soon, now i'm testing it with K+V+M attached). We're using a CentOS box to plug USB Flash drive external hard drive into it. The CentOS box is then used to FTP the content of these external drives to a Winblows box, all that filtered by a firewall between the 2 boxes. Only FTP is allowed. Doing some tests on the CentOS box, i saw that if i log into the console, then the local session and the remote VNC sessions will see the drives automounted. If i log out of the console, then the VNC session won't see anything. It's like the automount works only if somebody is logged at the console. I assume that with console you mean X11/desktop manager. In this case Gnome or KDE handle the mounting of removable devices for you. The automounter hasn't anything to do with it. If you want the automounter to handle removable devices, then you'll have to add appropriate automounter map entries. Something like /etc/auto.master: /media /etc/auto.media /etc/auto.media: usb:/dev/sda1 or you could use a program map like the following (not my invention, I took this from the autofs mailing list): - #!/bin/sh if ntfs-3g.probe /dev/sda1; then echo -fstype=ntfs-3g,other-opts :/dev/sda1 else echo -fstype=vfat,other-opts :/dev/sda1 fi - You'll probably find other examples on the net. I'm not sure if such an automounter setup collides with Gnome/KDE automounting. Cheers frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img
Hi, to install current PC models (with new Intel NICs) via Kickstart/PXE, I wanted to add the newest e1000e-Treiber to initrd.img. With this modified image, the Kickstart kernel crashes with the following error messages: [...] md: Autodetecting RAID arrays. md: autorun ... md: ... autorun DONE. RAMDISK: Compressed image found at block 0 RAMDISK: incomplete write (20480 != 32768) 6062080 VFS: Cannot open root device NULL or unknown-block(253,3) Please append a correct root= boot option Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(253,3) To modify the initrd.img, I took the original CentOS 5.2 image, unpacked with cpio/gunzip and replaced modules/2.6.18-92.el5/x86_64/e1000e.ko with a current version. This driver module had been created on a freshly installed CentOS 5.2 host with kernel 2.6.18-92.el5 and w/o any updates. After adding the driver, I re-archived and re-packed the image and replaced the initrd.img on my tftp server. The new image is considerably bigger than the old one (12 MB vs. 5.7 MB) which puzzles me, as the driver file itself is 2.8 MB (compared to the old e1000e.ko with ca 170 KB) but the resulting modules.cgz is only around 700 KB bigger than the original one. All files have been compressed with `gzip -9`. My PXE bootsettings are: KERNEL CentOS-5.2_64/vmlinuz APPEND initrd=CentOS-5.2_64/initrd.img ramdisk_size=5940 kssendmac ks=http://srv/ks/ks.cgi noipv6 Even raising ramdisk_size doesn't help. At around ramdisk_size=7100 there seems to be an overflow and the size is recounted from zero (?). Any Ideas, how one can/should create an updated and working initrd.img for Kickstart/PXE? A similar question has been asked before on this list and a recommendation was to wait for 5.3. Unfortunately I cannot wait for the next release. Thanks in advance frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img
What cpio options did you use to re-create modules/modules.cgz and then the initrd.img? I used `cpio -ovF file` and `cpio -ov -H crc -F file` (I found the latter on http://sial.org/howto/linux/initrd/). However I could not find any officially looking information about how the initrd.img/modules.cgz is created. Did you gzip the initrd.img after cpio'ing it? yes, with `gzip -9`. It might be better to wait for CentOS 5.3 - as that has an updated e1000e module - hopefully 5.3 might be out this week end ... OK, I could wait this long (better: short) :-) frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img
to install current PC models (with new Intel NICs) via Kickstart/PXE, I wanted to add the newest e1000e-Treiber to initrd.img. With this modified image, the Kickstart kernel crashes with the following error messages: Maybe you need to increase the memory allocated to ramdisk? by default I use ramdisk_size=16384 as a kernel parameter for booting the installer. with ramdisk_size=16384 the error message is: [...] md: Autodetecting RAID arrays. md: autorun ... md: ... autorun DONE. RAMDISK: Compressed image found at block 0 RAMDISK: incomplete write (-28 != 32768) 16777216 VFS: Cannot open root device NULL or unknown-block(253,3) Please append a correct root= boot option Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(253,3) There is probably an exact way to determine a valid ramdisk_size, buth which? :-} frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PXE-Kernel crashes with RAMDISK: incomplete write ... after modifiying initrd.img
John Doe wrote: Frank Thommen wrote: [...] The new image is considerably bigger than the old one (12 MB vs. 5.7 MB) which puzzles me, as the driver file itself is 2.8 MB (compared to the old e1000e.ko with ca 170 KB) [...] Just wondering... can you safely strip modules like you would strip executables? Don't know. Admittedly I don't even know what stripping is...[reading in Wikipedia]...now having some half-knowledge... `strip e1000e.ko` results in a 148K file (compared to the 2.8MB original). I'll try to put this one into the initrd.ing tomorrow. Thanks frank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos