Re: [CentOS] automated smtp server check
For some fast and free monitoring along with DNS verification/blacklist/config checks of your MX records, MXToolbox lets you monitor one domain for free. Nice to have an external, independent source checking your public MTA. Nagios is still what I would choose for minute-by-minute checks but MXToolbox is free, and isn't tied to your infrastructure in any way. On Wed, Nov 5, 2014 at 12:34 PM, Keith Keller kkel...@wombat.san-francisco.ca.us wrote: On 2014-11-05, zep zgreenfel...@gmail.com wrote: I'd second nagios, but I think to -really- test smtp, you'd need an external email source, a specialized target user and cron on both sides (at least that'd how I'd do it, just to be sure mail is really flowing through). For just testing whether the SMTP server is up (which is what the OP originally requested) a nagios check may be sufficient. As another poster mentioned, he could use the check_smtp plugin (e.g., via cron, though I agree with you that cron isn't a great tool for monitoring) without running a full Nagios server. For verifying that delivery is occuring successfully, you'd need more what you described, but even that's not going to be foolproof: maybe delivery to you is working fine, but delivery to other users isn't working properly. It's really up to the OP, how much work does he really want to put in? --keith -- kkel...@wombat.san-francisco.ca.us ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.5 equivalents in CentOS 7
use iptables. There might also be other functionality upgrades, I haven't studied firewalld in detail yet. Best, :-) Marko ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] managing a rack full of centos servers
On Tue, Jul 19, 2011 at 6:00 PM, Fajar Priyanto fajar...@arinet.org wrote: On Wed, Jul 20, 2011 at 8:25 AM, Patrick Lists centos-l...@puzzled.xs4all.nl wrote: On 07/20/2011 02:03 AM, Fajar Priyanto wrote: Redhat satellite can handle it. Too bad I don't know if there is foss alternative for it. There is http://spacewalk.redhat.com/ They have it? Awesome! Thanks for the info!! Spacewalk is great, but be prepared for some significant configuration time and energy. Also, it requires Oracle (postgres is in progress last I checked). The free version of Oracle has a single processor limitation. I'd say about 20 systems is the threshold for when the up-front config time starts paying off. -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM Host Disk Performance
On Tue, Apr 5, 2011 at 11:49 AM, compdoc comp...@hotrodpc.com wrote: I've been working with VMs for a while now and have tried various ways to set up guests. Block devices can be done with or without LVM, although I've stopped using LVM on my systems these days. Just curious, why have you stopped using LVM? I've found it to be useful for allocating disk space to to KVM for virtual machines. I usually set up logical volumes on a separate volume group as block devices for the virtual machine to use. If there's an issue with this, I'd like to know about it. -Iain -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Load balancing...
I'm surprised to see so many choosing HAProxy over LVS, which seems fairly integrated into Red Hat's offerings, with full documentation and rpms in CentOS and RHN. I've set up LVS before for an internal java application and it seemed straightforward after understanding arptables, etc. Is HAProxy worth considering as a better option for this scenario? Regards, -Iain On Mon, Mar 7, 2011 at 3:44 AM, Nico Kadel-Garcia nka...@gmail.com wrote: On Mon, Mar 7, 2011 at 1:36 AM, David Brian Chait dch...@invenda.com wrote: On Mon, Mar 7, 2011 at 4:40 AM, Tim Dunphy bluethu...@gmail.com wrote: however for my purpose open and free HAProxy remains best choice!! +1 for HAProxy; excellent piece of software. It really depends on your needs, if you are building a production ops environment then the last thing that you would want would be an unsupported/home grown solution. You need to consider the potential risks involved in implementing a poorly understood / virtually unsupported solution that in all likelihood only you would understand vs. a standard solution with an SLA behind it and an upgrade path going forward. Or in implementing an expensive, single point of failure third party device that requires a centralized control infrastructure. It can turn out to be a *very* expensive single point of failure, easily screwed up by a single upgrade or a single power supply issues or a failure to do failover networking to that device properly. Round-robin DNS is also, unfortunately, often mishandled. People mistake changing the ordering of listed A records for round-robin and, to quote Wikipedia: There is no standard procedure for deciding which address will be used by the requesting application. No such procedure. Zip, zero, nada, it's all client dependent. And if one of the IP's is on the same VLAN as the requesting host, you're *especially* likely to get all the traffic locked to that host, and DNS caches when you disable an IP can take rather unpredictable amounts of time to expire because every smart aleck downstream is doing their own caching and passing it along. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] directory services and root/sudo access
This is perhaps a more general security question. For those of you with a directory services installation, do you install a generic local user with sudo access in case directory services is not available? Or do you just beef up your directory services to the point that you are confident it will almost always be up? I usually disable root login via ssh, but allow it from the physical console, and make an emergency generic account with sudo privs in case DS breaks down. What I've noticed, however, is if I simulate a directory services failure, ssh logins with this generic local account take an eternity as the server still tries to auth that user against ldap/kerberos first. I'm sure this could be adjusted in pam in some way. I was just curious how other admins approach this, and what level of trust they place in directory services being available. -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] MacBook Pro and CentOS-5
You could also try Fedora, which is considerably more modern as a client OS than Cent 5 these days. Obviously it will be quite similar to future releases of CentOS. I wouldn't really want to run RHEL on my laptop as a client OS. Understandable if you want to stick with CentOS 5 for certain reasons. -Iain On Tue, Nov 16, 2010 at 9:05 AM, Kevin Thorpe ke...@pibenchmark.com wrote: On 15/11/2010 17:35, Jeff Chambers wrote: This is off list topic, but I have seen weirdness in airport cards on macs especially when connecting to Apple's Airport. A cheap fix is to buy a 2nd wireless access point and make sure to use that in bridged mode so it is not acting as a router and wire that to your airport base station. I like said before trying using an external hard drive to install CentOS onto and try your wireless card and other hardware drivers. This is a free solution except for the cost of the hard drive. Or save yourself money and try a live CD. I'm assuming that any missing drivers can be temporarily installed like on Ubuntu. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] interesting kvm lvm collision issue
On Tue, Oct 26, 2010 at 6:48 AM, Ross Walker rswwal...@gmail.com wrote: You need to exclude the LVs in the host VG from being scanned for sub-VGs. It's actually easier to just list what SHOULD be scanned rather than what shouldn't. Look in /etc/lvm/lvm.conf This worked, thanks. A couple of people emailed me separately on this. For others' reference, I added the following filter to lvm.conf on dom0 and disabled the default get everything filter. If anyone sees any pitfalls with this regex, I'm sure you'll let me know. (assuming your physical disks are sas/sata) filter = [ a/^/dev/sd*/, r/.*/ ] Thanks for the help, -Iain -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] interesting kvm lvm collision issue
I've been running into a reproducible problem when using default LVM volume group names to present block devices for virtual machines in KVM, and I'm wondering why it is happening. On dom0 I make a default VolGroup00 for the operating system. I make a second VolGroup01 for logical volumes that will be block devices for virtual systems. In VolGroup01, I make two lv's for one system: lv.sys1, and lv.sys1-data. I then build a new virtual machine called sys1, using lv.sys1 for the root filesystem, and lv.sys1-data for an independent data partition. Everything works great after installation, and vgdisplay on both systems looks great. If I then run vgscan, however, on the host system, it picks up the VolGroup01 I created _within_ the virtual machine, so I now have 2 VolGroup01's with different UUIDs showing up on dom0. Now I can see how vgscan would mistakenly see the VolGroup01 of sys1 on the block device lv.sys1-data, but why are the VolGroup00 vg's not colliding as well? When a pvdisplay is run, I have a new physical volume that is actually just a logical volume of the original VolGroup01: [r...@iain2 ~]# pvdisplay WARNING: Duplicate VG name VolGroup01: Existing FNiKc9-BB3t-ziMg-prWW-n8RA-OMzk-obiKnf (created here) takes precedence over C8fNMV-aeSW-syIn-fWJZ-vJdK-N0As-Itrvfi WARNING: Duplicate VG name VolGroup01: Existing FNiKc9-BB3t-ziMg-prWW-n8RA-OMzk-obiKnf (created here) takes precedence over C8fNMV-aeSW-syIn-fWJZ-vJdK-N0As-Itrvfi --- Physical volume --- PV Name /dev/VolGroup01/lv-sys1-data VG Name VolGroup01 PV Size 40.00 GB / not usable 4.00 MB Allocatable yes (but full) PE Size (KByte) 4096 Total PE 10239 Free PE 0 Allocated PE 10239 PV UUID FTA4QU-ydZ7-e2Yy-nBsi-t4st-3jj7-IAkQH8 --- Physical volume --- PV Name /dev/sda3 VG Name VolGroup00 PV Size 39.06 GB / not usable 29.77 MB Allocatable yes (but full) PE Size (KByte) 32768 Total PE 1249 Free PE 0 Allocated PE 1249 PV UUID tTViks-3lBM-HGzV-mnN9-zRsT-fFT0-ZsJRse --- Physical volume --- PV Name /dev/sda2 VG Name VolGroup01 PV Size 240.31 GB / not usable 25.75 MB Allocatable yes PE Size (KByte) 32768 Total PE 7689 Free PE 5129 Allocated PE 2560 PV UUID ZE5Io3-WYIO-EfOQ-h03q-zGdF-Frpa-tm63fX Has anyone experienced this? It's very unnerving to know your data is intact as you add new logical volumes for kvm systems. I suppose the lesson learned here is to provide VGs with specific host names. -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] interesting kvm lvm collision issue
On Mon, Oct 25, 2010 at 2:18 PM, Gordon Messmer yiny...@eburg.com wrote: Which block devices are you exporting to your guest? Post the libvirt configuration file for it. See below. It's specifically the second volume group that collides between virtual and physical systems. Both dom0 and U have identical VolGroup00 VGs, but these do not collide. Renaming the VG used by the domU within the domU removes the collision, but the newly-renamed VG still shows up in dom0 as a useable VG with space to be allocated. Here is the pvdisplay output from dom0. Interestingly, it shows /dev/VolGroup01/lv-sys1-data as physical volume when it's obviously just an LV in the original VolGroup01 VG. And this only happens with the _second_ Volume Group created. VolGroup00 is not an issue on this or any other systems I've used: [r...@iain2 qemu]# pvdisplay --- Physical volume --- PV Name /dev/VolGroup01/lv-sys1-data VG Name vg-sys1 PV Size 40.00 GB / not usable 4.00 MB Allocatable yes (but full) PE Size (KByte) 4096 Total PE 10239 Free PE 0 Allocated PE 10239 PV UUID FTA4QU-ydZ7-e2Yy-nBsi-t4st-3jj7-IAkQH8 --- Physical volume --- PV Name /dev/sda3 VG Name VolGroup00 PV Size 39.06 GB / not usable 29.77 MB Allocatable yes (but full) PE Size (KByte) 32768 Total PE 1249 Free PE 0 Allocated PE 1249 PV UUID tTViks-3lBM-HGzV-mnN9-zRsT-fFT0-ZsJRse --- Physical volume --- PV Name /dev/sda2 VG Name VolGroup01 PV Size 240.31 GB / not usable 25.75 MB Allocatable yes PE Size (KByte) 32768 Total PE 7689 Free PE 5129 Allocated PE 2560 PV UUID ZE5Io3-WYIO-EfOQ-h03q-zGdF-Frpa-tm63fX [r...@iain2 qemu]# cat sys1.xml domain type='kvm' namesys1/name uuid37f34394-d380-d2c4-ac37-3263c16028ff/uuid memory524288/memory currentMemory524288/currentMemory vcpu1/vcpu os type arch='x86_64' machine='rhel5.4.0'hvm/type boot dev='hd'/ /os features acpi/ apic/ pae/ /features clock offset='utc'/ on_poweroffdestroy/on_poweroff on_rebootrestart/on_reboot on_crashrestart/on_crash devices emulator/usr/libexec/qemu-kvm/emulator disk type='block' device='disk' driver name='qemu' cache='none'/ source dev='/dev/VolGroup01/lv-sys1'/ target dev='vda' bus='virtio'/ /disk disk type='block' device='cdrom' target dev='hdc' bus='ide'/ readonly/ /disk disk type='block' device='disk' source dev='/dev/VolGroup01/lv-sys1-data'/ target dev='vdb' bus='virtio'/ /disk interface type='network' mac address='54:52:00:3b:4a:f5'/ source network='default'/ model type='virtio'/ /interface serial type='pty' source path='/dev/pts/3'/ target port='0'/ /serial console type='pty' tty='/dev/pts/3' source path='/dev/pts/3'/ target port='0'/ /console input type='mouse' bus='ps2'/ graphics type='vnc' port='-1' autoport='yes' keymap='en-us'/ /devices /domain -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how many people still use NIS?
No one seems to like AD. I actually find it to be fairly manageable compared to stock LDAP/Kerberos. The management tools blow OpenLDAP out of the water. I laugh at myself saying it, but if you want simple management of a big installation, AD is pretty dang tested these days and it's not hard to integrate other systems in that environment if you have admin control of the schema. -Iain On Sat, Oct 2, 2010 at 3:24 PM, Tom H tomh0...@gmail.com wrote: On Fri, Oct 1, 2010 at 4:46 PM, m.r...@5-cent.us wrote: Stephen Harris wrote: On Fri, Oct 01, 2010 at 04:22:58PM -0400, m.r...@5-cent.us wrote: And I'd at *least* go to NIS+. openLDAP is an unbelievable pain, but Nobody in their right mind uses NIS+. Even Sun have stopped it. When I did Solaris 2.4 training NIS+ took 2 chapters of the manual. When I did Solaris 9 training it took 2 sentences. Yes, NIS+ may be more secure than NIS, but it's a FPOS to use properly and not a recommended solution. *shrug* I've never used it. Trust me, openLDAP is a royal PITA, but with AD as an alternative Both NIS+ and LDAP are a PITA but NIS+ less so, IMHO, probably because I learned it first. Anyway, NIS+ is pretty much history... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how many people still use NIS?
On Sat, Oct 2, 2010 at 7:29 PM, Craig White craigwh...@azapple.com wrote: This discussion completely ignores the fact that user authentication is just one of the many things LDAP does. If all you are going to do with LDAP is simple user group management then you have a lack of imagination. Not to stray much further off the subject, nor defend AD much further on the CentOS list, but AD does a lot more than user/group auth. In fact it does everything in your list (DNS, mail access lists, etc), and quite a bit more out of the box. Apple's Open Directory is a nice start, but pretty far behind in the race. In fact if I had a 1000 Mac installation, I'd rather build an AD domain and extend the schema to include the Apple attributes and use WG Manager for the Macs. I honestly believe Apple has put more engineering time into their AD plugin than their OD native interface. Believe me I'm no Microsoft enthusiast, but AD is a capable and mature product for the job. Obviously for maximum flexibility stock MIT Kerberos and OpenLDAP win, but I think I'd be wasting a lot of time using them bare-bones when administrating a large multi-site organization. Open-source is free, but it's definitely not free once you start spending your evenings combing mailing lists and debugging fringe issues that keep your business from meeting its goals. And NIS servers belong in a museum! :-) There, hopefully I've offended everyone. Cent remains my favorite server OS by a _huge_ margin. -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] moving from Xen to KVM
On Wed, Feb 24, 2010 at 1:38 PM, Pasi Kärkkäinen pa...@iki.fi wrote: Xen HVM guests require CPU virtualization extensions ... snip ... and enabled in the BIOS. This seems obvious but has caught me before, wasting some time. Dell PowerEdge systems seem to ship with virt disabled in the bios. -Iain -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] Dell 2950 with CentOS 5.3
We have not had issues with our 2950s running 5.3. On Fri, May 15, 2009 at 8:33 AM, nate cen...@linuxpowered.net wrote: Kian Sin Teo wrote: Hi all, Any one experience issue with Dell 2950 and CentOS 5.3, Not 5.3, but 5.2, and it works fine. 5.3 is very similar to 5.2 so I wouldn't expect any differences as far as your issue is concerned. You running the latest RAID and BIOS firmware versions? If it's not even getting to the OS then it's not an OS issue, sounds like a firmware problem. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
