Re: [CentOS] Linux ate my RAM...
On Wed, Nov 18, 2015 at 7:51 PM, Itamar Reis Peixotowrote: > try systemd-nspawn and use it instead of virtualizing, will save you some > bits of memory. Interesting.. Not an option for us currently but perhaps as an alternative to Docker it will come in handy. Thanks for the feedback. Kwan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Linux ate my RAM...
Warren: Thanks for the good info and link. On Wed, Nov 18, 2015 at 4:41 PM, Warren Young <w...@etr-usa.com> wrote: > On Nov 18, 2015, at 1:20 PM, Kwan Lowe <kwan.l...@gmail.com> wrote: >> >> Because of caching, from VMWare's perspective, all Linux memory is >> being "used”. > > Nope. VMware’s memory ballooning feature purposely keeps some of the guest’s > RAM locked away from the kernel. This is where RAM comes from when another > guest needs more physical RAM than it currently has access to: > > https://blogs.vmware.com/virtualreality/2008/10/memory-overcomm.html Hmm.. I may be misunderstanding how the balloon driver is working... I'm looking at section 3.3 in this guide: https://www.vmware.com/files/pdf/perf-vsphere-memory_management.pdf When a guest starts up, the cached memory is very low. This is reflected in the VMWare hypervisor view that shows a small percentage of host memory being used. After disk activity, the host memory allocation grows to the point that it's allocating all the configured memory in the hypervisor view. The guest 'free' still shows the majority of memory as available (though "cached"). "vmware-toolbox-cmd stat balloon" reports 0MB have been ballooned on these instances. From the PDF above, it seems that only under memory pressure on the hypervisor level does the ballooning kick. Unfortunately, I don't have a way to safely test this. > > There are downsides. > > One is that pages locked up by the balloon driver aren’t being used by > Linux’s buffer cache. But on the other hand, the hypervisor itself fulfills > some of that role, which is why rebooting a VM guest is typically much faster > than rebooting the same OS on the same bare hardware. > This is interesting. We may be double-caching then if VMWare host is also doing some caching. > Another, of course, is that oversubscription risks running out of RAM, if all > of the guests decide to try and use all the RAM the host told them it gave. > All of the guests end up being forced to deflate their balloons until there > is no more balloon memory left. > >> The increase in vm density is an acceptable tradeoff. > > Instead of oversubscribing the real RAM of the system, consider starting and > stopping VMs at need, so that only a subset of them are running at a given > time. That lets you host more VMs underneath a given hypervisor than would > run simultaneously, as long as you don’t need too many of the VMs at once. > > This patterns works well for a suite of test VMs, since you probably don’t > need to test all configurations in parallel. You might need only one or two > of the guests at any given time. This is a possibility. It will be a hard sell but may work for some. > >> 1) What options are available in CentOS to limit the page cache? > > Again, you should not be tuning the Linux’s virtual memory manager to make > the VM host happy. That’s one of the jobs VMware Tools performs. Agreed.. I don't want to do too much on the guest side but we're getting heat to increase density. This is caused by some app owners that throw memory at systems as a first step in troubleshooting. :D Thanks again for your feedback.. Kwan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Linux ate my RAM...
Hello everyone, Excuse the title. I'm trying to do something very specific that goes against some common assumptions. I am aware of how Linux uses available memory to cache. This, in almost all cases, is desirable. I've spent years explaining to users how to properly read the free output. I'm now trying to increase VM density on host systems (by host, I mean the physical system, not the underlying guest machines). VMWare can over-allocate memory as long as it's not being used. Because of caching, from VMWare's perspective, all Linux memory is being "used". I am aware of the inherent risks in over-allocation of resources on a VMWare system.This tuning is strictly for development systems where performance and stability are not as critical. The increase in vm density is an acceptable tradeoff. My questions: 1) What options are available in CentOS to limit the page cache? SuSe has vm.pagecache_limit_mb and vm.pagecache_limit_ignore_dirty which, in conjunction with swappiness tweaks, appears to do what I need. 2) Any experience with enabling /sys/kernel/mm/ksm/run on non-KVM workloads? As KSM only applies to non-pagecache memory, it doesn't immediately help me here but could be incrementally useful (https://www.kernel.org/doc/Documentation/vm/ksm.txt). 3) Is there any way to control /proc/sys/vm/drop_caches and limit it to a number of entries or age? Dropping the filesystem cache, though it unmarks those pages, has performance implications. Thanks in advance for any input or links. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ERROR Installing Cisco AnyConnect on Centos 6x
On Wed, Sep 30, 2015 at 2:28 PM, CS DBAwrote: > I've downloaded the Cisco AnyConnect tar.gz file for one of our clients, > when I untar it and then run the vpn_install script in the vpnclient > directory I get the below error. > > I ended up getting the clients from the Nux repository instead of Epel. At the time, it provided the NetworkManager tools which EPEL didn't have. It's easy enough to run from the command line but NetworkManager integration is nice to have. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Wrapper script for shutdown, passwd, etc. commands
On Mon, Jul 13, 2015 at 10:21 AM, Jonathan Billings billi...@negate.org wrote: Are you saying that this is an interactive process on the system? I'd suggest you make sure this isn't some sort of email ticket that stores a password or emails it. Thanks for the reply. I'm thinking that the password would only be there to confirm. It would not be stored but would possibly leverage PAM. You could probably use 'sudo' to handle the part of authenticating the user, and run a very limited service that queried a secure system for approval and initiated the shutdown. sudo was a possibility.. However, I want to this specifically for folks with root access so sudo's checks won't work. This is for two reasons: Audit requirements and as a second check for the admin. We've had a couple instances recently where the admin did work on the wrong server. Though i don't see any way to totally lock it down for someone with root access, I want to make it at least give some sort of warning. The other tool I looked at was selinux. Combined with audit it could possibly work but not all the systems have selninux enabled. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Wrapper script for shutdown, passwd, etc. commands
Hello all. Thank you for reading. I'm hoping someone can point me in the right direction here. I am looking to implement a wrapper script/utility that will prompt for a ticket number before running certain commands. I've used similar scripts in the past on systems that I didn't have admin access. The wrapper would do something like this: [root@vm-helios-019] shutdown -h now *** WARNING *** You are attempting to shutdown a production server: vm-helios-019.digitalhermit.com Please enter the Change Log Ticket for shutdown CHG-FL-102122 Please confirm by entering your login password: xx Ticket number CHG-GL-102122 for user Kwan Lowe (klowe) has been logged at Sun Feb 4, 2001 at 14:23 (2:23PM). Ideally this would only kick in if the request is coming from an interactive session. Thinking about it, just replacing the command with a wrapper could cause other problems. Has anyone done anything similar? Thanks, Kwan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Effectiveness of CentOS vm.swappiness
On Thu, Jun 4, 2015 at 4:18 PM, Markus Shorty Uckelmann sho...@koeln.de wrote: I have lots of C6 C7 machines in use and all of them have the default swappiness of 60. The problem now is that a lot of those machines do swap although there is no memory pressure. I'm now thinking about lowering swappiness to 1. But I'd still like to find out why this happens. Thanks for this thread. I'm actually looking at the same settings for a different reason. Most of our environment is VMWare-based and one major difference between the Linux and Windows clients is how they use free memory. Linux grabs it for cache (Free memory is wasted memory.) but Windows doesn't appear to touch it at all. This means the VMWare hypervisor can over-commit memory. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTLM Authentication ISA Server
On Wed, Jan 14, 2015 at 3:53 PM, Tim li...@kiuni.de wrote: Hello list, how can I get CentOS 7 to authenticate against a Microsoft ISA server for package installations after the OS is installed. In Debian/Ubuntu apt.conf just needs to be edited and it works. How to do so in CentOS? I use a program called cntlm. I don't know if an RPM is available but the source is trivial to build. I believe it also includes a SPEC file. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 2460x1440 video card recommendation
On Mon, Jan 12, 2015 at 11:57 AM, Frank Cox thea...@melvilletheatre.com wrote: Can someone recommend a video card that's capable of driving a monitor at 2560x1600 or 2560x1440 and just works with Centos 7 without requiring any outside video drivers? I would prefer to stay with the built-in video drivers that are included with Centos 7 if possible; I don't play games and such, so I'm not looking for high performance 3D -- I just want a high resolution desktop. I'm currently looking at a BenQ GW2765HT which is 2560x1440, though I might end up with something else in the end. Hmmm.. I have dual GeForce 780s (Asus brand) driving 2560x1440 monitors. However, I am using the NVidia binary drivers. The problem with using nouveau is that with that much more real-estate video can bog if you are doing much beyond launching xterms. In particular, full screen video has noticeable tearing and even dragging windows across the desktop looks glitchy. To be clear, it works, just that I hate seeing the visual tearing. On another system I have a Geforce 650. It also drives a single 2560x1440 monitor without issue. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] files mysteriously changing ownership
On Wed, May 7, 2014 at 1:08 PM, Tim Dunphy bluethu...@gmail.com wrote: We have a directory that holds the media for a website. We want that directory owned by the apache user and group. But for some reason that directory and all it's files keep reverting to being owned by a user account and group. What are the user IDs of the apache and user_a users? Are these local mounts or shares? I've seen a similar thing when there was a UID conflict. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Memory leak - how to investigate
On Tue, Feb 4, 2014 at 7:53 AM, sjt5atra sjt5a...@gmail.com wrote: Others have mentioned tuning httpd.conf parameters. Problem is apache doesn't give you the math to know what to set those without lots of trial-and-error. The best guide for this math is from F5: http://www.f5.com/pdf/deployment-guides/f5-apache-dg.pdf Indeed, there's a bit of voodoo involved... And goats. In the past I've used webalizer logs to get an idea of the peak number of hits per minute. This works fine for certain types of accesses. For monitoring memory usage, I've used top in batch mode to grab the actual process memory usage. If the memory usage grows quickly and there are many spare httpd processes then the sum of these numbers will climb rapidly. In this case, tuning down the number of httpd processes and/or cycling them sooner can help. I've found that performance is not measurably affected in my workloads but mileage varies widely. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Memory leak - how to investigate
On Mon, Feb 3, 2014 at 8:43 AM, Jussi Hirvi listmem...@greenspot.fi wrote: My web name server runs out of memory from time to time, to the point where it's completely unresponsive to anything. At that point reset is the only alternative. (Or, as this is a virtual guest, I just say virsh destroy). But why this happens - I would like to know. Sever things could be occurring. The first thing I notice is that you have many httpd processes running. This can be useful if you have many simultaneous hits. If you don't, you can tune the number of processes down (search on MAX_CHILD in the httpd.conf). Don't quote me on this, but you can lower the number of simultaneous processes and reduce the number of requests that each processes before exiting. Though much of the memory is shared, a lot isn't, so reducing the process count helps improve the memory situation. Cycling them more rapidly can help clean up any that have memory leaks. The host in question is a KVM guest, and runs CentOS 6.4. From top (situation now): Mem: 1361564k total, 1264324k used,97240k free, 8428k buffers Swap: 3014648k total,64852k used, 2949796k free, 358676k cached That doesn't look like a lot of memory.. Possible to add another .5G or so? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Memory leak - how to investigate
On Mon, Feb 3, 2014 at 3:36 PM, Warren Young war...@etr-usa.com wrote: Ah! I missed that. Is it actually the case that your server doesn't even have 2G of RAM? That's a *real* problem. Small RAM limits with strange values like 1.3 GB are normal for VMs. This is true. I can start up VMs with under 256M and do so quite often. Looking at the non-shared memory in the list of procs posted, however, it looks like that server at least is running pretty thin. Rather than give the VM more dedicated RAM, have you tried adding more swap, Jussi? Your system may be well-tuned, not I/O bound all the time swapping to disk, but that doesn't mean swap isn't useful. Interesting: 21463 total pagecache pages 20882 pages in swap cache Swap cache stats: add 1523887, delete 1503005, find 201987/297332 Free swap = 0kB Total swap = 3014648kB In this case I'm more inclined to limit the number of processes rather than increasing page space. Adding swap will delay the OOM, which is good, but performance will suffer. Modern OSes pretty much depend on having some swap space. If nothing else, it lets the OS move some little-used bits of code out of RAM, so the RAM can be used for the computer's real work. Yes! You don't know how many times I've heard, I have 64G of memory! Why do I need swap? There are some benefits to running swapless though. I've dinked around with the overcommit and other memory options for some workloads. Another thing to look into is how many forks or threads your web stack uses. More is better for speed, up to the point where you run out of RAM, at which point your web stack slows to a crawl or dies. If each fork takes 500 MB, and you've got it set to use 3 forks, you're already running into swap space, unless there's some serious RAM sharing going on among the forks. :) Just had this conversation about spinning up Websphere JVMs to increase performance... Web site tuning is hard. :P ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Memory leak - how to investigate
On Mon, Feb 3, 2014 at 2:59 PM, m.r...@5-cent.us wrote: We've got a number of websites on one of our production servers, and they get hit moderately (it's not Amazon... but they are US gov't scientific research sites), and I think we've got 25 threads running, total, to server *all* of them. If you don't mind me asking, what are your fork/child settings like for those and what sort of workload? snip mark got 8G on my home ssytem, and 6G on my workstation at work Just got my 64G main board in... Should be built by the weekend. Octo-core AMD and 64G DDR3, Nvidia 780. :D ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] And then there was one (browser)
No consolation for CentOS 6, but Chrome does appear to work on the upstream 7 beta. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Google Chrome
On Sat, Nov 23, 2013 at 11:25 AM, Johnny Hughes joh...@centos.org wrote: BTW, I like chrome, so that is why I am trying to maintain this ... but it is GOOGLE who is not maintaining the code to work on EL. [snip] I appreciate your efforts on getting it working previously. At my office there are a bunch of Red Hat and CentOS desktop users. I can't imagine that we're that much different from a lot of other IT shops. Anyhoo, I'm building it via ChromeOS. Haven't gotten everything working yet, but my hope is to run it within a VM. It's a horrible kludge, but the alternative is to dispense with the Google versions of sync, documents, etc..That's looking a lot more attractive :D ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Crash and automatical reboot when using the NVIDIA card
On Fri, Nov 22, 2013 at 2:36 PM, Panruo Wu armiu...@gmail.com wrote: A few minutes after using the GPU for doing some HPC calculations, the server crashes and reboots itself. This is happening every time. I know it will be rebooted but I don't know when. Sometimes it's 20 minutes after starting using it. Sometimes it's 2 hours. I had a similar problem. Under load the system would crash. Turned out to be the fans weren't spinning up correctly. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What the heck is a text/html decoder
On Mon, Nov 4, 2013 at 4:45 PM, Frank Cox thea...@melvilletheatre.com wrote: My phone service provider offers a way to check my voicemail via a webpage. However, when I go to that webpage with Firefox and try to play back a saved message, a window pops up that says this: The following plugin is required: text/html decoder What is it looking for and how can I install it? I already have these totem rpms: totem-nautilus-2.28.6-2.el6.x86_64 totem-pl-parser-2.28.3-1.el6.x86_64 totem-mozplugin-2.28.6-2.el6.x86_64 totem-2.28.6-2.el6.x86_64 [snip] Most likely looking for Flash. Some sites indicate gecko-mediaplayer provides the txt/html.. not sure if it's covered by the ones you have loaded. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] which kernel do people use?
On Tue, Oct 22, 2013 at 10:44 PM, Keith Keller kkel...@wombat.san-francisco.ca.us wrote: Hi all, I'm doing a very informal and unscientific poll: which kernel do you use on your CentOS machines? Not which version of the CentOS kernel, but which repository. Here are some examples I can think of off the top of my head: I'm running CentOS-plus on my main workstation but multiple VMs run a custom kernel built from the CentOS SRPMS. I have two systems running CentOS with the upstream vanilla kernel, but these don't get much use. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] to lvm or not to lvm - why/when to use lvm
On Thu, Sep 26, 2013 at 4:28 PM, Antonio da Silva Martins Junior asmart...@uem.br wrote: Well, I think this is one of the big examples of what we can do with LVM: http://www.greyoak.com/lvmdrive.html This is one of the top reasons that I use LVM on my home builds. I generally build with an SSD as the OS disk and a large SATA drive as my /home. When I need a bigger disk, which happens occasionally, I can either add or move up to a larger disk. I tend to just move up to a larger disk as I prefer a single disk to multiple disks for both reliability, reduced noise, and reduced power usage. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Chromium update
If you keep on canceling the auth dialog it will eventually load from Google's cache, minus the images. The main download is a script that does the package copy. I'll have a chance to try it in about an hour. Johnny, thanks for your efforts in getting this to work. 2013/9/18 Darr247 darr...@gmail.com: On 2013-09-18 6:41 AM, Johnny Hughes wrote: http://www.tecmint.com/install-google-chrome-on-redhat-centos-fedora-linux/ That page requests credentials, even from google's cache. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Evergreen ILS on CentOS?
On Mon, Sep 16, 2013 at 11:03 AM, m.r...@5-cent.us wrote: I've got two possible routes, here: a) I can try to build an older, deprecated version of Evergreen, or I can try to build a newer libevent and stuff - some of which, IIRC, kde wants. Opinions? Suggestions? And if anyone's worked with evergreen, PLEASE TALK TO ME!!! I haven't worked on Evergreen, but lately I've found need to build some specific packages that were developed on Debian or Ubuntu based distros. My approach has been to create a separate /opt/foreign mount and then rebuild what libraries I could and place them there. It worked, but I wouldn't want to do it for anything big. If you have a build environment on Ubuntu, I suppose another option would be to statically link everything. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] X11partioning
I am searching for a way in X11 to partition or divide the screen. For example the physical size of the screen may be 1920x1080 but what if I want 3 sections like A B C [snip] Does something like that exist of X11? All this is on the same physical screen. Just dividing it up. I suppose you could do something like run three vnc sessions on the server (with appropriate -geometry settings) then vnc-viewers to each of the servers. This is kludgey but would isolate the X sessions somewhat. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL Subscriptions
It says if you let ALL your subscriptions expire. I read that to mean after you have no active subscriptions, you can use the software. Seems absolutely crazy, but that's what it says. It seems more clear to me in the detailed contract version it says clearly 'use or execute': This clause is almost certainly to prevent folks from having a single subscription and then using that to update all the others in the environment. I don't have a problem with it; we do have several hundred RHEL systems. There are alternatives though. CentOS works for many companies. Even Oracle manages to rebuild the Red Hat packages and sell support around it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] minimal X applications needed to export to remote server?
On Fri, Aug 16, 2013 at 11:17 AM, Joseph Spenner joseph85...@yahoo.com wrote: In the past, on previous installations, I could ssh to the bacula server with the -X option, and run the application (called 'bat'), and it would display back. I'd have to make sure the sshd_config permits Xforwarding, but that was all. On my new CentOS 6.4 minimal, I always get: bat: cannot connect to X server I tried the usual tricks of exporting the display to my system where I want to see the GUI, which shouldn't be necessary anyway due to the 'ssh -X', but I thought I'd give it a shot. Still no go. You've probably already checked, but does the sshd_config deny X11 forwarding? Did you allow the remote via xhost on your local X server? Does your desktop require x11 magic cookies or other auth mechanism? I figured something was missing, since it is a minimal install, with no X. So I installed 'xlogo', thinking maybe all the X stuff needed to display that would be installed. By installing xlogo, I got a bunch of X stuff, including: You can test by temporarily installing tigervnc-server on the remote and connecting. If you can run it there it should work remotely. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Motherboard and chipset compatibility
On Mon, Aug 12, 2013 at 12:14 PM, Glenn Eychaner geycha...@mac.com wrote: [snip] Third (more general) question: My requirements are (I believe) modest: * 1U short-depth rackmount chassis OR Mini-ITX small-footprint chassis * Dual GbE network ports * Dual 1920x1200 monitor display * One SSD drive * 32-bit CentOS 6.4 compatible. For the display configuration, do you need to run any graphics-intensive software? If not, I have seen some devices that act as miniature broadcast devices. The monitors don't need to be physically attached to the system unit. They do need some sort of wireless access to the server though. They are useful for monitoring stations, electronic signage, etc.., but not so good for fast updates (i.e., no games, videos would probably be degraded). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel 2.6.32-358.14.1.el6 boot fail
On Tue, Jul 30, 2013 at 8:09 PM, Ljubomir Ljubojevic cen...@plnet.rs wrote: Please submit a bug report on CentOS bugzilla site, against a kernel. Thanks, have done so and referred this thread. I'm beginning to suspect this is an SSD related issue. My other system is otherwise identical except for a traditional boot drive. Later today I'll have some time to replace the boot drive to check. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel 2.6.32-358.14.1.el6 boot fail
On Tue, Jul 30, 2013 at 2:15 PM, Ljubomir Ljubojevic cen...@plnet.rs wrote: How about posting your boot line (from grub)? Maybe there is something that has changed now. Btw, do you have GPT MBR on your HDD's? I had a boot problem on my Samsung NP350e5x laptop when I formatted HDD with GPT. It confused and tried to boot HDD when I select DVD and who knows what when I choose HDD. Thank you for your reply.. These are the two latest installed kernels. Default is set to the latter. The only difference I have is that I removed the quiet option during troubleshooting. title CentOS (2.6.32-358.14.1.el6.centos.plus.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32-358.14.1.el6.centos.plus.x86_64 ro root=/dev/mapper/vg_phoenix-LogVol00 rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=128M rd_NO_DM rd_LVM_LV=vg_phoenix/swap_001 KEYBOARDTYPE=pc KEYTABLE=us rd_LVM_LV=vg_phoenix/LogVol00 rdblacklist=nouveau initrd /initramfs-2.6.32-358.14.1.el6.centos.plus.x86_64.img title CentOS (2.6.32-358.11.1.el6.centos.plus.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32-358.11.1.el6.centos.plus.x86_64 ro root=/dev/mapper/vg_phoenix-LogVol00 rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=128M rd_NO_DM rd_LVM_LV=vg_phoenix/swap_001 KEYBOARDTYPE=pc KEYTABLE=us rd_LVM_LV=vg_phoenix/LogVol00 rdblacklist=nouveau quiet initrd /initramfs-2.6.32-358.11.1.el6.centos.plus.x86_64.img I'm going to reinstall and try a kernel from the testing repo.. Maybe something is physically wrong with the SSD primary drive.. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel 2.6.32-358.14.1.el6 boot fail
On Tue, Jul 30, 2013 at 6:54 PM, Kwan Lowe kwan.l...@gmail.com wrote: I'm going to reinstall and try a kernel from the testing repo.. Maybe something is physically wrong with the SSD primary drive.. I just tried installing the upstream vendor's kernel and it works fine. I just realized that the problem kernel is CentOS-Plus. I'm uninstalling and trying the Centos updates version now... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel 2.6.32-358.14.1.el6 boot fail
On Tue, Jul 30, 2013 at 7:33 PM, Kwan Lowe kwan.l...@gmail.com wrote: I just tried installing the upstream vendor's kernel and it works fine. I just realized that the problem kernel is CentOS-Plus. I'm uninstalling and trying the Centos updates version now... OK, same error with the CentOS stock kernel (not from CentOS Plus). Upstream vendor's kernel-2.6.32-358.14.1.el6.x86_64 works, stock CentOS version and CentOS-plus versions hang immediately after selecting the grub entry. My hardware is fairly basic: Motherboard M5A99X EVO R2.0 with version 1708 of the BIOS NVidia GeForce GTX 560 video card 120G SSD as primary drive 150G SATA hard drive for data VG ThinkPenguin wireless NIC (atheros driver) There's nothing I need in the newest kernel that I need, just to satisfy that weird part of me that wants everything updated :D. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] kio_http spawns multiple processes
Hello All: I've narrowed an earlier issue down to a problem with kio_http. This one is much easier to reproduce: In a KDE session, open Konsole terminal. In the Konsole session, type a bogus web address. E.g.: http://magoo.ca Right click the link and select Open Link In a few seconds you should get multiple notifications on the desktop and several kio_http processes spawned. This notifications keeps on arriving until a killall kio_http is issued. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel 2.6.32-358.14.1.el6 boot fail
On Sun, Jul 28, 2013 at 9:24 PM, Rob Kampen rkam...@kampensonline.com wrote: You haven't got an errored copy of the kernel by any chance?? I'd wipe it and re-install. Rob, thanks for your reply. Just tried that. Uninstalled the latest kernel, reinstalled. Same issue. Also bumped my BIOS up to the latest... The last time I saw this was because of some bad kmod packages for my wireless NIC. This has prevented me from updating a few kernels back. I only have userspace packages from alternate repos now, so am really stumped on what could be causing this. And... I just updated another system to the latest and it's working fine. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel 2.6.32-358.14.1.el6 boot fail
On Sat, Jul 27, 2013 at 10:19 PM, Mike McCarthy sy...@w1nr.net wrote: Aha! non-CentOS drivers? Are these from the OEM? Theyprobably need to be rebuilt to the new kernel. Have you tried booting into safe mode or with video drivers disabled? Just how you do that with CentOS I don't know but there should be instructions somewhere on the WEB. Mike, thanks for your reply. These are the latest NVidia drivers (NVIDIA-Linux-x86_64-319.32.run). I'm not quite sure it is the problem, however, after running some more tests. I tried rebuilding the NVidia drivers for the latest installed kernel using the '-k KERNEL_NAME' option to the installer script. These built successfully while the older kernel was running. On reboot into the new kernel, I got the same error (hard freeze, unable to reboot the system without a BIOS flash). I then uninstalled the NVidia proprietary drivers completely (--uninstall from the script). I received (expected) X related errors and dropped into a shell on the old kernel. Trying on the new kernel resulted in the same freeze. I.e.: On grub menu, I choose the newest kernel (kernel-2.6.32-358.14.1.el6.centos.plus.x86_64).In the top left I see the underline cursor blink for a few seconds and then stop. There's no other output. The HD and Power light on the system unit is solid at this point. If I try to reboot now I see the system fans spin up at low speed. About four seconds later the fans momentarily switch to high speed then the system powers down. Even if I unplug everything, drain the PSU, the system won't power back up until I reset the BIOS via jumper blocks. The hardware itself seems fine. I am actually typing this now on the system in question, but in the previous kernel. I just ran a quick package list by Vendor (queryformat %{vendor} ) and found some Dag Apt packages. I'll uninstall these and retest. Also checked my BIOS which is: Vendor: American Megatrends Inc. Version: 1302 Release Date: 11/15/2012 If there's an update available I'll flash it. This one has me stumped :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel 2.6.32-358.14.1.el6 boot fail
On Sat, Jul 27, 2013 at 8:38 AM, Johnny Hughes joh...@centos.org wrote: I have a two ASUS M5A99X EVO R2.0 motherboard based machines that I use for testing CentOS and I have booted the 2.6.32-358.14.1.el6.x86_64 and the 2.6.32-358.14.1.el6.centos.plus.x86_64 kernels on both machines without any issues. Thank you.. These are the exact same boards that I am running. OK, I will try swapping out the video cards. Those are the only non-CentOS drivers that I am running. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Kernel 2.6.32-358.14.1.el6 boot fail
Hello All: I installed 2.6.32-358.14.1.el6.centos.plus.x86_64 today and had some boot issues. After rebooting, the system locked immediately after the Asus motherboard logo. I thought at first that it was a hardware issue because it didn't appear that grub even loaded. I wasn't even able to get into the BIOS to change the boot order so it appeared that it was a hardware issue. I reset the MB BIOS and rebooted, which allowed me to get into the BIOS. Everything looked normal. I then tried to boot and the same issue. I repeated the BIOS clear and this time got to grub and let it load the latest kernel (2.6.32-358.14.1.el6). It hung again. I repeated the BIOS clear, go to the grub screen, selected the previous kernel and everything was fine. Once I got to the OS, I removed the rhgb quiet from grub.conf from the newest kernel. Rebooted. Hung again immediately after loading. The weird thing is that I couldn't just power down and get back to grub; I had to clear the BIOS again before I could even load grub to select the previous kernel. Anyone else experiencing issues with the latest kernel? Any idea why it seems to even corrupt the BIOS? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can someone help confirm a bug? kio_http kdegraphics
On Wed, Jul 17, 2013 at 1:18 PM, Earl Ramirez earlarami...@gmail.com wrote: I carried out the steps using the following Build: CentOS 6.4 x86_64 Kernel: 2.6.32-358.11.1.el6.x86_64 I only installed html2ps, everything else was installed using the default Desktop installation together with the KDE GUI. When I click on the click, which point to http://ovh.com, I receive two notification and the same behaviour as you mentioned previously. When I check the output of ps -ef, I see the following, this was for two windows though. kde 5136 2352 1 13:09 ?00:00:01 konqueror -mimetype text/html http://ovh.com/ [snip] Excellent. Thanks so much for confirming this. I'm trying to confirm on RHEL now. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Can someone help confirm a bug? kio_http kdegraphics
Hello: I'm trying to track down a kio_http problem using CentOS 6.4 with KDE. This causes multiple kio_http procs to spawn and lots of notifications. Several steps are needed: Create a foo.html with an href foo.html htmlheadTest/headbodya href=http://ovh.comhttp://ovh.com/a/body/html [^] Use html2ps then ps2pdf to create a PDF document html2ps foo.htmlfoo.ps ps2pdf foo.ps okular foo.pdf Using the KDE desktop, open the PDF in Okular then click the click. Immediately there are desktop notifications that website was contacted and waiting for reply. A 'ps -ef' shows man kio_http processes being spawned. I'm not able to reproduce on all random websites, but the ovh.com always does so. This link was found in the latest Linux Journal so others may inadvertently cause this. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can someone help confirm a bug? kio_http kdegraphics
On Tue, Jul 16, 2013 at 10:58 AM, Earl Ramirez earlarami...@gmail.com wrote: Hello Kwan, I will fire up a KVM vm and try to reproduce the problem/bug with the steps provided, in what architect are you currently experiencing this with? Thanks Earl... I am running on CentOS 6.4 64bit (x86_64). I'm spinning up a RHEL instance to see if it's an upstream issue also. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Weird Okular/KDE error - thousand procs spawned
Hello all: I'm trying to troubleshoot a strange and repeatable error and not sure where to log the bug report. I subscribe to Linux Journal and download their PDF. The DLJ230.pdf opens in the Okular PDF reader from Konqueror. If I scroll down to the ad for some colo site (www.ovh.com) and click the right side of the page, I immediately start getting hundreds of alerts on the desktop. These all say: www.ovh.com contacted. Waiting for reply... Source: http://www.ovh.com/us/index.html They appear at the rate of about one per second. A ps -ef shows hundreds of new processes such as: kwan 27155 24731 0 18:21 ?00:00:00 kdeinit4: kio_http [kdeinit] http local:/tmp/ksocket-kwan/klauncherT24732.s kwan 27169 24731 1 18:21 ?00:00:00 kdeinit4: kio_http [kdeinit] http local:/tmp/ksocket-kwan/klauncherT24732.s kwan 27177 24731 1 18:21 ?00:00:00 kdeinit4: kio_http [kdeinit] http local:/tmp/ksocket-kwan/klauncherT24732.s kwan 27184 24731 1 18:22 ?00:00:00 kdeinit4: kio_http [kdeinit] http local:/tmp/ksocket-kwan/klauncherT24732. I let it run for a few minutes to see if it would time out but it just keeps growing until I finally kill all the kio_http procs (killall kio_http). It's reproducible on at least two CentOS 6.4 builds. Not sure if it's an Okular bug or something else. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Chrome Dependency
OK, the latest stable version of Chromium is now posted here: http://people.centos.org/hughesjr/chromium/6/ :) A big thank you for this build. If I may, how difficult is to enable sandbox? As far as I can tell, it's the only Chrome feature that would be useful to me. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Kernel panic after update
Hello all: I just updated yesterday and rebooted when I received this error: compat: exports duplicate symbol pcmcia_loop_typle (owned by kernel) FATAL: Error inserting dm_mod (/lib/modules/2.6.32.-358.2.1.el6.centos.plus.x86_64/kernel/drivers/md/dm-mod.ko): Invalid module format compat: exports duplicate symbol pcmcia_loop_tuple (owned by kernel) It is a centos-plus update however. Is this the correct forum to discuss issues with the plus repo? Thanks, Kwan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel panic after update
On Sun, Mar 17, 2013 at 10:45 AM, Akemi Yagi amy...@gmail.com wrote: Reported in the bug tracker: http://bugs.centos.org/view.php?id=6304 Thanks for the quick reply and will follow that discussion. I'm still getting my head around netconsole... been a while :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lockups with kernel-2.6.32-358.0.1.el6.i686
On Sun, Mar 3, 2013 at 11:02 PM, Ian Pilcher arequip...@gmail.com wrote: I updated my home server with the 6.4 CR packages, and I've experienced 3 or 4 hard lockups since. The server is a fanless VIA C7 CentaurHauls system with a 1GHz CPU underclocked to 800MHz and 1GB of RAM. It has a dual-port Intel 82546GB NIC in its single PCI slot. (It also has an on-board Realtek RTL-8110SC/8169SC NIC that is plugged in, but doesn't currently have an IP address configured.) Well.. Looks like my hardware problems were only superficially the same as yours. After fighting it for two weeks, I got the second replacement motherboard in on Tuesday. Swapped it out and it has been rock solid stable since then. At some point I may try bringing up the BIOS to the same version as on the failed board if someone has a similar problem, but for now it's staying at the back rev version. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cgroups not working?
On Wed, Mar 13, 2013 at 10:10 PM, Dennis Jacobfeuerborn denni...@conversis.de wrote: Hi, I'm trying to use cgroups to limit the apache webserver but this doesn't seem to work as far as I can tell. I modified cgconfig.conf like this: group webserver { cpu { cpu.shares=250; } } How many other groups do you have defined? IIRC, it was based on the ratio of that share to the total. So if that's the only group defined, it may end up getting all resources. http://hydra.geht.net/tino/english/faq/debian/squeeze/cgroups/ This seems to indicate that is how it works.. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lockups with kernel-2.6.32-358.0.1.el6.i686
On Thu, Mar 7, 2013 at 8:51 PM, Johnny Hughes joh...@centos.org wrote: I have 2 of these motherboards (ASUS M5A99X EVO R2.0) that I am using in CentOS development and testing. I am not seeing this issue .. I have M5A99X EVO R2.0 BIOS 1503 dated 2013/01/31 update. Do you have the latest BIOS? Thank you for your reply. Yes, latest BIOS installed. I have 2 of these also with similar configurations except for the NIC. One works perfectly the other has constant freezes. The working one has a slightly older BIOS so I'm thinking of downgrading the giltchy one. As far as logging goes, any idea what sort of failures could cause such a lockup? I.e., if memory was failing, would the system still be able to log? As the mouse is frozen and kernel sysrq has no effect, I'm still leaning towards hardware but literally everything except the case has been swapped out. (Well.. let me qualify that.. Everything but the 64GB SSD drive has been swapped but it seemed unlikely that a drive failure could cause such a lockup. Incorrect assumption?) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lockups with kernel-2.6.32-358.0.1.el6.i686
On Fri, Mar 8, 2013 at 10:51 AM, Gerry Reno gr...@verizon.net wrote: Nearly every time we've had lockup problems it has come down to bad or failing memory. I've even had memory cause problems where it would pass a quick memtest but ultimately would fail if you left it running the tests overnight. Thank you for your reply. I was leaning towards memory after swapping the power supply did not solve the problem. There are 4 8GB DDR3 sticks, so I took out two and ran with 16G. It still failed. I then swapped that out for the other 16GB. Still failed. What I haven't tried is to downclock the memory to a slower speed but will try that tonight if the BIOS supports it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lockups with kernel-2.6.32-358.0.1.el6.i686
On Fri, Mar 8, 2013 at 11:25 AM, m.r...@5-cent.us wrote: Right, but I've always *seen* error messages, dmesg, and, if mcelogd is actually working (I can't figure out why it seems to on some machines, and not on others, or why it doesn't keep running), it's in there. The times we've had lockups, there's been nothing. That's the frustrating thing.. Not a single error message. It also appears unrelated to system load as I went through 4 hours of the Phoronix test suite that pegged all 8 cores, Unigine Valley benchmark for several loops, memtest.. All passed. But at night it locked up when there was no load. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lockups with kernel-2.6.32-358.0.1.el6.i686
On Fri, Mar 8, 2013 at 11:34 AM, m.r...@5-cent.us wrote: Ok, so there was nothing in /var/log/dmesg? Have you tried running mcelogd? Nothing in dmesg, but I have not run mcelogd. I will try that tonight. Thanks! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lockups with kernel-2.6.32-358.0.1.el6.i686
On Fri, Mar 8, 2013 at 12:33 PM, SilverTip257 silvertip...@gmail.com wrote: If it's not memory related (test this memory in another system) then it is probably a motherboard failure. I've seen weird symptoms where the system will boot fine, but once the Linux kernel begins to build its cache it triggers a lock up/throws an exception. :) I've also swapped the motherboard. *Every* component except for the case and the SSD boot drive has been swapped. This is going on now for almost two weeks. I will try your suggestion of trying a separate set of banks in the off chance that those slots are faulty. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lockups with kernel-2.6.32-358.0.1.el6.i686
On Fri, Mar 8, 2013 at 2:12 PM, Les Mikesell lesmikes...@gmail.com wrote: I will try your suggestion of trying a separate set of banks in the off chance that those slots are faulty. I had one a few years ago where it took about 3 days for memtest to catch the bad RAM but even after fixing that there were random crashes. Turned out that the bad RAM had caused some disk corruption which was partly hidden by raid1 mirroring. Once in a while a program block read would hit the bad copy, but when you look for it everything looks OK... I'm running on the second bank now. I ran into a snag running mcelogd however (processor might not be supported). It appears that the CPU is not supported even after enabling the CONFIG_EDAC_MCE and CONFIG_EDAC_AMD64 in the /boot/config-xxx.. The error sometimes takes a few hours to occur so will use this system throughout the night to try to catch the failure. Starting mcelog daemon [FAILED] AMD Processor family 21: Please load edac_mce_amd module. CPU is unsupported ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lockups with kernel-2.6.32-358.0.1.el6.i686
On Fri, Mar 8, 2013 at 5:04 PM, Steve Thompson s...@vgersoft.com wrote: Just a wild idea: is the NIC in the system that freezes a Broadcom and in the other system something else? If so, disable_msi=1 may help. NICs are now both ThinkPenguin cards with an Atheros chipset.. At this point, the systems are identical except that the failing one has an even bigger PSU than is needed (I calculated 650W required and had an 850W in there... Now it's a 1200W :D ). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lockups with kernel-2.6.32-358.0.1.el6.i686
On Sun, Mar 3, 2013 at 11:02 PM, Ian Pilcher arequip...@gmail.com wrote: I updated my home server with the 6.4 CR packages, and I've experienced 3 or 4 hard lockups since. The server is a fanless VIA C7 CentaurHauls system with a 1GHz CPU underclocked to 800MHz and 1GB of RAM. It has a dual-port Intel 82546GB NIC in its single PCI slot. (It also has an on-board Realtek RTL-8110SC/8169SC NIC that is plugged in, but doesn't currently have an IP address configured.) Wow. I'm trying to troubleshoot a very similar problem. I was convinced that it was hardware, but beginning to exhaust my hardware troubleshooting skills. I'm running an Asus M5a99X EVO 2.0, Asus Geforce GTX 660, and AMD 8150 CPU, 32G RAM, Corsair 850W PS. Randomly I get a complete lockup. Mouse freezes, network dies, etc.. There's absolutely nothing in the logs related to the lockup. The system simply becomes totally unresponsive, to the point that the console cursor stops blinking. A hard reset is required to bring it back. kernel-2.6.32-279.22.1.el6.i686 seems to be completely stable. Same here. No log messages, just a complete freeze. At first I was suspecting some Pulseaudio glitches because of thousands of messages in the log. Then suspected the proprietary NVidia graphics, then thought it might be power supply. I've since swapped out every component with no improvement. It can sometimes for for hours without a problem, sometimes with a minute after a reboot it will lock up. Have you enabled your thermal sensors? Do you have any messages in the kernel log? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Off-Topic: Low Power Hardware
Doesn't meet all your needs, but you can find old netbooks for $200 or less. I've taken a couple from the laptop case and put it in a box. It accepts a laptop drive (I'm using a 90G SSD). You can add a separate NIC via USB. I'm running RedHat on them at the moment, but I assume CentOS would work just as well. On Mon, Jan 14, 2013 at 10:03 AM, Arun Khan knu...@gmail.com wrote: On Mon, Jan 14, 2013 at 9:14 AM, SilverTip257 silvertip...@gmail.com wrote: On Sun, Jan 13, 2013 at 8:12 PM, Gordon Messmer yiny...@eburg.com wrote: On 01/13/2013 10:15 AM, SilverTip257 wrote: And it looks like their Atom E6xx CPU [0] supports Intel VT-x. [0] http://www.intel.com/p/en_US/embedded/hwsw/hardware/atom-e6xx/overview Before you get too excited, the board's firmware is comBIOS, which is a Soekris-specific firmware that is designed to work well with a serial console. I didn't spend a lot of time on it, but I did give KVM virt a quick pass and did not get it working. They do run a 64-bit Linux, with good support for serial console and gigabit Ethernet. Any ideas why KVM didn't work? Unless, the comBIOS cripples the VT-x feature, CLI qemu-kvm with -vga none is worth a try. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PCI/DSS compliance on CentOS
Rui: On Sat, May 26, 2012 at 3:36 AM, Rui Miguel Silva Seabra r...@1407.orgwrote: On Fri, 25 May 2012 22:52:13 +0530 Arun Khan knu...@gmail.com wrote: I have a client project to implement PCI/DSS compliance. Some advice from my practical professional knowledge... Excellent post... The PCI/DSS auditor has stipulated that the web server, application middleware (tomcat), the db server have to be on different systems. In addition the auditor has also stipulated that there be a NTP server, a patch server, There is always the scope to be understood. If a server has card numbers somewhere, that server in on scope. So is any other server on the same network segment. So is any firewall delimiting these network segments. Now... if you have a sufficiently large number of systems in scope, it's more practical to suppose PCI:DSS is in scope on all servers. This is what we ended up doing. It was far easier to build everything to be compliant than to selectively push PCI compliant configurations to a handful of servers. This eases your maintenance as you won't have exceptions to deal with, or justify, but if you have very few systems in scope rather than most of the others which aren't, it'll be your decision considering the work overload. I personally still advise to follow most rules on the non scoped servers as they are in fact wise rules. The Host OS on all of the above nodes will be CentOS 6.2. Not a good practice to say 6.2. Merely applying patches as time goes on means in some time you'll be running 6.3. Say 6. :) Below is a list of things that would be necessary. 1. Digital Certificates for each host on the PCI/DSS segment 2. SELinux on each Linux host in the PCI/DSS network segment Beware that many instructions tell you to disable selinux. I found that with a little bit of work and the help of audit2why and a few more selinux commands, you can usually work around bad apps by assuming the risk of allowing what they need. A master will write his own selinux rules according to apps, though. We have selinux in our base configuration. The only caveat here is that vendors often will refuse to support an application if selinux is enabled. Though I know very well that selinux itself is not the problem (i.e., it's the policy that needs to be tweaked), the app owners claim that there is no way to figure out what is wrong when selinux is enabled. 3. Tripwire/AIDE on each Linux host in the PCI/DSS segment I advise OSSEC, rather than those, as it's a much better Host IDS. 4. OS hardening scripts (e.g. Bastille Linux) I'm very wary of these generic ones, I usually bet on strongly reducing the packages installed and defining the security settings straight from my kickstart install scripts. 5. Firewall 6. IDS (Snort) 6. Central “syslog” server Be careful to send logs under TLS. I found that as a syslog server, rsyslog on RHEL/CentOS 5 *sucks* and gets you in trouble with ram exhaustion and crashes. I had to backport from 6 as the idiotic siem software running on that server demanded series 5 (even though it's just java *sigh*) and we ran into this issue with rsyslog, which is quite old under RHEL/CentOS. This siem server does not support TLS syslog, only plain UDP/TCP unecrypted syslog, so one has to use a syslog server to receive under TLS then forward to the localhost. However, beyond this I would appreciate any comments/feedback / suggestion if you or your organization has undergone a PCI/DSS audit and what are the gotchas that you encountered, especially with respect to CentOS/ open source stack. Use sudo extensively. If you have many servers without central password validation and too little people, it's better to have passwordless sudo restricted to admins group as identified by access via OpenSSH RSA keys than having to change your password every month on hundreds of servers. We use sudo among other things. Lately we have enabled ACLs to allow specific individuals access to specific configuration files. The main caveat with sudo is finding those applications that allow shell access, etc.. Restrict your access to root shell, and keep it's password (written by two persons, each knowing their own half) in a safe where none of you can access without paper trail. Yes, as an admin you can override that, but if you have externalized logs audited by a separate set of people, your trails may get you in trouble, so that risk is mitigated. I came across this which kind of brings out issues between the implementer and the PCI/DSS auditor. http://webmasters.stackexchange.com/questions/15098/pci-dss-compliance-for-a-vps-using-centos I see there some things that are not true, namely WRT CentOS versions. It has a lot to do with *how* you do your things, what evidences you register, whether the auditor is excessively strict and/or knows the technology and/or does a risk based assessment, how segmented
Re: [CentOS] Configuration Compliance auditing for many CentOS 5.x boxes
On Wed, Feb 1, 2012 at 2:54 PM, Tom H t...@limepepper.co.uk wrote: Hi CentOS experts,* Short Version* I would like to produce a weekly report in HTML for each CentOS 5.x server we have indicating configuration compliance with some industry benchmark. I am looking for a tool or tools to implement this, I am happy to use 3rd party proprietary stuff if necessary. [snip] I'm in a similar situation. We have a growing infrastructure of over 300 instances of RHEL4/5/6. Though not specifically CentOS the tools are the same. My focus has been on PCI compliance. As of yet we don't have any SOX systems on Linux, but I expect that will change in the near future. For PCI compliance there are a few things that we do. The first thing was to get a handle on the buildout process which we did via kickstart. This ensured consistency in the builds which previously was done by different engineers/operators with different skill levels. We validated the standard image and then used Satellite/Spacewalk to keep track of the versions. The next step was the daily bit rot and the damage from the application folks whose sole experience was on desktop or laptop systems (i.e., they never had to comply with any industry standards). We started by separating OS from application. This meant not only separate volume groups and mount points for application files, but also things like ensuring that apps did not run as root (you'd be amazed how many developers insist that builds must occur as root). In just about every case where we allowed application developers to have root access we ended up with systems that were wildly out of compliance. In one case a developer installed an entire desktop suite, including MP3 player and video editing tools, in order to satisfy a dependency on a single widget library. We don't do that any more. :/ Next was auditing, which I think may apply to your question. For the basic package setup, Spacewalk or Satellite can track the versions and allow you to lock the package set. There are also existing scripts that wrap variations of an 'rpm -qVa' and send the reports back. Tools such as tripwire are also useful for this. If you have deployed SELinux, you can effectively even lock the root user from installing or modifying system packages. For the configurations, we are experimenting with cfengine and puppet. They allow you to track configuration changes, reset changes, etc.. I've also used CVS to track configuration files directly. I.e., checkin the changes onto a logged administration server then have the production servers checkout the changes on an on-demand or scheduled basis. This minimizes on-the-fly configurations that accumulate and take the server out of compliance. There are tools to generate reports from cfengine/puppet that show which configurations have changed, etc.. We are also using the perl test harness to run validations. It's pretty coding intensive so you'd possibly need a Perl developer initially to create and to maintain the scripts. The idea is to create the test scripts in lock step with changes to the kickstart. The harness generates a PASS or FAIL response depending on the Perl test. For example, for PCI compliance we have a standard login banner. The test does an MD5 sum against the target machine's /etc/issue.net and checks it against the stored hash. If the hashes correspond it passes the test (barring hash collisions of course :D ). We are still looking at other methods. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to remove a Trash folder from a mounted ntfs partition
On Fri, Oct 21, 2011 at 11:24 AM, James B. Byrne byrn...@harte-lyne.ca wrote: [snip] folder and the folder itself. This I cannot do. I have tried deleting using rm -rf ./.Trash-root but the command Try deleting with the -f option. I.e., rm -r .Trash-root. This will at least tell you what the issue is. Once you fix the issue preventing deletion, go ahead and add the -rf (or unalias your rm command :D ).. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Tool to track files
On Sat, Oct 1, 2011 at 10:11 PM, Fajar Priyanto fajar...@arinet.org wrote: Hi all, Due to some reason, I will have to stop using Samba as our fileserver, and instead replace it with SSH access only. Users will be able to use WinSCP for it. The question is, is there any tool to track files (what is new files, deleted files by who, etc)? In Samba I can do that. I don't know how if it's SSH access. Thank you Fajar. Sounds like you may be having some PCI changes in store :) You can enable auditing to track those kinds of events.. Not part of SSH itself but can help fulfill some of the PCI type requirements. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slightly OT: First Time KVM and LVM on Centos
On Thu, Jun 16, 2011 at 8:59 AM, Les Mikesell lesmikes...@gmail.com wrote: There is no reason that should be true. Copying 20GB out of an LV should take exactly the same amount of time as copying 20GB out of a file. What about the destination? Wouldn't it likely be harder to find a place to put the LV copy than space to write a file? Or can you copy back and forth? -- I just copy the raw filesystem directly to the remote raw filesystem with dd over ssh. If needed you can dd the entire partition to a file also. With LVMs you can also mirror the LV across multiple LUNs, break the mirror, then move the other LUN to another system. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Changing from RHEL to CentOS
On Tue, Jun 7, 2011 at 6:55 AM, John J. Boyer john.bo...@abilitiessoft.com wrote: I have a RHEL system and I'm thinking of changing to CentOW. How can this be done most easily. It is important that the e-mail setup not be disturbed, since it was crafted to work with an IP that requires authentication. Not sure if this will help, but I went the other way from CentOS to RedHat by grabbing a list of packages with rpm -qa, cleaning up the package names a bit, installing a base RedHat based on the same update level, then yum update or yum installing from the list of packages. Next I diffed the configuration directories and manually moved the changed files. Finally just backed up/restored the database and application LVMs (dd/gzip the entire partition). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nfs webroot 403's
On Wed, Jun 1, 2011 at 10:22 PM, Tim Dunphy bluethu...@jokefire.com wrote: hello list!! the reason I'm writing you guys today is that I'm looking to solve an issue I am having with apache on a centos 5.5 box. The situation is this.. I am sharing the webroot for a few sites in a test environment on an NFS share. This is the share: nas2:/mnt/store/web 1.4T 225G 1021G 19% /var/www Everything that is shared from this location on a server called simply web1 403's no matter what document you hit. On another web sever called web2 the opposite is true. Every document you share is correctly served. Do the apache users (or the user that accesses the NFS mount) have the same UIDs on both NFS clients? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT LVM question
On Thu, Mar 24, 2011 at 7:33 AM, Steve Campbell campb...@cnpapers.com wrote: I've got a situation here where my LVM is showing the following problem: Found duplicate PV xx: using /dev/sdb2 not /dev/sda2 Not sure what causes this and I really don't have a clue as to what the consequences are when seeing this or how to fix it. Google just confuses me with any suggestions. Were these drives once mirrored? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Swap space for kvm virtual host
On Mon, Mar 14, 2011 at 5:24 PM, Nataraj incoming-cen...@rjl.com wrote: [snip] In recent years people seem to configure a wide range of different swap allocations. I was thinking initially to spread swap across seperate non-raid partitions on 4 of these disks, but the downside of that is if I put 2gb on each disk, then I can only swap processes that will fit in 2gb swap space. Also, if one of the disks fails, I have to reboot if anything was swapped to that drive. I'm not certain that's entirely accurate... It's not so much swap space as page space. I.e., there are pages being swapped out rather than entire processes. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL4 EOL
On Thu, Mar 3, 2011 at 8:12 PM, Johnny Hughes joh...@centos.org wrote: On 03/03/2011 05:57 PM, Kwan Lowe wrote: Just curious... CentOS4 lifetime tracks RHEL4 somewhat... Since RedHat has announced LTS (Long Term Support) for RHEL4, are there plans to extend the CentOS 4 support window? No, BECAUSE ... Red Hat does not publicly release the sources for their Long Term Support packages. They are not releasing the Long Term packages for EL3 now, they won't be doing it for EL4 either. Now, if they DID release them, then CentOS would produce them. Ahhh.. thanks for the info... It's just as well in any case. Gives me some more leverage when I push to upgrade the 4.x systems... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Updating hardware clock from cron
On Fri, Mar 4, 2011 at 3:04 PM, Denniston, Todd A CIV NAVSURFWARCENDIV Crane todd.dennis...@navy.mil wrote: [snip] If your hwclock is off by a lot when it comes up I believe it is from one of the following: A) bad cmos battery. B) poor cmos clock C) confusing info in /etc/adjtime due to using both hwclock --adjust [at boot] and ntp (long story, but it is due to both tweaking the clock without coordination between them). D) booting a different OS with different ideas of timezones. E) manual tweaking of time via bios. [snip] good list.. I'd also add F) Running inside a virtual machine. The VMWare clock skew can be enormous. On some systems it drifts by a minute per hour if not adjusted via ntp. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - What are you looking forward to?
On Thu, Mar 3, 2011 at 10:11 AM, Digimer li...@alteeve.com wrote: Personally, I'm really looking forward to Cluster 3 support. It will be fun to see how Pacemaker compares to rgmanager. How about the rest of you? What are you looking forward to in CentOS 6 when it is released? I'm looking forward to the new cgroups and KVM. This will give it some capabilities similar to AIX virtual partitions which can divvy up CPUs at a fine resolution. Also, the new multipath configuration tools will make my life easier. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - What are you looking forward to?
On Fri, Mar 4, 2011 at 3:11 PM, John R Pierce pie...@hogranch.com wrote: IBM Power servers since the Power4+ CPU (they are up to Power7 now) have hardware partitioning support, commonly known as LPAR. LPAR can be divided in units of 1/10th of a CPU. The software to manage this is now called PowerVM (its been called other names in the past, not all polite). [informative text snipped] Yes, it is some nice stuff... In particular, having the hardware partitioning capability plays nice with Oracle licensing. Under KVM or Xen we still have to license the entire system. This probably won't change with the newer kvm, but one can hope. On the Linux side I would like to see how KSM (kernel memory merge) stacks up against memory compression on the Power7 side. Not sure if this made it into RHEL6, but hope springs eternal... Storage management is always a big issue for me. AIX has some really great tools for managing disks. In Linux the LUN, block and fs layer are still relatively decoupled which gives an enormous amount of flexibility but certain types of changes require multiple commands on Linux. On the desktop side I've been running RHEL6 as my primary environment since release. Transition was easy. My old kickstart files needed tweaking, but so far it's been a breeze. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Gnu Screen - terminal issues
On Thu, Mar 3, 2011 at 2:36 PM, Sean Carolan scaro...@gmail.com wrote: I really like gnu screen and use it everyday but there's one thing that is a bit inconvenient, and that's the odd line wrapping and terminal size issues that seem to pop up. The problem crops up when I type or paste a really long command, and then go back and try to edit it; the text starts to wrap over itself and you have no idea what you are editing. Any fixes for this? You wouldn't by any chance be using PuTTY to access the session? If so, you may need to play around with the terminal settings including the scroll type so that it displays correctly. I don't recall the specifics but a similar thing happened to me. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] RHEL4 EOL
Just curious... CentOS4 lifetime tracks RHEL4 somewhat... Since RedHat has announced LTS (Long Term Support) for RHEL4, are there plans to extend the CentOS 4 support window? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fast processing and buffering
On Wed, Mar 2, 2011 at 10:59 AM, Michael D. Berger m_d_berger_1...@yahoo.com wrote: I have a C++ program that opens, gets a little data from, and closes about 5000 files. Now if I run the program when I first boot up, the running time is from about 10 seconds to a minute. Subsequently, the program runs in well inter one second. Buffering -- right? So I changed a parameter, so the program gets a different (albeit similar) 5000 files from a different directory. Running time on the first try: well under one second. How about that? [~]$ uname -a Linux x 2.6.18-194.32.1.el5 #1 SMP Wed Jan 5 17:53:09 EST 2011 i686 i686 i386 GNU/Linux Buffering, certainly.. but maybe on several layers. The physical disk may have a read ahead cache. The OS may also buffer. You may also be pulling in libraries on the initial run which stay resident for awhile.. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RFC: video call recommendations
On Wed, Mar 2, 2011 at 2:38 PM, John R Pierce pie...@hogranch.com wrote: [snip] I believe google chat aka google talk works on linux too, and it has a video option. can't say I've tried it. It works for me on Ubuntu/Fedora. Apparently some have gotten it to work on RHEL5/CentOS5 but I have not tried. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Canon MX870
On Tue, Mar 1, 2011 at 2:46 PM, Brunner, Brian T. bbrun...@gai-tronics.com wrote: http://www.youtube.com/watch?v=ZIOjRQhj5A4 HP has its own realities. It is supported well under CentOS. In general, yes, HPs are pretty well supported. However, they have shipped non-standard printers that don't work so well. For example, the low-end HP2600n uses a different driver than the 2600 and the 2650. Though you can get it to work with CentOS, it's a bit of a pain. In fact, though the 2600n is listed with the other printers with similar model numbers, it won't work. You need to download a package from HP (at least there is one), or grab the foozjs drivers and compile them. The commodity Canons are OK for light use, occasional printing. That seems harsh, but I can say the same for Samsung, Brother and HP. All their low-end ones seem to fail after about a year or use. But hey, for $80 they cost as much as getting a mid-range printer that you update every 5 years. I print about 10 pages a week, and occasionally 40 to 50 pages on specific projects every other month or so. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sorting by date
On Mon, Feb 28, 2011 at 3:35 PM, erikmccaskey64 erikmccaske...@zoho.com wrote: Original: Jan 23 2011 10:42 SOMETHING 2007.12.20.avi [snip] Feb 12 2010 SOMETHING 2010.02.11.avi Jun 26 2009 SOMETHING 2009.06.25.avi How could I get the output where the newest file is at the top? If this is a text file, you can seed an array with the month names as the index then sort using that index... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ls returns file doesn't exist, find finds it??
On Wed, Feb 23, 2011 at 11:54 PM, neubyr neu...@gmail.com wrote: Howdy, I am getting some errors with find and ls command - such that find is able to see a file whereas ls says the file doesn't exist. Initially I was trying find and ls together as: # find ./ -type f -mtime +15 | xargs ls Instead of piping to xargs, try: find . -type f -mtime +15 -exec ls {} \; ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looping Device unmounting problem
On Thu, Feb 17, 2011 at 8:36 AM, dixan rodriges dixa...@gmail.com wrote: Dear All, I have created 252 loop devices in my system and i mounted few iso filses into loop devices .when i rebooting the system error showing faild to umount how can forcefully umount the loop device Not specific to loopback devices, but in some cases I use fuser to kill all procs associated with a mount... You may also need to remount it as read-only before unmounting and maybe use the -nr option to umount. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Authentication Problems
On Wed, Feb 16, 2011 at 7:28 AM, James Bensley jwbens...@gmail.com wrote: [root@server ~]# su - webdevuser [webdevuser@server ~]# passwd Changing password for user webdevuser. Changing password for webdevuser. (current) UNIX password: passwd: Authentication token manipulation error A lot of things can cause this, including a full /var filesystem :/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Creating floppy image without root permissions?
On Tue, Feb 15, 2011 at 5:37 PM, James Pearson jame...@moving-picture.com wrote: Have a look at mtools (part of CentOS) - you can do something similar as above as a non-root user: mformat -C -i floppy.flp -f 360 :: mcopy -i floppy.flp base_kickstart.ks ::ks.cfg Well, hey now! That works nicely. Thank you! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 on a Thinkpad T60 laptop
On Wed, Feb 16, 2011 at 9:52 AM, Mathieu Baudier mbaud...@argeo.org wrote: Hello, I'm considering buying a second-hand Thinkpad T60 (with 2 GB RAM), as a secondary laptop in order to run CentOS 5 on the field. My main focus is therefore to have something robust, reliable and above all well compatible with CentOS. Hibernate / suspend feature are important to me, because that's the main issue I have with CentOS on other laptops. I have found the following information so far: http://www.thinkwiki.org/wiki/Installation_CentOS_5_on_a_Thinkpad_T60 The processor is a T2300 (so 32 bits apparently): http://ark.intel.com/Product.aspx?id=27233 I would be grateful if people having used CentOS on this model could share their experience (good or bad). We had several of the T60s as corporate laptops. I've installed CentOS and RHEL on them without much problem. Most everything worked fine. The only issue I saw was battery life wasn't so great from a full charge. It seemed to run a bit hot. After a meeting it would be at 40% charge after about an hour. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any update on 5.6 / 6?
There used to be this farmer, Red, that sold the most delicious fruit. They were very good fruits. Many people liked them and bought them for their families. The farmer would make the fruit seeds available, as was the custom in the land. Another farmer, Fred, decided to take the seeds and start growing some of his own fruit. It took weeks to grow the fruit. The only difference was that he didn't put on the little Red sticker. Instead he put on a Fred sticker. Many people used the Fred version. Fred gave away his fruit. Many people started showing up for the free Fred version. Still, Fred continued to give away the fruit. In fact he turned down donations because a part of him didn't want to get paid for doing something like that. There were whole books Fred had read about altruism and the death of altruism and how money corrupts. Those thoughts maybe did not apply to Fred's garden, but Fred maybe realized that money wasn't the chief motivation for laboring for weeks and then giving away the fruit. After all, Fred was a great farmer, and if needed could very well sell his farming expertise for boatloads of money. People started showing up. Some didn't know about the work that Fred had put into his fruit. Some wanted to know when the fruit would be ready. Some went as far as asking why the fruit wasn't ready. Some said, Farmer Red grew his fruit months ago. Farmer Jed already has grown his fruit. Why haven't you? Some said, I don't know much about farming, but you should get people to help. Not me, since I know nothing of farming, but get other people. Some said, I don't know much about farming. I want to help. Some said, I've never farmed this fruit before, but I can help. Now Fred had read this book about how adding farmers to a field won't necessarily make the fruit grow any faster. Maybe it's true, he thought. Some of the experienced farmers had already been helping anyway, so that was something. I don't know how Fred continues to do his farming. But I appreciate the free fruit. I appreciate the great effort that Fred has put into the fruit, despite the chorus of voices asking why the fruit doesn't arrive sooner. It's good fruit and worth waiting for. (I apologize for the OT post that has nothing to do with CentOS). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Creating floppy image without root permissions?
Hello All: I've recently had to provision some RHEL and CentOS VMWare instances. There was no network connectivity so I had to use a kickstart floppy and DVD iso rather than installing from our repository. To create the floppy I used the following: As root: dd if=/dev/zero of=floppy.flp bs=1k count=360 mkfs.vfat floppy.flp mount -o loop floppy.flp /mnt/floppy cp base_kickstart.ks /mnt/floppy/ks.cfg umount /mnt/floppy It works, but now I need to automate the process and have to do with without root access. Is there a way to create a floppy iso with a single file without root access? I looked at fuseiso, but it appears that it still requires some root permissions. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Journal Aborts in VMware ESX (Filesystem Corruption)
On Mon, Feb 14, 2011 at 8:00 AM, Adam Tauno Williams awill...@whitemice.org wrote: On Mon, 2011-02-14 at 12:08 +, Keith Beeby wrote: Hi, So the 'fix' is applied directly to the host os, no, to the *guest* OS instances. [please, do not top-post]. is this the correct thing to do? sysctl -w vm.min_free_kbytes = 8192 No space(s) I believe. sysctl -w vm.min_free_kbytes=8192 I'm still not entirely clear as to why this setting should/will make a difference in maintaining filesystem integrity. It's certainly possible that the error I was receiving was a different reason, though similar symptoms. We started seeing filesystems go read-only, and only rebooting would clear it up. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Journal Aborts in VMware ESX (Filesystem Corruption)
It's certainly possible that the error I was receiving was a different reason, though similar symptoms. We started seeing filesystems go read-only, and only rebooting would clear it up. I use that setting on the Host OS for VMWare to prevent a whole vm from getting killed. That setting will maintain a minimum amount of free memory available to prevent a large program that requests memory quick from depleting all available memory and causing the program killer from killing the highest RAM process. If you are on a Host OS box, the biggest Memory processes are your VMs, and getting one killed off because memory reaches zero is not good. I don't have any idea how it would fix journal errors on a drive, but I guess it could. It's been a few years since I put in the tuning, but here's some info that might be useful: http://communities.vmware.com/thread/20690?start=0tstart=0 In particular, others had reported seeing this error: kernel: journal_get_undo_access: No memory for committed data. I don't recall that error in my case, but might explain why the tuning fixed the problem. There's a bugzilla for this: https://bugzilla.redhat.com/show_bug.cgi?id=179605 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Server Specs..
On Mon, Feb 14, 2011 at 2:09 PM, Drew drew@gmail.com wrote: Recently a discussion around server specifications were floated with mention of routines to stress the configurations. Do these stress suites exist for server testing? http://www.stresslinux.org/ IMHO, contains one of the best collection of linux based stress testing verification tools on a convenient CD. I use it to pound on off-lease servers before we accept them from our Vendor. Interesting.. thanks.. I was hoping that the testing would include validation testing. I'm looking for a package that lets one easily create tests such as: * Is /var filesystem 1G or larger * Does user xxx exist? * Do packages x, y, z exist at the indicated versions? * Is IPTABLES enabled on bootup? Is it running currently? I've been using Perl Test:Harness for some of these, and it works to a point, but creating new tests is somewhat laborious and requires familiarity with Perl. I.e., I can do it so that means I end up doing it... I wonder what the validation system is for CentOS? Such a suite would be useful to me to convince others that CentOS works identically -- bug for bug -- with RHEL. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Journal Aborts in VMware ESX (Filesystem Corruption)
On Sun, Feb 13, 2011 at 9:09 AM, Adam Tauno Williams awill...@whitemice.org wrote: I have several CentOS5 hosts in a VMware ESX 3.5.0 226117 environment using iSCSI storage. Recently we've begun to experience journal aborts resulting in remounted-read-only filesystems as well as other filesystem issues - I can unmount a filesystem and force a check with fsck -f and occasionally find errors. I've found - https://bugzilla.redhat.com/show_bug.cgi?id=228108 http://kb.vmware.com/selfservice/microsites/search.do?language=en_UScmd=displayKCexternalId=51306 - which seem related but I believe I am running a kernel that contains these fixes. I ran into a similar problem, but it was not specifically iSCSI. We ended up setting a sysctl.conf file. Give me a few and I will find the setting.. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Journal Aborts in VMware ESX (Filesystem Corruption)
On Sun, Feb 13, 2011 at 9:09 AM, Adam Tauno Williams awill...@whitemice.org wrote: I have several CentOS5 hosts in a VMware ESX 3.5.0 226117 environment using iSCSI storage. Recently we've begun to experience journal aborts resulting in remounted-read-only filesystems as well as other filesystem issues - I can unmount a filesystem and force a check with fsck -f and occasionally find errors. http://communities.vmware.com/message/245983 The setting we used to resolve was vm.min_free_kbytes = 8192 Previous to this we were seeing the error pop up every week or so. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuring a cluster
On Tue, Feb 8, 2011 at 10:52 AM, Johnny H ukfrien...@googlemail.com wrote: [snip] The cluster is medium performance for something called bioinformatics; we are looking at next generation sequence data. This sounds fascinating... Would very much like to hear how you proceed and pitfalls/successes you encounter. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mount the wrong device after system recovery
On Tue, Feb 8, 2011 at 1:51 PM, Xinhuan Zheng xzh...@christianbook.com wrote: · * switching / to /sysroot · Switch_root: bad newroot /sysroot · Kernel panic – not syncing: Attempted to kill init! I’ve changed the recovery system fstab to use the correct devices. I deleted recovery system etc/lvm/cache/.cache file. But it still doesn’t work. What am I missing? What does your /etc/grub.conf look like? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mount the wrong device after system recovery
On Tue, Feb 8, 2011 at 4:31 PM, Xinhuan Zheng xzh...@christianbook.com wrote: My grub.conf is pointing to sdb1 for /. I've corrected to use /dev/vg0/lv1. But after rebooting, I am getting the same error. I guess I need to rebuild initrd.img file. How do I rebuild that file? You'd use the mkinitrd utility and specify the name of the new initrd and the kernel version. To create from the current settings: Update your /etc/modprobe.conf mkinitrd /boot/my_new_initrd-`uname -r`.img `uname -r` Then update your /etc/grub.conf and update the initrd line.. You can specify an alternate kernel than the one running also. This is useful if you're rebooting into a new kernel and need to preload the modules. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum is b0rked
On Tue, Feb 8, 2011 at 5:49 PM, Tim Dunphy bluethu...@gmail.com wrote: rm -rf /var/lib/rpm/*_db.* I have tried rm -rf rm -rf /var/lib/rpm/*_db.* and rebuilt my rpm package database but that didn't move the needle on this problem That actually won't do anything for yum. Try: yum clean headers If that doesn't resolve, try: yum clean all Also, verify that your /var filesystem is writable and has a few gig of free space. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenSSH could be faster...then why don't they path it??
On Sun, Feb 6, 2011 at 7:20 AM, kellyremo kellyr...@zoho.com wrote: https://www.psc.edu/networking/projects/hpn-ssh/hpn-v-ssh-tput.jpg SCP and the underlying SSH2 protocol implementation in OpenSSH is network performance limited by statically defined internal flow control buffers. These buffers often end up acting as a bottleneck for network throughput of SCP, especially on long and high bandwith network links. Modifying the ssh code to allow the buffers to be defined at run time eliminates this bottleneck. We have created a patch that will remove the bottlenecks in OpenSSH and is fully interoperable with other servers and clients. In addition HPN clients will be able to download faster from non HPN servers, and HPN servers will be able to receive uploads faster from non HPN clients. However, the host receiving the data must have a properly tuned TCP/IP stack. My question is: So Why Does the original OpenSSH has limited statically defined internal flow control buffers?? It could be way faster, even 10x!! They are likely erring on the side of safety. Dynamic buffers could introduce some vulnerabilities. You can generate race conditions in different ways, and whenever there's a dynamic run-time setting this increases the exposure surface. BTW, at the end of the linked article: ms with buffer_append_space in HPN-SSH. If you are experiencing disconnects due to a failure in buffer_append_space please let us know. We're currently tracking some problems with this and we're trying to gather more information to help resolve it. With the HPN-SCP path it could be the descendant of FTP! Why aren't there any OpenSCP packages? ('normal SCP+HPN-SCP path+no local user needed for SCP'ing+chroot by default') Any opinions? Thank you! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] system clock
On Sun, Feb 6, 2011 at 4:35 PM, Buz Davis buzda...@earthlink.net wrote: I am running CntOS 5 with Gnome. Every now and then I have noticed that the computer will somehow get the time wrong by several hours. Is there a simple way to adjust the time? So far the only way I have found is to boot into windows (it is a dual boot system), make the change there, and then get back into CentOS. Older versions of Red Hat and Fedora let you do it by right-clicking on the time display, if I recall correctly, but setting the time isn't one of the options in CentOS. To summarize what others have said: 1) The disparity is caused by using different clock settings from Linux to Windows. Deselect UTC to make it use local time. 2) Use ntpdate to sync the time. A few other points: 1) Linux maintains both a system and a hardware clock. On bootup, the system copies the hardware clock to the system time. There can be drift between the two clocks (especially in virtual environments), so on shutdown the system does a sync from the system to the hardware clock. 2) The ntpd daemon will not adjust the system time beyond a few minutes. If you want to hard set the time, you need to use ntpdate first then turn on ntpd to keep it accurate. ntpdate does allow the system to slowly adjust the clock and this is useful to keep logs sane. 3) Be careful when forcing a time change on a running system. Time shifting backwards can wreak havoc on certain applications such as databases. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lost root access
On Wed, Feb 2, 2011 at 11:35 AM, m.r...@5-cent.us wrote: snip Well, if you could get on the system at all, and had sudo privileges, no problem. Well, the point was actually if you did not have sudo access to change the password, what else could you do. I.e., you had sudo to edit a particular file or do something else, but not run passwd. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 5.5 check memoray usage too high???
On Thu, Feb 3, 2011 at 7:18 AM, mcclnx mcc mcc...@yahoo.com.tw wrote: kernel is: 2.6.18-194.26.1.el5 #1 SMP Tue Nov 9 12:54:20 EST 2010 x86_64 x86_64 x86_64 GNU/Linux What sort of application? Is it 64-bit aware? What is the monitor checking? Also, there are some things to keep in mind if it's a Java-based application. You have to set heapsize differently (or at least, used to have to) on 32-bit vs 64-bit Java. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lost root access
On Wed, Feb 2, 2011 at 9:44 AM, James Bensley jwbens...@gmail.com wrote: So on a virtual server the root password was no longer working (as in I couldn't ssh in anymore). Only I and one other know it and neither of us have changed it. No other account had the correct privileges to correct this so I'm wondering, if I had mounted that vdi as a secondary device on another VM, browsed the file system and delete /etc/shadow would this have wiped all users passwords meaning I could regain access again? :) Nope... would lock everyone out!! You can change the shadow to a known hash and that should work. But going through that exercise, though interesting, would not be the most direct method. Had you changed the default expiration setttings on the system? You can run the chage command to see the settings on different users. Also you may want to check the faillog. Is this system Internet accessible? I'd be very leery of trusting that system until you determine what caused it to lock out. Anyhoo, coincidentally I was thinking of ways to change a root password on a 24/7 system. Some of the things I tested was to overwrite some of the cron scripts that I had access to, create a suid binary on a trusted and mounted fs (i.e., no root squash, noexec not enabled), exec a shell from with a sudo command that had shell out capability, etc.. (This is past tense because its sorted now but I'm curious if this would have worked? And if not, what could I have done?). -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Blasphemous? any support for a REPO of current edition BIND, et al (e.g., BZ561299)?
On Wed, Feb 2, 2011 at 1:02 PM, Larry Vaden va...@texoma.net wrote: On Wed, Feb 2, 2011 at 11:22 AM, Karanbir Singh mail-li...@karan.org wrote: you mean like the bind97 available in c5-testing right now, that should be in 5.6 soon ? Karanbir, WIth a lot of due respect, no, not exactly, since 9.7.0-P2 (if I'm reading it correctly) was released almost a year ago by isc.org. I was thinking more along the lines of /isc/bind9/9.7.2-P3/, released 2 months ago. Is there that much distrust of the current output of leading authors that we need to wait a long while? kind regards/ldv I appreciate the long roadmap and release schedule. At my work we need to do two to three year forecasts. Budgets may allow infrastructure updates every three or four years. If upgrading to a newer package means breaking backwards compatibility (i.e., it's an upgrade versus an update), we cannot associate the work and resources to a maintenance budget and may need to find other sources of funding. That's the business case... On the technical side, for every application we deploy we need to go through an entire certification process. So updating bind does not mean that we run a few dig queries against the new server, but doing a complete regression test against all applications that rely on bind. This would include revenue generating websites, authentication mechanisms, SSL, NFS mappings, and other apps that require name resolution (and it's surprising how many apps need more than just name/ip). A few months ago there was an Active Directory update. It had repercussions for a CIFS service running on a human resources server. This affected payroll processing. Now we need to find resources to upgrade that application and we cannot use the same budget. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 5.5 check memoray usage too high???
On Wed, Feb 2, 2011 at 4:58 PM, mcclnx mcc mcc...@yahoo.com.tw wrote: We have DELL R900 server with 128GB RAM (CENTOS 5.5)in it. This server only have one application running and few people use it. Every week I ata least get one or two messages from monitor tool mail to me say: Message=Memory Utilization is 92.02%, crossed warning (80) or critical (90) threshold. Since server have 128 GB RAM and only 1 application. I really don't belive that. Does there has some way can check memory utilitation ? What kernel are you using? Is your app 64-bit? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kernel update
On Mon, Jan 24, 2011 at 4:57 PM, mahmoud mansy jecko...@gmail.com wrote: hey guys, i wanna update the kernel of thw centos 5.5,to the 2.6.32 version! is there any compatablity issues with stuff like glibc or otheres! Someone suggested Fedora on the hardware and CentOS in a VM.. That works best if you're doing the RHCE.. However, you can also upgrade the kernel and yes, a few things don't always work quite right. Most notably, if I build the stock kernel I usually have to go back and tweak filesystem settings, sometimes some /dev entries don't appear, etc.. Nothing catastrophic, but takes a couple builds to get right. The other option is to grab the prepackaged kernels from some of the devs. They do a great job of packaging the latest, but then you miss out on all that fun of watching your drive LEDs blinking like crazy. BTW, you can download the RHEL6 trial.. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync via crontab spawns over 20 processes
On Sat, Jan 22, 2011 at 11:42 PM, Nico Kadel-Garcia nka...@gmail.com wrote: May I say no? You looked for help when you needed it, you provided the relevant information, and you provided more data when asked to solve the issue. And you understood the answer. I've *met* lamerz. You are merely a person who made a mistake. Glad you noticed and got it fixed. Here's my lamerz story from a couple nights ago... Backing up my xen/kvm machines that I do every month or two... Copied a xen guest from one system to another and booted to make sure it was working... All looked good. Then did my normal rsync between the two. The connection kept on dropping. On one system, ls was timing out. My immediate thought was bad hard drive. Took an hour to determine that I'd rebooted two identical xen guests with the same IP, same MAC, and they were stepping on each other. I'm very grateful for this list and for the patience that the contributors exhibit. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to control Hard Drive light from Linux?
On Sat, Jan 22, 2011 at 5:03 PM, Rudi Ahlers r...@softdux.com wrote: Hi all, Does anyone know how to control a hard drive light from Linux? I'm building a 24bay Linux File server which will run software RAID and I need an easy way for the engineers to see which HDD has gone bad. Most of our NAS devices has 2 lights on the hard drive cages and they automatically signal a bad one (reg light, light constant on , etc) but I can't figure out how todo this from Linux. -- This page might help: http://pikawarp.org/?p=139 Talks about setting entries in /sys/class/leds. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to control Hard Drive light from Linux?
On Sun, Jan 23, 2011 at 2:39 PM, Rudi Ahlers r...@softdux.com wrote: This page might help: http://pikawarp.org/?p=139 Talks about setting entries in /sys/class/leds. That's exactly what I want todo, but with drive cage LED's. Most hot swap drive cages have 2 LED's, so I need a more universal approach, i.e. irrespective of whether it's SuperMicro, Intel, HP, etc. The page you suggested is very specific to the WARP devices, and by the looks of it they have a script that runs in those folders, which in turn interacts with the drive's circuitry. but, I have yet to find a solution for generic Linux. The actual process is similar on other devices.. If they have support it will show up in /sys/class/leds and you can enable them the same way. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there a difference between RHEL 6 and 5.6?
On Wed, Jan 19, 2011 at 2:31 PM, Robert Moskowitz r...@htt-consult.com wrote: I have seen over the past few months subjects on RHEL 6 and RHEL 5.6 Are these two different builds for Centos to chase or one in the same? Yes, they are very different. RHEL6 has a lot of new functionality. RHEL 5.6 is the current version of RHEL5. CentOS5 tracks RHEL5. CentOS6 will track RHEL6. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos