Re: [CentOS] Centos6 ipsec troubles
Hello, I managed to make ipsec-tools work on CentOS 6.x here is how I did it: http://unix.wikinet.org/wiki/Configure_IPSec_on_CentOS_6.x_using_Kame_implementation#Modify_network_scripts thanks Rick On 3/5/13 12:01 AM, Gordon Messmer wrote: On 03/04/2013 07:45 AM, Riccardo Veraldi wrote: I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5 No can do. As Leon pointed out, ipsec-tools was discontinued. The documentation for ipsec-tools was always *awful* and the examples that were included in the documentation definitely did not match common configurations. Getting a tunnel up to any other type of OS was a nightmare. Good riddance. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos6 ipsec troubles
Hello, it looks like the usual way to do ipsec on centos5 won't work anymore on centos6 I installed ipsec-tools but an interface type IPsec is not recognized by the kernel ifup ipsec0 Device does not seem to be present, delaying initialization. I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5 any hints ? thank you Rick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] problems with luci on CentOS 6.2
On 5/12/12 4:33 AM, Joseph L. Casale wrote: 00:12:19,603 ERROR [luci.lib.ricci_helpers] Unable to retrieve the batch number from virtsrv3n3 Looks like that comes from: ./usr/lib64/python2.6/site-packages/luci/lib/ricci_helpers.py Whats unfortunate is their are several functions that emit that. I presume you could make them all unique if you actually don't know what the real issue is. Why dont you pastebin a bigger chunk of that log? jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos the only difference between this node and the other is that I added it to the cluster manually and using commnd line, everything is working except luci malfunctioning for this host... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] problems with luci on CentOS 6.2
Hello, I have a 5 node cluster. virtsrv1n1 virtsrv2n2 virtsrv3n3 virtsrv4n4 virtsrv5n5 From Luci I am unable to manage virtsrv3n3 machine. Luci is unable to reboot it for example and if I select the node properties it shows me no status for Cluster Daemons for this specific node. All the other nodes are fully manageable from luci. from command line everything seems to work fine. net-cluster @ Sat May 12 00:53:33 2012 Member Status: Quorate Member Name ID Status -- -- virtsrv1n1.mydomain.org 1 Online, Local, rgmanager virtsrv2n2.mydomain.org 2 Online, rgmanager virtsrv3n3.mydomain.org 3 Online, rgmanager virtsrv4n4.mydomain.org 4 Online, rgmanager virtsrv5n5.mydomain.org 5 Online, rgmanager Looking the luci log i see this error if i try for exmaple to reboot the node from luci: 00:12:19,603 ERROR [luci.lib.ricci_helpers] Unable to retrieve the batch number from virtsrv3n3 ricci is working ok on the node as well as cman rgmanager and gfs2, and I do not have iptables active. Any hints ? thank you Rick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] problems with PV snapshots
On 4/24/12 12:05 AM, Ljubomir Ljubojevic wrote: On 04/23/2012 03:44 AM, James A. Peltier wrote: | pvs |Found duplicate PV 5ZTDCmWHDH6M04nl58Wyyi3nYG8BOCRo: using | /dev/mapper/mpathl not /dev/mapper/mpathi |PV VG Fmt Attr PSize PFree |/dev/mapper/mpathk NetCluster0 lvm2 a--1.67t 1020.00m | snip HINT: You'll need to generate a new UUID/rename the PV. (pvchange -u) I suggest to first backup original UUID to some file, then change it. It might be needed. the main problem is that the volumes I am talking about are clustered volumes and even umounting them give me troubles because looks liek I Cannot change uuid on a clustered LVM... pvchange -u /dev/mapper/mpathk Found duplicate PV 46dU6F2rU9xqqOaWf8eihFwbdGp672lS: using /dev/mapper/mpathh not /dev/mapper/mpathk Found duplicate PV 5ZTDCmWHDH6M04nl58Wyyi3nYG8BOCRo: using /dev/mapper/mpathl not /dev/mapper/mpathi Unable to find /dev/mapper/mpathk in NetCluster0 0 physical volumes changed / 0 physical volumes not changed Internal error: Volume Group NetCluster0 was not unlocked Device '/dev/mapper/mpathh' has been left open. Device '/dev/mapper/mpathk' has been left open. Device '/dev/mapper/mpathh' has been left open. Device '/dev/mapper/mpathk' has been left open. Device '/dev/mapper/mpathk' has been left open. Device '/dev/mapper/mpathk' has been left open. Device '/dev/mapper/mpathh' has been left open. Device '/dev/mapper/mpathh' has been left open. Device '/dev/mapper/mpathk' has been left open. Device '/dev/mapper/mpathh' has been left open. You have a memory leak (not released memory pool): [0x1de12a0] format_instance [0x1de59e0] read_vg ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] problems with PV snapshots
hte main problem is that when I use pvchange -u it refuses to make operation to clsutered volume Volume Groups with the clustered attribute will be inaccessible. Found duplicate PV 46dU6F2rU9xqqOaWf8eihFwbdGp672lS: using /dev/mapper/mpathh not /dev/mapper/mpathk Found duplicate PV 5ZTDCmWHDH6M04nl58Wyyi3nYG8BOCRo: using /dev/mapper/mpathl not /dev/mapper/mpathi Skipping clustered volume group NetCluster0 0 physical volumes changed / 0 physical volumes not changed is there a way to remove the cluster bit from the volume itself ? thanks Rick On 4/23/12 3:44 AM, James A. Peltier wrote: - Original Message - | Hello, | I have a Centos 6.2 clsuter with a CLVM partition on which I have a | GFS2 | file system. | The problem rises when I make a snapshot from my FC NetAPP FAS2020. | After I make the snapshot (it is a rw snapshot) of my LUN, I am not | able | to mount it from any of my cluster nodes, | because the Physical Volume is seen two times one time on the | standard | LVM partition | and the other time on the snapshot partition so te PV is foudn to be | duplicate and I cannot mount it. | | pvs |Found duplicate PV 5ZTDCmWHDH6M04nl58Wyyi3nYG8BOCRo: using | /dev/mapper/mpathl not /dev/mapper/mpathi |PV VG Fmt Attr PSize PFree |/dev/mapper/mpathk NetCluster0 lvm2 a--1.67t 1020.00m | | | I need a hint on how to fix this problem. I need to access the | snaphot | volume to backup my data but I am unable to do it... | | thank you very much HINT: You'll need to generate a new UUID/rename the PV. (pvchange -u) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] problems with PV snapshots
Hello, I have a Centos 6.2 clsuter with a CLVM partition on which I have a GFS2 file system. The problem rises when I make a snapshot from my FC NetAPP FAS2020. After I make the snapshot (it is a rw snapshot) of my LUN, I am not able to mount it from any of my cluster nodes, because the Physical Volume is seen two times one time on the standard LVM partition and the other time on the snapshot partition so te PV is foudn to be duplicate and I cannot mount it. pvs Found duplicate PV 5ZTDCmWHDH6M04nl58Wyyi3nYG8BOCRo: using /dev/mapper/mpathl not /dev/mapper/mpathi PV VG Fmt Attr PSize PFree /dev/mapper/mpathk NetCluster0 lvm2 a--1.67t 1020.00m I need a hint on how to fix this problem. I need to access the snaphot volume to backup my data but I am unable to do it... thank you very much Rick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centso 6.2 bug ?
Hello, is anyone experiencing this ? I have a sympa process (bulk.pl) which triggers this bug: [ cut here ] WARNING: at kernel/sched.c:5914 thread_return+0x232/0x79d() (Not tainted) Hardware name: X8DTU-LN4+ Modules linked in: cpufreq_ondemand acpi_cpufreq freq_table mperf ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 microcode serio_raw i2c_i801 i2c_core iTCO_wdt iTCO_vendor_support igb ioatdma dca i7core_edac edac_core sg ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif usb_storage pata_acpi ata_generic ata_piix sata_mv dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan] Pid: 2241, comm: bulk.pl Not tainted 2.6.32-220.2.1.el6.x86_64 #1 Call Trace: [81069997] ? warn_slowpath_common+0x87/0xc0 [810699ea] ? warn_slowpath_null+0x1a/0x20 [814eccc5] ? thread_return+0x232/0x79d [810958e3] ? __hrtimer_start_range_ns+0x1a3/0x460 [814ee5db] ? do_nanosleep+0x8b/0xc0 [81095da4] ? hrtimer_nanosleep+0xc4/0x180 [81094b70] ? hrtimer_wakeup+0x0/0x30 [81095bd4] ? hrtimer_start_range_ns+0x14/0x20 [81095ed4] ? sys_nanosleep+0x74/0x80 [8100b0f2] ? system_call_fastpath+ thank you Rick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] libvirt security update CVE-2011-1146
Hello, I ask here if CentOS has a xml oval repository. This is the reason of my question: Actually I have an automatic system to check CVE vulnerabilities report against RedHat OVAL resources, for example: https://www.redhat.com/security/data/oval/com.redhat.rhsa-2011.xml for 2011 CVEs and RHSAs related OVALS My problem is that while the mechanism works flawlessly regarding Scientific Linux, with CentOS I have false positives reports because the patch level numbers for some rpms is somewhat different from the one written in the official RedHat OVALS. I make an example to explain myself better: Consider CVE-2011-0020 which corresponds to RHSA-2011:0180-1 security advisory and it regards a pango vulnerability. RedHat calls the updated rpm which addresses the vulnerability as pango-1.14.9-8.el5_6.2 CentOS calls it as pango-1.14.9-8.el5.centos.2 so we have: pango-1.14.9-8.el5_6.2 in the RedHat OVALS while CentOS has pango-1.14.9-8.el5.centos.2 and I think they both addresses the CVE-2011-0020 vulnerability but since the naming is different I have a report that my pango RPM on CentOS is vulnerable, while on SL with same rpm I have no false positives and everything is ok. So i ask if CentOS has it's own OVAL xml files because I cannot use i na realiable way the RedHat OVALS with CentOS for my porpouses. thank you very much Rick On 4/28/11 4:17 PM, Johnny Hughes wrote: On 04/28/2011 07:47 AM, Riccardo Veraldi wrote: Hello, I have seen that package libvirt-0.8.2-15.el5_6.3 on CentOS 5.6 which addresses CVE-2011-1146 https://www.redhat.com/security/data/cve/CVE-2011-1146.html vulnerability is not yet available while for example it is on Scientific Linux. Is there any particular reason why the above rpm update is still not available on mirrors ? This was pushed, it just had a .el5 instead of .el5_6 dist tag, so it looks older than the other update. Corrected and repushed. Thanks, Johnny Hughes ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] libvirt security update CVE-2011-1146
Hello, I have seen that package libvirt-0.8.2-15.el5_6.3 on CentOS 5.6 which addresses CVE-2011-1146 https://www.redhat.com/security/data/cve/CVE-2011-1146.html vulnerability is not yet available while for example it is on Scientific Linux. Is there any particular reason why the above rpm update is still not available on mirrors ? thank you Rick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] KVM problem after update to 5.6
Hello, after updating to Cents 5.6 and so to kvm-83-224 my KVM virtual machines qemu qcow2 based images do not start anymore. Looking at VM console the error message is that VM media is not bootable. Going back to previous KVM version kvm-83-164 from Centos 5.5 they works again. What's wrong with qemu images ? anyone has an idea on how to fix the problem ? thanks Rick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM problem after update to 5.6
On 4/11/11 11:45 AM, Tom H wrote: On Mon, Apr 11, 2011 at 5:30 AM, Riccardo Veraldi riccardo.vera...@cnaf.infn.it wrote: Hello, after updating to Cents 5.6 and so to kvm-83-224 my KVM virtual machines qemu qcow2 based images do not start anymore. Looking at VM console the error message is that VM media is not bootable. What's wrong with qemu images ? http://lists.centos.org/pipermail/centos/2011-April/109595.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos thank you very much I really solved the issue thanks Rick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kernel vulnerabilities
excuse me, could you be more helpful ? Actually I am not able to get any security update from CentOS 5.5 repo. Is there something I must change in the repo files ? thank you On 3/4/11 12:14 PM, Kai Schaetzl wrote: the archive would have told you. Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kernel vulnerabilities
Ok Thank you very much On 09/mar/2011, at 17:48, Peter Kjellström c...@nsc.liu.se wrote: On Wednesday, March 09, 2011 05:06:21 pm Riccardo Veraldi wrote: excuse me, could you be more helpful ? Actually I am not able to get any security update from CentOS 5.5 repo. Is there something I must change in the repo files ? The kernel you're expecting is not an update for 5.5 but a part of 5.6. 5.6 (along with 4.9 and 6.0) is currently being built and tested by the CentOS team. The short and frustrated first answer you got is due to an excessive flood of is it done yet? what's going on?-type threads over the last few weeks (consult the archives...). /Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Security updates for CentOS-5
On 3/9/11 5:45 PM, Mark Foster wrote: Hello, I was wondering why there haven't seemed to be any security updates for centos-5 since Jan 6. Per https://rhn.redhat.com/errata/rhel-server-errata.html there are a ton of outstanding issues. Thanks. My solution at least for the kernel, was to get the src.rpm from RedHat ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.5.1.el5.src.rpm and build the kernel myself. CentOS staff is working now hard full time for 5.6 release, so since January there has not been any update. Riccardo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] kernel vulnerabilities
Hello, I am using CentOS 5.5 I planned to update the kernel rpm because of vulnerabilities came out lately. The new redhat updated kernel would be 2.6.18-238.5.1.el5 Also Scientific Linux did and update to the kernels according to redhat advisories but I have seen that CentOS is still bound to kernel 2.6.18-194.32.1.el5 so no security update is available. I was wondering if this is normal or not. thank you Riccardo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos