Re: [CentOS-docs] VPNC article
Am Donnerstag, den 12.02.2009, 16:44 +0100 schrieb Scott Robbins: On Thu, Feb 12, 2009 at 10:23:01AM -0500, R P Herrold wrote: On Wed, 11 Feb 2009, Scott Robbins wrote: I have put the article on the wiki at http://wiki.centos.org/HowTos/vpnc The article asserts clear packaging permissions problems exist. Have these been upstreamed? By upstream do you mean the source code itself? The program built from source doesn't have that issue. On the other hand, without trying to read Dag's mind, I simply guessed that it was either minor oversight or a small additional securiy layer. (Assuming it is Dag who created the rpm, which is a casual assumption on my part.) Thanks. The permissions on the files in dags RPM: rpm -qlvp vpnc-0.5.3-1.el5.rf.i386.rpm [...] -rw---1 rootroot 157 Jan 19 16:35 /etc/vpnc/vpnc.conf -rw---1 rootroot14995 Jan 19 16:35 /etc/vpnc/vpnc-script I assume 600,root,root is ok for the config file, or do you really need 700 as the article indicates? I will update the permissions of vpnc-script to be 700 Chris financial.com AG Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany Management board/Vorstand: Dr. Steffen Boehnert (CEO/Vorsitzender) | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender) Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553 ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] VPNC article
On Thu, Feb 12, 2009 at 05:13:27PM +0100, Christoph Maser wrote: Am Donnerstag, den 12.02.2009, 16:44 +0100 schrieb Scott Robbins: On Thu, Feb 12, 2009 at 10:23:01AM -0500, R P Herrold wrote: On Wed, 11 Feb 2009, Scott Robbins wrote: The article asserts clear packaging permissions problems exist. Have these been upstreamed? By upstream do you mean the source code itself? The program built from source doesn't have that issue. On the other hand, without trying to read Dag's mind, I simply guessed that it was either minor oversight or a small additional securiy layer. (Assuming The permissions on the files in dags RPM: rpm -qlvp vpnc-0.5.3-1.el5.rf.i386.rpm [...] -rw---1 rootroot 157 Jan 19 16:35 /etc/vpnc/vpnc.conf -rw---1 rootroot14995 Jan 19 16:35 /etc/vpnc/vpnc-script I assume 600,root,root is ok for the config file, or do you really need 700 as the article indicates? I will update the permissions of vpnc-script to be 700 The article should only indicate that you should change the permissions for the vpnc-script file. (quickly doublechecks.) Argh, the other was a typo. The description was correct (I said chmod to read/write for root) and I just fixed the command, so it now reads correctly. Thank you VERY much for catching it, and apologies.) So, vpnc-script should be 700 for root and the default vpnc.conf is probably not used anyway, since it does provide the pcf2vpnc. Even if used, current permissions are fine. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Principal Snyder: It's fuzzy-minded liberal thinking like that that gets you eaten. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-announce] CESA-2009:0261 Moderate CentOS 4 ia64 vnc - security update
CentOS Errata and Security Advisory 2009:0261 https://rhn.redhat.com/errata/RHSA-2009-0261.html The following updated files have been uploaded and are currently syncing to the mirrors: ia64: updates/ia64/RPMS/vnc-4.0-12.c4.1.ia64.rpm updates/ia64/RPMS/vnc-server-4.0-12.c4.1.ia64.rpm -- Pasi Pirhonen - u...@iki.fi - http://pasi.pirhonen.eu/ Top-postings silently ignored signature.asc Description: Digital signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:0012 Moderate CentOS 4 ia64 netpbm - security update
CentOS Errata and Security Advisory 2009:0012 https://rhn.redhat.com/errata/RHSA-2009-0012.html The following updated files have been uploaded and are currently syncing to the mirrors: ia64: updates/ia64/RPMS/netpbm-10.25-2.1.c4.4.ia64.rpm updates/ia64/RPMS/netpbm-devel-10.25-2.1.c4.4.ia64.rpm updates/ia64/RPMS/netpbm-progs-10.25-2.1.c4.4.ia64.rpm -- Pasi Pirhonen - u...@iki.fi - http://pasi.pirhonen.eu/ Top-postings silently ignored signature.asc Description: Digital signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:0261 Moderate CentOS 3 s390(x) vnc - security update
CentOS Errata and Security Advisory 2009:0261 https://rhn.redhat.com/errata/RHSA-2009-0261.html The following updated files have been uploaded and are currently syncing to the mirrors: s390: updates/s390/RPMS/vnc-4.0-0.beta4.1.8.s390.rpm updates/s390/RPMS/vnc-server-4.0-0.beta4.1.8.s390.rpm s390x: updates/s390x/RPMS/vnc-4.0-0.beta4.1.8.s390x.rpm updates/s390x/RPMS/vnc-server-4.0-0.beta4.1.8.s390x.rpm -- Pasi Pirhonen - u...@iki.fi - http://pasi.pirhonen.eu/ Top-postings silently ignored signature.asc Description: Digital signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:0012 Moderate CentOS 4 s390(x) netpbm - security update
CentOS Errata and Security Advisory 2009:0012 https://rhn.redhat.com/errata/RHSA-2009-0012.html The following updated files have been uploaded and are currently syncing to the mirrors: s390: updates/s390/RPMS/netpbm-10.25-2.1.c4.4.s390.rpm updates/s390/RPMS/netpbm-devel-10.25-2.1.c4.4.s390.rpm updates/s390/RPMS/netpbm-progs-10.25-2.1.c4.4.s390.rpm s390x: updates/s390x/RPMS/netpbm-10.25-2.1.c4.4.s390x.rpm updates/s390x/RPMS/netpbm-devel-10.25-2.1.c4.4.s390x.rpm updates/s390x/RPMS/netpbm-progs-10.25-2.1.c4.4.s390x.rpm -- Pasi Pirhonen - u...@iki.fi - http://pasi.pirhonen.eu/ Top-postings silently ignored signature.asc Description: Digital signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS-es] duda sobre ruta 169.154.0.0 con ip estatica
César Sepúlveda wrote: La ruta la elimino con: route del -net 169.254.0.0 netmask 255.255.0.0 echo NOZEROCONF=yes /etc/sysconfig/network con eso no te debe salir esa ruta. saludos epe ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] rt_cache leak in 2.6.18
On Wednesday 11 February 2009, Hector Herrera wrote: ... After about 2-3 days, the kernel complains about dst cache overflow and even thought it hasn't crashed, the network is un-responsive. All IP forwarding stops and the server cannot be reached from any network interfaces. ... According to http://linux.derkeiler.com/Mailing-Lists/Fedora/2005-07/1175.html this is a known bug that was fixed in 2.6.11, however, I'm running 2.6.18 (as updated with `yum update`) I downloaded the kernel sources, and indeed, the kernel source contains the bug fix in the above article. Therefore ... I'm at a loss as to where to go from here. Certainly rebooting the server every day is not an option, and increasing the max_size will just delay it. Suggestions? Have a look around the upstream (rh) bugzilla to see if there is a fix in the pipe. If not then you'll have to either run a newer kernel or add the patch to the centos-kernel and rebuild it (both ways are quite messy). /Peter Thank you, Hector signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rt_cache leak in 2.6.18
According to http://linux.derkeiler.com/Mailing-Lists/Fedora/2005-07/1175.html this is a known bug that was fixed in 2.6.11, however, I'm running 2.6.18 (as updated with `yum update`) It could be something new. I got dst cache overflows before and it was a while before they finally identified the bug for the one I saw. Some references below. All I remember was that the chap who finally paid some attention really had to dig through the code before he found it and informed Dave Miller. http://oss.sgi.com/cgi-bin/extract-mesg.cgi?a=netdevm=2004-06i=40CF3A35.3070906%40outblaze.com http://marc.info/?l=linux-netdevm=109953032629224w=2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] httpd: internal dummy connection
Mike -- EMAIL IGNORED wrote on Wed, 11 Feb 2009 23:07:59 + (UTC): If I try to access it on a WinXP box, ZoneAlarm blocks it as a spy site. I wonder why it thinks so. And I wonder why you use ZA at all. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] httpd: internal dummy connection
Kai Schaetzl schrieb: Mike -- EMAIL IGNORED wrote on Wed, 11 Feb 2009 23:07:59 + (UTC): If I try to access it on a WinXP box, ZoneAlarm blocks it as a spy site. I wonder why it thinks so. And I wonder why you use ZA at all. Or Windows, for that matter. ;-) Rainer ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.2 x86_64 DVD
From: ward.p.fonte...@wellsfargo.com ward.p.fonte...@wellsfargo.com I’ve pulled this down with Firefox, wget, a bittorrent client and an ftp client using Windows as well as Linux hosts. Is something wrong with the distributed DVD image? It has failed an MD5 check every time I’ve pulled it down. Mine is 644f9f63f208ebee36ae5e2cdcc58721 as expected... Did you try from another source? JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.2 x86_64 DVD
ward.p.fonte...@wellsfargo.com wrote: I've pulled this down with Firefox, wget, a bittorrent client and an ftp client using Windows as well as Linux hosts. Is something wrong with the distributed DVD image? It has failed an MD5 check every time I've pulled it down. [r...@centos x86_64]# md5sum CentOS-5.2-x86_64-bin-DVD.iso 644f9f63f208ebee36ae5e2cdcc58721 CentOS-5.2-x86_64-bin-DVD.iso [r...@centos x86_64]# grep 644f9f63f208ebee36ae5e2cdcc58721 md5sum.txt 644f9f63f208ebee36ae5e2cdcc58721 CentOS-5.2-x86_64-bin-DVD.iso That's from http://centos.bio.lmu.de/ - so the DVD on that mirror is okay. If you want to pull from there (well the data will travel around the world) and get a different md5sum, it is something on your side. Ralph pgpZqcMF5LZ5U.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mirroring centos servers
Dear Fabian, Thanks for ur reply.. i will check it out regards fabian fabian dacunha wrote: Dear All, I have 2 server with almost identical configuration nd would like to mirror them bascillay i would like to use it as a firewall. i was thinking of linux HA but could not really find clear examples if it could achive my purpose apprecite if someone can help me of any site with examples on how to mirror 2 centos servers so i one fails the other works perfect thanks and really apprecite regards fabian I've already used Heartbeat between two centos machines acting as gateway/iptables firewall and it worked perfectly. The only 'problem' is that iptables connection status is of course not shared between the two nodes. Never used shorewall though. -- -- Fabian Arrotin idea=`grep -i clue /dev/brain` ; test -z $idea echo sorry, init 6 in progress || sh ./answer.sh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] clustering and load balancing Apache, using nginx
Les Mikesell пишет: Sergej Kandyla wrote: nginx http_proxy module is universal complex solution. Also apache working in prefork mode (in general cases), I don't know does mod_jk\mod_proxy_ajp works in the worker-MPM mode... In the preforking mode apache create a child on each incoming request, so it's too much expensive for resource usage. Have you actually measured this? Preforking apache doesn't fork per request, it forks enough instances to accept the concurrent connection count plus a few spares. Each child would typically handle thousands of requests before exiting and requiring a new fork - the number is configurable. Sorry for bad explanation. I meant that apache create a child (above MinSpareServers) for serving each new unique client. I measured nginx in real life :) On some server (~15k uniq hosts per day, ~ 100k pageviews, and with 1-3k concurrent tcp established connections ) with frontend(nginx) - backend (apache + phpfastcgi) architecture I turned off nginx proxing and server go away for a minute... apache forked to MaxClients (500) and took all memory. Also nginx helped me protect from low-medium DDoS. When apache forked to maxclients, nginx could server many thousand concurrent connections. So I've wrote shell scripts to parse nginx logs and put IPs of bots to firewall table. Therefore I find nginx (lighttpd also a good choose) enough efficient (at least for me). Off course you should understand what you expecting from nginx, what it can do and what can't. If you want real world measurements or examples of using nginx on heavy loaded sites please to google. Also you could ask in the nginx at sysoev.ru mail list (EN). Also apache spend about 15-30Kb mem for serving each tcp connection at this time nginx only 1-1.5Kb. If you have, for example, abount 100 concurrent connections from different IPs there is nearly 100 apache forks... it's too expensive. A freshly forked child should have nearly 100% memory shared with its parent and other child instances. Please tell me how much resources you should have for revers proxing with apache for example nearly 1k-2k unique clients ? What cpu load and memory usage will you have? I think that apache is great software. It's very flexible and features rich, but it especially good as backend for dynamical applications (mod_php, mod_perl, etc.) If you need to serve many thousand concurrent connections you should look at nginx, lighttpd, squid, etc.. IMHO. http://www.kegel.com/c10k.html As things change, this will decrease, but you are going to have to store the unique socket/buffer info somewhere whether it is a copy-on-write fork or allocated in an event-loop program. If you run something like mod_perl, the shared memory effect degrades pretty quickly because of the way perl stores reference counts along with its variables, but I'd expect the base apache and most module code to be pretty good about retaining their inherited shared memory. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Missing EL4 glibc update
Seeing upstream has an update for glibc http://rhn.redhat.com/errata/RHBA-2009-0052.html I rebuilt the glibc-2.3.4-2.41.el4_7.1.src.rpm and it produced the following rpms :- glibc-2.3.4-2.41.el4_7.1.i386.rpm glibc-common-2.3.4-2.41.el4_7.1.i386.rpm glibc-debuginfo-2.3.4-2.41.el4_7.1.i386.rpm glibc-debuginfo-common-2.3.4-2.41.el4_7.1.i386.rpm glibc-devel-2.3.4-2.41.el4_7.1.i386.rpm glibc-headers-2.3.4-2.41.el4_7.1.i386.rpm glibc-profile-2.3.4-2.41.el4_7.1.i386.rpm glibc-utils-2.3.4-2.41.el4_7.1.i386.rpm nptl-devel-2.3.4-2.41.el4_7.1.i386.rpm nscd-2.3.4-2.41.el4_7.1.i386.rpm Is it okay to install all of them or should i skip the debuginfo rpms? Is an official CentOS update going to be made of the glibc from Red Hat? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Logrotate base
On Thu, Feb 12, 2009 at 12:05:09PM +0800, Fajar Priyanto wrote: Logrotate is checked every day by cron.daily, right? I notice in logrotate.conf by default it's weekly. If I change it into monthly (now, on 12 of Feb), when will it do the monthly rotation? a. On 12 of March or b. On 1st of March? Fajar - logrotate is driven by cron. Cron is one of UNIX (oops, I mean Linux) very important system utilities. You need to know know about this, so check the man pages for cron and crontab to understand not only the timing on logrotate but on how ALL automated-scheduling of job/utilities are arranged on Linux. Everything you need to know about how to schedule anything is in there. Jeff Kinz -- Funniest signatures series: (found posted to a public email list) IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing EL4 glibc update
CentOS User wrote on Thu, 12 Feb 2009 12:08:11 +0100 (CET): Is an official CentOS update going to be made of the glibc from Red Hat? This question is rethorical, right? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.2 x86_64 DVD
I had tried from a couple different mirrors listed on the CentOS page, I eventually recalled that ANL mirrors everything and pulled it down from there. No issues with the ANL download. -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of John Doe Sent: Thursday, February 12, 2009 2:48 AM To: CentOS mailing list Subject: Re: [CentOS] 5.2 x86_64 DVD From: ward.p.fonte...@wellsfargo.com ward.p.fonte...@wellsfargo.com I’ve pulled this down with Firefox, wget, a bittorrent client and an ftp client using Windows as well as Linux hosts. Is something wrong with the distributed DVD image? It has failed an MD5 check every time I’ve pulled it down. Mine is 644f9f63f208ebee36ae5e2cdcc58721 as expected... Did you try from another source? JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Digital Video Editor for CentOS 5.2 - Suggestions?
On Tue, Aug 5, 2008 at 4:36 PM, Akemi Yagi amy...@gmail.com wrote: On Tue, Aug 5, 2008 at 2:26 PM, Lanny Marcus lmmailingli...@gmail.com wrote: We are finally going to replace our VHS-C Camcorder, with a Digital Camcorder, tomorrow. Looking for suggestions, for Digital Video Editor to use on CentOS 5.2. Preferably, something in the CentOS or RPMForge repositories and easy to use. TIA! Cinelerra. It is very powerful, and Dag kindly added to his repo quite sometime ago. http://cinelerra.org/ The only problem is that, because it is so powerful and feature rich, learning curve is very steep. I have yet to learn it myself but I already know its capabilities through my best Linux friend who is an expert in video editing. Akemi: My wife was successful with cinelerra, for the first time, last night. :-)I suggested she RFM, but when she is frustrated, like most people, she doesn't want to RFM. She really likes kino, easy to use, but there were problems, with the quality of some of the videos, after she used kino on them. One of these days, she will download the Spanish language cinelerra manual and read the Spanish language tutorial and then she will be on her way with cinelerra.. :-) Lanny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible CentsOS licensing issue
Puneet Goel wrote: Dear Friends, I have few questions. 1. I have a device on which I have installed CentOS 5.2 as an operating system. Now I want to sell this device. Will there be any issue ? No issues. You can sell GPL software. In fact that's part of the freedom GPL guarantees. You do need to the source code of GPS apps available (including any mods you made) to anyone you distribute it to, but you can sell it. There may be a trademark issue - I can't speak to that, but I doubt you will have any problems is you did not alter the install. Linux CD's (including CentOS) are sold all the time. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Question on canada
I have a possible customer in canada. Can I export a machine pre-loaded with centos to canada? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Logrotate base
On Thu, Feb 12, 2009 at 01:08:24PM +0800, Fajar Priyanto wrote: Hi Fajar, re logrotate and crontab: I was speaking from instinct knowing that crontab and a simple script to do the actual rotation is all that is needed. What I didn't expect was that someone had actually reinvented all the functionality of crontab to create a totally new utility that is much more limited than crontab. Unfortunately, logrotate is, as implied by your earlier post, a totally separate tool when all that was needed was a small script invoked by cron. My apologies for my earlier post. Also my apologies to you on behalf of the Linux community for the perpetration of such waste and bloat. Sadly, that trend is rising, not fading. Ironically Windows is currently trying to reduce the footprint of their basic package so it will fit better on netbooks. Perhaps we can follow in their footsteps. :-) Jeff Kinz -- Funniest signatures series: (found posted to a public email list) IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question on canada
On Thu, Feb 12, 2009 at 09:41:38AM -0500, Jerry Geis wrote: I have a possible customer in canada. Can I export a machine pre-loaded with centos to canada? Jerry Yes. You might want to use one of the shipping companies that provides specific border/customs services. DHL used to do that but given their recent disruption I have no idea if that service is still available. Jeff Kinz -- Funniest signatures series: (found posted to a public email list) IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question on canada
DISCLAIMER: I'm not a lawyer and I'm not your lawyer. I presume you mean due to restrictions on cryptographic software. My understanding is that even during the bad old days when ITAR (International Traffic in Arms Regulations) restricted anything with over a 56 bit key as a weapon of war that we had a special relationship with Canada and that crypto items could be exported there. An old webpage from 1995: http://www.ieee-security.org/Cipher/ConfReports/CryptoLawSurvey.html This site indicates that export to Canada was OK but that re-exporting from Canada to a third country was illegal. The restrictions have eased significantly since the mid 90s when this was written. In short: I wouldn't worry too hard if I were exporting to Canada, but your millage may vary. Regards, James N. Smith, CISSP jnsm...@leschwartz.com -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Jerry Geis Sent: Thursday, February 12, 2009 9:42 AM To: CentOS ML Subject: [CentOS] Question on canada I have a possible customer in canada. Can I export a machine pre-loaded with centos to canada? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Digital Video Editor for CentOS 5.2 - Suggestions?
On Thu, Feb 12, 2009 at 6:09 AM, Lanny Marcus lmmailingli...@gmail.com wrote: On Tue, Aug 5, 2008 at 4:36 PM, Akemi Yagi amy...@gmail.com wrote: On Tue, Aug 5, 2008 at 2:26 PM, Lanny Marcus lmmailingli...@gmail.com wrote: We are finally going to replace our VHS-C Camcorder, with a Digital Camcorder, tomorrow. Looking for suggestions, for Digital Video Editor to use on CentOS 5.2. Preferably, something in the CentOS or RPMForge repositories and easy to use. TIA! Cinelerra. It is very powerful, and Dag kindly added to his repo quite sometime ago. http://cinelerra.org/ Akemi: My wife was successful with cinelerra, for the first time, last night. :-)I suggested she RFM, but when she is frustrated, like most people, she doesn't want to RFM. She really likes kino, easy to use, but there were problems, with the quality of some of the videos, after she used kino on them. One of these days, she will download the Spanish language cinelerra manual and read the Spanish language tutorial and then she will be on her way with cinelerra.. :-) Lanny Thanks for the update, Lanny. I use kino to transfer video (in .dv) from a camcorder but, yes, its editing is not robust. By the way, if anyone is having problems with kino and firewire connection under CentOS-5, there is a solution. It's on my little blog: http://blog.toracat.org/?p=84 . Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Logrotate base
On 2009-02-12 15:47, jk...@kinz.org wrote: On Thu, Feb 12, 2009 at 01:08:24PM +0800, Fajar Priyanto wrote: Hi Fajar, re logrotate and crontab: I was speaking from instinct knowing that crontab and a simple script to do the actual rotation is all that is needed. What I didn't expect was that someone had actually reinvented all the functionality of crontab to create a totally new utility that is much more limited than crontab. You mean anacron? Then you must read the man page again. It is intended to be used on those circumstances where cron would not work. E.g. on computers that are not always on, like most laptops. In that case cron would never run the logrotate script scheduled at 4 am in the morning. And, in fact anacron is not really bloated either, rather small, I would say. Unfortunately, logrotate is, as implied by your earlier post, a totally separate tool when all that was needed was a small script invoked by cron. My apologies for my earlier post. logrotate still is that simple script to be invoked by (ana)cron. -- Paul Bijnens, Xplanation Technology ServicesTel +32 16 397.525 Interleuvenlaan 86, B-3001 Leuven, BELGIUM Fax +32 16 397.552 *** * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, * * quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, ~., * * stop, end, ^]c, +++ ATH, disconnect, halt, abort, hangup, KJOB, * * ^X^X, :D::D, kill -9 1, kill -1 $$, shutdown, init 0, Alt-F4, * * Alt-f-e, Ctrl-Alt-Del, Alt-SysRq-reisub, Stop-A, AltGr-NumLock, ... * * ... Are you sure? ... YES ... Phew ... I'm out * *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mirroring centos servers
Fabian Arrotin napsal(a): I've already used Heartbeat between two centos machines acting as gateway/iptables firewall and it worked perfectly. The only 'problem' is that iptables connection status is of course not shared between the two nodes. Never used shorewall though. Fabian, there's a way to share - conntrackd. http://fs12.vsb.cz/hrb33/el5/hrb-fw/stable/i386/repodata/repoview/conntrack-tools-0-0.9.7-1.el5.hrb.html But I'd prefer BSD CARP like pfSense, see http://blogfranz.blogspot.com/2008/12/is-conntrackd-really-pfsynccarp-for.html Regards, David Hrbáč ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
Kai Schaetzl wrote: Ian Forde wrote on Wed, 11 Feb 2009 20:01:21 -0800: locate rpmsave locate rpmnew rpmsave is left from *un*installations, rpmnew is the *new* file, there is no file overwritten. rpm usually doesn't overwrite files if they got changed. AFAIK this is not correct, a package upgrade can create either of these (or both, or neither of them despite your having edited a file). And that's the way it should be, either choice can be justified. It depends on the package's SPEC file. rpm just does what it's told, everything is in the hands of the package maintainer. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size
Hi Jay, Thanks for the response. I tried following command on both servers, and there was nothing coming out: restorecon -v /etc/services So the /etc/services file should be ok. Frank Ling From: Jay Leafey jay.lea...@mindless.com To: CentOS mailing list centos@centos.org Sent: Wednesday, February 11, 2009 9:40:30 PM Subject: Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size Frank Ling wrote: Hi, My both CentOS 5 servers have logging problems. Logs such as messages, boot.log, kernel, spooler, and tallylog in /var/log directory are all 0 size. The kernel is: Linux 2.6.18-92.1.22.el5 #1 SMP. Since the /var/log/messages contained no information it would be impossible to troubleshoot the problem. I am very sure both systems have not been hacked by others. Sincerely, Frank Ling -- -rw--- 1 root root 0 Feb 8 04:02 messages -rw--- 1 root root 0 Feb 3 11:04 messages.1 -rw--- 1 root root 0 Jan 25 04:02 messages.3 -rw--- 1 root root 0 Jan 11 04:03 messages.4 -rw--- 1 root root 10 Dec 27 13:00 messages.offset -rwx-- 1 root root 0 Feb 11 19:12 kernel -rwx-- 1 root root 0 Feb 11 16:53 kernel.1 -rwx-- 1 root root 0 Jan 25 04:02 kernel.3 -rwx-- 1 root root 0 Jan 11 04:03 kernel.4 -rw--- 1 root root 0 Feb 8 04:02 spooler -rw--- 1 root root 0 Feb 3 07:51 spooler.1 -rw--- 1 root root 0 Jan 25 04:02 spooler.3 -rw--- 1 root root 0 Jan 11 04:03 spooler.4 -rw--- 1 root root 0 Jun 24 2008 tallylog -- I've had something similar happen a couple of times after an update. In my case the /etc/services file got it's security context clobbered when some package tried to update it's contents. When logrotate ran, the syslog daemon couldn't open /etc/services because of the error and I ended up with a bunch of empty log files. The quickest way to check for this is the command: restorecon -v /etc/services If nothing prints out in response, that's not the problem. If it DOES, that might explain it. I have been checking the contexts occasionally to try and trap exactly when it happens. I use: restorecon -R -n -v /etc which walks through the entire /etc tree looking for contexts to change but just reports any exceptions. Just a thought! -- Jay Leafey - Memphis, TN jay.lea...@mindless.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
On Thu, Feb 12, 2009, Nicolas Thierry-Mieg wrote: Kai Schaetzl wrote: Ian Forde wrote on Wed, 11 Feb 2009 20:01:21 -0800: locate rpmsave locate rpmnew rpmsave is left from *un*installations, rpmnew is the *new* file, there is no file overwritten. rpm usually doesn't overwrite files if they got changed. AFAIK this is not correct, a package upgrade can create either of these (or both, or neither of them despite your having edited a file). And that's the way it should be, either choice can be justified. It depends on the package's SPEC file. rpm just does what it's told, everything is in the hands of the package maintainer. I think that the only time a .rpmnew file is created is if the SPEC file specifies ``%config(noreplace)'' for a file. If the ``noreplace'' option is not used, the .rpmsave files are created either when a package is removed, or when a file specified as a configuration file in the RPM SPEC file is updated and the file is sufficiently different from the default (for some definition of suffieiently). In the OpenPKG portable packaging system, which is RPM based, the presence of any .rpmnew or .rpmsave configuration files will prevent a package from starting, and warning messages will be generated until the situation is resolved. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 The obscure we see eventually, the completely apparent takes longer. -- Edward R. Morrow ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 48, Issue 6
-signature Size: 189 bytes Desc: Digital signature Url : http://lists.centos.org/pipermail/centos-announce/attachments/20090212/d6ec5759/attachment-0001.bin -- Message: 8 Date: Thu, 12 Feb 2009 17:58:14 +0200 From: Pasi Pirhonen u...@centos.fi Subject: [CentOS-announce] CESA-2009:0261 Moderate CentOS 4 ia64 vnc - security update To: centos-annou...@centos.org Message-ID: 20090212155813.gk12...@centos.fi Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2009:0261 https://rhn.redhat.com/errata/RHSA-2009-0261.html The following updated files have been uploaded and are currently syncing to the mirrors: ia64: updates/ia64/RPMS/vnc-4.0-12.c4.1.ia64.rpm updates/ia64/RPMS/vnc-server-4.0-12.c4.1.ia64.rpm -- Pasi Pirhonen - u...@iki.fi - http://pasi.pirhonen.eu/ Top-postings silently ignored -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.centos.org/pipermail/centos-announce/attachments/20090212/3c8bb328/attachment-0001.bin -- Message: 9 Date: Thu, 12 Feb 2009 17:59:14 +0200 From: Pasi Pirhonen u...@centos.fi Subject: [CentOS-announce] CESA-2009:0012 Moderate CentOS 4 ia64 netpbm -security update To: centos-annou...@centos.org Message-ID: 20090212155914.gl12...@centos.fi Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2009:0012 https://rhn.redhat.com/errata/RHSA-2009-0012.html The following updated files have been uploaded and are currently syncing to the mirrors: ia64: updates/ia64/RPMS/netpbm-10.25-2.1.c4.4.ia64.rpm updates/ia64/RPMS/netpbm-devel-10.25-2.1.c4.4.ia64.rpm updates/ia64/RPMS/netpbm-progs-10.25-2.1.c4.4.ia64.rpm -- Pasi Pirhonen - u...@iki.fi - http://pasi.pirhonen.eu/ Top-postings silently ignored -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.centos.org/pipermail/centos-announce/attachments/20090212/372450f4/attachment-0001.bin -- Message: 10 Date: Thu, 12 Feb 2009 18:02:24 +0200 From: Pasi Pirhonen u...@centos.fi Subject: [CentOS-announce] CESA-2009:0261 Moderate CentOS 3 s390(x) vnc - security update To: centos-annou...@centos.org Message-ID: 20090212160224.gm12...@centos.fi Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2009:0261 https://rhn.redhat.com/errata/RHSA-2009-0261.html The following updated files have been uploaded and are currently syncing to the mirrors: s390: updates/s390/RPMS/vnc-4.0-0.beta4.1.8.s390.rpm updates/s390/RPMS/vnc-server-4.0-0.beta4.1.8.s390.rpm s390x: updates/s390x/RPMS/vnc-4.0-0.beta4.1.8.s390x.rpm updates/s390x/RPMS/vnc-server-4.0-0.beta4.1.8.s390x.rpm -- Pasi Pirhonen - u...@iki.fi - http://pasi.pirhonen.eu/ Top-postings silently ignored -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.centos.org/pipermail/centos-announce/attachments/20090212/f2ba5260/attachment-0001.bin -- ___ CentOS-announce mailing list centos-annou...@centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 48, Issue 6 ** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] clustering and load balancing Apache, using nginx
Sergej Kandyla wrote: In the preforking mode apache create a child on each incoming request, so it's too much expensive for resource usage. Have you actually measured this? Preforking apache doesn't fork per request, it forks enough instances to accept the concurrent connection count plus a few spares. Each child would typically handle thousands of requests before exiting and requiring a new fork - the number is configurable. Sorry for bad explanation. I meant that apache create a child (above MinSpareServers) for serving each new unique client. That's actually for each concurrent connection, not each unique client. Browsers may fire off many simultaneous connections but http connections typically have a very short life, so unless users are downloading big files, streaming data, or have low-bandwidth connections (or your back end service is slow), you shouldn't have that much concurrency. I measured nginx in real life :) On some server (~15k uniq hosts per day, ~ 100k pageviews, and with 1-3k concurrent tcp established connections ) with frontend(nginx) - backend (apache + phpfastcgi) architecture I turned off nginx proxing and server go away for a minute... apache forked to MaxClients (500) and took all memory. There are many factors that can affect it, but that seems like too many concurrent connections for that amount of traffic. The obvious thing to check is whether you have keepalives on and if so, what timeout you use. On a busy internet site you want it off or very short. Also, I'm not sure the fastcgi interface gives the same buffer/decoupling effect that you get with a proxy. With a proxy, the heavyweight backend is finished and can accept the next request as soon as it has sent its output to the proxy which may take much longer to deliver to slow clients. The fastcgi interface might keep the backend tied up until the output is delivered. If that is the case, you would get much of the same effect with apache as a front end proxy. Running apache as a proxy might work with less memory in threaded mode too. Also nginx helped me protect from low-medium DDoS. When apache forked to maxclients, nginx could server many thousand concurrent connections. So I've wrote shell scripts to parse nginx logs and put IPs of bots to firewall table. Basically if your backend can't deliver the data at the rate the requests come in you are fried anyway. Therefore I find nginx (lighttpd also a good choose) enough efficient (at least for me). Off course you should understand what you expecting from nginx, what it can do and what can't. If you want real world measurements or examples of using nginx on heavy loaded sites please to google. Also you could ask in the nginx at sysoev.ru mail list (EN). Thanks, I hadn't found much about it in english. Also apache spend about 15-30Kb mem for serving each tcp connection at this time nginx only 1-1.5Kb. If you have, for example, abount 100 concurrent connections from different IPs there is nearly 100 apache forks... it's too expensive. A freshly forked child should have nearly 100% memory shared with its parent and other child instances. Please tell me how much resources you should have for revers proxing with apache for example nearly 1k-2k unique clients ? What cpu load and memory usage will you have? I'm not sure there are good ways to measure the shared copy-on-write RAM of forked processes. But 15k/connection doesn't sound unreasonable, keeping in mind that you have to buffer all unacknowledged data somewhere. I think that apache is great software. It's very flexible and features rich, but it especially good as backend for dynamical applications (mod_php, mod_perl, etc.) If you need to serve many thousand concurrent connections you should look at nginx, lighttpd, squid, etc.. IMHO. I've been using F5 load balancers for the hard part of this for a while but I'd still wonder why you have that much concurrency instead of delivering the page and dropping the connection. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing EL4 glibc update
Kai wrote This question is rethorical, right? What is rethorical my learned friend? Do you have anything to contribute to the original topic other than showing that you may need an English dictionary? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
Bill Campbell wrote: locate rpmsave locate rpmnew rpmsave is left from *un*installations, rpmnew is the *new* file, there is no file overwritten. rpm usually doesn't overwrite files if they got changed. AFAIK this is not correct, a package upgrade can create either of these (or both, or neither of them despite your having edited a file). And that's the way it should be, either choice can be justified. It depends on the package's SPEC file. rpm just does what it's told, everything is in the hands of the package maintainer. I think that the only time a .rpmnew file is created is if the SPEC file specifies ``%config(noreplace)'' for a file. If the ``noreplace'' option is not used, the .rpmsave files are created either when a package is removed, or when a file specified as a configuration file in the RPM SPEC file is updated and the file is sufficiently different from the default (for some definition of suffieiently). In the OpenPKG portable packaging system, which is RPM based, the presence of any .rpmnew or .rpmsave configuration files will prevent a package from starting, and warning messages will be generated until the situation is resolved. That sounds like the kiss of death for any critical service. Can't it figure out ahead of time that this is going to happen and let the service keep running unchanged with a warning message about needing the update instead? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
Message-ID: va.36bd.05799...@news.conactive.com On: Thu, 12 Feb 2009 10:31:23 +0100, Kai Schaetzl mailli...@conactive.com wrote: Ian Forde wrote on Wed, 11 Feb 2009 20:01:21 -0800: locate rpmsave locate rpmnew rpmsave is left from *un*installations, rpmnew is the *new* file, there is no file overwritten. rpm usually doesn't overwrite files if they got changed. And I haven't seen any overwrites with all the bind updates in the past months. So, I cannot back James' claim. Kai I cannot answer whether this situation is still the case, and I know that it was not always the case, but on the last but one update to bind my configuration files were all renamed to .rpmsave and there were no .rpmnew files created, only the default config files left in place of the old ones. I also believe, be cannot be sure, that this particular revision was a minor (9.X.y) as opposed to tiny (9.x.Y) update. I also believe that the same thing happened on the last update as well but, as I now do bind updates far more circumspectly, I may simply be confusing the present remedy with the original problem. In any case, the problem was not expected and it caused considerable grief until the problem was identified and the cause determined. It is just something that anyone hosting their own DNS should consider. The consequences of a dysfunction name server can be quite severe and can initially evidence itself in places that one would not immediately associate with DNS issues. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
On Thu, Feb 12, 2009, Les Mikesell wrote: Bill Campbell wrote: locate rpmsave locate rpmnew rpmsave is left from *un*installations, rpmnew is the *new* file, there is no file overwritten. rpm usually doesn't overwrite files if they got changed. AFAIK this is not correct, a package upgrade can create either of these (or both, or neither of them despite your having edited a file). And that's the way it should be, either choice can be justified. It depends on the package's SPEC file. rpm just does what it's told, everything is in the hands of the package maintainer. I think that the only time a .rpmnew file is created is if the SPEC file specifies ``%config(noreplace)'' for a file. If the ``noreplace'' option is not used, the .rpmsave files are created either when a package is removed, or when a file specified as a configuration file in the RPM SPEC file is updated and the file is sufficiently different from the default (for some definition of suffieiently). In the OpenPKG portable packaging system, which is RPM based, the presence of any .rpmnew or .rpmsave configuration files will prevent a package from starting, and warning messages will be generated until the situation is resolved. That sounds like the kiss of death for any critical service. Can't it figure out ahead of time that this is going to happen and let the service keep running unchanged with a warning message about needing the update instead? This has not proven a problem as we monitor updates, and generally know which packages may generate the rpmsave or rpmnew files as a result of testing on development machines before deploying to production systems. We have an administrative script that monitors the status of all servers running under our OpenPKG system, and quickly indicates anything that is not running while doing updates. In addition, our systems all check critical services under cron control, attempt to restart services that are not running, and notifying our support system via direct SMTP (bypassing postfix, amavisd, and clamv in case one of them is down) and with xmlrpc calls to our support servers as well. Our systems keep track of systems that are supposed to check in, and generate alerts when one or more miss checkins. Nothing is perfect of course, but this has worked well for us for almost 10 years now. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Most people, sometime in their lives, stumble across truth. Most jump up, brush themselves off, and hurry on about their business as if nothing had happened. - Sir Winston Churchill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
On Thu, 2009-02-12 at 11:08 -0600, Les Mikesell wrote: That sounds like the kiss of death for any critical service. Can't it figure out ahead of time that this is going to happen and let the service keep running unchanged with a warning message about needing the update instead? You're missing the point. If the service is already running, the changes won't take effect until you restart the service with the new binaries. And the whole patching exercise is what maintenance windows are for, anyway. Note that it's critical SERVICE, not critical SERVER. The former is more important than the latter, so ideally you should be able to take down the latter in order to upgrade one implementation of the former. -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Logrotate base
On Thu, Feb 12, 2009 at 04:12:07PM +0100, Paul Bijnens wrote: On 2009-02-12 15:47, jk...@kinz.org wrote: On Thu, Feb 12, 2009 at 01:08:24PM +0800, Fajar Priyanto wrote: Hi Fajar, re logrotate and crontab: I was speaking from instinct knowing that crontab and a simple script to do the actual rotation is all that is needed. What I didn't expect was that someone had actually reinvented all the functionality of crontab to create a totally new utility that is much more limited than crontab. You mean anacron? Then you must read the man page again. No, I mean logrotate. logrotate still is that simple script to be invoked by (ana)cron. No, logrotate is not a script.(It should be.) Instead it is a complete stand alone utility written in C. In the version I just built from source, the executable is 65K bytes in size. It recreates most of what cron does internally to see if it needs to actually do anything during its once daily invocation. It is well written but I think the decision to create it was a flawed one, re-inventing the wheel where a script would have been OK. Even a script that allowed the same functionality as logrotate except for the parts done by cron would be fine. On Centos/RHEL: (4.4) # file $(which logrotate) /usr/sbin/logrotate: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), stripped On that other user friendly distro :-) (LTS 6.06) # file $(which logrotate) /usr/sbin/logrotate: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.0, dynamically linked (uses shared libs), for GNU/Linux 2.2.0, stripped -- Funniest signatures series: (found posted to a public email list) IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
On Thu, Feb 12, 2009, Ian Forde wrote: On Thu, 2009-02-12 at 11:08 -0600, Les Mikesell wrote: That sounds like the kiss of death for any critical service. Can't it figure out ahead of time that this is going to happen and let the service keep running unchanged with a warning message about needing the update instead? You're missing the point. If the service is already running, the changes won't take effect until you restart the service with the new binaries. And the whole patching exercise is what maintenance windows are for, anyway. Note that it's critical SERVICE, not critical SERVER. The former is more important than the latter, so ideally you should be able to take down the latter in order to upgrade one implementation of the former. I understand the distinction very well. In the time we have been using this method, we have never taken down a service for any significant period of time (the services are restarted on installation by the RPM SPEC files' %pre, %post processing). Of course we don't do things that are likely to take a critical service down without proper prior planning (often found out the hard way on our own systems :-). If an update is likely to have an impact on operations, it is scheduled during a maintenance window. The services that are most frequently updated are clamav, spamassassin, and amavisd-new, and we have often done this on heavily loaded MX servers (millions of e-mails a day) without having a service down for more than a minute or two while dealing with configuration file changes. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 The Constitution is a written instrument. As such, its meaning does not alter. That which it meant when it was adopted, it means now. -- SOUTH CAROLINA v. US, 199 U.S. 437, 448 (1905) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing EL4 glibc update
on 2-12-2009 3:08 AM CentOS User spake the following: Seeing upstream has an update for glibc http://rhn.redhat.com/errata/RHBA-2009-0052.html I rebuilt the glibc-2.3.4-2.41.el4_7.1.src.rpm and it produced the following rpms :- glibc-2.3.4-2.41.el4_7.1.i386.rpm glibc-common-2.3.4-2.41.el4_7.1.i386.rpm glibc-debuginfo-2.3.4-2.41.el4_7.1.i386.rpm glibc-debuginfo-common-2.3.4-2.41.el4_7.1.i386.rpm glibc-devel-2.3.4-2.41.el4_7.1.i386.rpm glibc-headers-2.3.4-2.41.el4_7.1.i386.rpm glibc-profile-2.3.4-2.41.el4_7.1.i386.rpm glibc-utils-2.3.4-2.41.el4_7.1.i386.rpm nptl-devel-2.3.4-2.41.el4_7.1.i386.rpm nscd-2.3.4-2.41.el4_7.1.i386.rpm Is it okay to install all of them or should i skip the debuginfo rpms? Is an official CentOS update going to be made of the glibc from Red Hat? If those were released with or after RHEL 5.3, then they will come out with or after CentOS 5.3. Soon to be released to a mirror near you! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
Bill Campbell wrote: That sounds like the kiss of death for any critical service. Can't it figure out ahead of time that this is going to happen and let the service keep running unchanged with a warning message about needing the update instead? You're missing the point. If the service is already running, the changes won't take effect until you restart the service with the new binaries. And the whole patching exercise is what maintenance windows are for, anyway. Note that it's critical SERVICE, not critical SERVER. The former is more important than the latter, so ideally you should be able to take down the latter in order to upgrade one implementation of the former. I understand the distinction very well. In the time we have been using this method, we have never taken down a service for any significant period of time (the services are restarted on installation by the RPM SPEC files' %pre, %post processing). Of course we don't do things that are likely to take a critical service down without proper prior planning (often found out the hard way on our own systems :-). If an update is likely to have an impact on operations, it is scheduled during a maintenance window. In other words you'd dedicated sufficient human resources to undo whatever damage the package management system causes... -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question on canada
on 2-12-2009 6:41 AM Jerry Geis spake the following: I have a possible customer in canada. Can I export a machine pre-loaded with centos to canada? Jerry It depends on where you are. If you are in the United States, it should be OK. If you are in Cuba, Afghanistan or Iran, or several countries in the african continent, you will have more trouble. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing EL4 glibc update
On Thu, Feb 12, 2009 at 11:11 AM, Scott Silva ssi...@sgvwater.com wrote: on 2-12-2009 3:08 AM CentOS User spake the following: Seeing upstream has an update for glibc http://rhn.redhat.com/errata/RHBA-2009-0052.html I rebuilt the glibc-2.3.4-2.41.el4_7.1.src.rpm and it produced the following rpms :- glibc-2.3.4-2.41.el4_7.1.i386.rpm glibc-common-2.3.4-2.41.el4_7.1.i386.rpm glibc-debuginfo-2.3.4-2.41.el4_7.1.i386.rpm glibc-debuginfo-common-2.3.4-2.41.el4_7.1.i386.rpm glibc-devel-2.3.4-2.41.el4_7.1.i386.rpm glibc-headers-2.3.4-2.41.el4_7.1.i386.rpm glibc-profile-2.3.4-2.41.el4_7.1.i386.rpm glibc-utils-2.3.4-2.41.el4_7.1.i386.rpm nptl-devel-2.3.4-2.41.el4_7.1.i386.rpm nscd-2.3.4-2.41.el4_7.1.i386.rpm Is it okay to install all of them or should i skip the debuginfo rpms? Is an official CentOS update going to be made of the glibc from Red Hat? If those were released with or after RHEL 5.3, then they will come out with or after CentOS 5.3. Soon to be released to a mirror near you! Those packages will eventually appear in CentOS mirrors (except they are for CentOS-4, not -5). :-D The bug fixes (marked RHBA) may not get a high priority as security fixes (marked RHSA) do. So, they may lag a bit when the developers are tied up with more urgent tasks. You can see what you current have on your system by: rpm -qa glibc\* nptl\* nscd That will give you a hint as to which packages you want to update. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] tty login hangs
Hi all, I have two servers both identical in hardware and I have just done a clean install of CentOS 5.2 x86_64 on both. Sometimes (more often than not) when I log in at the physical console (e.g. tty1, tty2, etc.) I will be logged in and it stops responding even if the shell is not doing anything. When this happens I can still switch to another VT with alt+f2 and login as normal. I don't know if bash, mingetty or whatever process is locking up. If I do a `ps ax` all processes are sleeping. Any idea's what could cause this? Thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
On Thu, Feb 12, 2009, Les Mikesell wrote: Bill Campbell wrote: That sounds like the kiss of death for any critical service. Can't it figure out ahead of time that this is going to happen and let the service keep running unchanged with a warning message about needing the update instead? You're missing the point. If the service is already running, the changes won't take effect until you restart the service with the new binaries. And the whole patching exercise is what maintenance windows are for, anyway. Note that it's critical SERVICE, not critical SERVER. The former is more important than the latter, so ideally you should be able to take down the latter in order to upgrade one implementation of the former. I understand the distinction very well. In the time we have been using this method, we have never taken down a service for any significant period of time (the services are restarted on installation by the RPM SPEC files' %pre, %post processing). Of course we don't do things that are likely to take a critical service down without proper prior planning (often found out the hard way on our own systems :-). If an update is likely to have an impact on operations, it is scheduled during a maintenance window. In other words you'd dedicated sufficient human resources to undo whatever damage the package management system causes... Isn't that what our customers are paying us to do? That has to be true now matter how one is doing updates. I have personally updated clamav on more than 50 machines in an afternoon without having any of them down for more than a minute, and that time mostly because clamav takes a while to restart. FWIW, we normally have clamav updates installed at all our client sites with 24 hours of the first notice that there's a new version out from swatch looking at the freshclamav.log file. This includes downloading the new tarball, updating the OpenPKG SRPM, building, testing in-house, and deployment. Often this is complete before people on this CentOS list start asking questions about the update or saying it won't build. Oh, and these updates are on a variety of Linux systems ranging from SuSE 9.0 Pro, SLES9, SLES10, CentOS 4.5 through CentOS 5.x, and at least one FreeBSD box -- all from the same SRPM file. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 It will be of little avail to the people that the laws are made by men of their own choice if the laws be so voluminous that they cannot be read, or so incoherent that they cannot be understood. -James Madison, Federalist Paper #62 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing EL4 glibc update
on 2-12-2009 11:24 AM Akemi Yagi spake the following: On Thu, Feb 12, 2009 at 11:11 AM, Scott Silva ssilva-m4n3GYAQT2lWk0Htik3J/w...@public.gmane.org wrote: on 2-12-2009 3:08 AM CentOS User spake the following: Seeing upstream has an update for glibc http://rhn.redhat.com/errata/RHBA-2009-0052.html I rebuilt the glibc-2.3.4-2.41.el4_7.1.src.rpm and it produced the following rpms :- glibc-2.3.4-2.41.el4_7.1.i386.rpm glibc-common-2.3.4-2.41.el4_7.1.i386.rpm glibc-debuginfo-2.3.4-2.41.el4_7.1.i386.rpm glibc-debuginfo-common-2.3.4-2.41.el4_7.1.i386.rpm glibc-devel-2.3.4-2.41.el4_7.1.i386.rpm glibc-headers-2.3.4-2.41.el4_7.1.i386.rpm glibc-profile-2.3.4-2.41.el4_7.1.i386.rpm glibc-utils-2.3.4-2.41.el4_7.1.i386.rpm nptl-devel-2.3.4-2.41.el4_7.1.i386.rpm nscd-2.3.4-2.41.el4_7.1.i386.rpm Is it okay to install all of them or should i skip the debuginfo rpms? Is an official CentOS update going to be made of the glibc from Red Hat? If those were released with or after RHEL 5.3, then they will come out with or after CentOS 5.3. Soon to be released to a mirror near you! Those packages will eventually appear in CentOS mirrors (except they are for CentOS-4, not -5). :-D That is what I get for working on a server and answering mail at the same time! Is it Friday yet? ;-P The bug fixes (marked RHBA) may not get a high priority as security fixes (marked RHSA) do. So, they may lag a bit when the developers are tied up with more urgent tasks. You can see what you current have on your system by: rpm -qa glibc\* nptl\* nscd That will give you a hint as to which packages you want to update. Akemi -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
Bill Campbell wrote: Of course we don't do things that are likely to take a critical service down without proper prior planning (often found out the hard way on our own systems :-). If an update is likely to have an impact on operations, it is scheduled during a maintenance window. In other words you'd dedicated sufficient human resources to undo whatever damage the package management system causes... Isn't that what our customers are paying us to do? That has to be true now matter how one is doing updates. Yes, but the extent to which it is actually required depends on how badly the intended automation fails. I think at least in theory, the parts of config files that are likely to need user modifications are supposed to be extracted to /etc/sysconfig/... so the files included in RPM updates generally won't have local changes and can be replaced without regard to the old contents. And programs suitable for inclusion in an 'enterprise' distribution should be designed so as not to require non-backwards-compatible changes in updates. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
Nicolas Thierry-Mieg wrote on Thu, 12 Feb 2009 16:16:14 +0100: AFAIK this is not correct, a package upgrade can create either of these (or both, or neither of them despite your having edited a file). And that's the way it should be, either choice can be justified. Sure, a apckage can do anything, but that's how it usually is done. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
Kai Schaetzl wrote: James B. Byrne wrote on Thu, 12 Feb 2009 12:31:39 -0500 (EST): I cannot answer whether this situation is still the case, and I know that it was not always the case, but on the last but one update to bind my configuration files were all renamed to .rpmsave and there were no .rpmnew files created, only the default config files left in place of the old ones. Hm, when I installed bind last year for providing caching and some internal name resolution in the LAN, it didn't install many config files. I had to make up the main files by my own. What I did to get this setup was to install bind, bind-chroot and caching-nameserver (and remove it later as I saw I didn't need it). After that I saw at least two updates, but no changes to config files. You should only install the caching-nameserver package if you have no local DNS config. The point of using it is that it supplies configs for caching-only operation. Any bind install will do caching, but the others expect you to do your own configuration with local zones. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
On Thu, Feb 12, 2009, Les Mikesell wrote: Bill Campbell wrote: Of course we don't do things that are likely to take a critical service down without proper prior planning (often found out the hard way on our own systems :-). If an update is likely to have an impact on operations, it is scheduled during a maintenance window. In other words you'd dedicated sufficient human resources to undo whatever damage the package management system causes... Isn't that what our customers are paying us to do? That has to be true now matter how one is doing updates. Yes, but the extent to which it is actually required depends on how badly the intended automation fails. I think at least in theory, the parts of config files that are likely to need user modifications are supposed to be extracted to /etc/sysconfig/... so the files included in RPM updates generally won't have local changes and can be replaced without regard to the old contents. And programs suitable for inclusion in an 'enterprise' distribution should be designed so as not to require non-backwards-compatible changes in updates. With OpenPKG all configuration files are under $prefix/etc/packagename where $prefix is the base directory of an OpenPKG instance (there may be more than one on a single system), and packagename is the name of the package, postfix, amavisd, clamav, mysql, etc. One of the basic principles of OpenPKG is to have absolutely minimal footprint on the installed system, only 7 lines in /etc/crontab, and the appropriate /etc/init.d entries (these actually vary depending on the type of host system). Some packages have multiple configuration files with only those for site parameters being declared at %config files in the RPM SPEC file. The issues occur when one has large, ugly configuration files (can we spell amavisd.conf :-), and there's a major version update with lots of new variables or variable name changes. FWIW, to bring this back to the djbdns topic, the *ONLY* configuration file in our OpenPKG packaging of djbdns, daemontools, and ucspi-tcp is the dnsroots.global file used by dnscache. Each server installed is in its own directory which is not affected by updates. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 The only freedom which deserves the name, is that of pursuing our own good in our own way, so long as we do not attempt to deprive others of theirs, or impede their efforts to obtain it. -- John Stuart Mill, 1859 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: Suggestions for connecting a postfix to an sms box
Hi there, I would like to hear some hardware recomendations to connect our smtp server (postfix) to an external SMS box. Basically I am looking for a SMS box that takes messages via smtp and sends them via the SMS part. Has anyone here implemented a solution like this? I must use an in house sms box (GSM), I cannot use a service provider (such as internet smtp to sms providers). thanks, -- Erick Perez Cel +(507) 6675-5083 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Serial channels on version 5
On CentOS version 4 I had to re-compile the kernel in order to add more serial ports I needed for Halifax. Was version 5 changed so that you can add more serial ports, I need up to 24 additional, without a kernel re-compile? Thanks John Warren ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Problem with PXEBOOT of diskless client -- fails to mount RAMDISK
I am having a problem with setting up diskless clients under CentOS 5.2. I have everything working under CentOS 4.7. This is an adaptation of the (somewhat old) Diskless Linux with PXE HOWTO by Gerd v. Egidy, originally at the URL http://www.intra2net.com/opensource/diskless-howto/, which is now defunt (there is a mirror of it at http://blog.chinaunix.net/u/2389/showart_82438.html). What I am doing is using a RAMDISK to mount a NFS exported (read-only) root file system and copying part of it to a RAMDISK root file system, all of this after configuring the clients ethernet (via DHCP) and loading the NFS modules. The RAMDISK uses a statically built BusyBox for all of its functions, including ash. I am using the stock syslinux, dhcpd, tftp-server, and kernel RPMS. My /tftpboot directory contains: sauron.deepsoft.com% dir -l /CentOS52/tftpboot/ total 10012 -rw-r--r-- 1 root root 8388608 Feb 12 14:26 pxeboot-2.6.18-92.el5.img -rw-r--r-- 1 root root 13148 Feb 11 16:27 pxelinux.0 drwxr-xr-x 2 root root4096 Feb 12 14:37 pxelinux.cfg/ -rw-r--r-- 1 root root 1806388 Feb 11 16:26 vmlinuz-2.6.18-92.el5 sauron.deepsoft.com% dir -lhR /CentOS52/tftpboot/ /CentOS52/tftpboot/: total 9.8M -rw-r--r-- 1 root root 8.0M Feb 12 14:26 pxeboot-2.6.18-92.el5.img -rw-r--r-- 1 root root 13K Feb 11 16:27 pxelinux.0 drwxr-xr-x 2 root root 4.0K Feb 12 14:37 pxelinux.cfg/ -rw-r--r-- 1 root root 1.8M Feb 11 16:26 vmlinuz-2.6.18-92.el5 /CentOS52/tftpboot/pxelinux.cfg: total 16K -rw-r--r-- 1 root root 101 Feb 12 14:37 default -rw-r--r-- 1 root root 134 Feb 12 14:09 default~ and /CentOS52/tftpboot/pxelinux.cfg/default contains: sauron.deepsoft.com% cat /CentOS52/tftpboot/pxelinux.cfg/default LABEL linux KERNEL vmlinuz-2.6.18-92.el5 APPEND ramdisk_size=8192 initrd=pxeboot-2.6.18-92.el5.img vmlinuz-2.6.18-92.el5 is the stock kernel, copied from /boot pxeboot-2.6.18-92.el5.img is a 8meg EXT2 filesystem image (under CentOS 4.7 the image is compressed, under CentOS 5.2, I have it uncompressed -- I seem to get 'further' that way). The last thing the kernel writes out is: RAMDISK: ext2 filesystem found at block 0 RAMDISK: Loading 8192KiB [1 disk] into ram disk... done. EXT2 fs: blocksize too small for device. grow_buffers: requested out-of-range block 18446744071562067968 for device ram0 isofs_fill_super: bread failed, dev=ram0, iso_blknum=17, block=-2147483648 No filesystem could mount root, tried: ext2 iso9660 Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(8,3) Under CentOS 4.7 (*stock* kernel version 2.6.9-67.0.22.EL), the ramdisk is uncompress, mounted, and the linuxrc script runs. Once the root file system is NFS mounted and setup, the normal boot process continues to completion. *Something* seems to be different with CentOS 5.2, and things don't seem to work and I cannot figure it out. I've looked through all of the kernel documents, but I am not finding any clues. -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Suggestions for connecting a postfix to an sms box
Am 12.02.2009 um 22:34 schrieb Erick Perez: Hi there, I would like to hear some hardware recomendations to connect our smtp server (postfix) to an external SMS box. Basically I am looking for a SMS box that takes messages via smtp and sends them via the SMS part. Has anyone here implemented a solution like this? I must use an in house sms box (GSM), I cannot use a service provider (such as internet smtp to sms providers). I think we (well, my co-worker) built such a thing here (with kannel). It will directly talk to the SMS-center at the carrier. If you can buy them, I suspect that they are very pricey. ;-) Also, you will of course also need a large-account at your carrier, which will also cost a certain fee. Rainer ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Serial channels on version 5
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of John Warren Sent: Thursday, February 12, 2009 4:47 PM To: CentOS mailing list Subject: [CentOS] Serial channels on version 5 On CentOS version 4 I had to re-compile the kernel in order to add more serial ports I needed for Halifax. Was version 5 changed so that you can add more serial ports, I need up to 24 additional, without a kernel re-compile? Well looking at this I would say yes... [r...@twilight boot]# cat config-2.6.18-92.1.18.el5 | grep CONFIG_SERIAL CONFIG_SERIAL_NONSTANDARD=y CONFIG_SERIAL_8250=y # Linked IN? CONFIG_SERIAL_8250_CONSOLE=y CONFIG_SERIAL_8250_PCI=y CONFIG_SERIAL_8250_PNP=y CONFIG_SERIAL_8250_CS=m CONFIG_SERIAL_8250_NR_UARTS=32 # Up to 32 Ports if Needed CONFIG_SERIAL_8250_RUNTIME_UARTS=4 # Four on Boot time CONFIG_SERIAL_8250_EXTENDED=y CONFIG_SERIAL_8250_MANY_PORTS=y # Set to y CONFIG_SERIAL_8250_SHARE_IRQ=y CONFIG_SERIAL_8250_DETECT_IRQ=y CONFIG_SERIAL_8250_RSA=y CONFIG_SERIAL_CORE=y CONFIG_SERIAL_CORE_CONSOLE=y CONFIG_SERIAL_JSM=m JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Suggestions for connecting a postfix to an sms box
On Thu, Feb 12, 2009 at 4:34 PM, Erick Perez eaper...@gmail.com wrote: I would like to hear some hardware recomendations to connect our smtp server (postfix) to an external SMS box. Basically I am looking for a SMS box that takes messages via smtp and sends them via the SMS part. Has anyone here implemented a solution like this? I must use an in house sms box (GSM), I cannot use a service provider (such as internet smtp to sms providers). One of our neighbors down the street is an Electronic Engineer for one of the Colombian cell phone operators. They began converting from CDMA to GSM several years ago. If you end up needing a Consultant, for any GSM stuff you are involved with, contact me off list and I will put you in touch with him. Cali is one hour from Panama City, on COPA, etc. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with PXEBOOT of diskless client -- fails to mountRAMDISK
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Robert Heller Sent: Thursday, February 12, 2009 5:15 PM To: centos@centos.org Subject: [CentOS] Problem with PXEBOOT of diskless client -- fails to mountRAMDISK sauron.deepsoft.com% cat /CentOS52/tftpboot/pxelinux.cfg/default LABEL linux KERNEL vmlinuz-2.6.18-92.el5 APPEND ramdisk_size=8192 initrd=pxeboot-2.6.18-92.el5.img --- Try changing your RAM Disk Size above to 16384 and give that a go. JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size
On Thu, Feb 12, 2009 at 1:40 AM, Jay Leafey jay.lea...@mindless.com wrote: Frank Ling wrote: Hi, My both CentOS 5 servers have logging problems. Logs such as messages, boot.log, kernel, spooler, and tallylog in /var/log directory are all 0 size. [...] I've had something similar happen a couple of times after an update. In my case the /etc/services file got it's security context clobbered when some package tried to update it's contents. When logrotate ran, the syslog daemon couldn't open /etc/services because of the error and I ended up with a bunch of empty log files. Maybe /var/log context? restorecon -R -n -v /etc restorecon -R -n -v /var/log You can force a global relabel: touch /.autorelabel and then reboot... -- Marcelo ¿No será acaso que ésta vida moderna está teniendo más de moderna que de vida? (Mafalda) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with PXEBOOT of diskless client -- fails to mount RAMDISK
On Thu, Feb 12, 2009 at 05:14:54PM -0500, Robert Heller wrote: I am having a problem with setting up diskless clients under CentOS 5.2. I have everything working under CentOS 4.7. ... RAMDISK: ext2 filesystem found at block 0 RAMDISK: Loading 8192KiB [1 disk] into ram disk... done. EXT2 fs: blocksize too small for device. /boot/config-2.6.18-*.el5 reads: ... CONFIG_BLK_DEV_RAM_BLOCKSIZE=4096 ... your ext2 filesystem is using 1024... append ramdisk_blocksize=1024 to your command line? What about adding your howto to the centos wiki? Cheers, Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpS7QkL4HR37.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] text processing problem with bash/perl
Hi, Anyone has some ways for the following text processing problem? I have a text file containing two stanzas attached below. I want to uncomment the stanza with 'host=localhost' line, while left the other stanza unchanged. ... /* udp_send_channel { host=localhost port = 10017 ttl = 1 } */ /* udp_send_channel { host=ganglia100.ec2.example.com port = 10017 ttl = 1 } */ ... If I use command below then both stanza will be altered... Please help. sed -i -e '/^\/\* udp_send_channel/, /} \*\// {s/^\/\* udp_send_channel/udp_send_channel/g; s/\} \*\//}/g; }' --David ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
FWIW, to bring this back to the djbdns topic, the *ONLY* configuration file in our OpenPKG packaging of djbdns, daemontools, and ucspi-tcp is the dnsroots.global file used by dnscache. Each server installed is in its own directory which is not affected by updates. uscpi-tcp? Where does that come in? rsyncing of the cdb file? But yeah, thanks for pointing out that djbdns is zero maintenance save for its zone data which can be automated and therefore be to a large degree zero maintenance too. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
On Fri, Feb 13, 2009, Christopher Chan wrote: FWIW, to bring this back to the djbdns topic, the *ONLY* configuration file in our OpenPKG packaging of djbdns, daemontools, and ucspi-tcp is the dnsroots.global file used by dnscache. Each server installed is in its own directory which is not affected by updates. uscpi-tcp? Where does that come in? rsyncing of the cdb file? It's mostly to allow BIND sites to do zone transfers from djbdns sites. But yeah, thanks for pointing out that djbdns is zero maintenance save for its zone data which can be automated and therefore be to a large degree zero maintenance too. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 There is far more danger in public than in private monopoly, for when Government goes into business it can always shift its losses to the taxpayers. Government never makes ends meet -- and that is the first requisite of business. -- Thomas Edison ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tinydns/djbdns opinion poll
uscpi-tcp? Where does that come in? rsyncing of the cdb file? It's mostly to allow BIND sites to do zone transfers from djbdns sites. Oh the axfr-dns daemon. This is the answer for the 'djbdns does not support tcp or zone transfer' nonsense routinely vomited by DJB haters. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logs such as messages, boot.log, and kernel contained 0 size
Hi Marcelo, Thanks for the comment. I had SELinux disabled. Anyway I tried your trick, and it didn't work. Something must went wrong. Frank Maybe /var/log context? restorecon -R -n -v /etc restorecon -R -n -v /var/log You can force a global relabel: touch /.autorelabel and then reboot... -- Marcelo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] text processing problem with bash/perl
Hi, Anyone has some ways for the following text processing problem? I have a text file containing two stanzas attached below. I want to uncomment the stanza with 'host=localhost' line, while left the other stanza unchanged. ... /* udp_send_channel { host=localhost port = 10017 ttl = 1 } */ /* udp_send_channel { host=ganglia100.ec2.example.com port = 10017 ttl = 1 } */ ... If I use command below then both stanza will be altered... Please help. sed -i -e '/^\/\* udp_send_channel/, /} \*\// {s/^\/\* udp_send_channel/udp_send_channel/g; s/\} \*\//}/g; }' --David this is probably WAY more than you wanted but it does work, save your 2 stanzas as 'file' and run this program: #! /usr/bin/perl -w use strict; open FILE,file or die; my $stanzaFlag = 0; my @buffer = (); my ($x, $i); while (FILE) { $i = $_; # see if this line has /* if yes, start saving the stanza in buffer if (index ($i,'/*') = 0) { $stanzaFlag = 1; } # put it into the buffer if ($stanzaFlag == 1) { $buffer[$x++] .= $i; } # see if we are done with this stanza if (index ($i,'*/') = 0) { $stanzaFlag = 0; # get rid of the comments. if (index($buffer[1],'localhost') = 0) { $buffer[0] =~ s/\/\*//; $buffer[4] =~ s/\*\///; } print @buffer\n; @buffer = (); $x = 0; } } __ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - http://correo.yahoo.com.mx/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] clustering and load balancing Apache
Thanks for your reply On Wed, Feb 11, 2009 at 9:22 PM, J Potter jpotter-cen...@codepuppy.comwrote: Look at pound: http://www.apsis.ch/pound/ If you are concerned about traffic volume, you might consider running squid as a transparent proxy in front of pound. I.e.: request - squid - pound - apache Where squid will return the response for everything marked as cacheable and still fresh; and pound will take care of load balancing to apache. (Pound can inspect/insert cookies to send visitors to the same back-end node on subsequent requests.) On some of our setups, squid responds to 98% of the requests coming in, and is able to respond to an extremely insane high volume of requests. Other list users might be able to provide good stats as to what sort of volume they can support. (I'd be curious to hear what others have seen...) For HA: - 2 instances of squid, active/standby or active/active (i.e. two IP address in DNS for the public hostname, and have each squid instance pick up the others during failure). - 2 instances of pound, active/standby - N instances of apache Re: replication of content on your apache nodes, another poster suggested drbd. From my understanding, I do not think this is possible, since only one node can mount the drbd volume at a time. If you have shared data that needs to be seen across apache nodes, either stick it in SQL or mount an NFS volume across the nodes. (But then you have NFS in the picture, which might not be so good.) If your apache code is constant, then have a master apache node and write a shell script that runs rsync to push code changes out to the other instances. It's hard to get very specific about what's best for your setup without know the specifics of things like the data sync needs on the apache nodes, so take all of this with a grain of salt -- or as a default starting place. best, Jeff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos