[CentOS-docs] The Wiki Donate Page.
With reference to the Donate page [1], I see that the very first sentence reads -- [quote] The CentOS Project is based a foundation of the efforts of volunteers. [/quote] On two separate occasions I have come across those words and thought Huh?. Granted I can change them but, not knowing the current (?legal?) set-up of the Project, I've decided to leave that sentence alone. As I've finally got around to mentioning the above, I look west to the US of A, wave at the ORC and ask if Russ would please make an appropriate adjustment. Regards, Alan. [1] http://wiki.centos.org/Donate ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-docs] The Wiki Donate Page.
On Tue, 5 Apr 2011, Alan Bartlett wrote: As I've finally got around to mentioning the above, I look west to the US of A, wave at the ORC and ask if Russ would please make an appropriate adjustment. I am not the project's attorney and disclaim any such role ---start disclaimer--- I_A_AL, but not your lawyer. I offer legal advice and formal opinion only within the confines of a previously established and explicit attorney-client relationship where privilege may be had; and NEVER on a public list server. end disclaimers -- where in this case 'your' is the CentOS project -- Russ herrold ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] The Wiki Donate Page.
On 5 April 2011 17:54, R P Herrold herr...@centos.org wrote: On Tue, 5 Apr 2011, Alan Bartlett wrote: As I've finally got around to mentioning the above, I look west to the US of A, wave at the ORC and ask if Russ would please make an appropriate adjustment. I am not the project's attorney and disclaim any such role ---start disclaimer--- I_A_AL, but not your lawyer. I offer legal advice and formal opinion only within the confines of a previously established and explicit attorney-client relationship where privilege may be had; and NEVER on a public list server. end disclaimers -- where in this case 'your' is the CentOS project Obviously I am the fool, for I was under the impression that the Devil's Advocate knew *everything* about the CentOS Project. ;-) I have made an adjustment to the selection of words, quoted above, and have transformed it into a sentence. Perhaps one of the other members of the Core Team -- Johnny, Karanbir, Tru or Ralph -- will have less qualms in checking that it is a true and meaningful statement. Alan. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-docs] Need permission to edit thie Wiki
I need permission to edit the CentOS Wiki and add in my Thinkpad L412 to the Laptops Running CentOS. username: johnrdavisjr Thank you. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Need permission to edit thie Wiki
john.r.davis...@gmail.com wrote on 04/05/2011 03:29 PM: I need permission to edit the CentOS Wiki and add in my Thinkpad L412 to the Laptops Running CentOS. username: johnrdavisjr The WikiName convention is FirstLast; for example, mine is PhilSchaffner. Phil ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-es] Problema cluster al bootear
Dejo los archivos de confiuracion de drbd y el log de
/var/log/messages:
/var/log/messages:
Apr 5 09:02:58 nodo1 kernel:
block drbd0: conn( StandAlone - Unconnected )
Apr 5 09:02:58 nodo1
kernel: block drbd0: Starting receiver thread (from drbd0_worker
[2472])
Apr 5 09:02:58 nodo1 kernel: block drbd0: receiver
(re)started
Apr 5 09:02:58 nodo1 kernel: block drbd0: conn( Unconnected
- WFConnection )
Apr 5 09:02:58 nodo1 kernel: block drbd0: Handshake
successful: Agreed network protocol version 94
Apr 5 09:02:58 nodo1
kernel: block drbd0: Peer authenticated using 20 bytes of 'sha1'
HMAC
Apr 5 09:02:58 nodo1 kernel: block drbd0: conn( WFConnection -
WFReportParams )
Apr 5 09:02:58 nodo1 kernel: block drbd0: Starting
asender thread (from drbd0_receiver [2995])
Apr 5 09:02:58 nodo1 kernel:
block drbd0: data-integrity-alg:
Apr 5 09:02:58 nodo1 kernel: block
drbd0: drbd_sync_handshake:
Apr 5 09:02:58 nodo1 kernel: block drbd0:
self 20D19E2060D2FC2B:FE122B51EEDFC379:85D17931A41947EC:0004
bits:8 flags:0
Apr 5 09:02:58 nodo1 kernel: block drbd0: peer
172B1D27641ADE75:FE122B51EEDFC379:85D17931A41947ED:0004
bits:4096 flags:2
Apr 5 09:02:58 nodo1 kernel: block drbd0:
uuid_compare()=100 by rule 90
Apr 5 09:02:58 nodo1 kernel: block drbd0:
helper command: /sbin/drbdadm initial-split-brain minor-0
Apr 5 09:02:58
nodo1 kernel: block drbd0: helper command: /sbin/drbdadm
initial-split-brain minor-0 exit code 0 (0x0)
Apr 5 09:02:58 nodo1
kernel: block drbd0: Split-Brain detected but unresolved, dropping
connection!
Apr 5 09:02:58 nodo1 kernel: block drbd0: helper command:
/sbin/drbdadm split-brain minor-0
Apr 5 09:02:58 nodo1 kernel: block
drbd0: helper command: /sbin/drbdadm split-brain minor-0 exit code 0
(0x0)
Apr 5 09:02:58 nodo1 kernel: block drbd0: conn( WFReportParams -
Disconnecting )
Apr 5 09:02:58 nodo1 kernel: block drbd0: error
receiving ReportState, l: 4!
Apr 5 09:02:58 nodo1 kernel: block drbd0:
asender terminated
Apr 5 09:02:58 nodo1 kernel: block drbd0: Terminating
asender thread
Apr 5 09:02:58 nodo1 kernel: block drbd0: Connection
closed
Apr 5 09:02:58 nodo1 kernel: block drbd0: conn( Disconnecting -
StandAlone )
Apr 5 09:02:58 nodo1 kernel: block drbd0: receiver
terminated
Apr 5 09:02:58 nodo1 kernel: block drbd0: Terminating
receiver thread
/etc/drbd.conf:
global {
usage-count yes;
}
common
{
syncer {
rate 100M;
al-extents 257;
}
}
resource r0 {
protocol
C;
startup {
become-primary-on both; ### For Primary/Primary ###
degr-wfc-timeout 60;
wfc-timeout 30;
}
disk {
on-io-error detach;
}
net {
allow-two-primaries; ### For Primary/Primary ###
cram-hmac-alg sha1;
shared-secret mysecret;
after-sb-0pri
discard-zero-changes;
after-sb-1pri violently-as0p;
after-sb-2pri
violently-as0p;
}
on nodo1.centos.org {
device /dev/drbd0;
disk
/dev/sda3;
address 10.0.0.1:7788;
meta-disk internal;
}
on
nodo2.centos.org {
device /dev/drbd0;
disk /dev/sda3;
address
10.0.0.2:7788;
meta-disk internal;
}
}
Espero me puedan ayudar ya
que es un tema que me interesa bastante, gracias.
On Mon, 04 Apr 2011
09:08:02 -0500, Ing. Ernesto PÃ(c)rez EstÃ(c)vez wrote:
publica el
archivo de configuración del drbd
has puesto alguna condicion para
manejar el split-brain? yo pongo una
que indica que tome como
saludable al más joven.
qué usas para manejar el heartbeat? debes
ponerle ahi el orden de
arranque de los servicios.
No arranques
al drbd independientemente sino que lo arranque el sistema
de
heartbeat
saludos
epe
Maykel Franco Hernandez wrote:
Alguien
me puede ayudar con el tema de drbd?? Cada vez que arranca siempre me
suelta el mismo error... block drbd0: Split-Brain detected but
unresolved, dropping connection! El famoso split brain, si fuera una vez
o alguna pues lo entendería pero siempre que configuro el drbd y consigo
ya tener las 2 particiones sincronizadas como primary/primary y
funcionando el servicio perfectamente, en cuanto reinivio otra vez lo
mismo... block drbd0: Split-Brain detected but unresolved, dropping
connection! Lo tengo puesto con un cable cruzado para garantizar la
integridad de los datos y no saturar la red. Lo que no entiendo, porque
el mismo sistema funciona 100% en ubuntu server... Nadie tiene
experiencia en el tema del clúster que está muy a la orden del día?? Un
saludo. Y gracias por anticipado, se aprende mucho en estas listas. On
Mon, 4 Apr 2011 09:46:53 +0200, Oscar Osta Pueyo wrote:
Hola,
Podría ejecutar un servicio antes que otro?
Si,
primero de todo es
saber que runlevel tienes...desde consola ejecuta
# runlevel, devolverá algo parecido a N 3 o N 5. Una vez sabes tu
runlevel puedes ir a /etc/rc3.d o /etc/rc5.d, donde se encuentran los
enlaces a /etc/init.d. Los enlaces siguen la siguiente nomenclatura
Kxxscript Sxxscript donde: - K le envía la opción stop al script. - S le
envía la opción start al script. - xx son el orden de ejecución en el
proceso de boot. Asi que deberías localizar tu
Re: [CentOS-es] iptables + squid proxy transparente
Hola, 2011/4/5 Ramón Macías Zamora ramon.mac...@raykasolutions.com: No veo nada raro, en /etc/squid/squid.conf debe estar puesto: http_port 3128 transparent la palabra *transparent* es imprescindible ¿Has probado con un script de firewall más sencillo? Para ver que funciona correctamente squid primero...yo probaría con el que viene con el sistema /etc/sysconfig/iptables, pondría reglas sencillas y luego aumentaría la complejidad. Es una manera de descartar quien es el problema. -- Oscar Osta Pueyo oostap.lis...@gmail.com _kiakli_ ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Problema cluster al bootear
Creo que he encontrado la solución a mi problema...Ahora al bootear
se ponen bien como primary/primary, encontré esto e una página:
Dejo
el enlace:
http://realtechtalk.com/DRBD_WFConnection_ProblemSolution-1042-articles
Básicamente explica que a veces el cortafuegos de iptables que viene
configurado por defecto bloquea el tráfico drbd pero yo el iptables lo
tenia off y el selinux en disabled.
He hecho lo que viene abajo y he
añadido algo que no viene ahí que me daba error al ejecutarlo
directamente:
En ambos nodos:
drbdadm detach r0
drbdadm attach r0
drbdadm disconnect r0
drbdadm connect r0
En ambos nodos tambien,
porque es activo/activo ejecutamos:
drbdsetup /dev/drbd0 primary -o
Ahora al reiniciar sincroniza bien y se quedan siempre como
primary/primary
On Tue, 05 Apr 2011 08:03:42 +0200, Maykel Franco
Hernandez wrote:
Dejo los archivos de confiuracion de drbd y el log
de
/var/log/messages:
/var/log/messages:
Apr 5 09:02:58
nodo1 kernel:
block drbd0: conn( StandAlone - Unconnected )
Apr 5
09:02:58 nodo1
kernel: block drbd0: Starting receiver thread (from
drbd0_worker
[2472])
Apr 5 09:02:58 nodo1 kernel: block drbd0:
receiver
(re)started
Apr 5 09:02:58 nodo1 kernel: block drbd0: conn(
Unconnected
- WFConnection )
Apr 5 09:02:58 nodo1 kernel: block
drbd0: Handshake
successful: Agreed network protocol version 94
Apr
5 09:02:58 nodo1
kernel: block drbd0: Peer authenticated using 20
bytes of 'sha1'
HMAC
Apr 5 09:02:58 nodo1 kernel: block drbd0: conn(
WFConnection -
WFReportParams )
Apr 5 09:02:58 nodo1 kernel: block
drbd0: Starting
asender thread (from drbd0_receiver [2995])
Apr 5
09:02:58 nodo1 kernel:
block drbd0: data-integrity-alg:
Apr 5
09:02:58 nodo1 kernel: block
drbd0: drbd_sync_handshake:
Apr 5
09:02:58 nodo1 kernel: block drbd0:
self
20D19E2060D2FC2B:FE122B51EEDFC379:85D17931A41947EC:0004
bits:8 flags:0
Apr 5 09:02:58 nodo1 kernel: block drbd0: peer
172B1D27641ADE75:FE122B51EEDFC379:85D17931A41947ED:0004
bits:4096 flags:2
Apr 5 09:02:58 nodo1 kernel: block drbd0:
uuid_compare()=100 by rule 90
Apr 5 09:02:58 nodo1 kernel: block
drbd0:
helper command: /sbin/drbdadm initial-split-brain minor-0
Apr
5 09:02:58
nodo1 kernel: block drbd0: helper command: /sbin/drbdadm
initial-split-brain minor-0 exit code 0 (0x0)
Apr 5 09:02:58 nodo1
kernel: block drbd0: Split-Brain detected but unresolved, dropping
connection!
Apr 5 09:02:58 nodo1 kernel: block drbd0: helper
command:
/sbin/drbdadm split-brain minor-0
Apr 5 09:02:58 nodo1
kernel: block
drbd0: helper command: /sbin/drbdadm split-brain minor-0
exit code 0
(0x0)
Apr 5 09:02:58 nodo1 kernel: block drbd0: conn(
WFReportParams -
Disconnecting )
Apr 5 09:02:58 nodo1 kernel: block
drbd0: error
receiving ReportState, l: 4!
Apr 5 09:02:58 nodo1
kernel: block drbd0:
asender terminated
Apr 5 09:02:58 nodo1 kernel:
block drbd0: Terminating
asender thread
Apr 5 09:02:58 nodo1 kernel:
block drbd0: Connection
closed
Apr 5 09:02:58 nodo1 kernel: block
drbd0: conn( Disconnecting -
StandAlone )
Apr 5 09:02:58 nodo1
kernel: block drbd0: receiver
terminated
Apr 5 09:02:58 nodo1
kernel: block drbd0: Terminating
receiver thread
/etc/drbd.conf:
global {
usage-count yes;
}
common
{
syncer {
rate
100M;
al-extents 257;
}
}
resource r0 {
protocol
C;
startup {
become-primary-on both; ### For Primary/Primary ###
degr-wfc-timeout 60;
wfc-timeout 30;
}
disk {
on-io-error
detach;
}
net {
allow-two-primaries; ### For Primary/Primary
###
cram-hmac-alg sha1;
shared-secret mysecret;
after-sb-0pri
discard-zero-changes;
after-sb-1pri violently-as0p;
after-sb-2pri
violently-as0p;
}
on nodo1.centos.org {
device
/dev/drbd0;
disk
/dev/sda3;
address 10.0.0.1:7788;
meta-disk
internal;
}
on
nodo2.centos.org {
device /dev/drbd0;
disk /dev/sda3;
address
10.0.0.2:7788;
meta-disk internal;
}
}
Espero me puedan ayudar ya
que es un tema que me interesa
bastante, gracias.
On Mon, 04 Apr 2011
09:08:02 -0500, Ing.
Ernesto PÃ(c)rez EstÃ(c)vez wrote:
publica el
archivo de
configuración del drbd
has puesto alguna condicion para
manejar
el split-brain? yo pongo una g-left:5px; border-left:#1
id;
margin-left:5px; width:100% qué usas para manejar el heartbeat? debes
ponerle ahi el orden de
http://www.centos.org/docs/5/html/5.2/Cluster_Administration/ [2] [2] --
Oscar Osta Pueyo
t...@gmail.com [3] [3] _kiakli_ Links: -- [1]
http://www.centos.org/docs/5/html/5.2/Cluster_Suite_Overview/ [1] [4]
[2] http://www.centos.org/docs/5/html/5.2/Cluster_Administration/ [2]
[5] [3] mailto:oostap.lis...@gmail.com [3] [6]
___ CentOS-es mailing list
CentOS-es@centos.org [4] [7]
http://lists.centos.org/mailman/listinfo/centos-es [5] [8]
___ CentOS-es mailing list
CentOS-es@centos.org [6] [9]
Re: [CentOS-es] iptables + squid proxy transparente
si así esta aun así no hace el redireccionamiento entre eth1 y eth2 y la maquina cliente que tengo no obtiene navegación a internet ago ping a las dos tarjetas desde mi maquina cliente y responden las dos interfaces el servidor si tiene navegación sin problemas, la verdad ya no se ni por donde atacar a este servidor. # Squid normally listens to port 3128 http_port 3128 transparent El 4 de abril de 2011 20:59, Ramón Macías Zamora ramon.mac...@raykasolutions.com escribió: No veo nada raro, en /etc/squid/squid.conf debe estar puesto: http_port 3128 transparent la palabra *transparent* es imprescindible -- Ramón Macías Zamora Tecnología, Investigación y Desarrollo Guayaquil - Ecuador msn:ramon_mac...@hotmail.com skype: ramon_macias UserLinux# 180926 (http://counter.li.org) Cel:593-8-0192238 Tel:593 4 6044566 http://www.raykasolutions.com/ WEB SITES, HOSTINGS, DOMINIOS, MANTENIMIENTO DE EQUIPOS, REDES, SERVIDORES LINUX, SOPORTE. El 4 de abril de 2011 20:06, Mario Villela Larraza mario.villelalarr...@gmail.com escribió: supongo que si ha de ser una restricción, pero bueno lo pego aquí para mas rápido jejeje #!/bin/bash # # # Para guardar las reglas #+ iptables-save reglas #+ iptables-restore reglas # # Miramos si tenemos un parametro en linea de comando if [ -n $1 ] [ $1 = q ] then QUIET=1 else QUIET=0 fi # Registramos el inicio del firewall #FECHA=$(date +%C%y-%m-%d %H:%M) #echo $FECHA #/usr/bin/logger -p kern.notice -t NETFILTER \ # == Iniciado Cortafuegos: $FECHA = # PARAMETRIZACION DEL SCRIPT ## ### Definimos constantes para usar en el ###+ script if [ $QUIET = 0 ]; then echo Cargando parametros... fi # Binario de iptables IPTABLES=/sbin/iptables # INTERFACES # eth1 - conectado a internet con IP FIJA EXT_IF=eth1 EXT_IP=192.168.2.10 # eth2 - conectado a LAN LAN_IF=eth2 LAN_IP=10.0.0.1 LAN_RED=10.0.0.0/24 # lo - interfaz de loopback LOO_RED=127.0.0.0/8 # cualquier red ANY_RED=0.0.0.0/0 # MAQUINAS INTERNAS IP_SERVIDOR_FTP=10.0.0.12 IP_SERVIDOR_WEB=10.0.0.13 if [ $QUIET = 0 ]; then echo Cargando modulos... fi ## ### Nos aseguramos que tenemos cargados ###+ los modulos necesarios modprobe ip_conntrack_irc modprobe ip_conntrack_ftp modprobe ip_nat_irc modprobe ip_nat_ftp if [ $QUIET = 0 ]; then echo Limpiando FW... fi ## ### Limpiamos la configuracion existente # Limpiamos (flush) las reglas $IPTABLES -F # Borramos 'cadenas' de usuario $IPTABLES -X # Ponemos a cero paquetes y contadores $IPTABLES -Z # Limpiamos las reglas de NAT $IPTABLES -t nat -F # Borramos 'cadenas' de usuario de NAT $IPTABLES -t nat -X if [ $QUIET = 0 ]; then echo Estableciendo politicas... fi ## ### Establecemos las politicas por omision ###+ de las 'cadenas' # Por omision descartamos los paquetes $IPTABLES -P INPUT ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT # PREROUTING - NAT sobre la IP destino: normalmente desde inet hacia LAN # POSTROUTING - NAT sobre la IP origen: normalmente desde LAN hacia inet $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT # Relajamos la politica de salida #+ Dejamos salir paquetes de LAN_IP por LAN_IF $IPTABLES -A OUTPUT -o $LAN_IF -s $LAN_IP -j ACCEPT #+ Dejamos salir paquetes de EXT_IP por EXT_IF $IPTABLES -A OUTPUT -o $EXT_IF -s $EXT_IP -j ACCEPT if [ $QUIET = 0 ]; then echo - Denegacion de redes invalidas... fi ## # No admitimos desde el exterior redes locales (RFC 1918) #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 192.168.0.0/16 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 10.0.0.0/8 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 172.16.0.0/12 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 224.0.0.0/4 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 240.0.0.0/5 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s $LOO_RED-j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 0.0.0.0/8 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 169.254.0.0/16 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 255.255.255.255 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s $EXT_IP -j DROP # Desde el interior solo admitimos nuestra red LAN $IPTABLES -t nat -A PREROUTING -i $LAN_IF -s ! $LAN_RED -j ACCEPT if [ $QUIET = 0 ]; then echo - Denegacion de broadcast de NetBIOS... fi ## # Bloquear paquetes broadcast de NetBios salientes iptables -A FORWARD -p tcp --sport 137:139 -o $EXT_IF -j DROP iptables -A FORWARD -p udp --sport 137:139 -o $EXT_IF -j DROP iptables -A OUTPUT -p tcp
Re: [CentOS-es] iptables + squid proxy transparente
al intentar reinisiar mi servicio squid ejeccuta este error pero la verdad no se que sea 2011/04/04 21:38:45| squid.conf line 757: http_access rules 2011/04/04 21:38:45| aclParseAccessLine: expecting 'allow' or 'deny', got 'rules'. 2011/04/04 21:38:45| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '10.0.0.10-10.0.0.100/255.255.255.0' -- El 4 de abril de 2011 21:10, Mario Villela Larraza mario.villelalarr...@gmail.com escribió: si así esta aun así no hace el redireccionamiento entre eth1 y eth2 y la maquina cliente que tengo no obtiene navegación a internet ago ping a las dos tarjetas desde mi maquina cliente y responden las dos interfaces el servidor si tiene navegación sin problemas, la verdad ya no se ni por donde atacar a este servidor. # Squid normally listens to port 3128 http_port 3128 transparent El 4 de abril de 2011 20:59, Ramón Macías Zamora ramon.mac...@raykasolutions.com escribió: No veo nada raro, en /etc/squid/squid.conf debe estar puesto: http_port 3128 transparent la palabra *transparent* es imprescindible -- Ramón Macías Zamora Tecnología, Investigación y Desarrollo Guayaquil - Ecuador msn:ramon_mac...@hotmail.com skype: ramon_macias UserLinux# 180926 (http://counter.li.org) Cel:593-8-0192238 Tel:593 4 6044566 http://www.raykasolutions.com/ WEB SITES, HOSTINGS, DOMINIOS, MANTENIMIENTO DE EQUIPOS, REDES, SERVIDORES LINUX, SOPORTE. El 4 de abril de 2011 20:06, Mario Villela Larraza mario.villelalarr...@gmail.com escribió: supongo que si ha de ser una restricción, pero bueno lo pego aquí para mas rápido jejeje #!/bin/bash # # # Para guardar las reglas #+ iptables-save reglas #+ iptables-restore reglas # # Miramos si tenemos un parametro en linea de comando if [ -n $1 ] [ $1 = q ] then QUIET=1 else QUIET=0 fi # Registramos el inicio del firewall #FECHA=$(date +%C%y-%m-%d %H:%M) #echo $FECHA #/usr/bin/logger -p kern.notice -t NETFILTER \ # == Iniciado Cortafuegos: $FECHA = # PARAMETRIZACION DEL SCRIPT ## ### Definimos constantes para usar en el ###+ script if [ $QUIET = 0 ]; then echo Cargando parametros... fi # Binario de iptables IPTABLES=/sbin/iptables # INTERFACES # eth1 - conectado a internet con IP FIJA EXT_IF=eth1 EXT_IP=192.168.2.10 # eth2 - conectado a LAN LAN_IF=eth2 LAN_IP=10.0.0.1 LAN_RED=10.0.0.0/24 # lo - interfaz de loopback LOO_RED=127.0.0.0/8 # cualquier red ANY_RED=0.0.0.0/0 # MAQUINAS INTERNAS IP_SERVIDOR_FTP=10.0.0.12 IP_SERVIDOR_WEB=10.0.0.13 if [ $QUIET = 0 ]; then echo Cargando modulos... fi ## ### Nos aseguramos que tenemos cargados ###+ los modulos necesarios modprobe ip_conntrack_irc modprobe ip_conntrack_ftp modprobe ip_nat_irc modprobe ip_nat_ftp if [ $QUIET = 0 ]; then echo Limpiando FW... fi ## ### Limpiamos la configuracion existente # Limpiamos (flush) las reglas $IPTABLES -F # Borramos 'cadenas' de usuario $IPTABLES -X # Ponemos a cero paquetes y contadores $IPTABLES -Z # Limpiamos las reglas de NAT $IPTABLES -t nat -F # Borramos 'cadenas' de usuario de NAT $IPTABLES -t nat -X if [ $QUIET = 0 ]; then echo Estableciendo politicas... fi ## ### Establecemos las politicas por omision ###+ de las 'cadenas' # Por omision descartamos los paquetes $IPTABLES -P INPUT ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT # PREROUTING - NAT sobre la IP destino: normalmente desde inet hacia LAN # POSTROUTING - NAT sobre la IP origen: normalmente desde LAN hacia inet $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT # Relajamos la politica de salida #+ Dejamos salir paquetes de LAN_IP por LAN_IF $IPTABLES -A OUTPUT -o $LAN_IF -s $LAN_IP -j ACCEPT #+ Dejamos salir paquetes de EXT_IP por EXT_IF $IPTABLES -A OUTPUT -o $EXT_IF -s $EXT_IP -j ACCEPT if [ $QUIET = 0 ]; then echo - Denegacion de redes invalidas... fi ## # No admitimos desde el exterior redes locales (RFC 1918) #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 192.168.0.0/16 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 10.0.0.0/8 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 172.16.0.0/12 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 224.0.0.0/4 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 240.0.0.0/5 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s $LOO_RED-j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 0.0.0.0/8 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 169.254.0.0/16 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 255.255.255.255 -j DROP #$IPTABLES -t nat -A PREROUTING
Re: [CentOS-es] Problema cluster al bootear
/etc/drbd.conf:
global {
usage-count yes;
}
common
{
syncer {
rate 100M;
al-extents 257;
}
}
resource r0 {
protocol
C;
startup {
become-primary-on both; ### For Primary/Primary ###
degr-wfc-timeout 60;
wfc-timeout 30;
}
Te falta la política para actuar en caso de split brain, incorpórala en
este archivo de configuración y enseguida lo solucionarás.
saludos
epe
___
CentOS-es mailing list
CentOS-es@centos.org
http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] iptables + squid proxy transparente
de ser eso, el problema esta a la hora de definir tu red, debe ser 10.0.0.0/24 y no como lo estas haciendo. César D. Cruz Arrunátegui - Mensaje original - De: Mario Villela Larraza mario.villelalarr...@gmail.com Para: centos-es@centos.org Enviados: Lunes, 4 de Abril 2011 21:44:41 GMT -05:00 Colombia Asunto: Re: [CentOS-es] iptables + squid proxy transparente al intentar reinisiar mi servicio squid ejeccuta este error pero la verdad no se que sea 2011/04/04 21:38:45| squid.conf line 757: http_access rules 2011/04/04 21:38:45| aclParseAccessLine: expecting 'allow' or 'deny', got 'rules'. 2011/04/04 21:38:45| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '10.0.0.10-10.0.0.100/255.255.255.0' -- El 4 de abril de 2011 21:10, Mario Villela Larraza mario.villelalarr...@gmail.com escribió: si así esta aun así no hace el redireccionamiento entre eth1 y eth2 y la maquina cliente que tengo no obtiene navegación a internet ago ping a las dos tarjetas desde mi maquina cliente y responden las dos interfaces el servidor si tiene navegación sin problemas, la verdad ya no se ni por donde atacar a este servidor. # Squid normally listens to port 3128 http_port 3128 transparent El 4 de abril de 2011 20:59, Ramón Macías Zamora ramon.mac...@raykasolutions.com escribió: No veo nada raro, en /etc/squid/squid.conf debe estar puesto: http_port 3128 transparent la palabra *transparent* es imprescindible -- Ramón Macías Zamora Tecnología, Investigación y Desarrollo Guayaquil - Ecuador msn:ramon_mac...@hotmail.com skype: ramon_macias UserLinux# 180926 (http://counter.li.org) Cel:593-8-0192238 Tel:593 4 6044566 http://www.raykasolutions.com/ WEB SITES, HOSTINGS, DOMINIOS, MANTENIMIENTO DE EQUIPOS, REDES, SERVIDORES LINUX, SOPORTE. El 4 de abril de 2011 20:06, Mario Villela Larraza mario.villelalarr...@gmail.com escribió: supongo que si ha de ser una restricción, pero bueno lo pego aquí para mas rápido jejeje #!/bin/bash # # # Para guardar las reglas #+ iptables-save reglas #+ iptables-restore reglas # # Miramos si tenemos un parametro en linea de comando if [ -n $1 ] [ $1 = q ] then QUIET=1 else QUIET=0 fi # Registramos el inicio del firewall #FECHA=$(date +%C%y-%m-%d %H:%M) #echo $FECHA #/usr/bin/logger -p kern.notice -t NETFILTER \ # == Iniciado Cortafuegos: $FECHA = # PARAMETRIZACION DEL SCRIPT ## ### Definimos constantes para usar en el ###+ script if [ $QUIET = 0 ]; then echo Cargando parametros... fi # Binario de iptables IPTABLES=/sbin/iptables # INTERFACES # eth1 - conectado a internet con IP FIJA EXT_IF=eth1 EXT_IP=192.168.2.10 # eth2 - conectado a LAN LAN_IF=eth2 LAN_IP=10.0.0.1 LAN_RED=10.0.0.0/24 # lo - interfaz de loopback LOO_RED=127.0.0.0/8 # cualquier red ANY_RED=0.0.0.0/0 # MAQUINAS INTERNAS IP_SERVIDOR_FTP=10.0.0.12 IP_SERVIDOR_WEB=10.0.0.13 if [ $QUIET = 0 ]; then echo Cargando modulos... fi ## ### Nos aseguramos que tenemos cargados ###+ los modulos necesarios modprobe ip_conntrack_irc modprobe ip_conntrack_ftp modprobe ip_nat_irc modprobe ip_nat_ftp if [ $QUIET = 0 ]; then echo Limpiando FW... fi ## ### Limpiamos la configuracion existente # Limpiamos (flush) las reglas $IPTABLES -F # Borramos 'cadenas' de usuario $IPTABLES -X # Ponemos a cero paquetes y contadores $IPTABLES -Z # Limpiamos las reglas de NAT $IPTABLES -t nat -F # Borramos 'cadenas' de usuario de NAT $IPTABLES -t nat -X if [ $QUIET = 0 ]; then echo Estableciendo politicas... fi ## ### Establecemos las politicas por omision ###+ de las 'cadenas' # Por omision descartamos los paquetes $IPTABLES -P INPUT ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT # PREROUTING - NAT sobre la IP destino: normalmente desde inet hacia LAN # POSTROUTING - NAT sobre la IP origen: normalmente desde LAN hacia inet $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT # Relajamos la politica de salida #+ Dejamos salir paquetes de LAN_IP por LAN_IF $IPTABLES -A OUTPUT -o $LAN_IF -s $LAN_IP -j ACCEPT #+ Dejamos salir paquetes de EXT_IP por EXT_IF $IPTABLES -A OUTPUT -o $EXT_IF -s $EXT_IP -j ACCEPT if [ $QUIET = 0 ]; then echo - Denegacion de redes invalidas... fi ## # No admitimos desde el exterior redes locales (RFC 1918) #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 192.168.0.0/16 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 10.0.0.0/8 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 172.16.0.0/12 -j DROP #$IPTABLES -t nat -A PREROUTING -i $EXT_IF -s 224.0.0.0/4 -j DROP #$IPTABLES
Re: [CentOS-es] iptables + squid proxy transparente
On Lun 04 Abr 2011 23:44:41 Mario Villela Larraza escribió: al intentar reinisiar mi servicio squid ejeccuta este error pero la verdad no se que sea 2011/04/04 21:38:45| squid.conf line 757: http_access rules 2011/04/04 21:38:45| aclParseAccessLine: expecting 'allow' or 'deny', got 'rules'. 2011/04/04 21:38:45| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '10.0.0.10-10.0.0.100/255.255.255.0' Y si te esta dando esos errores seguramente el squid no este funcionando intenta arreglarlos el primero parece ser algun error de tipeo el segundo pone /24 en ves de /255.255.255.0 ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] iptables + squid proxy transparente
podrías enviar el contenido de /etc/squid/squid.conf ? -- Ramón Macías Zamora Tecnología, Investigación y Desarrollo Guayaquil - Ecuador msn:ramon_mac...@hotmail.com skype: ramon_macias UserLinux# 180926 (http://counter.li.org) Cel:593-8-0192238 Tel:593 4 6044566 http://www.raykasolutions.com/ WEB SITES, HOSTINGS, DOMINIOS, MANTENIMIENTO DE EQUIPOS, REDES, SERVIDORES LINUX, SOPORTE. 2011/4/5 Maximo Monsalvo max...@yahoo.com.ar On Lun 04 Abr 2011 23:44:41 Mario Villela Larraza escribió: al intentar reinisiar mi servicio squid ejeccuta este error pero la verdad no se que sea 2011/04/04 21:38:45| squid.conf line 757: http_access rules 2011/04/04 21:38:45| aclParseAccessLine: expecting 'allow' or 'deny', got 'rules'. 2011/04/04 21:38:45| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '10.0.0.10-10.0.0.100/255.255.255.0' Y si te esta dando esos errores seguramente el squid no este funcionando intenta arreglarlos el primero parece ser algun error de tipeo el segundo pone /24 en ves de /255.255.255.0 ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Servidor FTP para usuarios registrados y anonimos
Amigos tengo un servidor ftp funcionando bien con autentificacion de usuarios, pero quiero poner una carpeta con una informacion general que todos puedan leer sin tener que logearse,es decir que la vean tanto los usuarios registrados y los invitados tambien. Gracias de antemano -- Fidel Dominguez-Valero Linux User: 433411 Website: http://www.valerofix.ryanhost.net ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] modificar comando mail
Usas postfix ? Otra seria agregar en el submit.cf un relay en DS (DS relay.com) El 21/03/11 12:07, Antonio Manogue escribió: GRACIAS a ambos. Este es el contenido de mi /etc/mail/access [root@server scripts]# grep -v # /etc/mail/access Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY y por necesidad de la plataforma esta es la configuracion del servicio sendmail [root@server]# chkconfig --list| grep sendmail sendmail 0:desactivado 1:desactivado 2:desactivado 3:desactivado 4:desactivado 5:desactivado 6:desactivado Un saludo,. - Mensaje original - Creo que podrías probar editando el archivo /etc/mail/access y aumentando la línea 127.0.0.1 RELAY Luego debes recrear la Base de datos del correo con: make -C /etc/mail y por último hacer: service sendmail restart ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] modificar comando mail
Gracias a todos los que habéis colaborado. Al final envío los log por SCP a la máquina de la plataforma de correo en la que si se está ejecutando sendmail y desde allí ya lanzo los informes correspondientes. Un saludo. - Mensaje original - | Usas postfix ? | | Otra seria agregar en el submit.cf un relay en DS (DS relay.com) | | El 21/03/11 12:07, Antonio Manogue escribió: | GRACIAS a ambos. | | | Este es el contenido de mi /etc/mail/access | | [root@server scripts]# grep -v # /etc/mail/access | Connect:localhost.localdomain RELAY | Connect:localhost RELAY | Connect:127.0.0.1 RELAY | | y por necesidad de la plataforma esta es la configuracion del | servicio sendmail | | [root@server]# chkconfig --list| grep sendmail | sendmail 0:desactivado 1:desactivado 2:desactivado 3:desactivado | 4:desactivado 5:desactivado 6:desactivado | | Un saludo,. | | | | - Mensaje original - | | | Creo que podrías probar editando el archivo /etc/mail/access y | aumentando la línea | | 127.0.0.1 RELAY | | Luego debes recrear la Base de datos del correo con: | | make -C /etc/mail | | y por último hacer: | | service sendmail restart | | ___ | CentOS-es mailing list | CentOS-es@centos.org | http://lists.centos.org/mailman/listinfo/centos-es | _ | Mensaje analizado y protegido por Telefonica Grandes Clientes ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Centos 6 Update?
Le 05/04/2011 02:24, Brian Mathis a écrit : On Mon, Apr 4, 2011 at 8:10 PM, Rudi Ahlersr...@softdux.com wrote: On Tue, Apr 5, 2011 at 1:56 AM, Brian Mathis brian.mathis+cen...@betteradmin.com wrote: Rudi, Cut the crap. You're intentionally changing the context of the discussion, so please stop posting. No one has demanded that the Devs send an email every time they take a shi^H^H^H^H^H^H^H make a cup of coffee, as you have said. In fact no one has demanded anything. Requests, yes. A post once in a while with some real information (other than we're working on it) would be nice. Also I don't see any comments demanding anyone do anyone else's work for them. Again, you have twisted the conversation to become more of a flamefest by making things up that are not true. Not one post has demanded anything. Everyone is here because they care about the project. That's what is constantly missing in the replies by those who continue to browbeat and deride anyone simply looking for information. It's a symptom of a deeper problem that will only be made worse by that kind of treatment. // Brian Mathis Brian, since you take it so personal, you should cut the crap. And grow up. Have you actually followed, properly, what has been said the past few weeks about the last updates (i.e. 4.9 / 5.6 6.0?) about people leaving CentOS cause other products are better and how the devs should step up to keep up with the rest of the world? I personally, as well as many others (looking at their comments) are more than happy to wait for the next release - exactly when it released. I rely on CentOS for one reason - it's stability and security. I don't want a half-ass-baked distro.And I frankly don't care what you think about it. If you don't like it, then move on. Get RedHat, or Novell or Debian, or whatever fits your needs. BUT PLEASE, stop putting extra pressure on the devs cause you have some personal vendetta against how quickly they release their updates. Surely, when you started using CentOS, you knew exactly what it was and what it's relationship was with it's upstream vendor. Now, due to their changes, CentOS updates gets delayed. Live with it, or get in touch with Red Hat and take it out on them. The last thing I want to see if CentOS coming to a grinding halt because the demand for half-tested-and-released-too-soon-releases and everyone want an update every 5 days have become too so great the devs can't get to doing their work properly anymore. I really have no way to respond to such a thorough misreading of what I have said. I don't even know where to begin. For everything you claim I have said I have in fact said the exact opposite. I have no idea where you get the idea of lumping me in with those throwing a tizzy about the releases not being ready. The only thing I have said is that if we want these weekly threads to stop there needs to be better communication. How that translates in your head as me and everyone else demanding all sorts of things, pressuring the project, or wanting premature releases is simply beyond any ability of reasonable thought. // Brian Mathis P.S. I do take it very personally when someone mis-characterizes something I have said. Brian, I agree with you and am amazed of the misinterpretation of what we say. I too am only asking for more regular short updates of what is going on with the project. I think it is something normal for a community project, and that can give trust in it. Alain -- == Alain Péan - LPP/CNRS Administrateur Système/Réseau Laboratoire de Physique des Plasmas - UMR 7648 Observatoire de Saint-Maur 4, av de Neptune, Bat. A 94100 Saint-Maur des Fossés Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33 == ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ZFS @ centOS
On 4/2/2011 2:54 PM, Dawid Horacio Golebiewski wrote: You might be asking why I didn't choose to make a ~19 TB RAID-5 volume for the native 3ware RAID test That is really a no-brainer. In the time it takes to re-build such a RAID, another disk might just fail and the R in RAID goes down the toilet. Your 19-disk RAID5 just got turned into 25kg of scrap-metal. As for ZFS - we're using it with FreeBSD with mixed results. The truth is, you've got to follow the development very closely and work with the developers (via mailinglists), potentially testing patches/backports from current - or tracking current from the start. It works much better with Solaris. Frankly, I don't know why people want to do this ZFS on Linux thing. It works perfectly well with Solaris, which runs most stuff that runs on Linux just as well. I wouldn't try to run Linux-binaries on Solaris with lxrun, either. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 Update?
Karanbir Singh wrote: On 04/04/2011 08:23 PM, Ljubomir Ljubojevic wrote: And I was the only one to compile Skype 2.1.0.81 rpm for CentOS/RHEL 5.x (as far as I know). thats interesting. Care to point us at the source for skype ? - KB rpm is here: http://rpms.plnet.rs/centos5-i386/RPMS.plnet/skype-2.1.0.81-1.el5.noarch.rpm source rpm is now currently publicly available since I rearranged my repository links/path but haven't finished. Ljubomir ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd: Authentication Failures: 137 Time(s)
On Tue, 5 Apr 2011, rrich...@blythe.org wrote: 1) Move sshd to another port, one higher than 5000 I'd have mixed feelings about the Wisdom of running on a non-reserved port. jh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 Update?
On Tue, 5 Apr 2011, Ljubomir Ljubojevic wrote: rpm is here: http://rpms.plnet.rs/centos5-i386/RPMS.plnet/skype-2.1.0.81-1.el5.noarch.rpm source rpm is now currently publicly available since I rearranged my repository links/path but haven't finished. Since when did skype become noarch? I'm assuming this is just a wrapper around the presumably rearranged binaries that skype ship. Source RPM then becomes a bit of a misnomer. jh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd: Authentication Failures: 137 Time(s)
On Tue, Apr 5, 2011 at 10:17 AM, John Hodrien j.h.hodr...@leeds.ac.uk wrote: On Tue, 5 Apr 2011, rrich...@blythe.org wrote: 1) Move sshd to another port, one higher than 5000 I'd have mixed feelings about the Wisdom of running on a non-reserved port. Why, We've been running SSH on hundreds of servers on a port higher than 5000 for year now and no problems at all. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd: Authentication Failures: 137 Time(s)
On Tue, 5 Apr 2011, Rudi Ahlers wrote: Why, We've been running SSH on hundreds of servers on a port higher than 5000 for year now and no problems at all. I always feel slightly ickie about running services on ports normal users can run on (this obviously depends a lot on who can run processes on the host). Anything that can convince sshd to restart or crash can then potentially nobble that port. With an intelligent user base this is no worse than any other man-in-the-middle attack or DoS since they'll refuse to login when the key doesn't match. jh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd: Authentication Failures: 137 Time(s)
On Tuesday 05 April 2011 11:27:49 Rudi Ahlers wrote: On Tue, Apr 5, 2011 at 10:17 AM, John Hodrien j.h.hodr...@leeds.ac.uk wrote: On Tue, 5 Apr 2011, rrich...@blythe.org wrote: 1) Move sshd to another port, one higher than 5000 I'd have mixed feelings about the Wisdom of running on a non-reserved port. Why, We've been running SSH on hundreds of servers on a port higher than 5000 for year now and no problems at all. I'm also running ssh on non standard port for more then 7 years and this is on a couple of thousend servers. Its not a problem if you simply add 'Port XXX' to your ~/.ssh/config . However, the traffic to ssh has reduced with only 40%. In the begining it was very good, we were surprised, how almost all failed attempts dissapeared. But in the following months that number increased and reached 60-65% of the original number. Introducing a Hawk helped us a lot. Tools like Hawk and fail2ban are quite useful, actually only thinks like that have good impact on the bruteforce attempts. Regards, Marian Marinov signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Door not hitting me on my way out
On Mon, 2011-04-04 at 18:03 +0100, Marko Vojinovic wrote: On Monday 04 April 2011 12:25:06 Mister IT Guru wrote: The one thing I would love to be able to contribute my time to is helping test new code, and get it out the door so guys on the street can test it out. Before you get flamed-off by people who are already extremely pissed by previous infinity of discussions on this topic, let me try to summarize the answers to your questions, collected from all previous flames that were going on for the past three months. ;-) Hopefully, my answer could prevent yet another flame starting up... :-) Also, I am not a developer of CentOS (or of anything else) myself, but just an ordinary user. So I am just going to rehash and summarize what I have read from more knowledgeable people on this list. Maybe it's my curiosity, but my brain tells me that Fedora is the forerunner for RHEL. And the Fedora code is out there. CentOS is built from the RHEL code, with all RHEL specific items removed. Ergo - If I replicate the build environment on some of my machines, Herein lies the main problem: *there* *is* *no* *build* *environment* yet. In other words --- the Fedora environment is far too big/generic/unsuitable/whatever (am I right here?), and RedHat is not interested in giving details about their build environment. I think I am beginning to understand. No build environment? *applauds the CentOS devs* Wait does this mean that you use trial and improvement, as you attempt to get to 100% binary compatibility? Awesome If this is the case, surely that must take a lot of man power? Dev guys - Ask the list for ten minions to do your bidding. I am prepared to become a minion, it would really help if more people had your back when it comes to RHEL doing updates etc. You won't even need to remind the list, you got minions for that! So the main problem that CentOS team has to solve with each major release is to construct a build environment that will produce binaries that are bit-by- bit equivalent to official RHEL (up to trademarks, branding and some other stuff). Okay - This makes sense. Do we have a flow chart somewhere online that details this process? Where can assistance be provided? If the CentOS devs can give me a spec on thier build environment, I'm sure I could devise a way to allow others to duplicate the same environment in KVM and help. From my naive understanding, this boils down to the proper order in which packages are supposed to be built. There is more than one possible ordering, and only one will give binary equivalent set of packages. A lot of coffee required here! Woah, serious dev guys, is the workload to this degree? Hey Devs, we *OWE* you! we owe you BIG time, put us to work dammit! I am probably oversimplifying things, but it roughly goes as follows: 1) start from some build environment 2) compile the whole distro 3) compare the result bit-by-bit with RHEL binaries 4) if it matches you're done; if it doesn't match, modify the build environment and go back to 1). This is a major achievement for the CentOS devs. Can't we share our spare cycles, and build some sort of bastardised deep blue? Crank together our own grid! *maybe when we hit CentOS 9 or so we will be, here's hoping!* AFAIU, the CentOS devs are currently in the above loop. Once they are done, testing will begin and CentOS 6 will probably be released shortly thereafter. However, nobody knows how much time is it going to take to finish the loop. Not even the devs can estimate that, so better don't ask them! ;-) Time, time time! I don't care how long it takes, so long as it gets done! I have enough faith in previous CentOS builds to be able to wait until the next one is ready. Anyway, I *never* update my production servers until my test rigs are rock solid, and there is at least talk of another update :) I hope that this clears up some things. (KVM and XEN both running riot all over my systems, but not doing anything useful for me! :( ), then surley I should be able to get some postive results, and be able to contrib that back to the guys upstream. That's what my brain tells me. I don't mind running build environments, or test environments or whatever - I guess what I'm saying is GIMME SOME OF YOUR WORKLOAD!! As should be obvious from above, the problem is not in the workload. It's about reverse-engineering the build environment. More computing power (or manpower for that matter) will not help in a significant way. Woah, what a way to crush my hopes of a grid of global CentOS systems kicking IBM in the nuts. So to further my understanding, just so that we can maintain binary compatibility with RHEL, the CentOS devs have to hit on by chance a build environment that produces the same output as the equivalent RHEL version. In general it could help, but the devs need to invest some serious time to train you to do that
Re: [CentOS] Centos 6 Update?
Dear Centos Developers, Thank you. I am grateful for all your hard work in providing an enterprise-level OS for my small business. I desire 6.0 for it's ext4/NFS4 support but beggars can't be choosers (Red Hat costs way out of my league). I have joined the Centos Announce list and will just wait my time. A donation may even be possible if my Wife will let me ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Greg Neumann helpwithit.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 Update?
On 4 April 2011 23:11, David Brian Chait dch...@invenda.com wrote: I have to provide a reliable and scalable infrastructure, and that requires a reliable provider / updates. While I do not need Centos 6 today, this development cycle has certainly raised questions as to whether the development process can be relied upon. The whole when it's ready mantra works well for academic/individual users, but you can't plan business processes based on it. Yet you can. The only 5.6 update that has been rated as critical has been firefox. The previous critical update was exim which was for 5.5 which we had. I would place this firefox update at low priority as i would guess that close to 100% of the millions of installations will be running CentOS on servers rather than on workstations. Whilst i use CentOS for my desktops, and appreciate the complete stability that i have enjoyed since deploying 5.0 on these platforms i really care about my internet facing production servers and these are not impacted at all by waiting for 5.6 (or 6). I am looking forward to 6 coming out but just so that i can play with it and install it on some boxen that i have waiting in their packaging but i am in no rush. In the same way i would rather have 5.6 when it is done. Therefore the business process for remaining on 5 doesn't change especially with php53 and bind97 in testing so already available Based on previous experience, if there was a critical update for a core server service (or if there was an issue which was going to be critical to systems within a certain time zone c) then it would be pushed sooner. If your business process demands some feature of 6 (kvm / tpm / power savings / storage drivers) then you have enough money to buy some licences for rhel 6 to enable your testing and the beauty of CentOS is knowing that you can then replicate and upscale your testing environment to production on CentOS 6 without worrying about having to go though another full testing cycle due to the promise of full binary compatibility, not sure that you can do that with SL as they have a different raison d'etre With regards to communication to the community IMHO you can assume that the lack of it indicates the effort required to get 4.9, 5.6 and 6 out the door and underlines the devs determination to get it right first time. As evidence of this, follow CentOS mailing list and look at how many help threads are from problems with the core product. It must be quite a burden to know that releasing CentOS that isn't bug for bug compatible with RHEL or is flawed in some way could cause many, many production servers to fall over. I would like to thank the devs for all their time and effort mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KILL THIS THREAD ( Centos 6 Update?)
+100 Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 Update?
I personally am happy with my CentOS 5.x, and a waiting patiently for the future release. However, in our FOSS world, the community is helping on a regular basis, for everything : coding, documentation, QA, support - maybe somebody from the community should step in, get in touch with the devs and help for PR, as there seems to be such a need. --- Robert GRASSO System engineer CEDRAT S.A. 15 Chemin de Malacher - Inovallée - 38246 MEYLAN cedex - FRANCE Phone: +33 (0)4 76 90 50 45 - Fax: +33 (0)4 56 38 08 30 mailto:robert.gra...@cedrat.com - http://www.cedrat.com Brian, I agree with you and am amazed of the misinterpretation of what we say. I too am only asking for more regular short updates of what is going on with the project. I think it is something normal for a community project, and that can give trust in it. Alain -- == Alain Péan - LPP/CNRS Administrateur Système/Réseau Laboratoire de Physique des Plasmas - UMR 7648 Observatoire de Saint-Maur 4, av de Neptune, Bat. A 94100 Saint-Maur des Fossés Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33 == ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Feeding CentOS build results to twitter (was: Centos 6Update?)
centos-boun...@centos.org wrote: On Mon, 4 Apr 2011, Digimer wrote: As an aside, does the CentOS build environment (understanding that it needs to be built, too), able to tweet something like last build; X packages OK, Y packages failed? This was done on a trailling basis for a couple side arch's builders by me and another. It turns out to be a lot of chatter and 'noise', and not much 'signal' I would venture: It would be more polite and civil chatter than what this thread has put into the CentOS mailing list archives. *cringes at the difficulty that strangers face, wading through our slop looking for helpful tidbits of know-how* Thought for posting guidelines for this list: If it's not a request for help with a CentOS component, or an answer thereto, it probably doesn't belong on this list Insert spiffy .sig here: Life is complex: it has both real and imaginary parts. //me *** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.Hubbell.com - Hubbell Incorporated** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Migrating standalone systems to KVM
On Thu, 2011-03-31 at 05:41 -0700, Benjamin Franz wrote: I haven't tried it, but in theory you could take a clonezilla image of the physical machine and restore it to a KVM disk image: Just create the initial virtual drives at least as large as the originals, boot clonezilla in the VM and restore from the images. That's an excellent idea! I didn't consider it when I was trying to figure out how to migrate a physical CentOS 5 server to a KVM. On 1.4.2011 4.38, Kanwar Ranbir Sandhu wrote: I will try this just for shits and giggles. Please let us know what you will find out. - Jussi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] 3.5 kernel panic on boot
Yes, I know 3.5 is old. However in this case it's required for a legacy app. a fresh install get's me: kmod: failed to exec /sbin/modprobe -s -k block-major-104, errno = 2 followed by: VFS: Cannot open root device cciss/c0d0p2 or 68:02 The system is an HP DL380 G4. any thought on what could cause this? the rescue system is able to mount the disk and grub-install works to re-install grub on the device. TIA Bruce Ferrell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3.5 kernel panic on boot
centos-boun...@centos.org wrote: Yes, I know 3.5 is old. However in this case it's required for a legacy app. a fresh install get's me: kmod: failed to exec /sbin/modprobe -s -k block-major-104, errno = 2 The system is an HP DL380 G4. any thought on what could cause this? errno =2 = No such file or directory I presume you have working copies of CentOS 3.5, so Compare /etc/modprobe.conf between working and new system Compare /lib/modules/ between working and new system Insert spiffy .sig here: Life is complex: it has both real and imaginary parts. //me *** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.Hubbell.com - Hubbell Incorporated** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3.5 kernel panic on boot
Yes, I know 3.5 is old. However in this case it's required for a legacy app. a fresh install get's me: kmod: failed to exec /sbin/modprobe -s -k block-major-104, errno = 2 followed by: VFS: Cannot open root device cciss/c0d0p2 or 68:02 The system is an HP DL380 G4. any thought on what could cause this? Does your installed system have the cciss device entries that are needed? Is the cciss driver reflected in your /etc/modprobe.conf, and was it there when the initrd was built? If you're missing your /dev/cciss entries locating and running mkdev.cciss should create them. Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3.5 kernel panic on boot
2011/4/5 Bruce Ferrell bferr...@baywinds.org: Yes, I know 3.5 is old. However in this case it's required for a legacy app. What legacy app? You should install centos 5.5 and run legacy app under virtual machine running centos 3.5 .. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 Update?
Quoting Michael Simpson mikie.simp...@gmail.com: see my remarks below On 4 April 2011 23:11, David Brian Chait dch...@invenda.com wrote: I have to provide a reliable and scalable infrastructure, and that requires a reliable provider / updates. While I do not need Centos 6 today, this development cycle has certainly raised questions as to whether the development process can be relied upon. The whole when it's ready mantra works well for academic/individual users, but you can't plan business processes based on it. Yet you can. The only 5.6 update that has been rated as critical has been firefox. The previous critical update was exim which was for 5.5 which we had. I would place this firefox update at low priority as i would guess that close to 100% of the millions of installations will be running CentOS on servers rather than on workstations. Whilst i use CentOS for my desktops, and appreciate the complete stability that i have enjoyed since deploying 5.0 on these platforms i really care about my internet facing production servers and these are not impacted at all by waiting for 5.6 (or 6). I am looking forward to 6 coming out but just so that i can play with it and install it on some boxen that i have waiting in their packaging but i am in no rush. In the same way i would rather have 5.6 when it is done. Therefore the business process for remaining on 5 doesn't change especially with php53 and bind97 in testing so already available Based on previous experience, if there was a critical update for a core server service (or if there was an issue which was going to be critical to systems within a certain time zone c) then it would be pushed sooner. If your business process demands some feature of 6 (kvm / tpm / power savings / storage drivers) then you have enough money to buy some licences for rhel 6 to enable your testing and the beauty of CentOS is knowing that you can then replicate and upscale your testing environment to production on CentOS 6 without worrying about having to go though another full testing cycle due to the promise of full binary compatibility, not sure that you can do that with SL as they have a different raison d'etre With regards to communication to the community IMHO you can assume that the lack of it indicates the effort required to get 4.9, 5.6 and 6 out the door and underlines the devs determination to get it right first time. As evidence of this, follow CentOS mailing list and look at how many help threads are from problems with the core product. It must be quite a burden to know that releasing CentOS that isn't bug for bug compatible with RHEL or is flawed in some way could cause many, many production servers to fall over. I would like to thank the devs for all their time and effort mike sure, me too. I run CentOS servers and do all the patches every day and get great value for the money. But that doesn't make me deaf dumb and blind, the project management badly needs work. The firefox issue is a bit misleading for reasons mike points out, but for instance I can't deploy Drupal 7, for which there is a lot of demand, unless I open up non-CentOS repos. Not the end of the world, but one more avenue into the system and one more thing to watch out for. I mean I'd be happy to make a cash donation to get more bodies on the problem (when taken with all the other well-wishers and would-be supporters) but it doesn't seem as if there is a way. Dave ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- It is no measure of health to be well adjusted to a profoundly sick society. Krishnamurti ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] php53 and pear
Hi all We require some packages installed through pecl (apc and memcache) which we have done on CentOS 5.5 by installing php 5.2 from testing and also installing php-devel and php-pear to much success! We would like to move to php 5.3 after 5.6 comes out but I note that there is no specific php53-pear package in testing and the php-pear srpm in the 5server directory on ftp rc com seems to be quite old. I also note that there was a php53-pear.spec posted in this list file with (?unsanctioned) mention of the possibility of this going in extras. Is it prudent to install pear using the php go-pear.phar method for php53 and will this then give me access to pecl though with the same downside as using cpan for perl (do not want) or will there be an official php53-pear rpm available through centos.org? I'm sorry if this has been answered before but my google-fu seems to be letting me down. regards mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Migrating standalone systems to KVM
Jussi Hirvi wrote: On Thu, 2011-03-31 at 05:41 -0700, Benjamin Franz wrote: I haven't tried it, but in theory you could take a clonezilla image of the physical machine and restore it to a KVM disk image: Just create the initial virtual drives at least as large as the originals, boot clonezilla in the VM and restore from the images. That's an excellent idea! I didn't consider it when I was trying to figure out how to migrate a physical CentOS 5 server to a KVM. On 1.4.2011 4.38, Kanwar Ranbir Sandhu wrote: I will try this just for shits and giggles. Please let us know what you will find out. - Jussi I converted several bare-metal Windows systems to VirtualBox. KVM should be the same. I would clone C: partition to image file, create VirtualBox virt system with same partition size and create virtual shares whereimage file is located. Then I would clone from image to partition of virtual system and then reset Windows IDE drivers (Hiren's Boot CD and some BartPE can do it.) Doing this on Linux would entail dd or other cloning procedure and LiveCD or Installation media to be able to change hdd/partition device paths/names (if necessary) and you are done. Ljubomir ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php53 and pear
centos-boun...@centos.org wrote: Hi all will there be an official php53-pear rpm available through centos.org? I'm sorry if this has been answered before but my google-fu seems to be letting me down. GoogleTau asserts that CentOS 5.6 and 6.0 will be version-for-version identical to RHEL 5.6 6 respectively. Searching for what version of php63-pear is in which version of RHEL shows Redhat is including php53 in RHEL 5.6 Welcome to the waiting room... The baby is a mutha, and will come out when he damned well pleases. Insert spiffy .sig here: Life is complex: it has both real and imaginary parts. //me *** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.Hubbell.com - Hubbell Incorporated** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd: Authentication Failures: 137 Time(s)
Introducing a Hawk helped us a lot. Tools like Hawk and fail2ban are quite useful, actually only thinks like that have good impact on the bruteforce attempts. Indeed! I run Fail2Ban not only against SSH, but against SMTP/AUTH and IMAPS/POP3S (the only client mail protocols we support). It's amazing how many dictionary attacks take place against SMTP by persistent spamers! Besides the effect against dictionary attacks, it makes the morning reading of the secure log a pleasant experience. :-) However, moving to a non-standard SSH port has had a profound effect on the attempts. It's a triple whammy for the script kiddies. Find the port if you can, then you get 5 tries at a non-existent username/password before your packets get dropped on the floor, and you are totally blocked from the entire system for an hour. Bob ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd: Authentication Failures: 137 Time(s)
On Tue, Apr 5, 2011 at 5:51 PM, rrich...@blythe.org wrote: Introducing a Hawk helped us a lot. Tools like Hawk and fail2ban are quite useful, actually only thinks like that have good impact on the bruteforce attempts. Indeed! I run Fail2Ban not only against SSH, but against SMTP/AUTH and IMAPS/POP3S (the only client mail protocols we support). It's amazing how many dictionary attacks take place against SMTP by persistent spamers! Besides the effect against dictionary attacks, it makes the morning reading of the secure log a pleasant experience. :-) However, moving to a non-standard SSH port has had a profound effect on the attempts. It's a triple whammy for the script kiddies. Find the port if you can, then you get 5 tries at a non-existent username/password before your packets get dropped on the floor, and you are totally blocked from the entire system for an hour. Bob fail2ban work very well against SSH, SMTP, POP3, FTP, etc, etc. Another useful tool is Config Server Firewall, which offers DDOS protection, and can be configured to email you when someone was blocked for bruteforce attempts. OR, you can use Port Knocking - which is a iptables script which monitors 2 or 3 ports, when telnetted to in a pre-configured sequence will open the SSH port in the firewall. This also works very well -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] 32-bit kernel+XFS+16.xTB filesystem = potential disaster (was:Re: ZFS @ centOS)
On Monday, April 04, 2011 11:09:29 PM Warren Young wrote: I did this test with Bonnie++ on a 3ware/LSI 9750-8i controller, with eight WD 3 TB disks attached. Both tests were done with XFS on CentOS 5.5, 32-bit. (Yes, 32-bit. Hard requirement for this application.) [snip] For the RAID-6 configuration, I used the 3ware card's hardware RAID, creating a single ~16 TB volume, formatted XFS. [snip] Dropping to 16.37 TB on the RAID configuration by switching to RAID-6 let us put almost the entire array under a single 16 TB XFS filesystem. You really, really, really don't want to do this. Not on 32-bit. When you roll one byte over 16TB you will lose access to your filesystem, silently, and it will not remount on a 32-bit kernel. XFS works best on a 64-bit kernel for a number of reasons; the one you're likely to hit first is the 16TB hard limit for *occupied* file space; you can mkfs an XFS filesystem on a 17TB or even larger partition or volume, but the moment the occupied data rolls over the 16TB boundary you will be in disaster recovery mode, and a 64-bit kernel will be required for rescue. The reason I know this? I had it happen. On a CentOS 32-bit backup server with a 17TB LVM logical volume on EMC storage. Worked great, until it rolled 16TB. Then it quit working. Altogether. /var/log/messages told me that the filesystem was too large to be mounted. Had to re-image the VM as a 64-bit CentOS, and then re-attached the RDM's to the LUNs holding the PV's for the LV, and it mounted instantly, and we kept on trucking. There's a reason upstream doesn't do XFS on 32-bit. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 32-bit kernel+XFS+16.xTB filesystem = potential disaster (was:Re: ZFS @ centOS)
On Tue, Apr 5, 2011 at 10:21 AM, Lamar Owen lo...@pari.edu wrote: You really, really, really don't want to do this. Not on 32-bit. When you roll one byte over 16TB you will lose access to your filesystem, silently, and it will not remount on a 32-bit kernel. XFS works best on a 64-bit kernel for a number of reasons; the one you're likely to hit first is the 16TB hard limit for *occupied* file space; you can mkfs an XFS filesystem on a 17TB or even larger partition or volume, but the moment the occupied data rolls over the 16TB boundary you will be in disaster recovery mode, and a 64-bit kernel will be required for rescue. The reason I know this? I had it happen. On a CentOS 32-bit backup server with a 17TB LVM logical volume on EMC storage. Worked great, until it rolled 16TB. Then it quit working. Altogether. /var/log/messages told me that the filesystem was too large to be mounted. Had to re-image the VM as a 64-bit CentOS, and then re-attached the RDM's to the LUNs holding the PV's for the LV, and it mounted instantly, and we kept on trucking. There's a reason upstream doesn't do XFS on 32-bit. Afaik 32-bit binaries do run on the 64-bit build and compat libraries exist for most everything. You should evaluate if you really *really* need 32-bit. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd: Authentication Failures: 137 Time(s)
rrich...@blythe.org wrote: Indeed! I run Fail2Ban not only against SSH, but against SMTP/AUTH and IMAPS/POP3S (the only client mail protocols we support). It's amazing how many dictionary attacks take place against SMTP by persistent spamers! Besides the effect against dictionary attacks, it makes the morning reading of the secure log a pleasant experience. :-) My SMTP server has Reverse DNS check active, so any SMTP request from IP that does not have Reverse DNS record is automatically forbidden. Even SMTP servers tht are not properly configured (like one Bank server in my country that sends mails from some obscure IP without DNS record even thou I know they are legit) are denied. fail2ban had some wrong with it, from the standpoint of my CentOS 5.x server (can't remember what I disliked), wheather it was rpm availability or something else, so I chose denyhosts. There was whole week recently without a single ssh attack on my 3 PC's (2 servers). Ljubomir ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Digest, Vol 75, Issue 5
On 04/05/2011 09:00 AM, John R Pierce wrote: AFAIK, no standard raid modes verify parity on reads, as this would require reading the whole slice for every random read. Only raid systems like ZFS that use block checksuming can verify data on reads. parity (or mirrors) are verified by doing 'scrubs' Further, even if a raid DID verify parity/mirroring on reads, this would at best create a nonrecoverable error (bad data on one of the N drives in the slice, no way of knowing which one is the bad one). Thanks John, that's good information, something I didn't know. So I should think of RAID-5/6 parity as a mechanism for recovering from a drive fault that is more space-efficient than simple mirroring. Maybe RAID-10 with hot spares is more than good enough in most applications, but I do like dual parity for its ability to recover even in the face of a disk error popping up during the rebuild. Am I being too paranoid? Too bad ZFS on Linux is still up at the fuse layer. I understand Btrfs is rolled into newer kernels and should be in CentOS-6, but I read somewhere it's not yet in stable release and has some potential issues, so I'm reluctant to try it. It won't have RAID-6-like parity for a while. The fact that Oracle has both ZFS and Btrfs under its wing is, um, interesting. I'm only asking for the world :-) Chuck ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to install wine ?
On Mon, Apr 4, 2011 at 4:01 AM, Rajan Dahal rajan.da...@gmail.com wrote: Hello friends, I have downloaded wine-1.3.13.tar.bz2 How to install it ? I have no internet connection. so I want to install it manually. I installed WINE, probably several months ago, or more, on this CentOS 5.5 32 bit box. It works very well. :-) Sadly, I can't remember where I got it. Probably, if you search back through the archives of this Mailing List and/or look on the CentOS.org web site, you will find information about how to do this quickly and a lot easier. You wrote that you do not have an Internet connection, but when you do, I suggest you download an RPM file and install it, as a previous responder suggested. -- Lanny Our Computer2.com Domain Name is For Sale on Sedo.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT Problem seeing slave drives.
This isn't specifically about cent os, but I am running cent os on this machine. I've got a Dell Dimension 2400 desktop pc. I've tried on a number of occasions to put a second hard drive in the machine, but I can't get the machine to recognize the second drive in BIOS. I'm going to try and keep this short and sweet. I've tried all that I know to try. I've set the jumpers on the drives to master and slave, I've tried setting the jumpers to cable select. I've changed the IDE ribbon cable. As far as I know, I've done all the trouble shooting steps that you'd do when having this problem. The only conclusion I can come up with, is that it's the BIOS. The one thing I haven't done is flash the BIOS, and I'm reluctant to do that. One other thing that I did try, was on the secondary IDE, I tried connecting a second CD drive, and the BIOS would not see it either. The machine will only see the drives that are connected to what would be the Master drive connection on the ribbon cable. Anyone have any ideas? Thanks Jim ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Understanding yum automatic upgrades
Hello, Sorry if this is somewhat naive, but I'm a little confused as to what the criteria is for that which will get upgraded automatically by yum and what will not. I see in our logwatch messages from time to time that yum upgraded a bunch of stuff, but I also notice that yum will not upgrade other packages at all (easy example is clamav, but there are others). Can someone explain or point me to where I can read about the distinction between what is and is not subjected to automatic upgrade? Thanks! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT Problem seeing slave drives.
2011/4/5 Jimmy Bradley bmobil...@ocellaris.net: This isn't specifically about cent os, but I am running cent os on this machine. I've got a Dell Dimension 2400 desktop pc. I've tried on a number of occasions to put a second hard drive in the machine, but I can't get the machine to recognize the second drive in BIOS. I'm going to try and keep this short and sweet. I've tried all that I know to try. I've set the jumpers on the drives to master and slave, I've tried setting the jumpers to cable select. I've changed the IDE ribbon cable. As far as I know, I've done all the trouble shooting steps that you'd do when having this problem. The only conclusion I can come up with, is that it's the BIOS. The one thing I haven't done is flash the BIOS, and I'm reluctant to do that. One other thing that I did try, was on the secondary IDE, I tried connecting a second CD drive, and the BIOS would not see it either. The machine will only see the drives that are connected to what would be the Master drive connection on the ribbon cable. Anyone have any ideas? Linux only uses bios for booting, so it is not needed on Linux. for cabling ide in same cable: 1st driver for master jumper and second using slave jumper. br, -- Eero, RHCE ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT Problem seeing slave drives.
Jimmy Bradley wrote: This isn't specifically about cent os, but I am running cent os on this machine. I've got a Dell Dimension 2400 desktop pc. I've tried on a number of occasions to put a second hard drive in the machine, but I can't get the machine to recognize the second drive in BIOS. I'm going to try and keep this short and sweet. I've tried all that I know to try. I've set the jumpers on the drives to master and slave, I've tried setting the jumpers to cable select. I've changed the IDE ribbon cable. As far as I know, I've done all the trouble shooting steps that you'd do when having this problem. The only conclusion I can come up with, is that it's the BIOS. The one thing I haven't done is flash the BIOS, and I'm reluctant to do that. One other thing that I did try, was on the secondary IDE, I tried connecting a second CD drive, and the BIOS would not see it either. The machine will only see the drives that are connected to what would be the Master drive connection on the ribbon cable. Anyone have any ideas? Ok, old system, IDE drives. You *might* want to mouse around in the BIOS itself, and look for odd corners, such as if something's disabled. I mean, we have a few older servers that I had to disable an option that was explicitly (though it didn't say so) and exclusively for OS/2, and these servers ain't 10 years old. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT Problem seeing slave drives.
centos-boun...@centos.org wrote: This isn't specifically about cent os, snip Anyone have any ideas? http://support.dell.com/ Don't contact Dell with your CentOS questions, nor bring your Dell questions here ... ... You should either drink much more, or much less. Insert spiffy .sig here: Life is complex: it has both real and imaginary parts. //me *** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.Hubbell.com - Hubbell Incorporated** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT Problem seeing slave drives.
2011/4/5 Brunner, Brian T. bbrun...@gai-tronics.com: centos-boun...@centos.org wrote: This isn't specifically about cent os, snip Anyone have any ideas? http://support.dell.com/ Don't contact Dell with your CentOS questions, nor bring your Dell questions here ... ... You should either drink much more, or much less. Anyway, external pci sata/ide card usually works and vodka with energy drink ;) -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM Host Disk Performance
Direct comparisons between the two were difficult to judge, but the general result was that the Host was between 2:1 and 3:1 better than the Guest, which seems to be a rather large performance gap. Latency differences were all over the map, which I find puzzling. The Host is 64-bit and the Guest 32-bit, if that makes any difference. Perhaps caching between Host and Guest accounts for some of the differences. It does sound as if the guests are relying on the host rather than accessing the block device directly. Drives should not use much cpu overhead thanks to DMA and improvements to drivers and hardware. When it's done correctly the host has little work to do. That doesn't sound like what's happening with your setup. Basically, you have to think about the guests as independent systems which are competing for disk access with the other guests, and with the host. If you have just one drive or array that's used by all, that's a large bottleneck. I've been working with VMs for a while now and have tried various ways to set up guests. Block devices can be done with or without LVM, although I've stopped using LVM on my systems these days. For reasons of speed and ease of maintenance and backups, what I've settled on is: a small separate drive for the host to boot from, a small separate drive for the guest OSes (I like using qcow2 on WD Raptors), and then a large array on a raid controller for storage which the guests and host can share access to. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT Problem seeing slave drives.
On Tue, Apr 5, 2011 at 8:44 PM, Brunner, Brian T. bbrun...@gai-tronics.com wrote: ... You should either drink much more, or much less. Was that comment really necessary? Maybe you should lay-off the pot a bit! -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT Problem seeing slave drives.
Rudi Ahlers wrote: On Tue, Apr 5, 2011 at 8:44 PM, Brunner, Brian T. bbrun...@gai-tronics.com wrote: ... You should either drink much more, or much less. Was that comment really necessary? Maybe you should lay-off the pot a bit! Hey, everyone needs to believe in something. I believe I'll have another bheer mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT Problem seeing slave drives.
On 04/05/11 11:37 AM, Jimmy Bradley wrote: This isn't specifically about cent os, but I am running cent os on this machine. I've got a Dell Dimension 2400 desktop pc. I've tried on a number of occasions to put a second hard drive in the machine, but I can't get the machine to recognize the second drive in BIOS. I'm going to try and keep this short and sweet. I've tried all that I know to try. I've set the jumpers on the drives to master and slave, I've tried setting the jumpers to cable select. I've changed the IDE ribbon cable. As far as I know, I've done all the trouble shooting steps that you'd do when having this problem. (Googles a bit) Ok, thats a Intel 845GV chipset[1], which supports UDMA100[2], so you must use 80 wire UDMA style IDE cables or get very unreliable results. wow, thats some old chit. With UDMA cables, they must be plugged in the correct way, the blue connector goes to the mainboard, the far end black connector goes to the 'master' (1st) drive, and the middle gray connector goes to the slave (2nd) drive. The drives should be jumpered as 'cable select' (but you /can/ use master/slave jumpering as LONG as they are connected in the correct order).The connectors should all be 'keyed' by a rectangular block molded on one side such that you can't plug them in the wrong way. There also should be a missing pin on the mobo and drives and a blocked pin on the cable that acts as a key. Both devices on the cable should be UDMA 100 capable, mixing older technology DMA33 stuff was bad news and resulted in all kinda funky behavior. phew, [1] indicates that system has 2 dimm slots with support for 256M and 512M dimms (DDR SDRAM), onboard shared memory graphics, and only has one internal drive bay, and a 200 or 230W PSU. Pentium-4 w/ 400 or 533Mhz FSB so its probably Northwood generation, circa 2002.The CMOS battery is likely a ball of toxic green fuzz right now. Frankly, anything that old, when it starts misbehaving, its time for the recycle bin. [1] http://support.dell.com/support/edocs/systems/dim2400/en/sm_en/specs.htm [2] page 28 http://downloadmirror.intel.com/15210/eng/D845GVSR_TechProdSpec.pdf http://downloadmirror.intel.com/15210/eng/D845GVSR_TechProdSpec.pdf [different board, but same chips and better documentation] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Printers, aka an old time sysadmin
Well, today, I feel like a real, old time sysadmin. Now, I didn't have to write a driver in assembly for the printer, but We got this huge, 44 HP Designjet z3200ps printer. Only supports Win and Mac. Fine, I hang it off of one of our servers on a subnet (at $0.96/foot paper, we're the only ones who print on it). Then I'm thinking that all I really need is a .ppd. My co-worker, who's also got a Mac, d/l's the Mac driver and extracts the .ppd. The Windoze one is apparently buried in a dll, you see I then figured out how to hack a .ppd. First, I found an ifdef construction, for Mac-only information. That worked on the small paper (24 width roll, small). Then the real paper, the 42 stuff. Why HP sells a 44 printer, but 42 paper, dunno, but there's no option for large format printing. After a pointless waste of half an hour on HP's live chat (not sure how many chats the guy was on), he tells me there's no driver. I call HP support, and talk to someone who seems to know a little more... but is sorta fuzzy on .ppd's, and then tells me that there ought to be an option to set a custom size, and seems to confirm what I read (in vi) in the ppd, that there are no settings for 42 paper. So I hacked it, and added settings for 42x34, and 42x60 (the usual size for posters). A lot was cut, paste, and substitute, but the one gotcha is that the actual paper size that the printer sees is in points. Once I got that, it worked beautifully. Anyone needs any info about hacking a .ppd, feel free to email me; if you have a beast of a z3200ps, I'll be glad to send you a copy of mine. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ZFS @ centOS
On 04/05/2011 09:00 AM, rai...@ultra-secure.de wrote: That is really a no-brainer. In the time it takes to re-build such a RAID, another disk might just fail and the R in RAID goes down the toilet. Your 19-disk RAID5 just got turned into 25kg of scrap-metal. As for ZFS - we're using it with FreeBSD with mixed results. The truth is, you've got to follow the development very closely and work with the developers (via mailinglists), potentially testing patches/backports from current - or tracking current from the start. It works much better with Solaris. Frankly, I don't know why people want to do this ZFS on Linux thing. It works perfectly well with Solaris, which runs most stuff that runs on Linux just as well. I wouldn't try to run Linux-binaries on Solaris with lxrun, either. During my current work building a RAID-6 VM Host system (currently testing with SL-6 but later CentOS-6) I had a question rolling around in the back of my mind whether or not I should consider building the Host with OpenSolaris (or the OpenIndiana fork) and ZFS RAID-Z2, which I had heard performs somewhat better on Solaris. I'd then run CentOS Guest OS instances with VirtualBox. But ... I've been reading about some of the issues with ZFS performance and have discovered that it needs a *lot* of RAM to support decent caching ... the recommendation is for a GByte of RAM per TByte of storage just for the metadata, which can add up. Maybe cache memory starvation is one reason why so many disappointing test results are showing up. Chuck ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] screen
Hi - under CentOS 5, has anyone be able to get the vertically splitting under screen to work? I downloaded the latest screen-4.0.3 and the wrp_vertical_split_0.3_4.0.2.diff.bz2 patch for vertical splitting and I still can't get it work. ^A | doesn't do anything. Horizontal splitting works fine. -- Agile ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT Problem seeing slave drives.
On Tue, 2011-04-05 at 12:14 -0700, John R Pierce wrote: On 04/05/11 11:37 AM, Jimmy Bradley wrote: This isn't specifically about cent os, but I am running cent os on this machine. I've got a Dell Dimension 2400 desktop pc. I've tried on a number of occasions to put a second hard drive in the machine, but I can't get the machine to recognize the second drive in BIOS. I'm going to try and keep this short and sweet. I've tried all that I know to try. I've set the jumpers on the drives to master and slave, I've tried setting the jumpers to cable select. I've changed the IDE ribbon cable. As far as I know, I've done all the trouble shooting steps that you'd do when having this problem. (Googles a bit) Ok, thats a Intel 845GV chipset[1], which supports UDMA100[2], so you must use 80 wire UDMA style IDE cables or get very unreliable results. wow, thats some old chit. I have some chit, that's older than that. I also have a dell L500R that I acquired from my step dad's mom. She's in a nursing home suffering from dementia, so she doesn't know if it's Monday, or July 4,1776. Anyway, normally I would've just scrapped a machine that old for parts, but I didn't feel like it would be the right thing to do, since she's still alive. So, on a whim, I stuck a 500gig hard drive in it, which the bios saw, and I loaded White box 4 on it, and I use it as a archiving/file storage machine. The machine runs just fine. It's got 512mb of ram in it, and super fast 433 mghrtz intel celeron cpu. It'll run circles around a comodore vic 20, or a TRS 80. Jim With UDMA cables, they must be plugged in the correct way, the blue connector goes to the mainboard, the far end black connector goes to the 'master' (1st) drive, and the middle gray connector goes to the slave (2nd) drive. The drives should be jumpered as 'cable select' (but you /can/ use master/slave jumpering as LONG as they are connected in the correct order).The connectors should all be 'keyed' by a rectangular block molded on one side such that you can't plug them in the wrong way. There also should be a missing pin on the mobo and drives and a blocked pin on the cable that acts as a key. Both devices on the cable should be UDMA 100 capable, mixing older technology DMA33 stuff was bad news and resulted in all kinda funky behavior. phew, [1] indicates that system has 2 dimm slots with support for 256M and 512M dimms (DDR SDRAM), onboard shared memory graphics, and only has one internal drive bay, and a 200 or 230W PSU. Pentium-4 w/ 400 or 533Mhz FSB so its probably Northwood generation, circa 2002.The CMOS battery is likely a ball of toxic green fuzz right now. Frankly, anything that old, when it starts misbehaving, its time for the recycle bin. [1] http://support.dell.com/support/edocs/systems/dim2400/en/sm_en/specs.htm [2] page 28 http://downloadmirror.intel.com/15210/eng/D845GVSR_TechProdSpec.pdf http://downloadmirror.intel.com/15210/eng/D845GVSR_TechProdSpec.pdf [different board, but same chips and better documentation] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Printers, aka an old time sysadmin
On Tue, Apr 5, 2011 at 16:05, m.r...@5-cent.us wrote: Well, today, I feel like a real, old time sysadmin. Now, I didn't have to write a driver in assembly for the printer, but Anyone needs any info about hacking a .ppd, feel free to email me; if you have a beast of a z3200ps, I'll be glad to send you a copy of mine. How about wikifying your experience? -- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ZFS @ centOS
But ... I've been reading about some of the issues with ZFS performance and have discovered that it needs a *lot* of RAM to support decent caching ... the recommendation is for a GByte of RAM per TByte of storage just for the metadata, which can add up. Maybe cache memory starvation is one reason why so many disappointing test results are showing up. Yes, it uses most of any available RAM as cache. Newer implementations can use SSDs as a kind of 2nd-level cache (L2-ARC). Also, certain on-disk logs can be written out to NVRAMs directly, speeding up things even more. Compared with Cache-RAM in RAID-Controllers, RAM for servers is dirt-cheap. The philosophy is: why put tiny, expensive amounts of RAM into the RAID-controller and have it try to make guesses on what should be cached and what not - if we can add RAM to the server directly at a fraction of the cost and let the OS handle _everything_ short of moving the disk-heads over the platters. IMO, it's a brilliant concept. Do you know if there is a lot of performance-penalty with KVM/VBox, compared to Solaris Zones? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Printers, aka an old time sysadmin
Eduardo Grosclaude wrote: On Tue, Apr 5, 2011 at 16:05, m.r...@5-cent.us wrote: Well, today, I feel like a real, old time sysadmin. Now, I didn't have to write a driver in assembly for the printer, but Anyone needs any info about hacking a .ppd, feel free to email me; if you have a beast of a z3200ps, I'll be glad to send you a copy of mine. How about wikifying your experience? Where - the CentOS wiki? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] screen
On Tue, Apr 05, 2011 at 12:57:03PM -0700, Agile Aspect wrote: Hi - under CentOS 5, has anyone be able to get the vertically splitting under screen to work? I downloaded the latest screen-4.0.3 and the wrp_vertical_split_0.3_4.0.2.diff.bz2 patch for vertical splitting and I still can't get it work. ^A | doesn't do anything. Horizontal splitting works fine. I like tmux. Available from rpmforge. I have a little page on it, which has links to a good cheatsheet http://home.roadrunner.com/~computertaijutsu/screentmux.html -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Cordelia: You're just a souless bloodsucking demon. They're LAWYERS ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] screen
On Tue, Apr 05, 2011 at 04:29:42PM -0400, Scott Robbins wrote: I like tmux. Available from rpmforge. I should have mentioned that it does do splitting both ways by default. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Anya: I swear, I am just trying to find my necklace. Willow: Well, did you try looking inside the sofa in hell? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KILL THIS THREAD ( Centos 6 Update?)
- Original Message - From:Kai Schaetzl mailli...@conactive.com To:centos@centos.org Cc: Sent:Tuesday, 5 April 2011, 13:21 Subject:Re: [CentOS] KILL THIS THREAD ( Centos 6 Update?) +100 Kai Anybody that thinks this thread can be killed is so badly mis-understanding the situation. This thread or others like it will continue to pop-up in the short term until all releases are in-line with RH and then they will continually re-appear with subsequent releases. So 'killing' the thread is akin to burying ones head in the sand. I question whether a rebuild project is a sensible way forward for anything but hobbyist use. That isn't a criticism of the dev team (before anyone tries to twist it as such) but more a question about the viability of the model. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding yum automatic upgrades
Sorry if this is somewhat naive, but I'm a little confused as to what the criteria is for that which will get upgraded automatically by yum and what will not. I see in our logwatch messages from time to time that yum upgraded a bunch of stuff, but I also notice that yum will not upgrade other packages at all (easy example is clamav, but there are others). Can someone explain or point me to where I can read about the distinction between what is and is not subjected to automatic upgrade? More info: yum-updatesd is running and I do not have yum-cron. yum-updatesd does a fine job from what I can tell, but I still cannot understand what criteria it applies to know which packages get upgraded and which do not. (?) The yum-updatesd configuration file is ultra-simple, so that doesn't seem to be where the update choice/distinction is being made. There seem to be people posting in various places that they prefer to use yum-cron, but I have no problems with yum-updatesd and I suspect yum-cron wouldn't address/answer my question anyway. Help? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding yum automatic upgrades
Simple answer: yum update will update *all* packages in the repo's that are *enabled*. Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding yum automatic upgrades
email builder wrote: Hello, Sorry if this is somewhat naive, but I'm a little confused as to what the criteria is for that which will get upgraded automatically by yum and what will not. I see in our logwatch messages from time to time that yum upgraded a bunch of stuff, but I also notice that yum will not upgrade other packages at all (easy example is clamav, but there are others). Can someone explain or point me to where I can read about the distinction between what is and is not subjected to automatic upgrade? Automatic upgrade (if yum upgrade is run), will upgrade all newer rpm packages that are in *enabled* repositories. If you installed from external repository that you keep disabled, those packages will not be automatically upgraded. Ljubomir ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KILL THIS THREAD ( Centos 6 Update?)
Ian Murray wrote on Tue, 5 Apr 2011 22:49:54 +0100 (BST): This thread or others like it will continue wrong. It will continue as long people bite. Stop biting the bait! Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Forcing IPv4 DNS lookups first before IPv6
Thank you! If forcing it to stop system-wide is not possible, is there any way of forcing IPv4 lookups to occur first then? On 4/4/2011 5:34 PM, Tom H wrote: On Mon, Apr 4, 2011 at 10:51 AM, Russell Jonesrjo...@eggycrew.com wrote: I am having a strange issue with CentOS 5.4 that I cannot seem to solve. Every DNS lookup results in records being requested first before A records. As a result, this causes a large amount of unnecessary DNS traffic on the network. IPv6 has been completely disabled on these servers: /etc/modprobe.conf, ipv6 off and net-pf-10 off /etc/sysconfig/network, NETWORKING_IPV6=no lsmod | grep ipv6 shows the kernel module no longer loaded. Yet watching TCP dump shows that records are requested before A records every time a login is requested from one of our local machines to another. Is there some sort of configuration directive I can use to force IPv4 lookups first before IPv6? Or even better, stop IPv6 lookups all together? Disabling ipv6 transport cannot prevent applications from making ipv6 queries - short of recompiling them as ipv4-only applications or having applications check whether there is a non-link-local ipv6 address before making an ipv6 query. I've seen these checks discussed but I don't think that they've been implemented - or, if they've been implemented, backported to CentOS 5. It's been going on for a while: https://www.redhat.com/archives/redhat-list/2009-March/msg00067.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding yum automatic upgrades
On Tue, Apr 5, 2011 at 6:14 PM, email builder emailbuilde...@yahoo.com wrote: Sorry if this is somewhat naive, but I'm a little confused as to what the criteria is for that which will get upgraded automatically by yum and what will not. I see in our logwatch messages from time to time that yum upgraded a bunch of stuff, but I also notice that yum will not upgrade other packages at all (easy example is clamav, but there are others). Can someone explain or point me to where I can read about the distinction between what is and is not subjected to automatic upgrade? More info: yum-updatesd is running and I do not have yum-cron. yum-updatesd does a fine job from what I can tell, but I still cannot understand what criteria it applies to know which packages get upgraded and which do not. (?) The yum-updatesd configuration file is ultra-simple, so that doesn't seem to be where the update choice/distinction is being made. There seem to be people posting in various places that they prefer to use yum-cron, but I have no problems with yum-updatesd and I suspect yum-cron wouldn't address/answer my question anyway. Help? Yum-updatesd does not automatically install packages (unless you configure it to), it only notifies you of ones that need updating. If no one is manually doing it, and you don't have do_update = yes in /etc/yum/yum-updatesd.conf, then you have installed something else that is performing the updates automatically. Are you sure the updates are actually getting installed, and it's not just noise in the log from yum-updatesd? // Brian Mathis P.S. The yum log doesn't have the year in the timestamp, and if it's not active it might not get rotated by logrotate. This can cause false messages sent from logwatch about packages that were installed last year. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS-5.5 Live CD netinstall
On Mon, Apr 4, 2011 at 11:33 AM, Timothy Murphy gayle...@eircom.net wrote: According to http://wiki.centos.org/Manuals/ReleaseNotes/CentOSLiveCD5.5 There is a Network Install option on the Live CD that is the same as our CentOS-5.5-i386-netinstall ISO. I've looked quite carefully at my CentOS-5.5 Live CD (on a USB stick), and I don't see a Network Install option anywhere. Could some kind soul explain where it can be found, please. Try hitting the space bar during the Automatic boot countdown screen. That should give you the boot menu with the option to do the network install. Also note that the next version of the LiveCD won't have this option: http://wiki.centos.org/Manuals/ReleaseNotes/CentOSLiveCD5.6 -- William Hooper ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding yum automatic upgrades
Sorry if this is somewhat naive, but I'm a little confused as to what the criteria is for that which will get upgraded automatically by yum and what will not. I see in our logwatch messages from time to time that yum upgraded a bunch of stuff, but I also notice that yum will not upgrade other packages at all (easy example is clamav, but there are others). Can someone explain or point me to where I can read about the distinction between what is and is not subjected to automatic upgrade? More info: yum-updatesd is running and I do not have yum-cron. yum-updatesd does a fine job from what I can tell, but I still cannot understand what criteria it applies to know which packages get upgraded and which do not. (?) The yum-updatesd configuration file is ultra-simple, so that doesn't seem to be where the update choice/distinction is being made. There seem to be people posting in various places that they prefer to use yum-cron, but I have no problems with yum-updatesd and I suspect yum-cron wouldn't address/answer my question anyway. Help? Yum-updatesd does not automatically install packages (unless you configure it to), it only notifies you of ones that need updating. If no one is manually doing it, and you don't have do_update = yes in /etc/yum/yum-updatesd.conf, then you have installed something else that is performing the updates automatically. It does look like updates are happening, but it's not clear to me by whom. do_update is set to no, but notification is by dbus, so I assumed that dbus is notifying another process to do the actual updates. Is there a way I can track that down? Are you sure the updates are actually getting installed, and it's not just noise in the log from yum-updatesd? Well, if I can take it at its word, updates *are* happening. Here is a snippet I clipped out of a logwatch a few months ago: - yum Begin Packages Updated: php-dba - 5.1.6-27.el5_5.3.i386 php - 5.1.6-27.el5_5.3.i386 php-devel - 5.1.6-27.el5_5.3.i386 php-cli - 5.1.6-27.el5_5.3.i386 php-common - 5.1.6-27.el5_5.3.i386 php-gd - 5.1.6-27.el5_5.3.i386 php-pdo - 5.1.6-27.el5_5.3.i386 php-mysql - 5.1.6-27.el5_5.3.i386 -- yum End - P.S. The yum log doesn't have the year in the timestamp, and if it's not active it might not get rotated by logrotate. This can cause false messages sent from logwatch about packages that were installed last year. Hmm, is there a known fix for this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Forcing IPv4 DNS lookups first before IPv6
On Tue, Apr 5, 2011 at 6:52 PM, Russell Jones rjo...@eggycrew.com wrote: Thank you! If forcing it to stop system-wide is not possible, is there any way of forcing IPv4 lookups to occur first then? You're welcome. In the case of traceroute, there shouldn't be any DNS requests when specifying ipv4 transport (-4). Perhaps you other applications have a similar option... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding yum automatic upgrades
Sorry if this is somewhat naive, but I'm a little confused as to what the criteria is for that which will get upgraded automatically by yum and what will not. I see in our logwatch messages from time to time that yum upgraded a bunch of stuff, but I also notice that yum will not upgrade other packages at all (easy example is clamav, but there are others). Can someone explain or point me to where I can read about the distinction between what is and is not subjected to automatic upgrade? Automatic upgrade (if yum upgrade is run), will upgrade all newer rpm packages that are in *enabled* repositories. If you installed from external repository that you keep disabled, those packages will not be automatically upgraded. Well, as I mentioned, yum-updatesd is running and doing the automatic updates. I'm specifically referring to the automatic updates and not manual command line updates by me. But assuming that yum-updatesd does the same thing as yum upgrade (how do I confirm this?), then the outstanding question is how to figure out why certain packages are not being updated. To take my easy example, clamav, when I need to update clamav, I have to go to the command line and do a yum upgrade clamav and it works as expected. Doesn't that mean its repo is enabled? If so, why isn't yum-updatesd updating it for me? If not, how do I find which repo it's coming from so I can enable it? (yum info just says installed for the Repo field). TIA! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Forcing IPv4 DNS lookups first before IPv6
On Tue, Apr 05, 2011 at 07:46:32PM -0400, Tom H wrote: In the case of traceroute, there shouldn't be any DNS requests when specifying ipv4 transport (-4). Umm, no. The transport protocol is irrelevant to the query. You can make queries over IPv4. Indeed I do that all the time. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Forcing IPv4 DNS lookups first before IPv6
On Tue, Apr 5, 2011 at 7:50 PM, Stephen Harris li...@spuddy.org wrote: On Tue, Apr 05, 2011 at 07:46:32PM -0400, Tom H wrote: In the case of traceroute, there shouldn't be any DNS requests when specifying ipv4 transport (-4). Umm, no. The transport protocol is irrelevant to the query. You can make queries over IPv4. Indeed I do that all the time. You can make ipv6 queries on ipv4 (which is what's happening to the OP since he's disabled ipv6 on his box) but I've just checked and traceroute doesn't make an query (unless I was in too big a hurry and missed it!). Whether other applications have an equivalent option and are this intelligent will have to be checked app by app, although it would be the logical behavior. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Printers, aka an old time sysadmin
on 15:05 Tue 05 Apr, m.r...@5-cent.us (m.r...@5-cent.us) wrote: Well, today, I feel like a real, old time sysadmin. Now, I didn't have to write a driver in assembly for the printer, but We got this huge, 44 HP Designjet z3200ps printer. Only supports Win and Mac. Fine, I hang it off of one of our servers on a subnet (at $0.96/foot paper, we're the only ones who print on it). Then I'm thinking that all I really need is a .ppd. My co-worker, who's also got a Mac, d/l's the Mac driver and extracts the .ppd. The Windoze one is apparently buried in a dll, you see I then figured out how to hack a .ppd. First, I found an ifdef construction, for Mac-only information. That worked on the small paper (24 width roll, small). Then the real paper, the 42 stuff. Why HP sells a 44 printer, but 42 paper, dunno, but there's no option for large format printing. After a pointless waste of half an hour on HP's live chat (not sure how many chats the guy was on), he tells me there's no driver. I call HP support, and talk to someone who seems to know a little more... but is sorta fuzzy on .ppd's, and then tells me that there ought to be an option to set a custom size, and seems to confirm what I read (in vi) in the ppd, that there are no settings for 42 paper. So I hacked it, and added settings for 42x34, and 42x60 (the usual size for posters). A lot was cut, paste, and substitute, but the one gotcha is that the actual paper size that the printer sees is in points. Once I got that, it worked beautifully. Anyone needs any info about hacking a .ppd, feel free to email me; if you have a beast of a z3200ps, I'll be glad to send you a copy of mine. A task with a very laudable history: http://oreilly.com/openbook/freedom/ch01.html -- Dr. Ed Morbius, Chief Scientist /| Robot Wrangler / Staff Psychologist| When you seek unlimited power Krell Power Systems Unlimited| Go to Krell! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding yum automatic upgrades
On Tue, Apr 5, 2011 at 7:40 PM, email builder emailbuilde...@yahoo.com wrote: Sorry if this is somewhat naive, but I'm a little confused as to what the criteria is for that which will get upgraded automatically by yum and what will not. I see in our logwatch messages from time to time that yum upgraded a bunch of stuff, but I also notice that yum will not upgrade other packages at all (easy example is clamav, but there are others). Can someone explain or point me to where I can read about the distinction between what is and is not subjected to automatic upgrade? More info: yum-updatesd is running and I do not have yum-cron. yum-updatesd does a fine job from what I can tell, but I still cannot understand what criteria it applies to know which packages get upgraded and which do not. (?) The yum-updatesd configuration file is ultra-simple, so that doesn't seem to be where the update choice/distinction is being made. There seem to be people posting in various places that they prefer to use yum-cron, but I have no problems with yum-updatesd and I suspect yum-cron wouldn't address/answer my question anyway. Help? Yum-updatesd does not automatically install packages (unless you configure it to), it only notifies you of ones that need updating. If no one is manually doing it, and you don't have do_update = yes in /etc/yum/yum-updatesd.conf, then you have installed something else that is performing the updates automatically. It does look like updates are happening, but it's not clear to me by whom. do_update is set to no, but notification is by dbus, so I assumed that dbus is notifying another process to do the actual updates. Is there a way I can track that down? Are you sure the updates are actually getting installed, and it's not just noise in the log from yum-updatesd? Well, if I can take it at its word, updates *are* happening. Here is a snippet I clipped out of a logwatch a few months ago: - yum Begin Packages Updated: php-dba - 5.1.6-27.el5_5.3.i386 php - 5.1.6-27.el5_5.3.i386 php-devel - 5.1.6-27.el5_5.3.i386 php-cli - 5.1.6-27.el5_5.3.i386 php-common - 5.1.6-27.el5_5.3.i386 php-gd - 5.1.6-27.el5_5.3.i386 php-pdo - 5.1.6-27.el5_5.3.i386 php-mysql - 5.1.6-27.el5_5.3.i386 -- yum End - P.S. The yum log doesn't have the year in the timestamp, and if it's not active it might not get rotated by logrotate. This can cause false messages sent from logwatch about packages that were installed last year. Hmm, is there a known fix for this? Rotate the log file yourself once a year. You can check if you are seeing this bug by looking at the /var/log/yum.log last modified time. If it was yesterday, then I suppose the packages were installed. As far as your other questions, how does it determine what packages to update, I think you will find it's not actually doing any updating. I have not used yum-updatesd to auto-update packages myself, but I would think it would automatically install any updated package. // Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] FTP server for registered and anonymous users
Friends I have a good ftp server working with authentication of users, but I want to put a folder with general information for everyone can read without having to log in, that is to be seen both registered users and guests too. -- Fidel Dominguez-Valero Linux User: 433411 Website: http://www.valerofix.ryanhost.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM Host Disk Performance
On Tue, Apr 5, 2011 at 11:49 AM, compdoc comp...@hotrodpc.com wrote: I've been working with VMs for a while now and have tried various ways to set up guests. Block devices can be done with or without LVM, although I've stopped using LVM on my systems these days. Just curious, why have you stopped using LVM? I've found it to be useful for allocating disk space to to KVM for virtual machines. I usually set up logical volumes on a separate volume group as block devices for the virtual machine to use. If there's an issue with this, I'd like to know about it. -Iain -- -- - Iain Morris iain.t.mor...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM Host Disk Performance
Just curious, why have you stopped using LVM? Simply for ease of maintenance: some recovery and backup utilities like clonezilla can't work with LVM. And because the same names for volume groups are used for each centos install, so trying to attach a drive or volume to a new system for rescue causes conflicts unless you take steps and use unique names from the start. (Although I hear that newer versions of centos/RH will create unique names for you) As I said, LVM works fine for VMs and can be used slice up a volume for guests to be used as a true block device. By the way, a true block device means a raw partition on the disk is given to the guest to format and use as its own - so no existing file system is present. It's almost like giving a guest its own drive to work from, and should operate at the same native speeds as the host. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FTP server for registered and anonymous users
On 04/05/11 6:45 PM, Fidel Dominguez-Valero wrote: Friends I have a good ftp server working with authentication of users, but I want to put a folder with general information for everyone can read without having to log in, that is to be seen both registered users and guests too. all FTP users have to log in, by convention, user anonymous (alias ftp) accepts any password, and is put in the ftp guest directory (/var/ftp by default on centos systems) so, all you should have to do is enable anonymous ftp and put your files for the anon user in the ftp guest directory. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FTP server for registered and anonymous users
Need more information. - Are you using vsftpd? Proftpd? - Are your users separate local user accounts that all have their own home directories? - Have you already looked at the anonymous FTP configuration for the FTP server software you are wanting to use? - Have you already looked at the welcome banner configuration if you are just wanting to give general server info on login? On 4/5/2011 8:45 PM, Fidel Dominguez-Valero wrote: Friends I have a good ftp server working with authentication of users, but I want to put a folder with general information for everyone can read without having to log in, that is to be seen both registered users and guests too. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding yum automatic upgrades
Sorry if this is somewhat naive, but I'm a little confused as to what the criteria is for that which will get upgraded automatically by yum and what will not. I see in our logwatch messages from time to time that yum upgraded a bunch of stuff, but I also notice that yum will not upgrade other packages at all (easy example is clamav, but there are others). Can someone explain or point me to where I can read about the distinction between what is and is not subjected to automatic upgrade? More info: yum-updatesd is running and I do not have yum-cron. yum-updatesd does a fine job from what I can tell, but I still cannot understand what criteria it applies to know which packages get upgraded and which do not. (?) The yum-updatesd configuration file is ultra-simple, so that doesn't seem to be where the update choice/distinction is being made. There seem to be people posting in various places that they prefer to use yum-cron, but I have no problems with yum-updatesd and I suspect yum-cron wouldn't address/answer my question anyway. Help? Yum-updatesd does not automatically install packages (unless you configure it to), it only notifies you of ones that need updating. If no one is manually doing it, and you don't have do_update = yes in /etc/yum/yum-updatesd.conf, then you have installed something else that is performing the updates automatically. It does look like updates are happening, but it's not clear to me by whom. do_update is set to no, but notification is by dbus, so I assumed that dbus is notifying another process to do the actual updates. Is there a way I can track that down? Are you sure the updates are actually getting installed, and it's not just noise in the log from yum-updatesd? Well, if I can take it at its word, updates *are* happening. Here is a snippet I clipped out of a logwatch a few months ago: - yum Begin Packages Updated: php-dba - 5.1.6-27.el5_5.3.i386 php - 5.1.6-27.el5_5.3.i386 php-devel - 5.1.6-27.el5_5.3.i386 php-cli - 5.1.6-27.el5_5.3.i386 php-common - 5.1.6-27.el5_5.3.i386 php-gd - 5.1.6-27.el5_5.3.i386 php-pdo - 5.1.6-27.el5_5.3.i386 php-mysql - 5.1.6-27.el5_5.3.i386 -- yum End - P.S. The yum log doesn't have the year in the timestamp, and if it's not active it might not get rotated by logrotate. This can cause false messages sent from logwatch about packages that were installed last year. Hmm, is there a known fix for this? Rotate the log file yourself once a year. You can check if you are seeing this bug by looking at the /var/log/yum.log last modified time. If it was yesterday, then I suppose the packages were installed. As far as your other questions, how does it determine what packages to update, I think you will find it's not actually doing any updating. I have not used yum-updatesd to auto-update packages myself, but I would think it would automatically install any updated package. It's dated a couple days ago, so I'd say it's doing what it's supposed to. I'm not sure what the dbus notification does, but I presume it's telling someone to do the updating. It'd probably be more informative if I could understand who is picking up such notifications. Do you know how to determine which repo a particular package is from? For example, when I do yum info against clamav (which isn't receiving automatic updates), it just says Repo: installed. I don't know what repo it comes from. Thanks much ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FTP server for registered and anonymous users
-- Fidel Dominguez-Valero Linux User: 433411 Website: http://www.valerofix.ryanhost.net On Tue, 2011-04-05 at 21:43 -0500, Russell Jones wrote: Need more information. - Are you using vsftpd? Proftpd? I'm using vsftpd I have some users that they can log in in the server but I need to public other folder for everyone without user and passwd - Are your users separate local user accounts that all have their own home directories? - Have you already looked at the anonymous FTP configuration for the FTP server software you are wanting to use? - Have you already looked at the welcome banner configuration if you are just wanting to give general server info on login? On 4/5/2011 8:45 PM, Fidel Dominguez-Valero wrote: Friends I have a good ftp server working with authentication of users, but I want to put a folder with general information for everyone can read without having to log in, that is to be seen both registered users and guests too. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM Host Disk Performance
On Tue, Apr 05, 2011 at 08:22:08PM -0600, compdoc wrote: Just curious, why have you stopped using LVM? Simply for ease of maintenance: some recovery and backup utilities like clonezilla can't work with LVM. And because the same names for volume groups are used for each centos install, so trying to attach a drive or volume to a new system for rescue causes conflicts unless you take steps and use unique names from the start. (Although I hear that newer versions of centos/RH will create unique names for you) Not all that unique, but a bit better--I think it's VolumeGroup00/lvm_root, VolumeGroup00/lvm_swap, and things like that. (Keeping both LVs in the same VG by default.) -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Xander: It's time for me to act like a man... and hide. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd: Authentication Failures: 137 Time(s)
On Apr 5, 2011, at 11:46 PM, Ljubomir Ljubojevic wrote: rrich...@blythe.org wrote: Indeed! I run Fail2Ban not only against SSH, but against SMTP/AUTH and IMAPS/POP3S (the only client mail protocols we support). It's amazing how many dictionary attacks take place against SMTP by persistent spamers! Besides the effect against dictionary attacks, it makes the morning reading of the secure log a pleasant experience. :-) My SMTP server has Reverse DNS check active, so any SMTP request from IP that does not have Reverse DNS record is automatically forbidden. Even SMTP servers tht are not properly configured (like one Bank server in my country that sends mails from some obscure IP without DNS record even thou I know they are legit) are denied. fail2ban had some wrong with it, from the standpoint of my CentOS 5.x server (can't remember what I disliked), wheather it was rpm availability or something else, so I chose denyhosts. There was whole week recently without a single ssh attack on my 3 PC's (2 servers). Ljubomir ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I have a centralized bridge PF (Packet Filter) setup and all my servers behind it. All the servers have fail2ban installed and the same on the firewall, so any malicious knock offs on the internal servers ignites the centralized PF that blocks the hosts right away. As mentioned above, I have been using fail2ban for SSH/SMTP/IMAP/POP3 and also have merged content filtering regexes from Amavis into it. That(regex) is the part I love about fail2ban, my fail2ban installation is on a CentOS 5.x box, rpm is available in rpmforge. Gaurav PGP.sig Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
