[CentOS-announce] CESA-2012:0060 Moderate CentOS 5 openssl Update
CentOS Errata and Security Advisory 2012:0060 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0060.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
4e24142e043d6a22161c589ae9a3845255c85db2e5f6a4f25c91c87d424d61ef
openssl-0.9.8e-20.el5_7.1.0.1.centos.i386.rpm
79e1510c19787a433c4c65d4887cc7ce4a8e511826ea2e714ce10ad59dcf398e
openssl-0.9.8e-20.el5_7.1.0.1.centos.i686.rpm
77592fb450989aa7e2d4ebf311de0714ebed529ce58409bec2d718bee70d843c
openssl-devel-0.9.8e-20.el5_7.1.0.1.centos.i386.rpm
832af976fbd8d82ee748ad2ac696697c56324c09af89990b8215f705f81feaef
openssl-perl-0.9.8e-20.el5_7.1.0.1.centos.i386.rpm
x86_64:
79e1510c19787a433c4c65d4887cc7ce4a8e511826ea2e714ce10ad59dcf398e
openssl-0.9.8e-20.el5_7.1.0.1.centos.i686.rpm
41b00785ba5d7f79b686d0981f940fbd75f729110189eb693af3d10afccff71a
openssl-0.9.8e-20.el5_7.1.0.1.centos.x86_64.rpm
77592fb450989aa7e2d4ebf311de0714ebed529ce58409bec2d718bee70d843c
openssl-devel-0.9.8e-20.el5_7.1.0.1.centos.i386.rpm
163bf5f13d8a767deecc71b70b5e6237c7aa44208af0234980e78b66a2d21221
openssl-devel-0.9.8e-20.el5_7.1.0.1.centos.x86_64.rpm
4c3b5206a1fa079325f3b08f3ee81af5a9289f4521d5614d41e5501ad47aa976
openssl-perl-0.9.8e-20.el5_7.1.0.1.centos.x86_64.rpm
Source:
27eb8351655accb27eb1380af188980bd9cec322834c93a0247ccdba44ca6b75
openssl-0.9.8e-20.el5_7.1.0.1.centos.src.rpm
NOTE: This is a reissue of RPMS due to a md5sum error in shared document files
that prevented the i686 and x86_64 RPMS to be installed simultaneously on an
x86_64 machine. See http://bugs.centos.org/view.php?id=5489 for details.
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS] my notes on bond, bridge, network, kvm, host and virtual so far
well, had to add something to it. I found out I was having an issue with the addon ethernet card (e1000) 'link detected no' and it not working. Took it out? Yep? Work? No. However, I did add a second vm and something interesting is happening one vm stays up, one will crash...the one that stays does not die. I am thinking that the vnet0 that comes up is messed up and I need to reset it somehow. Or...something elsebut one staying up while other goes down is rather odd. very strange. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 vps
Bazy writes: Hello, I'm looking for two hours now for a VPS provider offering CentOS 6 in DE or UK. Can you please point me to one, maybe where you currently own a virtual server and have a good experience with it. +1 Hetzner for DE. In UK check Bytemark.co.uk. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Red Hat Extends Linux Support
On 02/02/2012 05:00 PM, John R Pierce wrote: On 02/02/12 2:48 PM, Mark LaPierre wrote: What do you think this means for CentOS long term support? http://www.serverwatch.com/server-news/red-hat-extends-linux-support.html I'd guess that the CentOS team will be supporting EL5 for the additional 3 years, as long as RH makes the SRPM's readily available... Correct ... if RH makes the SRPMS available for the entire period (and they should), then CentOS will be built them for the entire period. If RH were to make publicly available their EUS SRPMS (http://www.redhat.com/products/enterprise-linux-add-ons/extended-update-support/), then we would also build and release those. The EUS SRPMS are not publicly available. Remember, we (the CentOS Dev Team) use CentOS in production. That was our major motivation to be in the project in the first place (to built an enterprise distro that we can use). We are all about providing a secure product for as long as possible ... signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for lxc rpm for centos 6.2 x86_64
On 02/06/2012 01:44 PM, Barry Brimer wrote: workload. Red Hat Enterprise Linux 6.2 provides application level containers to separate and control the application resource usage policies ah, interesting. I saw that + didnt see userland lxc tools and stopped looking. On 6.2 virt --connect lxc:// works, so time to prod a bit and see what falls out. will post findings and maybe a walkthrough -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync from rescue boot
On 31 January 2012 22:14, Les Mikesell lesmikes...@gmail.com wrote: On Tue, Jan 31, 2012 at 4:01 PM, m.r...@5-cent.us wrote: On Tue, Jan 31, 2012 at 3:14 PM, Ljubomir Ljubojevic off...@plnet.rs wrote: On 01/31/2012 09:47 PM, Les Mikesell wrote: No, I'm trying to have rsync make an outbound connection over ssh from the rescue environment and getting what looks like an argument error from ssh. Ssh itself works and I can connect to the same target if I run it directly, and the exact same rsync command lines work from a normal host. Either rsync isn't setting up the remote command right, or ssh isn't allowing it and giving a bad error message. There was a buggy version of rsync that did this. It wasn't initialising the ssh session properly from my email a while ago: On Tue, 23 Aug 2011, Ned Slider wrote: On 23/08/11 12:35, Michael Simpson wrote: Hello Is anyone else having problems on 5.6 using the new rsync from the CR repo I have only managed to get rsync (called from the cli) working again after downgrading it to the previous 2.x release as the newer version was just spitting out the ssh usage information and failing. This server is stock i386 with just the CR as an extra repo. regards mike Known issue I'm guessing: https://bugzilla.redhat.com/show_bug.cgi?id=724041 which was fixed nearly a month ago. So instead of saying nearly a month ago how about we we say it was only released 20 days ago. BZ says it was released 03 Aug 11. If this is your issue, try appending username@host like so: rsync user@host:/ as a workaround, but I'm not sure why CentOS is still shipping an old broken version? Umm, maybe because upstream shipped rsync-3.0.6-4.el5.i386.rpm with 5.7 and the rsync-3.0.6-4.el5_7.1.i386.rpm has not made it to CentOS yet. Remember that bug for bug compatibility thing. :-) Patience is a virtue. Regards, ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] new mysql installation, kinda stuck- sorta solved
On 3 February 2012 07:22, n...@li.nux.ro wrote: Bob Hoffman writes: When you run into this kind of problems you can just remove or rename /var/lib/mysql and restart the service, it should reset you back to square one. Of course, make a backup first! Sometimes you need to run mysql-db-install as well if you have del'd all of the /var/lib/mysql/ directory mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSD Drives
On 2 February 2012 18:19, Matt matt.mailingli...@gmail.com wrote: Has anyone installed a high I/O application such as an email server on SSD drives? Was thinking about doing two SSD's in RAID1. It would solve my I/O latency issues but I have heard that SSD's wear out quickly in high I/O situations? Something like each memory location only has X many writes before its done. Just wandering if anyone has tested it and if newer SSD's are better about this? Sun were recommending using SSDs for the ZIL in really big ZFS install *years ago* so go for it. As long as you are using TRIM then you avoid the slowdown that happens once the ssd is full http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/newmds-ssdtuning.html mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
On 02/01/2012 04:18 PM, Alan McKay wrote: Hey folks, I looked at the man page and don't see any way to do this - maybe it is a function of the compression program used I dunno. Is there any way to get gtar to report on the compression it achieved? I can't just check file sizes because I'm writing data to tape. The basic problem is that I know how much data is there to begin with but I don't know how much room it took up on the tape so I have no idea how much room is left on the tape. You could ask tar to automatically request tape change when reaching end of tape: -M, --multi-volume create/list/extract multi-volume archive Lec ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] about major version upgrades
On 02/07/2012 07:04 AM, Mihamina Rakotomandimby wrote: Hi all, In http://goo.gl/Krjfh I read: +++ Upgrading from CentOS-4 or CentOS-5: We recommend everyone run through a reinstall rather than attempt an inplace upgrade from CentOS-4 or CentOS-5 +++ Do you ever now if that advice will be up to date for the 6 to 7 upgrade? What is the preferred upgrade process if some want to upgrade inplace? I mostly run virtual guest in a one-VM-per-service (MySQL, php, Mail, DNS, NFS/SMB) basis, with a main + spare physical machine. I'm installing 6.2 on our dev servers and try to pre-evaluate the amount of work when 7 will be released. 6.x will be supported until 2020. Reinstalling once in 10 years should not be the problem. Reinstall is ALWAYS advised, since probably many packages will be either depreciated or heavily changed in version 7.0. That being said, there will always be unsupported way to upgrade from one version to the next. It is Your choice in the end. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] about major version upgrades
On 02/07/2012 06:39 AM, Ljubomir Ljubojevic wrote: On 02/07/2012 07:04 AM, Mihamina Rakotomandimby wrote: Hi all, In http://goo.gl/Krjfh I read: +++ Upgrading from CentOS-4 or CentOS-5: We recommend everyone run through a reinstall rather than attempt an inplace upgrade from CentOS-4 or CentOS-5 +++ Do you ever now if that advice will be up to date for the 6 to 7 upgrade? What is the preferred upgrade process if some want to upgrade inplace? I mostly run virtual guest in a one-VM-per-service (MySQL, php, Mail, DNS, NFS/SMB) basis, with a main + spare physical machine. I'm installing 6.2 on our dev servers and try to pre-evaluate the amount of work when 7 will be released. 6.x will be supported until 2020. Reinstalling once in 10 years should not be the problem. Reinstall is ALWAYS advised, since probably many packages will be either depreciated or heavily changed in version 7.0. That being said, there will always be unsupported way to upgrade from one version to the next. It is Your choice in the end. It is also a MAJORLY big deal to move from one major version to another (ie a move from CentOS-5.x to CentOS-6.x). This is because there is no API/ABI compatibility between major versions like there is for minor versions. The php is going to be much newer, the samba is going to me much newer, the httpd is going to be much newer, the kernel is going to much newer, ldap is going to much newer, etc. For example, I recently upgraded a CentOS-4 box to CentOS-5 and I went from the CentOS-4 php to a CentOS-5 version ... I had to re-code my applications written for the php-4.3.9 in CentOS-4 to instead work with the php-5.1.6 in CentOS-5. I had to rework all the mod_auth files from httpd-2.0.x to work with mod_authz from httpd-2.2.x ... etc. The purpose for having enterprise software is so that you can get a return on your investment and use your code for 7 years (for CentOS versions before CentOS-4 ... now 10 years in post CentOS-5). But keeping things for that period of time means that when you do need to upgrade, the differences are much harder and the changes are usually much bigger for a given package. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] distributed storage/home-made cloud recommendations
On Feb 5, 2012, at 6:33 PM, John R Pierce pie...@hogranch.com wrote: I just tried a bunch of combinations on a 3 x 11 raid60 configuration plus 3 global hotspares, and decided that letting the controller (LSI 9260-8i MegaSAS2) do it was easier all the way around. of course, with other controllerrs, your mileage may vary. and yes, megacli64 is an ugly tool to tame. Some controllers are better. Software based stripes do allow you to span RAID controllers though which provides a lot of flexibility. When I do do software striping I do it within LVM instead of creating a RAID0 as I found it easier to manage long term. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Google video chat on 5.7 using the Fedora RPM
On 02/06/2012 04:22 PM, E Westphal wrote: I've tried to use the Google recommended RPM to enable video chat on 5.7. Get a long list of unsatisfied dependencies. Has anyone got this to work and not created a boat full of problems? Is this something that does work in 6 and just not in 5.7 - another reason to jump in and update? Please advise. Thanks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos The only way to meet the requirements is to build (at least optional for use inside a library directory) all the required shared libraries to run the package. There are usually huge differences between the Fedora shared libraries and the CentOS ones ... otherwise there would be no reason to have CentOS :D Another option might be to build the program with CentOS shared libraries (if that is possible, based on the program's source code). signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] where to download CENTOS 4.9 DVD image?
I want to CENTOS site and try to download version 4.9. I found all download sites ONLY have 4.8 NO 4.9. anyone know where can i download CENTOS 4.9 DVD image? Thanks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] about major version upgrades
On Feb 7, 2012, at 7:58 AM, Johnny Hughes joh...@centos.org wrote: The purpose for having enterprise software is so that you can get a return on your investment and use your code for 7 years (for CentOS versions before CentOS-4 ... now 10 years in post CentOS-5). But keeping things for that period of time means that when you do need to upgrade, the differences are much harder and the changes are usually much bigger for a given package. For this reason it is often better to upgrade more frequently then every 7-10 years. Personally I have a 5 year max lifetime for my systems. Even then upgrades are painful and we try to stagger these so they all aren't due to upgrade at once. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where to download CENTOS 4.9 DVD image?
On 02/07/2012 04:10 PM, mcclnx mcc wrote: I want to CENTOS site and try to download version 4.9. I found all download sites ONLY have 4.8 NO 4.9. anyone know where can i download CENTOS 4.9 DVD image? Thanks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos The upstream provider did not respin media for the 4.9 release and therefore the CentOS project will also not respin our install media. Installs moving forward will be off the 4.8 media and an upgrade will move you from version 4.8 to version 4.9. We do this to maintain compatibility with 3rd party kernel drivers which are designed to be installed as part of the installation process. t ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where to download CENTOS 4.9 DVD image?
In article 1328627423.71063.yahoomail...@web74406.mail.tp2.yahoo.com, mcclnx mcc mcc...@yahoo.com.tw wrote: I want to CENTOS site and try to download version 4.9. I found all download sites ONLY have 4.8 NO 4.9. anyone know where can i download CENTOS 4.9 DVD image? There isn't one. Please see http://wiki.centos.org/Manuals/ReleaseNotes/CentOS4.9 section 3, Known Issues. The DVDs were not built for CentOS 4.9. The install method is to use the 4.8 install media and then do a yum update to update to 4.9. Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] distributed storage/home-made cloud recommendations
On 02/04/2012 11:39 AM, Boris Epstein wrote: On Sat, Feb 4, 2012 at 11:41 AM, Laurent Wandrebeck l.wandreb...@gmail.comwrote: Hi, I'm happily running moosefs (packages available in rpmforge repo) for a year and a half, 120TB, soon 200. So easy to setup and grow it's indecent :) Laurent. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hello Laurent, Thanks! Very useful info, I never even heard of MooseFS and it sounds very nice. One question: what happens if you lose your master server in their designation? Or is it possible to make the master server redundant as well? Boris. You said Cloud and machines ... then you described something that you can do on one box with a bunch of drives. Do you really want a cloud (a bunch of machines with their own drives) or a large RAID array? You are getting answers for both now. If you really do want some kind of cloud storage system and you are putting the machines in one datacenter ... I would recommend GlusterFS: http://www.gluster.org/ GlusterFS has been bought by Red Hat and they offer it in a Storage solution right now ... And they have CentOS RPMs here for centos5 and centos6: http://download.gluster.com/pub/gluster/glusterfs/LATEST/CentOS/ If you use the replicated volumes, you can lose bunches of machines and still have functioning service: http://download.gluster.com/pub/gluster/glusterfs/3.2/Documentation/AG/html/sect-Administration_Guide--Setting_Volumes-Replicated.html signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] schily tools
Let me comment some questions in one single mail: My basic requirement with what I'm doing is to use standard tools and formats so that archives I write today can be readable in 10 years. Star becomes 30 in 4 months, any archive created since it's early beginning in summer 1982 can still be read back. I don't think there is any such general consensus. Are you reading something that favors Solaris/*bsd over GNU based systems? Schily tools (and in special star) implement support for Linux specific extensions. This is what you do not get from gtar at all. So why do Linux distros prefer gtar even though there is no Linux support? I doubt if they are as well maintained in linux distros as the GNU tool set, particularly in terms of having recent fixes backported into the versions carried in enterprise distros. gtar still did not fix bugs I reported in 1993 (e.g. the bug that causes gtar to complain with skipping to next header even on it's own archives). I am thus sure that star not not worse than gtar It shouldn't matter if you don't use either of the version's extensions, and for archiving you probably don't need them. For example, star and GNUtar use very different concepts for incremental backups - star is sort of like dump and must work on filesystem boundaries where GNUtar's --listed incremental needs a file to hold state but will work on arbitrary directories and can span mount points. But for archiving, you probably only care about the maximum size of a file it can handle. When I implemented incremental restores for star in September 2004, I wrote a simple script for a incremental testcase and tested the deltas with ufsdump/ufsrestore, gtar and the star version at that time. Gtar was unable to deal with my testcase, so I stopped testing it any further. If you like to discuss incrementals, you definitely need to discuss behavior at restore time and restoring incrementals definitely does not work correclty with gtar if you renamed directories. Star is used to do incremental backups/restores on a dayly base in Berlios since September 2004. Since Spring 2005, not a single problem was seen, so there are more that 2500 successful incremental restores that verify no problem even under stange conditions. I don't think so - I'm fairly sure I've seen GNUtar complain about bad headers, say 'skipping to next header' and then find something. It won't do that if you used the -z option because you generally can't recover from errors in compression. But, I've never seen a tape drive recover from an error and continue past it anyway so in practice that's not going to matter. If you are concerned about errors, keep more copies. This problem is not caused by compression or not, it is a general gtar bug that I reported in 1993 already. Nobody knows why it hits and the structure of the gtar sources makes it really hard to debug this problem. The FSF was interested to throw aywa gtar and replace it by star 10 years ago for this kind of problems in gtar. afio is an archiver (available from third-party repos, not base) which can compress yet still recover--it basically compresses each file individually instead of compressing the entire archive, so the file might be unrecoverable but the rest of the archive is still intact. I use it for my tape backups (though your point of not knowing if it'll fit on the tape is valid). Be careful with what you believe. The CPIO archive format in general is worse with resyncing to a defective archive that TAR is. Also note that afio greates arhives that may start to be non CPIO compliant somewhere in the middle. So you can never know whether you are able to restore with anything other than afio. What if afio does not compile on your new platform because it is no longer maintained? Also note that the POSIX standard dropped CPIO as an actively supported archiveformat because (different from TAR) any extention to CPIO results in creating a new incompatible archive format. The following other problems are known with gtar: - gtar is with aprox. 5% probability unable to read it's own continuation archives from multi volume archives. This cannot be fixed as it is caused by the concept used for multi volume archives in gtar. - gtar created archives with defective sparse file until a few years ago (up to ~ 2005) in case a file was bigger than a few GB. - gtar has much less features than star - gtar does not inlcude libfind, so there is no support for the find(1) command line syntax in gtar. - gtar needs aprox. 3x more CPU time as star Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Re: [CentOS] install detecting disk as sdb not sda
Hello, On Sat, 04 Feb 2012 01:29:31 +0100 Leonard den Ottolander leon...@den.ottolander.nl wrote: Hello wwp, On Fri, 2012-02-03 at 23:31 +0100, wwp wrote: I grabbed the UUID from `lshal` and replaced it in fstab: UUID=005374e2_5c18_437d_84d8_8069868fe54e ext4noatime,nodiratime 0 0 .. no luck, it doesn't automount at boot. I think I'll have to investigate or get another brain update. Or just add the mount point to that entry :) . Well, it still doesn't work w/ UUID= (the UUID is correct), but works fine w/ LABEL=, I'm happy with this now. Regards, -- wwp signature.asc Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] schily tools
Let me comment some questions in one single mail: My basic requirement with what I'm doing is to use standard tools and formats so that archives I write today can be readable in 10 years. Star becomes 30 in 4 months, any archive created since it's early beginning in summer 1982 can still be read back. I have been using it for about a decade or more and anything I dumped has been a no brainer to retrieve, on any other OS or even architecture. I don't think there is any such general consensus. Are you reading something that favors Solaris/*bsd over GNU based systems? Schily tools (and in special star) implement support for Linux specific extensions. This is what you do not get from gtar at all. So why do Linux distros prefer gtar even though there is no Linux support? Is there any correlation between this and the warning message I see during a bootstrap like so : Warning: *** /usr/src/linux/include contains broken include files *** Warning: *** /usr/src/linux/include is not used this reason *** Warning: This may result in the inability to use recent Linux kernel interfaces Warning: *** linux/ext2_fs.h is not usable at all *** Warning: *** This makes it impossible to support Linux file flags *** You may try to compile using 'make COPTX=-DTRY_EXT2_FS' I doubt if they are as well maintained in linux distros as the GNU tool set, particularly in terms of having recent fixes backported into the versions carried in enterprise distros. gtar still did not fix bugs I reported in 1993 (e.g. the bug that causes gtar to complain with skipping to next header even on it's own archives). I am thus sure that star not not worse than gtar There seems to be something missing here. The subject was schily tools which is a lot more than star : root@rsync:/etc/default# ls /opt/schily/bin bosh cdrecord isodebug mdigest pfsh sfind star ustar bsh changeisodump mkhybrid pxupgradesformat star_sym ved btcflash compare isoinfo mkisofs readcd sgrowsuntarved-e calc copy isovfymtsccs sh tar ved-w calltree count jsh odscgcheck smake tartest cdda2mp3 devdump label opatchscgskeleton smt termcap cdda2ogg gnutarlndir p scpiospatch translit cdda2wav hdump match pfbsh sdd spax udiff care to comment on any of these ? Certainly bosh needs a few words. dc -- -- http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x1D936C72FA35B44B +-+---+ | Dennis Clarke | Solaris and Linux and Open Source | | dcla...@blastwave.org | Respect for open standards. | +-+---+ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] about major version upgrades
On Feb 7, 2012, at 8:07 AM, Ross Walker wrote: On Feb 7, 2012, at 7:58 AM, Johnny Hughes joh...@centos.org wrote: The purpose for having enterprise software is so that you can get a return on your investment and use your code for 7 years (for CentOS versions before CentOS-4 ... now 10 years in post CentOS-5). But keeping things for that period of time means that when you do need to upgrade, the differences are much harder and the changes are usually much bigger for a given package. For this reason it is often better to upgrade more frequently then every 7-10 years. Personally I have a 5 year max lifetime for my systems. Even then upgrades are painful and we try to stagger these so they all aren't due to upgrade at once. if you think about it, perhaps you are making the case for using a configuration management system like puppet where the configuration details are more or less abstracted from the underlying OS itself. Thus once running (and I'm not suggesting that it is a simple task), migrating servers from CentOS 5.x to 6.x or perhaps to Debian or Ubuntu becomes a relatively simple task as the configuration details come from the puppet server. This becomes more evident when you stop looking at a server being a single OS install on a single box and start running virtualized servers. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] schily tools
On Tue, Feb 7, 2012 at 9:26 AM, Joerg Schilling joerg.schill...@fokus.fraunhofer.de wrote: When I implemented incremental restores for star in September 2004, I wrote a simple script for a incremental testcase and tested the deltas with ufsdump/ufsrestore, gtar and the star version at that time. Gtar was unable to deal with my testcase, so I stopped testing it any further. My testcase for star was moving a subdirectory of what my backup runs covered onto a mounted volume. Star failed and I stopped testing it any further. If you like to discuss incrementals, you definitely need to discuss behavior at restore time and restoring incrementals definitely does not work correclty with gtar if you renamed directories. If that is the issue I recall, you can recover without losing data. Star is used to do incremental backups/restores on a dayly base in Berlios since September 2004. Since Spring 2005, not a single problem was seen, so there are more that 2500 successful incremental restores that verify no problem even under stange conditions. So it all that time you have not mounted a new volume somewhere? No remote backups of hosts where someone else might add space? No one ever wanted to restore onto a different mount topology than the one where the backups were taken? Being able to do those things is the reason I use tar instead of filesystem-dependent dump. This problem is not caused by compression or not, it is a general gtar bug that I reported in 1993 already. Nobody knows why it hits and the structure of the gtar sources makes it really hard to debug this problem. The FSF was interested to throw aywa gtar and replace it by star 10 years ago for this kind of problems in gtar. So, you have a repeatable test case for this and no one has looked into it? That's surprising considering the number of people who have contributed to gnutar. And what drove the decision not to adopt star? The following other problems are known with gtar: - gtar is with aprox. 5% probability unable to read it's own continuation archives from multi volume archives. This cannot be fixed as it is caused by the concept used for multi volume archives in gtar. I assume you mean the version where you let the tape drive hit the end, not where you tell it the length. Does star always work in that scenario? - gtar has much less features than star Unless you would like it to do incrementals properly across mount points... And I thought there was another reason regarding features that amanda used gtar as well - maybe it was the ability to quickly estimate sizes of incrementals. If it had worked for amanda, I would probably have been using it for ages. When I looked at it, it couldn't because of missing features. These days I mostly use backuppc with rsync as the transport since online access is so much nicer than tapes and rsync obviously excels at detecting differences in incrementals, but I suppose there is still a place for archives. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 84, Issue 4
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of CentOS-announce digest...
Today's Topics:
1. CESA-2012:0060 Moderate CentOS 5 openssl Update (Johnny Hughes)
--
Message: 1
Date: Tue, 7 Feb 2012 12:39:01 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CESA-2012:0060 Moderate CentOS 5 openssl
Update
To: centos-annou...@centos.org
Message-ID: 20120207123901.ga1...@chakra.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2012:0060 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0060.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
4e24142e043d6a22161c589ae9a3845255c85db2e5f6a4f25c91c87d424d61ef
openssl-0.9.8e-20.el5_7.1.0.1.centos.i386.rpm
79e1510c19787a433c4c65d4887cc7ce4a8e511826ea2e714ce10ad59dcf398e
openssl-0.9.8e-20.el5_7.1.0.1.centos.i686.rpm
77592fb450989aa7e2d4ebf311de0714ebed529ce58409bec2d718bee70d843c
openssl-devel-0.9.8e-20.el5_7.1.0.1.centos.i386.rpm
832af976fbd8d82ee748ad2ac696697c56324c09af89990b8215f705f81feaef
openssl-perl-0.9.8e-20.el5_7.1.0.1.centos.i386.rpm
x86_64:
79e1510c19787a433c4c65d4887cc7ce4a8e511826ea2e714ce10ad59dcf398e
openssl-0.9.8e-20.el5_7.1.0.1.centos.i686.rpm
41b00785ba5d7f79b686d0981f940fbd75f729110189eb693af3d10afccff71a
openssl-0.9.8e-20.el5_7.1.0.1.centos.x86_64.rpm
77592fb450989aa7e2d4ebf311de0714ebed529ce58409bec2d718bee70d843c
openssl-devel-0.9.8e-20.el5_7.1.0.1.centos.i386.rpm
163bf5f13d8a767deecc71b70b5e6237c7aa44208af0234980e78b66a2d21221
openssl-devel-0.9.8e-20.el5_7.1.0.1.centos.x86_64.rpm
4c3b5206a1fa079325f3b08f3ee81af5a9289f4521d5614d41e5501ad47aa976
openssl-perl-0.9.8e-20.el5_7.1.0.1.centos.x86_64.rpm
Source:
27eb8351655accb27eb1380af188980bd9cec322834c93a0247ccdba44ca6b75
openssl-0.9.8e-20.el5_7.1.0.1.centos.src.rpm
NOTE: This is a reissue of RPMS due to a md5sum error in shared document files
that prevented the i686 and x86_64 RPMS to be installed simultaneously on an
x86_64 machine. See http://bugs.centos.org/view.php?id=5489 for details.
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
___
CentOS-announce mailing list
centos-annou...@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
End of CentOS-announce Digest, Vol 84, Issue 4
**
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync from rescue boot
On Tue, Feb 7, 2012 at 5:22 AM, Michael Simpson mikie.simp...@gmail.com wrote: https://bugzilla.redhat.com/show_bug.cgi?id=724041 which was fixed nearly a month ago. So instead of saying nearly a month ago how about we we say it was only released 20 days ago. BZ says it was released 03 Aug 11. If this is your issue, try appending username@host like so: rsync user@host:/ as a workaround, but I'm not sure why CentOS is still shipping an old broken version? Yes, that's it. Thanks! Umm, maybe because upstream shipped rsync-3.0.6-4.el5.i386.rpm with 5.7 and the rsync-3.0.6-4.el5_7.1.i386.rpm has not made it to CentOS yet. Remember that bug for bug compatibility thing. :-) Patience is a virtue. Well, it is burned on the CentOS 5.7 install/rescue DVD. No amount of patience is going to change that, so remembering the workaround will be the only choice when using that iso in rescue mode... Is that something that QA testing in CentOS should have caught or would it have automatically passed as a match for upstream? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] new mysql installation, kinda stuck- sorta solved
On 02/07/2012 11:52 AM, Michael Simpson wrote: Sometimes you need to run mysql-db-install as well if you have del'd all of the /var/lib/mysql/ directory the init scripts should take care of that, as long as there is no /var/lib/mysql present on the machine. -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] about major version upgrades
On Tue, Feb 7, 2012 at 10:02 AM, Craig White craig.wh...@ttiltd.com wrote: For this reason it is often better to upgrade more frequently then every 7-10 years. Personally I have a 5 year max lifetime for my systems. Even then upgrades are painful and we try to stagger these so they all aren't due to upgrade at once. if you think about it, perhaps you are making the case for using a configuration management system like puppet where the configuration details are more or less abstracted from the underlying OS itself. Thus once running (and I'm not suggesting that it is a simple task), migrating servers from CentOS 5.x to 6.x or perhaps to Debian or Ubuntu becomes a relatively simple task as the configuration details come from the puppet server. If it is possible to abstract the differences, perhaps you aren't using all the new features and didn't have to upgrade after all... -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Problems installing 6.2 on HP 8540w laptop
Folks I've been trying to install Centos 6.2 on an HP Mobile Workstation 8540w. For various reasons, I have restarted the install many times.I use the 64-bit DVD image. The install chooses the following options a) Install with Basic Video Driver b) Skip the media scan c) Default Country, Language, Basic Storage Devices, change time zone d) Fresh Installation e) Configure network, (turn on wired Always Connect). f) Hit ALT-B to get back to examining storage devices. (I found I had to do this to get the HostName field filled in with the defaults from DHCP). [See below, frequent hangs here, in which case I power down and start again] g) If I get beyond the HostName stage, I choose the Virtual Host method and the install goes to completion successfully. The machine is connected with an ethernet cable to a LAN that is my internal NAT'ted system. The wireless button indicates disabled. I have been getting varied results with (presumably) the same starting conditions. In each case, I power off the machine, wait a few seconds, and power it on with the DVD image in place, choose Install with basic video driver, and go through the same sequence. On many attempts, the installation sequence finishes just right, and the reboot gives me the expected root prompt. The USB mouse does not work during install, so I have to use the keyboard and touch-pad pointers. Among the anomalies I get are: 1) The first Waiting for hardware to initialize... is as far as it goes. Usually, it's done in a couple of seconds and goes on to a second hardware scan. Sometimes it hangs for over a minute before I give up. 2) The install appears to come to the end, the DVD is ejected, and I hit ENTER to reboot. The reboot starts and the screen goes dark. Power down and power up to boot from HD succeeds, but there was a flash of about three lines on the screen before the blue sliding bar appeared. 3) The install sequence hangs with the screen all blue except for the bottom line which reads Running anaconda 13.21.149, the CentOS installer, Please wait ... Then after about a minute the screen blinks and goes dark. 4) The install sequence hangs on Media Detected - Found local installation media, the CD drive idled down. 5) The install sequence hangs on Examining Devices, Examining storage devices, with the blue slider almost at the left edge. Although this screen appears several times, the instance that hangs is the one after I've activated the wired network and hit Back. In most cases, if the system gets to the point of choosing the Virtual Host option, the installation completes successfully. So, -- is this an issue with the install procedure? Does it not treat this hardware correctly? Is there some other startup method or option I could use? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] schily tools
Dennis Clarke dcla...@blastwave.org wrote: I don't think there is any such general consensus. Are you reading something that favors Solaris/*bsd over GNU based systems? Schily tools (and in special star) implement support for Linux specific extensions. This is what you do not get from gtar at all. So why do Linux distros prefer gtar even though there is no Linux support? Is there any correlation between this and the warning message I see during a bootstrap like so : Warning: *** /usr/src/linux/include contains broken include files *** Warning: *** /usr/src/linux/include is not used this reason *** Warning: This may result in the inability to use recent Linux kernel interfaces Warning: *** linux/ext2_fs.h is not usable at all *** Warning: *** This makes it impossible to support Linux file flags *** You may try to compile using 'make COPTX=-DTRY_EXT2_FS' This is indeed one of the Linux specific issues. The Linux kernel guys create defective include files. In other words: The linux kernel include files that are needed in order to access certain features (in this case the ext* extended file flags) cause a C compiler error in case they are used from a userland program. Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] schily tools
Les Mikesell lesmikes...@gmail.com wrote: On Tue, Feb 7, 2012 at 9:26 AM, Joerg Schilling joerg.schill...@fokus.fraunhofer.de wrote: When I implemented incremental restores for star in September 2004, I wrote a simple script for a incremental testcase and tested the deltas with ufsdump/ufsrestore, gtar and the star version at that time. Gtar was unable to deal with my testcase, so I stopped testing it any further. My testcase for star was moving a subdirectory of what my backup runs covered onto a mounted volume. Star failed and I stopped testing it any further. So you tried to do something that cannot work for a filesystem oriented program. This is not a problem from star but you just did not use star the right way. Note that gtar uses a big database that is needed at the dump side and that still does not hold enough data to let gtar work correctly. Star on the other side just needs to remember dump dates and creates a full data base et extract side when doing incremental restores. This is also more reliable than what gtar does as all needed information for the restore is in the archives. If you like to discuss incrementals, you definitely need to discuss behavior at restore time and restoring incrementals definitely does not work correclty with gtar if you renamed directories. If that is the issue I recall, you can recover without losing data. You are correct, you could in theory recover the data but this must be done manually. Star is used to do incremental backups/restores on a dayly base in Berlios since September 2004. Since Spring 2005, not a single problem was seen, so there are more that 2500 successful incremental restores that verify no problem even under stange conditions. So it all that time you have not mounted a new volume somewhere? No remote backups of hosts where someone else might add space? No one ever wanted to restore onto a different mount topology than the one where the backups were taken? Being able to do those things is the reason I use tar instead of filesystem-dependent dump. Star of course can do what you like. You just need to create more than one backup once you split filesystems. It would be easy to handle if you like to use it This problem is not caused by compression or not, it is a general gtar bug that I reported in 1993 already. Nobody knows why it hits and the structure of the gtar sources makes it really hard to debug this problem. The FSF was interested to throw aywa gtar and replace it by star 10 years ago for this kind of problems in gtar. So, you have a repeatable test case for this and no one has looked into it? That's surprising considering the number of people who have contributed to gnutar. And what drove the decision not to adopt star? I had a repeatable case in 1993, but at that time, I send them an archive created by star. In any case, there is more than one gtar user who would be able and willing to provide gtar archives that trigger that case. The reason for not adopting star was that RMS did send me a contract that was illegal in Europe and RMS was unwilling to convert his contract into something that I could legally sign. BTW: there have been two attempts to replace gtar by star and both ended the same way. The following other problems are known with gtar: - gtar is with aprox. 5% probability unable to read it's own continuation archives from multi volume archives. This cannot be fixed as it is caused by the concept used for multi volume archives in gtar. I assume you mean the version where you let the tape drive hit the end, not where you tell it the length. Does star always work in that scenario? As far as I can tell, yes. Star uses a completely different method to verify followup volumes and holds diffent sets of data that cannot cause this kind of failure. Gtar fails when it splits an archive at a location that is inside the (probably extended) tar header. BTW: As star intentionally does not implement the verification method from gtar, star is able to restore such multi volume archives. - gtar has much less features than star Unless you would like it to do incrementals properly across mount points... And I thought there was another reason regarding features that amanda used gtar as well - maybe it was the ability to quickly estimate sizes of incrementals. If it had worked for amanda, I would probably have been using it for ages. When I looked at it, it couldn't because of missing features. These days I mostly use backuppc with rsync as the transport since online access is so much nicer than tapes and rsync obviously excels at detecting differences in incrementals, but I suppose there is still a place for archives. AFAIK, amanda has too few features or there are no people who are willing to put efforts in adopting to star. I currently cannot believe that there
Re: [CentOS] schily tools
On Tue, Feb 7, 2012 at 12:03 PM, Joerg Schilling joerg.schill...@fokus.fraunhofer.de wrote: When I implemented incremental restores for star in September 2004, I wrote a simple script for a incremental testcase and tested the deltas with ufsdump/ufsrestore, gtar and the star version at that time. Gtar was unable to deal with my testcase, so I stopped testing it any further. My testcase for star was moving a subdirectory of what my backup runs covered onto a mounted volume. Star failed and I stopped testing it any further. So you tried to do something that cannot work for a filesystem oriented program. It does work with GNUtar. This is not a problem from star but you just did not use star the right way. No, star does not do what I need, so I don't use it at all. Note that gtar uses a big database that is needed at the dump side and that still does not hold enough data to let gtar work correctly. How is it not correct? Star on the other side just needs to remember dump dates and creates a full data base et extract side when doing incremental restores. So what happens when you don't exactly match the source mount tree configuration when you try to restore? You complain about GNUtar not working in some special case - how is that worse than star not working in the very common case of moving some mount points around? I do that all the time. I don't think I've ever done the weird sequence that causes trouble with a gnutar incremental restore. This is also more reliable than what gtar does as all needed information for the restore is in the archives. Except when it isn't, because it is tied to the filesystem, not the directory tree structure. If I wanted filesystem dependencies I'd use dump. I expect tar to follow directory trees and be agnostic to mount points. If you like to discuss incrementals, you definitely need to discuss behavior at restore time and restoring incrementals definitely does not work correclty with gtar if you renamed directories. If that is the issue I recall, you can recover without losing data. You are correct, you could in theory recover the data but this must be done manually. How do you recover from the mount point change case for star? If it happens on the source side, do you lose data? So it all that time you have not mounted a new volume somewhere? No remote backups of hosts where someone else might add space? No one ever wanted to restore onto a different mount topology than the one where the backups were taken? Being able to do those things is the reason I use tar instead of filesystem-dependent dump. Star of course can do what you like. You just need to create more than one backup once you split filesystems. It would be easy to handle if you like to use it I handled it by pointing amanda at remote systems. And I expected it to keep those systems backed up even if someone else mounted some new disks in places where they needed some more space. I don't see how star fits into that scheme. The reason for not adopting star was that RMS did send me a contract that was illegal in Europe and RMS was unwilling to convert his contract into something that I could legally sign. Well, no one has ever accused RMS of being reasonable... And I thought there was another reason regarding features that amanda used gtar as well - maybe it was the ability to quickly estimate sizes of incrementals. If it had worked for amanda, I would probably have been using it for ages. When I looked at it, it couldn't because of missing features. These days I mostly use backuppc with rsync as the transport since online access is so much nicer than tapes and rsync obviously excels at detecting differences in incrementals, but I suppose there is still a place for archives. AFAIK, amanda has too few features or there are no people who are willing to put efforts in adopting to star. Star simply does not do what amanda needs - or did not the last time I looked. Amanda needs a way to quickly estimate the size of a run for its brilliant feature of automatically balancing the mix of fulls and incrementals to ensure that you get at least an incremental of every target every night plus a full within the number of tapes in your rotation. And it can't fail on incrementals just because someone replaced a directory on a remote machine with a mount point. I currently cannot believe that there is really any important feature that is missing in star. Those features obviously aren't important to you, but they are enough to keep me - or any amanda user - from considering star. And amanda made things from several machines fit on my one non-changer tape drive every night for more than a decade with nothing on my part except swapping the tape sometime during the day (and handled things gracefully if I forgot). I don't think there was any alternative that could have worked as well. -- Les Mikesell
Re: [CentOS] about major version upgrades
On Feb 7, 2012, at 10:38 AM, Les Mikesell wrote: On Tue, Feb 7, 2012 at 10:02 AM, Craig White craig.wh...@ttiltd.com wrote: For this reason it is often better to upgrade more frequently then every 7-10 years. Personally I have a 5 year max lifetime for my systems. Even then upgrades are painful and we try to stagger these so they all aren't due to upgrade at once. if you think about it, perhaps you are making the case for using a configuration management system like puppet where the configuration details are more or less abstracted from the underlying OS itself. Thus once running (and I'm not suggesting that it is a simple task), migrating servers from CentOS 5.x to 6.x or perhaps to Debian or Ubuntu becomes a relatively simple task as the configuration details come from the puppet server. If it is possible to abstract the differences, perhaps you aren't using all the new features and didn't have to upgrade after all... I suppose that if you believe that, then you are suffering from a lack of imagination. I can deploy LDAP authentication setups to either Ubuntu or CentOS with the various pam, nss, padl files which are vastly different in no time. some of the differences can be accounted for from within puppet itself but others - and I'm talking about actual config files - the differences can be handled from within the templated config files which have enough business logic to change the output to various needs or simply use different templates altogether. Of course there is an investment to get to this stage and if you've only got a handful of servers to upgrade, it may not be worth it but there is the satisfaction of knowing the configuration files are ensured to be what you intended them to be - to the point of if someone makes changes by hand, they are automatically changed back. I'm only expressing the notion that it is entirely possible to get beyond the paradigm of locked in server installs on iron that takes a lot of effort to maintain (ie, update/upgrade X number_of_servers). There are some very sophisticated configuration management system, chef looked good, I chose to go with puppet and I've been very pleased with the depth and scope of puppet. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] about major version upgrades
On Tue, Feb 7, 2012 at 1:11 PM, Craig White craig.wh...@ttiltd.com wrote: If it is possible to abstract the differences, perhaps you aren't using all the new features and didn't have to upgrade after all... I suppose that if you believe that, then you are suffering from a lack of imagination. I can deploy LDAP authentication setups to either Ubuntu or CentOS with the various pam, nss, padl files which are vastly different in no time. How well does it handle windows? I'm only expressing the notion that it is entirely possible to get beyond the paradigm of locked in server installs on iron that takes a lot of effort to maintain (ie, update/upgrade X number_of_servers). There are some very sophisticated configuration management system, chef looked good, I chose to go with puppet and I've been very pleased with the depth and scope of puppet. I'm actually very interested in this, but puppet did not look like the right architecture. http://saltstack.org/ might not be quite ready for prime time but it looks like a very reasonable design. The python dependencies are probably going going to be painful for cross platform installs but at least someone on its mail list has it working on windows and there are already epel packages. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSD Drives
On 02/02/2012 10:19 AM, Matt wrote: Has anyone installed a high I/O application such as an email server on SSD drives? Was thinking about doing two SSD's in RAID1. It would solve my I/O latency issues but I have heard that SSD's wear out quickly in high I/O situations? Something like each memory location only has X many writes before its done. Just wandering if anyone has tested it and if newer SSD's are better about this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Is this the best way to go? Much of the recent mail software, postfix, dovecot etc has features which make it easier to set up redundant mailservers and distribute the load across them. This will scale better if your needs grow down the road. SSD's tend to be rather costly, especially if your storage needs are high. I guess the main advantage to a single server with SSD is lower power consumption. What about RAID10? Nataraj ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centosplus src rpm
Hi all, I'm looking for latest centosplus kernel source rpm , which should be kernel-2.6.32-220.4.1.el6.centos.plus.src.rpm to date. Maybe someone could provide a link to it? Thank you Luigi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] about major version upgrades
On Feb 7, 2012, at 12:38 PM, Les Mikesell wrote: On Tue, Feb 7, 2012 at 1:11 PM, Craig White craig.wh...@ttiltd.com wrote: If it is possible to abstract the differences, perhaps you aren't using all the new features and didn't have to upgrade after all... I suppose that if you believe that, then you are suffering from a lack of imagination. I can deploy LDAP authentication setups to either Ubuntu or CentOS with the various pam, nss, padl files which are vastly different in no time. How well does it handle windows? I haven't tried but I gather that at this stage, only a subset of features are working on Windows at this point. It does seem that they are committed to the platform though and have been adding features with each release. I'm only expressing the notion that it is entirely possible to get beyond the paradigm of locked in server installs on iron that takes a lot of effort to maintain (ie, update/upgrade X number_of_servers). There are some very sophisticated configuration management system, chef looked good, I chose to go with puppet and I've been very pleased with the depth and scope of puppet. I'm actually very interested in this, but puppet did not look like the right architecture. http://saltstack.org/ might not be quite ready for prime time but it looks like a very reasonable design. The python dependencies are probably going going to be painful for cross platform installs but at least someone on its mail list has it working on windows and there are already epel packages. a different type of management system. Puppet Chef are simply about configuration management. Puppet architecture is pretty awesome - but the puppet master itself can't be a stock CentOS 5.x system because ruby 1.8.5 is too ancient. I suppose you can use Karanbir's ruby-1.8.7 packages (or better yet, enterprise ruby packages) if you insist on running the server on CentOS 5.x. The thing about puppet is that the barrier to entry is rather high - it takes some time before you get to something useful whereas Chef is more adept at putting other people's recipes into service fairly quickly. Then again, you will run into barriers with Chef that don't exist with puppet so it seemed that the ramp up investment had long term benefits. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centosplus src rpm
On Tue, Feb 7, 2012 at 12:17 PM, cent...@iotti.biz wrote: Hi all, I'm looking for latest centosplus kernel source rpm , which should be kernel-2.6.32-220.4.1.el6.centos.plus.src.rpm to date. Maybe someone could provide a link to it? I'm afraid it's been forgotten. :( I was told it would be pushed shortly. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centosplus src rpm
On Tuesday, February 07, 2012 03:17:32 PM cent...@iotti.biz wrote: I'm looking for latest centosplus kernel source rpm , which should be kernel-2.6.32-220.4.1.el6.centos.plus.src.rpm to date. Maybe someone could provide a link to it? Hmm, shouldn't it be: http://vault.centos.org/6.2/centosplus/Source/SPackages/kernel-2.6.32-220.4.1.el6.centos.plus.src.rpm ? Of course, that doesn't yet exist, even though that's where it should be when it gets there. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 5.6 3ware raid 5
Hi, I've seen comments about the poor performance of these cards with raid 5 configs. I have an old card with 3 x 500G IDE drives connected in raid 5 and I'm getting around 10mb/s write performance. :-( I'm seeing high iowait figures at times and associated very high cpu load average figures, probably because, under load, everything is stacked up waiting for the disks to actually do something. A non-raid sata disk in the same machine manages 70mb/s Does anyone know what the performance is like if I used the 3ware just as an IDE controller? I could then switch to software raid5? Thanks Ken -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] R: Centosplus src rpm
Da: centos-boun...@centos.org [mailto:centos-boun...@centos.org] Per conto di Lamar Owen Inviato: martedì 7 febbraio 2012 21.40 A: CentOS mailing list Oggetto: Re: [CentOS] Centosplus src rpm On Tuesday, February 07, 2012 03:17:32 PM cent...@iotti.biz wrote: I'm looking for latest centosplus kernel source rpm , which should be kernel-2.6.32-220.4.1.el6.centos.plus.src.rpm to date. Maybe someone could provide a link to it? Hmm, shouldn't it be: http://vault.centos.org/6.2/centosplus/Source/SPackages/kernel-2.6.32-220.4. 1.el6.centos.plus.src.rpm ? Of course, that doesn't yet exist, even though that's where it should be when it gets there. Indeed, I should have written Maybe someone could provide a WORKING link to it?. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] network intermitent, not sure if virtualization issue- in progress
Last post on this, sorta solved. original post: --- I have a computer I am using to host a virtual machine. Centos 6, for both, 64 bit. The host machine's network connection seems fine. No problems. Trying to access the virtual machine is usually fine. but then, poof, ssh, http, ftp, all lose connection for about a minute. Then they come back up. I looked in all the logs on both machines, could find nothing, but not sure where to look. My question, would this be a setting on the VM as a webserver, some new centos 6 setting that just times out network when not in use? Or something that I did when I bonded my eth ports and bridged them? The bond covers the two onboard eth ports and one port from an add on network card. It is intermittent, seems to happen whenever, but service network restart on the webserver seems to fix it immediately, but it also just fixes itself too. is there some setting with centos 6 that must be changed to allow constant 'uptime' of the network? -- I took out the bond and found that was the issue. works fine without it. However, I also brought up a second vm and found something interesting. 1- with two vms, only one failed, the other stayed up 100% of the time. 2- second NIC card was not working well, but even taken out did not solve issue. 3- pinging system I found the vm that brought up vnet0 had the exact same pings as the host, the vnet1 vm had double. 4- no matter what order the vms were brought up, whichever got assigned libvirts vnet0 would fail, the other would not fail at all. 5- the ping of the host and the vnet0 assigned VM were exactly the same every time, the vnet1 vm was a little more than double that (12ms versus 28ms). 6- the host never lost connection, but is using the same bridge and bond to connect. It has become logical in my thought process that the host and the first vm are somehow in conflict, and the host winsvia the bond software. It seems like with vms, the host should not be connected to the bond and that might work. But I am way too over this to test it out. Sharing the bridge and the bond makes me feel the first virtual machine brought up, assigned libvirt's vnet1 eventually lost some arp contest to the host. A third vm was added, never failed if not brought up first, and had the same ping rate as the vnet1, double the host and the vnet0 virtual machine. What is causing that is beyond my knowledge and is for experts on libivrt's vnet system, bond software, and possibly eth bridges. All I know is the host never failed even though it was using the same bond/bridge and maybe that is the real issue. In a vm environment maybe the host should have its on connection NOT on the bond shared by the VMs? Using physical bridges may have confused bond with that first vm coming up. well, that is a long couple weeks work. RIght now I am just going to assign the eths direct to the bridge and forget bonding as really bad nightmare. I hope someone tests this out a bit and comes up with a brilliant yet really techy solution. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] about major version upgrades
On Tue, Feb 7, 2012 at 2:36 PM, Craig White craig.wh...@ttiltd.com wrote: I'm actually very interested in this, but puppet did not look like the right architecture. http://saltstack.org/ might not be quite ready for prime time but it looks like a very reasonable design. The python dependencies are probably going going to be painful for cross platform installs but at least someone on its mail list has it working on windows and there are already epel packages. a different type of management system. Puppet Chef are simply about configuration management. So is salt, but scalable, and with the ability to make decisions based on client state in more or less real time. And even though it is mostly or all python now, it really passes around data structures that should allow other languages to be used. It is still in early stages but they claim to have converted some puppet installs easily. Puppet architecture is pretty awesome - but the puppet master itself can't be a stock CentOS 5.x system because ruby 1.8.5 is too ancient. I suppose you can use Karanbir's ruby-1.8.7 packages (or better yet, enterprise ruby packages) if you insist on running the server on CentOS 5.x. The thing about puppet is that the barrier to entry is rather high - it takes some time before you get to something useful whereas Chef is more adept at putting other people's recipes into service fairly quickly. Then again, you will run into barriers with Chef that don't exist with puppet so it seemed that the ramp up investment had long term benefits. Ruby seems like the only thing that might be worse than python in terms of long-term version incompatibilities and installation problems, although python is sort-of a special case on RH systems since the install tools need it. I think something I wrote 20 years ago should still run today, but maybe that's just me. And I didn't see any way to tier puppet masters or keep it from falling over with a large number of clients. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] about major version upgrades
On Feb 7, 2012, at 2:00 PM, Les Mikesell wrote: Ruby seems like the only thing that might be worse than python in terms of long-term version incompatibilities and installation problems, although python is sort-of a special case on RH systems since the install tools need it. I think something I wrote 20 years ago should still run today, but maybe that's just me. And I didn't see any way to tier puppet masters or keep it from falling over with a large number of clients. seems to me that a lot of the people who love perl also love ruby - learning curve is not steep. puppet clients are forgiving - you can use stock ruby from CentOS 5 puppet manifests won't expire because of changes in ruby rather because of changes in puppet but a startup at this point should be fine for many years as the path forward seems pretty well defined. There's a lot of scaling possibilities for puppet master and a single master should be able to handle 200-300 servers without much difficulty and there are organizations that scale well into the thousands on puppet but yes, that does require some sophistication. FWIW, I'm just a hair under 50 servers and I'm running the puppet master on a VMWare image of 768MB. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] about major version upgrades
On Tue, Feb 7, 2012 at 3:10 PM, Craig White craig.wh...@ttiltd.com wrote: puppet manifests won't expire because of changes in ruby rather because of changes in puppet but a startup at this point should be fine for many years as the path forward seems pretty well defined. Does it keep a self-contained library or is it subject to package updates and future incompatibilities? I don't know much about ruby but the guy here who uses it wants nothing to do with packaged versions or anything that will either be 'too old' or break things with updates. Things like that make me very nervous. If today's and yesterday's version of a language have to be different they were probably both wrong. There's a lot of scaling possibilities for puppet master and a single master should be able to handle 200-300 servers without much difficulty and there are organizations that scale well into the thousands on puppet but yes, that does require some sophistication. FWIW, I'm just a hair under 50 servers and I'm running the puppet master on a VMWare image of 768MB. I'd need it to do a couple thousand, across a bunch of platforms and I'd rather not fight with it to get there. I do have ocsinventory agents reporting to a single server, but that's basically one http post a day with randomized timing so not even close to the same problem. And the even bigger issue will be making it coordinate with our 'human' process and scheduling controls. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] about major version upgrades
On Tuesday, February 07, 2012 04:35:29 PM Les Mikesell wrote: If today's and yesterday's version of a language have to be different they were probably both wrong. Like Python2.x versus 3.x? Or even 2.4 versus 2.6? Plone, for one, is still bundling older Python due to incompatibilities with Zope and newer Python. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] about major version upgrades
On Tue, Feb 7, 2012 at 3:46 PM, Lamar Owen lo...@pari.edu wrote: On Tuesday, February 07, 2012 04:35:29 PM Les Mikesell wrote: If today's and yesterday's version of a language have to be different they were probably both wrong. Like Python2.x versus 3.x? Or even 2.4 versus 2.6? Plone, for one, is still bundling older Python due to incompatibilities with Zope and newer Python. Exactly, and without looking too closely ruby seems to be changing even faster. There is not going to be a perfect solution to this problem, especially if you consider separately packaged libraries that really have to change over time, but RPM needs to handle concurrent multi-versioned targets gracefully or they should just change the name when it is not the same language anymore and won't execute its own old syntax so the packages don't conflict. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] about major version upgrades
On Feb 7, 2012, at 2:35 PM, Les Mikesell wrote: On Tue, Feb 7, 2012 at 3:10 PM, Craig White craig.wh...@ttiltd.com wrote: puppet manifests won't expire because of changes in ruby rather because of changes in puppet but a startup at this point should be fine for many years as the path forward seems pretty well defined. Does it keep a self-contained library or is it subject to package updates and future incompatibilities? I don't know much about ruby but the guy here who uses it wants nothing to do with packaged versions or anything that will either be 'too old' or break things with updates. Things like that make me very nervous. If today's and yesterday's version of a language have to be different they were probably both wrong. we are very much a ruby factory here and pretty much use enterprise ruby across the board (CentOS Ubuntu) http://www.rubyenterpriseedition.com/ which is far from the newest but is entirely predictable and very performance tuned to running our web apps. Just seemed easier to use the same version across the board. Puppet itself can work with any reasonable version of ruby... - 1.8.7 to 1.9.3 /server (technically, you can run the puppet master on 1.8.5 but that would pretty much preclude theforeman dashboard, and I make heavy use of theforeman). - 1.8.5+ /client and so the changes in ruby language are really just a matter for puppet itself, which I would believe you would call it a self-contained library. The future is always difficult to predict and if I had that gift, I wouldn't be working but rather making a killing on sports bets. theforeman takes puppet up a notch... http://theforeman.org/ Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] R: Centosplus src rpm
On Tuesday, February 07, 2012 03:57:36 PM cent...@iotti.biz wrote: Indeed, I should have written Maybe someone could provide a WORKING link to it?. Now working at: http://vault.centos.org/6.2/centosplus/Source/SPackages/kernel-2.6.32-220.4.1.el6.centos.plus.src.rpm ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] TLS support on postfix
Hi List, I have a postfix server based on CentOS 5 in which I have been trying to add TLS encryption support for SMTP. From the localhost when I do an EHLO, following is the output [root@xxx ~]# nc localhost 25 220 xxx..xxx.xx ESMTP Postfix EHLO localhost 250-xxx..xxx.xx 250-PIPELINING 250-SIZE 41943040 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN However from a remote location when I do the EHLO, the response does not contains STARTTLS, ENHANCEDSTATUSCODES and DSN krishna@L03:~$ nc xxx..xxx.xx 25 220 xxx..xxx.xx ESMTP Postfix EHLO localhost 250-xxx..xxx.xx 250-PIPELINING 250-SIZE 41943040 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250 8BITMIME I have done some googling and found this might be because of the Cisco Router's ESMTP Fix. However Can someone here tell me if there are any settings in master.cf or main.cf that might result in similar behaviour? Regards, KRiSHNA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TLS support on postfix
On 02/07/2012 04:50 PM, Kumar Krishna wrote: Hi List, I have a postfix server based on CentOS 5 in which I have been trying to add TLS encryption support for SMTP. From the localhost when I do an EHLO, following is the output [root@xxx ~]# nc localhost 25 220 xxx..xxx.xx ESMTP Postfix EHLO localhost 250-xxx..xxx.xx 250-PIPELINING 250-SIZE 41943040 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN However from a remote location when I do the EHLO, the response does not contains STARTTLS, ENHANCEDSTATUSCODES and DSN krishna@L03:~$ nc xxx..xxx.xx 25 220 xxx..xxx.xx ESMTP Postfix EHLO localhost 250-xxx..xxx.xx 250-PIPELINING 250-SIZE 41943040 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250 8BITMIME I have done some googling and found this might be because of the Cisco Router's ESMTP Fix. However Can someone here tell me if there are any settings in master.cf or main.cf that might result in similar behaviour? Regards, KRiSHNA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos From http://www.postfix.org/TLS_README.html By default, TLS is disabled in the Postfix SMTP server, so no difference to plain Postfix is visible. Explicitly switch it on with smtpd_tls_security_level = may. /etc/postfix/main.cf: smtpd_tls_security_level = may With this, the Postfix SMTP server announces STARTTLS support to remote SMTP clients, but does not require that clients use TLS encryption. My tls configuration looks something like this: # INCOMING TLS (smtpd server) smtpd_tls_security_level = may smtpd_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/certs/tls.key smtpd_tls_cert_file = /etc/postfix/certs/tls.crt smtpd_tls_CAfile = /etc/postfix/certs/CAcert.crt smtpd_tls_CApath = /etc/postfix/certs smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # OUTGOING TLS (SMTP transport) smtp_tls_loglevel = 1 smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes Nataraj ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] PCIe AER support in 5.5
I have a question about getting PCIe advanced error reporting to work on 5.5. The info I need to start with is the following: 1) Is PCIe Advanced Error Reporting (including error injections) known to work in 5.5? 2) What configuration options do I need to select in order to enable it? I'm using the following configs: CONFIG_ACPI=y CONFIG_PCI=y CONFIG_PCI_DIRECT=y CONFIG_PCI_MMCONFIG=y CONFIG_PCIEPORTBUS=y CONFIG_PCIEAER=y CONFIG_PCIE_ECRC=y CONFIG_PCIE_AER_INJECT=y CONFIG_PCI_DOMAINS=y CONFIG_PCI_MSI=y I also have the kernel boot parameter aerdriver.forceload=y With this config, I see that the relevant devices appear to support Advanced Error Reporting (visible in lspci -v output). However, when I attempt to inject errors to them the injections fail for various reasons. None of them (out of about a dozen candidate devices) succeeds. The aer_inject facility is currently the only means I have of testing this functionality. Note that on the same hardware with a RHEL-6 based (2.6.32) kernel, the injections work correctly. I need to make them also work with 5.5. Before I go and track down those various errors, I want to verify that I have the right kernel and that it's configured correctly. The required code seems to be present in the kernel. I suspect there's something going wrong during driver initialization and device probing. Once again, I need answers to these two specific questions: 1) Is PCIe Advanced Error Reporting (including error injections) known to work in 5.5? 2) What configuration options do I need to select in order to enable it? Thanks, Neil Baylis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] my notes on bond, bridge, network, kvm, host and virtual so far
I have no idea if this is the source of your problem (I wasn't using bonded interfaces), but it's sufficiently similar that you might want to try it. I had a lot of problems with the network stack on VMs, both under VMWare ESXi and Xen where the network would just go numb. After a lot of splunking I determined that it seemed to be related to faulty TCP segment offload. Generally speaking, between the VM, the virtual NICs, the hypervisor/host, and the physical network card, some levels figured that they'd offload segmentation handling to a lower layer, the lower layer wasn't doing it, and the upper layer thought that it was. Under low network load everything seemed fine but as the network got pushed things would blow up and go numb. Turning off TSO in the VM seemed to do the trick, although I think in the Xen case I turned it off in the host as well. The basic command is: /sbin/ethtool -K ethX tso off While I had the above command in rc.local, I would also run the attached script in /etc/cron.hourly as there were some circumstances where tso would get reenabled. Good luck Devin -- Some people are like Slinkies: Not really good for anything, but you can't help but smile when you see one tumble the stairs. - Anonymous ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] my notes on bond, bridge, network, kvm, host and virtual so far
Devin Reade g...@gno.org wrote: [...] While I had the above command in rc.local, I would also run the attached script in /etc/cron.hourly as there were some circumstances where tso would get reenabled. And in case attachments get stripped on the mailing list, you can also get the script here: ftp://ftp.gno.org/pub/tools/force-tso Devin -- Some people are like Slinkies: Not really good for anything, but you can't help but smile when you see one tumble the stairs. - Anonymous ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] my notes on bond, bridge, network, kvm, host and virtual so far
On 02/06/2012 09:28 PM, Bob Hoffman wrote: I put this page together just so I won't spam the board anymore begging for help..lol http://bobhoffman.com/vmissue.html You're using bonding mode 0, which may not work when attached to a bridge. Try changing to mode 1 and playing with the cables. If every- thing works with mode 1, you've got an idea on where to focus. As far as active/active bonding modes go, I know that mode 4 (LACP) is supposed to work, but that requires support on the switch(es). -- Ian Pilcher arequip...@gmail.com If you're going to shift my paradigm ... at least buy me dinner first. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TLS support on postfix
On Tue, 07 Feb 2012 18:04:03 -0800 Nataraj incoming-cen...@rjl.com wrote: On 02/07/2012 04:50 PM, Kumar Krishna wrote: Hi List, I have a postfix server based on CentOS 5 in which I have been trying to add TLS encryption support for SMTP. From the localhost when I do an EHLO, following is the output [root@xxx ~]# nc localhost 25 220 xxx..xxx.xx ESMTP Postfix EHLO localhost 250-xxx..xxx.xx 250-PIPELINING 250-SIZE 41943040 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN However from a remote location when I do the EHLO, the response does not contains STARTTLS, ENHANCEDSTATUSCODES and DSN krishna@L03:~$ nc xxx..xxx.xx 25 220 xxx..xxx.xx ESMTP Postfix EHLO localhost 250-xxx..xxx.xx 250-PIPELINING 250-SIZE 41943040 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250 8BITMIME I have done some googling and found this might be because of the Cisco Router's ESMTP Fix. However Can someone here tell me if there are any settings in master.cf or main.cf that might result in similar behaviour? Regards, KRiSHNA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos From http://www.postfix.org/TLS_README.html By default, TLS is disabled in the Postfix SMTP server, so no difference to plain Postfix is visible. Explicitly switch it on with smtpd_tls_security_level = may. /etc/postfix/main.cf: smtpd_tls_security_level = may With this, the Postfix SMTP server announces STARTTLS support to remote SMTP clients, but does not require that clients use TLS encryption. My tls configuration looks something like this: # INCOMING TLS (smtpd server) smtpd_tls_security_level = may smtpd_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/certs/tls.key smtpd_tls_cert_file = /etc/postfix/certs/tls.crt smtpd_tls_CAfile = /etc/postfix/certs/CAcert.crt smtpd_tls_CApath = /etc/postfix/certs smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # OUTGOING TLS (SMTP transport) smtp_tls_loglevel = 1 smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes Nataraj Thanks for the reply Nataraj, but still no joy. I tried adding 'smtp_tls_security_level = may' 'smtpd_tls_security_level = may' to my existing configuration, but it didn't helped. Any ideas what else I might need to change in the configuration? Here is how my configuration looks like #ENCRYPTION #==# # Incoming smtpd_tls_auth_only = no smtpd_note_starttls_offer = yes smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s smtpd_tls_received_header = yes tls_random_source = dev:/dev/urandom # Outgoing smtp_use_tls = yes smtp_tls_loglevel = 1 smtp_tls_note_starttls_offer = yes smtp_tls_security_level = may Regards, KRiSHNA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TLS support on postfix
On 02/07/2012 09:50 PM, Kumar Krishna wrote: On Tue, 07 Feb 2012 18:04:03 -0800 Nataraj incoming-cen...@rjl.com wrote: On 02/07/2012 04:50 PM, Kumar Krishna wrote: Hi List, I have a postfix server based on CentOS 5 in which I have been trying to add TLS encryption support for SMTP. From the localhost when I do an EHLO, following is the output [root@xxx ~]# nc localhost 25 220 xxx..xxx.xx ESMTP Postfix EHLO localhost 250-xxx..xxx.xx 250-PIPELINING 250-SIZE 41943040 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN However from a remote location when I do the EHLO, the response does not contains STARTTLS, ENHANCEDSTATUSCODES and DSN krishna@L03:~$ nc xxx..xxx.xx 25 220 xxx..xxx.xx ESMTP Postfix EHLO localhost 250-xxx..xxx.xx 250-PIPELINING 250-SIZE 41943040 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250 8BITMIME I have done some googling and found this might be because of the Cisco Router's ESMTP Fix. However Can someone here tell me if there are any settings in master.cf or main.cf that might result in similar behaviour? Regards, KRiSHNA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos From http://www.postfix.org/TLS_README.html By default, TLS is disabled in the Postfix SMTP server, so no difference to plain Postfix is visible. Explicitly switch it on with smtpd_tls_security_level = may. /etc/postfix/main.cf: smtpd_tls_security_level = may With this, the Postfix SMTP server announces STARTTLS support to remote SMTP clients, but does not require that clients use TLS encryption. My tls configuration looks something like this: # INCOMING TLS (smtpd server) smtpd_tls_security_level = may smtpd_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/certs/tls.key smtpd_tls_cert_file = /etc/postfix/certs/tls.crt smtpd_tls_CAfile = /etc/postfix/certs/CAcert.crt smtpd_tls_CApath = /etc/postfix/certs smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # OUTGOING TLS (SMTP transport) smtp_tls_loglevel = 1 smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes Nataraj Thanks for the reply Nataraj, but still no joy. I tried adding 'smtp_tls_security_level = may' 'smtpd_tls_security_level = may' to my existing configuration, but it didn't helped. Any ideas what else I might need to change in the configuration? Here is how my configuration looks like #ENCRYPTION #==# # Incoming smtpd_tls_auth_only = no smtpd_note_starttls_offer = yes smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s smtpd_tls_received_header = yes tls_random_source = dev:/dev/urandom # Outgoing smtp_use_tls = yes smtp_tls_loglevel = 1 smtp_tls_note_starttls_offer = yes smtp_tls_security_level = may Regards, KRiSHNA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Did you reload the configuration with 'postfix reload' or 'service postfix restart' after updating your config file? Have you setup certificates? I suggest you read http://www.postfix.org/TLS_README.html If you think you've set everything up correctly, run the command 'postconf -n | grep tls' and post the output. You might also check the archives of the postfix mailing list. I'm sure there are extensive postings for issues like this. Nataraj ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TLS support on postfix
On Tue, 07 Feb 2012 18:04:03 -0800 Nataraj incoming-cen...@rjl.com wrote: On 02/07/2012 04:50 PM, Kumar Krishna wrote: Hi List, I have a postfix server based on CentOS 5 in which I have been trying to add TLS encryption support for SMTP. From the localhost when I do an EHLO, following is the output [root@xxx ~]# nc localhost 25 220 xxx..xxx.xx ESMTP Postfix EHLO localhost 250-xxx..xxx.xx 250-PIPELINING 250-SIZE 41943040 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN However from a remote location when I do the EHLO, the response does not contains STARTTLS, ENHANCEDSTATUSCODES and DSN krishna@L03:~$ nc xxx..xxx.xx 25 220 xxx..xxx.xx ESMTP Postfix EHLO localhost 250-xxx..xxx.xx 250-PIPELINING 250-SIZE 41943040 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250 8BITMIME I have done some googling and found this might be because of the Cisco Router's ESMTP Fix. However Can someone here tell me if there are any settings in master.cf or main.cf that might result in similar behaviour? Regards, KRiSHNA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos From http://www.postfix.org/TLS_README.html By default, TLS is disabled in the Postfix SMTP server, so no difference to plain Postfix is visible. Explicitly switch it on with smtpd_tls_security_level = may. /etc/postfix/main.cf: smtpd_tls_security_level = may With this, the Postfix SMTP server announces STARTTLS support to remote SMTP clients, but does not require that clients use TLS encryption. My tls configuration looks something like this: # INCOMING TLS (smtpd server) smtpd_tls_security_level = may smtpd_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/certs/tls.key smtpd_tls_cert_file = /etc/postfix/certs/tls.crt smtpd_tls_CAfile = /etc/postfix/certs/CAcert.crt smtpd_tls_CApath = /etc/postfix/certs smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # OUTGOING TLS (SMTP transport) smtp_tls_loglevel = 1 smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes Nataraj Yes, I did restarted postfix. I ran tcpdump on the mail server while connecting to it from a remote location and then analysed the dump file. It seems that the server is working fine and offering STARTTLS, but the Cisco Router en route is messing things up. Regards, KRiSHNA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TLS support on postfix
On 02/07/2012 09:50 PM, Kumar Krishna wrote: On Tue, 07 Feb 2012 18:04:03 -0800 Nataraj incoming-cen...@rjl.com wrote: On 02/07/2012 04:50 PM, Kumar Krishna wrote: Hi List, I have a postfix server based on CentOS 5 in which I have been trying to add TLS encryption support for SMTP. From the localhost when I do an EHLO, following is the output [root@xxx ~]# nc localhost 25 220 xxx..xxx.xx ESMTP Postfix EHLO localhost 250-xxx..xxx.xx 250-PIPELINING 250-SIZE 41943040 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN However from a remote location when I do the EHLO, the response does not contains STARTTLS, ENHANCEDSTATUSCODES and DSN krishna@L03:~$ nc xxx..xxx.xx 25 220 xxx..xxx.xx ESMTP Postfix EHLO localhost 250-xxx..xxx.xx 250-PIPELINING 250-SIZE 41943040 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250 8BITMIME I have done some googling and found this might be because of the Cisco Router's ESMTP Fix. However Can someone here tell me if there are any settings in master.cf or main.cf that might result in similar behaviour? Regards, KRiSHNA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos From http://www.postfix.org/TLS_README.html By default, TLS is disabled in the Postfix SMTP server, so no difference to plain Postfix is visible. Explicitly switch it on with smtpd_tls_security_level = may. /etc/postfix/main.cf: smtpd_tls_security_level = may With this, the Postfix SMTP server announces STARTTLS support to remote SMTP clients, but does not require that clients use TLS encryption. My tls configuration looks something like this: # INCOMING TLS (smtpd server) smtpd_tls_security_level = may smtpd_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/certs/tls.key smtpd_tls_cert_file = /etc/postfix/certs/tls.crt smtpd_tls_CAfile = /etc/postfix/certs/CAcert.crt smtpd_tls_CApath = /etc/postfix/certs smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # OUTGOING TLS (SMTP transport) smtp_tls_loglevel = 1 smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes Nataraj Thanks for the reply Nataraj, but still no joy. I tried adding 'smtp_tls_security_level = may' 'smtpd_tls_security_level = may' to my existing configuration, but it didn't helped. Any ideas what else I might need to change in the configuration? Here is how my configuration looks like #ENCRYPTION #==# # Incoming smtpd_tls_auth_only = no smtpd_note_starttls_offer = yes smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s smtpd_tls_received_header = yes tls_random_source = dev:/dev/urandom # Outgoing smtp_use_tls = yes smtp_tls_loglevel = 1 smtp_tls_note_starttls_offer = yes smtp_tls_security_level = may Regards, KRiSHNA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos It is also possible to configure postfix so that it uses TLS but does not announce the availability of STARTTLS. If somebody did this on your system you would have smtpd_tls_wrappermode=yes somewhere in your master.cf file, something like this. /etc/postfix/master.cf: smtpsinet n - n - - smtpd -o smtpd_tls_wrappermode=yes Nataraj ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] my notes on bond, bridge, network, kvm, host and virtual so far
Although it was written in the context of Xen, you might also want to have a look at the netloop nloopbacks parameter as described in http://www.novell.com/communities/node/4094/xen-network-bridges-explained-with-troubleshooting-notes. On a Xen cluster with 3 physical interfaces per node I had to increase that parameter to keep interfaces from going numb. I don't know how this translates to the libvirt/kvm world. Devin -- Some people are like Slinkies: Not really good for anything, but you can't help but smile when you see one tumble the stairs. - Anonymous ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
