Re: [CentOS] weird apache issue
Does the same issue arise if the restart is split into a stop and start? My thinking is that the stop IS working, but is taking longer than the script expects, so the stop step fails when the program checks the PID to see if it has shutdown properly. Then when the start happens the Apache has not completely shutdown and is still holding the port. After the failure the stop completes and the PID file is deleted. The PID file could be empty because the startup creates the PID file, but can't write the PID to it because the startup failed. I'm just guessing though, as I don't have a CENTOS/RHEL system to look at. I'm not even sure if my suggested scenario makes sense! Cheers, Cliff On Sat, Mar 8, 2014 at 4:28 AM, Les Mikesell wrote: > On Fri, Mar 7, 2014 at 5:37 AM, Tim Dunphy wrote: > > > > Not really sure how to interpret that, unfortunately. > > > > > > However looked for the pid file for apache and noticed that it DOESN'T > > EXIST! > > > > [root@beta:~] #ls -l /var/run/httpd/ > > total 0 > > > > > > Well, that would explain why the init script isn';t able to kill the > > process. Maybe puppet is doing something weird with that pid file? I > don't > > really know offhand, but I guess I will have to investigate that. > > Is one created at a successful startup? And how is puppet involved? > > -- > Les Mikesell > lesmikes...@gmail.com > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 + Quagga + SELinux
On Thu, Mar 6, 2014 at 7:07 PM, SilverTip257 wrote: > On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh wrote: > >> >> ... >>If you want to allow zebra daemon to write it configuration >> files, you >>must turn on the zebra_write_config boolean. Disabled by default. >> >>setsebool -P zebra_write_config 1 >> > > // before > ~]# getsebool -a | grep zebra > allow_zebra_write_config --> on > zebra_disable_trans --> off > > Apparently the command from the Bugzilla ticket I linked to earlier took > and already had allow_zebra_write_config enabled. > setsebool -P allow_zebra_write_config=1 > > // trying to set that selinux boolean comes back with > ~]# setsebool -P zebra_write_config 1 > libsemanage.dbase_llist_set: record not found in the database > libsemanage.dbase_llist_set: could not set record value > Could not change boolean zebra_write_config > Could not change policy booleans > * What should I try next after this failure? > > ~]# tail /var/log/audit/audit.log | grep zebra | audit2why > ... > type=AVC msg=audit(1394150156.203:30): avc: denied { add_name } for > pid=3111 comm="zebra" name="zebra.conf.fT434c" > scontext=root:system_r:zebra_t:s0 > tcontext=system_u:object_r:zebra_conf_t:s0 tclass=dir > Was caused by: > Missing or disabled TE allow rule. > Allow rules may exist but be disabled by boolean settings; > check boolean settings. > You can see the necessary allow rules by running > audit2allow with this audit message as input. > > ~]# tail /var/log/audit/audit.log | grep zebra | audit2allow > > > #= zebra_t == > allow zebra_t zebra_conf_t:dir add_name; > > * So I'm at the point where I may just as well create a custom policy file? I plan on following the steps on the wiki (unless there's a better source/write-up). http://wiki.centos.org/HowTos/SELinux Looks like this will be a fun one ... I'll have rules for each routing daemon to create. [At least that's the impression I got from mailing lists/bug tickets.] Thanks, -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gnutls bug
On Fri, Mar 7, 2014 at 9:55 AM, Lamar Owen wrote: > On 03/05/2014 06:36 PM, Michael Coffman wrote: > > Not sure what your environment looks like but the systems I manage are > > locked down and it's typically difficult to get them changed. We have > > hundreds of systems ( desktop, server and HPC systems) that are all the > > same rev with all the same packages. A large number of vendor packages > > and internally developed packages have to be re-qualified everytime > > anything is changed. So we don't change them often. > > > Scientific Linux will allow you to stay at a particular update rev (6.0 > if you had that requirement, even) but still get security updates. So > you might consider installing the gnutls update from the SL 6.4 updates > instead, or rebasing to SL completely. > > This is one of the few really significant differences between SL and > CentOS; the SL user base wants to be able to get security updates > without a complete 'point release' update, too, and have put forth the > nontrivial effort required to actually make that happen. > > I'm using CentOS myself, but if you need that particular feature of SL > it may be the better choice for you. > Thanks. This info was very helpful. > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- -MichaelC ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Latest openswan update does no longer connect to Cisco VPN 3000 Series
On Fri, Mar 7, 2014 at 9:56 AM, Radu Radutiu wrote: > Does anyone else noticed problems after updating openswan to > openswan-2.6.32-27.2.el6_5.i686 ? In our case a connection to Cisco VPN > https://bugzilla.redhat.com/buglist.cgi?bug_status=__open__&content=openswan&no_redirect=1&order=changeddate%20DESC%2C&product=&query_based_on=&query_format=specific Bug 1070358 - openswan breaks NAT-T draft clients (and possibly ike fragmentation) [NEEDINFO] https://bugzilla.redhat.com/show_bug.cgi?id=1070358 Bug 1070356 - openswan breaks NAT-T draft clients (and possibly ike fragmentation) https://bugzilla.redhat.com/show_bug.cgi?id=1070356 Maybe you've been bitten by that bug. -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gnutls bug
On 03/07/2014 11:57 AM, m.r...@5-cent.us wrote: > Lamar Owen wrote: >> I'm using CentOS myself, but if you need that particular feature of SL >> it may be the better choice for you. > Have you used yum-plugin-security? > > Why yes, yes I have. It is not equivalent to the SL versioning for the particular use cases and scenarios for which the SL versioning method was made. By your response you indicate that you really don't understand what SL is actually doing. It's going one step beyond what upstream is doing and adding a feature that some people and institutions vastly prefer. No, I am not advocating that this is the 'one true way' to do it; I'm pointing the OP to something that was designed for a scenario much like the OP's specific situation. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gnutls bug
Lamar Owen wrote: > On 03/05/2014 06:36 PM, Michael Coffman wrote: >> Not sure what your environment looks like but the systems I manage are >> locked down and it's typically difficult to get them changed. We have >> hundreds of systems ( desktop, server and HPC systems) that are all the >> same rev with all the same packages. A large number of vendor packages >> and internally developed packages have to be re-qualified everytime >> anything is changed. So we don't change them often. >> > Scientific Linux will allow you to stay at a particular update rev (6.0 > if you had that requirement, even) but still get security updates. So > you might consider installing the gnutls update from the SL 6.4 updates > instead, or rebasing to SL completely. > > This is one of the few really significant differences between SL and > CentOS; the SL user base wants to be able to get security updates > without a complete 'point release' update, too, and have put forth the > nontrivial effort required to actually make that happen. > > I'm using CentOS myself, but if you need that particular feature of SL > it may be the better choice for you. Have you used yum-plugin-security? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gnutls bug
On 03/05/2014 06:36 PM, Michael Coffman wrote: > Not sure what your environment looks like but the systems I manage are > locked down and it's typically difficult to get them changed. We have > hundreds of systems ( desktop, server and HPC systems) that are all the > same rev with all the same packages. A large number of vendor packages > and internally developed packages have to be re-qualified everytime > anything is changed. So we don't change them often. > Scientific Linux will allow you to stay at a particular update rev (6.0 if you had that requirement, even) but still get security updates. So you might consider installing the gnutls update from the SL 6.4 updates instead, or rebasing to SL completely. This is one of the few really significant differences between SL and CentOS; the SL user base wants to be able to get security updates without a complete 'point release' update, too, and have put forth the nontrivial effort required to actually make that happen. I'm using CentOS myself, but if you need that particular feature of SL it may be the better choice for you. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Latest openswan update does no longer connect to Cisco VPN 3000 Series
From: Radu Radutiu > Does anyone else noticed problems after updating openswan to > openswan-2.6.32-27.2.el6_5.i686 ? Not the solution but here is what was fixed: # rpm -qp --changelog openswan-2.6.32-27.2.el6_5.x86_64.rpm * Thu Feb 06 2014 Paul Wouters - 2.6.32-27.2 - Resolves: rhbz#1050337 (CVE-2013-6466 refix for delete/notify code) * Wed Jan 22 2014 Paul Wouters - 2.6.32-27.1 - Resolves: rhbz#1050337 (CVE-2013-6466) https://access.redhat.com/security/cve/CVE-2013-6466 JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] weird apache issue
On Fri, Mar 7, 2014 at 5:37 AM, Tim Dunphy wrote: > > Not really sure how to interpret that, unfortunately. > > > However looked for the pid file for apache and noticed that it DOESN'T > EXIST! > > [root@beta:~] #ls -l /var/run/httpd/ > total 0 > > > Well, that would explain why the init script isn';t able to kill the > process. Maybe puppet is doing something weird with that pid file? I don't > really know offhand, but I guess I will have to investigate that. Is one created at a successful startup? And how is puppet involved? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Latest openswan update does no longer connect to Cisco VPN 3000 Series
Does anyone else noticed problems after updating openswan to openswan-2.6.32-27.2.el6_5.i686 ? In our case a connection to Cisco VPN 3000 Series would no longer work. I can see in the log an ASSERTION FAILED error and the connection would remain in Pending phase 2. Mar 7 16:24:40 firewall pluto[7647]: "ciscovpntest" #2: discarding duplicate packet; already STATE_MAIN_I1 Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: ignoring Vendor ID payload [FRAGMENTATION c000] Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: enabling possible NAT-traversal with method draft-ietf-ipsec-nat-t-ike-05 Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: ASSERTION FAILED at /builddir/build/BUILD/openswan-2.6.32/programs/pluto/ikev1_main.c:1112: st->st_sec_in_use==FALSE Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: using kernel interface: netkey Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: #2: "ciscovpntest":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 39s; nodpd; idle; import:admin initiate Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: #2: pending Phase 2 for "ciscovpntest" replacing #0 Downgrading openswan to openswan-2.6.32-27.el6.i686 solves the problem. The problem is restricted to this VPN connection, other 2 VPNs continue to work fine with the new version. Radu ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] weird apache issue
In article , Tim Dunphy wrote: > ok thanks for the tip! > > So I did a netstat as you suggested and this is what I found: > > [root@beta:~] #netstat -natp | grep 80 > tcp0 0 0.0.0.0:80080.0.0.0:* > LISTEN 2354/python2.6 > tcp0 0 0.0.0.0:80100.0.0.0:* > LISTEN 8198/python2.6 > tcp0 0 0.0.0.0:80130.0.0.0:* > LISTEN 8198/python2.6 > tcp0 0 166.78.8.98:80810.0.0.0:* > LISTEN 10950/java > tcp0 0 0.0.0.0:28017 0.0.0.0:* > LISTEN 2289/mongod > tcp0 1 166.78.8.98:33612 72.52.4.74:80 > SYN_SENT17471/wget > tcp0672 166.78.8.98:22 24.38.100.4:35265 > ESTABLISHED 5680/sshd > tcp0 0 :::995 :::* > LISTEN 1806/couriertcpd > tcp0 0 :::110 :::* > LISTEN 1800/couriertcpd > tcp0 0 :::80 :::* > LISTEN 31589/httpd > > > And it does look as if it's apache that's taking up port 80 and nothing > else. > > I also checked /var/run/httpd and saw that it was EMPTY! No pid file to be > found. I had a look at the puppet manifests and couldn't see ANYTHING that > could be causing the pid file to go missing. > > > Does anyone have any suggestions on how I can track down why the pid file > keeps disappearing? It's probably a case of piecing together bits of evidence, e.g. - "ps -fp 31589" to see when the process started. - Compare that with /var/log/httpd/error_log* - apache logs a message there when it starts up. - Do "ls -ld /var/run/httpd" to see when /var/sun/httpd was last changed (due to the deletion of httpd.pid) - Look through logfiles in /var/log and /var/log/httpd for anything that happened just at that time. - Kill off the httpd process manually using "kill 31589" (or whatever) and check with "ps -ef" that all instances of httpd disappear. - Start it up again with "service httpd start" and then watch more closely. Hope you manage to find an explanation! Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 + Quagga + SELinux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2014 07:07 PM, SilverTip257 wrote: > On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh wrote: > >> >> man zebra_selinux >> > > Thank you for the quick reply. > > ~]# man zebra_selinux No manual entry for zebra_selinux > > This is a rather basic (headless) install of CentOS 5.10 from the > netinstall ISO. I haven't ripped out any default selinux pieces, so should > I really be missing that manpage? > > ~]# cat /etc/*ele* cat: /etc/lsb-release.d: Is a directory CentOS release > 5.10 (Final) > > ~]# apropos selinux | egrep 'zebra|quagga' > > If I remove the pipe to egrep, I do see squid_selinux for example. > > >> ... If you want to allow zebra daemon to write it configuration files, >> you must turn on the zebra_write_config boolean. Disabled by default. >> >> setsebool -P zebra_write_config 1 >> > > // before ~]# getsebool -a | grep zebra allow_zebra_write_config --> on > zebra_disable_trans --> off > > Apparently the command from the Bugzilla ticket I linked to earlier took > and already had allow_zebra_write_config enabled. setsebool -P > allow_zebra_write_config=1 > > // trying to set that selinux boolean comes back with ~]# setsebool -P > zebra_write_config 1 libsemanage.dbase_llist_set: record not found in the > database libsemanage.dbase_llist_set: could not set record value Could not > change boolean zebra_write_config Could not change policy booleans > > On an selinux, but different topic... I had to modify the user (role and > type were right) to allow dnsmasq to write to /var/log/dnsmasq.log ~]# > chcon -v --user=system_u --role=object_r --type=var_log_t > /var/log/dnsmasq.log This may or may not be the best/proper way, but > appears to have fixed the dnsmasq logging + selinux clash. > > And now to apply that to my quagga/zebra + selinux situation... // before > ~]# ls -Z /etc/quagga/ | egrep '(zebra|vtysh)\.conf' -rw-r- quagga > quaggavt root:object_r:zebra_conf_t vtysh.conf -rwxr-x--- quagga > quaggavt system_u:object_r:zebra_conf_t vtysh.conf.sample -rw--- > quagga quagga root:object_r:zebra_conf_t zebra.conf -rw-r--r-- root > root system_u:object_r:zebra_conf_t zebra.conf.sample -rw-r- > quagga quaggavt root:object_r:zebra_conf_t zebra.conf.sav > > ~]# chcon -v --user=system_u /etc/quagga/vtysh.conf /etc/quagga/zebra.conf > /etc/quagga/zebra.conf.sav > > // after ~]# ls -Z /etc/quagga/ | egrep '(zebra|vtysh)\.conf' -rw-r- > quagga quaggavt system_u:object_r:zebra_conf_t vtysh.conf -rwxr-x--- > quagga quaggavt system_u:object_r:zebra_conf_t vtysh.conf.sample -rw--- > quagga quagga system_u:object_r:zebra_conf_t zebra.conf -rw-r--r-- > root root system_u:object_r:zebra_conf_t zebra.conf.sample -rw-r- > quagga quaggavt system_u:object_r:zebra_conf_t zebra.conf.sav > > // but no dice ... # write Building Configuration... Can't open > configuration file /etc/quagga/zebra.conf.ZHwkuk. [OK] > > > > ~]# tail /var/log/audit/audit.log | grep zebra | audit2why ... type=AVC > msg=audit(1394150156.203:30): avc: denied { add_name } for pid=3111 > comm="zebra" name="zebra.conf.fT434c" scontext=root:system_r:zebra_t:s0 > tcontext=system_u:object_r:zebra_conf_t:s0 tclass=dir Was caused by: > Missing or disabled TE allow rule. Allow rules may exist but be disabled by > boolean settings; check boolean settings. You can see the necessary allow > rules by running audit2allow with this audit message as input. > > ~]# tail /var/log/audit/audit.log | grep zebra | audit2allow > > > #= zebra_t == allow zebra_t zebra_conf_t:dir > add_name; > > > What am I doing wrong here? ( missing manpage , still AVC denied ) > > > I'm learning a thing or two about SELinux with each bump in the road it > presents to me. Thanks for the help and for bearing with me. ;) > > Introduced in RHEL6 not in Rhel5 sorry -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMZzPQACgkQrlYvE4MpobPh3wCfd54pFCl3U5zamlcOobHO47fl npEAn2GdCQZnZbnzGu3mOr+G2rbR2nxp =E3uw -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] weird apache issue
ok thanks for the tip! So I did a netstat as you suggested and this is what I found: [root@beta:~] #netstat -natp | grep 80 tcp0 0 0.0.0.0:80080.0.0.0:* LISTEN 2354/python2.6 tcp0 0 0.0.0.0:80100.0.0.0:* LISTEN 8198/python2.6 tcp0 0 0.0.0.0:80130.0.0.0:* LISTEN 8198/python2.6 tcp0 0 166.78.8.98:80810.0.0.0:* LISTEN 10950/java tcp0 0 0.0.0.0:28017 0.0.0.0:* LISTEN 2289/mongod tcp0 1 166.78.8.98:33612 72.52.4.74:80 SYN_SENT17471/wget tcp0672 166.78.8.98:22 24.38.100.4:35265 ESTABLISHED 5680/sshd tcp0 0 :::995 :::* LISTEN 1806/couriertcpd tcp0 0 :::110 :::* LISTEN 1800/couriertcpd tcp0 0 :::80 :::* LISTEN 31589/httpd And it does look as if it's apache that's taking up port 80 and nothing else. I also checked /var/run/httpd and saw that it was EMPTY! No pid file to be found. I had a look at the puppet manifests and couldn't see ANYTHING that could be causing the pid file to go missing. Does anyone have any suggestions on how I can track down why the pid file keeps disappearing? Thanks! Tim On Fri, Mar 7, 2014 at 7:32 AM, Tony Mountifield wrote: > In article < > caozy0en0x_wrbzkvjzupatymod7z_vtbomormukedknrwnf...@mail.gmail.com>, > Tim Dunphy wrote: > > Hey guys, > > > > Well it took a little while for me to be able to reproduce this. It > seems > > that this problem is intermittent and sporadic. > > > > But I tried running a sh -x /etc/init.d/httpd restart command once I > > reallized I had another incident of this and this is what I saw as the > > output: > > > > > + /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/httpd' > > (98)Address already in use: make_sock: could not bind to address [::]:80 > > (98)Address already in use: make_sock: could not bind to address > 0.0.0.0:80 > > no listening sockets available, shutting down > > > > > Not really sure how to interpret that, unfortunately. > > > > > > However looked for the pid file for apache and noticed that it DOESN'T > > EXIST! > > > > [root@beta:~] #ls -l /var/run/httpd/ > > total 0 > > > > > > Well, that would explain why the init script isn';t able to kill the > > process. Maybe puppet is doing something weird with that pid file? I > don't > > really know offhand, but I guess I will have to investigate that. > > > > Thanks for all your input. > > Have a look to see what process is actually doing the listening on port 80: > > # netstat -natp > > Look for a local address with a port of 80 and a state of LISTEN. > > The final column shows you the PID and program name. > > Cheers > Tony > -- > Tony Mountifield > Work: t...@softins.co.uk - http://www.softins.co.uk > Play: t...@mountifield.org - http://tony.mountifield.org > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 + Quagga + SELinux
On Fri, Mar 7, 2014 at 5:16 AM, John Doe wrote: > From: SilverTip257 > > > On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh > wrote: > >> man zebra_selinux > > ~]# man zebra_selinux > > No manual entry for zebra_selinux > > This man page seems to be in selinux-policy-doc package for CentOS 6... > I'm on CentOS 5.10 on the system in question. I did try searching for packages prior to sending the message you responded to. > # yum whatprovides \*zebra_selinux\* > ... > selinux-policy-doc-3.7.19-231.el6.noarch : SELinux policy documentation > Repo: base > Matched from: > Filename: /usr/share/man/man8/zebra_selinux.8.gz > Here's a search from 5.10... ~]$ yum whatprovides \*zebra_selinux\* ... No Matches found -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] weird apache issue
In article , Tim Dunphy wrote: > Hey guys, > > Well it took a little while for me to be able to reproduce this. It seems > that this problem is intermittent and sporadic. > > But I tried running a sh -x /etc/init.d/httpd restart command once I > reallized I had another incident of this and this is what I saw as the > output: > > + /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/httpd' > (98)Address already in use: make_sock: could not bind to address [::]:80 > (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 > no listening sockets available, shutting down > > Not really sure how to interpret that, unfortunately. > > > However looked for the pid file for apache and noticed that it DOESN'T > EXIST! > > [root@beta:~] #ls -l /var/run/httpd/ > total 0 > > > Well, that would explain why the init script isn';t able to kill the > process. Maybe puppet is doing something weird with that pid file? I don't > really know offhand, but I guess I will have to investigate that. > > Thanks for all your input. Have a look to see what process is actually doing the listening on port 80: # netstat -natp Look for a local address with a port of 80 and a state of LISTEN. The final column shows you the PID and program name. Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 109, Issue 2
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CEBA-2014:0260 CentOS 6 ghostscript-fonts FASTTRACK Update (Johnny Hughes) 2. CEBA-2014:0256 CentOS 6 libvirt Update (Johnny Hughes) 3. CEBA-2014:0257 CentOS 6 opencryptoki Update (Johnny Hughes) 4. CESA-2014:0255 Moderate CentOS 5 subversion Update (Johnny Hughes) 5. CESA-2014:0255 Moderate CentOS 6 subversion Update (Johnny Hughes) 6. CEBA-2014:0260 CentOS 6 ghostscript-fonts FASTTRACK Update (Johnny Hughes) -- Message: 1 Date: Thu, 6 Mar 2014 11:11:23 + From: Johnny Hughes Subject: [CentOS-announce] CEBA-2014:0260 CentOS 6 ghostscript-fonts FASTTRACK Update To: centos-annou...@centos.org Message-ID: <2014030623.ga12...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2014:0260 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0260.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 2 Date: Thu, 6 Mar 2014 11:12:02 + From: Johnny Hughes Subject: [CentOS-announce] CEBA-2014:0256 CentOS 6 libvirt Update To: centos-annou...@centos.org Message-ID: <20140306111202.ga12...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2014:0256 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0256.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 23c0149b052e2987f151c375ec85f37d888746e643cc1a69106a8435ed283b13 libvirt-0.10.2-29.el6_5.5.i686.rpm 9a9905c98972ae651779f17716858d012fc9c405771df437484168da0940781c libvirt-client-0.10.2-29.el6_5.5.i686.rpm 91f5285cab9716b410cd34bbec40f2c53af04c3666330cb2ab589d08d6e5b5dc libvirt-devel-0.10.2-29.el6_5.5.i686.rpm 350a0a5e5bc2b5a5d6e7c3f3d64b75c4a5b2b6719f8e702756bf985193475e38 libvirt-python-0.10.2-29.el6_5.5.i686.rpm x86_64: 9c5c6b152480ba836c54fef984762666af88e3a848d574b88c699800bbc8ed13 libvirt-0.10.2-29.el6_5.5.x86_64.rpm 9a9905c98972ae651779f17716858d012fc9c405771df437484168da0940781c libvirt-client-0.10.2-29.el6_5.5.i686.rpm d214a50fe7d8c937957b2a573f693f8a8df7328d61fec496facc2863f5c88b92 libvirt-client-0.10.2-29.el6_5.5.x86_64.rpm 91f5285cab9716b410cd34bbec40f2c53af04c3666330cb2ab589d08d6e5b5dc libvirt-devel-0.10.2-29.el6_5.5.i686.rpm 5758aec874832932cb4d17f9a599a67b54cb3cab4b8253c7f90285d72498f943 libvirt-devel-0.10.2-29.el6_5.5.x86_64.rpm 6ea1a8bf254b8424412fb38a0d9902753c36634944ae5f99aa06d6bbf8370bfd libvirt-lock-sanlock-0.10.2-29.el6_5.5.x86_64.rpm fe1e40ed66b81c50895e5cbdb56f1850e7517f46efbc520f17519d643e210119 libvirt-python-0.10.2-29.el6_5.5.x86_64.rpm Source: 0cb808eb84762decd4969c9be68db43bb0da1856cde0bb7d5e99c5f13e65d510 libvirt-0.10.2-29.el6_5.5.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 3 Date: Thu, 6 Mar 2014 11:12:47 + From: Johnny Hughes Subject: [CentOS-announce] CEBA-2014:0257 CentOS 6 opencryptoki Update To: centos-annou...@centos.org Message-ID: <20140306111247.ga12...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2014:0257 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0257.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: ad8d228cb302b6f835150764c086ce01c07f67b28970d7dae559bcbded9f7c27 opencryptoki-2.4.3.1-1.el6_5.1.i686.rpm 60d598475b52022f01b9eab03c2c147b0f00ac8f16a9ae7cee72f100b839d589 opencryptoki-devel-2.4.3.1-1.el6_5.1.i686.rpm aa098fa85fe3782074ae66093560e7098a8728214a63aa9799c471365df8017a opencryptoki-libs-2.4.3.1-1.el6_5.1.i686.rpm x86_64: 22e86a6edb9e4a7e64453f6e41c59a7c502149de7c9b1a345417a2aa9ee21cbd opencryptoki-2.4.3.1-1.el6_5.1.x86_64.rpm 60d598475b52022f01b9eab03c2c147b0f00ac8f16a9ae7cee72f100b839d589 opencryptoki-devel-2.4.3.1-1.el6_5.1.i686.rpm 1b4d6267d3a1a3518b2ae6c9c95b1fa91c4009f406bc50388f3978bff0a89dcf opencryptoki-devel-2.4.3.1-1.el6_5.1.x86_64.rpm aa098fa85fe3782074ae66093560e7098a8728214a63aa9799c471365df8017a opencryptoki-libs-2.4.3.1-1.el6_5.1.i686.
Re: [CentOS] weird apache issue
Hey guys, Well it took a little while for me to be able to reproduce this. It seems that this problem is intermittent and sporadic. But I tried running a sh -x /etc/init.d/httpd restart command once I reallized I had another incident of this and this is what I saw as the output: + . /etc/rc.d/init.d/functions ++ TEXTDOMAIN=initscripts ++ umask 022 ++ PATH=/sbin:/usr/sbin:/bin:/usr/bin ++ export PATH ++ '[' -z '' ']' ++ COLUMNS=80 ++ '[' -z '' ']' +++ /sbin/consoletype ++ CONSOLETYPE=pty ++ '[' -f /etc/sysconfig/i18n -a -z '' ']' ++ . /etc/profile.d/lang.sh +++ sourced=0 +++ '[' -z '' -a -n en_US.UTF-8 ']' +++ sourced=1 +++ '[' -n '' ']' +++ '[' 1 = 1 ']' +++ '[' -n en_US.UTF-8 ']' +++ export LANG +++ '[' -n '' ']' +++ unset LC_ADDRESS +++ '[' -n '' ']' +++ unset LC_CTYPE +++ '[' -n '' ']' +++ unset LC_COLLATE +++ '[' -n '' ']' +++ unset LC_IDENTIFICATION +++ '[' -n '' ']' +++ unset LC_MEASUREMENT +++ '[' -n '' ']' +++ unset LC_MESSAGES +++ '[' -n '' ']' +++ unset LC_MONETARY +++ '[' -n '' ']' +++ unset LC_NAME +++ '[' -n '' ']' +++ unset LC_NUMERIC +++ '[' -n '' ']' +++ unset LC_PAPER +++ '[' -n '' ']' +++ unset LC_TELEPHONE +++ '[' -n '' ']' +++ unset LC_TIME +++ '[' -n '' ']' +++ unset LC_ALL +++ '[' -n '' ']' +++ unset LANGUAGE +++ '[' -n '' ']' +++ unset LINGUAS +++ '[' -n '' ']' +++ unset _XKB_CHARSET +++ consoletype=pty +++ '[' -z pty ']' +++ '[' -n '' ']' +++ '[' -n '' ']' +++ '[' -n en_US.UTF-8 ']' +++ case $LANG in +++ '[' screen = linux ']' +++ unset SYSFONTACM SYSFONT +++ unset sourced +++ unset langfile ++ '[' -z '' ']' ++ '[' -f /etc/sysconfig/init ']' ++ . /etc/sysconfig/init +++ BOOTUP=color +++ GRAPHICAL=yes +++ RES_COL=60 +++ MOVE_TO_COL='echo -en \033[60G' +++ SETCOLOR_SUCCESS='echo -en \033[0;32m' +++ SETCOLOR_FAILURE='echo -en \033[0;31m' +++ SETCOLOR_WARNING='echo -en \033[0;33m' +++ SETCOLOR_NORMAL='echo -en \033[0;39m' +++ LOGLEVEL=3 +++ PROMPT=yes +++ AUTOSWAP=no ++ '[' pty = serial ']' ++ '[' color '!=' verbose ']' ++ INITLOG_ARGS=-q ++ __sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d' + '[' -f /etc/sysconfig/httpd ']' + . /etc/sysconfig/httpd + HTTPD_LANG=C + INITLOG_ARGS= + apachectl=/usr/sbin/apachectl + httpd=/usr/sbin/httpd + prog=httpd + pidfile=/var/run/httpd/httpd.pid + lockfile=/var/lock/subsys/httpd + RETVAL=0 + case "$1" in + stop + echo -n 'Stopping httpd: ' Stopping httpd: + killproc -p /var/run/httpd/httpd.pid -d 10 /usr/sbin/httpd + local RC killlevel= base pid pid_file= delay + RC=0 + delay=3 + '[' 5 -eq 0 ']' + '[' -p = -p ']' + pid_file=/var/run/httpd/httpd.pid + shift 2 + '[' -d = -d ']' + delay=10 + shift 2 + '[' -n '' ']' + base=httpd + __pids_var_run /usr/sbin/httpd /var/run/httpd/httpd.pid + local base=httpd + local pid_file=/var/run/httpd/httpd.pid + pid= + '[' -f /var/run/httpd/httpd.pid ']' + return 3 + '[' -z /var/run/httpd/httpd.pid -a -z '' ']' + '[' -n '' ']' + '[' -n '' -a -n '' ']' + failure 'httpd shutdown' + local rc=1 + '[' color '!=' verbose -a -z '' ']' + echo_failure + '[' color = color ']' + echo -en '\033[60G' [60G+ echo -n '[' [+ '[' color = color ']' + echo -en '\033[0;31m' [0;31m+ echo -n FAILED FAILED+ '[' color = color ']' + echo -en '\033[0;39m' [0;39m+ echo -n ']' ]+ echo -ne '\r' + return 1 + '[' -x /usr/bin/rhgb-client ']' + return 1 + RC=0 + '[' -z '' ']' + rm -f /var/run/httpd/httpd.pid + return 0 + RETVAL=0 + echo + '[' 0 = 0 ']' + rm -f /var/lock/subsys/httpd /var/run/httpd/httpd.pid + start + echo -n 'Starting httpd: ' Starting httpd: + LANG=C + daemon --pidfile=/var/run/httpd/httpd.pid /usr/sbin/httpd + local gotbase= force= nicelevel corelimit + local pid base= user= nice= bg= pid_file= + nicelevel=0 + '[' --pidfile=/var/run/httpd/httpd.pid '!=' -pidfile=/var/run/httpd/httpd.pid ']' + case $1 in + pid_file=/var/run/httpd/httpd.pid + shift + '[' /usr/sbin/httpd '!=' /usr/sbin/httpd ']' + '[' -z '' ']' + base=httpd + __pids_var_run httpd /var/run/httpd/httpd.pid + local base=httpd + local pid_file=/var/run/httpd/httpd.pid + pid= + '[' -f /var/run/httpd/httpd.pid ']' + return 3 + '[' -n '' -a -z '' ']' + corelimit='ulimit -S -c 0' + '[' -n '' ']' + '[' color = verbose -a -z '' ']' + '[' -z '' ']' + /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/httpd' (98)Address already in use: make_sock: could not bind to address [::]:80 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs + '[' 1 -eq 0 ']' + failure 'httpd startup' + local rc=1 + '[' color '!=' verbose -a -z '' ']' + echo_failure + '[' color = color ']' + echo -en '\033[60G' [60G+ echo -n '[' [+ '[' color = color ']' + echo -en '\033[0;31m' [0;31m+ echo -n FAILED FAILED+ '[' color = color ']' + echo -en '\033[0;39m' [0;39m+ echo -n ']' ]+ echo -ne '\r' + return 1 + '[' -x /usr/bin/rhgb-client ']' + return 1 + RETVAL=1 + echo + '[' 1 = 0 ']' + return 1 + exit 1 Not really sure how to interpret that, unfortunately. However loo
Re: [CentOS] cachefs
Am 01.03.2014 um 13:48 schrieb Rita : > has anyone been using cachefs with 6.x series? i have tried using it but i > keep getting hung processes after 2 weeks. > > ATM, running 6.3 but was curious if its more stable on Centos 6.5? we use it with nfs (latest EL6 OS version). In the last year we had two system freezes caused by cachefs. Its still a tech preview. the nfs client performance is significant better with cachefs enabled. -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cachefs
On 02.03.2014 15:58, Rita wrote: > thanks steve. seems like we are in the same boat. > > I was wondering if there was an alternative to cachefs like > http://ccache.samba.org/ I don't see how a compiler cache could help you with your problem. That's a totally different thing. HTH Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 + Quagga + SELinux
From: SilverTip257 > On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh wrote: >> man zebra_selinux > ~]# man zebra_selinux > No manual entry for zebra_selinux This man page seems to be in selinux-policy-doc package for CentOS 6... # yum whatprovides \*zebra_selinux\* ... selinux-policy-doc-3.7.19-231.el6.noarch : SELinux policy documentation Repo : base Matched from: Filename : /usr/share/man/man8/zebra_selinux.8.gz JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos