RE: [CentOS] Migration from VMWare to HP Blade
Hi all, A few months ago, I migrated some of our internal servers to HP blades, as the VMWare box they were previously running on was getting too slow. However, it wasn't without it's problems, and eventually the only way I could get them to work was: Install the same version of CentOS on the blade (believed to be 5.0, but /etc/redhat-release says 5.2) Took down both servers, booting them off the SystemRescueCD, mounting all the partition on /mnt/transfer etc Ran rsync to copy all the data from one to the other - except /boot and /lib/modules Brought the blade up, and saw that it booted fine. However, a new kernel has been released and we tried rebooting... And it panicked. It seems to be LVM related, in that it can't mount /dev/root - and I've tried manually running mkinitrd to regenerate the initrd to no avail. I was just wondering if anyone had encountered similar problems, and knew of any solutions? Having just done the opposite (test migrating a CentOS server from physical hardware to VMWare), I have a very good idea :-) It was CentOS 4, but the basic bits should be the same You need to edit /etc/modprobe.conf, and change the line (or lines) that start with: alias scsi_hostadapter If the server was vmware, the existing lines are probably alias scsi_hostadapter mptbase alias scsi_hostadapter1 mptscsih I'm not sure what you'll have to change mptbase and mptscsih to be; on HP servers, cciss is the correct driver. Others will vary (you could try a quick basic manual install on the target hardware and see what gets put in that file by the OS installer). After you've changed modprobe.conf, re-run mkinitrd and reboot. Should be good to go. You'll also have to watch out for HWADDR in /etc/sysconfig/network-scripts/ifcfg-eth*, either changing it to match your new hardware, or removing it entirely. Kudzu will probably take care of sorting out the network card driver entries in modprobe; follow your nose and take a guess, you'll probably get it right. Either way, mkinitrd is only necessary (in this case) to get access to your root device Hope that helps, Craig Miskell === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] formatting large volume
Just pvcreate the whole disk and forgo partitioning it. Then create a vg out of it and start creating lvs. Hey Ross, I thought it was best practice to create an LVM partition such that the disk could be recognizable under all circumstances such as if the volume was moved? Is that not really best practice anymore? I'm not Ross, but I'll chime in: I heartily recommend creating an LVM partition rather than using the entire disk. It will cover you for those times when you are booting off the Rescue or Install CD. When anaconda(?) sees an LVM formatted disk, it thinks it's garbage because there's no valid partition table. It then asks you if you want to format the disk (or words to that effect; I forget the precise details), with the default set to YES (WTH? Default option is the most dangerous? That's nutty). From experience I can tell you that selecting Yes is really really bad for your LVM meta data. Let's just say it took a while to restore the 1TB of data the time I miss-clicked YES from a finger twitch at the wrong moment while moving the mouse. Sigh Craig Miskell === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] dm-multipath use
Are folks in the Centos community succesfully using device-mapper-multipath? I am looking to deploy it for error handling on our iSCSI setup but there seems to be little traffic about this package on the Centos forums, as far as I can tell, and there seems to be a number of small issues based on my reading the dm-multipath developer lists and related resources. -geoff I'm using it on RHEL 5 (close enough for the purposes of your query), connecting to an HP EVA 6000 SAN. The RHEL documentation (http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/DM_Multipath/index.html) certainly covers the basics adequately, and was enough to get me going. I'm using LVM over the top of that, so I found it worthwhile to tweak /etc/lvm/lvm.conf to filter out all the various aliases for the disks that show up in /dev. My filter line is currently: filter = [ r/sd.*/, r:disk/by.*:, a/.*/ ] which works well for me, but YMMV, particularly with the filtering out of sd.* (That works here because our main OS disks are on /dev/cciss) You've also got to be a little careful when unpresenting disks (SAN terminology, may not apply to ISCSI). From our internal documentation (some notes I wrote at the time, and with subsequent experience): * Removing is trickier; you need to ensure no-one is trying to still use the disk. Particularly watch out for lvm. If the disk is part of a volume group, you have to run #vgchange -an VGNAME first, otherwise LVM still thinks the disk is there, and things like lvmdiskscan/pvdisplay etc start hanging when the disk has gone away. Once the disk is unused, unpresent the disk from the SAN, rescan to remove no-longer existing disks, then restart multipathd (/etc/init.d/multipathd restart). Running #multipath -F may also be sufficient, but I've found restarting multipathd entirely a smidgen more reliable (but I may have been doing things wrong before that). If things get really stuck, then you might have some luck with dmsetup. If multipath -ll shows failed disks (that have been unpresented properly), use dmsetup to remove the failed disk with the command: #dmsetup remove device where device is mpathnum. Find the stuck one from the output of multipath -ll; be sure you've got the right mpath device. Optionally, if you've got stuck lvmdiskscan or pvdisplay type processes (trying to access the missing disk), then the remove will fail, claiming the device is in use (which, in some senses, it is). In this case, double check you've got the right mpath device (otherwise you'll fsck your system), and run: #dmsetup remove --force device This will claim failure (device-mapper: remove ioctl failed: Device or resource busy), but if you now run #dmsetup info device then you'll see the Open count has gone to zero. You can now run the plain remove one more time: #dmsetup remove device and it will be removed. Your hung processes will finally die the death they deserve, and the unpresented disk will be unknown to the system any longer. * It has worked well in real life, except for one day when one of our EVA SAN Controllers died; one host survived, another had multipathd itself die with a double free error (which I bugzilla'd upstream). Disks went away, but came back on restarting multipathd. Odd, but survivable, and not indicative of a general problem (probably something I did early on in the setup that hung around). And one other word of advice: Play with it a lot in a test system first. It should go without saying, but this is really one of those times. There are many things you can learn safely on a production device; this isn't one of them. Get really comfortable with adding/removing/munging before you go live. And you will break it at least once during your preparation, if not more ;-). Craig Miskell === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Odd behaviour with modules; looking for some theories
Hi all, Recently, after doing some maintenance on one of my servers (Centos 5), I rebooted. On reboot, it didn't find the SAN disks at all, and after some poking around in maintenance mode, I discovered that it couldn't find the Qlogic module. It turns out that /lib/modules/kernel-version/modules.alias, modules.dep and such were all empty or just had their header comment lines. moddep -a fixed things up quickly enough once I figured out what was going on. However, I'm kinda stumped as to how these files got nuked in the first place. It wasn't files being deleted completely, it's like they were regenerated incorrectly. Checking backups showed these files were last changed (to their short form) on Feb 11; yum.log doesn't show any sign of updates on that date, so presumably it wasn't something like a kernel installation running amok. Does anyone have any theories as to what happened? Random logical guesses is fine ;-) Thanks, Craig Miskell, Technical Support, AgResearch Invermay 03 489-9279 Usenet is like a herd of performing elephants with diarrhea -- massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind- boggling amounts of excrement when you least expect it. -- Gene spaf Spafford (1992) === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] vlan support
Hi all ls centos supporting vlan setup? If by that you mean 802.1q trunking, then yes. ls it reliable? Seems to be in my experience, but that's only limited so far. how can I do it? Create multiple ifcfg files in /etc/sysconfig/network-scripts, e.g. for multiple VLANs on eth0: ifcfg-eth0 ifcfg-eth0.2 ifcfg-eth0.100 The number after the decimal is the VLAN id (default (1), 2 and 100 respectively above). In each file, add VLAN=yes. And don't forget to turn on trunking on the switch to which you're attached. The network startup scripts will then do the right thing. Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] vlan support
Miskell, Craig wrote: ls centos supporting vlan setup? If by that you mean 802.1q trunking, then yes. ls it reliable? Seems to be in my experience, but that's only limited so far. how can I do it? Create multiple ifcfg files in /etc/sysconfig/network-scripts, e.g. for multiple VLANs on eth0: ifcfg-eth0 ifcfg-eth0.2 ifcfg-eth0.100 The number after the decimal is the VLAN id (default (1), 2 and 100 respectively above). In each file, add VLAN=yes. And don't forget to turn on trunking on the switch to which you're attached. The network startup scripts will then do the right thing. Are the details documented somewhere? Yep: /usr/share/doc/initscripts-yourversion/sysconfig.txt Is vlan 1 always native (untagged) or can you specify that? I remember having some problem with Intel NICs on windows not liking native packets at all if any were tagged but I don't know if that was a hardware or software issue. I'm not sure about the vlan 1/untagged nature; it just worked here, and might have something to do with the configuration of the switch you're connecting to. Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] vlan support
few questions also 1/ what is different between vconfig and your configure to set it up the vlan? Using the scripts in /etc/sysconfig/network-scripts will use vconfig for you. 2/ what is the different vlan and vlan trunking? I'm not sure I understand the question, but I'll try and explain something. VLAN trunking is when you have multiple VLANs traversing a physical link, such as between two switches, or in your case (I think), between a switch and a server which you want to have multiple interfaces on (in various VLANs). Each ethernet frame is tagged with the VLAN id, which the receiving end uses to decide what VLAN the frame should be forwarded too. Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] IPTables GUIs
Miskell, Craig wrote: Hi, This is semi-OT, but is Centos-related. I'm looking for an IPTables GUI to help us with our expanding network configuration. I know there's plenty out there, but most of them seem to manage the firewall on the computer on which they run, or only handle one firewall at a time. I need one that can easily manage multiple firewalls from some sort of central location/repository, i.e. sharing definitions of services, hosts etc. fwbuilder is the obvious choice for you. I went through a number of options myself before settling on shorewall. My requirements are different than yours. But it was fwbuilder's obvious fit to what you are asking for that was the reason I rejected it! Thanks for the confirmation; knowing I'm not missing some other obvious option is good. And thank you for being only the second person who's replied who has actually read the bit of my post where I state the local requirements, instead of telling me about YALFG (Yet Another Local Firewall GUI) ;-) sigh Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] IPTables GUIs
Hi, This is semi-OT, but is Centos-related. I'm looking for an IPTables GUI to help us with our expanding network configuration. I know there's plenty out there, but most of them seem to manage the firewall on the computer on which they run, or only handle one firewall at a time. I need one that can easily manage multiple firewalls from some sort of central location/repository, i.e. sharing definitions of services, hosts etc. I've googled and hunted, and FWBuilder seems reasonably good from what I've seen so far. Are there any other packages out there? Are there any recommendations (to look at or to avoid)? Thanks, Craig Miskell, Technical Support, AgResearch Invermay 03 489-9279 There are no problems that cannot be solved by the judicious use of high explosives -- British Commando quote, circa WWII. === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] IPTables GUIs
I think there's one for shorewall and firestarter. Thanks, but firestarter has to run on the actual firewall (thus not meeting the multiple firewall/central repository requirement), and the only GUI I've been able to locate for shorewall is a webmin plugin, which implicitly is the same as the above (quite aside from the dubious security scenario of running webmin on a firewall). Craig -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Miskell, Craig Sent: Sunday, February 03, 2008 8:43 PM To: CentOS mailing list Subject: [CentOS] IPTables GUIs Hi, This is semi-OT, but is Centos-related. I'm looking for an IPTables GUI to help us with our expanding network configuration. I know there's plenty out there, but most of them seem to manage the firewall on the computer on which they run, or only handle one firewall at a time. I need one that can easily manage multiple firewalls from some sort of central location/repository, i.e. sharing definitions of services, hosts etc. I've googled and hunted, and FWBuilder seems reasonably good from what I've seen so far. Are there any other packages out there? Are there any recommendations (to look at or to avoid)? Thanks, Craig Miskell, Technical Support, AgResearch Invermay 03 489-9279 There are no problems that cannot be solved by the judicious use of high explosives -- British Commando quote, circa WWII. == = Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. == = ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] File retrieval from outside hangs, internally is okay, only Centos5 affected
I have a really weird problem with some of my servers, namely all the ones running Centos5 When I try to download a file from the server to a machine outside our Cisco 6500 router/firewall, the download hangs about half the times (15 out of 40) when less than half a megabyte into the transfer (varied from 76 kb to 496 kb). One server has a portchannel (Cisco speak for ethernet bundle), others do not, some use e1000, some use broadcom, I've tried httpd and scp transfers, I've tried from three different clients, Here's the really annoying part: the problem only occurs when downloading from outside the firewall, not when transferring files internally in the serverroom! And the switch is the firewall is a modular chassis, so the data comes over the same backplane regardless. And there's 42 files in /proc/net/sys/ipv4 which differ between EL4 and Centos5, so I'm a little lost here Anybody got some ideas? Just to state the obvious (well, obvious to me), which you don't seem to have mentioned above: The filtering part of the 6500 is dropping the traffic, and is dropping it because of something that Centos 5 is doing differently from EL4. I think there was a post to this list just last week about something similar; I don't have time to search the archive, but it is something to do with a TCP option/extension which is on in Centos 5, but can be turned off via a setting in /proc somewhere; the extension should be acceptable to all firewalls/routers (uses a previously unused few bits in the TCP header), but some decide it's not valid and drop packets/connections. Craig Miskell === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Security checklist for new Centos server?
Feel free to rearrange, cut, add, give links, whatever: personally, I'm interested in securing the whole box, meaning how to glue things together in the safest possible way, without forgetting anything, while things like how to make Postfix not an open relay, for example, are already covered in detail in the Postfix docs. I have found that the checklist/scripts/documents at http://www.cisecurity.org/ are a pretty good starting point. Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Loss of Prompt Cursor
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Thompson Sent: Tuesday, 10 July 2007 5:06 a.m. To: CentOS mailing list Subject: [CentOS] Loss of Prompt Cursor When I log into a virtual console as ordinary user, I initially have a prompt cursor. After I print 24 lines or more, the last visible (24th) line will be data instead of the prompt cursor. The up arrow no longer gives the previous commands. A clear command will restore the prompt cursor. This bug first appeared after I installed CentOS5. I do not believe it is a CentOS5 bug however because when I boot Ubuntu from a LivePC CDROM, the same thing happens. Any comments/suggestions would be appreciated. Thanks in advance - Bob T. Use the size/position controls of your monitor to shrink and reposition the displayed image (or your monitor may have an auto-adjust feature which can be invoked). My guess is that the 25th line is being displayed, with prompt and cursor etc, but is off the bottom of visible screen area. Craig Miskell === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] good resources for making RPMs
Could anyone recommend some good resources I might go to for making an RPM? http://www.rpm.org is good, particularly http://www.rpm.org/max-rpm/ section II RPM and Developers. Also try looking at some existing spec files to get a handle on the variety of things you can/should be doing. HTH, Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos