Re: [CentOS] recommend benchmarking SW
On 03/11/2009, at 11:52 PM, Alan McKay wrote: Hey folks, We've got some new hardware and are trying to figure out what best to do with it. Either run CentOS right on the bare metal, or virtualize, or several combination options. Mainly looking at : - CentOS on bare metal - CentOS on ESXi 4.0 with local disk - CentOS on ESXi with 1 VM running Openfiler to serve disk to other VMs And want to benchmark these 3 scenarios So far all we have is a dd-based disk IO benchmark. What else can you all recommend. If IO testing is your primary concern then bonnie++ would be very useful to get good reports on your different configurations. It can generate nice HTML formatted reports for you as well. Regards, Oliver BTW, we also ideally want to try each of the above with a Postgres DB as well (and once without) thanks, -Alan -- “Don't eat anything you've ever seen advertised on TV” - Michael Pollan, author of In Defense of Food ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Automatical resync of MD, why?
When you cat /proc/mdstat does it actually say syncing or does it say checking? I believe a newer version of mdadm creates a weekly cron job to check the arrays. I first mistakenly assumed it was resyncing and started worrying since it was doing all 8 of my RAID1 arrays at once, but after looking twice I saw it was actually just checking the arrays thanks to a new cronjob. Regards, Oliver On 02/11/2009, at 6:40 AM, Jancio Wodnik wrote: Hi. My question is the same, why so many times my RAID 1 is resynced, when i upgrade to CentOS 5.4 ? Any idea ? With may RAID1 is no all OK ? It is to worry about it ? Jancio Wodnik ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running SSH on a different port
On 24/10/2009, at 11:26 PM, ML wrote: HI All, With my new firewall in place, it has opened my eyes to how much traffic gets blocked in a single day and also what are the most active rules. I get *a lot* of requests for port 22. Look in /etc/ssh/sshd_config You can specify the port there, it's the first option which is commented out. How does one switch ssh ports? What is a good port to use? What ramifications does it have when I need to ssh in? Is it as simple as ssh u...@hots:port? To specify another port you need to use ssh -p X -l whateveruse IP I don't think there are any ramifications/disadvantages of running the SSH daemon on a non standard port. Best, -ML ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running SSH on a different port
On 24/10/2009, at 11:40 PM, Miguel Medalha wrote: How does one switch ssh ports? What is a good port to use? What ramifications does it have when I need to ssh in? Is it as simple as ssh u...@hots:port? In /etc/ssh/sshd_config replace port 22 with port whatever high port ( 1024) you like Then configure your ssh clients accordingly. I was having my logs filled with *literally* hundreds of connection attempts to port 22 every single day. Since I moved ssh to another port that stopped. I don't know if it is viable in your case but using /etc/hosts.allow and deny helps if you know what IPs are going to need SSH access. Also, disable password authentication and use public/private key pairs as certification. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running SSH on a different port
On 25/10/2009, at 12:10 AM, ML wrote: How does one switch ssh ports? What is a good port to use? What ramifications does it have when I need to ssh in? Is it as simple as ssh u...@hots:port? In /etc/ssh/sshd_config replace port 22 with port whatever high port ( 1024) you like Then configure your ssh clients accordingly. So I added Port 2977 Under Host * So I have: Host * Port 2977 I rebooted and I get a connection refused now when I try to connect. I am doing: ssh -p 2977 u...@ip Try ssh -p 2977 -l user IP Not u...@ip I must have missed something. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Inquiry:What is the equivalent of nmap command on CentOS 5.2 ?
On 15/10/2009, at 6:07 PM, hadi motamedi wrote: Dear All Please be informed that I have installed CentOS 5.2 on my client but it does not have nmap command . Can you please do me favor and let me know what is the equivalent of nmap command on CentOS 5.2 ? Thank you in advance There isn't an equivalent command. If you want to use nmap then install it with yum. yum install nmap I believe it is in the base repository. Cheers, Oliver ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple way to banish IP addresses ?
The best way to do it is with iptables. If you want something more easily configurable then some front end for it would be most useful. Webmin most likely provides a graphical interface to do it. Adding rules to drop traffic from IPs or whole subnets is not that difficult if you have a basic understand of IPv4 networking. There are some well documented examples on this page (including one to do what you're after): http://www.dd-wrt.com/wiki/index.php/Iptables_command#Examples Regards, Oliver On 12/10/2009, at 9:52 AM, mark wrote: Toby Bluhm wrote: Toby Bluhm wrote: Niki Kovacs wrote: I just set up a web server... and my bandwidth is being eaten by some chinese folks trying to brute-force-ssh their way into the machine. Is there a simple way to banish either single IP addresses or, maybe even better, whole IP classes ? I know it's feasible with iptables, but is there something more easily configurable ? snip Let me note that at work, the security group has a script set up that does it automagically, after so many attempts. And every morning or two in the logs, I see attacks from China, or Mexico, or Spain, or Taiwan... but then, we are a well-known site. mark, supporting the NIH -- The Pluto Files, Neil Degrasse Tyson. Pluto shall rise again! - whitroth ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] web based file sharing software
My clients are using Windows, so I presume they are using IE or Firefox. I am using a Mac and it works in Firefox and Safari. I cannot see why it would not work with Firefox on any platform. It takes 5 minutes to install so it's worth a shot! On 10/10/2009, at 12:15 AM, Alan McKay wrote: On Fri, Oct 9, 2009 at 12:56 AM, Oliver Ransom oli...@ransom.com.au wrote: I've deployed this for one client and had pretty good feedback: http://extplorer.sourceforge.net/ And that works OK for Windows and Linux clients? -- “Don't eat anything you've ever seen advertised on TV” - Michael Pollan, author of In Defense of Food ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] web based file sharing software
I've deployed this for one client and had pretty good feedback: http://extplorer.sourceforge.net/ I have not tried any others. Good luck. On 09/10/2009, at 7:26 AM, Ramon Nieto wrote: Hello all Does anybody knows about web based file sharing software? of course that runs on centos. i have found 3 proyects on sourceforge, but i would like to hear from you what do you use or what do you recommend?. Thank you in advance. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Software Raids Questions (I have only ever used hardware?)
On 28/09/2009, at 5:33 AM, James Bensley wrote: Hey List; I have no experience with software RAIDs; at work we only use hardware RAIDs and I'm looking to implement, probably a RAID 5 set up at home for a media server however I have a few questions; I have three 1TB drives in various places; one is inside a USB caddy, one is inside my PC and in is inside my existing media centre. Is it possible to add these three drives to another one to give me 4TBs of space in a RAID setup without having to wipe the drives as in my experience which is only with hardware RAIDs, I have normally formatted all the disks before creating the RAID? The thing is, if that is the case I will need to transfer 3TB of stuff somewhere (I have an idea where, if this were the case), make the RAID then transfer it all back but I really don't want to do that as I'm sure you can imagine. Also, if the above where possible; in the future could I then keep adding more drives and expanding the RAID? Note: Obviously I know for this to be a RAID 5 I would need extra drives but the RAID level is undecided, but provisionally I think it will be RAID 5. On a side note, I cobbled together my new media centre running Ubuntu but I might move it back to CentOS, it was originally CentOS and that is my favoured distro, but I would rather not now it is running Ubuntu happily I'm just wondering, is this all achievable in Ubuntu? Granted people on the CentOS mailing list might not know that, but if anyone knows that it is all achievable in CentOS then I would move back? Thanks for reading. Regards, James ;) Hi James, I'm going to try and answer all your questions concisely because the main thread seems to have turned into an debate more than anything else. Someone has already stated that the total capacity of a RAID5 array is that of all disks minus 1. So with your four 1TB drives you can have 3TB of space. Moving all the data elsewhere is probably the easiest option to take and also the fastest. You could in theory create a degraded RAID5 array with two drives then migrate data across while growing the array at the same time then growing the array each time all data from a drive has been moved. This would take very long, require a lot of work, and I would therefore recommend against it. Down the track you can add more drives to a RAID5 array and grow the array. This process also takes a long time. You do not need to be using LVM on top of mdadm to complete this. Once an array has finished growing you can use resize2fs to increase the size of an ext3 file system. It can even be done with the filesystem mounted, though personally I think it's best to do a forced fsck.ext3 on the file system then run the resize2fs on it while it is offline. The process to grow a RAID5 array is to add a new drive to the array (which adds it as a hot spare) then run a --grow including the --raid- devices=5 argument (which is what you'd use if you were to expand your 4 drive RAID5 system to a 5 drive array down the track). If you were using LVM on top you'd need to use pvresize and then lvresize to increase the size of your logical volumes, and then resize the file system. One thing I would strong suggest is that you get a UPS for your server. In my experience RAID5 is much more prone to problems if you experience power loss, compared to RAID1 or even a single disk system. I hope that helps. Regards, Oliver -- Ted Turner - Sports is like a war without the killing. - http://www.brainyquote.com/quotes/authors/t/ted_turner.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rescan usb hd
On 22/09/2009, at 9:35 AM, Bazooka Joe wrote: I have a usb hd that I use for backup. Occasionally it dies. scsi 6:0:0:0: rejecting I/O to dead device scsi 6:0:0:0: rejecting I/O to dead device scsi 6:0:0:0: rejecting I/O to dead device scsi 6:0:0:0: rejecting I/O to dead device Buffer I/O error on device sdc1, logical block 0 lost page write due to I/O error on sdc1 EXT2-fs error (device sdc1): read_inode_bitmap: Cannot read inode bitmap - block_group = 129, inode_bitmap = 4227073 scsi 6:0:0:0: rejecting I/O to dead device scsi 6:0:0:0: rejecting I/O to dead device scsi 6:0:0:0: rejecting I/O to dead device Buffer I/O error on device sdc1, logical block 0 lost page write due to I/O error on sdc1 EXT2-fs error (device sdc1): ext2_readdir: bad page in #2 scsi 6:0:0:0: rejecting I/O to dead device scsi 6:0:0:0: rejecting I/O to dead device Buffer I/O error on device sdc1, logical block 0 lost page write due to I/O error on sdc1 EXT2-fs error (device sdc1): ext2_get_inode: unable to read inode block - inode=2, block=1027 scsi 6:0:0:0: rejecting I/O to dead device scsi 6:0:0:0: rejecting I/O to dead device Buffer I/O error on device sdc1, logical block 0 lost page write due to I/O error on sdc1 EXT2-fs error (device sdc1): ext2_readdir: bad page in #2 If i unmount it and try to remount it it says sdc1 does not exist. I am not at the location so physically unplugging then replugging in the drive isn't a convenient option. How can I get the os to rescan the usb device so I can remount? The sg_reset command might work: http://linux.die.net/man/8/sg_reset Oliver thx bazooka ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] How does LVM decide which Physical Volume to write to?
Hi everyone. This isn't specifically a CentOS question, since it could apply for any distro but I hope someone can answer it anyway. I took the following steps but was puzzled by the outcome of the test at the end: 1. Create a RAID1 array called md3 with two 750GB drives 2. Create a RAID1 array called md9 with two 500GB drives 3. Initialise md3 then md9 as physical volumes (pvcreate) 4. Create a new volume group called 3ware with md3 (helps me remember what controller the disks are on) 5. Use vgextend and add md9 to the 3ware volume group. 6. Add a logical volume filling the volume group then create a ext3 filesystem on the entire volume. Now I started moving a lot of data onto the volume and iostat said all the data was being written to md9. Why that array? How does it decide which physical volume to write to? I could not find any documentation or information online about how exactly this works. Thanks! Oliver ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How does LVM decide which Physical Volume to write to?
On 19/09/2009, at 6:28 PM, Fabian Arrotin wrote: Oliver Ransom wrote: Hi everyone. This isn't specifically a CentOS question, since it could apply for any distro but I hope someone can answer it anyway. I took the following steps but was puzzled by the outcome of the test at the end: 1. Create a RAID1 array called md3 with two 750GB drives 2. Create a RAID1 array called md9 with two 500GB drives 3. Initialise md3 then md9 as physical volumes (pvcreate) 4. Create a new volume group called 3ware with md3 (helps me remember what controller the disks are on) 5. Use vgextend and add md9 to the 3ware volume group. 6. Add a logical volume filling the volume group then create a ext3 filesystem on the entire volume. Now I started moving a lot of data onto the volume and iostat said all the data was being written to md9. Why that array? How does it decide which physical volume to write to? I could not find any documentation or information online about how exactly this works. What ? no documentation covering LVM admin on/for CentOS ? hmm, is http://www.centos.org/docs/5/html/5.2/Cluster_Logical_Volume_Manager/ not reachable from your side ? How have you configured you LV ? linear or stripped ? Hi, I did not say I could not find any documentation covering LVM admin for CentOS. I said I could not find any documentation explaining exactly how, in the context of my message, the decision was made. I used the default configuration examples from the LVM HOWTO which results in a linear arrangement. My question would not have come up if I had set things up in a striped arrangement. The link below says The physical storage is concatenated. http://www.centos.org/docs/5/html/5.2/Cluster_Logical_Volume_Manager/linear_volumes.html That doesn't really answer the question from my example though, if it was concatenated and I added md3 before md9, shouldn't it have been writing to md3 first? That's what I would have expected. Oliver -- -- Fabian Arrotin idea=`grep -i clue /dev/brain` test -z $idea echo sorry, init 6 in progress || sh ./answer.sh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] updated postfix and dovecot rpms?
On 07/09/2009, at 6:38 PM, Ralph Angenendt wrote: On Mon, 2009-09-07 at 01:19 -0400, Dave wrote: Hello, Does anyone have updated postfix and dovecot rpms either in a repo or personally made? I'd like to update to dovecot 1.2.4 and postfix 2.6.5. dovecot 1.2.4 is available from the atrpms repository (probably in testing or bleeding), regarding postfix I have no idea if even Simon does not have 2.6 packages on http://postfix.wl0.org/ - but he has instructions which might help you build it yourself. I'm curious as to why you need those versions. I was forced to upgrade Dovecot on my Centos 4 server. With about 400 users checking email via POP3 I was having weekly issues where Dovecot would leave a blank line at the top of peoples mail spool (in mbox format I think?), which would generate errors in their email client. Upgrading to the later atrpms.net version resolved that problem but left me with a dovecot service that crashed every few months. A script to restart dovecot when it crashed was preferable to manual intervention require more often to remove blank lines from users mail file though so I've left it as is. I suspect the initial problem may actually have been the email clients fault (disconnecting too early after deleting messages perhaps?), but at the end of the day I'm the one blamed for it and was able to accommodate it so I did something about it! Cheers, Oliver Cheers, Ralph ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for RAID 1+0 setup instructions?
On 31/08/2009, at 1:11 PM, Christopher Chan wrote: Miguel Medalha wrote: Can someone please assist met with some software RAID 1+0 setup instructions? I have searched the web, but couldn't find any. I found a lot of RAID 10 setup instructions, but it doesn't help me. As Oliver Ransom replied to you, RAID 1+0 (not to be confused with RAID 0+1) is RAID 10. mdadm has direct support for RAID 10. I am using it on CentOS 5.3 and it works really well. RAID 1+0 is NOT RAID 10. raid 1+0 is achieved using the combination of raid1 and raid0 personalities. Raid10 is a different animal and has its own personality. (personality as reported by 'cat /proc/mdstat' aka md modules) raid10 was only introduced in 2.6.9 and Oliver's link clearly shows that it is 'Non-standard' or not raid1+0. RAID 10 and 1+0 are referred to interchangeably in the Nested_RAID_levels article, RAID 1+0, sometimes called RAID 10, or RAID 10. I'm a bit confused now! You might be interested in this article: Why is RAID 1+0 better than RAID 0+1? http://aput.net/~jheiss/raid10/ The whole raid1+0 or raid0+1 argument was really only relevant in the days of pata when one disk dying on one channel might take out the other disk on the same channel or the controller. Now that we are using SATA, it is MOOT. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fasttest mirror -doesnt seem to pick sites near my region
On 24/08/2009, at 7:06 PM, Linux Advocate wrote: my repos are configured to use mirrorlist. how do i add mirrors manually? If you take a look in /etc/yum.repos.d/ you will see a number of files. There should be example baseurl lines in the repo files which will be commented out by default. Here's an example of how I use this to manually use my local ISPs mirror for the base repo: [base] name=CentOS-$releasever - Base #mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=os baseurl=ftp://mirror.internode.on.net/pub/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=ftp://mirror.internode.on.net/pub/centos/RPM-GPG-KEY-CentOS-5 Regards, Oliver oliver what kind of speeds do u get? what line do u have? i have a 1.0 mbps adsl I get 10Mbits from my own ISP's mirror, and I'd probably get the same from any other official Australian mirror sites. I have ADSL2+. If I tried any mirror sites outside of Australia it would probably be noticeably slower. If you're in SE Asia I'd imagine any mirror site in Singapore or Korea or Japan should be quite fast. Those countries seem to be the main hubs for traffic in that region. Regards, Oliver ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fasttest mirror -doesnt seem to pick sites near my region
On 22/08/2009, at 10:37 PM, Linux Advocate wrote: i have tried yum clean all , yum clean metadata - Original Message From: Linux Advocate linuxhous...@yahoo.com To: CentOS mailing list centos@centos.org Sent: Saturday, August 22, 2009 8:56:37 PM Subject: [CentOS] fasttest mirror -doesnt seem to pick sites near my region guys, i have the yum plugin - fastest mirror . But not even once i have seen it selecting repos which are near my region such as japan or australia ( where i get the best speeds). Something is wrong. It seems stuck with these 3 sites ; Determining fastest mirrors * ftp-stud.fht-esslingen.de : 0.309373 secs * apt.sw.be : 0.483867 secs * fr2.rpmfind.net : 0.503842 secs Hi Linux Advocate, I have found this a problem for the Australian servers I manage as well. I suggest you manually test the speed of some local mirrors then manually specify a mirror rather than relying on the fastest mirror plugin. If your ISP mirrors content locally then that'd be the logical mirror to use. Good luck, Oliver ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks
On 21/08/2009, at 5:44 AM, Eugene Vilensky wrote: Hello, What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this with keeping the user from making a helpdesk call. What are some policies/techniques that have worked for this list with minimal hassle? As an additional question to the above, would forcing users to log in with SSH keys rather than passwords avoid requiring any anti brute force attack measures to be put in place? Thanks, Oliver Thanks! -Eugene ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
