[CentOS] Best practices for docker setup on Centos 7?
Hi All. I am currently running docker 1.13 on Centos 7 boxes with devicemapper storage plugin. I would like to know what are your experiences in regard to: - storage plugins - kernel versions - stability I consider upgrade to docker 17.03.1 and would like to choose most stable combination of kernel/storage plugin. Thanks for all info! BR, Rafal. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS-virt] Docker container scanner on CentOS?
Hi All. I am currently searching for a decent image/container/registry scanner. I would like to be able to check images for CVE, at the moment I am using rhel/centos/ubuntu/debian based images. I tried on CentOS7: - openscap (oscap-docker): needs atomic for installation, allows scanning of rhel based images only; - atomic: allows scanning of rhel based images only; - clair: usable in theory for rhel/centos/ubuntu/debian images but in practice I encountered problems with analyze-local-images and hyperclair "cli" tools and API does not allow automatization; - banyan collector/dockscan/drydock: seem to be stale or not enough mature to be considered; - nessus: seems to be an overkill for my usecase. I am now looking into: - aqua (commercial); - twistlock (commercial); - blackduck docker scanner (commercial). Can you share info about what you are using to scan docker images? Any proposals for my usecase? Thanks! BR, Rafal. ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
[CentOS] python script from crontab - problems with proper execution
Hi All. I currently have a problem with proper invocation of a python script with cron. non-root $ crontab -l #Ansible: script_repo_scanner 55 11 * * * /usr/bin/python /path/script_repo_scanner.py --bb_user bb_user --bb_pass bb_pass --bd_log_dir /path/logs &> /path/script_repo_scanner.py.log And in /var/log/cron I see that cron executed the script but there is no log output in /path/script_repo_scanner.py.log and the script did not perform his job. So it looks like it has not been run despite entries in /var/log/cron ;) When I execute the command non-root$ /usr/bin/python /path/script_repo_scanner.py --bb_user bb_user --bb_pass bb_pass --bd_log_dir /path/logs &> /path/script_repo_scanner.py.log I get standard output (script logs to stdout) and script does its job. Any clue what I could be missing? BR, Rafal. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange behaviour when using sudo+sh+executable.
At the end it was a sudo misconfiguration: Defaultslog_year, log_host, loglinelen=0, logfile=/var/log/sudo.log, noexec This line with noexec was problematic ;) Thanks for the help! BR, Rafal. 2016-09-07 2:25 GMT+02:00 Steven Tardy <sjt5a...@gmail.com>: > > > On Sep 6, 2016, at 6:18 AM, Rafał Radecki <radecki.ra...@gmail.com> > wrote: > > > > # sudo -H -E -u postgres /bin/bash -c /usr/bin/python2.7 > > > Works for me. *shrug* > > Is your postgres user a service account or something else strange about it? > Does 'passwd --status postgres' hint at anything? > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Strange behaviour when using sudo+sh+executable.
Hi All. I am trying to install some software. Part of its installation is an invocation of command similar to: # sudo -H -E -u postgres /bin/bash -c /usr/bin/python2.7 /bin/bash: /usr/bin/python2.7: Permission denied >From my perspective: # ls -l /bin/bash /usr/bin/python2.7 -rwxr-xr-x. 1 root root 960376 Jul 8 2015 /bin/bash -rwxr-xr-x. 1 root root 7136 Oct 11 2015 /usr/bin/python2.7 # su - postgres Last login: Tue Sep 6 11:51:45 CEST 2016 on pts/6 -sh-4.2$ /bin/bash -c /usr/bin/python2.7 Python 2.7.5 (default, Oct 11 2015, 17:47:16) [GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> I tried the same for /bin/top. From my perspective this is quite a strange behaviour. Can someone help with this problem? BR, Rafal. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] LVM - how to change lv from linear to stripped? Is it possible?
Hi All. Currently I am trying to change a logical volume from linear to stripped because I would like to have a better write throughput. I would like to perform this change "live" without stopping access to this lv. I have found two interesting examples: http://community.hpe.com/t5/System-Administration/Need-to-move-the-data-from-Linear-LV-to-stripped-LV-on-RHEL-5-7/td-p/6134323 http://www.depesz.com/2015/10/08/converting-logical-volume-so-that-its-striped/ Both say basically to: - change the lv to a mirrored one by adding a stripped copy (~second device in RAID1) - change it back to a non-mirrored one by removing the primary linear lv (~first, source device in RAID1) My os is: $ cat /etc/redhat-release CentOS Linux release 7.1.1503 (Core) $ uname -r 3.10.0-229.14.1.el7.x86_64 $ rpm -qa | grep -i lvm lvm2-libs-2.02.115-3.el7_1.1.x86_64 lvm2-2.02.115-3.el7_1.1.x86_64 And the solution proposed in above examples does not work on it. After (lv xxx is only on /dev/sdb4 before): # lvconvert --mirrors 1 --stripes 4 /dev/cinder-volumes/xxx /dev/sda4 /dev/sdc4 /dev/sdd4 /dev/sdf4 I am getting in "lvdisplay -m": --- Logical volume --- LV Path/dev/cinder-volumes/xxx LV Namexxx VG Namecinder-volumes LV UUIDAKjKAo-66cv-Ygc2-4Ykq-sSJQ-RJOY-mfjoMD LV Write Accessread/write LV Creation host, time test.local, 2015-10-28 17:45:28 +0100 LV Status available # open 1 LV Size64.01 GiB Current LE 16386 Mirrored volumes 2 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 8192 Block device 253:22 --- Segments --- Logical extents 0 to 16385: Typeraid1 Monitoring monitored Raid Data LV 0 Logical volumexxx_rimage_0 Logical extents 0 to 16385 Raid Data LV 1 Logical volumexxx_rimage_1 Logical extents 0 to 16385 Raid Metadata LV 0 xxx_rmeta_0 Raid Metadata LV 1 xxx_rmeta_1 And in "pvdisplay -m": --- Physical volume --- PV Name /dev/sda4 VG Name cinder-volumes PV Size 2.73 TiB / not usable 4.00 MiB Allocatable yes PE Size 4.00 MiB Total PE 715255 Free PE 287476 Allocated PE 427779 PV UUID IrkkwI-AqpP-bTll-vlPq-NDSe-rDUg-ecAnkp ... Physical extent 427776 to 427776: Logical volume /dev/cinder-volumes/xxx_rmeta_1 Logical extents 0 to 0 Physical extent 42 to 444162: Logical volume /dev/cinder-volumes/xxx_rimage_1 Logical extents 0 to 16385 --- Physical volume --- PV Name /dev/sdb4 VG Name cinder-volumes PV Size 2.73 TiB / not usable 4.00 MiB Allocatable yes PE Size 4.00 MiB Total PE 715255 Free PE 698868 Allocated PE 16387 PV UUID hx0a1v-M68S-aPBL-1x9r-8EiD-3cu3-GQPLRo --- Physical Segments --- Physical extent 0 to 0: Logical volume /dev/cinder-volumes/xxx_rmeta_0 Logical extents 0 to 0 Physical extent 1 to 16386: Logical volume /dev/cinder-volumes/xxx_rimage_0 Logical extents 0 to 16385 Physical extent 16387 to 715254: FREE So the migration to a RAID1 logical volume is successful but the stripping (above "lvconvert --mirrors 1 --stripes 4 /dev/cinder-volumes/xxx /dev/sda4 /dev/sdc4 /dev/sdd4 /dev/sdf4") is not taken into consideration because only /dev/sda4 and /dev/sdb4 are used for xxx logical volume afterwards. Also when I run: # lvconvert -m 0 /dev/cinder-volumes/xxx /dev/sdb4 afterwards I get xxx logical volume only on /dev/sda4 and it is linear (not stripped). Can someone help me with this? ;) BR, Rafal. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] LVM - stripped logical volumes by default?
Hi All. I am currently using OpenStack Juno on CentOS 7. The problem is that by default OpenStack's Cinder service creates logical volumes of "linear" type. I would like to have them stripped over all physical disks to get better write performance. Is there a way to tell LVM to create by default stripped volumes instead of linear ones? BR, Rafal. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 - "Device eth1 does not seem to be present, delaying initialization".
Hi Yamaban.
Thanks for the tip, you pushed me in the right direction. I added udev
rules file to initramfs:
dracut -f --include /etc/udev/rules.d/70-persistent-net.rules
/etc/udev/rules.d/70-persistent-net.rules
and afterwards (reboot) it works as expected. Thanks!
BR,
Rafal.
2015-10-21 12:55 GMT+02:00 Yamaban <foers...@lisas.de>:
> On Wed, 21 Oct 2015 10:20, Rafał Radecki <radecki.rafal@...> wrote:
>
> Hi All :)
>>
>> I have three servers, all with centos 7 installed 3 days ago. I need on
>> them "old" naming scheme (ethX) for network interfaces, because of that:
>>
>> # grep GRUB_CMDLINE_LINUX /etc/sysconfig/grub
>> GRUB_CMDLINE_LINUX="rd.lvm.lv=centos_node-XY/swap rd.lvm.lv
>> =centos_node-XY/root
>> rhgb quiet ipv6.disable=1 net.ifnames=0"
>>
>> net.ifnames=0 was added and afterwards I ran:
>>
>> grub2-mkconfig -o /boot/grub2/grub.cfg
>>
>> Then I created /etc/udev/rules.d/70-persistent-net.rules with content:
>>
>> SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
>> ATTR{address}=="00:1e:67:7f:9c:98", ATTR{type}=="1", KERNEL=="eth*",
>> NAME="eth0"
>> SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
>> ATTR{address}=="00:1e:67:7f:9c:99", ATTR{type}=="1", KERNEL=="eth*",
>> NAME="eth1"
>> SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
>> ATTR{address}=="00:1e:67:7f:9c:9a", ATTR{type}=="1", KERNEL=="eth*",
>> NAME="eth2"
>> SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
>> ATTR{address}=="00:1e:67:7f:9c:9b", ATTR{type}=="1", KERNEL=="eth*",
>> NAME="eth3"
>> SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
>> ATTR{address}=="00:1e:67:81:37:0d", ATTR{type}=="1", KERNEL=="eth*",
>> NAME="eth4"
>> SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
>> ATTR{address}=="00:1e:67:81:37:0e", ATTR{type}=="1", KERNEL=="eth*",
>> NAME="eth5"
>> SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
>> ATTR{address}=="90:e2:ba:46:ef:30", ATTR{type}=="1", KERNEL=="eth*",
>> NAME="eth6"
>> SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
>> ATTR{address}=="90:e2:ba:46:ef:31", ATTR{type}=="1", KERNEL=="eth*",
>> NAME="eth7"
>>
>> After reboot it worked fine for all 3 servers, but some time later after
>> another reboot I get:
>>
>> # systemctl status network
>> network.service - LSB: Bring up/down networking
>> Loaded: loaded (/etc/rc.d/init.d/network)
>> Active: failed (Result: exit-code) since Tue 2015-10-20 20:37:30 CEST;
>> 13h ago
>> Process: 2034 ExecStart=/etc/rc.d/init.d/network start (code=exited,
>> status=1/FAILURE)
>>
>> Oct 20 20:37:24 node-X systemd-sysctl[2049]: Overwriting earlier
>> assignment
>> of net/bridge/bridge-nf-call-ip6tables in file
>> '/etc/sysctl.d/99-sysctl.conf'.
>> Oct 20 20:37:25 node-X network[2034]: Bringing up loopback interface: [
>> OK ]
>> Oct 20 20:37:25 node-X network[2034]: Bringing up interface eth1: ERROR
>> : [/etc/sysconfig/network-scripts/ifup-eth] Device eth1 does not seem to
>> be present, delaying initialization.
>> Oct 20 20:37:25 node-X network[2034]: [FAILED]
>> Oct 20 20:37:27 node-X network[2034]: Bringing up interface eth6: [ OK
>> ]
>> Oct 20 20:37:30 node-X network[2034]: Bringing up interface eth7: [ OK
>> ]
>> Oct 20 20:37:30 node-X systemd[1]: network.service: control process
>> exited,
>> code=exited status=1
>> Oct 20 20:37:30 node-X systemd[1]: Failed to start LSB: Bring up/down
>> networking.
>> Oct 20 20:37:30 node-X systemd[1]: Unit network.service entered failed
>> state.
>>
>> I see now that the device for which I have an entry in udev:
>>
>> SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
>> ATTR{address}=="00:1e:67:7f:9c:99", ATTR{type}=="1", KERNEL=="eth*",
>> NAME="eth1"
>>
>> with MAC 00:1e:67:7f:9c:99 is not eth1 as it should be but
>>
>> 4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
>>link/ether 00:1e:67:7f:9c:99 brd ff:ff:ff:ff:ff:ff
>>
>> an
[CentOS] Centos 7 - "Device eth1 does not seem to be present, delaying initialization".
Hi All :)
I have three servers, all with centos 7 installed 3 days ago. I need on
them "old" naming scheme (ethX) for network interfaces, because of that:
# grep GRUB_CMDLINE_LINUX /etc/sysconfig/grub
GRUB_CMDLINE_LINUX="rd.lvm.lv=centos_node-XY/swap rd.lvm.lv=centos_node-XY/root
rhgb quiet ipv6.disable=1 net.ifnames=0"
net.ifnames=0 was added and afterwards I ran:
grub2-mkconfig -o /boot/grub2/grub.cfg
Then I created /etc/udev/rules.d/70-persistent-net.rules with content:
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="00:1e:67:7f:9c:98", ATTR{type}=="1", KERNEL=="eth*",
NAME="eth0"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="00:1e:67:7f:9c:99", ATTR{type}=="1", KERNEL=="eth*",
NAME="eth1"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="00:1e:67:7f:9c:9a", ATTR{type}=="1", KERNEL=="eth*",
NAME="eth2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="00:1e:67:7f:9c:9b", ATTR{type}=="1", KERNEL=="eth*",
NAME="eth3"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="00:1e:67:81:37:0d", ATTR{type}=="1", KERNEL=="eth*",
NAME="eth4"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="00:1e:67:81:37:0e", ATTR{type}=="1", KERNEL=="eth*",
NAME="eth5"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="90:e2:ba:46:ef:30", ATTR{type}=="1", KERNEL=="eth*",
NAME="eth6"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="90:e2:ba:46:ef:31", ATTR{type}=="1", KERNEL=="eth*",
NAME="eth7"
After reboot it worked fine for all 3 servers, but some time later after
another reboot I get:
# systemctl status network
network.service - LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network)
Active: failed (Result: exit-code) since Tue 2015-10-20 20:37:30 CEST;
13h ago
Process: 2034 ExecStart=/etc/rc.d/init.d/network start (code=exited,
status=1/FAILURE)
Oct 20 20:37:24 node-X systemd-sysctl[2049]: Overwriting earlier assignment
of net/bridge/bridge-nf-call-ip6tables in file
'/etc/sysctl.d/99-sysctl.conf'.
Oct 20 20:37:25 node-X network[2034]: Bringing up loopback interface: [
OK ]
Oct 20 20:37:25 node-X network[2034]: Bringing up interface eth1: ERROR
: [/etc/sysconfig/network-scripts/ifup-eth] Device eth1 does not seem to
be present, delaying initialization.
Oct 20 20:37:25 node-X network[2034]: [FAILED]
Oct 20 20:37:27 node-X network[2034]: Bringing up interface eth6: [ OK ]
Oct 20 20:37:30 node-X network[2034]: Bringing up interface eth7: [ OK ]
Oct 20 20:37:30 node-X systemd[1]: network.service: control process exited,
code=exited status=1
Oct 20 20:37:30 node-X systemd[1]: Failed to start LSB: Bring up/down
networking.
Oct 20 20:37:30 node-X systemd[1]: Unit network.service entered failed
state.
I see now that the device for which I have an entry in udev:
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="00:1e:67:7f:9c:99", ATTR{type}=="1", KERNEL=="eth*",
NAME="eth1"
with MAC 00:1e:67:7f:9c:99 is not eth1 as it should be but
4: eth2: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:1e:67:7f:9c:99 brd ff:ff:ff:ff:ff:ff
and there is no eth1 in the system.
# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=no
PEERDNS=no
PEERROUTES=no
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=no
IPV6_DEFROUTE=no
IPV6_PEERDNS=no
IPV6_PEERROUTES=no
IPV6_FAILURE_FATAL=no
NAME=eth1
#UUID=e421e35f-3397-4a93-9449-0aa4e9ef9e1d
DEVICE=eth1
ONBOOT=yes
IPADDR=1.2.3.4
NETMASK=255.255.255.0
All pages which I found about "Device ethX does not seem to be present,
delaying initialization" tell to correctly configure udev but it is
correctly configured and it worked some time ago, only recently i started
to get problems with this on 3 servers at once. I also noticed that on one
of them when I saw the problem and rebooted the server eth1 was correctly
assigned afterwards but after another reboot the message happened again.
Quite strange to me :D
Have you had similar problems on centos7? Any advice?
Thanks :)
BR,
Rafal.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 - "Device eth1 does not seem to be present, delaying initialization".
Surprisingly: # lspci -vvv | grep 'Device Serial Number' Capabilities: [140 v1] Device Serial Number 00-1e-67-ff-ff-7f-9c-98 Capabilities: [140 v1] Device Serial Number 00-1e-67-ff-ff-7f-9c-98 Capabilities: [140 v1] Device Serial Number 00-1e-67-ff-ff-7f-9c-98 Capabilities: [140 v1] Device Serial Number 00-1e-67-ff-ff-7f-9c-98 Capabilities: [148 v1] Device Serial Number 00-1e-67-03-00-81-37-0c Capabilities: [140 v1] Device Serial Number 90-e2-ba-ff-ff-46-ef-30 Capabilities: [140 v1] Device Serial Number 90-e2-ba-ff-ff-46-ef-30 So for mentioned eth1 which should have MAC 00:1e:67:7f:9c:99 there is no entry in lspci but for all 4 ports of Intel I350 the MAC in lspci seems to be the same :) First four lines above are for Intel I350 ethernet adapter and I suspect that some settings in bios could change due to some unknown reason, I will check this. BR, Rafal. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Supervisord - is it really needed?
Hi All :) In Centos 7 we have systemd. Is in this case supervisord needed? What are your experiences? systemd can clearly be used to respawn processes in case they will die. BR, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update only of security vulnerabilities?
Thanks for the links, they are very informative. So as I see currently the only way to check if there are any security updates available for Centos is to parse the errata info sent by email to Centos Announce? :D Does anyone have another solution implemented? :) Any help will be very appreciated :) BR, Rafal. 2015-04-08 18:15 GMT+02:00 Jonathan Billings billi...@negate.org: On Wed, Apr 08, 2015 at 03:54:18PM +0200, Rafał Radecki wrote: What is the best way to get a list of available security updates? I found several commands for that: 1) yum updateinfo list updates -q --security 2) yum list-security --security -q 3) yum --security check-update -q Based on the sample output below I think I can use any of the three with some awk to get a list of packages. Keep in mind: when using the yum-plugin-security package which provides the --security option, you're only going to see security updates in EPEL (which I see you have enabled) and not in CentOS's repos. As of yet, there are no errata data in the CentOS repos. See previous discussion here: http://lists.centos.org/pipermail/centos/2015-January/148839.html and on centos-devel: http://lists.centos.org/pipermail/centos-devel/2014-September/011893.html So, --security is pretty much a no-op, even when there are packages that fix security issues are available in the CentOS repos. -- Jonathan Billings billi...@negate.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Update only of security vulnerabilities?
Hi All :) What is the best way to get a list of available security updates? I found several commands for that: 1) yum updateinfo list updates -q --security 2) yum list-security --security -q 3) yum --security check-update -q Based on the sample output below I think I can use any of the three with some awk to get a list of packages. yum updateinfo list updates -q --security FEDORA-EPEL-2014-0525 security libyaml-0.1.5-1.el6.x86_64 FEDORA-EPEL-2014-0990 security libyaml-0.1.6-1.el6.x86_64 yum list-security --security -q FEDORA-EPEL-2014-0525 security libyaml-0.1.5-1.el6.x86_64 FEDORA-EPEL-2014-0990 security libyaml-0.1.6-1.el6.x86_64 yum --security check-update -q libyaml.x86_64 0.1.3-4.el6_6 updates Then I can add this to nagios or cron to get a notification about available security updates. Do you see any advantages/disadvantages in using one of the three choices? How do you do this kind of task? What can you propose to get a notification about available security updates? BR, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Proper check of openssl usage in processes?
Hi All :)
I need to check and possibly update openssl on my fleet of servers. I would
like to avoid reboot if possible. I think that I can:
- update openssl version with yum
- check all daemon processes which are constantly running in the os, for
example for sshd something like
ldd `which sshd` | awk '/\// { print $3 }' | grep crypto | xargs strings
| grep -i openssl
to verify if the old openssl version is still used
- if it is still used (I think that without a process restart the old
version will be used) I will perform restart of the process
Can this kind of check be done in some other way?
BR,
Rafal.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Your experience with os hardening tool - Bastille?
Hi All:) I would like to start using a tool for automating of os hardening. I found some informations about Bastille. One things which attracted my attention is that in http://bastille-linux.sourceforge.net/news_updates.htm the last post is from January 29th, 2012 :D Is the tool ready to use at the moment with CentOS 6/7? Are there any alternatives which you can recommend? Thanks for all info :) BR, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Your experience with os hardening tool - Bastille?
I thought that Bastille is dead and wanted to confirm that. Still, are there any alternatives worth mentioning? I do not look for a 'magic script' but for a tool which could ease at least partially the securing process. Of course as always puppet or similar tool can be used and I think that I will go in that direction. Monitoring/selinux/firewalling are standard things and I am using them. I already gathered some resources, I am mostly using info from http://wiki.centos.org/HowTos/OS_Protection https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf and checking Nessus currently ;) It looks very promising... BR, Rafal On 18 October 2014 17:45, Rafał Radecki radecki.ra...@gmail.com wrote: Hi All:) I would like to start using a tool for automating of os hardening. I found some informations about Bastille. One things which attracted my attention is that in http://bastille-linux.sourceforge.net/news_updates.htm the last post is from January 29th, 2012 :D Why would you be excited by a message saying we're starting back up from 3 years ago with no further information ... To my knowledge this is completely dead and out of scope for C6/C7 security. Is the tool ready to use at the moment with CentOS 6/7? Are there any alternatives which you can recommend? It's a dead project - forget it. If you want to think about security you should be looking at the RHEL security guides to start with: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Security_Guide/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Security_Guide/index.html After reading through the upstream documentation you may want to read some external sources such as the CIS guidelines: http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.120 http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel7.100 Always keep in mind though security is a process - there's not a magic script that makes a system secure but rather a properly layered system of protection and review. Don't go into securing an OS thinking there you can run one application/script and check the box marked secure as a result. Apply critical thinking to each setting, set up your firewall properly, don't disable selinux and monitor properly (along with backups) as your keystones to work from. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Mounting LUNs from a SAN array - LUN mappings to devices in /dev/ - are they static?
Hi All :)
I am currently involved in a project in which there is a SAN array (Sun
Storagetek 2540) which exports LUNs for some servers with Centos 5.2 x86. I
will be performing a migration to Centos 5.9 x86_64 in some time and am
gathering needed info now :)
I am trying to find the place in the OS where there is the information
about LUN mappings to /dev/ devices.
For example on array level I have an exported LUN with number 8. I see it
on one of the servers with lsscsi as:
# lsscsi | grep '7\:0\:0\:8'
[7:0:0:8]diskSUN LCSM100_F0735 /dev/sdj
As I said I need to perform migration of the OS to Centos 5.9 x86_64 and am
curious where from does the mapping
scsi device 7:0:0:8 - /dev/sdj
come?
I have some complex logical volume (Veritas Volume Manager) setup based on
/dev/ disks (which are derived from LUNs imported from the array) and will
need to recreate it on destination servers. My coworker said that udev may
be assigning the /dev/sdj (and other) identifier so I checked this. In
/etc/udev/rules.d/* I see rules for scsi subsystem (sysfs type 0 is disk):
ACTION==add, SUBSYSTEM==scsi, WAIT_FOR_SYSFS=ioerr_cnt
ACTION==add, SUBSYSTEM==scsi_device, SYSFS{type}==0,
RUN+=socket:/org/kernel/diskres/uevents
ACTION==remove, SUBSYSTEM==scsi_device,
RUN+=socket:/org/kernel/diskres/uevents
So I do not see anything which could answer my question. There have been
other rules for different sysfs types but I think they are not relevant in
my case.
In sysfs in /sys/bus/scsi/devices/7:0:0:8 I found:
# ll block\:sdj
lrwxrwxrwx 1 root root 0 Oct 4 17:57 block:sdj -
../../../../../../../../../../block/sdj
Where else can I look for the LUN-/dev/ device mapping rules? How are the
LUNs mapped to operating system devices? Is there a way to add a static
mapping so that also on a new server after attaching SAN array LUN number 8
will be visible as /dev/sdj? I think that there is a possibility that on a
new server mentioned LUN will be visible as a different /dev/sd? :( That
could potentially break my logical volume setup on the destination server.
Any info will be greatly appreciated :)
BR,
Rafal.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mounting LUNs from a SAN array - LUN mappings to devices in /dev/ - are they static?
The answer is: I was told to do so :) Corpo related stuff ;) R. 2014-10-04 18:25 GMT+02:00 Reindl Harald h.rei...@thelounge.net: Am 04.10.2014 um 18:22 schrieb Rafał Radecki: As I said I need to perform migration of the OS to Centos 5.9 x86_64 and am curious where from does the mapping scsi device 7:0:0:8 - /dev/sdj come? you must not rely on that mapping - never it can and will change in many cases at every boot that's why UUID's and labels exists P.S.: why do you consider to migrate to a *not* supported and outdated CentOS 5.9 - people need to realize that CentOS has only *one* supported version, the latest one, 5.11 starting with this week ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mounting LUNs from a SAN array - LUN mappings to devices in /dev/ - are they static?
Thanks Alexander, these links make the topic VERY clear :) Have a nice day :) BR, Rafal. 2014-10-04 18:49 GMT+02:00 Alexander Dalloz ad+li...@uni-x.org: Am 04.10.2014 um 18:22 schrieb Rafał Radecki: [ ... ] In sysfs in /sys/bus/scsi/devices/7:0:0:8 I found: # ll block\:sdj lrwxrwxrwx 1 root root 0 Oct 4 17:57 block:sdj - ../../../../../../../../../../block/sdj Where else can I look for the LUN-/dev/ device mapping rules? How are the LUNs mapped to operating system devices? Is there a way to add a static mapping so that also on a new server after attaching SAN array LUN number 8 will be visible as /dev/sdj? I think that there is a possibility that on a new server mentioned LUN will be visible as a different /dev/sd? :( That could potentially break my logical volume setup on the destination server. Any info will be greatly appreciated :) BR, Rafal. Please see https://access.redhat.com/documentation/en-US/Red_Hat_ Enterprise_Linux/5/html/Online_Storage_Reconfiguration_Guide/ persistent_naming.html https://www.centos.org/docs/5/html/5.2/Virtualization/sect- Virtualization-Virtualized_block_devices-Configuring_ persistent_storage_in_a_Red_Hat_Enterprise_Linux_5_environment.html Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] syslog-ng 2.1.4 - file sources are read only when reload or restart is performed?
Hi All ;)
I am using a virtual machine with:
Red Hat Enterprise Linux Server release 5.7 (Tikanga)
Linux logserver01 2.6.18-274.el5 #1 SMP Fri Jul 8 17:36:59 EDT 2011 x86_64
x86_64 x86_64 GNU/Linux
syslog-ng 2.1.4
I have following configuration:
...
9 options {
10 create_dirs (yes);
11 dir_group (root);
12 dir_owner (root);
13 dir_perm (0700);
14 group (root);
15 owner (root);
16 perm (0600);
17 flush_lines(1);
18 flush_timeout (1000);
19 keep_hostname (yes);
20 log_fifo_size (1);
21 use_dns (no);
22 use_fqdn (no);
23 };
...
39 source s_stdout {
40 # file (/logs/stdout.log flags(no-parse) follow_freq(1));
41 file (/logs/stdout.log flags(no-parse));
42 };
...
61 destination d_stdout { file(/var/log/$YEAR$MONTH$DAY/stdout);
};
...
80 log { source(s_stdout); destination(d_stdout); };
The problem is that changes in /logs/stdout.log are only visible in
/var/log/20140717/stdout when I perform /etc/init.d/syslog-ng reload or
restart. I tried several settings of flush_*, log_fifo_size and follow_freq
but with no luck :D
Is it a problem withe the version that I use (quite old :D ) or is there a
mistake in my configuration maybe?
BR,
Rafal.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 full backup software?
I need a block level backup because I need an easy to restore backup of the whole server, including mbr, partition layout and of course data. The server will be reinstalled so filesystem level backup is an option but not as straightforward and easy to restore as for example Clonezilla. R. 2014-07-16 22:37 GMT+02:00 m.r...@5-cent.us: Rafał Radecki wrote: Hi All ;) I need a good tool to backup whole system on block level rather than file level and easy to use. I currently need to backup to an USB disc (50+ GB of data) a system and then reinstall it. In the future if needed I will revert to the system from backup ;) What can you recommend? Do you really mean block level? Are you wanting something like a dedup? Why do you *not* want file level? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 full backup software?
I am making backup of the mentioned machine because I need to install a virtualization software on the same hardware. I think that I will use containers with cgroups this time, usually I use kvm, so it will be somewhat faster and I will be able to get some experience with LXC (untill now I used OpenVZ and am not a fan of it ;) ). Overall thanks for all help, I will use CloneZilla :) Have a nice day! R. 2014-07-16 22:54 GMT+02:00 Brian Miller cen...@fullnote.com: On Wed, 2014-07-16 at 21:50 +0200, Rafał Radecki wrote: Hi All ;) I need a good tool to backup whole system on block level rather than file level and easy to use. I currently need to backup to an USB disc (50+ GB of data) a system and then reinstall it. In the future if needed I will revert to the system from backup ;) What can you recommend? 'dd'. I use it routinely when doing p2v migrations of older hardware and when migrating heavily customized systems between hardware. Which brings up the point maybe you might want to investigate virtualization options if you strongly suspect you'll have a requirement to revert via a bare metal restoration procecure. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 full backup software?
Yes, rear sounds resonable ;) I will try it also, thanks. BR, Rafal. 2014-07-17 19:30 GMT+02:00 Les Mikesell lesmikes...@gmail.com: On Thu, Jul 17, 2014 at 12:06 PM, Rafał Radecki radecki.ra...@gmail.com wrote: I need a block level backup because I need an easy to restore backup of the whole server, including mbr, partition layout and of course data. The server will be reinstalled so filesystem level backup is an option but not as straightforward and easy to restore as for example Clonezilla. The 'rear' (Relax-and-Recover) package from EPEL is about as easy to use but with a different approach. It will generate a bootable iso containing a script to reconstruct the partitions, filesystems, etc. and restore to them. Some tradeoffs are that Clonezilla will do single disks and bring along windows or other partitions not part of the active system, but can't handle multiple drives or RAID and it needs at least an equal-sized disk for the restore. ReaR can make its backup without shutting the running system down, understands raid/lvm, etc., but only the linux filesystems - and with some work you can modify the disk layout/sizes before the restore. ReaR is a reasonable tool to do conversions to VM's, etc., where you are likely to want to rearrange the layout or remove software raid, although you have to manually edit the layout description file. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 6 full backup software?
Hi All ;) I need a good tool to backup whole system on block level rather than file level and easy to use. I currently need to backup to an USB disc (50+ GB of data) a system and then reinstall it. In the future if needed I will revert to the system from backup ;) What can you recommend? BR, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] USB key accessible/seen remotely.
Hi All :) I have currently an USB key which is needed by some software on a remote server. Is there a way to use my local USB port (attach mentioned device to it) and share it with this remote server? BR, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Software RAID10 - which two disks can fail?
The raid10 name is very misleading. I came to the same conclusion yesterday: for sake of clarity I will make two raid1 arrays and combine them into a raid0 ;) Thanks for all info. BR, Rafal. 2014-04-08 8:49 GMT+02:00 Christopher Chan christopher.c...@bradbury.edu.hk : On Tuesday, April 08, 2014 03:47 AM, Rafał Radecki wrote: As far as I know raid10 is ~ a raid0 built on top of two raid1 ( http://en.wikipedia.org/wiki/Nested_RAID_levels#RAID_1.2B0 - raid10). So I think that by default in my case: No, Linux md raid10 is NOT a nested raid setup where you build a raid0 on top of two raid1 arrays. /dev/sda6 and /dev/sdb6 form the first raid1 /dev/sdd6 and /dev/sdc6 form the second raid1 So is it so that if I fail/remove for example: - /dev/sdb6 and /dev/sdc6 (different raid1's) - the raid10 will be usable/data will be ok? - /dev/sda6 and /dev/sdb6 (the same raid1) - the raid10 will be not usable/data will be lost? The man page for md which has a section on RAID10 describes the possibility of something is absolutely impossibe with a nested raid1+0 setup. Excerpt: If, for example, an array is created with 5 devices and 2 replicas, then space equivalent to 2.5 of the devices will be available, and every block will be stored on two different devices. So contrary to this statement: RAID10 provides a combination of RAID1 and RAID0, and is sometimes known as RAID1+0., linux md raid10 is NOT raid1+0. Is something entirely new and different but unfortunately called raid10 perhaps due to it being able to create a raid1+0 array and a different layout using similar concepts. I read in context of raid10 about replicas of data (2 by default) and the data layout (near/far/offset). I see in the output of mdadm -D the line Layout : near=2, far=1 and am not sure which layout is exactly used and how it influences data layout/distribution in my case :| I would really appreciate a definite answer which partitions I can remove and which I cannot remove at the same time because I need to perform some disk maintenance tasks on this raid10 array. Thanks for all help! If you want something that you can be sure about, do what I do. Make two raid1 md devices and then use them to make a raid0 device. raid10 is something cooked up by Neil Brown and but is not raid1+0. http://en.wikipedia.org/wiki/Linux_MD_RAID_10#LINUX-MD-RAID-10 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Software RAID10 - which two disks can fail?
Hi All. I have a server which uses RAID10 made of 4 partitions for / and boots from it. It looks like so: mdadm -D /dev/md1 /dev/md1: Version : 00.90 Creation Time : Mon Apr 27 09:25:05 2009 Raid Level : raid10 Array Size : 973827968 (928.71 GiB 997.20 GB) Used Dev Size : 486913984 (464.36 GiB 498.60 GB) Raid Devices : 4 Total Devices : 4 Preferred Minor : 1 Persistence : Superblock is persistent Update Time : Mon Apr 7 21:26:29 2014 State : clean Active Devices : 4 Working Devices : 4 Failed Devices : 0 Spare Devices : 0 Layout : near=2, far=1 Chunk Size : 64K UUID : 1403e5aa:3152b3f8:086582aa:c95c4fc7 Events : 0.38695092 Number Major Minor RaidDevice State 0 860 active sync /dev/sda6 1 8 221 active sync /dev/sdb6 2 8 542 active sync /dev/sdd6 3 8 383 active sync /dev/sdc6 As far as I know raid10 is ~ a raid0 built on top of two raid1 ( http://en.wikipedia.org/wiki/Nested_RAID_levels#RAID_1.2B0 - raid10). So I think that by default in my case: /dev/sda6 and /dev/sdb6 form the first raid1 /dev/sdd6 and /dev/sdc6 form the second raid1 So is it so that if I fail/remove for example: - /dev/sdb6 and /dev/sdc6 (different raid1's) - the raid10 will be usable/data will be ok? - /dev/sda6 and /dev/sdb6 (the same raid1) - the raid10 will be not usable/data will be lost? I read in context of raid10 about replicas of data (2 by default) and the data layout (near/far/offset). I see in the output of mdadm -D the line Layout : near=2, far=1 and am not sure which layout is exactly used and how it influences data layout/distribution in my case :| I would really appreciate a definite answer which partitions I can remove and which I cannot remove at the same time because I need to perform some disk maintenance tasks on this raid10 array. Thanks for all help! BR, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] mbox files - can they be compacted?
Hi All ;) Is there an option to compact large mbox files from the shell? I did not find anything in google, I have some very large constantly updated mbox files and would like to know if they can be made smaller with any tool. AFAIK mutt does such operation when for example an email is deleted but I am curious if there are other options. BR, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Mail server - MailScanner/Baruwa/postfix/...
Hi All ;) Currently I am gathering info about possible components for a mailserver. I think that MailScanner/Baruwa/postfix will be a good choice. I set up a similar system (with MailWatch instead of Baruwa) about 3 years ago and had very good experience ;) What do you think about MailScanner/Baruwa now? Do you maybe use any good alternatives and can recommend them? Thanks for all help ;) Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] LogScape as a Splunk alternative?
Hi All. I searched for a Splunk alternative and found LogScape. Have anyone worked with it? There is no documentation available only some very brief installation instructions and there is almost no information in google about successful deployments in linux environments. From my current perspective it is a quite small and not widely used product, am I right? Also videos about search capabilities show that in comparison with Splunk it gives rather limited search functionality. Overall what do you think about LogScape? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Linux reinstallation without rebooting? Alternative to kickstart and other such tools?
Hi All. I am curious if it is possible to reinstall linux distribution to centos (or another distro) if I have a remote linux server with no kvm access (i do not want to use virtualization). I know that for installation pxe, tftpboot and kickstart or a proper iso/cd and kickstart are standard options. But for such operations I would need kvm access. Are there any alternatives which do not need it? For example: I have a centos server, then I add some software, run it, point to a kickstart file available through http remotely or give network parameters and partitioning layout and the software takes care of the rest, no need for kvm access during install. Is something like that possible? :) I know that it may be seen as an exotic question but there are many opensource projects starting every day and maybe someone knows an interesting piece of software. Thanks! Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Linux reinstallation without rebooting? Alternative to kickstart and other such tools?
That's what I was looking for, many thanks! :) I have a funny situation in which I need to reinstall remotely from Debian 7 to CenOS 6.5 without kvm access and now it is possible :) Best regards, Rafal. 2014/1/11 Kai Schaetzl mailli...@conactive.com Andrew Holway wrote on Sat, 11 Jan 2014 11:05:37 +: You will need another server set up on the same L2 network that will serve DHCP and TFTP and HTTP. You can set it up similar to the following. Well, I think he's lacking that option (e.g. setup DHCP in the same network). What he wants to do is a vnc install. You add an option to boot a small setup kernel that exposes the installer via vnc. You connect and finish the installation that way. You can also automate this with a kickstart file and skip the vnc part, but you have to be sure that it contains no mistakes. So, for just one occasion it's easier to just do the manual installation. Google for centos vnc headless install, there's lots of tutorials. Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Linux reinstallation without rebooting? Alternative to kickstart and other such tools?
Thanks for all the tips ;) I also prefer iLO-like interfaces but sometimes there is no such option, I'm glad that there are still options to perfom installation in such situations. Best regards, Rafal. 2014/1/11 John R Pierce pie...@hogranch.com On 1/11/2014 6:41 AM, Rafał Radecki wrote: That's what I was looking for, many thanks!:) I have a funny situation in which I need to reinstall remotely from Debian 7 to CenOS 6.5 without kvm access and now it is possible:) and if anything goes wrong, you'll need to get down there to the actual console to sort it out. I always buy my servers with remote consoles, IPMI or iLO or DRAC or whatever. Costs a bit extra, but saving a few extra DC visits in the life of the server is priceless. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Weblogic logging to syslog?
Hi All. I have a setup in which: - applications deployed in weblogic log directly to weblogic; - components of weblogic (domain, admin server, managed servers) log to proper files (default logging). I would like to connect logging to syslog server. Is it possible? As I have read it is possible to log from applications with log4j if they send logs to weblogic server (on weblogic level configured in domain_root/lib/log4j.xml or log4j.properties). But is it possible to log from weblogic components (domain, admin server, managed servers) to log4j and through it to syslog? Are there any other options than pointing syslog to read from logfiles generated on disk by weblogic? There is much info on the web and I'm quite confused. Thanks for all help. Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] What gui to use for syslog-ng logs?
Hi All. I have an environment in which I would like to implement a GUI for parsing syslog-ng logs from operating system, application servers and databases. I've heard that Splunk is a good tool but its quite hard to learn. Are there any valuable alternatives? What are you using and why? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What gui to use for syslog-ng logs?
In GB, the paid license is an option ;) 2013/11/18 ign...@vault13.lt ign...@vault13.lt On 2013.11.18 17:56, Rafał Radecki wrote: Hi All. I have an environment in which I would like to implement a GUI for parsing syslog-ng logs from operating system, application servers and databases. I've heard that Splunk is a good tool but its quite hard to learn. Are there any valuable alternatives? What are you using and why? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hello, I do not think Splunk is hard. The only downside is that you have to pay money if you index more than 500MB of logs a day. How many logs/day (in MB) are you expecting? Ignas ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] syslog-ng or rsyslog?
Hi All. I've used syslog-ng for some time. I like it. I have a project in which I need to choose a central logging solution. What are your experiences with rsyslog? Is it more complex to setup than syslog-ng? Or maybe does it have some additional features? I am also thinking about using some gui tools for log parsing and graphing. May be proprietary/paid. Any suggestions? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] crond sometimes launches a child process?
Hi All. I monitor number of crond processes on my machines. On one of them I have 2 crond processes for a short period of time (few minutes) everyday. It is at the same time when one jobs starts to run - a sphinx indexer. What are the possible causes of crond running a child crond process? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] yum update after update from 6.3 to 6.4 - problems with epel repository.
Hi All.
I've updated my system from 6.3 to 6.4. In my /etc/yum.repos.depel.repo I
have:
[epel]
name=Extra Packages for Enterprise Linux - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=
http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6arch=$basearch
failovermethod=priority
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
#gpgkey=http://download.fedora.redhat.com/pub/epel/RPM-GPG-KEY-EPEL-5
exclude=mongodb*
enabled=1
gpgcheck=0
Yum variables are ok:
# python -c 'import yum, pprint; yb = yum.YumBase();
pprint.pprint(yb.conf.yumvar, width=1)'
Loaded plugins: fastestmirror
{'arch': 'ia32e',
'basearch': 'x86_64',
'releasever': '6',
'uuid': 'd42ce92e-d28b-4637-8365-2cf02892ee58'}
But yum exits with error:
# yum --disablerepo='*' --enablerepo='epel' search iotop
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
Error: Cannot find a valid baseurl for repo: epel
I've tried to open
http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6arch=x86_64
but got
# Bad Request 2960
# {'repo': u'epel-6', 'IP': IP('195.8.99.234'), 'client_ip':
u'195.8.99.234', 'metalink': False, 'arch': u'x86_64'}
Am I doing something wrong? Any clues?
Best regards,
Rafal.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Fastest way of removing very large number of files?
Hi All. I currently have a problem on my backup server with very large number of small files in a large number of directories. I would like to delete them as fast as possible. Currently I use: rsync -a --delete /empty_directory/ dir_to_clean/ I've read that rsync will be faster than rm or find. Can you recommend something? I use an ext4 filesystem. Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS-virt] KVM, virtualized interface, dropped packets.
Hi All. I have currently a small problem to solve. I have a kvm virtual machine which in output of ifconfig eth0 | egrep 'RX packets|TX packets' RX packets:792681304 errors:0 dropped:560728 overruns:0 frame:0 TX packets:716661674 errors:0 dropped:0 overruns:0 carrier:0 show dropped packets. I think that rx buffer is to small (no strange messagess in dmesg) and would like to make it larger. But when I try a solution from http://www.scottalanmiller.com/linux/2011/06/20/working-with-nic-ring-buffers/ I get: ethtool -g eth0 Ring parameters for eth0: Cannot get device ring settings: Operation not supported So what is the proper way to make rx buffers larger in this situation? Best regards, Rafal Radecki. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS] curl ciphers name mapping openssl to curl format?
Hi All. In curl manual: --ciphers - (SSL) Specifies which ciphers to use in the connection. The list of ciphers must specify valid ciphers. Read up on SSL cipher list details on this URL:http://www.openssl.org/docs/apps/ciphers.html; In openssl: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_SUITE_NAMES there are names such as SSL_RSA_WITH_RC4_128_SHA RC4-SHA but curl --ciphers RC4-SHA https://xxx.yyy curl: (59) Unknown cipher in list: RC4-SHA the same for --ciphers SSL_RSA_WITH_RC4_128_SHA the same. But for: curl --ciphers rsa_rc4_128_sha https://xxx.yyy the command works. Can you tell how to map strings from openssl to curl's format? I've searched the web but with no luck ;) Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Java/Solr - Could not reserve enough space for object heap.
Hi All. # cat /etc/redhat-release CentOS release 6.2 (Final) # uname -r 2.6.32-220.17.1.el6.centos.plus.x86_64 # rpm -qa | grep solr apache-solr-3.5.0-1.5... I have a solr installation which is invoked: /usr/bin/java -Xms25g -Xmx25g -DSTOP.PORT=8079 -DSTOP.KEY=mustard -Dsolr.solr.home=multicore -jar start.jar After start/when the java process is running: # free -m total used free sharedbuffers cached Mem: 32093 23975 8118 0189 5736 -/+ buffers/cache: 18049 14043 Swap: 4095 22 4073 So the machine has 32GB of RAM, and java process needs 25GB to start. When I make a restart the java process dies and in log: Jul 4 08:17:27 test.local solr: Error occurred during initialization of VM Jul 4 08:17:27 test.local solr: Could not reserve enough space for object heap Jul 4 08:17:27 test.local solr: [FAILED] Then a second restart is ok, the process starts and solr is responding. Have you had such problems? As I think during stop jvm gives back the memory to the operating system and then during start is requesting 25GB (can there be a lag in this process?). No other services are running on this machine. Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Java/Solr - Could not reserve enough space for object heap.
Why 25G x2 - -Xms minimal, -Xmx maximal? 2013/7/4 Tru Huynh t...@centos.org On Thu, Jul 04, 2013 at 09:54:49AM +0200, Rafał Radecki wrote: Hi All. # cat /etc/redhat-release CentOS release 6.2 (Final) you should upgrade to 6.4... ... I have a solr installation which is invoked: /usr/bin/java -Xms25g -Xmx25g -DSTOP.PORT=8079 -DSTOP.KEY=mustard -Dsolr.solr.home=multicore -jar start.jar After start/when the java process is running: # free -m total used free sharedbuffers cached Mem: 32093 23975 8118 0189 5736 -/+ buffers/cache: 18049 14043 Swap: 4095 22 4073 So the machine has 32GB of RAM, and java process needs 25GB to start. When I make a restart the java process dies and in log: how do you restart? are you sure that your java is stopped before starting it again? 25G x2 32(ram) + 4(swap) until the 1st java instance is actually stopped. Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Java/Solr - Could not reserve enough space for object heap.
stop/start, I use restart which is stop and start:
start () {
echo -n $Starting $prog:
if [ -e /var/lock/subsys/solr ]; then
echo -n $cannot start solr: solr is already running.;
failure $cannot start solr: solr already running.;
echo
return 1
fi
cd $SOLR_DIR
daemon $JAVA $JAVA_OPTIONS 21 | /usr/bin/logger -t 'solr' -p info
--
RETVAL=$?
echo
[ $RETVAL = 0 ] touch /var/lock/subsys/solr
return $RETVAL
}
stop () {
echo -n $Stopping $prog:
if [ ! -e /var/lock/subsys/solr ]; then
echo -n $cannot stop solr: solr is not running.
failure $cannot stop solr: solr is not running.
echo
return 1;
fi
cd $SOLR_DIR
$JAVA $JAVA_OPTIONS_STOP --stop
RETVAL=$?
sleep 2
echo
[ $RETVAL -eq 0 ] rm -f /var/lock/subsys/solr
return $RETVAL
}
2013/7/4 Rafał Radecki radecki.ra...@gmail.com
Why 25G x2 - -Xms minimal, -Xmx maximal?
2013/7/4 Tru Huynh t...@centos.org
On Thu, Jul 04, 2013 at 09:54:49AM +0200, Rafał Radecki wrote:
Hi All.
# cat /etc/redhat-release
CentOS release 6.2 (Final)
you should upgrade to 6.4...
...
I have a solr installation which is invoked:
/usr/bin/java -Xms25g -Xmx25g -DSTOP.PORT=8079 -DSTOP.KEY=mustard
-Dsolr.solr.home=multicore -jar start.jar
After start/when the java process is running:
# free -m
total used free sharedbuffers
cached
Mem: 32093 23975 8118 0189
5736
-/+ buffers/cache: 18049 14043
Swap: 4095 22 4073
So the machine has 32GB of RAM, and java process needs 25GB to start.
When I make a restart the java process dies and in log:
how do you restart? are you sure that your java is stopped before
starting it again?
25G x2 32(ram) + 4(swap) until the 1st java instance is actually
stopped.
Tru
--
Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 6.4 hostname issues.
Hi All. I currently have a problem with hostname and fqdn. I use: # cat /etc/redhat-release ; uname -r CentOS release 6.4 (Final) 2.6.32-358.11.1.el6.centos.plus.x86_64 # hostname srv1.devel.test.com # grep HOSTNAME /etc/sysconfig/network HOSTNAME=srv1.devel.test.com # cat /etc/hostname srv1 # cat /etc/domainname devel.test.com but # hostname --fqdn devel.test.com As I think it should give: srv1.devel.test.com. Have you got similar problem? Any hint how to solve it? Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ReiserFS - status?
Hi All. What is the status of ReiserFS in CentOS at the moment? I have some servers which use it as a loadable kernel module. I am thinking about a filesystem for database systems and would like to know if ReiserFS will be maintained in CentOS/Linux kernel in the future? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6-6.3 - no updates and security fixes?
Hi All. I've found: This directory (and version of CentOS) is depreciated. For normal users, you should use /6/ and not /6.3/ in your path. Please see this FAQ concerning the CentOS release scheme: http://www.centos.org/modules/smartfaq/faq.php?faqid=34 If you know what you are doing, and absolutely want to remain at the 6.3 level, go to http://vault.centos.org/ for packages. Please keep in mind that 6.0, 6.1, 6.2 and 6.3 no longer gets any updates, nor any security fix's. in http://eu-msync.centos.org/centos-6/6.3/readme Is CentOS 6-6.3 really not updated anymore? Why so soon after release of 6.4? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] httpd writes much to /var? How to audit it properly?
Hi All. I currently use: Apache/2.2.21 on: 2.6.32-279.9.1.el6.centos.plus.x86_64 CentOS release 6.3 (Final) From time to time (it happenes on different machines) I have a very high load up to 100, and I see that there are up to 300/s writes to /var at the same time. Apache restart solves the problem. I would like to know the reason so I decided to use auditd. I've used: auditctl -w /var -p warx And for example: ausearch -f /var -i -ts 04/29/2013 23:00:00 -te 04/29/2013 23:01:00 -ua 1 | grep 'syscall=open' | wc -l gives me 5 but in my monitoring I see that there were up to 300 writes per second to /var at the same moment (id 1 - httpd) (I have verified the writes with command line tools). ausearch -f /var -i -ts 04/29/2013 23:00:00 -te 04/29/2013 23:01:00 | grep 'syscall=open' | wc -l gives: 15 Thanks to auditd I know that the syscalls are performed on /var/tmp but why is there such a difference in auditd output and writes measured in operating system? Do I use auditd wrong? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Memcache timeouts?
Hi All. I am currently using memcache daemon in version 1.4.15 on one of my servers. The second one is executing php scripts which use mentioned memcache daemon (php53-pecl-memcache-2.2.5). Memcache server: CentOS release 6.3 (Final) 2.6.32-279.5.2.el6.centos.plus.x86_64 uptime 184 days PHP server: CentOS release 6.3 (Final) 2.6.32-279.19.1.el6.centos.plus.x86_64 uptime 43 days The memcache server gets about: - 250Mb/s traffic - 4500 connections/s On PHP server I get sometimes timeouts, ~20-30 daily. Both servers are not swapping, they have free memory, cpu is ~40% used max. But I have found some errors in netstat -s: Memcache server: TCP 7251 failed connection attempts (incrementing) 56447 connection resets received (incrementing) TcpExt 36 packets pruned from receive queue because of socket buffer overrun (not incrementing) 2820 packets collapsed in receive queue due to low socket buffer (not incrementing) 459479 connections reset due to unexpected data (incrementing) PHP server: TCP 540 failed connection attempts (incrementing) 381066 connection resets received (incrementing) TcpExt 7194 packets pruned from receive queue because of socket buffer overrun (incrementing) 250104 packets collapsed in receive queue due to low socket buffer (incrementing) 2447931 connections reset due to unexpected data (incrementing) I have tuned tcp/ip a bit: net.ipv4.tcp_fin_timeout = 5 net.ipv4.tcp_tw_reuse = 1 net.core.somaxconn = 1024 net.ipv4.tcp_max_syn_backlog = 4196 net.core.netdev_max_backlog = 4196 net.ipv4.tcp_sack = 0 net.ipv4.ip_local_port_range = 8192 65534 net.core.rmem_max = 8388608 net.core.wmem_max = 8388608 net.ipv4.tcp_rmem = 4096 65536 8388608 net.ipv4.tcp_wmem = 4096 65536 8388608 and set txqueuelen for interfaces (1Gb/s) to 5000. but where to look next? May it be so that the php client version is buggy? Any other tips? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Memcache timeouts?
No, the php scripts are executed from crontab. 2013/3/22 Leon Fauster leonfaus...@googlemail.com: Am 22.03.2013 um 15:37 schrieb Rafał Radecki radecki.ra...@gmail.com: Hi All. I am currently using memcache daemon in version 1.4.15 on one of my servers. The second one is executing php scripts which use mentioned memcache daemon (php53-pecl-memcache-2.2.5). Memcache server: CentOS release 6.3 (Final) 2.6.32-279.5.2.el6.centos.plus.x86_64 uptime 184 days PHP server: CentOS release 6.3 (Final) 2.6.32-279.19.1.el6.centos.plus.x86_64 uptime 43 days The memcache server gets about: - 250Mb/s traffic - 4500 connections/s On PHP server I get sometimes timeouts, ~20-30 daily. Both servers are not swapping, they have free memory, cpu is ~40% used max. But I have found some errors in netstat -s: Memcache server: TCP 7251 failed connection attempts (incrementing) 56447 connection resets received (incrementing) TcpExt 36 packets pruned from receive queue because of socket buffer overrun (not incrementing) 2820 packets collapsed in receive queue due to low socket buffer (not incrementing) 459479 connections reset due to unexpected data (incrementing) PHP server: TCP 540 failed connection attempts (incrementing) 381066 connection resets received (incrementing) TcpExt 7194 packets pruned from receive queue because of socket buffer overrun (incrementing) 250104 packets collapsed in receive queue due to low socket buffer (incrementing) 2447931 connections reset due to unexpected data (incrementing) I have tuned tcp/ip a bit: net.ipv4.tcp_fin_timeout = 5 net.ipv4.tcp_tw_reuse = 1 net.core.somaxconn = 1024 net.ipv4.tcp_max_syn_backlog = 4196 net.core.netdev_max_backlog = 4196 net.ipv4.tcp_sack = 0 net.ipv4.ip_local_port_range = 8192 65534 net.core.rmem_max = 8388608 net.core.wmem_max = 8388608 net.ipv4.tcp_rmem = 4096 65536 8388608 net.ipv4.tcp_wmem = 4096 65536 8388608 and set txqueuelen for interfaces (1Gb/s) to 5000. but where to look next? May it be so that the php client version is buggy? Any other tips? just supposing - are you using httpd? - listenbacklog -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Solr 4.1 - how to check replication staistics using wget?
Hi All.
I am currently migrating from solr 3.6 to solr 4.1.
In 3.6 to check the status of solr master/slave replication I've been using url:
http://${SOLRMASTER}:${SOLRPORT}/solr/admin/replication/index.jsp
from script.
After migration to 4.1 this url is no longer available. Can you tell
which url can be used from script to check replication status?
Best regards,
Rafal.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] HP download.linux.hp.com not available for rsync?
If the rsync inaccessibility will last longer I will switch to lftp, thanks for the info ;) Best regards, Rafal. 2013/2/26 John R Pierce pie...@hogranch.com: On 2/26/2013 12:55 AM, Rafał Radecki wrote: TCP port 873 (rsync) is closed on download.linux.hp.com for ~24 hours. Does anyone know why? A quick look in google has not helped to find the answer. I stopped using rsync for maintaining my own mirrors a few years ago due to similar sorts of issues. instead, I use lftp, with this script... /usr/local/bin/lftp -c 'open ftp://mirrors.kernel.org lcd /export/mirror mirror --continue --verbose=1 -x ia64 -x s390 -x s390x -x alpha -x SRPMS centos' which maintains a copy of whatever is on the centos directory of ftp://mirrors.kernel.org in /export/mirror/centos, but not the itanium, s390, alpha, or SRPMS... -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] HP download.linux.hp.com not available for rsync?
Hi All. TCP port 873 (rsync) is closed on download.linux.hp.com for ~24 hours. Does anyone know why? A quick look in google has not helped to find the answer. Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS mount auto remount in case of problems.
Project requirements. I've mentioned that drbd would be appropriate but... ;) 2013/2/24 Ian Forde ianfo...@gmail.com: Why not use DRBD in lieu of shared storage? On Wed, Feb 20, 2013 at 2:52 AM, Leon Fauster leonfaus...@googlemail.comwrote: Am 20.02.2013 um 11:29 schrieb Rafał Radecki radecki.ra...@gmail.com: Hi All. I have a setup in which I have two servers serving nfs share. The nfs service is made highly available with pacemaker. When the primary server goes down the secondary starts nfs service. Service IP is floating between servers but they have NO shared storage/filesystem so NFS state/connection information in case of failover is lost. I have two clients. When the failover from primary to secondary occurs the mount is stale and I need to manually remount the share. Is there a way in linux/CentOS to automatically remount nfs share in such case? Or should I just write a script which (for example) check /proc/mounts and execute it from crontab? I am curious if it can be done with standard linux services (automounter?) ;) what is the order of the resources nfs and ip? -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] NFS mount auto remount in case of problems.
Hi All. I have a setup in which I have two servers serving nfs share. The nfs service is made highly available with pacemaker. When the primary server goes down the secondary starts nfs service. Service IP is floating between servers but they have NO shared storage/filesystem so NFS state/connection information in case of failover is lost. I have two clients. When the failover from primary to secondary occurs the mount is stale and I need to manually remount the share. Is there a way in linux/CentOS to automatically remount nfs share in such case? Or should I just write a script which (for example) check /proc/mounts and execute it from crontab? I am curious if it can be done with standard linux services (automounter?) ;) Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Gluster - data migration.
Hi All. I have two servers (master and slave) with a replicated gluster volume. Recently I've had a problem with slave and gluster does not work on it now. So I would like to: - stop and remove current volume on master (on slave it is not accessible); - stop gluster software on master (already stopped on slave); - remove gluster software on master and slave (previous administrator used own built rpms, I would like to use http://download.gluster.org/pub/gluster/glusterfs/3.3/3.3.1/EPEL.repo/); - clean old information: setfattr -x trusted.glusterfs.volume-id /gluster setfattr -x trusted.gfid /gluster rm -rf /gluster/.glusterfs - rsync data from master to slave; - start gluster and create a volume with data in rsynced /gluster directory. Are there any pitfalls I should know about? Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Gluster 3.3 - good to use?
Hi All. I want to use mentioned version of glusterfs in a simple master/slave setup (production servers). Two nodes have a replicated volume and the both mount it using glusterfs. What are your experiences with gluster 3.3? Is it stable? Have you had any serious problems? I do not have much experience with gluster and would like to avoid problems if possible. Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Dell firmware repository - out of date firmware?
Hi All. I am using dell firmware repository (http://linux.dell.com/wiki/index.php/Repository/OMSA). To update all firmware on my Dell PowerEdge R310 I use: yum install $(bootstrap_firmware) update_firmware --yes and perform reboot. Then the firmware for my PERC H200 RAID controller is up to date with repository. When I make: /opt/dell/srvadmin/bin/omreport storage controller I get: ... Firmware Version : 07.03.05.00 ... Driver Version: 05.101.00.02 Minimum Required Driver Version : 07.00.01.00-1 ... So my driver is actually out of date. On page: https://www.dell.com/support/drivers/us/en/555/DriverDetails/Product/poweredge-r310?driverId=NX9T4osCode=WS8R2fileId=3126023528 I see that SAS-RAID_Firmware_NX9T4_LN32_07.03.05.00_A08.BIN for RHEL is available. It has a higher driver version than required 07.00.01.00-1 so a manual download and install should be ok in this case. Is the dell hardware repo serving old versions of firmware/drivers? Should I in my case perform a manual update process? Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dell firmware repository - out of date firmware?
Correction: I use this repo for hardware updates: http://linux.dell.com/wiki/index.php/Repository/firmware 2013/2/6 Rafał Radecki radecki.ra...@gmail.com: Hi All. I am using dell firmware repository (http://linux.dell.com/wiki/index.php/Repository/OMSA). To update all firmware on my Dell PowerEdge R310 I use: yum install $(bootstrap_firmware) update_firmware --yes and perform reboot. Then the firmware for my PERC H200 RAID controller is up to date with repository. When I make: /opt/dell/srvadmin/bin/omreport storage controller I get: ... Firmware Version : 07.03.05.00 ... Driver Version: 05.101.00.02 Minimum Required Driver Version : 07.00.01.00-1 ... So my driver is actually out of date. On page: https://www.dell.com/support/drivers/us/en/555/DriverDetails/Product/poweredge-r310?driverId=NX9T4osCode=WS8R2fileId=3126023528 I see that SAS-RAID_Firmware_NX9T4_LN32_07.03.05.00_A08.BIN for RHEL is available. It has a higher driver version than required 07.00.01.00-1 so a manual download and install should be ok in this case. Is the dell hardware repo serving old versions of firmware/drivers? Should I in my case perform a manual update process? Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS on IBM Z Series.
Hi All. I manage some IBM Z Series servers. But currently there are no system tools (like OMSA tools for Dell servers) installed. Is there a repository with tools/firmware updates for IBM servers for Linux/RHEL/CentOS? I've googled around but with no luck. I have found only this for power servers: http://www-304.ibm.com/webapp/set2/sas/f/lopdiags/yum.html Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Dell unofficial community repository - what do you think?
Hi all. I am currently gathering information about firmware update on Dell PowerEdge machines. I've found http://linux.dell.com/wiki/index.php/Firmware-tools_announcement and https://linux.dell.com/repo/community/ It is an unofficial, community supported repository. What are your experiences: should I perform firmware updates the traditional way by downloading *.bin packages from Dell and run them manually or should I use this repo? Is this repo safe and releases stable packages? Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Conntrackd - fail at startup.
Thanks for the tip, it works now :)
Best regards,
Rafal.
2012/11/21 Marcin Lage marcin.l...@gmail.com
I'm not sure, but in UDP { . Interface some -interface }
2012/11/21 Rafał Radecki radecki.ra...@gmail.com
Hi all.
I currently try to start conntrackd to test it.
CentOS release 6.3 (Final)
Linux lb1.local 2.6.32-279.11.1.el6.x86_64 #1 SMP Tue Oct 16 15:57:10 UTC
2012 x86_64 x86_64 x86_64 GNU/Linux
This is a VirtualBox vm.
I try:
/usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf -d
My config:
[root@lb1 log]# egrep -v '^\s*#|^$' /etc/conntrackd/conntrackd.conf |
less
Sync {
Mode FTFW {
}
UDP {
IPv4_address 192.168.100.11
IPv4_Destination_Address 192.168.100.12
Port 3780
SndSocketBuffer 1249280
RcvSocketBuffer 1249280
Checksum on
}
Options {
}
}
General {
Nice -20
HashSize 32768
HashLimit 131072
LogFile on
LockFile /var/lock/conntrack.lock
UNIX {
Path /var/run/conntrackd.ctl
Backlog 20
}
NetlinkBufferSize 2097152
NetlinkBufferSizeMaxGrowth 8388608
Filter From Kernelspace {
Protocol Accept {
TCP
}
Address Ignore {
IPv4_address 127.0.0.1 # loopback
IPv4_address 192.168.100.11 # virtual IP 1
IPv4_address 192.168.100.12 # virtual IP 2
IPv4_address 10.0.2.111
IPv4_address 10.0.2.112
}
State Accept {
ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
}
}
}
With strace (I haven't found an obvious problem in its output):
strace /usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf -d
execve(/usr/sbin/conntrackd, [/usr/sbin/conntrackd, -C,
/etc/conntrackd/conntrackd.conf, -d], [/* 27 vars */]) = 0
brk(0) = 0x1c57000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
=
0x7fa29ca4d000
access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or
directory)
open(/etc/ld.so.cache, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=25665, ...}) = 0
mmap(NULL, 25665, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fa29ca46000
close(3)= 0
open(/usr/lib64/libnetfilter_conntrack.so.3, O_RDONLY) = 3
read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0@G
\0\0\0\0\0\0...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=85240, ...}) = 0
mmap(NULL, 2180848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) =
0x7fa29c61a000
mprotect(0x7fa29c62d000, 2097152, PROT_NONE) = 0
mmap(0x7fa29c82d000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13000) = 0x7fa29c82d000
close(3)= 0
open(/usr/lib64/libnfnetlink.so.0, O_RDONLY) = 3
read(3,
\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\\30\0\0\0\0\0\0...,
832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=24840, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
=
0x7fa29ca45000
mmap(NULL, 2120560, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) =
0x7fa29c414000
mprotect(0x7fa29c41a000, 2093056, PROT_NONE) = 0
mmap(0x7fa29c619000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7fa29c619000
close(3)= 0
open(/lib64/libc.so.6, O_RDONLY) = 3
read(3,
\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\360\355\1\0\0\0\0\0...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1916528, ...}) = 0
mmap(NULL, 3745960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) =
0x7fa29c081000
mprotect(0x7fa29c20a000, 2097152, PROT_NONE) = 0
mmap(0x7fa29c40a000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x189000) = 0x7fa29c40a000
mmap(0x7fa29c40f000, 18600, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fa29c40f000
close(3)= 0
open(/lib64/libdl.so.2, O_RDONLY) = 3
read(3,
\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\340\r\0\0\0\0\0\0...,
832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=19536, ...}) = 0
mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) =
0x7fa29be7d000
mprotect(0x7fa29be7f000, 2097152, PROT_NONE) = 0
mmap(0x7fa29c07f000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fa29c07f000
close(3)= 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
=
0x7fa29ca44000
[CentOS] Conntrackd - fail at startup.
Hi all.
I currently try to start conntrackd to test it.
CentOS release 6.3 (Final)
Linux lb1.local 2.6.32-279.11.1.el6.x86_64 #1 SMP Tue Oct 16 15:57:10 UTC
2012 x86_64 x86_64 x86_64 GNU/Linux
This is a VirtualBox vm.
I try:
/usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf -d
My config:
[root@lb1 log]# egrep -v '^\s*#|^$' /etc/conntrackd/conntrackd.conf | less
Sync {
Mode FTFW {
}
UDP {
IPv4_address 192.168.100.11
IPv4_Destination_Address 192.168.100.12
Port 3780
SndSocketBuffer 1249280
RcvSocketBuffer 1249280
Checksum on
}
Options {
}
}
General {
Nice -20
HashSize 32768
HashLimit 131072
LogFile on
LockFile /var/lock/conntrack.lock
UNIX {
Path /var/run/conntrackd.ctl
Backlog 20
}
NetlinkBufferSize 2097152
NetlinkBufferSizeMaxGrowth 8388608
Filter From Kernelspace {
Protocol Accept {
TCP
}
Address Ignore {
IPv4_address 127.0.0.1 # loopback
IPv4_address 192.168.100.11 # virtual IP 1
IPv4_address 192.168.100.12 # virtual IP 2
IPv4_address 10.0.2.111
IPv4_address 10.0.2.112
}
State Accept {
ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
}
}
}
With strace (I haven't found an obvious problem in its output):
strace /usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf -d
execve(/usr/sbin/conntrackd, [/usr/sbin/conntrackd, -C,
/etc/conntrackd/conntrackd.conf, -d], [/* 27 vars */]) = 0
brk(0) = 0x1c57000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fa29ca4d000
access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or
directory)
open(/etc/ld.so.cache, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=25665, ...}) = 0
mmap(NULL, 25665, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fa29ca46000
close(3)= 0
open(/usr/lib64/libnetfilter_conntrack.so.3, O_RDONLY) = 3
read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0@G\0\0\0\0\0\0...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=85240, ...}) = 0
mmap(NULL, 2180848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7fa29c61a000
mprotect(0x7fa29c62d000, 2097152, PROT_NONE) = 0
mmap(0x7fa29c82d000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13000) = 0x7fa29c82d000
close(3)= 0
open(/usr/lib64/libnfnetlink.so.0, O_RDONLY) = 3
read(3,
\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\\30\0\0\0\0\0\0..., 832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=24840, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fa29ca45000
mmap(NULL, 2120560, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7fa29c414000
mprotect(0x7fa29c41a000, 2093056, PROT_NONE) = 0
mmap(0x7fa29c619000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7fa29c619000
close(3)= 0
open(/lib64/libc.so.6, O_RDONLY) = 3
read(3,
\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\360\355\1\0\0\0\0\0...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1916528, ...}) = 0
mmap(NULL, 3745960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7fa29c081000
mprotect(0x7fa29c20a000, 2097152, PROT_NONE) = 0
mmap(0x7fa29c40a000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x189000) = 0x7fa29c40a000
mmap(0x7fa29c40f000, 18600, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fa29c40f000
close(3)= 0
open(/lib64/libdl.so.2, O_RDONLY) = 3
read(3,
\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\340\r\0\0\0\0\0\0..., 832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=19536, ...}) = 0
mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7fa29be7d000
mprotect(0x7fa29be7f000, 2097152, PROT_NONE) = 0
mmap(0x7fa29c07f000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fa29c07f000
close(3)= 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fa29ca44000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fa29ca43000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fa29ca42000
arch_prctl(ARCH_SET_FS, 0x7fa29ca43700) = 0
mprotect(0x7fa29c07f000, 4096, PROT_READ) = 0
mprotect(0x7fa29c40a000, 16384, PROT_READ) = 0
mprotect(0x7fa29ca4e000, 4096, PROT_READ) = 0
munmap(0x7fa29ca46000, 25665) = 0
uname({sys=Linux, node=lb1.local, ...}) = 0
umask(0177)
[CentOS] JPackage repo - is it good?
Hi all. I am installing solr and would like to use JPackage repo http://www.jpackage.org/. What do you think about this repository? Any problems with it? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Monitoring bandwidth, latency, packet drop.
Hi all. I am currently thinking about monitoring a network link (bandwidth, latency, packet drop). I have a centos server which is connected to providers network through a switch. How to test the link? Should I: - use ICMP to ping gateway and collect staistics of time/packet loss/etc. - use software like here: http://www.cyberciti.biz/faq/linux-unix-windows-monitor-outgoing-bandwidth-latency/ (client/server) ? Is there an option to monitor bandwidth, latency, packet drop without installing additional software on gateway or external host? Best regards, Rafał. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Memcached - replication?
Hi all. I am thinking about installing memcached with replication, I've found http://sourceforge.net/projects/repcached/files/repcached/2.2.1-1.2.8/ but it is for 1.2.8, and for Centos 6.3 memcached is in version 1.4.4. I do not want to use client side replication (writing to two memcached nodes at the same time) and haven't found other solution. Are there any good, protocol compatible solutions? What do you think about couchbase? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Memcached - replication?
What do you think about http://mdounin.ru/ and http://silverdire.com/2012/06/01/memcached-1-4-13-replication/ ? 2012/11/9 Rafał Radecki radecki.ra...@gmail.com Hi all. I am thinking about installing memcached with replication, I've found http://sourceforge.net/projects/repcached/files/repcached/2.2.1-1.2.8/ but it is for 1.2.8, and for Centos 6.3 memcached is in version 1.4.4. I do not want to use client side replication (writing to two memcached nodes at the same time) and haven't found other solution. Are there any good, protocol compatible solutions? What do you think about couchbase? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 6.3 x86_64, drbd, which repo? atrpms or elrepo?
Hi all. I am currently installing drbd on Centos 6.3 x86_64 and have two possible repos to choose. Which one in your opinion is better/provides more stable packages/etc.? Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] 11TB ext4 filesystem - filesystem alternatives?
Hi All. I have a CentOS server: CentOS 5.6 x86_64 2.6.18-238.12.1.el5.centos.plus e4fsprogs-1.41.12-2.el5.x86_64 which has a 11TB ext4 filesystem. I have problems with running fsck on it and would like to change the filesystem because I do not like the possibility of running long fsck on it, it's a production machine. Also I have some problems with running fsck (not enough RAM, problem with scratch_files option) and if the filesystem will need intervention I will be in a problematic situation. Which other mature and stable filesystem can you recommend for such large storage? Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTOP alternatives?
After some search I think I will use ntop ;) Thanks for all help. Best regards, Rafał. 2012/8/28 Lamar Owen lo...@pari.edu On Tuesday, August 28, 2012 02:35:25 AM Rafał Radecki wrote: Hi all. I have currently a task to implement a network traffic analyzer. Some years ago I've used NTOP for that purpose, I would also like to test some alternatives. Which alternatives can you recommend and why? As a package, either the Fedora-based NetworkSecurityToolkit (NST) or the loosly-based-on-ubuntu BackTrack are nice. NST has some very cool features, and a web UI that allows some nice options. NST runs best on a dedicated piece of hardware; slap a couple of GigE NIC's in a good box with dual procs, put one GigE on a SPAN port or a hardware tap, install NST on it and configure to your liking. If you want prepackaged updates that you don't have to built yourself, subscribe to the NSTPro service. www.networksecuritytoolkit.org I'm using it here, and coupled with the power and configurability of Cisco's SPAN it works really well for troubleshooting. I'm using it enough that I set up my own builder on Fedora 16, and have been building my own updates out of NST's SVN, which has been interesting ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] NTOP alternatives?
Hi all. I have currently a task to implement a network traffic analyzer. Some years ago I've used NTOP for that purpose, I would also like to test some alternatives. Which alternatives can you recommend and why? Thanks ;) Best regards, Rafał Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenVPN TAP interface problem.
The situation has changed a little bit ;) Now I am using a routed setup (bridged setup was an old remnant). My server is: CentOS release 6.2 (Final) 2.6.32-220.el6.x86_64 openvpn-2.2.1-1.x86_64 My server config file is: local 1.2.3.4 port 123 proto tcp-server dev tun0 tls-server remote-cert-tls client tls-auth /etc/openvpn/keys/ta.key 0 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key # This file should be kept secret dh /etc/openvpn/keys/dh1024.pem ;crl-verify /etc/openvpn/keys/crl.pem server 172.16.1.0 255.255.255.0 ;ifconfig-pool-persist /etc/openvpn/ipp.txt push route 192.168.0.0 255.255.255.0 172.16.1.1 push route 172.17.0.0 255.255.0.0 172.16.1.1 push dhcp-option DNS 192.168.0.2 push dhcp-option DNS 192.168.0.1 client-to-client duplicate-cn keepalive 10 60 cipher AES-256-CBC # AES comp-lzo max-clients 20 user openvpn group openvpn persist-key persist-tun status /var/log/openvpn-status.log log /var/log/openvpn.log verb 4 My client file is: Ubuntu 12.04.1 LTS 3.2.0-29-generic x86_64 openvpn-2.2.1-8ubuntu1 My client config file is: remote 1.2.3.4 port 123 dev tun0 proto tcp-client resolv-retry 120 ;persist-key ;persist-tun remote-cert-tls server tls-remote server.example.com tls-client ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/client.crt key /etc/openvpn/keys/client.key tls-auth /etc/openvpn/keys/ta.key 1 cipher AES-256-CBC verb 4 log /var/log/openvpn.log status /var/log/openvpn-status.log comp-lzo When I start the openvpn server I get the output in server.log.gz. Also I get one new interface 20: tun0: POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 link/[65534] inet 172.16.1.1 peer 172.16.1.2/32 scope global tun0 In iptables I have (default policies DROP, only for OUTPUT ACCEPT): -A INPUT -s 172.16.1.0/255.255.255.0 -i tun0 -j ACCEPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -d 172.16.1.0/255.255.255.0 -o tun0 -j ACCEPT -A FORWARD -s 172.16.1.0/255.255.255.0 -i tun0 -j ACCEPT When I start openvpn on client in the logfile (client.log.gz) I have Initialization Sequence Completed but in ip a s: 14: tun0: POINTOPOINT,MULTICAST,NOARP mtu 1500 qdisc noop state DOWN qlen 100 link/none The DOWN state is the problem as I think, also there is no IP configuration assigned. At the same moment on server I have output in server2.log.gz. There are lines Peer Connection Initiated with 1.2.3.4:44638 and Wed Aug 22 13:37:53 2012 us=331639 client/1.2.3.4:44638 MULTI: Learn: 172.16.1.6 - client/1.2.3.4:44638 Wed Aug 22 13:37:53 2012 us=331648 client/1.2.3.4:44638 MULTI: primary virtual IP for client/1.2.3.4:44638: 172.16.1.6 But also a line Wed Aug 22 13:38:07 2012 us=418282 client/1.2.3.4:44638 Connection reset, restarting [0] I have no firewall on my client host. Any suggestions? Best regards, Rafał. 2012/8/21 Leon Fauster leonfaus...@googlemail.com Am 21.08.2012 um 16:27 schrieb Rafał Radecki: When I start the tunnel I am not able to ping 1.2.3.4 IP on server, the TAP interface is also in DOWN state. I have no firewall configured. My client log file is attached. Should I have an IP addres on my TAP interface? What are your goals? A bridged setup (dev tap) or a routed network (dev tun)? LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OpenVPN TAP interface problem.
Hi all. I have an OpenVPN server: 2.2.1-1 x86_64 Server config: port 11223 dev tap proto udp tls-server ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh1024.pem server 1.2.3.3 255.255.255.0 push route 192.168.0.0 255.255.255.0 1.2.3.4 keepalive 10 60 client-to-client duplicate-cn inactive 600 log /var/log/openvpn.log syslog status /var/log/openvpn-status.log user openvpn group openvpn persist-tun persist-key verb 4 comp-lzo Server interface: 11: tap0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 link/ether 56:73:e7:c9:c8:e5 brd ff:ff:ff:ff:ff:ff inet 1.2.3.4/24 brd 1.2.3.255 scope global tap0 Client: 2.2.1-8ubuntu1 x86_64 Client config: remote 1.2.3.3 port 11223 dev tap proto udp resolv-retry infinite #nobind persist-key persist-tun tls-client ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/client.crt key /etc/openvpn/keys/client.key ns-cert-type server comp-lzo verb 4 log /var/log/openvpn.log #syslog status /var/log/openvpn-status.log After successful start of openvpn service (Tue Aug 21 16:12:24 2012 us=644993 Initialization Sequence Completed in logfile) I have: Client interface: 9: tap0: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN qlen 100 link/ether 4a:3d:52:dc:51:c3 brd ff:ff:ff:ff:ff:ff When I start the tunnel I am not able to ping 1.2.3.4 IP on server, the TAP interface is also in DOWN state. I have no firewall configured. My client log file is attached. Should I have an IP addres on my TAP interface? Thanks for the help ;) Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 bridging problem.
The setup works well for different kernel. So it is not a problem with the configuration ;) Thanks for all help. Best regards, R. 2012/7/4 Gordon Messmer yiny...@eburg.com: On 06/25/2012 05:22 AM, Rafał Radecki wrote: Do you see an error in my configuration? Why is 10.20.0.108 not available? I don't have a lot of managed switches around to do extensive testing. The closest test I can do is on 5.8 with VLAN 2 and different IPs. Based on that, everything seems like it should work. Since you're able to set up the addresses on the interface without a bridge, the likelihood of a driver problem seems fairly low. Did you ever send the output of brctl show? You should definitely be able to run tcpdump on eth0.20 and see any traffic on that interface. You said that you saw none when you tried to ping the Linux host from the network. What about the reverse? Do you see data go out eth0.20 when you try to ping an address in the attached subnet from the Linux host? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Strange du/df behaviour.
Hi all. I have currently a server: cat /etc/redhat-release CentOS release 5.7 (Final) uname -a Linux host.domain.com 2.6.18-274.18.1.el5 #1 SMP Thu Feb 9 12:45:44 EST 2012 x86_64 x86_64 x86_64 GNU/Linux I have there a filesystem mounted: /dev/vg0/paczki /home/paczki-workdir ext4 defaults,noatime 0 0 on which df gives strange output: LANG=C df -h /home/paczki-workdir;sleep 3;df -h /home/paczki-workdir FilesystemSize Used Avail Use% Mounted on /dev/mapper/vg0-paczki 1008G 268G 690G 28% /home/paczki-workdir System plików rozm. użyte dost. %uż. zamont. na /dev/mapper/vg0-paczki 1008G 155G 803G 17% /home/paczki-workdir du -sk /home/paczki-workdir;sleep 3;du -sk /home/paczki-workdir 48426364/home/paczki-workdir 48428980/home/paczki-workdir du -sh /home/paczki-workdir;sleep 3;du -sh /home/paczki-workdir 47G /home/paczki-workdir 47G /home/paczki-workdir Currently there is only one process writing to the filesystem: root 27945 27918 3 09:16 ?00:01:44 tar --exclude=*/Maildir/.Spam/cur/* --exclude=*/Maildir/.Spam/new/* --use-compress-program /usr/bin/pigz -cf /home/paczki-workdir/abaksa-mail-20120628-0413.tgz and it writes so much data: du -sh /home/paczki-workdir/abaksa-mail-20120628-0413.tgz;sleep 3;du -sh /home/paczki-workdir/abaksa-mail-20120628-0413.tgz 13G /home/paczki-workdir/abaksa-mail-20120628-0413.tgz 13G /home/paczki-workdir/abaksa-mail-20120628-0413.tgz du -sk /home/paczki-workdir/abaksa-mail-20120628-0413.tgz;sleep 3;du -sk /home/paczki-workdir/abaksa-mail-20120628-0413.tgz 13410988/home/paczki-workdir/abaksa-mail-20120628-0413.tgz 13425040/home/paczki-workdir/abaksa-mail-20120628-0413.tgz I've also noticed that when nothing writes to this filesystem than df output also varies over short time periods. When I've updated the kernel and restarted the host for few hours df was showing ok info. There is no info about problems in /var/log/messages and dmesg. Additional info: vgdisplay -v vg0 Using volume group(s) on command line Finding volume group vg0 --- Volume group --- VG Name vg0 System ID Formatlvm2 Metadata Areas1 Metadata Sequence No 7 VG Access read/write VG Status resizable MAX LV0 Cur LV2 Open LV 2 Max PV0 Cur PV1 Act PV1 VG Size 3,64 TB PE Size 4,00 MB Total PE 953863 Alloc PE / Size 786432 / 3,00 TB Free PE / Size 167431 / 654,03 GB VG UUID wRjDqu-TUlW-7YH2-j6xl-nuc1-EczW-D2CAOK --- Logical volume --- LV Name/dev/vg0/paczki VG Namevg0 LV UUID0EyRjA-p90A-bfX6-1zEA-eMba-5Hn5-jc9slo LV Write Accessread/write LV Status available # open 1 LV Size1,00 TB Current LE 262144 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 512 Block device 253:0 --- Logical volume --- LV Name/dev/vg0/msklon5 VG Namevg0 LV UUID8nlU4T-Qozl-bPnr-JOmh-g9Pi-cabs-J7yI7V LV Write Accessread/write LV Status available # open 1 LV Size2,00 TB Current LE 524288 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 512 Block device 253:1 --- Physical volumes --- PV Name /dev/md0 PV UUID hly53e-wbbR-5xLo-3P4k-U4xt-8XeR-W0YCul PV Status allocatable Total PE / Free PE953863 / 167431 mdadm --detail /dev/md0 /dev/md0: Version : 0.90 Creation Time : Wed Apr 11 10:37:04 2012 Raid Level : raid10 Array Size : 3907023872 (3726.03 GiB 4000.79 GB) Used Dev Size : 1953511936 (1863.01 GiB 2000.40 GB) Raid Devices : 4 Total Devices : 4 Preferred Minor : 0 Persistence : Superblock is persistent Update Time : Thu Jun 28 10:17:04 2012 State : active Active Devices : 4 Working Devices : 4 Failed Devices : 0 Spare Devices : 0 Layout : near=2 Chunk Size : 64K UUID : 423fd5cf:beedc018:915808f0:8ec673de Events : 0.845339 Number Major Minor RaidDevice State 0 8 170 active sync /dev/sdb1 1 8 331 active sync /dev/sdc1 2 8 492 active sync /dev/sdd1 3 8 653 active sync /dev/sde1 Any clues why du shows wrong and floating info? Best regards, Rafal Radecki. ___ CentOS mailing list
Re: [CentOS] Strange du/df behaviour.
Update: Any clues why df shows wrong and floating info? 2012/6/28 Rafał Radecki radecki.ra...@gmail.com: Hi all. I have currently a server: cat /etc/redhat-release CentOS release 5.7 (Final) uname -a Linux host.domain.com 2.6.18-274.18.1.el5 #1 SMP Thu Feb 9 12:45:44 EST 2012 x86_64 x86_64 x86_64 GNU/Linux I have there a filesystem mounted: /dev/vg0/paczki /home/paczki-workdir ext4 defaults,noatime 0 0 on which df gives strange output: LANG=C df -h /home/paczki-workdir;sleep 3;df -h /home/paczki-workdir Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg0-paczki 1008G 268G 690G 28% /home/paczki-workdir System plików rozm. użyte dost. %uż. zamont. na /dev/mapper/vg0-paczki 1008G 155G 803G 17% /home/paczki-workdir du -sk /home/paczki-workdir;sleep 3;du -sk /home/paczki-workdir 48426364 /home/paczki-workdir 48428980 /home/paczki-workdir du -sh /home/paczki-workdir;sleep 3;du -sh /home/paczki-workdir 47G /home/paczki-workdir 47G /home/paczki-workdir Currently there is only one process writing to the filesystem: root 27945 27918 3 09:16 ? 00:01:44 tar --exclude=*/Maildir/.Spam/cur/* --exclude=*/Maildir/.Spam/new/* --use-compress-program /usr/bin/pigz -cf /home/paczki-workdir/abaksa-mail-20120628-0413.tgz and it writes so much data: du -sh /home/paczki-workdir/abaksa-mail-20120628-0413.tgz;sleep 3;du -sh /home/paczki-workdir/abaksa-mail-20120628-0413.tgz 13G /home/paczki-workdir/abaksa-mail-20120628-0413.tgz 13G /home/paczki-workdir/abaksa-mail-20120628-0413.tgz du -sk /home/paczki-workdir/abaksa-mail-20120628-0413.tgz;sleep 3;du -sk /home/paczki-workdir/abaksa-mail-20120628-0413.tgz 13410988 /home/paczki-workdir/abaksa-mail-20120628-0413.tgz 13425040 /home/paczki-workdir/abaksa-mail-20120628-0413.tgz I've also noticed that when nothing writes to this filesystem than df output also varies over short time periods. When I've updated the kernel and restarted the host for few hours df was showing ok info. There is no info about problems in /var/log/messages and dmesg. Additional info: vgdisplay -v vg0 Using volume group(s) on command line Finding volume group vg0 --- Volume group --- VG Name vg0 System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 7 VG Access read/write VG Status resizable MAX LV 0 Cur LV 2 Open LV 2 Max PV 0 Cur PV 1 Act PV 1 VG Size 3,64 TB PE Size 4,00 MB Total PE 953863 Alloc PE / Size 786432 / 3,00 TB Free PE / Size 167431 / 654,03 GB VG UUID wRjDqu-TUlW-7YH2-j6xl-nuc1-EczW-D2CAOK --- Logical volume --- LV Name /dev/vg0/paczki VG Name vg0 LV UUID 0EyRjA-p90A-bfX6-1zEA-eMba-5Hn5-jc9slo LV Write Access read/write LV Status available # open 1 LV Size 1,00 TB Current LE 262144 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 512 Block device 253:0 --- Logical volume --- LV Name /dev/vg0/msklon5 VG Name vg0 LV UUID 8nlU4T-Qozl-bPnr-JOmh-g9Pi-cabs-J7yI7V LV Write Access read/write LV Status available # open 1 LV Size 2,00 TB Current LE 524288 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 512 Block device 253:1 --- Physical volumes --- PV Name /dev/md0 PV UUID hly53e-wbbR-5xLo-3P4k-U4xt-8XeR-W0YCul PV Status allocatable Total PE / Free PE 953863 / 167431 mdadm --detail /dev/md0 /dev/md0: Version : 0.90 Creation Time : Wed Apr 11 10:37:04 2012 Raid Level : raid10 Array Size : 3907023872 (3726.03 GiB 4000.79 GB) Used Dev Size : 1953511936 (1863.01 GiB 2000.40 GB) Raid Devices : 4 Total Devices : 4 Preferred Minor : 0 Persistence : Superblock is persistent Update Time : Thu Jun 28 10:17:04 2012 State : active Active Devices : 4 Working Devices : 4 Failed Devices : 0 Spare Devices : 0 Layout : near=2 Chunk Size : 64K UUID : 423fd5cf:beedc018:915808f0:8ec673de Events : 0.845339 Number Major Minor RaidDevice State 0 8 17 0 active sync /dev/sdb1 1 8 33 1 active sync /dev/sdc1 2 8 49 2 active sync /dev/sdd1 3 8 65 3 active sync /dev/sde1
Re: [CentOS] CentOS 6 bridging problem.
Yes, it works well, no problems then. Best regards, Rafal, 2012/6/26 Gordon Messmer yiny...@eburg.com: On 06/26/2012 08:51 AM, Gordon Messmer wrote: Are you absolutely sure that the switch port connected to eth0 is configured to deliver tagged packets for VLAN 20 (and that the ping source is also on that VLAN)? ...and I should follow that up with: If you create a tagged ethernet interface on this system, with NO BRIDGES AT ALL, does the tagged interface work as expected? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 bridging problem.
ip route show 192.168.2.0/24 dev vmbr0 proto kernel scope link src 192.168.2.203 193.218.152.0/24 dev vmbr0 proto kernel scope link src 193.218.152.219 10.20.0.0/16 dev vmbr20 proto kernel scope link src 10.20.0.108 169.254.0.0/16 dev vmbr0 scope link metric 1003 169.254.0.0/16 dev vmbr20 scope link metric 1006 default via 193.218.152.1 dev vmbr0 ip addr show 1: lo: LOOPBACK,UP,LOWER_UP mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:25:22:0d:c2:2a brd ff:ff:ff:ff:ff:ff inet6 fe80::225:22ff:fe0d:c22a/64 scope link valid_lft forever preferred_lft forever 3: vmbr0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 00:25:22:0d:c2:2a brd ff:ff:ff:ff:ff:ff inet 193.218.152.219/24 brd 193.218.152.255 scope global vmbr0 inet 192.168.2.203/24 brd 192.168.2.255 scope global vmbr0:1 inet6 fe80::225:22ff:fe0d:c22a/64 scope link valid_lft forever preferred_lft forever 4: venet0: BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/void inet6 fe80::1/128 scope link valid_lft forever preferred_lft forever 5: eth0.20@eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UP link/ether 00:25:22:0d:c2:2a brd ff:ff:ff:ff:ff:ff inet6 fe80::225:22ff:fe0d:c22a/64 scope link valid_lft forever preferred_lft forever 6: vmbr20: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 00:25:22:0d:c2:2a brd ff:ff:ff:ff:ff:ff inet 10.20.0.108/16 brd 10.20.255.255 scope global vmbr20 inet6 fe80::225:22ff:fe0d:c22a/64 scope link valid_lft forever preferred_lft forever Any clue? Best regards, Rafal Radecki. 2012/6/25 Gordon Messmer yiny...@eburg.com: On 06/25/2012 05:22 AM, Rafał Radecki wrote: Do you see an error in my configuration? Why is 10.20.0.108 not available? Not immediately, but check the output of the 'ip' tools. ifconfig and route are deprecated: ip route show ip addr show Finally, see if there's any incoming traffic on the tagged interface: tcpdump -n -i eth0.20 ... while you ping the assigned address. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 bridging problem.
tcpdump -n -i eth0.20 shows that there is no traffic when I try to ping 10.20.0.108. Best regards, R. 2012/6/26 Rafał Radecki radecki.ra...@gmail.com: ip route show 192.168.2.0/24 dev vmbr0 proto kernel scope link src 192.168.2.203 193.218.152.0/24 dev vmbr0 proto kernel scope link src 193.218.152.219 10.20.0.0/16 dev vmbr20 proto kernel scope link src 10.20.0.108 169.254.0.0/16 dev vmbr0 scope link metric 1003 169.254.0.0/16 dev vmbr20 scope link metric 1006 default via 193.218.152.1 dev vmbr0 ip addr show 1: lo: LOOPBACK,UP,LOWER_UP mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:25:22:0d:c2:2a brd ff:ff:ff:ff:ff:ff inet6 fe80::225:22ff:fe0d:c22a/64 scope link valid_lft forever preferred_lft forever 3: vmbr0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 00:25:22:0d:c2:2a brd ff:ff:ff:ff:ff:ff inet 193.218.152.219/24 brd 193.218.152.255 scope global vmbr0 inet 192.168.2.203/24 brd 192.168.2.255 scope global vmbr0:1 inet6 fe80::225:22ff:fe0d:c22a/64 scope link valid_lft forever preferred_lft forever 4: venet0: BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/void inet6 fe80::1/128 scope link valid_lft forever preferred_lft forever 5: eth0.20@eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UP link/ether 00:25:22:0d:c2:2a brd ff:ff:ff:ff:ff:ff inet6 fe80::225:22ff:fe0d:c22a/64 scope link valid_lft forever preferred_lft forever 6: vmbr20: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 00:25:22:0d:c2:2a brd ff:ff:ff:ff:ff:ff inet 10.20.0.108/16 brd 10.20.255.255 scope global vmbr20 inet6 fe80::225:22ff:fe0d:c22a/64 scope link valid_lft forever preferred_lft forever Any clue? Best regards, Rafal Radecki. 2012/6/25 Gordon Messmer yiny...@eburg.com: On 06/25/2012 05:22 AM, Rafał Radecki wrote: Do you see an error in my configuration? Why is 10.20.0.108 not available? Not immediately, but check the output of the 'ip' tools. ifconfig and route are deprecated: ip route show ip addr show Finally, see if there's any incoming traffic on the tagged interface: tcpdump -n -i eth0.20 ... while you ping the assigned address. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 bridging problem.
tcpdump -n -i eth0 icmp and src host 10.20.0.98 does not give any results when ping is invoked. 2012/6/26 John R Pierce pie...@hogranch.com: On 06/26/12 12:47 AM, Rafał Radecki wrote: tcpdump -n -i eth0.20 shows that there is no traffic when I try to ping 10.20.0.108. try just tcpdump -n -i eth0 I am not sure you can packet sniff a virtual interface, more likely you can only sniff an actual physical interface. -- john r pierce N 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Universal server hardware platform - which to choose?
Hi all. I am working for a hosting provider in Poland. We are currently searching for an universal, extensible hardware platform which we would like to use in our server infrastructure. The platform should have: - possibility to install up to 32GB of RAM and at least 4 slots for it; - at least 6 SATA ports; - the possibility to use SAS disks; - at least one 1Gb/s network interface and the possibility to add another one; - size of 2 or 3U; - hot swap for disks. We are looking for a solution in which we would be able to deploy a basic server with for example 2 SATA disks, 8GB of RAM, 1 NIC, 4 cors and to be able to use the same enclosure and motherboard and extend it to deploy a more heavy-duty server with for example 6 SATA disks, 24GB of RAM, 2 NICs, 8 cors. Which manufacturer can you recommend and why? We are looking for something rather not expensive but reliable which has a good support. All servers will be based on CentOS5/6 :) Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6 bridging problem.
Hi all. I have currently an OpenVZ server: uname -a Linux vader8.superhost.pl 2.6.32-042stab055.16 #1 SMP Fri Jun 8 19:22:28 MSD 2012 x86_64 x86_64 x86_64 GNU/Linux cat /etc/redhat-release CentOS release 6.2 (Final) lspci | grep -i eth 01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03) cd /etc/sysconfig/network-scripts cat ifcfg-eth0 DEVICE=eth0 BOOTPROTO=none NM_CONTROLLED=no ONBOOT=yes TYPE=Ethernet HWADDR=00:25:22:0D:C2:2A DOMAIN=domain.eu IPV4_FAILURE_FATAL=yes IPV6INIT=no NAME=System eth0 UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 BRIDGE=vmbr0 cat ifcfg-eth0.20 DEVICE=eth0.20 BOOTPROTO=none ONBOOT=yes VLAN=yes BRIDGE=vmbr20 cat ifcfg-vmbr20 DEVICE=vmbr20 BOOTPROTO=none DHCPCLASS= IPADDR=10.20.0.108 NETMASK=255.255.0.0 ONBOOT=yes TYPE=Bridge cat ifcfg-vmbr0 DEVICE=vmbr0 BOOTPROTO=none DHCPCLASS= IPADDR=195.218.152.219 NETMASK=255.255.255.0 ONBOOT=yes TYPE=Bridge cat ifcfg-vmbr0:1 DEVICE=vmbr0:1 BOOTPROTO=none IPADDR=192.168.2.203 NETMASK=255.255.255.0 ONBOOT=yes cat ifcfg-venet0 DEVICE=venet0 ONBOOT=yes STARTMODE=onboot route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.2.0 0.0.0.0 255.255.255.0 U 0 00 vmbr0 195.218.152.0 0.0.0.0 255.255.255.0 U 0 00 vmbr0 10.20.0.0 0.0.0.0 255.255.0.0 U 0 00 vmbr20 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 00 vmbr0 169.254.0.0 0.0.0.0 255.255.0.0 U 1006 00 vmbr20 0.0.0.0 193.218.152.1 0.0.0.0 UG0 00 vmbr0 iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination So I have a setup in which: - eth0 is my physical interface - it is bridged with vmbr0 with ip 195.218.152.219 and this address is accessible across the network - eth0.20 is a logical interface in VLAN 20 on eth0 - it is bridged with vmbr20 with ip 10.20.0.108 and this address IS NOT accessible across the network - vmbr0 bridge has an alias vmbr0:1 with ip 192.168.2.203 and this address is accessible across the network When I set up the network for testing: - eth0 as a physical interface 195.218.152.219 - eth0.20 as a VLAN interface 10.20.0.108 both addresses are accessible across the network (VLANs on the switch are set up correctly, VLAN 1 untagged, VLAN 20 tagged). Do you see an error in my configuration? Why is 10.20.0.108 not available? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Disk geometry problem.
Hi all.
I have a CentOS server:
CentOS release 5.7 (Final)
2.6.18-274.3.1.el5 x86_64
I have two SSD disks attached:
smartctl -i /dev/sdc
smartctl version 5.38 [x86_64-redhat-linux-gnu] Copyright (C) 2002-8 Bruce
Allen
Home page is http://smartmontools.sourceforge.net/
=== START OF INFORMATION SECTION ===
Device Model: INTEL SSDSA2CW120G3
Serial Number:CVPR13010957120LGN
Firmware Version: 4PC10362
User Capacity:120,034,123,776 bytes
Device is:Not in smartctl database [for details use: -P showall]
ATA Version is: 8
ATA Standard is: ATA-8-ACS revision 4
Local Time is:Mon May 28 13:12:18 2012 CEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
smartctl -i /dev/sdd
smartctl version 5.38 [x86_64-redhat-linux-gnu] Copyright (C) 2002-8 Bruce
Allen
Home page is http://smartmontools.sourceforge.net/
=== START OF INFORMATION SECTION ===
Device Model: INTEL SSDSA2CW120G3
Serial Number:CVPR126101YK120LGN
Firmware Version: 4PC10362
User Capacity:120,034,123,776 bytes
Device is:Not in smartctl database [for details use: -P showall]
ATA Version is: 8
ATA Standard is: ATA-8-ACS revision 4
Local Time is:Mon May 28 13:12:35 2012 CEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
fdisk shows:
fdisk -l /dev/sdc
Disk /dev/sdc: 120.0 GB, 120034123776 bytes
32 heads, 32 sectors/track, 228946 cylinders
Units = cylinders of 1024 * 512 = 524288 bytes
Device Boot Start End Blocks Id System
/dev/sdc1 3 491 250368 83 Linux
/dev/sdc2 492 228946 116968960 fd Linux raid
autodetect
fdisk -l /dev/sdd
Disk /dev/sdd: 120.0 GB, 120034123776 bytes
255 heads, 63 sectors/track, 14593 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
hdparm shows:
hdparm -I /dev/sdc ~/tmp/hdparm_sdc (file attached)
hdparm -I /dev/sdd ~/tmp/hdparm_sdd (file attached)
diff hdparm_sd[cd]
2c2
/dev/sdc:
---
/dev/sdd:
6c6
Serial Number: CVPR13010957120LGN
---
Serial Number: CVPR126101YK120LGN
85c85
Logical Unit WWN Device Identifier: 5001517959613b9f
---
Logical Unit WWN Device Identifier: 50015179595b6a83
88c88
Unique ID : 959613b9f
---
Unique ID : 9595b6a83
hdparm -g /dev/sdc /dev/sdd
/dev/sdc:
geometry = 14593/255/63, sectors = 234441648, start = 0
/dev/sdd:
geometry = 14593/255/63, sectors = 234441648, start = 0
sfdisk shows:
sfdisk -g /dev/sdc;sfdisk -G /dev/sdc
/dev/sdc: 14593 cylinders, 255 heads, 63 sectors/track
/dev/sdc: 228946 cylinders, 32 heads, 32 sectors/track
sfdisk -g /dev/sdd;sfdisk -G /dev/sdd
/dev/sdd: 14593 cylinders, 255 heads, 63 sectors/track
/dev/sdd: 14593 cylinders, 255 heads, 63 sectors/track
I have /dev/sdc{1,2} mounted and used by /dev/md0, /dev/md1 RAID1. I
would like to add /dev/sdd{1,2} to these RAID's but sfdisk has problems
when I try to make partitions on /dev/sdd.
sfdisk -d /dev/sdc | sfdisk /dev/sdd
Checking that no-one is using this disk right now ...
OK
Disk /dev/sdd: 14593 cylinders, 255 heads, 63 sectors/track
Old situation:
Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0
Device Boot Start End #cyls#blocks Id System
/dev/sdd1 0 - 0 00 Empty
/dev/sdd2 0 - 0 00 Empty
/dev/sdd3 0 - 0 00 Empty
/dev/sdd4 0 - 0 00 Empty
Warning: given size (233937920) exceeds max allowable size (233933761)
sfdisk: bad input
As I see in fdisk's and sfdisk output there is a difference at some level
in disk geometry. Could you suggest a solution?
Best regards,
Rafal.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS-virt] Eucalyptus 2.0.3 on CentOS - VM auto fail-over?
Hi all. I am currently testing Eucalyptus. I have two servers, one of them has CLC, Walrus, CC and NC, the second only NC. When I make a new Xen VM (from kernel, initrd, filesystem image) then it is placed on one of the nodes with NC. I would like to test VM fail-over. When on one node the VM is not running good it should be transferred to the second node as I think. Do I need EBS for that? How should eucalyptus be configured? Any howtos? I have found only basic ones with installation and starting of VM instances. Best regards, Rafal Radecki. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS] Ext3 and drbd read-only remount problem.
Hi all. I have two hosts with drbd: kmod-drbd83-8.3.8-1.el5.centos drbd83-8.3.8-1.el5.centos and kernel (CentOS 5.7): 2.6.18-308.4.1.el5 After a recent upgrade of kernel I have had two sitiuations when my ext3 filesystem on /dev/drbd0 became read-only. I've checked disks with smartctl -t long, they are ok. There are no messages with disks problems in /var/log/messages | dmesg. I've made fsck tonight but 3 hours after it has finished the problem repeated once more (under heavy load). /var/log/messages: May 6 06:22:27 srv1a kernel: EXT3-fs error (device drbd0): htree_dirblock_to_tree: bad entry in directory #43024813: rec_len % 4 != 0 - offset=73728, inode=1701012818, rec_len=30313, name_len=101 May 6 06:22:27 srv1a kernel: Aborting journal on device drbd0. May 6 06:22:28 srv1a kernel: journal commit I/O error May 6 06:22:28 srv1a kernel: ext3_abort called. May 6 06:22:28 srv1a kernel: journal commit I/O error May 6 06:22:28 srv1a kernel: EXT3-fs error (device drbd0): ext3_journal_start_sb: Detected aborted journal May 6 06:22:28 srv1a kernel: ext3_abort called. May 6 06:22:28 srv1a kernel: EXT3-fs error (device drbd0): ext3_journal_start_sb: Detected aborted journal May 6 06:22:28 srv1a kernel: Remounting filesystem read-only May 6 06:22:28 srv1a kernel: __journal_remove_journal_head: freeing b_committed_data May 6 06:22:28 srv1a kernel: __journal_remove_journal_head: freeing b_committed_data May 6 06:22:28 srv1a kernel: __journal_remove_journal_head: freeing b_committed_data May 6 06:22:28 srv1a kernel: journal commit I/O error May 6 06:22:28 srv1a kernel: EXT3-fs error (device drbd0): htree_dirblock_to_tree: bad entry in directory #43024813: rec_len % 4 != 0 - offset=106496, inode=1701012818, rec_len=30313, name_len=101 May 6 06:22:28 srv1a kernel: EXT3-fs error (device drbd0): htree_dirblock_to_tree: bad entry in directory #43024813: rec_len % 4 != 0 - offset=204800, inode=1869116005, rec_len=29811, name_len=46 I've found: https://bugzilla.redhat.com/show_bug.cgi?id=494927 There are some clues that it may be a kernel problem so I went back to: 2.6.18-274.7.1.el5 At the moment the situation is ok but I've read that the problem happens in random circumstances. Any clues what to do? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ext3 and drbd read-only remount problem.
I have one more question with regard to mentioned kernel update to 2.6.18-308.4.1.el5 : in extras repo there is a package available kmod-drbd83 8.3.12 This package provides the drbd83 kernel modules built for the Linux : kernel 2.6.18-274.17.1.el5 for the i686 family of processors. We currently have installed kmod-drbd83: 8.3.8 This package provides the drbd83 kernel modules built for the Linux : kernel 2.6.18-194.el5 for the i686 family of processors. Should kmod-drbd83 version match current kernel version (from package description) or should kmod-drbd83 in version 8.3.8 be installed if we are using drbd83-8.3.8-1.el5.centos ? Best regards, Rafal. 2012/5/6 Rafał Radecki radecki.ra...@gmail.com Hi all. I have two hosts with drbd: kmod-drbd83-8.3.8-1.el5.centos drbd83-8.3.8-1.el5.centos and kernel (CentOS 5.7): 2.6.18-308.4.1.el5 After a recent upgrade of kernel I have had two sitiuations when my ext3 filesystem on /dev/drbd0 became read-only. I've checked disks with smartctl -t long, they are ok. There are no messages with disks problems in /var/log/messages | dmesg. I've made fsck tonight but 3 hours after it has finished the problem repeated once more (under heavy load). /var/log/messages: May 6 06:22:27 srv1a kernel: EXT3-fs error (device drbd0): htree_dirblock_to_tree: bad entry in directory #43024813: rec_len % 4 != 0 - offset=73728, inode=1701012818, rec_len=30313, name_len=101 May 6 06:22:27 srv1a kernel: Aborting journal on device drbd0. May 6 06:22:28 srv1a kernel: journal commit I/O error May 6 06:22:28 srv1a kernel: ext3_abort called. May 6 06:22:28 srv1a kernel: journal commit I/O error May 6 06:22:28 srv1a kernel: EXT3-fs error (device drbd0): ext3_journal_start_sb: Detected aborted journal May 6 06:22:28 srv1a kernel: ext3_abort called. May 6 06:22:28 srv1a kernel: EXT3-fs error (device drbd0): ext3_journal_start_sb: Detected aborted journal May 6 06:22:28 srv1a kernel: Remounting filesystem read-only May 6 06:22:28 srv1a kernel: __journal_remove_journal_head: freeing b_committed_data May 6 06:22:28 srv1a kernel: __journal_remove_journal_head: freeing b_committed_data May 6 06:22:28 srv1a kernel: __journal_remove_journal_head: freeing b_committed_data May 6 06:22:28 srv1a kernel: journal commit I/O error May 6 06:22:28 srv1a kernel: EXT3-fs error (device drbd0): htree_dirblock_to_tree: bad entry in directory #43024813: rec_len % 4 != 0 - offset=106496, inode=1701012818, rec_len=30313, name_len=101 May 6 06:22:28 srv1a kernel: EXT3-fs error (device drbd0): htree_dirblock_to_tree: bad entry in directory #43024813: rec_len % 4 != 0 - offset=204800, inode=1869116005, rec_len=29811, name_len=46 I've found: https://bugzilla.redhat.com/show_bug.cgi?id=494927 There are some clues that it may be a kernel problem so I went back to: 2.6.18-274.7.1.el5 At the moment the situation is ok but I've read that the problem happens in random circumstances. Any clues what to do? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Limiting network traffic from different IPs.
Hi all. I have a router with 5 network interfaces and sometimes there is so much traffic on one of them that the server load is very high. What are the options to limit the traffic per IP address on every interface? Which need least system (CPU, memory) resources? Thanks. Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Problem with ethernet card: r8169.
Hi all. I have two servers 2.6.18-308.4.1.el5PAE CentOS release 5.7 (Final) Both have two external gigabit network cards (installed Planet with Realtek r8169 chipset). lspci 04:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Ethernet (rev 10) 04:01.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Ethernet (rev 10) /var/log/messages May 3 15:00:22 ms7a kernel: r8169: eth1: link up May 3 16:05:27 ms7a kernel: irq 177: nobody cared (try booting with the irqpoll option) May 3 16:05:27 ms7a kernel: [c044ea52] __report_bad_irq+0x2b/0x69 May 3 16:05:27 ms7a kernel: [c044ec49] note_interrupt+0x1b9/0x1f0 May 3 16:05:27 ms7a kernel: [c044e339] __do_IRQ+0xdd/0x118 May 3 16:05:27 ms7a kernel: [c044e25c] __do_IRQ+0x0/0x118 May 3 16:05:27 ms7a kernel: [c04074c4] do_IRQ+0x9b/0xc3 May 3 16:05:27 ms7a kernel: [c040597a] common_interrupt+0x1a/0x20 May 3 16:05:27 ms7a kernel: [c05339f3] acpi_processor_idle_simple+0x174/0x297 May 3 16:05:27 ms7a kernel: [c0522a21] acpi_set_register+0x14c/0x155 May 3 16:05:27 ms7a kernel: [c0403d14] cpu_idle+0x9f/0xb9 May 3 16:05:27 ms7a kernel: === May 3 16:05:27 ms7a kernel: handlers: May 3 16:05:27 ms7a kernel: [f89710d9] (rtl8169_interrupt+0x0/0x232 [r8169]) May 3 16:05:27 ms7a kernel: Disabling IRQ #177 May 4 12:46:03 ms7b kernel: irq 177: nobody cared (try booting with the irqpoll option) May 4 12:46:03 ms7b kernel: [c044ee5a] __report_bad_irq+0x2b/0x69 May 4 12:46:03 ms7b kernel: [c044f051] note_interrupt+0x1b9/0x1f0 May 4 12:46:03 ms7b kernel: [c044e741] __do_IRQ+0xdd/0x118 May 4 12:46:03 ms7b kernel: [c044e664] __do_IRQ+0x0/0x118 May 4 12:46:03 ms7b kernel: [c04074c4] do_IRQ+0x9b/0xc3 May 4 12:46:03 ms7b kernel: [c040597a] common_interrupt+0x1a/0x20 May 4 12:46:03 ms7b kernel: [c05f3518] tcp_rcv_established+0x77c/0x784 May 4 12:46:03 ms7b kernel: [c05c117e] skb_checksum+0x52/0x282 May 4 12:46:03 ms7b kernel: [c05f8522] tcp_v4_do_rcv+0x25/0x2b6 May 4 12:46:03 ms7b kernel: [c05faa9a] tcp_v4_rcv+0x8e9/0x93b May 4 12:46:03 ms7b kernel: [c05e21e1] ip_local_deliver+0x15b/0x206 May 4 12:46:03 ms7b kernel: [c05e204c] ip_rcv+0x47f/0x4b9 May 4 12:46:03 ms7b kernel: [c05c6aea] netif_receive_skb+0x3dd/0x401 May 4 12:46:03 ms7b kernel: [f89828c2] rtl8169_rx_interrupt+0x4be/0x4cd [r8169] May 4 12:46:03 ms7b kernel: [f898516d] rtl8169_poll_compat+0x48/0x19f [r8169] May 4 12:46:03 ms7b kernel: [c05c8923] net_rx_action+0x9c/0x19c May 4 12:46:03 ms7b kernel: [c042ad55] __do_softirq+0x87/0x114 May 4 12:46:03 ms7b kernel: [c04073e5] do_softirq+0x4e/0x92 May 4 12:46:03 ms7b kernel: [c044e664] __do_IRQ+0x0/0x118 May 4 12:46:03 ms7b kernel: [c04074e0] do_IRQ+0xb7/0xc3 May 4 12:46:03 ms7b kernel: [c040597a] common_interrupt+0x1a/0x20 May 4 12:46:03 ms7b kernel: [c0534c17] acpi_processor_idle_simple+0x0/0x2e5 May 4 12:46:03 ms7b kernel: [c053452b] acpi_safe_halt+0x14/0x20 May 4 12:46:03 ms7b kernel: [c0534ced] acpi_processor_idle_simple+0xd6/0x2e5 May 4 12:46:03 ms7b kernel: [c0523db9] 6NETDEV WATCHDOG: eth1: transmit timed out May 4 12:46:03 ms7b kernel: acpi_set_register+0x14c/0x155 May 4 12:46:03 ms7b kernel: [c0403d14] cpu_idle+0x9f/0xb9 May 4 12:46:03 ms7b kernel: === May 4 12:46:03 ms7b kernel: handlers: May 4 12:46:03 ms7b kernel: [f89830d9] (rtl8169_interrupt+0x0/0x232 [r8169]) May 4 12:46:03 ms7b kernel: Disabling IRQ #177 May 4 12:46:03 ms7b kernel: r8169: eth1: link up I have random network connectivity problems only reboot helps for some time, then the problem returns. I've added irqpoll option to kernel line in grub.conf but it hasn't helped. I've checked options in bios but haven't found anything interesting. Any clues what to do next? Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS stresstest - what to use?
Hi all. I currently have a CentOS 5.8 x64 host. I have some info that it is slow for end users. I would like to use some tools to make tests of proc/memory/disks. Is there a program suite which you could recommend? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] XEN or KVM - performance/stability/security?
Hi all. I am currently building a small test cloud based on Eucalyptus 2.0.3 and CentOS 5.8 x64. I have a choice which hypervisor to use: KVM or XEN. KVM is the default in CentOS 6 but I have read also many good things (for example PV guest machines, isolation between Dom0 and DomU) about XEN. Key factors from my opint of view are: - stability (which one runs more smoothly on CentOS?) - performance (XEN PV/HVM(with or without pv drivers) vs KVM HVM(with or without pv drivers)) - security Could you share your experience in these areas? Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XEN or KVM - performance/stability/security?
Why? 2012/4/20 Jonathan Vomacka juvi...@gmail.com On 4/20/2012 8:59 AM, Rafał Radecki wrote: Hi all. I am currently building a small test cloud based on Eucalyptus 2.0.3 and CentOS 5.8 x64. I have a choice which hypervisor to use: KVM or XEN. KVM is the default in CentOS 6 but I have read also many good things (for example PV guest machines, isolation between Dom0 and DomU) about XEN. Key factors from my opint of view are: - stability (which one runs more smoothly on CentOS?) - performance (XEN PV/HVM(with or without pv drivers) vs KVM HVM(with or without pv drivers)) - security Could you share your experience in these areas? Best regards, Rafal Radecki. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Xen all the way. That's just my opinion though. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] System hanged - no info in logs.
Hi All. I had today a problem with my mail server (2.6.18-274.12.1.el5 #1 SMP Tue Nov 29 13:37:35 EST 2011 i686 i686 i386 GNU/Linux, CentOS release 5.7 (Final)). On my Cacti graphs I see that there has been much I/O write on the disks and then there is no more info. Also in logs (messages, dmesg, netconsole) there is no info for about 15 minutes when there was a problem with the server. I would like to have some info in such situations. Do you know any solutions? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] FSCK on mounted filesystem (LVM/DRBD)?
Hi All. I have two running servers (drbd primary, drbd secondary). When there is a problem with one of them we switch to the second one. Currently on the /dev/drbd0 (it has /xxx ext3 filesystem directly on it) we have some filesystem problems (after fsck -n). I would like to correct these errors but the filesystem should be unmounted first (I would like to avoid it if possible). Is there a way to make fsck -a on mounted filesystem for ext3? My setup is: ext3 filesystem (problems) ^ DRBD ^ LVS ^ RAID Any ideas? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] System hanged - no info in logs.
The system was not rebooted, it just was not responsive (ssh) and has a gap in logfiles for 15 minutes. After 15 minutes it started responding. Best regards, R. W dniu 12 kwietnia 2012 16:08 użytkownik Phil Schaffner philip.r.schaff...@nasa.gov napisał: Rafał Radecki wrote on 04/12/2012 03:07 AM: Hi All. I had today a problem with my mail server (2.6.18-274.12.1.el5 #1 SMP Tue Nov 29 13:37:35 EST 2011 i686 i686 i386 GNU/Linux, CentOS release 5.7 (Final)). On my Cacti graphs I see that there has been much I/O write on the disks and then there is no more info. Also in logs (messages, dmesg, netconsole) there is no info for about 15 minutes when there was a problem with the server. I would like to have some info in such situations. Do you know any solutions? Your description is unclear. Did the system recover, or did it have to be power cycled or otherwise rebooted? A hang with no log information can sometimes be caused by driver issues. The first thing to try is a yum update to the current and supported version 5.8. Phil ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 5 - problem with kernel/process: task blocked for more than 120 seconds.
Hi All. I have a server which hanged two times because we could not connect to the box, it was not responding. In /var/log/messages I saw: Apr 11 10:13:29 server kernel: INFO: task imap:5855 blocked for more than 120 seconds. Apr 11 10:13:29 server kernel: echo 0 /proc/sys/kernel/hung_task_timeout_secs disables this message. Apr 11 10:13:29 server kernel: imap D 000124D0 1716 5855 14393 6320 5839 (NOTLB) Apr 11 10:13:29 server kernel: d1adeed0 0082 632f304d 000124d0 000124cf 000e 0009 Apr 11 10:13:29 server kernel: c750b000 632f379a 000124d0 074d c750b10c c17f6d00 d2637580 Apr 11 10:13:29 server kernel: f75d3e68 d1adeecc c041ec40 d1adeed8 f75d3e50 Apr 11 10:13:29 server kernel: Call Trace: Apr 11 10:13:29 server kernel: [c041ec40] __wake_up+0x2a/0x3d Apr 11 10:13:29 server kernel: [c0436d23] prepare_to_wait+0x24/0x46 Apr 11 10:13:29 server kernel: [f885f1e2] log_wait_commit+0x80/0xc7 [jbd] Apr 11 10:13:29 server kernel: [c0436bd7] autoremove_wake_function+0x0/0x2d Apr 11 10:13:29 server kernel: [f885a661] journal_stop+0x195/0x1ba [jbd] Apr 11 10:13:29 server kernel: [c0495caa] __writeback_single_inode+0x197/0x2a3 Apr 11 10:13:29 server kernel: [c045ee18] do_writepages+0x2b/0x32 Apr 11 10:13:29 server kernel: [c045a96c] __filemap_fdatawrite_range+0x66/0x72 Apr 11 10:13:29 server kernel: [c0496346] sync_inode+0x19/0x24 Apr 11 10:13:29 server kernel: [f8983009] ext3_sync_file+0xb1/0xdc [ext3] Apr 11 10:13:29 server kernel: [c047956c] do_fsync+0x41/0x83 Apr 11 10:13:29 server kernel: [c04795cb] __do_fsync+0x1d/0x2b Apr 11 10:13:29 server kernel: [c0404f4b] syscall_call+0x7/0xb Apr 11 10:13:29 server kernel: === Apr 11 10:13:29 server kernel: INFO: task imap:6882 blocked for more than 120 seconds. Apr 11 10:13:29 server kernel: echo 0 /proc/sys/kernel/hung_task_timeout_secs disables this message. Apr 11 10:13:29 server kernel: imap D 000124D0 1772 6882 14393 6999 6053 (NOTLB) Apr 11 10:13:29 server kernel: cf1d0ed0 0082 632f379a 000124d0 000124cc 000e 0009 Apr 11 10:13:29 server kernel: f52e9000 632f3f0a 000124d0 0770 f52e910c c17f6d00 cbe44740 Apr 11 10:13:29 server kernel: f75d3e68 cf1d0ecc c041ec40 cf1d0ed8 f75d3e50 Apr 11 10:13:29 server kernel: Call Trace: Apr 11 10:13:29 server kernel: [c041ec40] __wake_up+0x2a/0x3d Apr 11 10:13:29 server kernel: [c0436d23] prepare_to_wait+0x24/0x46 Apr 11 10:13:31 server kernel: [f885f1e2] log_wait_commit+0x80/0xc7 [jbd] Apr 11 10:13:31 server kernel: [c0436bd7] autoremove_wake_function+0x0/0x2d Apr 11 10:13:31 server kernel: [f885a661] journal_stop+0x195/0x1ba [jbd] Apr 11 10:13:31 server kernel: [c0495caa] __writeback_single_inode+0x197/0x2a3 Apr 11 10:13:31 server kernel: [c045ee18] do_writepages+0x2b/0x32 Apr 11 10:13:31 server kernel: [c045a96c] __filemap_fdatawrite_range+0x66/0x72 Apr 11 10:13:31 server kernel: [c0496346] sync_inode+0x19/0x24 Apr 11 10:13:31 server kernel: [f8983009] ext3_sync_file+0xb1/0xdc [ext3] Apr 11 10:13:31 server kernel: [c047956c] do_fsync+0x41/0x83 Apr 11 10:13:31 server kernel: [c04795cb] __do_fsync+0x1d/0x2b Apr 11 10:13:31 server kernel: [c0404f4b] syscall_call+0x7/0xb Apr 11 10:13:31 server kernel: === I have found: http://www.nico.schottelius.org/blog/reboot-linux-if-task-blocked-for-more-than-n-seconds/, so I think that the processes took all resources of the machine. What should be done to troubleshoot the situation? I have information that probably imap:5855 and imap:6882 caused the problem. How the output: Apr 11 10:13:29 server kernel: imap D 000124D0 1772 6882 14393 6999 6053 (NOTLB) Apr 11 10:13:29 server kernel: cf1d0ed0 0082 632f379a 000124d0 000124cc 000e 0009 Apr 11 10:13:29 server kernel: f52e9000 632f3f0a 000124d0 0770 f52e910c c17f6d00 cbe44740 Apr 11 10:13:29 server kernel: f75d3e68 cf1d0ecc c041ec40 cf1d0ed8 f75d3e50 Apr 11 10:13:29 server kernel: Call Trace: Apr 11 10:13:29 server kernel: [c041ec40] __wake_up+0x2a/0x3d Apr 11 10:13:29 server kernel: [c0436d23] prepare_to_wait+0x24/0x46 Apr 11 10:13:31 server kernel: [f885f1e2] log_wait_commit+0x80/0xc7 [jbd] Apr 11 10:13:31 server kernel: [c0436bd7] autoremove_wake_function+0x0/0x2d Apr 11 10:13:31 server kernel: [f885a661] journal_stop+0x195/0x1ba [jbd] Apr 11 10:13:31 server kernel: [c0495caa] __writeback_single_inode+0x197/0x2a3 Apr 11 10:13:31 server kernel: [c045ee18] do_writepages+0x2b/0x32 Apr 11 10:13:31 server kernel: [c045a96c] __filemap_fdatawrite_range+0x66/0x72 Apr 11 10:13:31 server kernel: [c0496346] sync_inode+0x19/0x24 Apr 11 10:13:31 server kernel: [f8983009] ext3_sync_file+0xb1/0xdc [ext3] Apr 11 10:13:31 server kernel: [c047956c] do_fsync+0x41/0x83 Apr 11 10:13:31 server kernel: [c04795cb] __do_fsync+0x1d/0x2b Apr 11 10:13:31 server kernel: [c0404f4b]
Re: [CentOS] CentOS 5 - problem with kernel/process: task blocked for more than 120 seconds.
The host is: Linux server 2.6.18-238.19.1.el5 #1 SMP Fri Jul 15 07:32:29 EDT 2011 i686 i686 i386 GNU/Linux CentOS release 5.6 (Final) dovecot 1.2.16 Best regards, R. W dniu 11 kwietnia 2012 11:48 użytkownik Rafał Radecki radecki.ra...@gmail.com napisał: Hi All. I have a server which hanged two times because we could not connect to the box, it was not responding. In /var/log/messages I saw: Apr 11 10:13:29 server kernel: INFO: task imap:5855 blocked for more than 120 seconds. Apr 11 10:13:29 server kernel: echo 0 /proc/sys/kernel/hung_task_timeout_secs disables this message. Apr 11 10:13:29 server kernel: imap D 000124D0 1716 5855 14393 6320 5839 (NOTLB) Apr 11 10:13:29 server kernel: d1adeed0 0082 632f304d 000124d0 000124cf 000e 0009 Apr 11 10:13:29 server kernel: c750b000 632f379a 000124d0 074d c750b10c c17f6d00 d2637580 Apr 11 10:13:29 server kernel: f75d3e68 d1adeecc c041ec40 d1adeed8 f75d3e50 Apr 11 10:13:29 server kernel: Call Trace: Apr 11 10:13:29 server kernel: [c041ec40] __wake_up+0x2a/0x3d Apr 11 10:13:29 server kernel: [c0436d23] prepare_to_wait+0x24/0x46 Apr 11 10:13:29 server kernel: [f885f1e2] log_wait_commit+0x80/0xc7 [jbd] Apr 11 10:13:29 server kernel: [c0436bd7] autoremove_wake_function+0x0/0x2d Apr 11 10:13:29 server kernel: [f885a661] journal_stop+0x195/0x1ba [jbd] Apr 11 10:13:29 server kernel: [c0495caa] __writeback_single_inode+0x197/0x2a3 Apr 11 10:13:29 server kernel: [c045ee18] do_writepages+0x2b/0x32 Apr 11 10:13:29 server kernel: [c045a96c] __filemap_fdatawrite_range+0x66/0x72 Apr 11 10:13:29 server kernel: [c0496346] sync_inode+0x19/0x24 Apr 11 10:13:29 server kernel: [f8983009] ext3_sync_file+0xb1/0xdc [ext3] Apr 11 10:13:29 server kernel: [c047956c] do_fsync+0x41/0x83 Apr 11 10:13:29 server kernel: [c04795cb] __do_fsync+0x1d/0x2b Apr 11 10:13:29 server kernel: [c0404f4b] syscall_call+0x7/0xb Apr 11 10:13:29 server kernel: === Apr 11 10:13:29 server kernel: INFO: task imap:6882 blocked for more than 120 seconds. Apr 11 10:13:29 server kernel: echo 0 /proc/sys/kernel/hung_task_timeout_secs disables this message. Apr 11 10:13:29 server kernel: imap D 000124D0 1772 6882 14393 6999 6053 (NOTLB) Apr 11 10:13:29 server kernel: cf1d0ed0 0082 632f379a 000124d0 000124cc 000e 0009 Apr 11 10:13:29 server kernel: f52e9000 632f3f0a 000124d0 0770 f52e910c c17f6d00 cbe44740 Apr 11 10:13:29 server kernel: f75d3e68 cf1d0ecc c041ec40 cf1d0ed8 f75d3e50 Apr 11 10:13:29 server kernel: Call Trace: Apr 11 10:13:29 server kernel: [c041ec40] __wake_up+0x2a/0x3d Apr 11 10:13:29 server kernel: [c0436d23] prepare_to_wait+0x24/0x46 Apr 11 10:13:31 server kernel: [f885f1e2] log_wait_commit+0x80/0xc7 [jbd] Apr 11 10:13:31 server kernel: [c0436bd7] autoremove_wake_function+0x0/0x2d Apr 11 10:13:31 server kernel: [f885a661] journal_stop+0x195/0x1ba [jbd] Apr 11 10:13:31 server kernel: [c0495caa] __writeback_single_inode+0x197/0x2a3 Apr 11 10:13:31 server kernel: [c045ee18] do_writepages+0x2b/0x32 Apr 11 10:13:31 server kernel: [c045a96c] __filemap_fdatawrite_range+0x66/0x72 Apr 11 10:13:31 server kernel: [c0496346] sync_inode+0x19/0x24 Apr 11 10:13:31 server kernel: [f8983009] ext3_sync_file+0xb1/0xdc [ext3] Apr 11 10:13:31 server kernel: [c047956c] do_fsync+0x41/0x83 Apr 11 10:13:31 server kernel: [c04795cb] __do_fsync+0x1d/0x2b Apr 11 10:13:31 server kernel: [c0404f4b] syscall_call+0x7/0xb Apr 11 10:13:31 server kernel: === I have found: http://www.nico.schottelius.org/blog/reboot-linux-if-task-blocked-for-more-than-n-seconds/, so I think that the processes took all resources of the machine. What should be done to troubleshoot the situation? I have information that probably imap:5855 and imap:6882 caused the problem. How the output: Apr 11 10:13:29 server kernel: imap D 000124D0 1772 6882 14393 6999 6053 (NOTLB) Apr 11 10:13:29 server kernel: cf1d0ed0 0082 632f379a 000124d0 000124cc 000e 0009 Apr 11 10:13:29 server kernel: f52e9000 632f3f0a 000124d0 0770 f52e910c c17f6d00 cbe44740 Apr 11 10:13:29 server kernel: f75d3e68 cf1d0ecc c041ec40 cf1d0ed8 f75d3e50 Apr 11 10:13:29 server kernel: Call Trace: Apr 11 10:13:29 server kernel: [c041ec40] __wake_up+0x2a/0x3d Apr 11 10:13:29 server kernel: [c0436d23] prepare_to_wait+0x24/0x46 Apr 11 10:13:31 server kernel: [f885f1e2] log_wait_commit+0x80/0xc7 [jbd] Apr 11 10:13:31 server kernel: [c0436bd7] autoremove_wake_function+0x0/0x2d Apr 11 10:13:31 server kernel: [f885a661] journal_stop+0x195/0x1ba [jbd] Apr 11 10:13:31 server kernel: [c0495caa] __writeback_single_inode+0x197/0x2a3 Apr 11 10:13:31 server kernel: [c045ee18] do_writepages+0x2b/0x32 Apr 11 10:13:31 server kernel: [c045a96c
[CentOS] Postfix - no nfs mounted shares on server - but nfs related problem in maillog.
Hi all. I have one server with problem in maillog: Feb 6 06:46:26 host1 postfix/qmgr[24296]: fatal: qmgr_move: update active/4DE015AC536 time stamps: Stale NFS file handle Feb 6 06:46:27 host1 postfix/master[4487]: warning: process /usr/libexec/postfix/qmgr pid 24296 exit status 1 Feb 6 06:46:27 host1 postfix/master[4487]: warning: /usr/libexec/postfix/qmgr: bad command startup -- throttling ls -la /var/spool/postfix/active | tail -10 -rwx-- 1 postfix postfix 25367 lut 5 03:28 9F38A2D89FD -rwx-- 1 postfix postfix 22198 lut 5 03:28 9F5D45AC094 -rwx-- 1 postfix postfix 22219 lut 5 03:28 9F90F5AC323 ?- ? ? ? ?? 9FBB22DAE65 So there are problems with filesystem(ext3). df -h /var/spool/postfix/active System plików rozm. użyte dost. %uż. zamont. na /dev/sda5 69G 24G 43G 36% / mount | grep sda5 /dev/sda5 on / type ext3 (rw) /var/spool is a local filesystem, there are no nfs shares mounted on server. Also nfs, nfslock, autofs services are disabled. I've run fsck on / 3 days ago, there have been errors which I repaired (fsck -y). Now the problems like ?- ? ? ? ?? 9FBB22DAE65 show again. smartctl -a /dev/sda SMART Attributes Data Structure revision number: 16 Vendor Specific SMART Attributes with Thresholds: ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE 1 Raw_Read_Error_Rate 0x000b 100 100 016Pre-fail Always - 0 2 Throughput_Performance 0x0005 133 133 054Pre-fail Offline - 138 3 Spin_Up_Time0x0007 142 142 024Pre-fail Always - 178 (Average 109) 4 Start_Stop_Count0x0012 100 100 000Old_age Always - 120 5 Reallocated_Sector_Ct 0x0033 100 100 005Pre-fail Always - 0 7 Seek_Error_Rate 0x000b 100 100 067Pre-fail Always - 0 8 Seek_Time_Performance 0x0005 139 139 020Pre-fail Offline - 26 9 Power_On_Hours 0x0012 100 100 000Old_age Always - 5725 10 Spin_Retry_Count0x0013 100 100 060Pre-fail Always - 0 12 Power_Cycle_Count 0x0032 100 100 000Old_age Always - 120 192 Power-Off_Retract_Count 0x0032 100 100 000Old_age Always - 308 193 Load_Cycle_Count0x0012 100 100 000Old_age Always - 308 194 Temperature_Celsius 0x0002 176 176 000Old_age Always - 34 (Lifetime Min/Max 22/51) 196 Reallocated_Event_Count 0x0032 100 100 000Old_age Always - 0 197 Current_Pending_Sector 0x0022 100 100 000Old_age Always - 0 198 Offline_Uncorrectable 0x0008 100 100 000Old_age Offline - 0 199 UDMA_CRC_Error_Count0x000a 200 200 000Old_age Always - 0 dmesg | grep sda EXT3-fs warning (device sda5): ext3_unlink: Deleting nonexistent file (2982233), 0 Any tips? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS - Iaas - your experiences?
Hi all. We currently want to deploy a test private IaaS. It will look something like below: 2 Gb switches several hardware nodes for virtualization (?) 2 10Gb switches redundant storage (?) What are you proposing to use on every level? Eucalyptus/OpenStack/something else for cloud management? And why? KVM/Xen/something else for virtualization? iSCSI/NFS/something else for storage? Please share your experiences and pros/cons which you observed. Maybe also some good howtos? Best regards, Rafal Radecki. -- Rafał Radecki Administrator Systemów, SuperHost.pl rafal.rade...@superhost.pl http://superhost.pl/ Porady, wywiady i najlepsze promocje – zapisz się do newslettera! http://superhost.pl/newsletter/?utm_source=kayako ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rozważania odnośnie storage?
Sorry, mail was mentioned for polish centos list. Best regards, Rafał. W dniu 13 stycznia 2012 21:55 użytkownik fakessh fake...@fakessh.eu napisał: use the tool googletranslate is well for that cheers Le 2012-01-13 20:43, Diego Sanchez a écrit : Rafał Radecki : Please, write in english 2012/1/13 Rajagopal Swaminathan raju.rajs...@gmail.com What was that in simple English? Currently I am dealing with a cluster of mail, in which files mail messages are stored on users raid software-at that shared by NFS. Multiple NFS servers, each provides a subset of the messages to the appropriate server with postfix-I, which is the NFS client. Data from the NFS server which host the frontend postfix-I should be mounted with the mail folders are in MySQL. We are looking at replacing some host-s single storage solution matrix of appropriate disk capacity and performance I / O. You can prompt the pros and cons of such a solution? or matrices usually have several times higher performance I / O than single server with SATA drives? Is such a performance I / O is scalable? Do you scale the storage space in the arrays can be without restrictions ? Thanks! Regards, -- Regards, Rajagopal Google translate :p -- Diego - Yo no soy paranoico! (pero que me siguen, me siguen) | http://about.me/diegors/bio Haber recibido uno o mas correos desde esta direccion, no implica conformidad para agregarla a bases de datos sin mi consentimiento explicito. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC2626742 gpg --keyserver pgp.mit.edu --recv-key C2626742 http://urlshort.eu fakessh @ http://gplus.to/sshfake http://gplus.to/sshswilting http://gplus.to/john.swilting ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
