from:"Steven Tardy"

Re: [CentOS] How to organize your VMs

2021-04-12 Thread Steven Tardy

On Sat, Apr 10, 2021 at 12:13 PM Nicolas Kovacs  wrote:

> I'd be curious to have your input, since I'm fairly new to this sort of
> approach.
>

This is the whole pets VS cattle choice.

IMO each VM should have a singular use/purpose/app. VMs are effectively
free. And also prevents unintended negative upgrade interactions.

Think through this to the logical end as each process is it’s own
environment/container/(docker) or each user execution is a unique instance
(serverless).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] new observations: Re: Centos 7 installer alert! message

2021-03-18 Thread Steven Tardy

On Wed, Mar 17, 2021 at 2:15 PM R C  wrote:

> Hello,
>
>
> I installed 72G ram in a Dell (it canhandle 72G according to Dell).  The
> BIOS says there are 9 8G DIMMs install (BIOS test shows no errors).
> dmidecode says there are indeed 9 DIMMs, and they show all fine, no
> errors etc. However, free reports tehre's only 54G  available.

What DIMM manufacture model number are the DIMMs? What “rank” are those
models? What CPU is installed? How many CPUs? What model server/chipset?
What slots were the DIMMs installed in? Higher rank DIMMs will usually show
less/half size if installed in the same “channel” with lower rank in DIMMS
before the higher rank DIMMs.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Infiniband special ops?

2021-01-21 Thread Steven Tardy

On Thu, Jan 21, 2021 at 6:34 PM lejeczek via CentOS 
wrote:

> Hi guys.
>
> Hoping some net experts my stumble upon this message, I have
> an IPoIB direct host to host connection and:
>
> -> $ ethtool ib1
> Settings for ib1:
>  Supported ports: [  ]
>  Supported link modes:   Not reported
>  Supported pause frame use: No
>  Supports auto-negotiation: No
>  Supported FEC modes: Not reported
>  Advertised link modes:  Not reported
>  Advertised pause frame use: No
>  Advertised auto-negotiation: No
>  Advertised FEC modes: Not reported
>  Speed: 4Mb/s
>  Duplex: Full
>  Auto-negotiation: on
>  Port: Other
>  PHYAD: 255
>  Transceiver: internal
>  Link detected: yes
>
> and that's both ends, both hosts, yet:
>
>  > $ iperf3 -c 10.5.5.97
> Connecting to host 10.5.5.97, port 5201
> [  5] local 10.5.5.49 port 56874 connected to 10.5.5.97 port
> 5201
> [ ID] Interval   Transfer Bitrate Retr  Cwnd
> [  5]   0.00-1.00   sec  1.36 GBytes  11.6 Gbits/sec0
> 2.50 MBytes
> [  5]   1.00-2.00   sec  1.87 GBytes  16.0 Gbits/sec0
> 2.50 MBytes
> [  5]   2.00-3.00   sec  1.84 GBytes  15.8 Gbits/sec0
> 2.50 MBytes
> [  5]   3.00-4.00   sec  1.83 GBytes  15.7 Gbits/sec0
> 2.50 MBytes
> [  5]   4.00-5.00   sec  1.61 GBytes  13.9 Gbits/sec0
> 2.50 MBytes
> [  5]   5.00-6.00   sec  1.60 GBytes  13.8 Gbits/sec0
> 2.50 MBytes
> [  5]   6.00-7.00   sec  1.56 GBytes  13.4 Gbits/sec0
> 2.50 MBytes
> [  5]   7.00-8.00   sec  1.52 GBytes  13.1 Gbits/sec0
> 2.50 MBytes
> [  5]   8.00-9.00   sec  1.52 GBytes  13.1 Gbits/sec0
> 2.50 MBytes
> [  5]   9.00-10.00  sec  1.52 GBytes  13.1 Gbits/sec0
> 2.50 MBytes
> - - - - - - - - - - - - - - - - - - - - - - - - -
> [ ID] Interval   Transfer Bitrate Retr
> [  5]   0.00-10.00  sec  16.2 GBytes  13.9 Gbits/sec
> 0 sender
> [  5]   0.00-10.00  sec  16.2 GBytes  13.9
> Gbits/sec  receiver
>
> It's rather an oldish platform which hosts the link, PCIe is
> only 2.0 but with link of x8 that should be able to carry
> more than ~13Gbits/sec.
> Infiniband is Mellanox's ConnectX-3.
>
> Any thoughts on how to track the bottleneck or any thoughts



Care to capture (a few seconds) of the *sender* side .pcap?
Often TCP receive window is too small or packet loss is to blame or
round-trip-time.
All of these would be evident in the packet capture.

If you do multiple streams with the `-P 8` flag does that increase the
throughput?

Google says these endpoints are 1.5ms apart:

(2.5 megabytes) / (13 Gbps) =
1.53846154 milliseconds



>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Postfix restrictions

2020-06-08 Thread Steven Tardy

On Tue, Jun 9, 2020 at 12:10 AM Peter  wrote:

> On 9/06/20 2:56 pm, Jon LaBadie wrote:
>
> Don't use a backup MX, they are a relic of the 90s when mail servers
> were often times not always online.  a sending mail server will
> generally retry the message for up to five days if your MTA is down

Or have your backup MX be the same as your primary and well behaved senders
will try backup MX right away leading to little delay due to graylisting.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] External Array Data Migration

2020-05-22 Thread Steven Tardy

On Thu, May 21, 2020 at 8:31 AM Xinhuan Zheng 
wrote:

> can I detach external array from old hardware, and attach it to new
> hardware, then re-configure LVM, so new operating system can recognize the
> external array file system?



If only there existed a documentation project, for Linux which included LVM
details:

http://tldp.org/HOWTO/LVM-HOWTO/recipemovevgtonewsys.html
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 32 Bits install. Answer to Johnny Hughes.

2020-01-26 Thread Steven Tardy

On Thu, Jan 23, 2020 at 8:54 AM Ger van Dijck 
wrote:

> But when trying to do a fresh install or a netinstall (both Centos 7) I
> get the following message :
>
> [ 0.123604] ACPI:SCI(ACPI GSI 9) not registered
> [28.595238] systemd[1] Caught  , dump core as pid 75
> [28.595814] systemd[1] : Freezing execution.
>
>
> Question : What now ?


Possibly:
https://access.redhat.com/solutions/58790
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Performance issues/difference of two servers running same task (one is quicker)

2019-07-04 Thread Steven Tardy

On Thu, Jul 4, 2019 at 2:43 AM Jobst Schmalenbach 
wrote:

> the development and life server in question run the same software setup:
>   - CentOS Linux release 7.6.1810
>   - bind 32:9.9.4-74.el7_6.1
>   - Apache/2.4.6 (CentOS)
>   - PHP 7.1.29
>   - mysqld  Ver 5.7.26
>   - wordpress, woocommerce, wishlistmember, Sensei etc
>   - software are all in the same stages of updates.
>   - even many of the linux conf files are the same (/etc/host, bind, etc)
>   - the databases are copies/identical
>
> Life server is a Poweredge M710,48GB,2xXeon L5630,LSI Raid1 SSD
> Dev  server is a DIY, GIGABYTE MX31-BS0, 32GB, 1xXeon E3-1245,MDADM RAID0
> 1TB Seagate Spinners
>
> During normal operations (i.e. display websites, online training courses
> etc) the DELL
> displays the websites faster although it sits 1000KM up north in a
> datacenter on
> a different network than the local server on the same network as my
> machine.
>
> Yet the DEV server outshines the DELL when creating a few large custom
> tables, ie
> the local server takes 5s while the DELL takes 15s (small tables), more
> for bigger tables.
>
>
> I have put microtime() calls before and after certain calls, and it's
> visibly different:
>   DEV
> Jul 04 04:57:26 UTC _members took 0.0005459785461425 ms
> Jul 04 04:57:26 UTC _members took 0.0005321502685546 ms
>   LIFE
> Jul 04 05:00:36 UTC _members took 0.0014369487762451 ms
> Jul 04 05:00:36 UTC _members took 0.0013291835784912 ms
> If I do this 300+ times, the outcome is very different.
>
>
> So my questions:
>
>  - How can it be that the DELL takes so much longer alltough on the far
> better hardware?
>  - How can it be allthough everything (software/os/plugins) is the same?
>  - This even happens if the DELL is on low load (i.e. middle of the night)
> and
>only serves a few requests.


As others have said the DEV server is a generation newer CPU. For CPU
details I often reference Intels “ark” pages:

https://ark.intel.com/content/www/us/en/ark/products/47927/intel-xeon-processor-l5630-12m-cache-2-13-ghz-5-86-gt-s-intel-qpi.html
  12M Cache, 2.13 GHz, 5.86 GT/s Intel® QPI


https://ark.intel.com/content/www/us/en/ark/products/52274/intel-xeon-processor-e3-1245-8m-cache-3-30-ghz.html
  8M Cache, 3.30 GHz

The “generations” I mentioned are:
   Code NameProducts formerly Westmere EP

   Code NameProducts formerly Sandy Bridge


Westmere systems used DDR at 800/1066MHz.
Sandy Bridge systems used DDR at 1066/1333MHz.
Not a huge difference, but likely another contributing factor of
performance.

I would also look at power settings in the BIOS and c-state settings in the
BIOS and OS as disabling c-states (often enabled by default to meet
green/energy star compliance) can make a noticeable performance difference.


Hope that helps.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HPE ProLiant - support Linux Vendor Firmware Service ?

2019-07-01 Thread Steven Tardy

On Mon, Jul 1, 2019 at 4:37 PM Jonathan Billings 
wrote:

> I never was able to find a bootable FreeDOS image that could run it from a
> USB boot disk.


https://lists.centos.org/pipermail/centos/2013-May/134512.html
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] system unresponsive

2019-05-22 Thread Steven Tardy

On Wed, May 22, 2019 at 10:22 AM mark  wrote:

> It seems unlikely. It's a 4U server, with 36 disks (and the dual root
> disks), in a machine room, and ipmitool sel list shows nada, nor are there
> any warnings, as I've seen on other systems occasionally, that the CPU is
> overheating, and is being throttled.

If this is a recent sever (ivybridge/haswell/broadwell) then I’ve seen the
“edac” kernel module prevent SEL from showing faults when a
MCE/machine-check-exception occurs. Disable edac and poof server stops
crashing and/or SEL shows something useful(ECC/MCE). Did you check
/var/log/mcelog?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Who is responsible to load NIC driver when boot up

2019-04-27 Thread Steven Tardy

On Sat, Apr 27, 2019 at 11:44 PM wuzhouhui 
wrote:

> I have a small question about NIC driver (e.g. i40e) loading. Who is
> responsible to load i40e driver? And how does he knows we should load
> i40e, instead of ixgbe?

`depmod` may put hardware/driver lists into initramfs when `mkinitrd` is
called when a new kernel is installed.
Also check file: /lib/modules/`uname-r`/modules.alias
The modules.alias contains PCI vendor/device IDs which can be found via
`lspci -n`.

Also you can `modinfo i40e` and `modinfo ixgbe` to see a list of PCI
vendor/device IDs which each driver supports.

Most of the time “it just works” be can be confusing tracking down exactly
why one driver loads instead of another.

>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] UEFI and PXE

2019-04-25 Thread Steven Tardy

On Thu, Apr 25, 2019 at 8:46 PM Chris Adams  wrote:

> Once upon a time, Steven Tardy  said:
> > The “ICMP unreachable” should be a dead giveaway. . .
>
> You cut out the part of the email where the OP said that the UEFI system
> was ignoring the next-server part of the DHCP reply and trying to TFTP
> to the DHCP server instead of the TFTP server.  Of course that got ICMP
> unreachable, but it isn't a firewall problem.
>
> To the OP: can you post a full tcpdump decode of the DHCP offer?  I
> seem to remember having some issue with ISC DHCP in the past not getting
> the next server set correctly - maybe a packet will jog some memory (and
> I'll go try to grab the same from my dnsmasq DHCP for comparison).
>

Just set up ISC DHCP on fresh CentOS 7 install and followed the redhat
guide linked in this thread.
Did what I thought was correct and duplicated the OPs problem.
/me scratches head. . . off to `tcpdump -vv -nn -i ens192`. . . packets
never lie. . .
Vendor-Class Option 60, length 32:
"PXEClient:Arch:7:UNDI:003000"

d'oh; I did _lower case_ a string in dhcpd.conf line on accident while
transcribing:
match if substring (option vendor-class-identifier, 0, 9) =
"pxeclient";

Changed it to follow redhat guide CAMELCase and poof,
match if substring (option vendor-class-identifier, 0, 9) =
"PXEClient";

PXEClient tried to reach out "next-server".
00:42:24.606544 IP 1.2.3.10.1165 > 1.2.3.2.69:  50 RRQ
"pxelinux/bootx64.efi" octet tsize 0 blksize 1468

If the OP still can't get this working, packet captures really do help. (;


[root@DHCPServer ~]# cat /etc/dhcp/dhcpd.conf
option arch code 93 = unsigned integer 16; #RFC 4578
subnet 1.2.3.0 netmask 255.255.255.0 {
option routers 1.2.3.254;
range 1.2.3.10 1.2.3.20;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) =
"PXEClient";
next-server 1.2.3.2;
if option arch = 00:06 {
filename = "pxelinux/bootia32.efi";
} else if option arch = 00:07 {
filename = "pxelinux/bootx64.efi";
} else {
filename = "pxelinux/pxelinux.0";
}
}
}
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] UEFI and PXE

2019-04-25 Thread Steven Tardy

On Thu, Apr 25, 2019 at 5:25 AM isdtor  wrote:

> 09:02:02.911381 IP client.cisco-ipsla > dhcp-server.tftp:  56 RRQ
> "linux-install/bootx64.efi" octet tsize 0 blksize 32768
> 09:02:02.911403 IP dhcp-server > client: ICMP dhcp-server udp port tftp
> unreachable, length 92
>

The “ICMP unreachable” should be a dead giveaway. . .

You are missing the `firewall-cmd` configuration. See this guide:

https://www.bo-yang.net/2015/08/31/centos7-install-tftp-server
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Does devtmps and tmpfs use underlying hard disk storage or Physical Memory (RAM)

2019-04-20 Thread Steven Tardy

On Fri, Apr 19, 2019 at 8:51 PM Kaushal Shriyan 
wrote:

> Does devtmpfs and tmpfs use underlying hard disk storage or does it uses
> Physical Memory (RAM). What is the purpose of devtmpfs which is mounted on
> /dev, tmpfs mounted on /dev/shm and so on and so forth. What is the
> difference between devtmpfs and tmpfs?

tmpfs *tries* not to use disk. /dev/shm is great to use as *fast* large
scratch space.

Have used /dev/shm to greatly speed up a daily process to parse web server
logs. Didn’t /seem/ like the process was IO or disk bound. . . Until I
threw the logs in /dev/shm and a multi hour process completed in 1/4 the
time.

Have used /dev/shm for other “things”.

There is /dev/ram# which should never be written to disk, but has the
problem of being much much smaller (4MB iirc) and no filesystem access. So
you’d have to `mkfs /dev/ram#` and then `mount /dev/ram# /somewhere`.

Once used /dev/ram# for USB camera “security system”. The camera gave
large-ish files and couldn’t figure out how to get the camera app to output
to stdOut to then shrink the file to a tiny jpeg with pipes. So had the
camera write to /dev/ram and then read the file from /dev/ram through
`convert` or something to jpeg-ify the image. Greatly sped up (like 2-3x)
how often that could save images.

Happy learning how to Linux. (:
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos dfcp send hostname to microsoft dhcp/dns

2019-01-29 Thread Steven Tardy

Try to check the “dynamic update” checkbox in the AD DHCP confit like the
5th image on this blog:

https://blog.royso.me/integrate-linux-desktop-to-microsoft-active-directory-and-dns-c86554bcf123
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fedora Server - as an alternative ?

2018-12-22 Thread Steven Tardy

On Thu, Dec 20, 2018 at 8:12 AM lejeczek via CentOS 
wrote:

>  any Centosian here have done something different than only
> contemplated using Fedora Server, actually worked on it in
> test/production envs.
>
> If here are some folks who have done it I want to ask if you deem it to
> be a viable option to put it on at least portion of servers stack.

I did a project 15 years ago converting a centralized web server to
individual Fedora containers for 500 orgs.

> Since Fedora only updates for 18 months after release, having to upgrade
each container to a new version annually was painful. Yeah it’s only this
php thing breaks or that perl module does something different. But when you
multiply that by 500x it gets painful quickly.
After having done that a time or two converted to centos containers which
made for less work for the admins and fewer angry users.

Another project used Fedora as a LAN router which worked great, but again
annual updates/reinstalls/reconfigurations got old. Migrated to pfSense
with a clicky-clicky UI which a junior admin can configure and couldn’t be
happier. Granted pfSense upgrades sometimes break, but 10 clicks later
everything needed is reconfigured and working.

Don’t get me wrong, Fedora has its place but sometimes needs a little more
care-and-feeding than some other choices for any given problem/solution.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] A question about why the function "recv" return 0

2018-12-20 Thread Steven Tardy

>  after the ssl handshake, the client side reset the tcp connection.




Client doesn’t like TLS cypher list.
Client doesn’t have intermediate certificate.
Server needs intermediate certificate configured.
Client needs remote certificate “installed”.
Many more TLS issues.


>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] KVM Bridge Problem

2018-12-04 Thread Steven Tardy

> Am 04.12.2018 um 21:30 schrieb Günther J. Niederwimmer:
> > Hello,
> > is this only my mistake,or can help any from the list?
> >
> > I have 3 host computer on different places, but all have the Problem when
> > starting a client "KVM" to connect to the bridge from the host.
> >
> > It is near not possible to start a client, only after 10-20
> reboot/restart
> > from the client's the network is starting correct?


KVM/Linux bridging often defaults to have spanning tree enabled which many
switches do not like.
Try creating the bridge and disable spanning tree?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rescue - UEFI revert to BIOS boot - how?

2018-11-20 Thread Steven Tardy

On Tue, Nov 20, 2018 at 7:40 AM lejeczek via CentOS 
wrote:

> hi guys
>
> I have a box on which UEFI boot has gone haywire and instead
> of boot it power the box down, that is before even going to
> grub2. (displays some error message)
> I if change to BIOS boot then I can start Centos' rescue -
> my question is: how can I rescue, re-build grub so it would
> boot from tradition BIOS?

If the OS was installed with UEFI enabled I would go back to UEFI mode.

Then re-add your OS boot configuration within the BIOS setup screen.

Most motherboard manufacturers detail this process on their website where
you browse the disk to select somefilename.efi and give it a label “CentOS”.

>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7, NetworkMangler, and IPv6

2018-10-17 Thread Steven Tardy

On Wed, Oct 17, 2018 at 3:55 PM mark  wrote:

>Freshly built box... but does not get its IPv6 address.

Is network properly giving out IPv6 Router Advertisements (RAs)?
What flags (M and/or O) are being given out?

>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Seagate - experience/opinion on vendor?

2018-09-26 Thread Steven Tardy

On Wed, Sep 26, 2018 at 2:17 PM lejeczek via CentOS 
wrote:

> hi guys
>
> I have rather a large set of Seagate's SAS ST32000444SS, over a hundred
> - experience I'm having from those in conjunction with their tech
> support is abysmal.
>
> I'm trying to update firmware of these drives and nothing works,
> including tech support.
>
> ... and I cannot help but wonder - is just me who is so unlucky and
> getting very, very poor support(taking naturally only of Linux) or in
> fact Seagate are rubbish!
>
> Care to share your say?
>
> thanks

What files can you download from seagate.com?
If you can get a DOS executable, then you can write freeDOS to a USB stick
then cp that executable to the disk. . . Reboot and run the .exe.

I can confirm seagate disk firmware can be updated from Linux, but don’t
have any info in front of me as $dayjob tools hide details under the hood.

To echo what others have posted. . . What problem are you trying to solve?
Does the current firmware have a bug you’re trying to prevent? Or are you
wanting to update for the sake of updating?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Vmware - Slightly off topic

2018-04-24 Thread Steven Tardy

On Tue, Apr 24, 2018 at 1:27 PM Jerry Geis  wrote:

> What is the correct way to provide a CentOS 7 - WMware image for ESX ?

You are probably looking for VMware Converter which can p2v or v2v.

IMO: if you are creating a VM image which is a binary blob or image then
you are doing it wrong. Have the VM/server/desktop be a simple
next/next/next install and the incorporate a config management tool
(puppet/ansible/etc) to make it the way you like it. VM-as-code if you
will. This results in a reproducible thing instead of an unmanageable thing.

>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tftpd server S not responding

2018-04-19 Thread Steven Tardy

Early in this thread you mentioned these are on different network subnets.
. .

Just thought about a similar issue. . .
  sysctl -a | grep rp_filter

If a packet comes in to Linux and the path BACK to the remote IP is NOT out
that same interface (asymmetric routing) the Linux kernel will drop the
packet. “rp_filter” controls how Linux behaves regarding this.

Please provide real `ifconfig` and `route -rn` and `tcpdump port 69` output
to properly diagnose. . .
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wich is best for backup? nfs of iscsi?

2018-04-12 Thread Steven Tardy

On Thu, Apr 12, 2018 at 5:00 PM marcos sr  wrote:

> I have a CentOS VM with a lots of inodes, and 500GB +/-, running under
> hyper-v . Which is best for backup them? What is the pros and cons?

Not enough details.
Are you backing up the VM from hyper-v?
Are you backing up the VM from within the VM?
Are you backing up the files on the VM or making an image/snapshot?
Does $storage-provider have a preferred protocol?
NFS typically can be expanded on the fly if the needs increase.
iSCSI typically needs “work” like expanding the partition then expanding
the filesystem when more space is needed.

>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tftpd server S not responding

2018-04-12 Thread Steven Tardy

Reading back through prior emails. . . TFTP client requests packets *are*
making it to the TFTP server. So it seems like something on the TFTP server
itself.

Like previously mentioned server side
firewall/iptables/tcp-wrappers/selinux are all possible culprits.

Hmmm just thought of something else, what are the file permissions of the
file you are requesting? Try `chmod a+r filename`?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tftpd server S not responding

2018-03-29 Thread Steven Tardy

A STATEFUL firewall with “ip any any” can and will still block asymmetric
communications due to the firewall keeping track of state (hence tha name
stateful firewall).

Tcpdump on your servers /other/ NICs and you’ll see the tftp traffic
leaving your server on some other NIC (probably on with the default route).

The upstream firewall will then block the tftp response if it never saw the
tftp request (due to asymmetry).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tftpd server S not responding

2018-03-28 Thread Steven Tardy

On Wed, Mar 28, 2018 at 3:16 PM Asif Iqbal  wrote:

> It is not respoding to A server which is sending the tftp read request RRQ.
>
> I do see the RRQ packets coming from A to S, but S never responds back from
> a different port Y to A
>
> So this part is working fine
>
>
>
> https://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol#/media/File:Tftp-rrq.svg
>
> But I do not see any attempts to even send a data packet back in my packet
> capture running on S


Are A and S on different IP subnets?
Does S have a second IP on the SAME subnet as A?
Any ASA or other firewalls between the two?
If so this is expected behavior.

>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RADIUS

2018-03-07 Thread Steven Tardy

On Wed, Mar 7, 2018 at 11:57 AM hw  wrote:

> Apparently Cisco can do it:
>
>
> https://www.cisco.com/c/en/us/products/collateral/wireless/wireless-location-appliance/product_data_sheet0900aecd80293728.html

I was going to mention Cisco WCS which uses wireless “controllers” and
“lightweight” access points, but seems you’ve found it. Personally used
Cisco WCS a decade ago . . . being able to give law enforcement a detailed
map of a building (from autocad file) with a potential stolen wireless
device triangulated within 5 feet is pretty impressive.

Don’t know if this can handle all of your other/security/guest requirements
but can 100% handle physical location.

>
> 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to update modules in iniramfs fastly

2018-02-25 Thread Steven Tardy

On Sun, Feb 25, 2018 at 8:29 PM wuzhouhui 
wrote:

> I know dracut can update modules in initramfs, but I think it is too
> slow. So I'm wondering what is the fastest way to update modules in
> initramfs of CentOS 7?

`dracut` calls `mkinitrd` which rebuilds the initrd file. . . you could do
it manually but that is prone to errors (
https://access.redhat.com/solutions/24029).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 1708 won't boot after grub2 update

2018-02-21 Thread Steven Tardy

00:1f.2 SATA controller: Intel Corporation C600/X79 series chipset 6-Port
SATA AHCI Controller (rev 06)

While I don’t have experience with this exact controller, I have seen some
LSI controllers get removed from RHEL post GA which causes similar issues.
“It worked when I installed, but after `yum update` my box doesn’t boot.”
These are typically detailed in release notes. . . We ALL read ALL release
notes? Right?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 1708 won't boot after grub2 update

2018-02-19 Thread Steven Tardy

On Mon, Feb 19, 2018 at 7:01 AM Sorin Srbu  wrote:

> Hi all,
>
> This is the third fresh install of CentOS 7 1708 the last two months that
> won't boot after a regular "yum update" just after the fresh install has
> finished.

Not nearly enough details given. . .
What disk controller? `lspci`
Legacy BIOS or UEFI?
What disk layout? `lsblk`
What storage driver? `lsmod`
BTW, anyone have a good method for finding driver for a given
disk(/dev/sdX)?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Admins supporting both RHEL and CentOS

2017-11-28 Thread Steven Tardy

On Tue, Nov 28, 2017 at 8:06 AM Joseph L. Casale 
wrote:

> On the other hand I see the
> opposite with RHEL where admins constrain installations to the
> point release.

This is most commonly due to 3rd party support stipulations (I’m looking at
you Oracle/SAP) who haven’t/won’t/lag test a fully patched version of the
OS.

It also has a lot to do with the admins and the admins competence and
ability to call 1-800-$vendor when something doesn’t work. . . . Two ends
of the same spectrum.

>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What free memory range is safe to operate?

2017-10-27 Thread Steven Tardy

> On Oct 27, 2017, at 11:39 AM, marcos valentine  wrote:
> 
> percent of free memory is indicated to operate?

Free memory as in unused or free memory as in available (unused + disk buffers)?

Google: Linux ate my RAM

Output of `free` from your system may provide some context.

Now-a-days as long as swap is barely used (single digit percent) the system is 
usually healthy.

If the system “runs out of RAM” swap would fill up (`sar` gives historical data 
which often helps ID hangs or reboots due to apps running a system out of RAM) 
and OOM is seen in messages/dmesg.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] delay in establishing network connectivity

2017-10-18 Thread Steven Tardy

> On Oct 17, 2017, at 5:07 PM, FHDATA  wrote:
> 
> can not establish a network connectivity
> for some time: 7 to 15 minutes and then
> everything network wise is fine...

Over 5 minutes makes it sound like a ARP time-out somewhere(default gateway).
Does ifconfig show the interface as “UP”?
Does tcpdump show any packets coming in(background broadcast noise at least) or 
going out?
What does the upstream switch show?
Is spanning-tree blocking/listening/learning on the upstream switch?
Can arping get a response from the IP?
Does the upstream switch show that MAC address is learned on the right switch 
port?
Are you trying to use bonding/teaming as something could be waiting for LACP 
packets?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Lock-up during boot when Logitech unifying receiver is connected (UEFI problem?)

2017-10-10 Thread Steven Tardy

> On Oct 10, 2017, at 5:39 AM, Toralf Lund  wrote:
> 
> If this unit (a small USB thingummy) is connected when I try to boot the 
> system, it locks up completely.

I’ve seen USB power draw be an issue similar to this previously. Does the same 
problem occur if connected through a powered USB hub?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] System shutdown on OOM

2017-09-25 Thread Steven Tardy


> On Sep 25, 2017, at 2:56 AM, Thomas Plant  wrote:
> 
> OOM situation

Do you have `sar` installed and activated?
Does sar output show high memory leading up to the outage?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Corosync on a home network

2017-09-10 Thread Steven Tardy

> On Sep 10, 2017, at 11:33 AM, J Martin Rushton 
>  wrote:
> 
> #mcastport: 5405

Does tcpdump see this traffic leaving each VM?
Yes then the app is working.
Does tcpdump see this traffic making it to each VM?
Yes then the switching is working.
Is the port opened in firewall/iptables?
Yes then shrug.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cyrus spool on btrfs?

2017-09-09 Thread Steven Tardy

> On Sep 9, 2017, at 12:47 PM, hw  wrote:
> 
> Isn´t it easier for SSDs to write small chunks of data at a time?

SSDs read/write in large-ish (256k-4M) blocks/pages. Seems to me that drive 
blocks and hardware RAID strip size and file system block/cluster/extents sizes 
and etc and etc and etc should be aligned for best performance.

See:

http://codecapsule.com/2014/02/12/coding-for-ssds-part-2-architecture-of-an-ssd-and-benchmarking/

Specifically the section: 
NAND-flash pages and blocks

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kernel:[Hardware Error]:

2017-08-12 Thread Steven Tardy


> On Aug 12, 2017, at 3:50 PM, Fred Smith  wrote:
> 
> I had a series of kernel hardware error reports today while I was away 
> from my computer:
> 
> Message from syslogd@fcshome at Aug 12 10:12:24 ...
> kernel:[Hardware Error]: MC2 Error: VB Data ECC or parity error.
> 
> Message from syslogd@fcshome at Aug 12 10:12:24 ...
> kernel:[Hardware Error]: Error Status: Corrected error, no action required.
> 
> Message from syslogd@fcshome at Aug 12 10:12:24 ...
> kernel:[Hardware Error]: CPU:2 (15:2:0) MC2_STATUS[-|CE|MiscV|-|-|-|-|CECC]: 
> 0x9844410c0176
> 
> Message from syslogd@fcshome at Aug 12 10:12:24 ...
> kernel:[Hardware Error]: cache level: L2, tx: DATA, mem-tx: EV
> 
> never saw anything like that before.
> 
> cpu is:
> 
>$ cat /proc/cpuinfo
>processor: 0
>vendor_id: AuthenticAMD
>cpu family: 21
>model: 2
>model name: AMD FX(tm)-6300 Six-Core Processor
>stepping: 0
>microcode: 0x600084f
>cpu MHz: 1400.000
>cache size: 2048 KB
>physical id: 0
>siblings: 6
>core id: 0
>cpu cores: 3
>apicid: 16
>initial apicid: 0
>fpu: yes
>fpu_exception: yes
>cpuid level: 13
>wp: yes
>flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca 
> cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt 
> pdpe1gb rdtscp lm constant_tsc art rep_good nopl nonstop_tsc extd_apicid 
> aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 popcnt aes 
> xsave avx f16c lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a 
> misalignsse 3dnowprefetch osvw ibs xop skinit wdt lwp fma4 tce nodeid_msr tbm 
> topoext perfctr_core perfctr_nb arat cpb hw_pstate npt lbrv svm_lock 
> nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter 
> pfthreshold bmi1
>bogomips: 7023.90
>TLB size: 1536 4K pages
>clflush size: 64
>cache_alignment: 64
>address sizes: 48 bits physical, 48 bits virtual
>power management: ts ttp tm 100mhzsteps hwpstate cpb eff_freq_ro
> 
> 
> six core AMD, above is one of the cores.
> 
> Any clues to figure out the errors, and/or mitigate?
> 
> thanks!
> 
> Fred

MC == Machine check exception.
The important part of a MC is the "status" code.
One can use the Intel doc "Architecture Software Developers Manual" to decode 
this (4000 page .pdf).
Unsure but it looks like AMD does similar MC codes.
Luckily Linux does some heavy lifting and decodes to "cache hierarchy error L2 
data eviction".
The next most important part is the "corrected" bit.

Now what does that really mean?
*shrug*, could be 
firmware/drivers/overheating/poor-CPU-seating/DIMM-seating/faulty-motherboard/faulty-CPU/faulty-DIMM.

Hope that doesn't confuse too much. (:
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPv6 addresses order (CentOS6)

2017-05-30 Thread Steven Tardy


> On May 30, 2017, at 3:26 AM, Walter H.  wrote:
> 
> is there a way to influence the order?

Not sure what your use of multiple IPs is. . . but I'd probably use an 
interface alias instead of secondary.

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-networkscripts-interfaces-alias.html
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 on HP DL160 G6

2017-05-02 Thread Steven Tardy


> On May 1, 2017, at 8:49 PM, H  wrote:
> 
> the computer locks up at random intervals

Anything in /var/log/mcelog?
Is the "edac" module running?
Does that model support bundle include any Intel MCA files?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SCSI drives and Centos 7

2017-04-29 Thread Steven Tardy

> On Apr 29, 2017, at 9:50 AM, Gregory P. Ennis  wrote:
> 
> find a way to make the installation disc of Centos 6 identify the SCSI
> drives.

What model LSI card?
Is that card on the RHEL hardware support list?
Does LSI/Dell have drivers on their site?
Have you tried drivers from LSI/Dell and using the dd(driver disk) option 
during install?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache + SSL: default configuration rated "C" by Qualys Labs

2017-04-26 Thread Steven Tardy

> On Apr 26, 2017, at 2:58 AM, Nicolas Kovacs  wrote:
> 
> The site is rated "C"

The RHEL/CentOS out-of-the-box apache tls is a little old but operational. This 
Mozilla resource is excellent for getting apache tls config up-to-date.

https://wiki.mozilla.org/Security/Server_Side_TLS
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Timezone and date

2017-04-04 Thread Steven Tardy


> On Apr 4, 2017, at 9:22 PM, Jerry Geis  wrote:
> 
> sending information to another system

What does this mean? Syslog?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SNMP oddity

2017-03-25 Thread Steven Tardy

> On Mar 24, 2017, at 1:20 AM, Digimer  wrote:
> 
> STRING: 0:c0:b7:5f:8a:85

I'd guess this is the raw string transported over the wire. The MIB likely 
translates to proper MAC formatting. `tcpdump' should uncover this.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 force reverse dns lookup for none registered addr

2017-01-12 Thread Steven Tardy


> On Jan 10, 2017, at 4:17 PM, Itschak Mugzach  wrote:
> 
> after reviewing TCPDUMP

Did you `tcpdump` with the -nn option? If not than tcpdump was probably doing 
the reverse DNS lookup.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK

2017-01-04 Thread Steven Tardy

> On Jan 3, 2017, at 2:59 PM, lakhera2017  wrote:
> 
> |- 1:0:0:15 sdq  65:0   failed ready running
>  - 3:0:0:15 sdai 66:32  failed ready running

Does the same SAN target fail each time?
What brand/model/firmware SAN switch is between initiator and target?
Does the HBA show any SCSI aborts?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Avago (LSI) SAS-3 controller, poor performance on CentOS 7

2016-11-05 Thread Steven Tardy

> On Nov 4, 2016, at 11:08 PM, Gordon Messmer  wrote:
> 
> LSI Logic / Symbios Logic SAS3008

What firmware is/are on the cards?
The driver version difference between C6 and C7 could interact badly with old 
firmware.
What firmware does $vendor suggest?

Does C7 in BIOS mode work any better?

Run `lsiget` and compare lsi tech support bundles.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cannot boot CentOS 7 VM after updating Host CentOS 7 Kernel

2016-10-30 Thread Steven Tardy

> On Oct 30, 2016, at 7:31 PM, Paul R. Ganci  wrote:
> 
> Now the question is how did this happen.

I've seen something similar when installing a kernel if /etc/fstab didn't match 
df. Mkinitrd bombs out leaving the system unbootable. The rescue .iso/mkinitrd 
path you followed was the fastest way to get the system up.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cannot boot CentOS 7 VM after updating Host CentOS 7 Kernel

2016-10-30 Thread Steven Tardy

> On Oct 30, 2016, at 3:27 AM, Paul R. Ganci  wrote:
> 
> grub> set root=(hd0,msdos2)
> grub> linux (hd0,1)/vmlinuz-3.10.0-327.36.2.el7.x86_64 root=(hd0,msdos2)/
> grub> initrd initrd-plymouth.img
> grub> boot

Try the initrd matching the kernel?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] gigE -> 100Mb problems

2016-10-13 Thread Steven Tardy

> On Oct 12, 2016, at 12:26 AM, John R Pierce  wrote:
> 
> the switch ports kept going offline on us.

Not finding anything exactly like this... Closest I could find is CSCuu81949

Open a Cisco TAC case and upload a Nexus 9000 tech support (`tac-pac`) to 
investigate further.

Is "port security" enabled on these ports?
Does this port double as a LOM/IPMI port?
What driver is being used `ethtool -i eth#`?
Any OS bonding?
Any switch port-channel/vPC?

That NIC chipset is a few years old so it's not like that NIC/OS/switch is a 
combo that hasn't been tried/tested.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strange behaviour when using sudo+sh+executable.

2016-09-06 Thread Steven Tardy

> On Sep 6, 2016, at 6:18 AM, Rafał Radecki  wrote:
> 
> # sudo  -H -E -u postgres /bin/bash -c /usr/bin/python2.7

Works for me. *shrug*

Is your postgres user a service account or something else strange about it?
Does 'passwd --status postgres' hint at anything? 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mounting lvm2

2016-09-03 Thread Steven Tardy


> On Sep 3, 2016, at 9:22 AM, Alice Wonder  wrote:
> 
> Where do I go from here to mount that volume?

vgdisplay to find the UUID, vgrename takes UUID as a source.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] systemd not restarting daemon

2016-08-25 Thread Steven Tardy

> On Aug 25, 2016, at 1:43 PM, Chris Adams  wrote:
> 
> named-sdb (pulling domain
> records from MySQL), which is segfaulting randomly

named-sdb used to be(~7+ years ago) single threaded only and would crash if 
threads were enabled. Did you change named to NOT thread? Does named-sdb still 
do single threaded only?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tcpdump loses lots of packets

2016-08-15 Thread Steven Tardy

> On Aug 14, 2016, at 6:20 AM, Anand Buddhdev  wrote:
> 
> Any ideas why tcpdump loses so many packets?

Saw your nanog posts...

How many RX queues are configured? What does 'ethtool -S p1p1' show? Any 
discarded packets in the RX queue(s)?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bad iscsi performance after upgrade to CentOS 7.2

2016-06-21 Thread Steven Tardy

> On Jun 20, 2016, at 5:15 AM, Ulrich Leodolter  
> wrote:
> 
> has anyone an idea why iSCSI read performance degraded in CentOS 7.2 ?

I'm not sure about those versions of centos, but iSCSI throughput being TCP is 
dependent on TCP receive window and packet loss. Tcpdump to see if the TCP 
window changed between those versions of centos.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Where did network setup goes under setup utility in CentOS 7?

2016-01-29 Thread Steven Tardy

Run: nmtui

> On Jan 29, 2016, at 11:42 AM, "reynie...@gmail.com"  
> wrote:
> 
> Should I install any other package
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7.2 - Fast TSC calibration failed.

2015-12-18 Thread Steven Tardy

> On Dec 17, 2015, at 11:58 PM, Earl A Ramirez  wrote:
> I get
> the following error:
> 
> [ 0.00] tsc: Fast TSC calibration failed

TSC is a high accuracy CPU clock. TSC can fail due to motherboard hardware 
fault on multi processor servers. But the kernel usually fails back to the less 
accurate default hpet clock.

Do other versions/kernels work fine? Does RHEL 7.2 work?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Networking Question

2015-11-26 Thread Steven Tardy

> On Nov 26, 2015, at 10:43 AM, Alice Wonder  wrote:
> 
> Is this sane ?

No. Use VLANs instead of physical cables and physical switches.
https://en.m.wikipedia.org/wiki/VLAN
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Networking Question

2015-11-26 Thread Steven Tardy

> On Nov 26, 2015, at 3:51 PM, Alice Wonder  wrote:
> 
> How do they deal with guaranteeing there is not IP address and MAC address 
> spoofing?

VLANs simply provide the same thing you are doing in the physical world 
(creating distinct broadcast domains), but does so logically/virtually. IP/MAC 
spoofing can only occur within a given broadcast domain.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 6 and super jumbo frames

2015-11-10 Thread Steven Tardy

> On Nov 9, 2015, at 11:34 AM, Steve Clark  wrote:
> 
> IP 10.79.4.53.64327 > 10.79.2.53.24294: Flags [.], seq 16060:29200, ack 1, 
> win 32767, length 13140

Do you have RSS enabled? With RSS the software/tcpdump sees larger "packets" 
but the physical NIC chunks down to the wire MTU. What does a capture on the 
destination show?

https://en.m.wikipedia.org/wiki/Receive-side_scaling#RSS
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] filesystem mounting fails at boot

2015-10-10 Thread Steven Tardy

> On Oct 10, 2015, at 9:34 AM, Imre Gergely  wrote:
> _netdev
>  The filesystem resides on a device that requires network
> access (used to prevent the system from attempting to mount these
> filesystems until the network has been enabled on the system).

_netdev in fstab was a workaround from oracle linux support for a FC issue very 
similar to the one you described(OS/driver may not plogi in to the storage 
quickly enough.). At least give it try before so quickly dismissing assistance.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] httpd userdir problem

2015-09-25 Thread Steven Tardy


> On Sep 25, 2015, at 12:33 PM, Timothy Murphy  wrote:
> 
> when I try to access localhost/Menloe

Try:
  http://localhost/~Menloe
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with Samba-based Home-Directory

2015-07-07 Thread Steven Tardy

 On Jul 7, 2015, at 12:42 AM, Meikel mei...@fn.de wrote:
 
 It's a D-Link DGS-1210-16 Switch.

http://www.dlink.com/-/media/Business_Products/DGS/DGS%201210%2048/Manual/DGS_1210_Series_Manual_v4_00_EN.pdf

What are the current settings on the switch for:
  Loopback Detection page 35
  STP Global Settings page 38
  STP Port Settings page 39

Under STP Global the forward delay defaults to 15 seconds... The same delay 
you're seeing.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with Samba-based Home-Directory

2015-07-05 Thread Steven Tardy


 Jul  5 16:36:08 meikel-pc kernel: ADDRCONF(NETDEV_UP): eth0: link is not
 ready
 Jul  5 16:36:23 meikel-pc kernel: ADDRCONF(NETDEV_CHANGE): eth0: link
 becomes ready

 It takes 15 seconds between the two messages until it becomes ready. I
 have no idea why it first says that the link is not ready.

 Any ideas?


What is the upstream switch? If it is a Cisco switch does the configuration
have `spanning-tree portfast` enabled?
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10553-12.html
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS performance on CentOS 7

2015-05-12 Thread Steven Tardy


 On May 9, 2015, at 2:34 PM, Michael Eager ea...@eagerm.com wrote:
 
 I am setting up a file server with CentOS 7.  I'm seeing
 performance which is considerably slower than a similar
 server running CentOS 6.6.  A 3Gb directory can be copied
 to/from the CentOS 6.6 server in about 50 seconds.  The
 same directory takes about 270 seconds to copy to/from
 the CentOS 7 system.
 
 I see the same performance difference with NFS mounted
 file systems or using scp, so it doesn't appear to be
 an NFS issue.  The MTU on the NICs on both systems is
 1500, and changing it to 6000 on the CentOS 7 system had
 no effect.
 
 Anyone have any ideas what might cause this problem or
 how to fix it?

3GB/50seconds = 480Mbps

Can't speak directly to centos6/7 differences nor NFS on centos6/7

I've seen NFS(netapp filer to vmware host to windows VM) sustain 1Mbps. So 
the NFS protocol itself isn't the bottleneck given sufficient hardware.
Since scp performs similar to NFS the on the wire protocol isn't the problem.

Verify the MTU setting:
  ping a.b.c.d -M do -s 8972
Or in your case:
  ping a.b.c.d -M do -s 5972
(6000 is a very odd MTU)

I'd start by getting the latest/validated driver from $NICVendor.

What IO throughput does the local file system give?
Test with hdparm / dd / iometer / sqlio / cp -a /path /dev/null

Test sever to server with iperf as others suggested.

Hope that points you in the right direction.

Steven Tardy
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Modifying files of NFS

2015-04-15 Thread Steven Tardy


 I have an NFS storage system and want to run jpegoptim on several GB's
 of jpeg images and I'm wondering what the best approach is.
 Is it ok to run this operation on the Server itself while the clients
 have it mounted or will this lead to problems like e.g. the dreaded
 stale filehandle?

Stale file handles won't happen if the file modified time stamp is updated. Add 
a simple 'touch $file' after updating each file.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] emailing plain text to exchange/outlook

2015-04-02 Thread Steven Tardy

 On Mar 31, 2015, at 2:06 PM, Les Mikesell lesmikes...@gmail.com wrote:
 
 outlook will remove line breaks.
 
 Is there something you can do to make a plain text list show up
 correctly short of converting it to html with br's?


Prefix every line in the list with a space like:
 space thing1
 space thing2
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mysql can't connect from localhost -strange behavior

2015-03-29 Thread Steven Tardy


 mysql grant all privileges on ftp.* to 'proftpd'@'localhost' identified by
 'testpattern';
 Query OK, 0 rows affected (0.35 sec)

mysql FLUSH PRIVILEGES;
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] snmpwalk Mixed Fail

2015-03-26 Thread Steven Tardy

On Thu, Mar 26, 2015 at 5:27 PM, Peter Brady subscripti...@simonplace.net
wrote:

 FWITW the switches I've lost contact with are Netgear Layer 2 and 3
 managed switches, not that brand should make a difference.  Some other
 Netgear WAPs are fine and all CISCO devices are fine.  With a machine on
 the same VLAN all is happy.


Could be asymmetric routing... Do the Netgear and Cisco devices have the
same default gateway? Do the Cisco devices have SVI or vlan-interface in
multiple VLANs? Do the CentOS and MAC use the same default gateway?

Capture at the device: Does the SNMP request make it to $device? Does
$device respond? This will tell you if you are troubleshooting the sending
of the SNMP query or the SNMP response.

Are the ASA rules actually in place? I've seen firewall say X is allowed at
a software level but changing the order of rules and then changing back and
re-pushing fix things.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7, igb and DCB support for pause frame ?

2015-02-26 Thread Steven Tardy

On Thu, Feb 26, 2015 at 9:18 AM, Laurent Wandrebeck
l.wandreb...@quelquesmots.fr wrote:

Hi there,

I’m working on deploying our new cluster.
Masters have 5×1gbps (i210 and i350, thus using igb.ko), configured with
mtu 9000, 802.3ad. Works fine *but* I can’t get DCB working (pause frame,
aka flow control, which is supported by and enabled on our switches).

[root@master2 ~]# dcbtool gc eno1 dcb
Command:Get Config
Feature:DCB State
Port: eno1
Status: Device not capable

(I get the same with ELRepo 5.2.15 kmod).
Intel datasheet says flow control is available.
Can’t find much about it on the web or in kernel git repo. Could someone
give me a hand ?

Regards,
Laurent.

DCB requires Priority Flow Control(PFC) aka 802.1Qbb.
Flow Control is 802.3x.

The two are often confused and not compatible.

http://www.intel.com/content/www/us/en/ethernet-controllers/ethernet-controller-i350-datasheet.html

Mentions flow control several times, but never
PFC/priority-flow-control/802.1Qbb.

PFC capable switches purposefully disable 802.3x flow control. Also PFC has
to negotiate between two devices/switches matching QoS/CoS/no-drop policies.

Some good reading for beginner PFC knowledge:

http://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/ieee-802-1-data-center-bridging/at_a_glance_c45-460907.pdf

What exactly are you trying to pause? Typically FCoE/iSCSI is set to
no-drop and Ethernet traffic is paused/dropped in favor of storage
traffic. If there is only one type/class/CoS of traffic PFC won't gain much
over regular flow control/802.3x.

Hope that helps.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kickstart with multiple eth devices

2015-02-23 Thread Steven Tardy


 On Feb 23, 2015, at 6:34 PM, Ashley M. Kirchner ash...@pcraft.com wrote:
 
 I have a Dell server that has two built-in ethernet devices. When I
 kickstart the machine, they are correctly identified as eth0 and eth1
 (correctly meaning they correspond to the physical device ports 1 and 2). I
 need a third one and want that to come up as eth2. After adding the
 hardware, kickstart now fails because for some reason it goes through a
 rename process where it makes the newly added card eth1 (or eth0, I
 forgot). Is there a way to stop this rename process so kickstart correctly
 uses the physical hardware the way they are, meaning physical port 1 =
 eth0, port 2 = eth1, and the additional ethernet card then becomes eth2?
 
 Should I be using the device's MAC address when I set the 'network' option
 in the kickstart file? So instead of 'network --device=eth0' I make it
 'network -device=aa;bb:cc:dd:eee:ff' ?
 

kickstart has an option:
   ksdevice=bootif

I think that'll let you accomplish what you are trying.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iostat a partition

2015-02-19 Thread Steven Tardy

On Thu, Feb 19, 2015 at 12:27 PM, Tim Dunphy bluethu...@gmail.com wrote:

 And I want to correlate that to the output of fdisk -l, so that I can feed
 the disk partition I want to iostat, how would I go about that?


lsblk
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] favorite cheap VPS services

2015-01-16 Thread Steven Tardy


 On Jan 15, 2015, at 8:24 PM, Tim Dunphy bluethu...@gmail.com wrote:
 
 CassandraDB and Hadoop.

Some VPSs (virtuozzo/openvz) have problems with some workloads (java/tomcat) 
but not other workloads (mysql/apache). I'm not sure how cassandradb/hadoop 
would run on some of those cheap VPS technologies.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] httpd listening only on IPv6 interface on CentOS 7

2014-12-12 Thread Steven Tardy

On Thu, Dec 11, 2014 at 12:35 PM, Warren Young w...@etr-usa.com wrote:

 We noticed this problem when web browsers would refuse to connect to the
 server.  *Then* we discovered the netstat oddity, and *then* we found that
 changing the Listen line in httpd.conf fixed it.

 That leaves me still wanting an explanation for what happened.


was the fix the config change or restarting of the service?
did netstat show client connections to port 80 in other
states(FIN_WAIT/etc)?
high load apache websites can often run out of connections due to the
limits in httpd.conf IfModule prefork.c section. these limits can be
increased if clients can no longer connect due to http child processes
being stuck in other tcp states.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install Centos 6 x86_64 on Dell PowerEdge 2970 and aSSD (hardware probing issues)

2014-09-06 Thread Steven Tardy

On Sat, Sep 6, 2014 at 9:34 AM, Valeri Galtsev galt...@kicp.uchicago.edu
wrote:


 I was always fascinated: why [some] people are dying to upgrade firmware?
 It doesn't matter whether by firmware you mean system board BIOS, or
 firmware of some card. Why taking chance having your machine hosed?


Because BIOS updates often fix corner case issues/bugs.
The BIOS release notes for this PowerEdge 2970 server:
  http://downloads.dell.com/bios/PE2970-040201BIOS.txt
includes:
  * Fixed intermittent SATA Drive B not found error.

The likelihood of a BIOS upgrade going bad if due diligence is done to
verify the BIOS upgrade is for that hardware is practically zero.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP ProLiant DL380 G5

2014-08-21 Thread Steven Tardy

On Thu, Aug 21, 2014 at 3:43 PM, Matt matt.mailingli...@gmail.com wrote:

 I have CentOS 6.x installed on a HP ProLiant DL380 G5 server.  It
 has eight 750GB drives in a hardware RAID6 array.  Its acting as a
 host for a number of OpenVZ containers.

 Seems like every time I reboot this server which is not very often it
 sits for hours running a disk check or something on boot.  The server
 is located 200+ miles away so its not very convenient to look at.  Is
 there anyway to tell if it plans to run this or tell it not too?

 Right now its reporting one of the drives in array is bad and last
 time it did this a reboot resolved it.


run:
 tune2fs -l /dev/mapper/whatever_the_disk_is_called
check:
  Maximum mount count
  Next check after
if those are NOT -1 and 0 respectively change settings by running:
  tune2fs -i 0 -c 0 /dev/mapper/whatever_the_disk_is_called
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] slow i/o with a raid 50 on a 3ware controller

2014-08-13 Thread Steven Tardy

On Wed, Aug 6, 2014 at 2:44 PM, Chuck Campbell campb...@accelinc.com
wrote:

 I have a raid 50 array on a 3ware controller. The box is running centos
 6.5 and
 the file system is ext4.

 I'm going to try some other filesystems, but could anyone suggest any
 alternative raid setups as well as stripe sizes I should try?

 The old server uses the same controller on a centos 5.10 setup, using
 ext3, and
 it performs much faster i/o. The old 3ware setup is raid 5.

 -chuck


tuned-adm list
tuned-adm profile throughput-performance
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to have two interfaces with dhcp using networkd but taking the dns/ntp stuff from only one

2014-07-11 Thread Steven Tardy

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html

See: PEERDNS
(Not sure this still applies in 7)


 On Jul 11, 2014, at 4:41 AM, Mauricio Tavares raubvo...@gmail.com wrote:
 
 Ok, we can take both but needs to be in a specific order. So, we have
 two ethernet interfaces, A and B. And both are defined in
 /etc/systemd/network/ to use dhcp. How to guarantee that the crap
 provided by dhcp to A (dns, gateway, ntp) is the default? To use an
 example, /etc/resolv.conf should end up like
 
 nameserver IP.for.A.DNS
 nameserver IP.for.B.DNS
 domain A.domain.com
 
 Now, this must be done using only systemd stuff
 ___
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] apache server-status permission denied

2014-06-09 Thread Steven Tardy

10.10.160 != 10.10.1.160
the GET is probably going across ethx interface instead of lo interface.


On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy bluethu...@gmail.com wrote:

 Hey all,

 I'm having a slightly weird issue with apache server-status on just one of
 my nodes.

 In my httpd.conf I have the following:

 Location /server-status

 SetHandler server-status

 Order deny,allow

 Deny from all

 Allow from 127.0.0.1 10.10.160

 /Location

 If I do a ps grep I know that I'm using the right config:

 [root@webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5

 root 28359 1  0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k
 start

 apache   28360 28359  0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k
 start

 apache   28361 28359  0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k
 start

 apache   28362 28359  0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k
 start

 apache   28363 28359  0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k
 start


 And if I check apachectl -S things look ok there too. I can also see I'm
 using the right config:

 [root@webhosta apache2]# /opt/apache2/bin/httpd -S

 VirtualHost configuration:

 wildcard NameVirtualHosts and _default_ servers:

 *:*is a NameVirtualHost

  default server test.mydomain.com
 (/opt/apache2/conf.d/z001_mydomain.conf:1)

  port * namevhost test.mydomain.com
 (/opt/apache2/conf.d/z001_mydomain.conf:1)

  port * namevhost webhosta.dmz.domain.com
 (/opt/apache2/conf/httpd.conf:469)

  port * namevhost webhosta.dmz.domain.com
 (/opt/apache2/conf/httpd.conf:480)

  port * namevhost hcphp.nbc.com (/opt/apache2/conf/httpd.conf:501)

 Syntax OK


 Yet, for some reason I get permission denied when I try to do a get from
 localhost:


 [root@webhosta apache2]# GET http://$(hostname -i)/server-status

 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN

 htmlhead

 title403 Forbidden/title

 /headbody

 h1Forbidden/h1

 pYou don't have permission to access /server-status

 on this server./p

 hr

 addressApache Server at 10.10.1.160 Port 80/address

 /body/html


 I can do a successful GET to 127.0.0.1, but our system is automated and
 relies on doing a GET to the value of hostname -i.


 Does anyone have any ideas or suggestions as to what could be wrong?


 Thanks

 Tim




 --
 GPG me!!

 gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] apache server-status permission denied

2014-06-09 Thread Steven Tardy

does /etc/hosts (or DNS or reverse DNS) differ between working server and
non-working server?


On Mon, Jun 9, 2014 at 10:44 PM, Tim Dunphy bluethu...@gmail.com wrote:

 Ok lets' try this again. I set the following in httpd.conf:

 Location /server-status
 SetHandler server-status
 Order deny,allow
 Deny from all
 Allow from 127.0.0.1 10.10.1.160
 /Location

 I bounce apache.

 I verify the IP information is correct:

 [root@webhosta apache2]# ifconfig | grep inet
   inet addr:10.10.1.160  Bcast:10.10.1.255  Mask:255.255.254.0
   inet addr:127.0.0.1  Mask:255.0.0.0

 Then if I try a GET on that IP using hostname -i

 [root@webhosta apache2]# GET http://$(hostname -i)/server-status
 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
 htmlhead
 title403 Forbidden/title
 /headbody
 h1Forbidden/h1
 pYou don't have permission to access /server-status
 on this server./p
 hr
 addressApache Server at 10.10.1.160 Port 80/address
 /body/html

 OR if I try a GET with the actual IP, I get the following:

 [root@webhosta apache2]# GET http://10.10.1.160/server-status
 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
 htmlhead
 title403 Forbidden/title
 /headbody
 h1Forbidden/h1
 pYou don't have permission to access /server-status
 on this server./p
 hr
 addressApache Server at 10.10.1.160 Port 80/address
 /body/html


 Any further thoughts?

 Thanks



 On Mon, Jun 9, 2014 at 10:23 PM, Steven Tardy sjt5a...@gmail.com wrote:

  10.10.160 != 10.10.1.160
  the GET is probably going across ethx interface instead of lo interface.
 
 
  On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy bluethu...@gmail.com wrote:
 
   Hey all,
  
   I'm having a slightly weird issue with apache server-status on just one
  of
   my nodes.
  
   In my httpd.conf I have the following:
  
   Location /server-status
  
   SetHandler server-status
  
   Order deny,allow
  
   Deny from all
  
   Allow from 127.0.0.1 10.10.160
  
   /Location
  
   If I do a ps grep I know that I'm using the right config:
  
   [root@webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5
  
   root 28359 1  0 21:38 ?00:00:00 /opt/apache2/bin/httpd
 -k
   start
  
   apache   28360 28359  0 21:38 ?00:00:00 /opt/apache2/bin/httpd
 -k
   start
  
   apache   28361 28359  0 21:38 ?00:00:00 /opt/apache2/bin/httpd
 -k
   start
  
   apache   28362 28359  0 21:38 ?00:00:00 /opt/apache2/bin/httpd
 -k
   start
  
   apache   28363 28359  0 21:38 ?00:00:00 /opt/apache2/bin/httpd
 -k
   start
  
  
   And if I check apachectl -S things look ok there too. I can also see
 I'm
   using the right config:
  
   [root@webhosta apache2]# /opt/apache2/bin/httpd -S
  
   VirtualHost configuration:
  
   wildcard NameVirtualHosts and _default_ servers:
  
   *:*is a NameVirtualHost
  
default server test.mydomain.com
   (/opt/apache2/conf.d/z001_mydomain.conf:1)
  
port * namevhost test.mydomain.com
   (/opt/apache2/conf.d/z001_mydomain.conf:1)
  
port * namevhost webhosta.dmz.domain.com
   (/opt/apache2/conf/httpd.conf:469)
  
port * namevhost webhosta.dmz.domain.com
   (/opt/apache2/conf/httpd.conf:480)
  
port * namevhost hcphp.nbc.com
  (/opt/apache2/conf/httpd.conf:501)
  
   Syntax OK
  
  
   Yet, for some reason I get permission denied when I try to do a get
 from
   localhost:
  
  
   [root@webhosta apache2]# GET http://$(hostname -i)/server-status
  
   !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
  
   htmlhead
  
   title403 Forbidden/title
  
   /headbody
  
   h1Forbidden/h1
  
   pYou don't have permission to access /server-status
  
   on this server./p
  
   hr
  
   addressApache Server at 10.10.1.160 Port 80/address
  
   /body/html
  
  
   I can do a successful GET to 127.0.0.1, but our system is automated and
   relies on doing a GET to the value of hostname -i.
  
  
   Does anyone have any ideas or suggestions as to what could be wrong?
  
  
   Thanks
  
   Tim
  
  
  
  
   --
   GPG me!!
  
   gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
   ___
   CentOS mailing list
   CentOS@centos.org
   http://lists.centos.org/mailman/listinfo/centos
  
  ___
  CentOS mailing list
  CentOS@centos.org
  http://lists.centos.org/mailman/listinfo/centos
 



 --
 GPG me!!

 gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6.5

2014-05-31 Thread Steven Tardy

[user@server ~]# find /proc -name max_user_instances
/proc/sys/fs/inotify/max_user_instances
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cannot kickstart centos 6 on Dell Blade error cannot find c0t0

2014-04-17 Thread Steven Tardy

On Thu, Apr 17, 2014 at 4:04 PM, Dan Hyatt dhy...@dsgmail.wustl.edu wrote:

 I have an intermittent problem with my Dell blades, out of 80 blades 69
 of them kickstarted Centos 6 fine using PXE
 The other 11, I get a   c0t0 not found error  (indicating it is not
 finding the local disk on the blade).

 I can remote mount the iso image and do a basic install of centos on
 these blades, but when I go to do a pxe boot it gives me that error again.

 I have googled the issue and come up empty handed. Dell told us to
 install centos 6 minimal ISO  then pxe install the server. This has been
 unsuccessful. I get the local ISO to install but the pxe fails again.

 Since the kickstart file defines the disk as sda1  I am supposing that
 it is really a hardware problem.
 But I am told by coworkers who handed it off to me that it is a known
 issue with centos and Dell blades.

 These are two internal disks on the blade.

 Any suggestions?



install working blade from .iso
install non-working blade from .iso
diff anaconda-ks.cfg.working ananconda-ks.cfg.non-working
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Logrotate errors

2014-04-10 Thread Steven Tardy

http://svn.fedorahosted.org/svn/logrotate/tags/r3-8-5/logrotate.8
shows hourly as a .conf option was added to 3.8.5...

current centos 6 version is logrotate-3.7.8-17.el6.x86_64

centos6$ man logrotate:
   dateformat format_string
  Specify  the extension for dateext using the notation similar
to
  strftime(3) function. Only  %Y  %m  %d  and  %s  specifiers
are
  allowed.

in your .conf try:
dateformat -%s



On Wed, Apr 9, 2014 at 2:45 AM, C. L. Martinez carlopm...@gmail.com wrote:

 Hi all,

  I have a problem with logrotate and I don't know why. In
 /var/log/messages appears these errors:

 Apr  8 15:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 16:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 17:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 18:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 19:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 20:01:02 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 21:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 22:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 23:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]

 It seems the problem if with this logrotate.conf (executed every hour):

 create
 dateext

 /srv/www2/logs/viewer.log {
size 512k
create 0640 www www
missingok
rotate 7
compress
delaycompress
copytruncate
notifempty
 }

 Doing a debug:

 [root@www02 ~]# logrotate /data/config/etc/logrotate.conf -dv
 reading config file /data/config/etc/logrotate.conf
 reading config info for /nsm/moloch/logs/viewer.log

 Handling 1 logs

 rotating pattern: /srv/www2/logs/viewer.log  524288 bytes (7 rotations)
 empty log files are not rotated, old logs are removed
 considering log /srv/www2/logs/viewer.log
   log needs rotating
 rotating log /srv/www2/logs/viewer.log, log-rotateCount is 7
 dateext suffix '-20140409'
 glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
 glob finding logs to compress failed
 destination /srv/www2/logs/viewer.log-20140409 already exists, skipping
 rotation

  According to this kb from redhat's website:

 https://access.redhat.com/site/solutions/39006

  problem could be selinux. But SElinux is disabled:

 [root@www02 ~]# sestatus
 SELinux status: disabled
 [root@www02 ~]#

  Any idea?? Could be a bug??

  Host is a CentOS 6.5 x86_64 fully patched.

 Thanks.
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround

2014-04-08 Thread Steven Tardy

On Tue, Apr 8, 2014 at 2:56 AM, Keith Keller 
kkel...@wombat.san-francisco.ca.us wrote:

 On 2014-04-08, Karanbir Singh kbsi...@centos.org wrote:
 
  Earlier in the day today, we were made aware of a serious
  issue in openssl as shipped in CentOS-6.5 ( including updates issued
  since CentOS-6.5 was released ); This issue is addressed in detail at
  http://heartbleed.com/

  is there an easy way to know which services need to be kicked?



rpm -q --whatrequires openssl
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

2014-03-20 Thread Steven Tardy

 On Mar 20, 2014, at 3:48 PM, Matthew Miller mat...@mattdm.org wrote:
 
 Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would
 you care strongly if it went away (or would you just migrate to something
 else)?
 
 I bring this up because we are discussing dropping it from Fedora. This
 would be far enough in the future that it wouldn't impact RHEL 7, and
 therefore won't affect anyone here for Quite Some Time*, but here in the new
 world order of CentOS, I thought it might be useful to check with some
 actual downstream users.
 
 What do you think? Do you rely on hosts.allow/hosts.deny a primary security
 mechanism? As defense-in-depth? Do you have policies which mandate it?
 
 Your feedback appreciated. Thanks!
 
 
 * and the standard caveats that Fedora doesn't necessarily determine the
 path for RHEL apply, of course.
 
 
 -- 
 Matthew Miller   mat...@mattdm.org  http://mattdm.org/

I know a .gov which exclusively uses tcp wrappers instead of iptables. 
1) tcp wrappers is consistent across Unix'ses (Solaris/AIX/Linux)
2) if it ain't broke / resistance to change / etc
3) political / layer 8 issues. Iptables is a firewall and firewalls are handled 
by the security group not the sysadmin group.


I know a .edu which uses tcp wrappers instead of iptables in a containers 
environment. With 250+ containers on a 40GB hardware node, iptables used too 
much RAM since it's resident 100% of the time. Tried using a fail2ban 
equivalent inserting iptables rules and after some number of rules iptables 
wouldn't take any more. Tcp wrappers scaled much much higher using less RAM.


Political reasons shouldn't prevent removing tcp wrappers, but some technical 
reasons still exist.

Steven Tardy
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: missing /dev paths

2014-03-12 Thread Steven Tardy

rescan-scsi-bus.sh?

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Online_Storage_Reconfiguration_Guide/rescan-scsi-bus.html

 On Mar 12, 2014, at 7:24 PM, James Pifer j...@obrien-pifer.com wrote:
 
 Looking for help kind of in a hurry. I've been searching google but not 
 finding any options.
 
 Is there any way to fix missing /dev paths to luns without rebooting?
 
 For example, see the output from lsscsi below. The only way I know to 
 fix this is with a reboot, but I REALLY Need to avoid that if possible.
 
 Thanks
 James
 
 
 [2:0:1:150]  diskDataCore Virtual Disk DCS   -
 [2:0:1:151]  diskDataCore Virtual Disk DCS   -
 [2:0:1:152]  diskDataCore Virtual Disk DCS   -
 [2:0:1:153]  diskDataCore Virtual Disk DCS   -
 [2:0:1:154]  diskDataCore Virtual Disk DCS   /dev/sdic
 [2:0:1:155]  diskDataCore Virtual Disk DCS   -
 [2:0:1:156]  diskDataCore Virtual Disk DCS   -
 [2:0:1:157]  diskDataCore Virtual Disk DCS   -
 [2:0:1:158]  diskDataCore Virtual Disk DCS   -
 [2:0:1:159]  diskDataCore Virtual Disk DCS   /dev/sdid
 [2:0:1:160]  diskDataCore Virtual Disk DCS   /dev/sdie
 [2:0:1:161]  diskDataCore Virtual Disk DCS   -
 [2:0:1:162]  diskDataCore Virtual Disk DCS   -
 [2:0:1:163]  diskDataCore Virtual Disk DCS   -
 [2:0:1:164]  diskDataCore Virtual Disk DCS   -
 [2:0:1:165]  diskDataCore Virtual Disk DCS   /dev/sdif
 [2:0:1:166]  diskDataCore Virtual Disk DCS   /dev/sdig
 [2:0:1:167]  diskDataCore Virtual Disk DCS   /dev/sdih
 [2:0:1:168]  diskDataCore Virtual Disk DCS   /dev/sdii
 [2:0:1:169]  diskDataCore Virtual Disk DCS   /dev/sdij
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cachefs

2014-03-01 Thread Steven Tardy

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Storage_Administration_Guide/#rhel6storage-whatsnew

fs-cache is a tech preview(Zero support from redhat).

Tried cachefs on a few servers(don't remember if it was rhel 6.1 or 6.2 at the 
time), had problems (server hanging/unresponsive), asked redhat for support, 
was denied support, removed cachefs.

Unsure if newer versions are more stable.(fool me once kind if thing)


 On Mar 1, 2014, at 7:48 AM, Rita rmorgan...@gmail.com wrote:
 
 has anyone been using cachefs with 6.x series? i have tried using it but i
 keep getting hung processes after 2 weeks.
 
 ATM, running 6.3 but was curious if its more stable on Centos 6.5?
 
 -- 
 --- Get your facts first, then you can distort them as you please.--
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Howto to capture taskset output command

2014-02-26 Thread Steven Tardy

On Wed, Feb 26, 2014 at 6:57 AM, C. L. Martinez carlopm...@gmail.comwrote:

 if [ $cpu_affinity == $cpu_affinity_ok ]; then


are you comparing strings or integers?
# man test
   STRING1 = STRING2
  the strings are equal
   INTEGER1 -eq INTEGER2
  INTEGER1 is equal to INTEGER2
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Static routing on CentOS

2014-02-26 Thread Steven Tardy

Something on that subnet will need to know how to accept and forward the packet 
to the correct destination: the router/gw will still have to have a route added.



 On Feb 26, 2014, at 9:24 AM, Steve Clark scl...@netwolves.com wrote:
 
 Actually you can by adding a route via the interface
 ip r a  20.20.20.0/24  dev eth0
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Virtual Hosts question

2014-02-06 Thread Steven Tardy

On Thu, Feb 6, 2014 at 11:54 AM, Joseph Hesse joehe...@gmail.com wrote:


 == httpd.conf ==
 ServerName 192.168.0.99

 NameVirtualHost *:80

 VirtualHost *:80
   ServerName IDoNotExist.com
   DocumentRoot /var/www/html
   DirectoryIndex Index.html index.html
 /VirtualHost

 VirtualHost *:80
   ServerName X.com
   ServerAlias www.X.com
   DocumentRoot /var/www/wordpress
   DirectoryIndex Index.html index.html index.php Index.php
   CustomLog logs/access_log_custom common
 /VirtualHost
 == httpd.conf ==

 Tail of error.log ==
 [Thu Feb 06 10:26:01 2014] [error] [client 24.118.254.66] Directory
 index forbidden by Options directive: /var/www/wordpress/
 == error.log ==



update your httpd.conf...
  http://httpd.apache.org/docs/2.2/mod/core.html#options

 == httpd.conf ==
ServerName 192.168.0.99

NameVirtualHost *:80

Directory /var/www/wordpress
 Options Indexes FollowSymLinks
/Directory

 VirtualHost *:80
  ServerName IDoNotExist.com
  DocumentRoot /var/www/html
  DirectoryIndex Index.html index.html
 /VirtualHost

 VirtualHost *:80
  ServerName X.com
  ServerAlias www.X.com http://www.x.com/
  DocumentRoot /var/www/wordpress
  DirectoryIndex Index.html index.html index.php Index.php
  CustomLog logs/access_log_custom common
 /VirtualHost
== httpd.conf ==
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Permissions for LAMP

2014-01-25 Thread Steven Tardy

On Sat, Jan 25, 2014 at 7:33 AM, Joseph Hesse joehe...@gmail.com wrote:

 I am running a Lamp server on a CentOS 6.5 box. It works fine, I am
 concerned that I may have the wrong file/dir permissions.

 The directories /var and /var/www are root:root and 755.

 For /var/www/html and all directories underneath I have apache:apache
 and 770.

 For all files under /var/www/html I have apache:apache and 660.

 Are these these permissions OK?

 Thank you,
 Joe
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


the problem with your /var/www/html permissions is the user/group apache
can write to directories and files. which can be used by anyone on the
internet(bad guys) to use potentially exploitable dynamic
pages(.php/.cgi/etc) to add/modify files on your server. this is a bad
thing. SELinux may offer some protections.
i would:
  chmod -R g-w /var/www/html
  chown -R somewebuser /var/www/html
(replace somewebuser with the unix user account to modify the website.)

  http://wiki.apache.org/httpd/FileSystemPermissions
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] flashing a BIOS on an HP server

2013-05-01 Thread Steven Tardy

had to do this last week on a dell something or other
after way too much failed trial-and-error, here is what i did:

  $ bunzip2 Downloads/FreeDOS-1.1-USB-Boot.img.bz2
  $ sudo dd if=Downloads/FreeDOS-1.1-USB-Boot.img of=/dev/sdb
  * unplug/plug *
  $ cp Downloads/O380-A07.exe /media/FREEDOS1~1A/
  * reboot *

steven tardy
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] chrooted bind -- addition to rsyslog.conf

2013-02-14 Thread Steven Tardy

On 02/14/2013 04:00 PM, Robert Moskowitz wrote:
 In /etc/sysconfig/named that gets installed along with bind-chroot there
 is a comment that basically says:

 Don't forget to add $AddUnixListenSocket /var/named/chroot/dev/log
 line to your /etc/rsyslog.conf file.

 All these little touches you need to find out about.  But is there any
 order in rsyslog.conf?  Do I just add this line to the end of it?

add your file in /etc/rsyslog.d/*whatever*.conf and restart rsyslog.
[user@dns01 ~]# cat /etc/rsyslog.d/MSU.named.chroot.conf
$AddUnixListenSocket /var/named/chroot/dev/log
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sending Email Via Telnet

2012-10-16 Thread Steven Tardy

is any email program running?
run:
   netstat -pant|grep :25|grep LISTEN
to see if any program is listening... output should look like:
  tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 21493/sendmail

guess it'll say 'postfix' or 'master' instead of 'sendmail' on RH6.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] space problem

2012-06-13 Thread Steven Tardy

On 06/13/2012 12:18 PM, m.r...@5-cent.us wrote:
 CentOS 6.2. I have a 2TB drive, one partition, which is used for online
 backups. It filled up the other day. I moved a couple of b/u directories
 off it, and deleted the originals, which should have given me 42G free. I
 also reduced the reserved blocks by 1/3rd.

 I've just finished an fsck, which it needed anyway, and in which there was
 a problem in an HTREE directory node.

 df *still* tells me that there are zero bytes free.

 Clues?

maybe the files you removed are still open by some other process?
info unlink
  The `unlink' function deletes the file name FILENAME.  If this is
  a file's sole name, the file itself is also deleted.  (Actually,
  if any process has the file open when this happens, deletion is
  postponed until all processes have closed the file.)

use lsof to find processes which might still have the file open.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] resource efficient log scanning tools

2012-06-08 Thread Steven Tardy

simple-evcorr.sourceforge.net (sec.pl)
the rules are a bit of a bear to learn, but it can do anything.
300 syslogs/second using ~5% cpu and 20MB of ram with 600+ rules.

On 06/08/2012 04:26 PM, Nataraj wrote:
 I'm looking for a logfile scanner that can search for regular
 expressions in logfiles and send immediate email notifications.  I'd
 like to try to find something that doesn't use huge amounts of memory.
 I'm currently running fail2ban and used it to do some of this scanning,
 but I'm finding that it can suck up memory and CPU resources when there
 is a lot of logging going on.

 I am aware of swatch,  but most people say that it is pretty resource
 intensive as well.  I came across logsurfer in google search and was
 wondering if anyone has experience with it or what other good
 alternatives might exist.

 While fancy features are nice, I'm willing to forgo them for lower
 resource consumption.

 Thanks,
 Nataraji
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] gnome / gdm mess

2012-06-05 Thread Steven Tardy

On 06/05/2012 06:03 AM, Philippe Naudin wrote:
 Can someone point me to some useful doc ?

google:
site:docs.redhat.com install gnome
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rsyslog.conf - why the - in this entry? mail.* -/var/log/maillog

2012-06-05 Thread Steven Tardy

On 06/05/2012 09:30 AM, James B. Byrne wrote:
 In dealing with an unrelated issue I came across this in rsyslog.conf.
 mail.*   -/var/log/maillog

 Why is there a - before /var/log/maillog?

man syslog.conf
 You may prefix each entry with the minus ‘‘-’’ sign to omit 
syncing the
 file  after every logging.  Note that you might lose 
information if the
 system crashes right behind a write attempt.  Nevertheless 
this  might
 give you back some performance, especially if you run programs 
that use
 logging in a very verbose manner.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bind Died CentOS 6.2 64Bit

2012-05-22 Thread Steven Tardy

On 05/21/2012 10:57 AM, Shiv. NK wrote:
 bind cannot load zone files, i see the following in the log for all domains.

 i have tried with 777 to all zone files but does not make difference. main
 directories are also owned by named:named


 May 21 15:45:23 nsfo1 named-sdb[2482]: zone dot.com.gh/IN: loading from
 master file master/db.gh.com.dot failed: permission denied

where is zone file db.gh.com.dot?
show the output of:
   /etc/init.d/named configtest
   ls -lZ /var/named
   ls -lZ /var/named/chroot/var/named
   ls -lZ /var/named/master
   ls -lZ /var/named/chroot/var/named/master
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Limit max number of e-mails sent per hour

2012-05-22 Thread Steven Tardy

On 05/22/2012 08:10 AM, Nikos Gatsis - Qbit wrote:
 Hello list
 I use sendmail-8.14.4-8.el6.x86_64 and I wonder how to restrict the
 number of emails sendmail sent over an hour.
 Is the define(`confMAX_QUEUE_RUN_SIZE', `200') command what I'm looking for?
 Thank you in advance.

www.sendmail.com/sm/open_source/docs/m4/tweaking_config.html#confMAX_QUEUE_RUN_SIZE
that setting pertains to queued email...
not email that entered the queue and was successfully delivered.

sendmail does not provide 'rate limit emails' functionality by default.

check out:
   puszcza.gnu.org.ua/projects/mailfromd
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

1 2 >

1 - 100 of 110 matches

Mail list logo