RE: [CentOS] Filesystem that doesn't store duplicate data

[Ross S. W. Walker]

Ruslan Sivak wrote:
> 
> This is a bit different then what I was proposing.  I know 
> that backupPC 
> already does this on a file level, but I want a filesystem 
> that does it 
> at a block level.  File level only helps if you're backing up 
> multiple 
> systems and they all have the same exact files.  Block level 
> would help 
> a lot more I think.  You'd be able to do a full backup every 
> night and 
> have it only take up around the same space as a differential backup.  
> Things like virtual machine disk images which a lot of times 
> are clones 
> of each other, could take up only a small additinal amount of 
> space for 
> each clone, proportional to the changes that are made to that 
> disk image. 

Well then I would look at backup software that does block-level
de-duplication. Even if the file system did do this, as the
backup software read the files it would re-create the duplicate
unless the backup software was intimately married to the file
system, which makes things a little too proprietary.

You will find that de-duplication can happen on many different
levels here. I was proposing the near-line data at rest, while
the far-line or archival data at rest would be a different
scenario. Near-line needs to be more performance conscious then
far-line.

> Nobody really answered this, so I'll ask again.  Is there a windows 
> version of Fuse?  How does one test a fuse filesystem while 
> developing 
> it?  Would be nice to just be able to run something from 
> eclipse, once 
> you've made your changes and have a drive mounted and ready to test.  
> Being able to debug a filesystem while it's running would be 
> great too.  
> Anyone here with experience building Fuse filesystems?

While FUSE is a distinctly Linux development, Windows has had
installable file system filters for a long time. These work a
lot like stackable storage drivers in Linux and is the basis
of a lot of storage tools on Windows including anti-virus
software (as well as rootkits).

Windows does have a de-duplication service that works on the
file level much like what I proposed called the Single Instance
Storage Groveler (I like to call it the single instance storage
mangler :-), and high-end backup software companies have block
level de-duplication options for their software, proprietary
storage appliance companies also have block level de-duplication
for their near and far line storage (big $$$).

> Ross S. W. Walker wrote:
> >
> > These are all good and valid issues.
> >
> > Thinking about it some more I might just implement it as a system 
> > service that scans given disk volumes in the background, keeps a 
> > hidden directory where it stores it's state information and 
> hardlinks 
> > named after the md5 hash of the files on the volume. If a 
> collission 
> > occurs with an existing md5 hash then the new file is unlinked and 
> > re-linked to the md5 hash file, if an md5 hash file exists with no 
> > secondary links then it is removed. Maybe monitor the 
> journal or use 
> > inotify to just get new files and once a week do a full volume scan.
> >
> > This way the file system performs as well as it normally 
> does and as 
> > things go forward duplicate files are eliminated 
> (combined). Of course 
> > the problem arises of what to do when 1 duplicate is 
> modified, but the 
> > other should remain the same...
> >
> > Of course what you said about revisions that differ just a little 
> > won't take advantage of this, but it's file level so it only works 
> > with whole files, still better then nothing.
> >
> > -Ross
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> > To: CentOS mailing list 
> > Sent: Thu Dec 06 08:10:38 2007
> > Subject: Re: [CentOS] Filesystem that doesn't store duplicate data
> >
> > On Thursday 06 December 2007, Ross S. W. Walker wrote:
> > > How about a FUSE file system (userland, ie NTFS 3G) that layers
> > > on top of any file system that supports hard links
> >
> > That would be easy but I can see a few issues with that approach:
> >
> > 1) On file level rather than block level you're going to be 
> much more
> > inefficient. I for one have gigabytes of revisions of files 
> that have 
> > changed
> > a little between each file.
> >
> > 2) You have to write all datablocks to disk and then erase 
> them again 
> > if you
> > find a match. That will slow you down and create some weird 
> behavior. I.e.
> > you know the FS shouldn't store duplicate data, yet you 
> can't use cp 
> > to copy
>

[CentOS] Prevent kernel upgrade unless given dependencies satisfied

[Ross S. W. Walker]

Dear List Members,
 
Is there a way to prevent a kernel from being upgraded unless
a list of given dependencies are satisfied?
 
What I am getting at is sometimes updated kernels are available
before the upgraded versions of the kernel modules in 'extras'
are (ie drbd).
 
If there were a way to list these modules as dependencies that
must be satisfied before a kernel upgrade can be performed it
would prevent a lot of pain around upgrade management.
 
 
Thanks,
 

Ross S. W. Walker
Information Systems Manager
Medallion Financial, Corp.
437 Madison Avenue
38th Floor
New York, NY 10022
Tel: (212) 328-2165
Fax: (212) 328-2125
WWW: http://www.medallion.com <http://www.medallion.com/>  

 

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] RPM Spec and subpackage architecture

[Ross S. W. Walker]

Are there any RPM wizards out there that know how to specify a
different architecture for a subpackage in a spec file?
 
I have a package that has a binary component and a non-binary
component that I would like split into 2 packages one, the
binary which is architecture dependant and the other 'noarch'.
 
I haven't found a spec file that does this yet :-(
 
 
Ross S. W. Walker
Information Systems Manager
Medallion Financial, Corp.
437 Madison Avenue
38th Floor
New York, NY 10022
Tel: (212) 328-2165
Fax: (212) 328-2125
WWW: http://www.medallion.com <http://www.medallion.com/>  
 

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] RPM Spec and subpackage architecture [SOLVED]

[Ross S. W. Walker]

Ross S. W. Walker wrote:
> 
> Are there any RPM wizards out there that know how to specify a
> different architecture for a subpackage in a spec file?
>  
> I have a package that has a binary component and a non-binary
> component that I would like split into 2 packages one, the
> binary which is architecture dependant and the other 'noarch'.
>  
> I haven't found a spec file that does this yet :-(

Ok, well it isn't pretty, but it's the only way to do it, I am
posting a general RPM specfile template that outlines it.

Once you have the spec file created you can do an:

# rpmbuild --target=$(uname -i),noarch 

And it should build the binary and noarch.

Here's the template:
##
## Global Package Definitions
##

## Package Options

## Package Definitions

## Platform Definitions

##
## Main Package
##

## Information
Summary: 
Name: 
Version: 
Release: 
License: 
Group: 
URL: 
Packager: 

## Sources

## Patches

## Build Definitions
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}

## Build Requirements
BuildRequires: 

## Install Requirements
Requires: %{name}-subname = %{version}-%{release}

## Description
%description


##
## Subpackage
##
%ifarch noarch
%package subname

## Information
Summary: 

## Build Requirements
BuildRequires: 

## Install Provides
Provides: %{name}-subname

## Description
%description subname

%endif


##
## Package Creation
##

## Preparation
%prep



## Build
%build
%ifnarch noarch

%endif


## Installation
%install
%{__rm} -rf %{buildroot}
%ifnarch noarch

%else

%endif


## Cleaning
%clean
%{__rm} -rf %{buildroot}


## Post-Install Script (Package)
%ifnarch noarch
%post

%endif


## Pre-Uninstall Script (Package)
%ifnarch noarch
%preun

%endif


## Post-Uninstall Script (Package)
%ifnarch noarch
%postun

%endif


## Post-Install Script (Subpackage)
%ifarch noarch
%post subname

%endif


## Pre-Uninstall Script (Subpackage)
%ifarch noarch
%preun subname

%endif


## Post-Uninstall Script (Subpackage)
%ifnarch noarch
%postun subname

%endif


## File Catalog (Package)
%ifnarch noarch
%files

%endif


## File Catalog (Subpackage)
%ifarch noarch
%files subname

%endif


## Change Log
%changelog

Hope this helps somebody.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Where are my VIM colors?

[Ross S. W. Walker]

Please check the changlelog for vim, RH backports patches, so on a RH system,  
vim install will not be the same as the officially released version of the same 
number.

-Ross
 

-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: CentOS mailing list 
Sent: Fri Dec 07 13:04:13 2007
Subject: Re: [CentOS] Where are my VIM colors?

Jon Stanley wrote:

>On Dec 7, 2007 11:30 AM, Charles E Campbell Jr
><[EMAIL PROTECTED]> wrote:
>
>  
>
>>   - If you didn't install vim-enhanced,  I suggest getting the vim
>>source, preferably applying the patches, and compiling it yourself:
>>
>>
>
>Why?  There would be nothing that we could do to support anything
>compiled form source.  I attempt to discourage it as much as possible.
>  
>

* many (usually hundreds) of bugs from any earlier releases have been 
fixed if one is using an earlier release
* applying patches fixes yet more bugs (currently there are 170 patches 
to vim 7.1) (admittedly, I didn't specify how to apply patches)
* runtime files have been updated (generally to fix  bugs)
* there are options associated with the configure, such as whether to 
have ruby, perl, cscope, Sun workshop, etc support compiled in  (see 
configure --help for the list)
* if one wants support for vim, there's an active mailing list for it 
with many knowledgable folks, including vim's author (see 
http://vim.sf.net/ for details)

Regards,
Chip Campbell

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Issues installing x86_64 5.1 on Ultra 40

[Ross S. W. Walker]

Ray Van Dolson wrote:
> 
> Hi all, we're trying to install CentOS 5.1 on a Sun Ultra 40.  This is
> an AMD-powered machine and we're using the x86_64 version of CentOS
> 5.1.  The machine is using the NVidia CK804 chipset and has 
> SATA disks.
> It also has 16GB's of memory which prompted us to upgrade the BIOS on
> the machine from 1.1 to 1.6 per this (we also have the two quadro
> cards):
> 
>   http://docs.sun.com/source/819-3954-18/index.html#0_37092
> 
> The install goes fine up until the installer is trying to format the
> disks.  Part of the way through it simply dies and pops up an error
> saying that the installer couldn't format the LVM volume and 
> we have to
> reboot.
> 
> An examination of dmesg output shows that there are many SATA errors
> occuring at this point.  Timeouts and such.
> 
> After a reboot, the SATA drive no longer shows up -- not even in BIOS.
> It's as if the formatting has instructed the drive to deactivate
> itself. :)  A hard reset and reseat of the drive in the SATA enclosure
> brings it back again.
> 
> First thought was that the slot or SATA port was bad, so we have moved
> to others with the same result.
> 
> Solaris 10 x86 installs perfectly on this machine, so I'm starting to
> think that the sata_nv driver is to blame here.
> 
> We're in the process of trying 32-bit CentOS 5.1 on the 
> system just for
> giggles, and may try Fedora 8 as well or RHEL 5.1 and use our paid
> support to track this issue down, but thought I'd run it by everyone
> here.
> 
> Didn't see any existing issues in bugzilla.redhat.com or
> bugs.centos.org.
> 
> Any insights on this?
> 
> I will get the exact error messages posted up here soon (output from
> dmesg, etc).


Try "acpi=noirq" as a kernel argument. Some AMD chipsets have problems
letting the OS know what irq the 8250 timer is on, the nvidia one is
definitely a problem, I have the same chipset in a couple of Dell
Dimension e521 desktops :-(


-Ross



__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Issues installing x86_64 5.1 on Ultra 40

[Ross S. W. Walker]

Ross S. W. Walker wrote:
> 
> Ray Van Dolson wrote:
> > 
> > Hi all, we're trying to install CentOS 5.1 on a Sun Ultra 
> 40.  This is
> > an AMD-powered machine and we're using the x86_64 version of CentOS
> > 5.1.  The machine is using the NVidia CK804 chipset and has 
> > SATA disks.
> > It also has 16GB's of memory which prompted us to upgrade 
> the BIOS on
> > the machine from 1.1 to 1.6 per this (we also have the two quadro
> > cards):
> > 
> >   http://docs.sun.com/source/819-3954-18/index.html#0_37092
> > 
> > The install goes fine up until the installer is trying to format the
> > disks.  Part of the way through it simply dies and pops up an error
> > saying that the installer couldn't format the LVM volume and 
> > we have to
> > reboot.
> > 
> > An examination of dmesg output shows that there are many SATA errors
> > occuring at this point.  Timeouts and such.
> > 
> > After a reboot, the SATA drive no longer shows up -- not 
> even in BIOS.
> > It's as if the formatting has instructed the drive to deactivate
> > itself. :)  A hard reset and reseat of the drive in the 
> SATA enclosure
> > brings it back again.
> > 
> > First thought was that the slot or SATA port was bad, so we 
> have moved
> > to others with the same result.
> > 
> > Solaris 10 x86 installs perfectly on this machine, so I'm 
> starting to
> > think that the sata_nv driver is to blame here.
> > 
> > We're in the process of trying 32-bit CentOS 5.1 on the 
> > system just for
> > giggles, and may try Fedora 8 as well or RHEL 5.1 and use our paid
> > support to track this issue down, but thought I'd run it by everyone
> > here.
> > 
> > Didn't see any existing issues in bugzilla.redhat.com or
> > bugs.centos.org.
> > 
> > Any insights on this?
> > 
> > I will get the exact error messages posted up here soon (output from
> > dmesg, etc).
> 
> 
> Try "acpi=noirq" as a kernel argument. Some AMD chipsets have problems
> letting the OS know what irq the 8250 timer is on, the nvidia one is
> definitely a problem, I have the same chipset in a couple of Dell
> Dimension e521 desktops :-(

My explaination wasn't totally accurate. The acpi=noirq disables the
ACPI IRQ routing table lookup for IRQ redirects and reprogramming. Some
AMD chipsets had a bug in the way this table was built that caused 2.6
kernels to fail in getting a hook into the table which caused all kinds
of intermittent problems. By disabling this feature you run the possibility
of IRQ conflicts that will need to use the IRQ management in the BIOS to
resolve. Updating the BIOS of the system sometimes fixes the problem.

It just turns out that the system timer irq was my "symptom" that I
experienced, but it is different for different systems/configurations.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] building a Xen guest image on straight LVM partitions?

[Ross S. W. Walker]

Johnny Tan wrote:
> 
> Amos Shapira wrote:
> > When I needed to build Xen guests under Debian I could 
> follow more or
> > less the instructions in http://preview.tinyurl.com/2oc48r and the
> > advantage of this approach is that it allows me to setup 
> the Xen guest
> > directly on the LVM partition without making it consider the LVM
> > partition as an entire disk with a partition table.
> 
> I might be missing something, but that link seems to talk 
> about FAI and doesn't mention xen. I'm interested in seeing 
> how it can install on the LVM partition but the OS doesn't 
> see it as an entire disk with a partition table. What does 
> "fdisk -l" show, then?

Here is a good link: http://wiki.rpath.com/wiki/Xen_DomU_Guide

The Xen domU or HVM will treat the partition as a whole disk, so
that means MBR and stuff, but you can mount it on dom0 as such:

# fdisk -l -u /dev/es_storage/exch_data.1

Disk /dev/es_storage/exch_data.1: 218.2 GB, 218233831424 bytes
255 heads, 63 sectors/track, 26532 cylinders, total 426237952 sectors
Units = sectors of 1 * 512 = 512 bytes

   Device Boot  Start End  Blocks   Id  
System
/dev/es_storage/exch_data.1p1 128   426220514   213110193+   7  
HPFS/NTFS

# mount -t ntfs -o loop,offset=128 /dev/es_storage/exch_data.1 /mnt

That will create an auto-loop mount of the partition at sector
offset 128.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] building a Xen guest image on straight LVM partitions?

[Ross S. W. Walker]

Ross S. W. Walker wrote:
> 
> Johnny Tan wrote:
> > 
> > Amos Shapira wrote:
> > > When I needed to build Xen guests under Debian I could 
> > follow more or
> > > less the instructions in http://preview.tinyurl.com/2oc48r and the
> > > advantage of this approach is that it allows me to setup 
> > the Xen guest
> > > directly on the LVM partition without making it consider the LVM
> > > partition as an entire disk with a partition table.
> > 
> > I might be missing something, but that link seems to talk 
> > about FAI and doesn't mention xen. I'm interested in seeing 
> > how it can install on the LVM partition but the OS doesn't 
> > see it as an entire disk with a partition table. What does 
> > "fdisk -l" show, then?
> 
> Here is a good link: http://wiki.rpath.com/wiki/Xen_DomU_Guide
> 
> The Xen domU or HVM will treat the partition as a whole disk, so
> that means MBR and stuff, but you can mount it on dom0 as such:
> 
> # fdisk -l -u /dev/es_storage/exch_data.1
> 
> Disk /dev/es_storage/exch_data.1: 218.2 GB, 218233831424 bytes
> 255 heads, 63 sectors/track, 26532 cylinders, total 426237952 sectors
> Units = sectors of 1 * 512 = 512 bytes
> 
>Device Boot  Start End 
>  Blocks   Id  System
> /dev/es_storage/exch_data.1p1 128   426220514   
> 213110193+   7  HPFS/NTFS
> 
> # mount -t ntfs -o loop,offset=128 /dev/es_storage/exch_data.1 /mnt
> 
> That will create an auto-loop mount of the partition at sector
> offset 128.

Oops, offset is in bytes not sectors, so it would be offset 65536 in
my case (sector * 512).

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] building a Xen guest image on straight LVM partitions?

[Ross S. W. Walker]

Johnny Tan wrote:
> 
> Ross S. W. Walker wrote:
> > Johnny Tan wrote:
> >> Amos Shapira wrote:
> >>> When I needed to build Xen guests under Debian I could 
> >> follow more or
> >>> less the instructions in http://preview.tinyurl.com/2oc48r and the
> >>> advantage of this approach is that it allows me to setup 
> >> the Xen guest
> >>> directly on the LVM partition without making it consider the LVM
> >>> partition as an entire disk with a partition table.
> >> I might be missing something, but that link seems to talk 
> >> about FAI and doesn't mention xen. I'm interested in seeing 
> >> how it can install on the LVM partition but the OS doesn't 
> >> see it as an entire disk with a partition table. What does 
> >> "fdisk -l" show, then?
> > 
> > Here is a good link: http://wiki.rpath.com/wiki/Xen_DomU_Guide
> 
> Based on that link, this seems like a regular install of Xen 
> onto a LVM partition. I thought Amos was referring to some 
> special setup.
> 
> CentOS can definitely do this. Just setup LVM, and then 
> manually edit the /etc/xen/myvm file so that the disk line is:
> 
> disk = [ 'phy:/dev/myvg/mylv,xvda,w', ]

you can short hand it [ 'phy:myvg/mylv,xvda,w' ]

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] building a Xen guest image on straight LVM partitions?

[Ross S. W. Walker]

Amos,

The quickest way to deploy a Xen VM requires a little more prep work...

Use the regular (long) method as discussed. Most use an HVM to do the install 
but config it as a domU afterward as most installers only work reliably in a 
fully virtualized environment.

Create an LVM based guest for each distribution/OS you plan to use. Then for 
each Xen guest you want to create take an LVM snapshot of the distribution/OS 
of choice and use that for the guest.

This way guest deployment is very quick and disk space is conserved wisely. You 
can start with 1 or 2 GB snapshot and as space gets tight in the snapshot add 
more storage.

-Ross


-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: CentOS mailing list 
Sent: Tue Dec 11 01:50:01 2007
Subject: Re: [CentOS] building a Xen guest image on straight LVM partitions?

On 11/12/2007, Ross S. W. Walker <[EMAIL PROTECTED]> wrote:
> Here is a good link: http://wiki.rpath.com/wiki/Xen_DomU_Guide

Ah and forgot to say "thank you" for the link. Looks useful.

Cheers,

--Amos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] [OT] Connecting to a Windows server via NFS

[Ross S. W. Walker]

Rick Barnes wrote:
> 
> Hello,
> 
> I realize this may be off-topic for this mailing-list, but at 
> this point
> I am not sure where the problem is continue troubleshooting. We have a
> server that has Windows Unified Data Storage Server that is 
> supposed the
> be able to provide NFS shares. I have attempted to setup a 
> NFS share and
> I think I have it setup correctly on the server. I have the User
> Mappings created on the Windows server and share setup.
> 
> When I mount the share from my CentOS server, I get this:
> 
> # mount -o rw storage:/share /srv/nfs
> # ls -l
> total 1
> drwx--  2 42949672944294967294 64 Dec 11 14:46 nfs
> # ls -l nfs
> ls: nfs: Permission denied
> 
> My guess would be permissions on the Windows server, but the 
> test it, I
> have setup "Everyone" to have full control of the share while 
> I test it.
> If anyone has experience with SFU and would be will to give me some
> pointers that would be great.

You will need to setup the "Administrator" or "root" permissions
separately on the SFU server.

Otherwise test it with some other user account on the CentOS box.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Suitable VPN RPM on centos 5?

[Ross S. W. Walker]

I've noticed quite a few of these India consulting companies using the mailing 
lists to supplement their lack of internal skilled personnel.

It really gives me pause when/if I need to consider outsourcing technology 
work. The fact that these companies are not upfront about their knowledge base 
and what they are truly capable of handling makes me wonder if this is really 
the most cost effective way to go.

-Ross


-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: CentOS mailing list 
Sent: Thu Dec 13 08:34:04 2007
Subject: Re: [CentOS] Suitable VPN RPM on centos 5?

Karanbir Singh wrote: 

Indunil Jayasooriya wrote:
  

Peer IP: 194.237.227.202  
 
Server IP: 192.168.0.2  
  / 255.255.255.255
  
Pre-shared key: d769hdsKJ
Ike, Phase1: 3des, sha, dh2
Ipsec, Phase2: 3des, sha



I hope you realise that by posting such information you have just
compromised the site.
  

I'm not sure I entirely understand why this list has become what appears to be 
backend support for Indunil Jayasooriya's company.

-- jeremy


__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bonding problem in CENTOS4

[Ross S. W. Walker]

Try setting a manual MAC address on the bond interface that is different then 
any of the physical ones.

-Ross


-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: centos@centos.org 
Sent: Mon Dec 17 07:44:21 2007
Subject: [CentOS] Bonding problem in CENTOS4

I use bonding  under CENTOS4.5 x32_62.
I have these weird messages when I'm restarting  network.
 Do you have any ideas how to fix this?
(there is similar bug for centos5 http://bugs.centos.org/view.php?id=2404, but 
the author says that it worked for him in centos4...)

Thanks
Vitaly

Dec 17 08:34:21  3_10 kernel: bonding: Warning: the permanent HWaddr of eth0 - 
00:1A:64:0A:DC:9C - is still in use by bond0. Set the HWaddr of eth0 to a 
different address to avoid conflicts.
Dec 17 08:34:21  3_10 kernel: bonding: bond0: releasing active interface eth0
Dec 17 08:34:21  3_10 kernel: bonding: bond0: making interface eth1 the new 
active one.
Dec 17 08:34:21  3_10 kernel: bonding: bond0: releasing active interface eth1
Dec 17 08:34:21  3_10 network: Shutting down interface bond0:  succeeded
Dec 17 08:34:21  3_10 network: Shutting down interface eth2:  succeeded


Dec 17 08:35:16 3_10 kernel: ADDRCONF(NETDEV_UP): bond0: link is not ready
Dec 17 08:35:20 3_10 ifup: Enslaving eth0 to bond0
Dec 17 08:35:20 3_10 kernel: bnx2: eth0: using MSI
Dec 17 08:35:20 3_10 kernel: ADDRCONF(NETDEV_UP): eth0: link is not ready
Dec 17 08:35:20 3_10 kernel: bonding: bond0: enslaving eth0 as a backup 
interface with a down link.
Dec 17 08:35:20 3_10 ifup: Enslaving eth1 to bond0
Dec 17 08:35:20 3_10 kernel: bnx2: eth1: using MSI
Dec 17 08:35:20 3_10 kernel: ADDRCONF(NETDEV_UP): eth1: link is not ready
Dec 17 08:35:20 3_10 kernel: bonding: bond0: enslaving eth1 as a backup 
interface with a down link.
Dec 17 08:35:20 3_10 network: Bringing up interface bond0:  succeeded
Dec 17 08:35:21 3_10 kernel: ADDRCONF(NETDEV_UP): eth2: link is not ready
Dec 17 08:35:23  3_10 kernel: bnx2: eth0 NIC Link is Up, 1000 Mbps full duplex
Dec 17 08:35:23 3_10 kernel: bonding: bond0: link status definitely up for 
interface eth0.
Dec 17 08:35:23 3_10 kernel: bonding: bond0: making interface eth0 the new 
active one.
Dec 17 08:35:23 3_10 kernel: bonding: bond0: first active interface up!
Dec 17 08:35:23 3_10 kernel: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Dec 17 08:35:23 3_10 kernel: bnx2: eth1 NIC Link is Up, 1000 Mbps full duplex
Dec 17 08:35:23 3_10 kernel: bonding: bond0: link status definitely up for 
interface eth1.
Dec 17 08:35:23 3_10 kernel: tg3: eth2: Link is up at 1000 Mbps, full duplex.
Dec 17 08:35:24 3_10 kernel: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
Dec 17 08:35:24 3_10 kernel: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
Dec 17 08:35:24 3_10 kernel: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
Dec 17 08:35:24 3_10 kernel: bond0: duplicate address detected!
Dec 17 08:35:25 3_10 network: Bringing up interface eth2:  succeeded

 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Expandable network storage

[Ross S. W. Walker]

No it probably would not provide the performance unless run on 10 Gbe. Of 
course that depends on the number of write transactions, 1Gbe maxs around 
100MB/s, so if you need faster performance look elsewhere.

I doubt it's reliability too, nbd is a simple protocol, but as such doesn't 
provide for error recovery.

Best bet, build performance storage with redundancy on 1 server, then if budget 
allows duplicate it on another and use something like drbd to replicate it 
(synchronous if network speed allows, asynchronous otherwise) for high 
availability.

-Ross


-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: CentOS mailing list 
Sent: Mon Dec 17 04:56:57 2007
Subject: RE: [CentOS] Expandable network storage

Hi all,

I'm currently thinking about similar configurations, and (also for cost
reasons :-) am also thinking about GNBD with two standard servers as a
"poor man" redundant storage - but I'm wondering if that gives enough
performance for running databases (in my case Oracle) on top of it. The
configuration I'm thinking about would be two current Dell servers with
hardware RAID 10 and connected by a dedicated 1 GBit crossover-cable,
running both the cluster software and Oracle.

Does anyone use this in "real-World" scenarios and has some practical
experience with it?

Best regards,
__
/homas

--
Thomas Bleier, DI
Information Management
Austrian Research Centers GmbH - ARC
HG Wien - FN 115980i - ATU14703506
2444 Seibersdorf, Austria

Mobile: +43 (664) 8251279
E-Mail: [EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Steve Campbell
Sent: Friday, December 14, 2007 8:52 PM
To: centos@centos.org
Subject: [CentOS] Expandable network storage

I want to thank everyone who has provided insight into my thread about 
clustering MySql. I kind of just sat back and watched it develop. I 
learned a lot from it all.

I have been reading all of the documentation on clustering provided by 
Centos/Red Hat, and find I travel in circles. I read one chapter and 
answer a self-imposed question but I end up asking myself another.

What I really want to do is have HA for any service I run (which is 
mostly HTTP, MySQL, FTP, and the common things like that). I want to run

that to redundant storage somewhere that is real easy to expand by just 
adding more hardware (server or disk drive).

I started exploring this by using the Cluster Suite as a base and then 
looked into each aspect of the cluster and invariably got stuck on the 
storage side of this. I see how I can maybe set this up originally, but 
the expansion just doesn't seem to be there. I don't really want to go 
the route of Fibre channels and ISCSI, and would prefer to use common 
hardware (which sort of suggests GNBD).

If anyone cares to offer suggestions, with a pretty clear explanation 
trail (thanks Ken Price for your link to a step-by-step), I would really

like to see it, as I'm not getting anywhere with the documentation. I 
hope to get some hardware to play with shortly, and maybe that'll make 
things clearer.

I'm sure it one of those deals where once I get it done, it'll be so 
obvious. I just need a little kickstart to help me get there.

Thanks,

Steve Campbell

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] What is the REAL version of Xen in 5.1?

[Ross S. W. Walker]

I have a 5.1 system with Xen installed. The package says 3.0.3, but an 'xm 
info' shows 3.1.

So what is it? Is it 3.0.3 patched to 3.1 or is it 3.1 packaged as 3.0.3? And 
if it's the former, does anybody have any idea why upstream wouldn't just 
deploy 3.1 (now 3.1.2) which is more stable?

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] What is the REAL version of Xen in 5.1?

[Ross S. W. Walker]

Stephen John Smoogen wrote:
> 
> On Dec 17, 2007 7:49 AM, Ross S. W. Walker 
> <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> >
> > I have a 5.1 system with Xen installed. The package says 
> 3.0.3, but an 'xm
> > info' shows 3.1.
> >
> >  So what is it? Is it 3.0.3 patched to 3.1 or is it 3.1 
> packaged as 3.0.3?
> > And if it's the former, does anybody have any idea why 
> upstream wouldn't
> > just deploy 3.1 (now 3.1.2) which is more stable?
> >
> 
> It is 3.0.3 with patches that would have been 3.0.4 but became 3.1.
> when 5.0 was being put together.
> 
> The 3.1.x might occur as a technology preview in 5.2 but only after
> making sure that an overnight update isnt going to break someones 10k
> Xen box hosting site.

Thanks for the confirmation.

I hope they move it forward a little quicker then that it's already
kind of dated now and it could use some of the memory management fixes
in the 3.1.x branch.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] How to add Xen machine to xenstore?

[Ross S. W. Walker]

I have been looking at the docs, but can't seem to find a way to add a machine 
to the xenstore so it shows up in 'xm list' even when it is shutdown.

I can swear that there was a way to do this and the machine would appear in 
/var/lib/xen/xend-db/domains/

Was this feature removed in the upstram implementation?

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How To increase RAMDISK in CENTOS 4

[Ross S. W. Walker]

Don't use the ram disk feature it was really intended for initrd images.

Use tmpfs instead which you can configure on the 'mount'.

-Ross


-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: centos@centos.org 
Sent: Tue Dec 18 10:30:08 2007
Subject: [CentOS] How To increase RAMDISK in CENTOS 4

Hi All, 

I am using Centos4.0 and running Squid Reverse Proxy for image caching , i have 
configured RAMDISK of 265 MB for one cache folder  in preproduction environment 
for testing now i have upgraded RAM upto 8GB, but when i change ramdisk_size 
parameter in grub.conf  and rebooted the server when i tried to format and 
mount it doesn't work. Can anyone please help me how to increase RAMDISK size 
upto 6GB.

Thanks
Abhishek








Now you can chat without downloading messenger. Click here 

  to know how.

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] gettext does not work after glibc update

[Ross S. W. Walker]

Christoph Mitasch wrote:
> 
> Hi,
> 
> I recently upgraded my system to CentOS 4.6 and noticed that gettext
> does not behave as before the update. As soon as I install 
> the old glibc
> version (glibc-2.3.4-2.36) instead of the new one 
> (glibc-2.3.4-2.39) it
> works again.
> 
> See the Attachment for details.
> 
> Any hints would be appreciated!

What ISO language do you have set as default?

It appears to be translating to Danish or German.


-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Xen, GFS, GNBD and DRBD?

[Ross S. W. Walker]

Take a look at iSCSI for the storage servers. iSCSI Enterprise Target is what I 
use here and it works well for us.

You don't really need shared filesystems if you are doing direct block io to 
LVs or raw partitions as the Xen migration will handle the hand-off, but you 
will if you are using flat files, because of this I recommend using LVs or raw 
partitions as clustered filesystems will put a serious overhead on the Xen 
guest io.

-Ross





-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: CentOS mailing list 
Sent: Wed Jan 02 17:44:19 2008
Subject: [CentOS] Xen, GFS, GNBD and DRBD?

Hi all,

We're looking at deploying a small Xen cluster to run some of our  
smaller applications. I'm curious to get the lists opinions and advice  
on what's needed.

The plan at the moment is to have two or three servers running as the  
Xen dom0 hosts and two servers running as storage servers. As we're  
trying to do this on a small scale, there is no means to hook the  
system into our SAN, so the storage servers do not have a shared  
storage subsystem.

Is it possible to run DRBD on the two storage servers and then export  
the block devices over the network to the xen hosts? Ideally the goal  
is to have the effect of shared storage on the xen hosts so that  
domains can be migrated between them in case one server needs to go  
offline. Do I run GFS on top of the DRBD mirrored device, exported via  
GNBD to the xen hosts; or the other way around, using GNBD to export  
the DRBD mirrored device and then GFS running on the xen hosts?

Is this possible; is there an easier/simpler/better way to do it?

Thanks,
Tom
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Xen, GFS, GNBD and DRBD?

[Ross S. W. Walker]

You can fail-over using iSCSI multi-pathing. Have the initiator log in to both 
targets and then setup dm-multipath to do fail-over. On the target side you 
could use drbd with multi primaries and there you have it, redundant storage 
with easy fail-over.

-Ross


-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: CentOS mailing list 
Sent: Wed Jan 02 20:15:58 2008
Subject: Re: [CentOS] Xen, GFS, GNBD and DRBD?

On 03/01/2008, at 9:55 AM, Ross S. W. Walker wrote:

>
> Take a look at iSCSI for the storage servers. iSCSI Enterprise  
> Target is what I use here and it works well for us.
>
> You don't really need shared filesystems if you are doing direct  
> block io to LVs or raw partitions as the Xen migration will handle  
> the hand-off, but you will if you are using flat files, because of  
> this I recommend using LVs or raw partitions as clustered  
> filesystems will put a serious overhead on the Xen guest io.
>
> -Ross

Ross,

I can use DRBD to mirror data between the two storage servers and  
iSCSI to export the block devices, but how will iSCSI cope with  
failure of one storage server?

Can I use heartbeat and CRM to failover the host IP and iSCSI target  
to the other storage server?

Regards,
Tom
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Random files in homedir gets deleted

[Ross S. W. Walker]

You can enable auditing to determine if the files are disappearing due to 
human/machine intervention (audit file system deletes) or if it is due to file 
system corruption (files disappear and no delete audits recorded).

It may just be an errant rsync script.


-Ross
 

-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: centos@centos.org 
Sent: Thu Jan 03 07:09:11 2008
Subject: [CentOS] Random files in homedir gets deleted

On one of my systems I seem to loose a file or two from time to time.
Last night, one of my files (/home/online/sh/NattjobbPrivat.sh) was
deleted/removed/vanished. Another time it was /home/online/sh/daemon
that was deleted.

But I can't seem to find anything strange in the logs or in the history,
nor would any of my scripts running in crontab mess with those files.

Where can I look for clues? And how do I enable audit for file
operations in my home folder?


/Christopher Thorjussen

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Automatic kerberos ticket renewal

[Ross S. W. Walker]

Is there an app, configuration or script that works well to keep tickets fresh?

We use KDE as our environment here.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Random files in homedir gets deleted

[Ross S. W. Walker]

Do what I do when I need to setup a new Linux facility.

Google "linux audit"

I remember getting a good hit near the top with that. There are cli tools for 
adding files/folders/mounts to the audit system and you can tailor which type 
of activity to audit. It's no where as difficult to do as it sounds.

-Ross


-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: CentOS mailing list 
Sent: Fri Jan 04 04:25:17 2008
Subject: RE: [CentOS] Random files in homedir gets deleted


> You can enable auditing to determine if the files are disappearing due
to human/machine intervention (audit file system deletes) or if it is
due to file system corruption (files disappear and no delete audits
recorded).
> 
> It may just be an errant rsync script.
> 
> -Ross

How do I enable auditing of the home dir?

/Christopher 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] centos 5.1 kernel dump

[Ross S. W. Walker]

Jerry Geis wrote:
> 
> Below is a kernel dump that I just got. This is a fresh new 
> install of centos 5.1 on NVIDIA
> gigabyte MB-GA-M61P-S3. nothing extra has been added.
> 
> I have not tried the irqpoll but I am surprised to get this.
> 
> Also the machine keeps running just hod this show on the console...
> 
> Any ideas???
> 
> Jerry
> 
> Jan  8 05:20:00 localhost kernel: irq 169: nobody cared (try 
> booting with the "irqpoll" option)
> Jan  8 05:20:00 localhost kernel: 
> Jan  8 05:20:00 localhost kernel: Call Trace:
> Jan  8 05:20:00 localhost kernel:
> [] __report_bad_irq+0x30/0x7d
> Jan  8 05:20:00 localhost kernel:  [] 
> note_interrupt+0x1e6/0x227
> Jan  8 05:20:00 localhost kernel:  [] 
> __do_IRQ+0xc7/0x105
> Jan  8 05:20:00 localhost kernel:  [] 
> do_IRQ+0xe7/0xf5
> Jan  8 05:20:00 localhost kernel:  [] 
> ret_from_intr+0x0/0xa
> Jan  8 05:20:00 localhost kernel:  [] 
> __do_softirq+0x53/0xd5
> Jan  8 05:20:00 localhost kernel:  [] 
> end_msi_irq_wo_maskbit+0x9/0x16
> Jan  8 05:20:00 localhost kernel:  [] 
> call_softirq+0x1c/0x28
> Jan  8 05:20:00 localhost kernel:  [] 
> do_softirq+0x2c/0x85
> Jan  8 05:20:00 localhost kernel:  [] 
> do_IRQ+0xec/0xf5
> Jan  8 05:20:00 localhost kernel:  [] 
> ret_from_intr+0x0/0xa
> Jan  8 05:20:00 localhost kernel:
> [] bit_waitqueue+0x3c/0xb4
> Jan  8 05:20:00 localhost kernel:  [] 
> wake_up_bit+0x11/0x22
> Jan  8 05:20:00 localhost kernel:  [] 
> :jbd:do_get_write_access+0x137/0x527
> Jan  8 05:20:01 localhost kernel:  [] 
> __getblk+0x25/0x22c
> Jan  8 05:20:01 localhost kernel:  [] 
> :jbd:journal_get_write_access+0x22/0x33
> Jan  8 05:20:01 localhost kernel:  [] 
> :ext3:ext3_reserve_inode_write+0x38/0x90
> Jan  8 05:20:01 localhost kernel:  [] 
> :ext3:ext3_mark_inode_dirty+0x21/0x3c
> Jan  8 05:20:01 localhost kernel:  [] 
> :ext3:ext3_dirty_inode+0x63/0x7b
> Jan  8 05:20:01 localhost kernel:  [] 
> __mark_inode_dirty+0x29/0x16e
> Jan  8 05:20:01 localhost kernel:  [] 
> :ext3:ext3_new_blocks+0x567/0x693
> Jan  8 05:20:01 localhost kernel:  [] 
> __bread+0x6/0x81
> Jan  8 05:20:01 localhost kernel:  [] 
> :ext3:ext3_get_blocks_handle+0x43a/0x9f1
> Jan  8 05:20:01 localhost kernel:  [] 
> :jbd:do_get_write_access+0x4f0/0x527
> Jan  8 05:20:01 localhost kernel:  [] 
> :ext3:ext3_get_block+0xbe/0xe3
> Jan  8 05:20:01 localhost kernel:  [] 
> __block_prepare_write+0x1b6/0x4a0
> Jan  8 05:20:01 localhost kernel:  [] 
> :ext3:ext3_get_block+0x0/0xe3
> Jan  8 05:20:01 localhost kernel:  [] 
> block_prepare_write+0x1a/0x25
> Jan  8 05:20:01 localhost kernel:  [] 
> :ext3:ext3_prepare_write+0xaf/0x17b
> Jan  8 05:20:01 localhost kernel:  [] 
> generic_file_buffered_write+0x25a/0x6d8
> Jan  8 05:20:01 localhost kernel:  [] 
> file_read_actor+0xb9/0x154
> Jan  8 05:20:01 localhost kernel:  [] 
> current_fs_time+0x3b/0x40
> Jan  8 05:20:01 localhost kernel:  [] 
> file_read_actor+0x0/0x154
> Jan  8 05:20:01 localhost kernel:  [] 
> __generic_file_aio_write_nolock+0x36c/0x3b8
> Jan  8 05:20:01 localhost kernel:  [] 
> generic_file_aio_write+0x65/0xc1
> Jan  8 05:20:01 localhost kernel:  [] 
> :ext3:ext3_file_write+0x16/0x91
> Jan  8 05:20:01 localhost kernel:  [] 
> do_sync_write+0xc7/0x104
> Jan  8 05:20:01 localhost kernel:  [] 
> autoremove_wake_function+0x0/0x2e
> Jan  8 05:20:01 localhost kernel:  [] 
> file_read_actor+0x0/0x154
> Jan  8 05:20:01 localhost kernel:  [] 
> vfs_write+0xce/0x174
> Jan  8 05:20:01 localhost kernel:  [] 
> sys_write+0x2d/0x6e
> Jan  8 05:20:01 localhost kernel:  [] 
> sys_write+0x45/0x6e
> Jan  8 05:20:01 localhost kernel:  [] 
> tracesys+0xd5/0xe0
> Jan  8 05:20:01 localhost kernel: 
> Jan  8 05:20:01 localhost kernel: handlers:
> Jan  8 05:20:01 localhost kernel: [] 
> (usb_hcd_irq+0x0/0x55)
> Jan  8 05:20:01 localhost kernel: Disabling IRQ #169

You may want to try disabling ACPI irq routing with the
kernel option acpi=noirq. It may be that the SATA
controller's irq was re-routed, but the ACPI message
wasn't properly intercepted.

With the ACPI irq routing disabled it will default to
the older method of irq polling I believe.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Use CentOSplus to carry latest GUI packages

[Ross S. W. Walker]

I don't know if this has been talked about much in the past, but I was 
wondering if CentOSplus could be used to carry the latest stable versions of 
the GUI applications KDE/Gnome. These apps often lag behind quite a bit even on 
the selected stable branch upstream has chosen.

For example, would it decrease stability to update KDE from 3.5.4 to 3.5.8? I 
think it would add to stability as long as you stay within that 3.5 branch, but 
upstream thinks otherwise and tries to re-invent the wheel by backporting 
3.5.5-3.5.8 fixes into 3.5.4 which often don't work completely and have the 
potential of creating new bugs themselves.

Another thing, Xen, the Xen package says it's 3.0.3, but looking at the SRPM it 
turns out it's the Xen 3.1 kernel with the Xen 3.0.3 'xm' and 'xend' dom0 
utilities. In my book that's Xen 3.1, why not just fix the parts of the 3.1 
utilities that broke between releases?

Anyways Xen may not be a good candidate as others may have environmental 
dependencies on the upstream version, but upgrading to the latest minor version 
within a branch for a given application shouldn't break environmental 
dependencies, ie provide Xen 3.1.4 if it contains the xm and xend fixes that 
upstream was looking for.

What is the consenus on this?

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Howto for LDAP authentication with replication

[Ross S. W. Walker]

In fact Kerberos and LDAP are two great tastes that go well together.

Keep user information and authorization information in LDAP while keep user 
authentication information in Kerberos.

Later you could try to keep Kerberos authentication information in LDAP with 
Heimdel (spelling?) Kerberos (like MS AD does) though many purists feel this 
compromises the whole Kerberos security principal. Maybe it does, but it sure 
makes for easy redundancy.

-Ross


- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: CentOS mailing list 
Sent: Sat Jan 12 18:49:31 2008
Subject: Re: [CentOS] Howto for LDAP authentication with replication

> Just so we're clear here, you are actually trying to learn two distinct
> things simultaneously, how to use LDAP and how to use LDAP to
> authenticate. They are not the same thing. If you knew how to use LDAP,
> adding authentication to the knowledge base would be relatively trivial.
> Likewise, if you knew how to use LDAP, configuring Webmin would be
> relatively trivial.

Thank you for the info.  I understand that LDAP and authentication are
not the same thing.  We use LDAP within our organization for storing
other types of data but most of the staff do not like to deal with it.
 In fact some team members were opposed to using LDAP for
authentication, now I understand why!  It seems to be a pain in the
ass to learn how to use and configure.

> I can tell you that Gerald Carter's book makes the entire process
> painless but you are going to do it your way and I respect that to a
> point...but ask that you recognize that you do so at the peril of
> massive frustration.

At this point I am leaning toward using kerberos instead.  It took me
20 minutes to get a working kerberos server installation up and
running, and I can now easily add new users and authenticate them,
manage tickets, etc.  Now I understand what you meant about LDAP not
being designed for authentication.  Thank you again for your time,
Craig.  This was a good learning experience for me.

thanks

Sean
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Add more space to LVM

[Ross S. W. Walker]

John R Pierce wrote:
> 
> Tim Verhoeven wrote:
> > This is perfectly possible with LVM. First add the HD (aka 
> the HW RAID
> > volume) to the OS. Then do a pvcreate on that disk so that 
> LVM can use
> > it. Then do a vgextend, this adds the disk to the volume group. A
> > vgdisplay should then show that you have again free space in the
> > volume group. Then you can do a lvextend and resize2fs as normal.
> >   
> 
> 
> and, get it all -exactly- right, or its krispy kritters for your FS.

May I also add that one should be aware of what type of physical
volumes your data is contained on too.

If your original data is on a software RAID array consisting of
internal drives, say /dev/md3, and you add an external enclosure
which is under hardware raid, say /dev/sde, you may want to just
move your data off the software RAID PV onto the hardware RAID
PV and remove the software RAID PV from the VG so you can rest
easy knowing that ALL of your data is on the managed hardware
RAID array and not split 60/40 between them. (Or keep the software
RAID array in the VG for volume snapshots only).

To do this I would do a pvmove of all data on /dev/md3 to /dev/sde
first, then remove /dev/md3 from the VG, pvremove /dev/md3 and
then lvextend your LV further on to PV /dev/sde.

Later if you add an addition storage enclosure on to the hardware
RAID I would still think about keeping separate LVs completely
on separate enclosures and pvmove LVs from one PV to another to
free up space before lvextending.

I always tell lvextend and lvcreate exactly which PVs to use
on the command line.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Breaking Windows XP user password?

[Ross S. W. Walker]

Scott Ehrlich wrote:
> 
> Granted this is not a UNIX system, but in case there is a 
> UNIX tool to 
> accomplish the goal...
> 
> I am looking for a bootable CD/DVD (or application to be 
> placed on a CD/DVD to 
> be made bootable) that can let me mount a Windows XP 
> drive/partition (SP1 or 
> SP2), and force-crack the admin password (even if admin 
> account name has been 
> changed, but I know what it has been changed to).  The 
> application cannot write 
> to the hard drive - only mount it read-only, read the 
> password file into ram, 
> and show the cracked password.
> 
> I know I can use the pnordahl utility to try and force-change 
> the password, but 
> I actually want to crack it.
> 
> The utility should be free.
> 
> This is a legal request.

You will need to brute force attack the passwords, using a
utility that can read the SAM registry on disk, encrypt
dictionary words, common names, common passwords as well
as generate passwords and compare.

I don't know of such a utility, but I have a feeling that you
might have better luck finding that on Windows. If that is the
case then you could create a WinXP USB drive to boot from.

I find it easier to steal passwords through key logging,
phishing (web or wireless) or social engineering then by
brute force (as a security admin I test out our corporate
environment routinely).

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Breaking Windows XP user password?

[Ross S. W. Walker]

Brian Mathis wrote:
> 
> On Jan 24, 2008 9:10 AM, Scott Ehrlich <[EMAIL PROTECTED]> wrote:
> > Granted this is not a UNIX system, but in case there is a 
> UNIX tool to
> > accomplish the goal...
> >
> > I am looking for a bootable CD/DVD (or application to be 
> placed on a CD/DVD to
> > be made bootable) that can let me mount a Windows XP 
> drive/partition (SP1 or
> > SP2), and force-crack the admin password (even if admin 
> account name has been
> > changed, but I know what it has been changed to).  The 
> application cannot write
> > to the hard drive - only mount it read-only, read the 
> password file into ram,
> > and show the cracked password.
> >
> > I know I can use the pnordahl utility to try and 
> force-change the password, but
> > I actually want to crack it.
> >
> > The utility should be free.
> >
> > This is a legal request.
> >
> > Thanks for leads.
> >
> > Scott
> 
> 
> Yes, very OT.
> 
> http://ophcrack.sourceforge.net/

I forgot that one... nice.

Always set Windows to NOT store the LM hashes of the passwords and
pick strong passwords!

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Locating the broken links

[Ross S. W. Walker]

Garrick Staples wrote:
> 
> On Mon, Jan 28, 2008 at 01:45:43AM +0200, Ioannis Vranos alleged:
> > Is there any command that I can use to find the broken 
> links that point 
> > to non-existent files?
> 
> Not pretty, but should work fine:
> 
> find . -type l 2>/dev/null| while read line;do  test -e 
> "$line" || echo "$line";done

Simpler way:

find . -L -type l -print

The -L tells find to follow symbolic links and use the file type
of the destination of the link instead of the link itself, so
it will only find files of type 'l' if it cannot find the file's
destination, a nice little side-effect.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] what options do I have?

[Ross S. W. Walker]

Sobari Tanuwijaya wrote:
> 
> Dear All,
> 
> If I want make a lan users (with private IP) can access the internet
> just after passing the verification, what options do I have?
> 
> What I want is:
> * If I user want to access the internet
> * He (must) run the browser
> * whatever the address he typed on the address bar, he will be
>brought to the verification location, which will be 'force' him
>to enter his username and password
> * if he passed the verification the internet access is available for
>him, but if not the internet keep unavailable for him.
> 
> The method will be the for all users, either he use the wire 
> or wireless 
> connection.
> 
> Will the iptables help me to solve this? How?
> 
> Thanks in advance for the help

You can use a combo of iptables and squid proxy server.

Have iptables redirect all port 80, 443 (and any other traffic squid
can handle) to the appropriate squid port if it is coming from a
given ip address range (or not from a given range, you get the idea).
Then have squid authenticate all traffic, you can use mysql, MS AD,
combine it with cookies or session information in mysql so users
only need to authenticate once with their browsers as long as their
mac address is authenticated within the last X minutes or such.

You can then set a session time-limit, or record bandwidth and
combine it with a bandwidth limit, squid can do all sorts of nifty
stuff.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Network routes

[Ross S. W. Walker]

Jason Pyeron wrote:
> 
> I am unable to ping NE.TW.RKB.IP1 from an outside network. 
> Other machines
> which do not have access or routes for NET.WOR.KA.0 respond just fine.
> 
> How do I get it to respond on both NET.WOR.KA.0 and 
> NE.TW.RKB.0 given all
> default traffic should go through  NET.WOR.KA.1  unless it is 
> in reply to
> traffic from NE.TW.RKB.1 or there is an outage.
> 
> [EMAIL PROTECTED] ~]# route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric 
> RefUse
> Iface
> NET.WOR.KA.00.0.0.0 255.255.255.0   U 0  
> 00 eth1
> 192.168.1.0 0.0.0.0 255.255.255.0   U 0  
> 00 eth0
> NE.TW.RKB.0 0.0.0.0 255.255.255.0   U 0  
> 00 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0  
> 00 eth1
> 0.0.0.0 NET.WOR.KA.10.0.0.0 UG0  
> 00 eth1
> 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG20 
> 00 eth0
> 
> [EMAIL PROTECTED] ~]# ifconfig
> eth0  Link encap:Ethernet  HWaddr 00:17:31:0F:04:AE
>   inet addr:NE.TW.RKB.IP1  Bcast:NE.TW.RKB.255  
> Mask:255.255.255.0
> eth0:pn   Link encap:Ethernet  HWaddr 00:17:31:0F:04:AE
>   inet addr:192.168.1.20  Bcast:192.168.1.255  
> Mask:255.255.255.0
> eth1  Link encap:Ethernet  HWaddr 00:01:03:E9:42:D0
>   inet addr:NET.WOR.KA.IP2  Bcast:NET.WOR.KA.255  
> Mask:255.255.255.0
> loLink encap:Local Loopback
>   inet addr:127.0.0.1  Mask:255.0.0.0
> 

You can have only 1 default route.

You can use RIP or some other routing protocol to
advertise defualt routes to the host from the
gateways based upon route availability or weight,
or you can deploy reverse NAT'ing on the gateways
so external IPs will be masqueraded as the
internal IP of the gateway and thus be routed to
the appropriate gateway based on which IP they
arrived on.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Resizing a fat filesystem on a USB partition

[Ross S. W. Walker]

Look for gnu parted. There are a couple of live cds out there with it, like 
"Parted Magic" and others.

Parted can resize fat and ntfs file systems among others.

-Ross


- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: CentOS mailing list 
Sent: Tue Jan 29 17:53:07 2008
Subject: Re: [CentOS] Resizing a fat filesystem on a USB partition


> AFAIK, there is no way to "resize" any FAT partition.  You have to
> delete both partitions and then create a new one.

I thought the CD installer came with a utility to resize FAT partitions (albeit 
in MS DOS)?  And this isn't possible in CentOS it self?  :-/

Ho hum, thank you very much for the quick answer :-)

Dan
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Network routes

[Ross S. W. Walker]

Sorry for the top post.

The default route is the route applied when no other route matches the 
destination IP. From that how would you figure out which default route to pick, 
only if the routes were weighted could you pick between two.

If you had two routes with equal weight and the traffic went round robin 
between them then the originating host will discard half the returning traffic 
because it's not coming from the same ip it sent it to.

No your best bet is probably to do reverse NAT'ing as it is simple to setup and 
you don't have to worry about default routes and weight. Traffic initiates on 1 
gateway and sticks with it for the duration of the session. You can use BGP on 
the gateways outside interface to load balance or fail-over the default gateway 
or use round-robin DNS, MX records for mail, etc.

-Ross


- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: centos@centos.org 
Sent: Tue Jan 29 18:03:13 2008
Subject: [CentOS] Re: Network routes

on 1/29/2008 2:53 PM Jason Pyeron spake the following:
>  
> 
>> -Original Message-
>> From: [EMAIL PROTECTED] 
>> [mailto:[EMAIL PROTECTED] On Behalf Of Ross S. W. Walker
>> Sent: Tuesday, January 29, 2008 17:38
>> To: CentOS mailing list
>> Subject: RE: [CentOS] Network routes
>>
>> Jason Pyeron wrote:
>>> I am unable to ping NE.TW.RKB.IP1 from an outside network. 
>>> Other machines
>>> which do not have access or routes for NET.WOR.KA.0 respond 
>> just fine.
>>> How do I get it to respond on both NET.WOR.KA.0 and 
>>> NE.TW.RKB.0 given all
>>> default traffic should go through  NET.WOR.KA.1  unless it is 
>>> in reply to
>>> traffic from NE.TW.RKB.1 or there is an outage.
>>>
>>> [EMAIL PROTECTED] ~]# route -n
>>> Kernel IP routing table
>>> Destination Gateway Genmask Flags Metric 
>>> RefUse
>>> Iface
>>> NET.WOR.KA.00.0.0.0 255.255.255.0   U 0  
>>> 00 eth1
>>> 192.168.1.0 0.0.0.0 255.255.255.0   U 0  
>>> 00 eth0
>>> NE.TW.RKB.0 0.0.0.0 255.255.255.0   U 0  
>>> 00 eth0
>>> 169.254.0.0 0.0.0.0 255.255.0.0 U 0  
>>> 00 eth1
>>> 0.0.0.0 NET.WOR.KA.10.0.0.0 UG0  
>>> 00 eth1
>>> 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG20 
>>> 00 eth0
>>>
>>> [EMAIL PROTECTED] ~]# ifconfig
>>> eth0  Link encap:Ethernet  HWaddr 00:17:31:0F:04:AE
>>>   inet addr:NE.TW.RKB.IP1  Bcast:NE.TW.RKB.255  
>>> Mask:255.255.255.0
>>> eth0:pn   Link encap:Ethernet  HWaddr 00:17:31:0F:04:AE
>>>   inet addr:192.168.1.20  Bcast:192.168.1.255  
>>> Mask:255.255.255.0
>>> eth1  Link encap:Ethernet  HWaddr 00:01:03:E9:42:D0
>>>   inet addr:NET.WOR.KA.IP2  Bcast:NET.WOR.KA.255  
>>> Mask:255.255.255.0
>>> loLink encap:Local Loopback
>>>   inet addr:127.0.0.1  Mask:255.0.0.0
>>>
>> You can have only 1 default route.
>>
>> You can use RIP or some other routing protocol to
>> advertise defualt routes to the host from the
>> gateways based upon route availability or weight,
>> or you can deploy reverse NAT'ing on the gateways
>> so external IPs will be masqueraded as the
>> internal IP of the gateway and thus be routed to
>> the appropriate gateway based on which IP they
>> arrived on.
>>
>> -Ross
>>
> 
> But I have 2 physical network cards, on 2 different networks. Should they
> not both have default routes?
> 
You would think so, but it will confuse the system so bad that traffic won't 
know where to go. The default route is the route that packets need to take to 
leave your network to enter the outside world. Every thing under your control 
should have static routes of some kind, or a routing daemon.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't


__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Re: Network routes

[Ross S. W. Walker]

Jason Pyeron wrote:
> Ross S. W. Walker wrote:
> > 
> > Sorry for the top post.
> > 
> > The default route is the route applied when no other 
> > route matches the destination IP. From that how would you 
> > figure out which default route to pick, only if the routes 
> > were weighted could you pick between two.
> > 
> > If you had two routes with equal weight and the traffic 
> > went round robin between them then the originating host will 
> > discard half the returning traffic because it's not coming 
> > from the same ip it sent it to.
> > 
> > No your best bet is probably to do reverse NAT'ing as 
> > it is simple to setup and you don't have to worry about 
> > default routes and weight. Traffic initiates on 1 gateway and 
> > sticks with it for the duration of the session. You can use 
> > BGP on the gateways outside interface to load balance or 
> > fail-over the default gateway or use round-robin DNS, MX 
> > records for mail, etc.
> > 
> > -Ross
> 
> Okay, they were weighted primay at 0 and it worked. Secondary 
> at 20, it would never be chosen as a default. But how does a 
> reply get out to the net on the same route it came in on?
> 


Ah, but it doesn't if you don't masquerade the IP as coming
from the originating gateway or you make sure you have only 1
gateway functioning at a time with some routing protocol
telling your internal hosts which route is active. For multiple
gateways active at once you will need to masquerade so the
traffic can use the internal network routing tables to assure
traffic goes back out the way it came in.

-Ross



__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Locating the broken links

[Ross S. W. Walker]

Ioannis Vranos wrote:
> 
> Garrick Staples wrote:
> >
> >> I am trying "cleanlinks" and is cleaning lot of stuff, 
> erasing links and 
> >> empty directories, I hope it will not mess my 
> installation, especially 
> >> by doing the last.
> > 
> > On your entire OS?  Sounds like a pretty good way to break things.
> 
> 
> Yes it damaged it. I had to reinstall from scratch... Any 
> pretty way to 
> find broken links on the entire filesystem would be welcome however.

How about:

find . -L -type l -ls

then after you have evaluated them and they are all good to purge,

find . -L -type l -exec rm -f \{\} \;

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] General questions about security

[Ross S. W. Walker]

Check to see if the town/county has any policies in place for computer systems 
and networks for public services and follow those guidelines.

Otherwise look at surrounding public library systems to see if they have any 
you can adopt.

For a LAMP setup your definitely going to want to use selinux to limit what 
each application can read and write to, and you should use audit too to set 
auditing on sensitive directories like, /etc, /bin, /lib, /sbin, /usr/bin, 
/usr/lib, /usr/sbin.

You will probably want to use smartmon to monitor drive health and something 
else to monitor resource usage (drive space, memory, cpu, mysql db space) with 
email/sms alerts.

-Ross


- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: CentOS mailing list 
Sent: Fri Feb 01 06:47:36 2008
Subject: Re: [CentOS] General questions about security

Les Bell a écrit :

> Policy. It's a drag, writing policies, but without policies, you're in the
> "Ready! Fire! Aim!" school of security.  The top tier of policy is the
> "Enterprise Security Policy", which establishes the security function,
> roles, responsibilities, budget, etc. It also gives the power to enforce
> penalties for breaches of policies. At the next tier, you have system- and
> issue-specific policies, such as the "Use of corporate email" policy, the
> "Inappropriate content in the workplace" policy. You may then move down to
> standards (platforms, SOE, etc.) and procedures (e.g. for provisioning user
> accounts, resetting passwords, etc.).



Thanks for your very detailed response. Though I can't help feeling a 
bit like having asked for an identity photo... and getting a 10-foot oil 
painting :oD

Basically, all I'm concerned about security-wise is a modest 
Apache/PHP/MySQL server running a single public library management 
software, and interconnecting eleven (small) public libraries, with a 
total of 60.000 database entries. No (very) big deal.

The configuration is supposed to run on a dedicated server, so my 
question will be more practical:

- Is it worth the hassle to bother with SELinux?

- Is the standard firewall configuration enough, or do I really have to 
fine-tune the thing?

- Basically, what auditing tools besides NMap can you recommend for such 
a thing?

cheers,

Niki
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] General questions about security

[Ross S. W. Walker]

Yes, but be aware of any requirements that if revealed afterwards can put a 
project in jeopardy both in terms of budget and schedule.

There may be policies governing encryption or firewall setup or monitoring that 
are general and need to be covered in all environments.

Or another type of requirement that might exist is to have low-vision access 
for the vision impaired for all public terminals.

Not security related but can definitely pose a problem if it isn't covered in 
the build spec.

-Ross


- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: CentOS mailing list 
Sent: Fri Feb 01 14:24:29 2008
Subject: Re: [CentOS] General questions about security

Ross S. W. Walker a écrit :
> 
> Check to see if the town/county has any policies in place for computer 
> systems and networks for public services and follow those guidelines.
> 
> Otherwise look at surrounding public library systems to see if they have 
> any you can adopt.
> 
The surrounding places here (town halls, police stations) mostly run 
Windows (98, Me, 2000, XP). So I'd better follow my nose than their 
security standards :oD

Cheers,

Niki
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Large RAID volume issues

[Ross S. W. Walker]

Joshua Baker-LePain wrote:
> On Mon, 4 Feb 2008 at 11:56am, Ross S. W. Walker wrote
> 
> > You can't use an MBR partition table on a volume that large 
> there is a 
> > max 2TB disk size limit and 2TB partition size limit for 
> MBR, so you 
> > must use GPT.
> 
> For completeness' sake, MBR=master boot record, not a 
> partition table. 
> The standard type of partition table is msdos.  And, yes, it 
> cannot handle 
> devices >2TiB.

Yes, MBR is the master boot record, it contains the boot loader
and the partition table for the primary partitions (the extended
partitions table is kept in the first sector of the primary
partition marked as the extended partitions container). The only
partition table type that can be kept in the MBR is the msdos or
bios partition table, so when one talks MBR one typically talks
msdos partition table.

A GPT partition table is kept further in disk, but it also keeps
a "compatibility" MBR for BIOS based systems including a GPT
boot loader in the MBR to read and boot the GPT table. EFI based
systems don't use the MBR as they read the GPT table directly, and
have the boot-loader built-in so one will not likely see an MBR on
a pure EFI based system.

> > There is a real lack of reliable and easy GPT tools under 
> Linux, parted 
> > can read GPT partition tables, but I do not believe it can 
> create them 
> > AFAIK.
> 
> Incorrect.  parted has no issue creating and managing gpt disklabels.

Good to know, last I used parted it was only able to "read" GPT tables
not create or modify them.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Large RAID volume issues

[Ross S. W. Walker]

 
I would seriously start thinking about using LVM on such a large storage unit.
 
You can't use an MBR partition table on a volume that large there is a max 2TB 
disk size limit and 2TB partition size limit for MBR, so you must use GPT.
 
There is a real lack of reliable and easy GPT tools under Linux, parted can 
read GPT partition tables, but I do not believe it can create them AFAIK.
 
LVM can handle volumes of extremely large size (64-bit), so you shouldn't run 
into any problems there and you can create file systems directly in LVs of 2TB+.
 
-Ross
 




From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Lines
Sent: Monday, February 04, 2008 11:34 AM
To: CentOS mailing list
Subject: [CentOS] Large RAID volume issues


I have just finished creating an array on our new enclosure and our 
CentOS 5 server has recognized it.  It shows as the full 6tb in the LSI 
configuration utility as well as when I ran fdisk:

[EMAIL PROTECTED] sbin]# fdisk /dev/sdb
Note: sector size is 2048 (not 512)

The number of cylinders for this disk is set to 182292.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): p

Disk /dev/sdb: 5997.6 GB, 5997628227584 bytes
255 heads, 63 sectors/track, 182292 cylinders
Units = cylinders of 16065 * 2048 = 32901120 bytes

   Device Boot  Start End  Blocks   Id  System

I was then created a parition in fdisk and it appeared to work until I 
formated it (here is the output of the formating)

[EMAIL PROTECTED] ~]# mkfs -t ext2 -j /dev/sdb1
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
195264512 inodes, 390518634 blocks
19525931 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
11918 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 
2654208,
4096000, 7962624, 11239424, 2048, 23887872, 71663616, 
78675968,
10240, 214990848

Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

When I did a df I got the following (only included the array entry)

[EMAIL PROTECTED] etc]# df -h
FilesystemSize  Used Avail Use% Mounted on
...
/dev/sdb1 1.5T  198M  1.5T   1% /home1

I then tried removing it and working with parted.  


[EMAIL PROTECTED] etc]# parted /dev/sdb
Warning: Device /dev/sdb has a logical sector size of 2048.  Not all 
parts of GNU Parted support this at
the moment, and the working code is HIGHLY EXPERIMENTAL.

GNU Parted 1.8.1
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Error: Unable to open /dev/sdb - unrecognised disk label.
(parted) mklabel gpt
*** glibc detected *** : double free or corruption (!prev): 
0x16760800 ***
=== Backtrace: =
/lib64/libc.so.6[0x3435c6f4f4]
/lib64/libc.so.6(cfree+0x8c)[0x3435c72b1c]
/usr/lib64/libparted-1.8.so.0[0x3436c1a5c5]
/usr/lib64/libparted-1.8.so.0[0x3436c48a54]
=== Memory map: 
0040-0041 r-xp  08:05 130761
 /sbin/parted
0061-00611000 rw-p 0001 08:05 130761
 /sbin/parted
00611000-00612000 rw-p 00611000 00:00 0
0081-00812000 rw-p 0001 08:05 130761
 /sbin/parted
1673d000-1677f000 rw-p 1673d000 00:00 0
343580-343581a000 r-xp  08:05 4765445   
 /lib64/ld-2.5.so
3435a19000-3435a1a000 r--p 00019000 08:05 4765445   
 /lib64/ld-2.5.so
3435a1a000-3435a1b000 rw-p 0001a000 08:05 4765445   
 /lib64/ld-2.5.so
3435c0-3435d46000 r-xp  08:05 4765452   
 /lib64/libc-2.5.so
3435d46000-3435f46000 ---p 00146000 08:05 4765452   
 /lib64/libc-2.5.so
3435f46000-3435f4a000 r--p 00146000 08:05 4765452 

RE: [CentOS] Large RAID volume issues

[Ross S. W. Walker]

Rob Lines wrote:
> On Feb 4, 2008 3:16 PM, John R Pierce <[EMAIL PROTECTED]> wrote:
> 
>   with LVM, you could join several smaller logical 
> drives, maybe 1TB each,
>   into a single volume set, which could then contain 
> various file systems.
>   
> 
> That looks like it may be the result.  The main reason was to 
> keep the amount of overhead and 'stuff' required to revive it 
> in the event of a server issue to a minimum.  That was one of 
> the reasons for going with an enclosure that handles all the 
> RAID internally and just presents to the server as a single 
> drive.  We had been trying to avoid LVM as we had run into 
> problems using knoppix recovering it in the past.
> 
> It looks like we will probably just end up breaking it up 
> into smaller chunks unless I can find a way for the enclosure 
> to use 512 sectors and still have greater than 2 tb volumes.

LVM is very well supported these days.

In fact I default on LVM for all my OS and external storage
configurations here as it provides for greater flexibility and
manageability then raw disks/partitions.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install on two discs with Software Raid and LVM

[Ross S. W. Walker]

That's old information, kernel swapper can handle all types of dev mapper 
setups these days (well all types on fixed media).

-Ross


- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: 'CentOS mailing list' 
Sent: Mon Feb 04 17:43:50 2008
Subject: RE: [CentOS] Install on two discs with Software Raid and LVM

>Create a swap lv in the vg you created out of /dev/md1, assuming /dev/md0 is 
>/boot.
>
>-Ross

Oh, I thought it wasn’t good to run swap inside software raid? If I was wrong, 
I assume this is beneficial since if one of the HD’s tanks while its running, 
it will survive the failure and not need to reboot?

Thanks!
jlc

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Large RAID volume issues

[Ross S. W. Walker]

Rob Lines wrote:
> On Feb 4, 2008 3:34 PM, Ross S. W. Walker 
> <[EMAIL PROTECTED]> wrote:
> 
> 
>   Rob Lines wrote:
>   > On Feb 4, 2008 3:16 PM, John R Pierce 
> <[EMAIL PROTECTED]> wrote:
>   >
>   >   with LVM, you could join several smaller logical
>   > drives, maybe 1TB each,
>   >   into a single volume set, which could then contain
>   > various file systems.
>   >
>   >
>   > That looks like it may be the result.  The main reason was to
>   > keep the amount of overhead and 'stuff' required to revive it
>   > in the event of a server issue to a minimum.  That was one of
>   > the reasons for going with an enclosure that handles all the
>   > RAID internally and just presents to the server as a single
>   > drive.  We had been trying to avoid LVM as we had run into
>   > problems using knoppix recovering it in the past.
>   >
>   > It looks like we will probably just end up breaking it up
>   > into smaller chunks unless I can find a way for the enclosure
>   > to use 512 sectors and still have greater than 2 tb volumes.
>   
>   
>   LVM is very well supported these days.
>   
>   In fact I default on LVM for all my OS and external storage
>   configurations here as it provides for greater flexibility and
>   manageability then raw disks/partitions.
>   
> 
> 
> 
> How easy is it to migrate to a new os install?  Given the 
> situation as I described with a single 6tb 'drive' using lvm 
> and the server goes down and we have to rebuild the server 
> from scratch or move the storage to another machine (all 
> using CentOS 5) how easy is that?

To move an external array to a new server is as easy as plugging
it in and importing the volume group (vgimport).

Typically I name my OS volume groups "CentOS" and give
semi-descriptive names to my external array volume groups, such
as "Exch-SQL" or "VM_Guests".

You could also have a hot server activate the volume group via
heartbeat if the first server goes down if your storage
allows multiple initiators to attach to it.

> We are still checking with the vendor for a solution to move 
> back to the 512 sectors rather than the 2k ones. Hopefully 
> they come up with something.

I wish you luck here, but in my experience once an array is
created with a set sector size or chunk size, changing these
usually involves re-creating the array.

LVM might be able to handle the sector size though, no need to
create any partition on the disk, but future migration
compatibility could be questionable.

To create a VG out of it:

pvcreate /dev/sdb

then,

vgcreate "VG_Name" /dev/sdb

then,

lvcreate -L 4T -n "LV_Name" "VG_Name"

If you get a new external array say it's /dev/sdc and want to
move all data from the old one to the new one online and then
remove the old one.

pvcreate /dev/sdc

vgextend "VG_Name" /dev/sdc

pvmove /dev/sdb /dev/sdc

vgreduce "VG_Name" /dev/sdb

pvremove /dev/sdb

Then take /dev/sdb offline.

-Ross

PS You might want to remove any existing MBR/GPT stuff off of
/dev/sdb before you pvcreate it, with:

dd if=/dev/zero of=/dev/sdb bs=512 count=63

That will wipe the first track which should do it.


__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install on two discs with Software Raid and LVM

[Ross S. W. Walker]

Create a swap lv in the vg you created out of /dev/md1, assuming /dev/md0 is 
/boot.

-Ross


- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: 'centos@centos.org' 
Sent: Mon Feb 04 17:29:45 2008
Subject: [CentOS] Install on two discs with Software Raid and LVM

I am mirroring two drives during install, what's the best practice here for the 
swap partition? Maybe two separate lv's from independent vg's *not* mirrored 
for swap and the let the OS manage it? Boot and the / vg will be mirrored.

Thanks!
jlc

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Enterprise-class monitoring system for CentOS and Win2k3server

[Ross S. W. Walker]

Sean Carolan wrote:
> 
> Can anyone recommend an enterprise-class monitoring system for both
> Linux and Windows servers?  Here are my requirements:
> 
> SNMP trap collection, ability to import custom MIBs
> isup/isdown monitoring of ports and daemons
> Server health monitors (CPU, Disk, Memory, etc)
> SLA reporting with nice graphs
> Pager/Email/SMS alerts with groups, filters and escalations
> Built-in MTBF and MTTR reporting
> Robust parent-child relationships between monitors or probes.  For
> example, the system must be smart enough to know that if 25 URLs have
> gone down all at once, that they belong to an apache process that has
> died.  I don't want 25 alerts, I want *one* alert telling me that the
> parent apache daemon is down.
> Ability to easily create dashboards from various monitors.  We want
> this so we can see all components of a website in one place, eg,
> apache URL, database server, disk storage, etc.
> Attractive, easy to use GUI.  We don't want a homebrew project with
> ugly graphs and a web 1.0 GUI.
> 
> So far the products I have looked at are:
> NimBUS
> SolarWinds IP Monitor
> WhatsUPGold
> GroundWork Open Source
> Nagios
> 
> And none of them have met all my requirements.  Any suggestions?

What was wrong with IP Monitor?

It seems to have everything you mentioned, plus a SOAP interface for
designing external dashboards.

We use it here and it works well.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: system gets suspended automatically!

[Ross S. W. Walker]

I don't think that is the "harmless" error message mentioned in the release 
notes as that had to do with the "crash kernel".

I saw this same error on a Dell AMD system. It seems the motherboard in that 
system didn't do ACPI IRQ routing as the kernel expected and experienced a lot 
of random problems until "acpi=noirq" was passed as a kernel option to disable 
ACPI IRQ routing defaulting back to the APIC IRQ routing. If that still gives 
you problems then you may need to use "irq=poll" which forces the kernel to 
poll for IRQ changes.

-Ross


- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: CentOS mailing list 
Sent: Wed Feb 06 08:03:47 2008
Subject: Re: [CentOS] Re: system gets suspended automatically!


On Wed, 2008-02-06 at 21:48 +0900, Chandra wrote:


> ===
> AN ERROR IS SHOWING UP AT BOOT TIME. It seems to be a BUG:
> 
> Memory for crash kernel (0x0 to 0x0) notwithin permissible range
> ..MP-BIOS bug: 8254 timer not connected to IO-APIC
> Red Hat nash version 5.1.19.6 starting
> Welcome to CentOS release 5 (Final)
> 
> .
> and continues normal booting.
> 
> Any idea how to deal with it.
> Please not that it has 4 CPUs.
> 
> Thanks a lot,
> - Chandra
> ___

Check the Release Notes.  It is apparently harmless.  I see it on all my
CentOS 5.1 machines.

B.J.

Ubuntu 7.10, Linux 2.6.22-14-generic unknown 08:02:44 up 21:42, 2 users,
load average: 0.15, 0.22, 0.16

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PCNS for CentOS and APC ups's

[Ross S. W. Walker]

I use apcupsd from epel

-Ross


- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: 'centos@centos.org' 
Sent: Wed Feb 06 18:11:12 2008
Subject: [CentOS] PCNS for CentOS and APC ups's

Apparently there is only an Itanium client for RHEL according to APC? I need to 
setup a few boxes to shut down safely and don’t know if the PCNS 2.2.3 Linux 
version will do it? Anyone know why it needs Java as well? (Blegh)

 

Assuming APC is fairly popular, how do you guys shutdown your CentOS boxes with 
a UPS with a management card in it?

 

Thanks!
jlc


__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PCNS for CentOS and APC ups's

[Ross S. W. Walker]

Well I'm not near the config, but I remember it was easy. The default timings 
match APC's defaults, so all you really need to do is set the UPS name (for 
identification purposes) and the comm type will be snmp, port will be something 
like :161: and set an email address to send alerts to.

Testing is a little tricky as it dials directly in to the snmp interface, you 
could lower the "time on battery" and kick the plug on the ups and see if it 
initiates a safe shutdown, but that depends on how many other hosts are on the 
ups and if this host is in active production.

It has worked in my environment though.

-Ross


- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: centos@centos.org 
Sent: Wed Feb 06 18:50:23 2008
Subject: RE: [CentOS] PCNS for CentOS and APC ups's

>I use apcupsd from epel
>
>-Ross

Reading about that now, it sounds a lot cleaner then that silly java based one 
from APC. Can you elaborate on how you add it as a device into the UPS and 
share a config in this scenario?
Thanks!
jlc

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Trouble Ticket System

[Ross S. W. Walker]

Johnny Hughes wrote:
> Lorenzo Quatrini wrote:
> > Johnny Hughes ha scritto:
> >>
> >> I would like to recommend a piece of software known as 
> GLPI ... when 
> >> used in conjunction with OCSng, it will track all hardware and 
> >> software installed on each machine, which users use which 
> machines, etc.
> >>
> >> It also can use ADS or LDAP for authentication, and there is the 
> >> ability to create FAQs that users can search.
> >>
> >> So, the combination can be used as a software/hardware inventory 
> >> program and trouble ticket system.
> >>
> >> http://glpi-project.org/?lang=en
> >>
> >> http://www.ocsinventory-ng.org/
> >>
> >> Thanks,
> >> Johnny Hughes
> >>
> > Does someone has an rpm version?
> > I did some tests on OCS-ng, but everything broke on the 
> upgrade of the 
> > test pc...
> 
> WRT RPMS, no.
> 
> They have built perl scripts to run for upgrades and 
> installs, and it is 
> very complex, so RPMS would just down load the stuff and execute the 
> perl script.  Fairly worthless in this case.  In fact, for 
> things that 
> just unpack into a web dir (mambo web server, phpmyadmin, 
> etc.) I think 
> RPMS are fairly worthless.

Only good thing the RPMs do is account for the files on the file system
and can be used to revert permissions or discover corrupted/compromised
files (so long as the upgrades use RPMs too).

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Security help desperately needed - more info

[Ross S. W. Walker]

Michael Simpson wrote:
> On 2/7/08, Anne Wilson <[EMAIL PROTECTED]> wrote:
> > On Thursday 07 February 2008 13:53, Milton Calnek wrote:
> > > Anne Wilson wrote:
> > > >  - samba Begin 
> > > >
> > > >
> > > >  WARNING!!
> > > >  Errors when creating subnets:
> > > > No subnets to listen to. Shutting down. : 1 Time(s)
> > >
> > > Hmmm... let's see your smb.conf.
> > >
> > [global]
> >workgroup = LYDGATE.LAN
> >server string = Samba Server Version %v
> >interfaces = lo, eth0, 192.168.0.0/24
> 
> Hi there,
> 
> Should the IP address supplied be the actual address for eth0 rather
> than the network address?
> 
> ie 192.168.0.1/24 rather than 192.168.0.0/24

If if doubt RTFM:

interfaces (G)
   This option allows you to override the  default  network  interfaces
   list  that  Samba will use for browsing, name registration and other
   NBT traffic. By default Samba will query the kernel for the list  of
   all  active  interfaces and use any interfaces except 127.0.0.1 that
   are broadcast capable.


Per the man page the interfaces directive seems to only control which
interfaces smb will listen for and respond to name requests.

If you wanted smb to bind to only those interfaces you will need to
combine it with:

bind interfaces only (G)
   This  global  parameter  allows the Samba admin to limit what inter-
   faces on a machine will serve SMB requests. It affects file  service
   smbd(8) and name service nmbd(8) in a slightly different ways.

   For  name service it causes nmbd to bind to ports 137 and 138 on the
   interfaces listed in the interfaces parameter.  nmbd also  binds  to
   the "all addresses" interface (0.0.0.0) on ports 137 and 138 for the
   purposes of reading broadcast messages. If this option  is  not  set
   then  nmbd  will  service  name requests on all of these sockets. If
   bind interfaces only is set then nmbd will check the source  address
   of  any  packets  coming in on the broadcast sockets and discard any
   that don't match the broadcast addresses of the  interfaces  in  the
   interfaces  parameter  list.  As unicast packets are received on the
   other sockets it allows nmbd to refuse to serve  names  to  machines
   that  send  packets that arrive through any interfaces not listed in
   the interfaces list. IP Source address  spoofing  does  defeat  this
   simple  check,  however, so it must not be used seriously as a secu-
   rity feature for nmbd.

   For file service it causes smbd(8) to bind  only  to  the  interface
   list  given in the interfaces parameter. This restricts the networks
   that smbd will serve to packets coming  in  those  interfaces.  Note
   that you should not use this parameter for machines that are serving
   PPP or other intermittent or non-broadcast network interfaces as  it
   will not cope with non-permanent interfaces.

   If  bind  interfaces  only  is  set  then unless the network address
   127.0.0.1 is added to the interfaces parameter list smbpasswd(8) and
   swat(8) may not work as expected due to the reasons covered below.

   To change a users SMB password, the smbpasswd by default connects to
   the localhost - 127.0.0.1 address as an  SMB  client  to  issue  the
   password  change request. If bind interfaces only is set then unless
   the network address 127.0.0.1 is added to the  interfaces  parameter
   list then smbpasswd will fail to connect in it's default mode.  smb-
   passwd can be forced to use the primary IP interface  of  the  local
   host  by  using  its  smbpasswd(8) -r remote machine parameter, with
   remote machine set to the IP name of the primary  interface  of  the
   local host.

   The  swat  status  page  tries  to connect with smbd and nmbd at the
   address 127.0.0.1 to determine  if  they  are  running.  Not  adding
   127.0.0.1 will cause smbd and nmbd to always show "not running" even
   if they really  are.  This  can  prevent  swat  from  starting/stop-
   ping/restarting smbd and nmbd.

   Default: bind interfaces only = no


I would look at the DNS setup to make sure all host names are resolvable,
maybe the /etc/hosts file isn't setup properly. Make sure smb ports are
open inbound and outbound in iptables and the latest selinux profile is
installed.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://

RE: [CentOS] Disk partitions and LVM limits

[Ross S. W. Walker]

Peter Blajev wrote:
> 
> Hi,
> 
> I've got a DAS DELL MD1000 with a bunch of SATA drives in 
> RAID 5 configuration 
> with total space of 5.4TB. This box is attached to a CentOS5 
> system (kernel 
> 2.6.18-53.1.6.el5).
> 
> Any idea how to make this space usable?
> Is there a limit how big a partition can be? What is the work around?
> Is there a limit how big a file system ca be?
> 
> I've tried to partition it but no matter how bug partition I 
> create fdisk 
> spits out these messages on the console:
> ---
> sdb: very big device. try to use READ CAPACITY(16).
> SCSI device sdb: 10248519680 512-byte hdwr sectors (5247242 MB)
> sdb: Write Protect is off
> ---
> 
> I decided to not partition the drive and use LVM but the 
> physical volume 
> stopped at 2TB.
> 
> So, right now I can't use LVM because of this 2TB limit and 
> I'm not sure if I 
> partition the drive how good these partitions are because of 
> the the message 
> from fdisk.
> 
> Any help or idea is highly appreciated.

Undo the LVM config, wipe out any MBR or disklabels on the drive,
then pvcreate the raw disk (/dev/sdb) it should be able to handle
the whole 5.4TB.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Disk partitions and LVM limits

[Ross S. W. Walker]

Peter Blajev wrote:
> 
> > Undo the LVM config, wipe out any MBR or disklabels on the drive,
> > then pvcreate the raw disk (/dev/sdb) it should be able to handle
> > the whole 5.4TB.
> 
> I tried this but I'll try again tonight just in case I missed 
> something the 
> first time.
> 
> I didn't check what pvcreate did but vgcreate after that gave 
> me 2TB volume 
> group. Googling around it looks like there is 2TB limit and 
> there should be 
> some kernel parameters to tweak but I still can't get a clear answer.

I believe there is a 2TB limit on fdisk MBR partition tables, and if
one already exists on the disk then LVM will use it.

Do,

pvremove /dev/sdX

dd if=/dev/zero of=/dev/sdX bs=512 count=63

pvcreate /dev/sdX

Do a 'pvs' to list the pv and see it's size there.

When creating a vg there may be a limit on the total # of extents per
vg, so you may have to increase the extent size from 4MB to 8 or 16.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Network Installation of CentOS disk image via PXE

[Ross S. W. Walker]

vincenzo romero wrote:
> 
> Hello all,
> 
> I've deployed new servers - installing new CentOS servers via PXE
> booting using its iso distribution stored on an NFS server.  For
> certain server types;  I'd like to install custom applications into a
> server and then generate an image of that server, and deploy again via
> PXE to another group of servers.
> 
> Wanted to find out if anyone can forward any pointers to 
> papers or links on:
> 
> 1.  Best and (cheapest) way to create disk image (that can be used for
> over the network installation over PXE) of an existing CentOS server
> with all its custom apps and packages ... would this be dd?  would
> this take a long time?
> 
> 2.  Would like to find out if you can point me to a guide or doc -
> that specifically describes this process;  most PXE install notes out
> there describe the PXE config setup and assumes an ISO image (to
> create a new server), as opposed to deploying a "ghosted" image of an
> existing server.
> 
> 3.  In a deployment of a "ghosted" image - would the DHCP
> automatically request for a new IP address upon completion of the
> installation on the target machine (since when I ghost the source
> machine, the network information will contain that source's machine IP
> address, MAC, etc. etc.)
> 
> Thanks in advance ..

We have PXE install in our environment that uses MS RIS to deploy
multiple RH distributions via kickstart using syslinux and the pxeboot
img included with the distros.

To recreate the setup completely on linux you will need:

1) DHCP server that supports PXE extensions

2) [Optional] PXE server for Linux to host multiple distros, if
you want to host just the one you could have DHCP point right to
the syslinux pxeboot loader.

3) TFTP server to host the initial boot images

4) WWW or FTP server to provide internal location to download the
distro RPMs (or you could use the Internet locations).

Here is a short How-To I found googling:

http://crashrecovery.org/CrashRecoveryKit/pxeboot/pxeboot.pdf

If you have a Win2k3 server license you could setup a Xen guest to
act as a RIS server too which would allow you to host Windows and
Linux distributions. You may have problems though with the DHCP/PXE
boot packets coming from the broadcast addresses to the guest, but
with tweaking I'm sure it could be made to work.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Network Installation of CentOS disk image via PXE

[Ross S. W. Walker]

Joseph L. Casale wrote:
> 
> >If you have a Win2k3 server license you could setup a Xen guest to
> >act as a RIS server too which would allow you to host Windows and
> >Linux distributions.
> 
> Ross,
> I would love to know how you did this, I assume it wasn't 
> trivial to install Linux guests with RIS?
> Thanks,
> jlc

Start with a working RIS setup, enable support for legacy RIS images.

Then:

Create a directory structure as such, from the base RIS volume:

 RemoteInstall
  |
  +- Setup
   |
   +- English
 |
 +- Images
   |
   +- CentOS5
 |
 +- amd64
 ||
 |+- templates
 |   |
 |   +- pxelinux.cfg
 |
 +- i386
  |
  +- templates
 |
 +- pxelinux.cfg

Under the templates directory for each version copy:

initrd.img (the pxeboot version)
vmlinuz (the pxeboot version)

as well as a copy of the pxelinux.0 binary from the most recent
syslinux/pxeboot available.

Optionally I throw in the 'splash.lss' from the distro media, and
create or copy a 'pxeboot.msg' file to give it a little flare.

Next create a pxelinux.sif file in each templates directory. This
file will be picked up by RIS and will set up the menu for this
distro/processor.

Here's the contents of mine:

[OSChooser]
Description ="CentOS 5"
Help ="This option runs the CentOS 5 install for the [i386|x86_64] processor 
family."
LaunchFile = "%INSTALLPATH%\%MACHINETYPE%\templates\pxelinux.0"
ImageType =Flat
Version="1.01"

Then in the pxelinux.cfg directory create the 'default' syslinux file
per the particular distro's needs (ram file size etc).

Here is the contents of my CentOS5 default:

default server
prompt 1
timeout 100
display pxeboot.msg

label server
kernel vmlinuz
append initrd=initrd.img ramdisk_size=8192 root=/dev/ram0 ip=dhcp 
lang=us expert ksdevice=eth0 ks=http://10.1.1.60/CentOS/5/server.cfg 
method=http://10.1.1.60/CentOS/5/os/i386 noipv6 quiet
label desktop
kernel vmlinuz
append initrd=initrd.img ramdisk_size=8192 root=/dev/ram0 ip=dhcp 
lang=us ksdevice=eth0 ks=http://10.1.1.60/CentOS/5/desktop.cfg 
method=http://10.1.1.60/CentOS/5/os/i386 noipv6 quiet

I basically have the distros located on a web server. I wget
replicate the distro creating a directory for each version (5.0,5.1 etc)
and an alias '5' that points to the current supported version.

I'd be happy to share my kickstart files, but will do so off-list as they are 
lengthy
and it just adds unnecessary volume to the list.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Network Installation of CentOS disk image via PXE

[Ross S. W. Walker]

Joseph L. Casale wrote:
> 
> >Start with a working RIS setup, enable support for legacy RIS images.
> 
> Wow, thorough detail :) I see you have kept sp2 off the RIS 
> box to prevent RIS from becoming WDS. I assume this is 
> because there is no way to do this in WDS?

Nah, I have SP2 on there, you need to make sure when setting up WDS
to enable legacy support for RIS images and then make sure you
create the directory structure I mentioned.

You could probably set it up in WDS, but I'm sure it would be more
involved, but WDS can host both newer images and legacy images
on the same box, so why bother?

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] local root exploit

[Ross S. W. Walker]

Matthew Miller wrote:
> 
> On Mon, Feb 11, 2008 at 04:26:57PM -0500, Ross S. W. Walker wrote:
> > Problem with Debian patch is it may conflict with some of the RH
> > backports, but if it works why not submit it to CentOS team for
> > testing as I hear the RH current workaround has issues with GPFs.
> 
> I think that's with the powertech.no "ptpatch2008" kernel 
> module which tries
> to patch the problem in your existing kernel -- not with the 
> actual fix.

Ah, ok, I feel a little better about it then. The reports weren't
specific about which patch was used and I assumed it was the
patch on bugzilla.

> > I personnally run my systems behind the firewall, but I suppose
> > anybody who has CentOS/RHEL 5 that is Internet facing would 
> > worry a little bit more.
> 
> Do you ever use network-accessing applications which might have bugs?

Yes, but always through transparent proxies which scan all traffic.

BTW aren't we all using network-accessing applications which might
have bugs all the time? I would say every application we use has
bugs, how big or small they are is as yet to be seen, so I trust
NOTHING.

> > I wonder if any existing user-land utilities have hooks into
> > vmsplice that may be able to be accessed via PHP, Perl, or CGI?
> 
> It's a system call.

Yes, but conceivable an application can make use of such a system
call since it is exploitable from user land and hence the concern.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] local root exploit

[Ross S. W. Walker]

Dag Wieers wrote:
> 
> On Mon, 11 Feb 2008, Ross S. W. Walker wrote:
> 
> > Dag Wieers wrote:
> > > On Mon, 11 Feb 2008, jarmo wrote:
> > >
> > > > Ofcource there's a way, get vanilla kernel 2.6.24.2 and use
> > > old config
> > > > compile it and run. I've done it.
> > >
> > > And *poof* you lost all support or reproducability that
> > > people crave when
> > > using CentOS or RHEL.
> > >
> > > So yes, it is a possibility, but probably unlikely when
> > > people have chosen
> > > CentOS or RHEL. And especially for those systems that are 
> considered
> > > production (or important) and that are the most 
> vulnerable you may not
> > > want to do this. (Or maybe instead you need to !)
> >
> > Yes, true, but say you are running a shell account system 
> and want to
> > know it isn't vulnerable, can't wait until upstream provides a fix
> > and don't want to run some possibly flaky work-around patch, what
> > then?
> >
> > I think one needs to weigh the consequences in these 
> scenarios instead
> > of saying it should be all one way or the other.
> 
> Then I would opt to patch the latest Red Hat kernel with eg. 
> the Debian
> patch rather than running a 2.6.24.2 kernel that may have numerous
> yet-unknown compatibility problems with parts of the system 
> that interact
> with the kernel. And I would make an RPM out of it that 
> upgrades smoothly
> to the next CentOS release.

Problem with Debian patch is it may conflict with some of the RH
backports, but if it works why not submit it to CentOS team for
testing as I hear the RH current workaround has issues with GPFs.

If it works then maybe a "FastTrack" kernel could be put out
on CentOS?

Easiest way for me would be to adapt a FC8 kernel package to
C5 then try to play with a back-ported patch from a third-party
system into an already heavily patched kernel.

> But then again, this would be advice for a minority and not 
> something I
> would recommend to everyone on this list.

I personnally run my systems behind the firewall, but I suppose
anybody who has CentOS/RHEL 5 that is Internet facing would 
worry a little bit more.

I wonder if any existing user-land utilities have hooks into
vmsplice that may be able to be accessed via PHP, Perl, or CGI?

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] local root exploit

[Ross S. W. Walker]

Dag Wieers wrote:
> 
> On Mon, 11 Feb 2008, jarmo wrote:
> 
> > Scott McClanahan kirjoitti viestissään (lähetysaika 
> maanantai, 11. helmikuuta
> > 2008):
> > > On Mon, 2008-02-11 at 10:45 -0800, Akemi Yagi wrote:
> > > > On Feb 11, 2008 8:19 AM, Scott McClanahan 
> <[EMAIL PROTECTED]>
> > wrote:
> > > > > On Mon, 2008-02-11 at 04:52 -0800, Michael A. Peters wrote:
> > > > > > Valent Turkovic wrote:
> > > > > > > I saw that there is a local root exploit in the wild.
> > > > > > > 
> http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
> > > > > > >
> > > > > > > And I see my centos box still has:  2.6.18-53.1.4.el5
> > > > > > >
> > > > > > > yum says there are no updates... am I safe?
> > > > > > >
> > > > > > > Valent.
> > > > > >
> > > > > > The current kernel is 53.1.6.el5
> > > > > >
> > > > > > If yum isn't seeing it - it probably needs to clean 
> its cached
> > > > > > headers.
> > > > > >
> > > > > > try:
> > > > > >
> > > > > > yum clean headers
> > > > > > yum update kernel
> > > > > >
> > > > > > However - the 53.1.6.el5 release also is 
> vulnerable, so you may as
> > > > > > well wait for the exploit to be fixed before 
> updating. I'm guessing
> > > > > > CentOS will do it fairly quickly after rhel does.
> > > > >
> > > > > I understand that a known root exploit must be 
> patched but I'm curious
> > > > > to know if we upgrade to the fixed kernel once 
> released will it also
> > > > > include the degraded nfs performance discussed here:
> > > > >
> > > > > https://bugzilla.redhat.com/show_bug.cgi?id=431092
> > > >
> > > > We have to wait and see, but my impression is that the 
> nfs fix would
> > > > not be in the updated kernel (I hope I am wrong).  They 
> are talking
> > > > about getting it into 5.2 (even possibly into 5.3).  I 
> can see that
> > > > this is a problem.  Now, we can not "stay with 53.1.4"  
> on the systems
> > > > where the local root exploit is a serious problem.
> > >
> > > Yes, until now we had no problem stalling on 53.1.4.  I 
> guess we'll have
> > > to test how badly the nfs performance degradation 
> actually is under a
> > > heavy load in our environment.
> >
> > Ofcource there's a way, get vanilla kernel 2.6.24.2 and use 
> old config
> > compile it and run. I've done it.
> 
> And *poof* you lost all support or reproducability that 
> people crave when
> using CentOS or RHEL.
> 
> So yes, it is a possibility, but probably unlikely when 
> people have chosen
> CentOS or RHEL. And especially for those systems that are considered
> production (or important) and that are the most vulnerable you may not
> want to do this. (Or maybe instead you need to !)

Yes, true, but say you are running a shell account system and want to
know it isn't vulnerable, can't wait until upstream provides a fix
and don't want to run some possibly flaky work-around patch, what
then?

I think one needs to weigh the consequences in these scenarios instead
of saying it should be all one way or the other.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] local root exploit

[Ross S. W. Walker]

Matthew Miller wrote:
> 
> On Mon, Feb 11, 2008 at 06:00:14PM -0500, Ross S. W. Walker wrote:
> > > > I wonder if any existing user-land utilities have hooks into
> > > > vmsplice that may be able to be accessed via PHP, Perl, or CGI?
> > > It's a system call.
> > Yes, but conceivable an application can make use of such a system
> > call since it is exploitable from user land and hence the concern.
> 
> Well, the point is there's nothing wrong with the system call 
> *inherently*.
> There's just a flaw in its implementation which a 
> carefully-crafted program
> can exploit. A program which just happens to use the system 
> call as it is
> intended to be used isn't any more dangerous than any other code.

Sorry this thread keeps getting taken further out of context on each
reply.

Yes I understand there is nothing inherently wrong with the concept
of the vmsplice() system call and it adds a lot of benefit to the
Linux kernel.

But if an application uses a system call, and that call to the system
API depends on user input that isn't properly checking bounds, then said
application can be used as a vector to system penetration.

That is all I am saying and was asking if anybody knew if such a
vector existed in any PHP, Perl or CGI module as it would be the most
likely method of leveraging the flaw if one did not have a shell account
on that machine.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] change the GUI manager

[Ross S. W. Walker]

Sobari Tanuwijaya wrote:
> 
> actually, everytime I turn on the computer, the log in is the 
> text login 
> screen, then after I entered my username and password, I have to type 
> startx to start the xserver, that's the other thing I want to 
> know how 
> to make the login directly to GUI.

To start at runlevel 5 (graphic mode) on start, edit /etc/inittab
with your favorite editor and near the top look for:

# Default runlevel. The runlevels used by RHS are:
#   0 - halt (Do NOT set initdefault to this)
#   1 - Single user mode
#   2 - Multiuser, without NFS (The same as 3, if you do not have networking)
#   3 - Full multiuser mode
#   4 - unused
#   5 - X11
#   6 - reboot (Do NOT set initdefault to this)
#
id:5:initdefault:

Yours will probably say "id:3:initdefault", change that 3 to a 5
and you should be good.

-Ross

> -- Tanu --
> Evans F. Mitchell KD4EFM / AFA2TH / WQFK-894 wrote:
> > at the login screen, go to session, change to KDE and then log in
> > 
> > EFM 
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf
> > Of Sobari Tanuwijaya
> > Sent: Tuesday, February 12, 2008 7:20 PM
> > To: CentOS mailing list
> > Subject: [CentOS] change the GUI manager
> > 
> > Hi,
> > I installed CentOS using GNOME, but now I want to try it 
> using KDE, how can
> > I change it?
> > Thanks in advance
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Apache RPM's

[Ross S. W. Walker]

nate wrote:
> Ross S. W. Walker wrote:
> 
> > The agencies don't know what security backports vendor XYZ
> > has implemented and frankly they don't care. All they have
> > is a list of minimum version numbers that software must be
> > at in order for it to be deemed "compliant".
> 
> So check the actual version number of the package. Using a remote
> network software scanner to detect security problems based on
> banner strings provided by the network software is nothing
> more than a false sense of security.

I'm not worried about myself. In a regulated environment the
agencies do not trust corporations will honestly test their
controls, so they have outside auditing firms and agencies
test them for you and it is often these outside firms or
agencies that take unreasonable or uneducated stances and
often times there is very little you can do. When the FDIC
says jump your correct response should be "How high?".

> > I think we will start seeing this in the PCI and HIPA
> > compliance regulations first, but I wouldn't be surprised
> > if it leaks out into GLBA and other regulations over time.
> 
> The scanning vendors will be forced to fix their products. It's
> perfectly acceptable, and preferred behavior to backport patches.
> Just look at the recent Samba thread here for a good reason
> why backporting is good. I'd be mightily pissed if RHEL or
> CentOS switched a version out from under me which caused breakage.
> I honestly cannot believe that RHEL did that for Samba. If
> anything introduce a new ALTERNATE package that has the
> incompatible changes in it and allow users to choose between
> that one and the original for their systems. That's just me though.
> Fortunately I don't really use Samba.

I agree whole heartily. It would go a long way though if Redhat
provided independent certification of their products under these
compliance banners.

Does anybody know if such a thing exists now?

That way with the certification in hand and proof that the
servers are kept up to date one can keep the auditors at bay.

> > I think it will be these compliance issues that may force
> > upstream to change their strategy otherwise I can see this
> > being a roadblock to RHEL/CentOS adoption in these
> > industries in the future.
> 
> I highly doubt it. It'll be the scanning companies that will
> have to change. RHEL/CentOS are not the only ones that backport
> fixes. Really they need to have a database of package names
> and versions, and a set of scripts to run on the various servers
> to compare the versions with their "approved" list. After all
> it's not easy to remotely determine the kernel version.

You know that is if the auditing firms and agencies actually
use scanning software, or if they ask for a package listing
and go through that list by hand.

We are talking about the US government here.

> Network scanning is OK for some things, especially if you are
> attempting the actual security vulnerability rather than just
> assuming it has or does not have it based on the version.
> 
> Take Oracle for example, pretty expensive piece of software.
> Lots of security holes in it. I'm not a DBA so I looked up
> how to find what patches are installed, and as far as I can
> tell you cannot determine those patches remotely, you need to
> run a command on the local host.
> 
> My production oracle servers(10.2.0.3) currently have 34 patches
> installed. And the version string did not change.
> 
> Installed Top-level Products (3):
> 
> Oracle Database 10g   10.2.0.1.0
> Oracle Database 10g Release 2 Patch Set 1 10.2.0.2.0
> Oracle Database 10g Release 2 Patch Set 2 10.2.0.3.0
> There are 3 products installed in this Oracle Home.
> 
> 
> Interim patches (34) :
> [..]
> (snip)
> 
> And guess what? all 34 patches are security related. I have
> 8 more patches to get installed soon as well.

Yes of course the software needs to be kept up to date that
goes without saying. One can only hope that with a certificate
from Redhat that they keep software up to date with security
fixes within a reasonable time frame by backporting them
can be had.

Then there is the whole convincing these firms and agencies that
since CentOS is a duplication of Redhat's system it is therefore
certified by the laws of transitivity, but who knows if they will
buy it...

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,

RE: [CentOS] Apache RPM's

[Ross S. W. Walker]

Johnny Hughes wrote:
> 
> Bob Boilard wrote:
> > Hello all,
> >  
> > I love CentOS, but I am seriously regretting selecting 
> Centos 4.4 for my
> > production hosting servers. The current situation with 
> CentOS 4.4 and being
> > stuck at Apache 2.0.52 is a huge problem because of the new 
> requirements for
> > the Credit Card industry PCI scan. Apache 2.0.52 does not pass PCI
> > compliance scans. which means no ecommerce on any of these 
> servers - MAJOR
> > ISSUE. So my question to the community is: when are new 
> Apache RPM's going
> > to be released or at minimum a backported version that 
> plugs these security
> > holes so we can pass PCI scans. Apache 2.0.52 has some 
> major issues that
> > need to be dealt with?
> >
> 
> I am almost positive that this issue is one of the scan 
> software using 
> version numbers and not understanding that RHEL backports fixes.

It is a big fear of mine that this may become more and more
of an issue when government agencies start setting stricter
and stricter software compliance guidelines.

The agencies don't know what security backports vendor XYZ
has implemented and frankly they don't care. All they have
is a list of minimum version numbers that software must be
at in order for it to be deemed "compliant".

I think we will start seeing this in the PCI and HIPA
compliance regulations first, but I wouldn't be surprised
if it leaks out into GLBA and other regulations over time.

I think it will be these compliance issues that may force
upstream to change their strategy otherwise I can see this
being a roadblock to RHEL/CentOS adoption in these
industries in the future.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Re: local root exploit

[Ross S. W. Walker]

Scott Silva wrote:
> 
> on 2/13/2008 6:52 AM Johnny Hughes spake the following:
> > Each person who wants to use this needs to test it first 
> for themselves 
> > ... if it breaks your machine you get to keep all pieces :D
> > 
> I soo love that last line! I could just imagine someone like 
> Jack Nicholson 
> saying it in a movie.
> 

That's the standard OSS guarantee. ;-)


__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Apache RPM's

[Ross S. W. Walker]

nate wrote:
> 
> Ross S. W. Walker wrote:
> 
> > Then there is the whole convincing these firms and agencies that
> > since CentOS is a duplication of Redhat's system it is therefore
> > certified by the laws of transitivity, but who knows if they will
> > buy it...
> 
> Well I wouldn't be surprised if a agency/certification thing would
> not support you under CentOS if they support RHEL. It would be sad
> but not completely crazy.
> 
> Those firms and agencies are likely more strict on what they support
> than software/hardware vendors. And there's quite a few software
> and hardware vendors that don't support CentOS but do support RHEL.
> 
> I suppose it mostly comes down to the organization behind it and
> the relationships Red Hat in this case has with those companies in
> order to help track/escalate problems/fixes/etc easier then
> organizations like CentOS that are less formal. And yes I believe
> if a bug is found in CentOS it's almost certain to appear in RHEL,
> but without reproduction under RHEL the vendor is unlikely to
> approach Red Hat and say you have a bug in your product even though
> I was using CentOS.

True. Maybe if CentOS gets enough publicity and a tremendous user
base (not that it doesn't now) it would be too much of a force to
just disregard as "unsupported", but who knows, time tells all.

Oh and BTW I believe it is CentOS' user base that discovers the
majority of the edge case bugs in RHEL as I believe the user
base to be more diverse in the hardware they run it on. The
majority of hardware RHEL is run on is HP or Dell, so RHEL
actually benefits in the long run with CentOS being around.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Re: Apache RPM's

[Ross S. W. Walker]

Scott Silva wrote:
> 
> on 2/13/2008 7:44 AM nate spake the following:
> > Ross S. W. Walker wrote:
> > 
> >> The agencies don't know what security backports vendor XYZ
> >> has implemented and frankly they don't care. All they have
> >> is a list of minimum version numbers that software must be
> >> at in order for it to be deemed "compliant".
> > 
> > So check the actual version number of the package. Using a remote
> > network software scanner to detect security problems based on
> > banner strings provided by the network software is nothing
> > more than a false sense of security.
> > 
> >> I think we will start seeing this in the PCI and HIPA
> >> compliance regulations first, but I wouldn't be surprised
> >> if it leaks out into GLBA and other regulations over time.
> > 
> > The scanning vendors will be forced to fix their products. It's
> > perfectly acceptable, and preferred behavior to backport patches.
> > Just look at the recent Samba thread here for a good reason
> > why backporting is good. I'd be mightily pissed if RHEL or
> > CentOS switched a version out from under me which caused breakage.
> > I honestly cannot believe that RHEL did that for Samba. If
> > anything introduce a new ALTERNATE package that has the
> > incompatible changes in it and allow users to choose between
> > that one and the original for their systems. That's just me though.
> > Fortunately I don't really use Samba.
>
> Wasn't the samba issue something that was fairly critical, 
> but just couldn't 
> be backported?

Yeah, it was a decision whether to keep samba at the same
version but with Windows 2003/Vista incompatibilities or to
up the version knowing it can break customers setups.

Difficult decision, but every now and then all vendors have
to make at least 1 controversial decision. Besides what good
is a Windows compatibility layer that isn't compatible with
the latest version of Windows?

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] pvmove speed

[Ross S. W. Walker]

Joseph L. Casale wrote:
> 
> Are there any ways to improve/manage the speed of pvmove? Man 
> doesn't show any documented switches for priority scheduling.
> Iostat shows the system way underutilized even though the lv 
> whose pe's are being migrated is continuously being written 
> (slowly) to.

I don't believe pvmove actually does any of the lifting. Pvmove
merely creates a mirrored pv area in dev-mapper and then hangs
around monitoring it's progress until the mirror is sync'd up
then it throws a couple of barriers and removes the original
pv from the mirror leaving the new pv as the new location for
the data.

That is how the move continues through reboots. All lifting
is actually done in dev-mapper and it's state is preserved
there. On restart LVM will read it's meta-data to determine
if there is a pvmove in progress and then spawn a pvmove to
wait for it to complete so it can remove the mirror.

Any slowness is due to disk io errors and retries being
thrown around.

You should really run LVM on top of a RAID1, software or
hardware makes no difference, but LVM is more to storage
management then fault tolerance and redundancy.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] pvmove speed

[Ross S. W. Walker]

Joseph L. Casale wrote:
> 
> >I don't believe pvmove actually does any of the lifting. Pvmove
> >merely creates a mirrored pv area in dev-mapper and then hangs
> >around monitoring it's progress until the mirror is sync'd up
> >then it throws a couple of barriers and removes the original
> >pv from the mirror leaving the new pv as the new location for
> >the data.
> >
> >That is how the move continues through reboots. All lifting
> >is actually done in dev-mapper and it's state is preserved
> >there. On restart LVM will read it's meta-data to determine
> >if there is a pvmove in progress and then spawn a pvmove to
> >wait for it to complete so it can remove the mirror.
> >
> >Any slowness is due to disk io errors and retries being
> >thrown around.
> >
> >You should really run LVM on top of a RAID1, software or
> >hardware makes no difference, but LVM is more to storage
> >management then fault tolerance and redundancy.
> >
> >-Ross
> 
> The LD's provided to LVM through the RAID controller are all 
> fault tolerant...

If the PVs are fault tolerant then I don't know why pvmove
would be running so slow, there should be no io errors being
thrown as the bad drive would be marked as faulty and taken
offline.

What are you pvmoving again?

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] XFCE-Terminal can't display latin1 encoding

[Ross S. W. Walker]

Niki Kovacs wrote:
> 
> Hi,
> 
> Much of my work consists in connecting to the MySQL monitor on our 
> public library database server and working in it. Until 
> recently, I've 
> been using either Gnome-Terminal in GNOME, or Konsole in KDE. 
> Since all 
> the systems, both server and clients, default to fr_FR.UTF-8, 
> and MySQL 
> uses a default latin1 charset, I usually switch the displayed charset 
> within Gnome-Terminal or Konsole.
> 
> I'm actually converting most of the desktops to XFCE, since it's my 
> preferred desktop environment. Unfortunately, XFCE's Terminal 
> application doesn't seen to offer the opportunity to switch to 
> displaying an ISO-8859-1 (or ISO-8859-15) charset. Is there any other 
> way to achieve that?
> 
> Right now, all my french characters in the MySQL console appear as 
> inverted question marks. Which leaves me with two more 
> inverted question 
> marks in my eyes :oD
> 
> Any suggestions?

It may be as simple as choosing a unicode font. I don't know if
you can choose what font to use, but if so pick one that supports
the unicode character set and set the language in your bashrc or
whatever.

There is also good ole 'xterm' and I saw an app called 'Terminal' in
extras, maybe that can work for you? I know xterm will be a PITA to
setup correctly, but it has options to cover just about every
scenario, find the options that work for you and then xset them.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] pvmove speed

[Ross S. W. Walker]

Joseph L. Casale wrote:
> 
> >What are you pvmoving again?
> >
> >-Ross
> 
> Ok, here is what happened: I have a box running iet exporting 
> an LV that started out as two 750 gig HD's mirrored off an 8 
> channel LSI SAS controller. I needed more space, and added 3 
> 400 gig HD's in a r5 vd to this VG. Yes, I now need even more 
> space, but I only have 8 channels, so... Moving it all over 
> to 7 750's in an r5 either with a hotspare or maybe 8 750's 
> in a r6, don't know yet

Don't know? Where are you pvmoving everything now?

It would be a whole lot easier to get the new array fully
setup, initialized and tested, then add it as a new PV to
the existing VG, then do the pvmove then to pvmove it twice.

If you put the new array on a newer higher end controller and
leave the existing setup as it is and pvmove between them
things would move a lot faster.

> All vd's on the controller are optimal, nothing is degraded 
> but I need to move all this data off the darn thing to free 
> up the original ld so I can break and recreate it.

Is that array on a different controller?

Is that array fully initialized?

Does the controller have a BBU write-back cache?

Maybe I am missing some important parts of the picture here?

-Ross



__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Backport uncertainty

[Ross S. W. Walker]

Erek Dyskant wrote:
> 
> On Wed, 2008-02-13 at 12:54 -0700, Joseph L. Casale wrote:
> > I need to know of my version of Postfix supports a feature, given rh
> > version numbers don't really tell you much I was trying to find an
> > errata on postfix or anything to let me know the real version of it.
> For the most part if it's a feature it's not added, and if it's a
> bug/security issue it is.
> 
> > 
> > How does one deal with this scenario? Is there a source of info to
> > determine this info?
> The way that I'd do it is download the srpm, and read the spec file's
> changelog.  Also, looking at the upstream's errata for 
> postfix may tell
> you.

For changelog one could do 'rpm -q --changelog postfix' and see it
without downloaded and installing the source rpm.

With yum-changelog installed one could do a 'yum changelog postfix'
to see the changelog without even installing or downloading postfix.

Some apps will display the build options used under the version
information, maybe postfix has something like that too, if not to
find out for sure you will need to look at the .spec file.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] pvmove speed

[Ross S. W. Walker]

Joseph L. Casale
> 
> >Don't know? Where are you pvmoving everything now?
> 
> Where do I begin... Scenario is "No cash to do it right" so 
> the interim step involves migration to a non fault tolerant 
> setup temporarily. Server is a 1u HP and I don't have another 
> controller that matches the remaining interface in that small server.

Ah, well you are using SAS drives, so there is some cash there...

Need to learn how to shake the money maker, it's the only way we
can get our jobs done these days. Tell management that there
is no more room to get projects X or Y done because they need to
invest in upgrading storage, or if it's for fault tolerance tell
them what the worse case scenario will be. That usually gets them
to find that extra $$ to make it happen.

What industry do you work in?

> If I continue to explain all that I have to do, you'll likely 
> not be impressed. Sigh, I can only do what I can!

That's not true! I'm unimpressed now ;-)

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] pvmove speed

[Ross S. W. Walker]

Joseph L. Casale wrote:
> 
> >Ah, well you are using SAS drives, so there is some cash there...
> 
> My bad, SAS controller with SATA II drives :(
> 
> >What industry do you work in?
> 
> All sorts, odd company: We do everything from automotive 
> accessories to home building!
> 
> >That's not true! I'm unimpressed now ;-)
> >
> >-Ross
> 
> Love your honesty!

Since your moving the data over to a new server/array combo have
you thought about using LTO tapes to back it up and restore it
on the new server?

I know it isn't as sexy as LVM pv duplication and such, but it
works...

If the LTO drives are too expensive why not just rent them for
this activity? You need to buy the tapes, but that's not too
much expense.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Booting without a keyboard

[Ross S. W. Walker]

Gregory P. Ennis wrote:
> 
> Thanks everyone.
> 
> 
> Sure appreciate your suggestions!!
> 
> I thought about the resistor and wondered if anyone had done anything
> like that.

I think it needs more then resistance like a gate 20 emulator in a dongle.

Easier to just have the BIOS ignore it.

> I really should have checked the bios, but I've never had this
> circumstance before.
> 
> Thanks again!!!
> 
> Greg
> 
> 
> On Wed, 2008-02-13 at 16:33 -0500, Steve Thompson wrote:
> > On Wed, 13 Feb 2008, Joseph L. Casale wrote:
> > 
> > >> Is there a way to have Centos boot when no keyboard is present.
> > >
> > > That's a bios thing...
> > > Look for the various settings controlling KB errors etc...
> > 
> > Heh. I have a rack of systems with Tyan S2466 motherboards, 
> none of which 
> > have keyboards attached. Each has a BIOS setting to prevent 
> squawking if 
> > the keyboard is not found. Half of them squawk anyway.

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] fsck

[Ross S. W. Walker]

Centos wrote:
> 
> Hello
> 
> our server is crashed and now some files are missing.
> when I do ls, I can see the file but when I do ls -la, file does not 
> show up.
> 
> I am going to do fsck, but was wondering if there is any 
> other quick fix 
> rather
> than umount and do fsck.

Fsck is a necessary evil here, but after fsck you will still
need to do a restore to recover any missing or damaged files.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] pvmove speed

[Ross S. W. Walker]

Joseph L. Casale wrote:
> 
> >Since your moving the data over to a new server/array combo have
> >you thought about using LTO tapes to back it up and restore it
> >on the new server?
> >
> >I know it isn't as sexy as LVM pv duplication and such, but it
> >works...
> 
> We have an HP Autoloader, I thought of doing that actually, 
> and I think I might :)
> I'll let it run through the weekend and make a decision on 
> Monday. The autoloader is hooked up to a windows box running 
> the scourge of my life (Backup exec 9 for windows) and I 
> didn't know how to interface it easily to the data without 
> installing an agent on the client running the ini which I 
> thought would be just as painfully slow! The LV is exported 
> through iet and is formatted NTFS.
> 
> Suggestions welcome :)

Well I suppose you have nightly backups of the data set already?

Maybe just abort the pvmove, let the Friday full backup run, then
on Saturday do a full restore on the new server over iSCSI and
bring it online that way.

I am facing the same issue with a migration of our VM machines
to a new iSCSI setup this year, around 1TB of VMs need to be
fork lifted over and I thought about exotic ways to move it
over, but I think in the end it will be by good ole backup exec
and tape.

Hey! Or maybe just use robocopy from one iSCSI volume to the
other on the Windows side!



-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Re: Strange performance issues under CentOS 5.1

[Ross S. W. Walker]

Alfred von Campe wrote:
> 
> On Feb 13, 2008, at 11:37, Scott Silva wrote:
> 
> > I didn't see it but did you do a 'uname-a" on both systems to see  
> > if one is running a PAE kernel?
> 
> No, that was not it.  But I did finally track it down.  There 
> was one  
> additional difference in the software configuration that I had  
> forgotten about.  The CentOS 5.1 system is in a different NIS domain  
> and it has Kerberos enabled.  We are going to move to an integrated  
> NIS/AD environment to have a single sign-on for Windows and UNIX/ 
> Linux, and I was planning to roll that out at the same time 
> as CentOS  
> 5.1.  The performance issue went away when I used a local account to  
> do the build, and also on another CentOS 5.1 system (on 
> identical HW)  
> that was bound to the old NIS domain.
> 
> Needless to say, we can not roll out CentOS 5.1 in the new NIS  
> domain.  I will be talking to the corporate IT folks tomorrow to  
> track down what is causing this issue.

Ah, I advise using Samba's winbind and the RID idmap backend. Winbind
and it's local tdb cache is an order of magnitude faster then NIS and
several orders of magnitude faster then nss_ldap.

I haven't tested Samba's ldap backend cause we have an AD domain here.

Winbind is a whole lot easier to setup and manages the kerberos keytab
files too. We have winbind for user/group lookup and kerberos for
authentication, works well and is fairly easy to automate setup
through kickstart.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] pvmove speed

[Ross S. W. Walker]

Good suggestion, no it's not ESX, but it does do snapshots.

-Ross


- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: 'CentOS mailing list' 
Sent: Wed Feb 13 17:30:39 2008
Subject: RE: [CentOS] pvmove speed

>I am facing the same issue with a migration of our VM machines
>to a new iSCSI setup this year, around 1TB of VMs need to be
>fork lifted over and I thought about exotic ways to move it
>over, but I think in the end it will be by good ole backup exec
>and tape.

You're not running esx are you?
Heh, I just did the same thing on a much smaller scale. Couldn't afford the 
long downtime while a copy took place so I shut the vm's off, snapped it and 
restarted it. I then scripted all files "without" 0 in the name to rsync 
over (slowly). I then only had to shut the vm off and sync the small snap's 
and restart the vm's on other storage. Only took a few minutes.

jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Apache RPM's

[Ross S. W. Walker]

Les Bell wrote:
> 
> "Ross S. W. Walker" <[EMAIL PROTECTED]> wrote:
> 
> >>
> I agree whole heartily. It would go a long way though if Redhat
> provided independent certification of their products under these
> compliance banners.
> <<
> 
> RHEL 5 is Common Criteria certified against the Controlled Access
> Protection Profile (CAPP), Labelled Security Protection 
> Profile (LSPP) and
> Role-Based Access Control Protection Profile (RBACPP) at EAL 
> (Evaluation
> Assurance Level) 4+ (i.e. all requirements of EAL4 and some 
> of EAL5), when
> running on certain hardware platforms (IBM). See
> http://www.commoncriteriaportal.org/public/consumer/index.php?
> menu=5 for
> the reports. That may be overkill for what you require, but 
> if your system
> is certified and accredited, it usually stops auditors in 
> their tracks.
> 
> I agree with concerns about the inability of auditors to correctly
> interpret requirements. The Y2K panic provided lots of 
> examples; I recall
> one junior auditor demanding that a network hub be replaced 
> because it was
> not "certified Y2K compliant".

Thanks Les, naw it isn't over kill here as a publically traded
company with a commerical bank in Utah we get tag teamed by both
the SEC and the FDIC.

I'll definitely keep that bookmarked in the compliance portal!

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] RE: [Iscsitarget-devel] Performance Question

[Ross S. W. Walker]

Joseph L. Casale wrote:
> 
> >Yes, jumbo frames, no irq coalescence, blockio and see if
> >you can get Backup Exec to use large io request sizes when
> >reading and writing the data. The larger the better.
> 
> Ok, Jumbo's enabled on the switch and media server. For the 
> sake of our sanity jumping back and forth, I am trying to 
> enable jumbo's on the bonded pair in the target, # ifconfig 
> bond0 mtu 9014 and it errors out? Any idea what I am doing wrong?

Yeah, it's MTU 9000 on Linux, Linux adds 14 byte ethernet frame
by default (standard MTU is actually 1514).

> Also, where do I tune irq coalescence?

It can be done through ethtool if the cards are supported,
or sometimes it needs to be done on mod load. Which card?

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Upgrade ram and what to do with SWAP PARTITION ?

[Ross S. W. Walker]

Masters IT Gmail wrote:
> 
> Sorry i miss that link that you give me i am reading now 
> thanks for the tip
> i am going to try. Thanks for all!
> 
> -Mensaje original-
> De: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] En nombre
> de Michael A. Peters
> Enviado el: Miércoles, 13 de Febrero de 2008 06:07 p.m.
> Para: CentOS mailing list
> Asunto: Re: [CentOS] Upgrade ram and what to do with SWAP PARTITION ?
> 
> Masters IT Gmail wrote:
> > Now that I understand that i need more ram after i add this 
> ram to my
> > centos, what I need to do in order to increase my swap 
> partition, thanks
> in
> > advance.
> 
> How much swap do you currently have?
> You may not need to increase swap at all.
> 
> If you do - I haven't tried this method in CentOS (or any OS) but it 
> should work:
> 
> https://help.ubuntu.com/community/SwapFaq#head-75ffcb00cefe143
> fc380f84d7ea92
> 03f16a596d0
> 
> It creates a swap file instead of a swap partition. Much easier than 
> finding unpartitioned space ...

Yes and with today's kernels it provides the same level of performance.

# dd if=/dev/zero of=/.swapfile bs=1M count=512

# mkswap /.swapfile

fstab:
/.swapfileswapswapdefaults0 0

Or if you use lvm, turn swapoff the lv, lvresize the lv, mkswap the lv
again, then swapon the lv and you have a larger swap, but the swapfile
will at least be contiguous.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Samba problem after Up2date

[Ross S. W. Walker]

Dago Pacheco wrote:
> 
> Johnny Hughes escribió:
> >
> > OK ... I already told you to run testparm and to validate all your 
> > smb.conf lines.
> >



> okThis is the thing security level was set to "share".  When 
> thigs worked fine, there were a lot of shared folders that could be 
> access by anyone in the network, but when it comes to acces 
> the remote 
> home folder, from windows client, samba checked the 
> user/password used 
> to loged in to windows and use it.  Now whit security level set to 
> "share", I can access the public folders, but when it comes to the 
> "home" folders, smaba promt me to enter a password as an 
> invited user.

One should avoid setting security to share, it is there primarily for
historical reasons, but security should start with "user" then if
you have Windows domain servers set it to "domain" or "ads".

You will need to create LM passwords for each user unless you have
a Windows domain server to check passwords against.

I think there is an option in the man page about auto-creating
samba users on first connect if they exist in passwd, which will
ask the user for his/her password the first time and if it is
correct will save it in the samba passwd file.

> If I change security level to "user", samba promt user to 
> enter user and 
> password, that's good, but even if I enter a good login nothing 
> happend, it doesn't validate it... and then, I can't access home and 
> public folders.

Well there is probably additional configuration that is needed when
moving from "share" to "user".

> This is the output for testparm
> 



> 
> [global]
> workgroup = MAKIMET
> netbios aliases = servidor
> server string = Servidor Maestranza
> interfaces = 192.168.0.10/255.255.255.0
> security = SHARE

Once again you should really use security = "user" here

> obey pam restrictions = Yes
> pam password change = Yes
> username map = /etc/samba/smbusers
> log level = 3
> log file = /var/log/samba/%m.log
> acl compatibility = winnt
> server signing = auto
> socket options = TCP_NODELAY IPTOS_LOWDELAY
> hostname lookups = Yes
> printcap name = /etc/printcap
> os level = 10
> preferred master = No
> domain master = Yes
> dns proxy = No
> ldap ssl = no
> preload = global administracion biblioteca cartas fax 
> formatos 
> fotografias informes instaladores memos of_tecnica planos 
> procedimientos

---
> read only = No
> create mask = 0777
> force create mode = 0777
> directory mask = 0777
> force directory mode = 0777
> guest ok = Yes
---
These options really should be per-share. You are making all data
on all shares world readable and writable by default, which you
really do not want to do.

> hosts allow = 192.168.0., 127.0.0.
> 
> [homes]
> comment = Home directory for %S
> valid users = bodega, calidad, contador, cvaldivieso, 
> dibujotec1, dibujotec2, faena, hcatalan, hfigueroa, personal, 
> planning, 
> produccion, root, secretaria, tvillagran, ymoya, ocastro, hsandoval, 
> afigueroa, mahumada, chidalgo, informatica, @makimet
> force group = makimet
> create mask = 0700
> directory mask = 0700
> browseable = No
> 
> [printers]
> comment = All Printers
> path = /var/spool/samba
> printable = Yes
> browseable = No
> 
> [administracion]
> comment = Archivos Administracion
> path = /home/publicos/administracion
> force user = root
> force group = makimet

Please for your sake don't force root, use some other
administrative user like 'admin' and force that, this
is just asking for trouble!

> [biblioteca]
> comment = Biblioteca Electronica
> path = /home/publicos/biblioteca
> force user = root
> force group = makimet
> 
> [cartas]
> comment = Cartas Enviadas
> path = /home/publicos/cartas
> force user = root
> force group = makimet
> 
> [fax]
> comment = Historico Fax
> path = /home/publicos/fax
> force user = root
> force group = makimet
> 
> [formatos]
> comment = Formatos Oficiales
> path = /home/publicos/formatos
> force user = root
> force group = makimet
> 
> [fotografias]
> comment = Historico Fotografias
> path = /home/publicos/fotografias
> force user = root
> force group = makimet
> 
> [informes]
> comment = Informes Tecnicos
> path = /home/publicos/informes
> force user = root
> force group = makimet
> 
> [instaladores]
> comment = Programas de Instalacion
> path = /home/publicos/instaladores
> force user = root
> 
> [memos]
> comment = Historico Memos
> path = /home/publicos/memos
> 

RE: [CentOS] kickstart file problem

[Ross S. W. Walker]

Lundgren, Andrew wrote:
> 
> I have a kickstart file that I am using to install multiple 
> machines.  If I install with no %post script, everything runs 
> great.  When I add the following %post section, if fails.
>  
> I have been working on this for a few days now without luck,  
> Any help would be appreciated.
>  
> Here is the error, the script follows.
>  
> Traceback (most recent call first):
>   File "/usr/lib/anaconda/kickstart.py", line 82, in run
> os.unlink(path)
>   File "/usr/lib/anaconda/kickstart.py", line 781, in 
> map (lambda s: s.run(anaconda.rootPath, serial, anaconda.intf), 
> postScripts)
>   File "/usr/lib/anaconda/kickstart.py", line 781, in postAction
> map (lambda s: s.run(anaconda.rootPath, serial, anaconda.intf), 
> postScripts)
>   File "/tmp/treedir.17875/instimage/usr/lib/anaconda/packages.py", line 44, 
> in doPostAction
> anaconda.id.instClass.postAction(anaconda, flags.serial)
>   File "/usr/lib/anaconda/dispatch.py", line 201, in moveStep
> rc = stepFunc(self.anaconda)
>   File "/usr/lib/anaconda/dispatch.py", line 124, in gotoNext
> self.moveStep()
>   File "/usr/lib/anaconda/gui.py", line 1007, in nextClicked
> self.anaconda.dispatch.gotoNext()
>   File "/usr/lib/anaconda/iw/progress_gui.py", line 243, in renderCallback
> self.intf.icw.nextClicked()
>   File "/usr/lib/anaconda/gui.py", line 1034, in handleRenderCallback
> self.currentWindow.renderCallback()
> OSError: [Errno 2] No such file or directory: 
> '/mnt/sysimage/tmp/ks-script-ah2YMC'

There's the error, and...



>  
> My script that I add is listed above, but a less cryptic 
> version is here:
> %post --log=/mnt/sysimage/root/post-install.log
  ^^^
There's the problem, should be /root/post-install.log as this runs chrooted.

> # setup NTP
> echo "setup NTP"
> cat << EOF > /etc/ntp.conf
> restrict default noquery notrap nomodfiy
> restrict 127.0.0.1
> server 0.rhel.ntp.org
> server 1.rhel.ntp.org
> server 2.rhel.ntp.org
> driftfile /var/lib/ntp/drift
> EOF
> /sbin/chkconfig ntpd on
> # setup services.
> echo "setup services"
> /sbin/chkconfig atd off
> /sbin/chkconfig autofs off
> /sbin/chkconfig avahi-daemon off
> /sbin/chkconfig bluetooth off
> /sbin/chkconfig cpuspeed off
> /sbin/chkconfig cups off
> /sbin/chkconfig gpm off
> /sbin/chkconfig hidd off
> /sbin/chkconfig ip6tables off
> /sbin/chkconfig pcscd off
> /sbin/chkconfig netfs --add
> /sbin/chkconfig netfs on
> # relocate tmp
> echo "relocate root"
> rm -rf /tmp
> ln -s /var/tmp /tmp
> # add lustre module configuration
> echo "add lustre module configuration"
> echo "options lnet networks=tcp0(eth1,eth0)" >> /etc/modprobe.conf
> # create motd
> echo "set motd"
> echo "Built as admin/ingest using VIPER install 1.0" > /etc/motd
> echo "Adding level3 with bad password set"
> /usr/sbin/useradd -d /home/level3 -m -u 100 -g 100 -p BLOCKED level3

-Ross


__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nss_ldap failed to bind to LDAP server 127.0.0.1

[Ross S. W. Walker]

A short-cut to disable ldap name service:

# authconfig --kickstart --disableldap

And to disable ldap authentication:

# authconfig --kickstart --disableldapauth

Now I believe it only does something if /etc/sysconfig/authconfig has these 
marked =YES, but if they are turned on there they will automatically be turned 
on again during the next reboot, so check there too.

-Ross


- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: CentOS mailing list 
Sent: Tue Feb 19 20:09:56 2008
Subject: RE: [CentOS] nss_ldap failed to bind to LDAP server 127.0.0.1

From: Stephen Harris Sent: February 19, 2008 16:56
> 
> In other words you _had_ the right answer already!
> 

Thanks muchly for the confirmation. I have made the necessary
changes and I am just in the process of kicking people off so that
I can reboot. I know the reboot may not be entirely required but it
will ensure that all services have been restart and now reflect the
configuration changes.

Thanks again for your assistance.

Regards, Hugh

-- 
Hugh E Cruickshank, Forward Software, www.forward-software.com 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] CentOS 5.1 - equivalent of xorg-x11 ?

[Ross S. W. Walker]

Tom Brown wrote:
> 
> Hi
> 
> If i want to add X to a system after install on CentOS 4 that 
> would be a 
> yum install xorg-x11 etc
> 
> This package seems to have been renamed in CentOS 5 and i wonder if 
> anyone can tell me what that now is please

yum groupinstall base-x

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] CentOS 5.1 - equivalent of xorg-x11 ?

[Ross S. W. Walker]

Johnny Hughes wrote:
> 
> Johnny Hughes wrote:
> > Tom Brown wrote:
> > > Hi
> > >
> > > If i want to add X to a system after install on CentOS 4 that would be 
> > > a yum install xorg-x11 etc
> > >
> > > This package seems to have been renamed in CentOS 5 and i wonder if 
> > > anyone can tell me what that now is please
> > >
> > 
> > yum groupinstall "X Window System"
> > 
> > and also pick the GUI that you want from:
> > 
> > "GNOME Desktop Environment"
> > 
> > or
> > 
> > "KDE (K Desktop Environment)"
> > 
> > or
> > 
> > "XFCE-4.4"
> > 
> > and add that on the end of the about groupisntall command ... like this 
> > for KDE:
> > 
> > yum groupinstall "X Window System" "KDE (K Desktop Environment)"
> 
> That can be a bit hefty on resources, I know.  However, that is how 
> Gnome or KDE or XFCE were meant to be installed.
> 
> It is certainly possible to thin down the install by doing a:
> 
> yum groupinfo ""
> 
> On each group and then only pick packages that you know you need.  That 
> does require trial and error and a very detailed knowledge of your exact 
> requirements.  If you have that knowledge, then by all means pick 
> individual packages for each group ... personally, I just use the 
> groupinstall method :)

Yes, or do a:

yum groupinstall kde-desktop|gnome-desktop

And let yum install only those X libs/tools that are dependant to get
your desktop working.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Yum not updating kernel

[Ross S. W. Walker]

Bob Taylor wrote:
> 
> On Mon, 2008-02-25 at 00:19 -0800, Ray Van Dolson wrote:
> > > I would love this. However I don't know what my IP is nor 
> how to find
> > > out. It's been too long and too much has changed.
> > 
> > Seriously?
> > 
> > ifconfig will tell you your IP address.  Or just go to
> > www.whatsmyip.org or some similar site...
> 
> Wow! Thanks Ray
> 
> > Or, just reinstall :)
> 
> I *do* have a sense of humor. :-)

Bob,

Lets get this fixed so we can kill this thread.

Can you include the output of these commands:

# cat /etc/redhat-release

# yum list installed '*yum*'

# cat /etc/yum.conf

# cat /etc/yum.repos.d/CentOS-Base.repo


>From these we should be able to determine if your base installation
is correct.

If it isn't a config problem then we can look at permissions and
network next.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Yum not updating kernel

[Ross S. W. Walker]

Bob Taylor wrote:
> 
> On Mon, 2008-02-25 at 12:41 -0500, Ross S. W. Walker wrote:
> 
> [snip]
> 
> > Bob,
> > 
> > Lets get this fixed so we can kill this thread.
> 
> I agree totally! The problem is with rpm. It refuses to install a non
> i386 rpm. I have verified this by downloading the latest kernel rpm. I

If rpm is broken, why not try to upgrade rpm on top of itself?

rpm -Uvh --force rpm-4.4.2-47.el5.rpm

You will need to manually download the rpm package again.

> had to use --ignorearch flag to get rpm to install it. Now how do I get
> this flag to yum? I have exactarch=0 in /etc/yum.conf which I presumed
> was to fix this. It does not work. I have tried to pass this flag
> via /root/.rpmmacros with no help. So, why do only myself apparently
> have this problem? One other item. I made *no* changes to any yum files
> after installation except the addition of (maybe) rpmforge. One kernel
> was updated around this time. My guess is the problem started around the
> update to 5.1. Anybody have any input as to why at least one person does
> not have this problem? What could he have that is different from me
> regarding yum and rpm? Reading this I apologize for the ramble.


Bob,

I wouldn't muck with any more options, try to undo the changes you
have made.

I didn't see what the rpm error was you got when you tried to
install it, did you post it to the thread?

You said you re-installed yum, how did you remove yum?

If you did a rpm -e yum, then the yum plugins may have still been left
behind. Here is the list you provided earlier:

yum-3.0.5-1.el5.centos.5
yum-cron-0.6-1.el5.centos
yum-downloadonly-1.0.4-3.el5.centos.2
yumex-2.0.3-2.el5.centos
yum-fastestmirror-1.0.4-3.el5.centos.2
yum-metadata-parser-1.0-8.fc6
yum-priorities-1.0.4-3.el5.centos.2
yum-repolist-1.0.4-3.el5.centos.2
yum-skip-broken-1.0.4-3.el5.centos.2
yum-updatesd-3.0.5-1.el5.centos.5
yum-utils-1.0.4-3.el5.centos.2
yum-versionlock-1.0.4-3.el5.centos.2

Here are the yum and plugins I have installed:

yum-3.0.5-1.el5.centos.5
yum-changelog-1.0.4-3.el5.centos.2
yum-metadata-parser-1.0-8.fc6
yum-priorities-1.0.4-3.el5.centos.2
yum-updatesd-3.0.5-1.el5.centos.5

Besides 'yum-fastestmirror' I would make sure the
others are removed and their configs cleared out
from /etc/yum/pluginconf.d unless you know you have
a real need for any of them.

The yum plugin that catches my attention is 'yum-versionlock'


> Oct 10 09:14:15 Installed: kernel.i686 2.6.18-8.1.14.el5
> Last kernel update. A lot of activity Oct 12-15. Possible 5.1 update
> during this period.
> 
> > Can you include the output of these commands:
> > 
> > # cat /etc/redhat-release
> > 
> > # yum list installed '*yum*'
> > 
> > # cat /etc/yum.conf
> > 
> > # cat /etc/yum.repos.d/CentOS-Base.repo
> 
> I removed yum and reinstalled then yum update yum with no help. No sense
> to include these again here.
> 
> > >From these we should be able to determine if your base installation
> > is correct.
> 
> It is *not* a yum config problem.

Can you post the rpm error you got before?

> > If it isn't a config problem then we can look at permissions and
> > network next.
> 
> See above.


__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Yum not updating kernel

[Ross S. W. Walker]

John R Pierce wrote:
> Peter Kjellstrom wrote:
> > On Monday 25 February 2008, Ross S. W. Walker wrote:
> >   
> >> Lets get this fixed so we can kill this thread.
> >> 
> >
> > Good initiative, but since the layer beneath also fails 
> (rpm) maybe we should 
> > start there. rpm -qi kernel or maybe bad stuff in 
> /etc/sysconfig kernel.
> >
> > The interesting error from RPM suggests that it thinks the 
> machine is an i586 
> > (or atleast not i686).
> >   
> 
> 
> indeed, lets add
> 
> $ cat /proc/cpuinfo
> 
> to the possibly interesting info to post here... 

Sure, C5 kernels only come in the i686 or x86_64 variety.

Maybe the OP's rpm thinks it's on x86_64?

'package kernel-2.6.18-53.1.13.el5 is intended for a i686 architecture'

is the kind of error one would see when installing i386 on x86_64,
the kernel rpm file has a list of unsupported architectures and it
will spit out this error when installing i386 on x86_64.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] (no subject)

[Ross S. W. Walker]

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Yum not updating kernel

[Ross S. W. Walker]

Bob Taylor wrote:
> On Mon, 2008-02-25 at 12:10 -0800, Ray Van Dolson wrote:
> 
> [snip]
> 
> > Well, exactarch=0 might work around this from a yum 
> standpoint (as far
> > as downloading the updates), but if RPM is complaining this 
> is beyond
> > the control of yum.  As someone else mentioned, taking a 
> look at your
> > ~/.rpmmacros file would be interesting.
> 
> It was empty.
> 
> > Also, could you post the output of:
> > 
> >   rpm -q --queryformat 
> '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' kernel
> 
> kernel-2.6.18-8.el5.i686
> kernel-2.6.18-8.1.14.el5.i686
> kernel-2.6.18-53.1.13.el5.i686
> 
> The last kernel was installed manually using --ignorearch.

Bob,

What's the output of,

# rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' rpm

The contents of,

# cat /etc/rpm/platform

And the output of,

# rpm --eval '%_arch'

Also, did you re-install rpm by forcing an upgrade in place of rpm with,

# rpm -Uvh --force rpm-4.4.2-47.el5.i386.rpm

Just some more things to try,

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Yum not updating kernel

[Ross S. W. Walker]

Bob Taylor wrote:
> On Mon, 2008-02-25 at 21:22 +0100, Peter Kjellstrom wrote:
> > On Monday 25 February 2008, Ross S. W. Walker wrote:
> > > Lets get this fixed so we can kill this thread.
> > 
> > Good initiative, but since the layer beneath also fails 
> (rpm) maybe we should 
> > start there. rpm -qi kernel or maybe bad stuff in 
> /etc/sysconfig kernel.
> 
> Where I am confused is the original kernel and ONE update is in
> the /var/log/yum.log then nada.
> 
> I seem to recall a discussion many months ago regarding an i686 kernel
> being installed from an i386 directory. If you look at
> http://isodirect.centos.org/centos/5/updates you will not see an i686
> directory, just i386 and ia-64. All rpms in the i386 
> directory are i386
> except the kernels and very few others.
> 
> /etc/sysconfig/kernel:
> # UPDATEDEFAULT specifies if new-kernel-pkg should make
> # new kernels the default
> UPDATEDEFAULT=yes
> 
> # DEFAULTKERNEL specifies the default kernel package type
> DEFAULTKERNEL=kernel
> 
> > The interesting error from RPM suggests that it thinks the 
> machine is an i586 
> > (or atleast not i686).
> 
> uname -imp:
> 
> i686 i686 i386
> 
> Don't know why the kernel says it's an i386. Kernel bug? Gateway
> purchase?

i386 is the architecture, in there you have processor flavors
which can be i386 (generic), i486, i586 and i686 tuned. C5 only
carries the generic i386 (default compile options) and the i686
tuned binaries, i586 tuned binaries are no longer being supported
after C4.

Currently C5 only supports i386 and x86_64 architectures. They
are working on ia64 and ppc, maybe sparc too.

The uname output is valid for your install, the question now is
why rpm refuses to install valid architecture binaries on your
system.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Yum not updating kernel

[Ross S. W. Walker]

Bob Taylor wrote:
> On Mon, 2008-02-25 at 23:44 -0500, Ross S. W. Walker wrote:
> > Bob Taylor wrote:
> > > On Mon, 2008-02-25 at 12:10 -0800, Ray Van Dolson wrote:
> > > 
> > > [snip]
> > > 
> > > > Well, exactarch=0 might work around this from a yum 
> > > standpoint (as far
> > > > as downloading the updates), but if RPM is complaining this 
> > > is beyond
> > > > the control of yum.  As someone else mentioned, taking a 
> > > look at your
> > > > ~/.rpmmacros file would be interesting.
> > > 
> > > It was empty.
> > > 
> > > > Also, could you post the output of:
> > > > 
> > > >   rpm -q --queryformat 
> > > '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' kernel
> > > 
> > > kernel-2.6.18-8.el5.i686
> > > kernel-2.6.18-8.1.14.el5.i686
> > > kernel-2.6.18-53.1.13.el5.i686
> > > 
> > > The last kernel was installed manually using --ignorearch.
> > 
> > Bob,
> > 
> > What's the output of,
> > 
> > # rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' rpm
> 
> rpm-4.4.2-47.el5.i386

Good

> > The contents of,
> > 
> > # cat /etc/rpm/platform
> 
> i386-redhat-linux

Good

> > And the output of,
> > 
> > # rpm --eval '%_arch'
> 
> i386

Good

> > Also, did you re-install rpm by forcing an upgrade in place 
> of rpm with,
> 
> I ran yum remove yum. I did not remove rpm nor did an rpm --force.

Don't remove rpm, just run an 'rpm -Uvh --force rpm-4.4.2-47.el5.i386.rpm'
this should replace any configs/macros that might have been damaged.

Outside of that, I dunno, I would probably do an rpm audit for all
packages that have changed files and re-install those packages on top
of themselves, making sure to move all the '*.rpmnew' on top of the
existing files. Then verify your Internet connection works properly
with yum (are you behind a proxy server?), and see what that does.


-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Yum not updating kernel

[Ross S. W. Walker]

Garrick Staples wrote:
> On Tue, Feb 26, 2008 at 12:25:32AM -0500, Ross S. W. Walker alleged:
> > Bob Taylor wrote:
> > > On Mon, 2008-02-25 at 23:44 -0500, Ross S. W. Walker wrote:
> > > > The contents of,
> > > > 
> > > > # cat /etc/rpm/platform
> > > 
> > > i386-redhat-linux
> > 
> > Good
> 
> Isn't that the problem?  All of my machines say i686, athlon, 
> ia32e, x86_64,
> etc.  None of them say i386.

Ooops, I saw i686 when I looked the first time, yes, this should
be i686-redhat-linux. Good catch.

Bob, can you try manually changing this to say i686-redhat-linux,
I believe this is auto-generated at boot so it isn't a permanent
fix, but lets see if it updates after this by booting into the
older kernel (may need to manually change this file again),
removing the newer kernel and then try a 'yum update'.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] bash - safely pass untrusted strings?

[Ross S. W. Walker]

Benjamin Smith wrote:
> On Tuesday 26 February 2008, Bob Beers wrote:
> > short answer:  single quotes will handle all characters, 
> except single 
> quotes.
> > 
> > long answer:  man bash
> >  the section called QUOTING may help you figure a solution.
> 
> I've read the man page. It helps if I already know the input 
> - I don't have a 
> problem with manually putting slashes in front of spaces and 
> single quotes. 
> But in this case, I don't know the input. It's untrusted data. 
> 
> There is no mechanism for escaping untrusted input?

You could try uuencode/uudecode and handling the uuencoded
strings.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Yum not updating kernel

[Ross S. W. Walker]

Bob Taylor wrote:
> On Mon, 2008-02-25 at 22:46 -0800, John R Pierce wrote:
> > Bob Taylor wrote:
> > > On Tue, 2008-02-26 at 00:19 -0500, Ross S. W. Walker wrote:
> > >   
> > >> Bob Taylor wrote:
> > >> 
> > >
> > > [snip]
> > >
> > >   
> > >>> uname -imp:
> > >>>
> > >>> i686 i686 i386
> > >>>
> > >>> Don't know why the kernel says it's an i386. Kernel bug? Gateway
> > >>> purchase?
> > >>>   
> > >> i386 is the architecture, in there you have processor flavors
> > >> which can be i386 (generic), i486, i586 and i686 tuned. C5 only
> > >> carries the generic i386 (default compile options) and the i686
> > >> tuned binaries, i586 tuned binaries are no longer being supported
> > >> after C4.
> > >> 
> > >
> > > What does this say my cpu is:
> > >
> > > vendor_id   : GenuineIntel
> > > cpu family  : 6
> > > model   : 5
> > > model name  : Pentium II (Deschutes)
> > >
> > > [snip]
> > >
> > >   
> > >> The uname output is valid for your install, the question now is
> > >> why rpm refuses to install valid architecture binaries on your
> > >> system.
> > >> 
> > >
> > > So, my cpu is not an i686?
> > >   
> > 
> > a P-II should be.  i686 is everything from the Pentium Pro onwards, 
> > including P-II, P-III, P4, core, and the various clones.  it does NOT 
> > include the original Pentiums (p5 and p54) or 'pentium w/ MMX', those 
> > are i586.
> 
> What is model : 5 above compared to p5?

The model refers to "Pentium II", the family '6' refers to i686,
the stepping is the sub-version of "Pentium II" which for yours
has the nick name "Deschutes".

Here is the cpu info of a more recent quad core Intel.

processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 15
model name  : Intel(R) Xeon(R) CPU   X3220  @ 2.40GHz
stepping: 7

This model is 10 cpu designs ahead, but still part of the i686 family,
of course these 10 designs do not show the separate Pentium/Xeon/Pro
tree lineages. I think they gave up giving the steppings nick names
a long long time ago.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] SAMBA is driving me crazy

[Ross S. W. Walker]

 
Ya know you can set hotmail to send in plain text which helps a lot with these 
mailing lists.
 
-Ross
 




From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of 
scaglietti amore
Sent: Tuesday, February 26, 2008 3:04 PM
To: CentOS mailing list
Subject: RE: [CentOS] SAMBA is driving me crazy



shiii
 
did anyone notice any failure today to open the hotmail.com

befor 5 hours





> Date: Tue, 26 Feb 2008 11:51:50 -0800
> From: [EMAIL PROTECTED]
> To: centos@centos.org
> Subject: Re: [CentOS] SAMBA is driving me crazy
> 
> scaglietti amore wrote:
> > 
> > 
> > sorry man :(
> > 
> > but when i pasted those lines to the mail page they were organized
> > 
> > i dont know how they end up like that :)
> 
> blame it on hotmail.
> 
> your original message was in mime multipart, the HTML version had 
those 
> lines seperated by  (break) but the plaintext version generated 
by 
> hotmail gets munged to run-on lines.
> 
> friends don't let friends use MSN Hotmail.
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos





Express yourself instantly with MSN Messenger! < a 
href='http://clk.atdmt.com/AVE/go/onm00200471ave/direct/01/' target='_new'>MSN 
Messenger 


__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Yum not updating kernel

[Ross S. W. Walker]

Johnny Hughes wrote:
> Bob Taylor wrote:
> > On Tue, 2008-02-26 at 08:14 -0600, Johnny Hughes wrote:
> > 
> > [snip]
> > 
> >> what happens if you edit /etc/rpm/platform and change it too:
> >>
> >> i686-redhat-linux
> > 
> > Nothing.
> > 
> > I downloaded the current rpm file this morning and ran rpm -Uvh
> > --force /home/brtaylor/rpm-4.4.2-47.el5.i386.rpm.
> > 
> > Rpm seems to behave oddly. I had downloaded the current kernel rpm and
> > installed it with the command rpm -ivh --ignorearch [file] successfully.
> > I can not remove it with the command rpm -e kernel-2.6.18-53.1.13 but
> > can if I add .el5 to the end it does. Before I deleted it I ran the
> > command rpm -ql kernel and all three kernels rpm files were listed
> > including the kernel rpm which rpm -e said wasn't installed. This
> > doesn't make sense to me.
> > 
> > I have done the following:
> > 
> > rpm -Uvh --force /home/brtaylor/rpm-4.4.2-47.el5.i386.rpm
> > edit /etc/rpm/platform to i686-redhat-linux
> > rpm -e kernel-2.6.18-53.1.13.el5
> > yum clean all
> > yum upgrade kernel
> > returned Installed: kernel.i686 0:2.6.18-53.1.13.el5
> > Complete!
> > 
> > It looks like the problem may be in rpm after 4.4.2-37. Before I go to
> > the rpm people, I need to confer with Ray Van Dolson who says his is the
> > same as mine and he has no problem updating kernels. After Ray and I
> > resolve this issue, I will send a last email to the list hopefully
> > ending this subject with the resolution to this problem.
> > 
> 
> The problem was most likely the /etc/rpm/platform
> 
> if it is i386 and not i686 then is will not allow i686 RPMS 
> to be installed.
> 
> That file should only be updated IF anaconda does an install 
> or upgrade.

Good to note, I was under the impression that it might be set
in the initrd in case a different kernel image is installed.

> It should only be i386 of it is installed on a pentium 
> classic processor 
> (or equivalent).

Would anaconda even allow C5 to install on such a class cpu?

> That is the only cause of the "incompatible arch".
> 
> Nothing in centos except an install/upgrade via anaconda should ever 
> tough that file, so once you change it, it should remain changed.
> 
> Reboot a couple times and makes sure it (/etc/rpm/platform) 
> stays the same.
> 
> If it changes we need to figure out why.

I think there may be a case or two of bad packages updating that file
I believe these are some dumb Mozilla plugins though, googling got
me these:

http://dnmouse.webs.com/playdvdsmore.htm

and here:

http://www.fedorafaq.org/

The OP had a lot of kitchen sinks installed maybe a broken plugin
was the cause of all that grief. Probably right around the time
he installed that repo and things stopped working.

-Ross



__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] SAMBA is driving me crazy

[Ross S. W. Walker]

 
Actually I recant that, one use to be able to do so, but not any more. One use 
to be able to display full headers too, but that is now missing as well.
 
Oh well, Hotmail now officially sucks.
 
Can't say I'm surprised, everything eventually sucks given enough time, I guess 
Microsoft is just accelerant.
 
 
-Ross
 




From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of 
scaglietti amore
Sent: Tuesday, February 26, 2008 3:37 PM
To: CentOS mailing list
Subject: RE: [CentOS] SAMBA is driving me crazy


 
 
indeed it would
 
i will look about it 




 
>Ya know you can set hotmail to send in plain text which helps 
a lot with these mailing lists.
 
>-Ross
 




From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
Behalf Of scaglietti amore
Sent: Tuesday, February 26, 2008 3:04 PM
To: CentOS mailing list
Subject: RE: [CentOS] SAMBA is driving me crazy



shiii
 
did anyone notice any failure today to open the 
hotmail.com

befor 5 hours





> Date: Tue, 26 Feb 2008 11:51:50 -0800
> From: [EMAIL PROTECTED]
> To: centos@centos.org
> Subject: Re: [CentOS] SAMBA is driving me crazy
> 
> scaglietti amore wrote:
> > 
> > 
> > sorry man :(
> > 
> > but when i pasted those lines to the mail page they 
were organized
> > 
> > i dont know how they end up like that :)
> 
> blame it on hotmail.
> 
> your original message was in mime multipart, the HTML 
version had those 
> lines seperated by  (break) but the plaintext 
version generated by 
> hotmail gets munged to run-on lines.
> 
> friends don't let friends use MSN Hotmail.
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos





Express yourself instantly with MSN Messenger! < a 
href='http://clk.atdmt.com/AVE/go/onm00200471ave/direct/01/' target='_new'>MSN 
Messenger 




This e-mail, and any attachments thereto, is intended only for 
use by the addressee(s) named herein and may contain legally privileged and/or 
confidential information. If you are not the intended recipient of this e-mail, 
you are hereby notified that any dissemination, distribution or copying of this 
e-mail, and any attachments thereto, is strictly prohibited. If you have 
received this e-mail in error, please immediately notify the sender and 
permanently delete the original and any copy or printout thereof. 




Express yourself instantly with MSN Messenger! MSN Messenger 
  


__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos