Re: [gentoo-user] Sorta OT: cant connect ipad to a courier imap ssl server
On 12/9/2011 1:01 AM, W.Kenworthy wrote: I am having a problem connecting an ipad via ssl to a gentoo courier imap ssl server. Its working fine with gentoo/evolution but I get a segfault in the server when the ipad tries to connect: couriertls[12283]: segfault at ec9c78e ip 4c144feb sp bf95557c error 4 in libc-2.12.2.so[4bfff000+183000] Ive rebuilt most of the packages involved and getting nowhere. Can an ipad use a courier imap server over ssl? Theer are a lot of bugs over the years for both courier and apple IOS and the only solution Ive seen thats said to work is turn off ssl. The ipad does work fine without ssl! I am currently travelling and my laptop works fine over ssl and also via an openvpn connection which software is apparently not available for the ipad. Can anyone offer a solution - even some way to set a static route on the ipad to connect to the tunnel running on the laptop would work. I have used RIP from the router to tell the ipad the routes in the past - but I dont have access to the router here to set up RIP :( - and of course I can find any RIP implementation for the ipad to allow it to read the laptops RIP routing updates :( Snookered! We've had a number of issues with iPad/iPhone connecting to internal dev sites with self generated certs. Is your cert self generated? Also which mail program are you using? You might try K-9 and see it that works though I assume it'll depend on the same shared libs and will likely behave the same. kashani
Re: [gentoo-user] Advice on system monitoring
On 12/4/2011 10:29 PM, Michael Mol wrote: I haven't yet needed to do this kind of system monitoring, so I'm very much a newbie here. Let's start with that dual-xeon box I was using to benchmark emerge -e @world, figure I'm looking for how better to tune my MAKEOPTS and EMERGE_DEFAULT_OPTS variables, and assume I'd like to get more information about the following factors: * What was the 1m, 5m 15m load averages? * What were the similar averages for CPU spent in user time, system time and I/O wait? * What was network usage like? (I have a caching proxy server on the network, so even if distfiles are lost on-system, well, a cache hit transfers at up to around 50MB/s. It'd be better, except for read performance limitations on the router box, and write performance limitations on the local machine) * What was the temperature of each CPU core, RAM module and hard drive? (Not so relevant for improving system performance, but still of interest.) I'd like to have a web interface I could navigate to which would show graphs of these counters. Collectd might be interesting to you. It can collect all of these and write them out to rrd files. The frontend cgi script is a little lame, but you can try some of the other frontends. The emerge flags are ... extensive. http://collectd.org/ kashani
Re: Devs and rice flags (Was: Re: [gentoo-user] emerge -j, make -j and make -l )
On 11/28/2011 9:28 AM, James Wall wrote: I wonder if someone in this thread will help me understand the term 'ricer'. The only origin I know of this term, from the car world, is really pretty racist, so I wonder if there isn't a more genteel origin I simply cannot find using Google? - Mark Ricer is used to refer to someone who wants to have the system tweaked to the hardware it runs on that it is not like the generic binary distros like ubuntu that is compiled for the lowest common denominator like i386 or x86_64. hope this helps clarify the term, James Wall You're missing some history. First Mark is correct that the origin is from the derogatory term in the car world, ricer. While the term continues to be a derogatory term the racial part of it is generally ignored in the computer world because there isn't a made in the US vs Japan rivalry. Ricer continues to mean spending inordinate amount of time and money for performance modifications that generally do very little for performance and a lot to reduce reliability while poorly understanding the system as a whole. At least that's my interpretation of the definition. kashani
Re: [gentoo-user] Partitioning strategy...?
On 11/25/2011 5:53 AM, Pandu Poluan wrote: So. Care to share your partitioning strategy? I'm not a fan of building servers outta parts. If this is a proper server with a raid card, which is useful for high IO things like mail and db servers, then your favorite RAID level, /boot / swap and the rest in /var. If they are separate drives then put the OS/portage on one, Postgres on another, Postfix on one, and logging on the last for the best IO. I'd call them /mnt/postgres /mnt/postfix and /mnt/logging so the sysadmin that comes after you isn't completely confused as to what's going on. If IO isn't a huge priority I'd put the OS/Portage on one and then softraid the three drives into /data or some such and symlink Postgres, logging, and Postfix as appropriate. (And while we're at it, am I overdoing the partitioning?) Yes, though you'll do it anyway. It's cool, I was spending time on the same thing ten years ago. It's ultimately more annoying than useful and you'll simplify later. LVM is always good to know and very useful for snapshotting database backups. I find it less useful for changing partitions or adding drives. In regards to filling up partitions monitoring, cron, and logrotate are your friends. I email at 70% and page at 80%. kashani
Re: [gentoo-user] A helping hand with virtual machines, please.
On 11/22/2011 11:20 AM, Alan Mackenzie wrote: Hi, Gentoo. A friend of mine recently suggested I should install and play with virtual machines on my Gentoo. I've scanned /usr/portage for likely looking packages, particularly in directory virtual, yet found nothing likely looking. Would somebody please give me some hints which packages I should be looking at, and perhaps any use flags I might need. TVM +1 for VirtualBox and more importantly being able to use Vagrant with it. http://vagrantup.com/docs/getting-started/index.html kashani
Re: [gentoo-user] Mythtv problems
On 10/26/2011 11:31 AM, Michael Sullivan wrote: camille ~ # mysql -u root -p mysql: unknown variable 'expire_logs_days=10' I'll do some googling, but I think that sounds like a config file directive. I'll probably do a rebuild of mysql as well... You should figure out why that setting is unknown. I suspect you didn't put it in the right place in your config. Also your drive will fill up with Mysql bin logs after serveral months with Mythtv without it working. [mysqld] # this settings must come after [mysqld] to take affect expire_logs_days = 10 max_binlog_size = 100M kashani
Re: [gentoo-user] Re: How to record memory usage bandwidth usage?
On 10/25/2011 6:27 PM, Pandu Poluan wrote: (Sorry for the late reply; somehow this thread got lost in the mess) On Oct 12, 2011 2:03 AM, James wirel...@tampabay.rr.com mailto:wirel...@tampabay.rr.com wrote: Pandu Poluan pandu at poluan.info http://poluan.info writes: The head honcho of my company just asked me to plan for migration of X into the cloud (where X is the online trading server that our investors used). This is a single server or many at different locations. If a WAN monitoring is what you are after, along with individual server resources, you have many choices. It's a single server that's part of a three-server system. The server needs to communicate with its 2 cohorts continuously, so I have to provision enough backhaul bandwidth from the cloud to my data center. In addition to provisioning enough RAM and CPU, of course. Now, I need to monitor how much RAM is used throughout the day by X, also how much bandwidth gets eaten by X throughout the day. Most of the packages monitor ram as well as other resource utilization of the servers, firewall, routers and other SNMP devices in your network. some experimentation may be warranted to find what your team likes best. Currently I've settled on a simple solution: run dstat[1] with nohup 30 minutes before 1st trading session, stop it 30 minutes after 2nd trading session, and send the CSV record via email. Less intrusion into the system (which the Systems guys rightly have reservations of). You're not going to be happy with this design for a couple of reasons. 1. It's more expensive that your current setup. If the two servers at your datacenter are down I assume the server is the cloud is useless and vice versa. You already have to maintain infrastructure for those two servers so you're realizing no savings by eliminating on server from your infrastructure. Buying a $1500 rack server amortized over three years is a better deal than paying for equivalent power in the cloud. 2. Latency. You're increasing it. 3. Cloud performance varies. Networks split, machines run slow, it happens. You'll have more consistent performance on your own machines. It's getting better, but it's still something with which to be aware. Migrating to virtual servers makes some sense, but you need to look at it on a case by case basis. kashani
Re: [gentoo-user] Postfix to relay mail even if acting as primary MX host?
On 10/14/2011 10:00 PM, Pandu Poluan wrote: Also less overthinking and more testing solves most of this stuff quicker. I prefer to arm myself with enough knowledge before deploying -- even in a testing setup -- to reduce any 'WTF?!' moments :-) Research is good, but you'll learn way more from banging on it yourself for a bit. Also it's a chance to break it or see how it fails and what errors get kicked out. This way you're not at a loss when it does break or it can help make your config more robust. Lastly the further you get in your career the less help Google, mailing lists, etc become. At that point your own experience and 5-10 minutes of testing is going to produce better results. kashani
Re: [gentoo-user] Postfix to relay mail even if acting as primary MX host?
On 10/13/2011 3:11 AM, Pandu Poluan wrote: # NOTE: Postfix will not automatically forward mail for domains that # list this system as their primary or backup MX host. See the # permit_mx_backup restriction description in postconf(5). The point of this is to say, If some dude points DNS at your server and/or configures their mail server to send mail to yours, it's not going to relay mail for them. You have to actually configure the domains to be relayed. Since you're planning to configure the domain you should be fine. Also less overthinking and more testing solves most of this stuff quicker. kashani
Re: [gentoo-user] NAS for Windows - does any Wiki solution 'just work'?
On 10/4/2011 8:43 AM, Mark Knecht wrote: Yes. Samba is the basis of the link above, and I figure it's going to be the underlying technology that does the work. I was just wondering if there was a more user oriented, possibly GUI based app that did all the dirty work sort of like the CUPS web interface does with CUPS configuration. In Samba's case the config is pretty simple if you ignore printing which you should. Just add the IP range, setup a share, and add some accounts or leave it public. Probably take longer to setup a gui. kashani
Re: [gentoo-user] Filesystem with lowest CPU load, acceptable emerge performance, and stable?
On 9/8/2011 12:52 AM, Pandu Poluan wrote: So, a different scenario, then: Sometimes I need to log stuffs (via ULOG) or do a tcpdump. Will JFS give me additional benefit to ext4? Or should I just stick with ext4? Simplest performance gain for appends is to drop atime/dirtime from the file or filesystem. It's a fairly common practice on database servers though the gains are relatively minor. I'm not sure how much it would affect logging, but it would be fairly easy to test. kashani
Re: [gentoo-user] Filesystem with lowest CPU load, acceptable emerge performance, and stable?
On 9/7/2011 5:25 AM, Pandu Poluan wrote: On Wed, Sep 7, 2011 at 01:15, kashanikashani-l...@badapple.net wrote: On 9/6/2011 10:26 AM, Pandu Poluan wrote: So, can anyone recommend me a filesystem that fulfills my following needs: Scenario: vFirewall (virtual Firewall) that is going to be deployed at my IaaS Cloud Provider. Disk I/O Characteristic: Occasional writes during 'normal' usage, once-a-week eix-sync + emerge -avuD Priority: Stable (i.e., less chance of corruption), least CPU usage. My Google-Fu seems to indicate either XFS or JFS; what do you think? I think it's a useless local optimization for no real world gain which only increases the complexity of your systems. Use the same filesystem you use on all your other servers. Well, for all my other servers, I standardized on ext4. Since a vFirewall have to perform lots of packet-juggling, I'd rather dedicate the CPU time to the kernel rather than the HD I/O. Of course, a vFirewall needs to be updated every now and then, but everytime an update is called for, it should not overly tax the CPU and degrade the netfilter framework. Rgds, You are making my point for me, but not realizing the end result of the logic. There isn't any filesystem change that is going to affect CPU usage by more than a few percentage points in the use case you've described. Rsync, portage, and gcc use a massive amount of CPU compared to the amount the filesystem changes will use other than brief points during the rsync. Additionally most benchmarks are testing filesystem throughput and comparing it to CPU. Because disk IO isn't under pressure in your scenario you're unlikely to see the pathological use of CPU that can highlight the differences between filesystems. That said, you have a few reasonable choices. 1. Move to a binary distro 2. Use buildpkg on a clone of this server and only install packages on your Firewall. 3. NFS mount /usr/portage when you need it and dist build on another server 4. Don't upgrade 5. Get a firewall server with more CPU so that it doesn't matter 6. Script a new firewall server install every x months and swap it into place and drop the original server. 7. Some combination of the above. kashani
Re: [gentoo-user] Filesystem with lowest CPU load, acceptable emerge performance, and stable?
On 9/6/2011 10:26 AM, Pandu Poluan wrote: So, can anyone recommend me a filesystem that fulfills my following needs: Scenario: vFirewall (virtual Firewall) that is going to be deployed at my IaaS Cloud Provider. Disk I/O Characteristic: Occasional writes during 'normal' usage, once-a-week eix-sync + emerge -avuD Priority: Stable (i.e., less chance of corruption), least CPU usage. My Google-Fu seems to indicate either XFS or JFS; what do you think? I think it's a useless local optimization for no real world gain which only increases the complexity of your systems. Use the same filesystem you use on all your other servers. kashani
Re: [gentoo-user] systemd
On 8/23/2011 1:43 PM, Alan McKinnon wrote: I can't fix it without running afoul of the Change Management process, and today's emergency reboot didn't leave me any time to poke around and determine the effect of removing hal. This is how life in corporate IT works I hate Corp CM and it's one of the reasons I stay in startups. It's job is to slow normal change down so much so that every change becomes an emergency. However next time I have to deal with one I am shoving mathematical proof of there is no rollback in systems down there throats. http://www.iu.hio.no/~mark/papers/totalfield.pdf For those that aren't ginormous systems nerds this bit sums it up nicely. There is a deeper issue with roll-back in partial systems. If a system is in contact with another system, e.g. receiving data, or if we have partitioned a system into loosely coupled pieces only one of which is being changed, then the other system becomes a part of the total system and we must write a hypothetical journal for the entire system in order to achieve a consistent rollback. kashani
Re: [gentoo-user] Running HTTP and DNS on same machine
On 8/17/2011 2:08 PM, Alan McKinnon wrote: On Wed 17 August 2011 13:56:10 Grant did opine thusly: I currently use a free service to host the DNS records for my website, but I'm thinking of running a DNS server on the same machine that runs my website instead. Would that be fairly trivial to set up and maintain? If so, which package should I use? The first question is Why? There's no real benefit, it's a huge amount of work for little gain, you carry the cost of increased traffic yourself, and if that host goes blip, you not only lose access to the web server but to the entire zone as well. Technically there's no good reason why you can't co-host web and dns. However, depending on your upper level domain and registrar, TWO dns servers may be a requirement (this is the norm) and you propose only one. Where's the second one going to be? Only one is a very bad idea indeed. Your last two questions reveal that this is not something you are familiar with already, so I highly recommend you investigate everything thoroughly and fully understand just what you are letting yourself in for before deciding. If you simply don't like your current DNS provider, then finding a different one you do like is quite simple. Exactly what Alan said. It's not worth it and no registar will let you do it on one IP. kashani
Re: [gentoo-user] Running HTTP and DNS on same machine
On 8/17/2011 2:43 PM, Alan McKinnon wrote: I'm just itching to type up the long list of horror stories I've stored from people doing their own DNS thinking it was real easy. But there's this little thing called an NDA and it says I can't :-( heh, I think I can dredge one up for you that no one will care about these days. This was at a large ISP in '99 known for their free Internet. Bind 8 was fresh on the scene and somehow Network Engineering was in charge of DNS rather than Systems. My intern and I came up with a plan to have ns00.int as the internal master and make the rest of name servers slave off of it. All ns00 did was supply the production name servers with zones. ns00 -- ns01(vip) -- ns01-[01-03] \-- ns02(vip) -- ns02-[01-03] \- ns03(vip) -- ns03-[01-03] Three virtual IPs and three name servers behind each vip. This way we could have tools deal with updating zones on ns00 on the internal network and not have to push to a number of name servers. This worked well for a few months and we generally forgot about it. Almost a month after a reorganization in the local datacenter DNS went down. Well not down down, but our zones weren't working. After a hectic hour of freaking out, troubleshooting random things, and bouncing from machine to machine by IP address because none of DNS worked we realized our mistake. The TTL of the zone itself was set to three weeks. In the move Bind had silently died on ns00 which we didn't monitor because it was inside the corp network. The slaves dutifully stayed up and working till they hit the TTL of the zones and demanded to speak to the master again. Restarting Bind on the prod servers did nothing other than remove the already expired cache. Once restarted Bind on ns00 (and made it part of the runlevel) the prod server checked in and all was well. The lessons: Monitor *all* of your DNS infrastructure DNS can break even with a large distributed system and it is never pretty. kashani
Re: [gentoo-user] Running HTTP and DNS on same machine
On 8/17/2011 5:18 PM, Adam Carter wrote: Just to counter all of the scary stories, Yeah, i'd like to counter too. While the implications of getting it wrong are serious, technically its quite simple. I run my own DNS, and use a couple of free secondaries (http://www.twisted4life.com and http://www.everydns.net). The upsides of running your own DNS is that you learn the ins and outs. So, if the DNS is for business that will loose money if you stuff it up, then i'll tend to agree with the naysayers, but if its a home domain then go ahead. And if you don't have a home domain, get one as a learning exercise and once you're mastered that you can re-consider if you want to move the business domain. Alan and I would have had a vastly different take on this if it had been phrased as I want to setup DNS at home for learning and convenience. Instead the email in my mind read as, I'd like to introduce a single point of failure into my system and I'd like to do it with something I don't fully understand to boot. Yes, I have a rich and cynical inner monologue. This is well known. That said if you want to setup Bind (which I prefer) the Gentoo wiki has a decent how-to. I wrote the original incarnation 7-8 years ago and people have kept it updated. It looks mostly correct though I can see a few places where it needs some clean up. Even with the cruft it is light years ahead of the official Gentoo Bind doc and includes a number of config entries to make troubleshooting and running ISP type name servers easier and safer. http://en.gentoo-wiki.com/wiki/BIND kashani
Re: [gentoo-user] GRUB v2
On 8/15/2011 11:57 PM, Joost Roeleveld wrote: On Monday, August 15, 2011 09:23:44 PM Peter Humphrey wrote: On Monday 15 August 2011 19:38:49 Dale wrote: J. Roeleveld wrote: You're welcome, my Gentoo-user archive goes back to 2004 :) Mine goes back a year. Gentoo moves so fast, I figure a year should be more than plenty. Maybe I need to rethink that a little. I could be wrong. :/ I've just raised the expiry period on my GentooUser folder to 365 days so as not to be caught out this way again. Where do you set that? -- Joost Thunderbird will let you set a number of days to keep per folder. I deal with all my lists that way. 180 days for gentoo and down to 30 days for Mythtv. All the archives are searchable so no point in duplicating the data locally. kashani
Re: [gentoo-user] make oldconfig necessary?
On 7/31/2011 7:06 PM, Pandu Poluan wrote: Let's say I have a .config from an older kernel version (for example, 2.6.38), and now I want to install a newer kernel (let's say, 3.0). Is it necessary to first do `make oldconfig`, or is it safe to go directly to `make menuconfig`? Necessary to run make old config? No. Easier and simpler most of the time? Yes. I like to make a fresh kernel from scratch every year or so without any previous settings to keep the cruft out. I last did it for my vbox image figuring I was going to need to very little hardware support so starting fresh made sense. kashani
Re: [gentoo-user] Re: Oracle 11g installer crash
On 8/1/2011 9:48 AM, Pau Peris wrote: Hi, i've followed that guide http://vh4x0r.wordpress.com/2010/08/17/installing-oracle-11g-on-linux-amd64/ in order to install oracle 11g but i get the following error when running: ./runInstaller: line 254: /apphome/oracle/database/install/.oui: cannot execute binary file These are the downloaded files: Linux.zseries64_11gR2_database_1of2.zip linux.zseries64_11gR2_database_2of2.zip I'm fairly certain that zseries packages are for the Power architecture which is not amd64, but s390 or s390x. http://en.wikipedia.org/wiki/Linux_on_zSeries kashani
Re: [gentoo-user] mysqld invoked oom-killer
On 7/20/2011 6:29 PM, Michael Mol wrote: Also, run a caching proxy if at all possible. That made the single biggest difference for my server. Other useful things: * Set the MaxRequestsPerChild to something like 450. That's pretty low. You'd barely get your application parsed, cached, and load some data before you'd have to recycle the child process. Most people set it around 1. Large enough to be useful, but still deal with any minor memory leaks. kashani
Re: [gentoo-user] mysqld invoked oom-killer
On 7/21/2011 9:53 AM, Grant wrote: Next I'd look at tuning your Mysql config. If you've never touched my.cnf, by default it's set to use 64MB IIRC. You may need to raise this to get better performance. key_buffer and innodb_buffer_pool_size are the only two I'd modify without knowing more. I use the default MyISAM tables and it looks like there are three key_buffer definitions in my.cnf. One under [mysqld] is 16M, one under [isamchk] is 20M, and one under [myisamchk] is 20M. All defaults. Should I increase them all to 64M? You can, but [mysqld] is the only one that matters for normal production. Depends on the size of your data and tables, but 64M is fine to start. If you've got a few GB in your databases I'd go with 256-512M or as high as you think you can get away with. Any reason you're still using MyISAM tables? Innodb is almost as fast or much much faster than MyISAM in nearly every way these days. kashani
Re: [gentoo-user] mysqld invoked oom-killer
On 7/21/2011 10:22 AM, Grant wrote: I ran into an out of memory problem. The first mention of it in the kernel log is mysqld invoked oom-killer. I haven't run into this before. I do have a swap partition but I don't activate it based on something I read previously that I later found out was wrong so I suppose I should activate it. Is fstab the way to do that? I have a commented line in there for swap. ... If you're running any other servers that utilize MySQL like Apache or something, check its access logs to see if you had an abnormal number of connections. Bruteforce hacking or some kind of flooding/DOS attack might cause it to use more memory than it ordinarily would. I don't know why I didn't check the apache2 error log before, but I got the following entry 2 seconds before the server became unresponsive: [error] server reached MaxClients setting, consider raising the MaxClients setting I use the default 256 for MaxClients. This confirms the server was brought down by too many child processes consuming too much memory. Looking back at the access_log, it's clear this condition was caused by the single IP which requested one of my pages about 300 times over the course of 1 minute. This caused my entire server to lock up for hours until I rebooted it. I hesitate to reduce MaxClients from 256. I think my server should be able to handle it since it's the default. So I need to prevent my apache2 child processes from consuming so much memory? apache2 was restarted about an hour before the lockup so it had a pretty fresh start. I do use mod_perl which is a memory hog from what I understand. Do I just need more RAM? Most people do not think about this correctly. Can your server run 1 Apache processes? No, not enough resources. 1000? No, same problem. 256? I'd say no based on this thread. If you're not going to set it at 1 why try to keep it at 256? Next image a grocery store with 256 checkout lanes, but only four cashiers. Four cashiers trying to run that many lanes is actually slower than having only four lanes. However 32 lanes could faster than 4. People can have their groceries setup, baggers aren't getting in the way, etc. The analogy breaks down a bit, but you get the point. There is no performance gain in configuring for concurrency your hardware and software can not support. kashani
Re: [gentoo-user] mysqld invoked oom-killer
On 7/21/2011 11:55 AM, Michael Mol wrote: On Thu, Jul 21, 2011 at 11:56 AM, kashanikashani-l...@badapple.net wrote: On 7/20/2011 6:29 PM, Michael Mol wrote: Also, run a caching proxy if at all possible. That made the single biggest difference for my server. Other useful things: * Set the MaxRequestsPerChild to something like 450. That's pretty low. You'd barely get your application parsed, cached, and load some data before you'd have to recycle the child process. Most people set it around 1. Large enough to be useful, but still deal with any minor memory leaks. Depends on your application. I had to set it low because the application wouldn't fit in a 540MB VPS, otherwise. I've since bumped up to a 2GB VPS, so I can probably afford Really, a caching proxy is the first, best thing, if it's not already in use. Let the thread carry on... Hey if it worked, but I think the thrash would be expensive in a normal system where you've got a sensible amount of RAM. I do like the reverse proxy idea. Turn Apache into an application server on localhost and let the reverse proxy deal with the Internet. If you picked the right proxy multiple requests could be collapsed, static files could be served directly, etc. kashani
Re: [gentoo-user] mysqld invoked oom-killer
On 7/21/2011 2:50 PM, Grant wrote: Any reason you're still using MyISAM tables? Innodb is almost as fast or much much faster than MyISAM in nearly every way these days. Can multiple processes be utilized for mysql like they are for apache2? Perhaps not since it's a database? Mysql is multithreaded and spawns a thread for each connection. Try a ps -efL and you should see a number of Mysql threads. However that is part of the problem with MyISAM. It throws a giant table lock blocking all other threads until the SQL statement is complete. Innodb uses row locks which allows the other threads to use the table. As far as moving to Innodb tables it's actually easy, but with a number of caveats. I'd lower your Apache max clients, tweak my.cnf, and runs some load tests before getting deep into Mysql. When you're ready I'd go about this way. 1. Make backups first. 2. See if you have any full text fields. Tables with full text fields will have to remain MyISAM. 3. Dump your database out to text. If it's not a huge amount of data I'd just vi it and change the ENGINE to Innodb. Then import the whole thing as a new database. If you have a lot of data, I'd dump the schema with -d edit, import schema, then dump your data with no create statements and finally import the data into the new database. 4. Point your staging code to the new database and test 5. Plan a maintenance window to do all the above and take the site offline while you reimport the data to be Innodb 6. take the RAM you gave to key_buffer and give it to innodb. Storage engines do not share buffers in Mysql. You can alter tables in place, but it locks them for the duration. If you site is small and low traffic you could get away with it, but testing with a copy of your site database is better. kashani
Re: [gentoo-user] mysqld invoked oom-killer
On 7/21/2011 4:53 PM, Grant wrote: So swap isn't treated exactly like RAM. It actually has special handling in Linux which makes it beneficial to have on almost any Linux system? According to Alan, things get very bad when a Linux system hits swap. How can behavior like this be beneficial: When a linux machine hits swap, it does so very aggressively, there is nothing nice about it at all. The entire machine slows to a painstaking crawl for easily a minute at a time while the kernel writes pages out to disk, and disk is thousands of times slower than RAM. It gets so bad that you can't even run a shell properly to try and see what's going on and kill the actual memory hog. Also, aren't you likely to wear out your hard disk sooner using swap? 1. swap is good. Unless you have a good reason, leave it there. You do not have a good reason to remove it and neither does anyone else. 2. Don't use the swap that you have. It's slow. It is not a replacement for RAM. 3. If you use a little bit of swap, 100-200MB, that's fine. It's also a sign you need more RAM. 4. If you're using all your RAM and a couple of GB of swap, you're screwed. Avoid this. 5. Swap that you never write to or read from never needs to hit the drives. If you're worried about drive wear, turn off logging. kashani
Re: [gentoo-user] mysqld invoked oom-killer
On 7/21/2011 5:14 PM, Grant wrote: Any reason you're still using MyISAM tables? Innodb is almost as fast or much much faster than MyISAM in nearly every way these days. Can multiple processes be utilized for mysql like they are for apache2? Perhaps not since it's a database? Mysql is multithreaded and spawns a thread for each connection. Try a ps -efL and you should see a number of Mysql threads. However that is part of the problem with MyISAM. It throws a giant table lock blocking all other threads until the SQL statement is complete. Innodb uses row locks which allows the other threads to use the table. As far as moving to Innodb tables it's actually easy, but with a number of caveats. I'd lower your Apache max clients, tweak my.cnf, and runs some load tests before getting deep into Mysql. When you're ready I'd go about this way. apache MaxClients has been lowered to 50 which is a shame because I have 30+ separate images on each of my pages and that number can not be reduced. This means I may not be able to serve more than 1 full page at a time. This is wrong. 1. Make backups first. 2. See if you have any full text fields. Tables with full text fields will have to remain MyISAM. Many of my tables have one or more fields defined as TEXT out of laziness. Should I instead come up with an appropriate char(N) declaration for each? Can N go as high as necessary? TEXT fields don't matter, FULL TEXT indexes do. Sorry my mistake. OK, just leave key_buffer at the default 16M? No. Make key_buffer 256M and then restart Mysql or update it from the commandline. You're starving Mysql for resources. Fix this first. Then you can mess around with tables and engines. kashani
Re: [gentoo-user] new notebook
On 7/19/2011 1:47 PM, Alan McKinnon wrote: The price difference is substantial. Considering that my usage is nothing more stressful than KDE eye-candy and mplayer, is the IPS screen worth the extra price? OTOH the machine has VGA, HDMI and DisplayPort as well as internal screen and I believe the ATI can drive all 4 at the same time whereas the nVidia is pick any two. Up to 4 screens might be more useful than outright performance. I have the slightly older Dell E6410 with the NVS 3100M. It won't drive move than two displays though it does do two 1920x1200's quite nicely. I've found the display port less useful than I'd hoped mostly because I haven't bought a display port to HDMI cable. I don't think I've come across a display with a display port yet. Oddly VGA is the only common interface on all my display devices. As far as power I get 2.5 hours before needing to plug in. I'd expect to see about the same on the M4600. You might head over to your local big box electronic store. Dell seems to be well represented at most and hopefully they'd have a model with the IPS. I skipped the upgrade at the time and haven't felt the lack though if you like to work outside and it's bright enough it might be worth it. kashani
Re: [gentoo-user] mysqld invoked oom-killer
On 7/20/2011 4:08 PM, Grant wrote: I ran into an out of memory problem. The first mention of it in the kernel log is mysqld invoked oom-killer. I haven't run into this before. I do have a swap partition but I don't activate it based on something I read previously that I later found out was wrong so I suppose I should activate it. Is fstab the way to do that? I have a commented line in there for swap. Yes, just uncomment it and should be automatic. (you can use swapon to enable it without rebooting) Got it. Can anyone tell how much swap this is: /dev/sda2 80325 1140614 530145 82 Linux swap / Solaris If it's something like 512MB, that may not have prevented me from running out of memory since I have 4GB RAM. Is there any way to find out if there was a memory leak or other problem that should be investigated? That's 512MB. You can also create a swap file to supplement the swap partition if you don't want to or aren't able to repartition. So I'm sure I have the concept right, is adding a 1GB swap partition functionally identical to adding 1GB RAM with regard to the potential for out-of-memory conditions? I'd check the MySQL logs to see if it shows anything. Maybe check the settings with regard to memory upper limits (Google it, there's a lot of info about MySQL RAM management). Nothing in the log and from what I read online, an error should be logged if I reach mysql's memory limit. If you're running any other servers that utilize MySQL like Apache or something, check its access logs to see if you had an abnormal number of connections. Bruteforce hacking or some kind of flooding/DOS attack might cause it to use more memory than it ordinarily would. It runs apache and I found some info there. A Basic what's using up my memory? technique is to log the output of top by using the -b command. Something like top -b toplog.txt. Then you can go back to the time when the OOM occurred and see what was using a lot of RAM at that time. The kernel actually logged some top-like output and it looks like I had a large number of apache2 processes running, likely 256 processes which is the default MaxClients. The specified total_vm for each process was about 67000 which means 256 x 67MB = 17GB??? I looked over my apache2 log and I was hit severely by a single IP right as the server went down. However, that IP looks to be a residential customer in the US and they engaged in normal browsing behavior both before and after the disruption. I think that IP may have done the refresh-100-times thing out of frustration as the server started to go down. Does it sound like apache2 was using up all the memory? If so, should I look further for a catalyst or did this likely happen slowly? What can I do to prevent it from happening again? Should I switch apache2 from prefork to threads? Switching from prefork to threads and vice versa can be very difficult depending on which modules and libraries your site uses. It is not on the list of things you should try first. Or second. Maybe 37th. I wouldn't expect adding swap to do much in this case. Your site gets hit hard, Mysql is a bit slow, Apache processes start stacking up, the system starts swapping, disk is really slow compared to RAM, and everything grinds to a complete halt possibly locking the machine up. The easiest thing to try is to turn off keepalives so child processes aren't hanging around keeping connections up. Also lower the number of Apache children to 8 * number of processors or a minimum of 32. Test a bit. Turning off keep alive can cause problems for Flash based uploaders to your site and code that expect the connection to stay up. For most sites this shouldn't matter. Next I'd look at tuning your Mysql config. If you've never touched my.cnf, by default it's set to use 64MB IIRC. You may need to raise this to get better performance. key_buffer and innodb_buffer_pool_size are the only two I'd modify without knowing more. kashani
Re: [gentoo-user] Decrapifying my system
On 7/17/2011 2:19 PM, Michael Sullivan wrote: I'm running into space issues (my / partition is at 99% of capacity) and I'd like some advice on what I can remove and how. Assuming your / partition isn't tiny I've never seen removing packages or changing use flags make enough of a difference though there are a couple of exceptions. Chances are you've got old data rather than binaries somewhere that's causing the space problem. /usr/src/linux-* Each new revisions of the kernel that you install drops a /usr/src/linux-$version directory. These are pretty good size and you should remove the packages of any kernels you not using. You may also need to manually remove the dirs as well after the packages have been removed. /var/lib/mysql It's usually not the databases that use space on a home system, but the binary logs. Add these two lines under the mysqld portion of your /etc/mysql/my.cnf and restart Mysql. You may need to purge bin logs as well though Mysql should clean things up when you restart it. [mysqld] expire_logs_days = 10 max_binlog_size = 100M /root/ /tmp/ / Lot's of people have the bad habit of leaving dumps, tars or other files in these dirs. Check them out. Lastly a df -h and a sudo du -m --max-depth=1 / would go a long way towards pointing to where the problems are. kashani
Re: [gentoo-user] Decrapifying my system
On 7/17/2011 4:18 PM, Michael Sullivan wrote: Does this make sense: camille mysql # du -h 572K./mysql 8.0K./test 239M./mythconverg 128K./vpopmail 152K./myFantasy 120K./pmadb 332K./wikidb 36K ./mysql_cpp_data 592K./forum 124K./movies 84K ./myusers 4.4M./mythconverg.bak 21G . I'm pretty sure those number don't add up to 21G. So why is it saying they do??? Because /var/lib/mysql contains 1GB bin log files which aren't in /var/lib/mysql/mysql/ or any of the other dirs inside /var/lib/mysql/. Add these two lines under the mysqld part of your my.cnf and restart Mysql. That should take care of the problem and keep bin logs from using all your space again. [mysqld] expire_logs_days = 10 max_binlog_size = 100M kashani
Re: [gentoo-user] Managing multiple Gentoo systems
On 7/2/2011 3:14 PM, Grant wrote: After a frustrating experience with a Linksys WRT54GL, I've decided to stick with Gentoo routers. This increases the number of Gentoo systems I'm responsible for and they're nearing double-digits. What can be done to make the management of multiple Gentoo systems easier? I think identical hardware in each system would help a lot but I'm not sure that's practical. I need to put together a bunch of new workstations and I'm thinking some sort of server/client arrangement with the only Gentoo install being on the server could be appropriate. - Grant You may want to look at something like a config management system. I'm using Puppet these days, but Gentoo support isn't spectacular. It would be a bit complex to have Puppet install the packages with the correct USE flags. However you could use Puppet to manage all the text files and then manage the packages somewhat manually. Here's a snippet of a template for nrpe.cfg % if processorcount.to_i = 12 then -% command[check_load]=%= scope.lookupvar('nrpe::params::pluginsdir') %/check_load -w 35,25,25 -c 35,25,25 % elsif fqdn =~ /(.*)stage|demo(.*)/ then -% command[check_load]=%= scope.lookupvar('nrpe::params::pluginsdir') %/check_load -w 10,10,10 -c 10,10,10 % else -% command[check_load]=%= scope.lookupvar('nrpe::params::pluginsdir') %/check_load -w 10,7,5 -c 10,7,5 % end -% If you were managing a make.conf you could set -j%= processorcount*2 % or whatever as well as pass in your own settings etc. Once you have things working it's pretty good at keeping your servers in sync and doing minor customization per server based on OS, hardware, IP, hostname, etc. kashani
Re: [gentoo-user] Managing multiple Gentoo systems
On 7/7/2011 1:37 PM, Alan McKinnon wrote: On Thursday 07 July 2011 11:23:15 kashani did opine thusly: On 7/2/2011 3:14 PM, Grant wrote: After a frustrating experience with a Linksys WRT54GL, I've decided to stick with Gentoo routers. This increases the number of Gentoo systems I'm responsible for and they're nearing double-digits. What can be done to make the management of multiple Gentoo systems easier? I think identical hardware in each system would help a lot but I'm not sure that's practical. I need to put together a bunch of new workstations and I'm thinking some sort of server/client arrangement with the only Gentoo install being on the server could be appropriate. - Grant You may want to look at something like a config management system. I'm using Puppet these days, but Gentoo support isn't spectacular. It would be a bit complex to have Puppet install the packages with the correct USE flags. However you could use Puppet to manage all the text files and then manage the packages somewhat manually. Give chef a try. It overcomes a lot of the issue puppet ran into, and of course makes new ones all of it's won, but by and large chef is more flexible. Too late. I've already put a year in with Puppet and have too much working code to switch. Also I'm not much of a programmer so I get a bit more out of the DSL though my templates are getting fairly fancy these days. For anyone else interested in what we're talking about, here's a fairly balanced and up to date link talking about some of the differences. http://redbluemagenta.com/2011/05/21/puppet-vs-chef/ kashani
Re: [gentoo-user] portage for chef-0.10.0
On 6/28/2011 5:00 AM, Alexey Melezhik wrote: Current chef-client portage is only for version 0.9.12 (according to http://packages.gentoo.org/package/app-admin/chef), while version 0.10.0 of chef was released at May, 02. When portage for chef-client, version 0.10.0 will be ready? Thank you. As the others have pointed out it's coming, but in the short term you can always gem install directly and continue to use the init scripts that shipped with the portage package. I do the same on Ubuntu w/ Puppet. kashani
[gentoo-user] Don't start a new thread by changing the subject
I've noticed this a couple of times this week. A few of you have responded to the annoying Fortran thread, changed the subject, started a new message, and sent the email starting a new thread. Because you responded to an existing thread you are not creating a new thread and thus and reducing the size of the audience that reads your email. Specially I'd have responded to open source monitoring on gentoo, but since I deleted the Fortran thread in its boring entirety I didn't even see it until I saw a response further down the chain today. Whoever started Fbsplash did the same thing. kashani
Re: [gentoo-user] Don't start a new thread by changing the subject
On 6/24/2011 5:09 PM, David W Noon wrote: On Fri, 24 Jun 2011 16:12:26 -0700, kashani wrote about [gentoo-user] Don't start a new thread by changing the subject: I've noticed this a couple of times this week. A few of you have responded to the annoying Fortran thread, changed the subject, started a new message, and sent the email starting a new thread. You're a week or two behind the times. The root cause of this was done to death some time ago. It is the bofh.it NNTP server that propagates this mailing list through Usenet. There is nothing we can do except avoid using servers downstream from that rogue server. My understanding is that the NNTP server was munging headers thereby creating new threads where it should have been a single thread. This is users responding to an existing email, removing all content, changing the subject, and then sending the mail which keeps the thread headers and make it appear to be part of the current thread. I see it all the time on the motorcycle lists where the average user is much less computer proficient. kashani
Re: [gentoo-user] [OT virtual stuff] gentoo vm appliance
On 6/22/2011 2:52 PM, Harry Putnam wrote: If that isn't available maybe someone has a fairly current kernel config that is known to boot on a windows host with guest gentoo. http://badapple.net/files/gentoo-vbox.config Windows 7, vbox 4.0.8, gentoo-sources-2.6.36-r5, no video drivers kashani
Re: [gentoo-user] Reinstalling older Packages
On 6/20/2011 3:33 AM, Albert Hopkins wrote: On Monday, June 20 at 10:03 (+0100), Neil Bothwick said: There is no such option, but you can get expired ebuilds from http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/cat-egory/package Sigh. 2011 and *still* using CVS?! Infrastructure has a project to move to Git, but I've not tracked progress. I will say that moving a whole project with hundreds of developers, build scripts, push scripts, pull scripts, web site links, a decade of commits, etc is not simple. This is one of the better articles on the real world issues of changing your VCS. http://lwn.net/Articles/409635/ kashani
Re: [gentoo-user] Re: Threads changing Was: OT: website design
On 6/6/2011 5:36 AM, Indi wrote: On Mon, Jun 06, 2011 at 08:13:31AM -0400, Tanstaafl wrote: As to your last - yes, I'm on Windows (as I stated before) - but nothing says this hack only works on Windows... It doesn't work in linux. It was the first thing I tried. ***[Snip all the rest of the advice that doesn't work in linux]*** You know friend, you *really* shouldn't assume linux users will get the same results you're getting on windows. It's a little frustrating, especially when you tell people *they're* having PEBKAC errors and being a bit smug and it turns out *you're* reporting your experiences with a whole other OS. It's bad form, and some people will get angry with you over that sort of thing. Not me though, I should have stuck to the old rule that headers help determine credibility. Had I paid attention to that, I'd have looked into it better before wastig so much time. :) I'd like to point out that the PEBCAK was on your end. Again. And next time rather than telling people how much they are or aren't assuming about your system try following the instruction exactly rather than spouting about differences in Windows, Linux, x86, x86_64, Thunderbird, mutt, the electrons on your computer, etc etc. Sheesh. kashani
Re: [gentoo-user] Thanks for all the fish!
On 6/6/2011 11:32 AM, Alan Mackenzie wrote: Hi, Gentoo. Just to say I'll be withdrawing from this list in a few days, unsubscribing actually, mainly so that I can go back to being an Emacs developer; the number of emails on both lists combined is just more than I can handle comfortably. I've counted 28 questions I've asked since late 2009, and every single one of them bar two got good answers too. One of those two I answered myself just after posting the email ;-), and the other is currently a bug report. I'd like to say THANK YOU to everybody who helped me get a well running Gentoo system and patiently taught me about it, but in particular to Alan McKinnon because he's got such a splendid name. Good luck with all your future endeavors. Your participation will be missed, but that does not diminish the years you've put into Gentoo. FWIW, I delete 95% of the threads on gentoo-user because of time or inapplicability to my systems or interests. I've also dropped my mail list subscriptions way way down over the years. It's something that everyone ends up doing as their priorities change or as interests focus. kashani
Re: [gentoo-user] Re: thunderbird fixed folders? [SOLVED]
On 6/6/2011 4:31 PM, Alan McKinnon wrote: Apparently, though unproven, at 01:01 on Tuesday 07 June 2011, James did opine thusly: Ju want closet commando action? Check out some of my old college buddies from Alaska: http://www.youtube.com/watch?v=Tza2L6kfl8Efeature=youtu.be PEACE (through superior firepower) is the Alaskan motto WTF is that thing the ladies are firing at 1:25 and 4:25? I'll hazard a guess at the calibre - 18mm? And I thought the RPG7s we played with back in the day were impressive .50 cal or 12.9mm. It's single shot bolt action so it's likely some variation of the Barret M82 rifle though there are other systems. $6-8 a round to shoot or maybe as low as $3 if you're using reloads. kashani
Re: [gentoo-user] Threads changing Was: OT: website design
On 6/4/2011 11:43 AM, Indi wrote: On Sat, Jun 04, 2011 at 08:11:09PM +0200, Alan McKinnon wrote: Apparently, though unproven, at 17:20 on Saturday 04 June 2011, Indi did opine thusly: On Sat, Jun 04, 2011 at 09:54:11AM -0500, Dale wrote: I suspected it was whatever device was being used. Sort of like top posting. Some people have to top post because the device they are using won't let them reply any other way. I just wonder if there is some setting that could be changed somewhere to make it work correctly with usenet, or whatever you were using. As soon as Alan said it was me, I thought of the difference between usenet and email headers and that mail2news gateway. It actually shouldn't be hard to workaround, but having already worked around a couple of other issues with it I'm ready to just use the email like normal folks and be done fooling with it. :) FWIW, If I set kmail to display just routine ordinary threaded mail there's a lot less thread breakage. It's not all gone, but it is considerably less. Setting kmail to display threads based on activity - whatever the blazes that is - breaks things wholesale. I haven't managed to narrow it down at all so I have no idea what the algorithm is. Looks like there's more to this than just usernet-mail gateway brokenness I'd switch if *mutt* was breaking threading for other people, but I'm pretty sure it isn't. Now kmail and the other pointy-clicky-html-loving apps, *those* I don't trust... Tried 'em, found 'em wanting. ;) It would be good to hear from more people running different MUAs, but IMO mutt is the Gold Standard and is almost certaily doing what it's supposed to do. Whatever you're using is breaking threading in Thunderbird and I can't think of anyone else lately I've had the problem with. Also mutt has broken threading in the past and even between different versions of itself... so calling it a gold standard may be an overstatement. kashani
Re: [gentoo-user] Caching Proxy alternative to Squid?
On 6/2/2011 11:48 PM, Pandu Poluan wrote: On Thu, Jun 2, 2011 at 14:01, Joost Roeleveldjo...@antarean.org wrote: Works here: Squid version = 3.1.8 enabled USE-flags = epoll ipv6 kernel_linux ldap pam ssl Firefox version = 3.6.17 enables USE-flags = alsa dbus ipc java linguas_de linguas_en linguas_en_GB linguas_en_US linguas_fr linguas_it linguas_nl Hmmm... I'll try enabling epoll kernel_linux ldap pam ssl and updating... My question is why did you mess with the defaults? epoll should have been enabled unless you wanted to make Squid 100x slower. kashani
Re: [gentoo-user] virtualbox + kernel panic 2.6.38-r2
On 5/31/2011 12:11 PM, Tanstaafl wrote: On 2011-05-31 1:31 PM, James wrote: The only thing I've read online that may be applicable is that there have been some issues with kernel panics when you give the guest OS more than 1 processor. It would suck badly if SMP didn't work well on vbox. My understanding is it is a general rule that you never give any VM more than one processor, regardless of which vm hypervisor you are running... If SMP in VMs were that much of a problem then EC2 and the rest of the clouds would be useless. I'd go so far as to say if you're not oversubscribing your physical CPUs by handing them out multiple times to your VMs you're leaving half of your infrastructure underutilized. That said vbox has never been completely stable for me in any configuration and I usually reboot my laptop once a week. I am running 4.0.8 with a Gentoo guest (2.6.36-r5) using 2 CPUs. I haven't noticed any changes in stability since making the change to SMP last month. However there have been at least two SMP guest fixes in the 4.x version. kashani
Re: [gentoo-user] Apache is running but its log is not
On 5/4/2011 7:38 AM, Alan McKinnon wrote: Apparently, though unproven, at 08:15 on Wednesday 04 May 2011, Joost Roeleveld did opine thusly: On Wednesday 04 May 2011 13:48:48 Adam Carter wrote: Well, 2.2.17 is indeed my server, but I decided to stop it and start it again. Current log files showed up. Problem solved, by brute force again, and without any epiphanies of understanding. Last guess - logrotate is managing the log files but not reloading apache afterwards. Check that the entries in /etc/logrotate.d/apache2 have a line in there that runs /etc/init.d/apache2 reload. Adam, I think you got a really good guess. :) Especially as the log-files listed by lsof have status deleted: ** apache25288 root9w REG 8,44 57327591 204998 /var/log/apache2/access_log-20110204 (deleted) ** Interesting things happen when a file is deleted while a process still has access. You mean like as in it's name goes away and absolutely nothing else changes whatsoever? The only trouble you can run into is that new process that did not have the file open now cannot find it. If you're doing it poorly enough, you can fill the filesystem with deleted files. The other fun one is having a daemon grow larger and larger because it's not letting go of files that were deleted while it had them open. kashani
Re: [gentoo-user] Re: installing ffi gem
On 4/21/2011 9:54 PM, Hans de Graaff wrote: On Thu, 21 Apr 2011 17:33:05 -0700, kashani wrote: Install RVM, make it part of your shell, then install the ruby and gems of your choice. That way you leave the system Ruby alone and can develop with the versions you want. You can even do multiple versions of ruby and various gems for working on many different projects at once. Please note that Gentoo also supports multiple ruby implementations out of the box (ruby 1.8, ruby enterprise edition, jruby currently stable, ruby 1.9 unfortunately still masked, rubinius forthcoming). It's not about which ruby you're installing on the system, really anything other than 1.8.7 as system Ruby is a pain in the ass at this point. kashani@gentoo64 ~ $ rvm list rvm rubies rbx-head [ ] ree-1.8.7-2011.03 [ x86_64 ] ruby-1.9.2-p180 [ x86_64 ] = ruby-1.8.7-p334 [ x86_64 ] Using RVM I can have all version and implementations of Ruby and multiple gem sets per Ruby as well. That way I can work on ruby-1.8.7@rail2 app or switch to ruby-1.92@rails3 which keep the gems separate. Also I avoid breaking the system when doing wacky things in my dev environment. kashani
Re: [gentoo-user] SMB/CIFS or NFS?
On 4/20/2011 6:21 PM, Pandu Poluan wrote: Okay, I'm combining the portage distfiles dir into a storage server. Problem: the storage server is Windows 2003. Question: should I mount the distfile dir using SMB/CIFS or NFS? Is there any performance and/or complexity issues? I'd recommend avoiding NFS if possible. I've always found it painful to get working and touchy after the fact. kashani
Re: [gentoo-user] SMB/CIFS or NFS?
On 4/21/2011 2:15 PM, kashani wrote: On 4/20/2011 6:21 PM, Pandu Poluan wrote: Okay, I'm combining the portage distfiles dir into a storage server. Problem: the storage server is Windows 2003. Question: should I mount the distfile dir using SMB/CIFS or NFS? Is there any performance and/or complexity issues? I'd recommend avoiding NFS if possible. I've always found it painful to get working and touchy after the fact. kashani ... in a Windows and Linux environment. Figured I should add that to be clear. kashani
Re: [gentoo-user] installing ffi gem
On 4/21/2011 4:57 PM, Matt Harrison wrote: I've just tried setting up a new development machine and I'm stuck installing the ffi gem for ruby. According to a bug I found (can't find it now I'm afraid) the gentoo devs do not support installing gems via the gem command and directed the user to use the dev-ruby/ffi package. Unfortnately, that package is absolutely ancient and unusable. Anyway, I've got the ffi library install from portage, but when I try to `gem install ffi`, I get the output seen in the attachement. The same gem installs just fine on an ubuntu box, but...well it's ubuntu and I don't want to use that (besides it's just a VM). I'd really like to get this fixed so I can get started on a new project. Grateful for any help Matt Install RVM, make it part of your shell, then install the ruby and gems of your choice. That way you leave the system Ruby alone and can develop with the versions you want. You can even do multiple versions of ruby and various gems for working on many different projects at once. https://rvm.beginrescueend.com/rvm/install/ It really is the simplest way to build a dev environment and maintain it for Ruby. kashani
Re: [gentoo-user] MTA lighter on resource: Exim or Postfix?
On 4/8/2011 2:06 AM, Pandu Poluan wrote: Hello again, list! I need to deploy an MTA in the Cloud. Now, RAM is at a premium, so between Exim and Postfix, which one is lighter on resource? Thank you for your inputs. For light relaying both are about the same. I'd give the edge to Postfix in a heavy use ISP system because it's not a monolithic process like Exim. kashani
Re: [gentoo-user] putting mysql databases from one system to another
On 4/5/2011 11:59 AM, cov...@ccs.covici.com wrote: I am trying to copy my databases from one system to another and since one is 32-bit and the other is 64-bit, I was told that I could not copy the binary databases directly, but I had to do mysqldump and then put that source file into the new system. What I am getting is that the passwords seem not to have gotten through -- the user names seem to be there, but I cannot login with the passwords the user had in the old system. Can anyone tell me why this is so and what I can do to fix? Thanks in advance for any ideas. On Linux there is no difference between the on disk format so rsync away assuming you're keeping roughly the same Mysql version. You can have issues on Windows for some reason. However mysqldump is always considered safer for a number of other reasons. After you imported your fresh new mysqldump you ran flush privileges; for the mysql.user table to take effect? kashani
Re: [gentoo-user] putting mysql databases from one system to another
On 4/6/2011 3:47 PM, Alex Schuster wrote: On Linux there is no difference between the on disk format so rsync away assuming you're keeping roughly the same Mysql version. Um, but only when the architecture is identical. I'm pretty sure binary data is stored in different format on 32bit and 64bit systems. Wonko I had done it myself in the past a number of times without issue, but here's the documentation to back it up. kashani http://wikis.sun.com/display/WebStack/MySQL64bitARC It should be noted that, when switching between 32bit and 64bit server using the same data-files, all the current major storage engines (with one exception) are architecture neutral, both in endian-ness and bit size. You should be able to copy a 64-bit or 32-bit DB either way, and even between platforms without problems for MyISAM, InnoDB and NDB. For other engines it doesn't matter (CSV, MEMORY, MERGE, BLACKHOLE and FEDERATED) either the engine doesn't have a disk storage format or the format they use is text based (CSV) or based on MyISAM (MERGE; and therefore not an issue). The only exception is Falcon, which is only available in MySQL 6.0. It is generally recommended from MySQL that a dump and reload of data for absolute compatibility for any engine and major migration.
Re: [gentoo-user] Which network monitoring?
On 4/3/2011 7:10 PM, Pandu Poluan wrote: Hello users! I am transitioning my infrastructure back-ends from Windows to Gentoo Linux. The next server to be transitioned is our infrastructure monitoring server. Currently, we're using WebWatchBot. Its abilities that we use are: - Monitoring Internet connection up/down (we have 4 Internet connections) - Monitoring website (which we host on a 3rd party webhosting) by searching for a keyword using HTTP - Monitoring free space on other servers (mostly Windows-based, thuse we use WMI) - Monitoring services on Windows-based servers (again, WMI) - Sending alerts to selected groups (PICs) when failure exceeds a threshold (e.g., Systems group will receive alerts for their database servers, Infrastructure group will receive all alerts) Can you recommend a suitable monitoring system for Gentoo? Nagios still works well for me. And it'll do some wmi stuff, IIRC. I've been using a combination of Mysql backed Puppet with stored resources for system management. Then push Nagios configs to the Nagios server via tags in Puppet. Still working to get it right, but it's about there. Next step is to get collectd working with Nagios as well. kashani
Re: [gentoo-user] Setting up a local web server
On 4/1/2011 12:56 PM, Peter Humphrey wrote: On Friday 01 April 2011 13:18:39 Stéphane Guedon wrote: I have APACHE2_OPTS=-D DEFAULT_VHOST -D INFO -D LANGUAGE -D PHP5 you should try at least language and php5 ! That missing 5 is important - thanks. Then, however, I got this: * apache2 has detected an error in your setup: apache2: Syntax error on line 149 of /etc/apache2/httpd.conf: Syntax error on line 4 of /etc/apache2/modules.d/70_mod_php5.conf: Cannot load /usr/lib/apache2/modules/libphp5.so into server: /usr/lib/apache2/modules/libphp5.so: cannot open shared object file: No such file or directory That's after emerge -Cv apache and removing by hand all files and directories left behind by emerge. Same with php. Then I reinstalled both apache and php but without using the packages I had and all came right - thanks Stéphane. This is connected with the other thread I've written to today, about using my workstation as an emerge server. A complication I didn't mention there is that both make.conf and package.use have to be identical in the chroot and the target system nfs-mounted under it. I must have got them out of step at some stage. Incidentally, apache is wrong to complain of syntax errors - they're errors of configuration, not syntax. Apache doesn't recognize the syntax, therefore it's a syntax error. dig you build php with an apache2 flag to enable the Apache module? kashani
Re: [gentoo-user] LVM (Was: the best filesystem for server: XFS or JFS (or?))
On 3/24/2011 10:19 AM, Dale wrote: I have never used LVM but when it messes up after a upgrade, as has happened to many others, see if you say the same thing. I hope your backups are good and they can restore. Dale Meh, boot a liveCD and fix it which took all of 15 minutes. I don't see that as a failing of LVM, but of Gentoo for lack of another culprit. You can only roll your OS forward in so many ways before you have to do a little offline plumbing. May as well complain that you had to shutdown your machine to put in more RAM. kashani
Re: [gentoo-user] the best filesystem for server: XFS or JFS (or?)
On 3/22/2011 1:13 AM, Mr. Jarry wrote: Thanks for replies. As I had expected, they brought even more uncertainty then I had before... :-) ext3/4: I excluded them because as I understand, they do not support snapshots (only with lvm, which I do not use, and I've hreard snapshots in lvm are not very effective, or something like that). Next minus-point, I tried resizing of ext3/lvm once in the past and remember it was a real pain in a**... Any Mysql db smaller than 200GB is being backed up by a combination of LVM/Ext3 at a large Internet company with a big purple Y. It's mildly painful to setup, but RHEL uses LVM by default so it's just a matter of resizing to get the partitions you need. Once that's done you can kick off snapshots with very little effort. Not sure where you heard it was ineffective and I'd ignore further information from that source. kashani
Re: [gentoo-user] Re: Paste into vim keeping indention or original?
On 1/28/2011 9:08 AM, Bill Longman wrote: On 01/27/2011 12:53 PM, YoYo Siska wrote: BTW, if - vim has access to X (you run it on your local machine or from ssh -X or something similar) - is compiled with X support (check with vim --version | grep +X11) - and you :set mouse=a then you can paste by middle clicking in vim (not shift-middle click), which should paste the text as is... The difference is that with shift-middle click, or with vim that cannot talk to X, the terminal sends the selected text to vim as normal input (as if you would type it) and thus its get indented/formated/etc.. If you have mouse=a set and vim can talk to X, when you middle click it will ask X for the selection and insert it as is without any formatting Oooh, aaah. Fireworks. This one's going into my .vimrc file You might like one too. cmap w!! w !sudo tee % /dev/null When you forget to sudo vi you can use w!! which pipes writing the file though sudo. You get some term gunk, but it does work. kashani
Re: [gentoo-user] Setting up SMTP relay
On 1/26/2011 1:07 AM, Stroller wrote: On 26/1/2011, at 6:46am, Mick wrote: On Wednesday 26 January 2011 04:04:16 Walter Dnes wrote: On Sat, Jan 22, 2011 at 10:34:11PM +0100, Alex Schuster wrote This is working fine. But there are other PCs in the LAN, which I would also like to get status emails from. Being not the only one with root access there, I do not want to duplicate the ssmtp setup because of the password stored in ssmtp.conf. ??? What password in ssmtp.conf ??? My /etc/ssmtp/ssmtp.conf has 4 uncommented lines. They are... ... If you set it up to email you stuff using e.g. your email account, you would also need authentication credentials: Ya, but he's got a Postfix server listening on that LAN, so the other machines (using ssmtp) don't need to authenticate to that. This thread has become far too complicated. Postfix can be set up editing only about 3 lines lines in its config file. Stroller. I dont't think you have followed the thread correctly. The OP did say he had a user/pass in his ssmtpd.conf which I assumed was for accessing the final relay host. That was the reason for the extra lines. kashani
Re: [gentoo-user] Spamassassin
On 1/26/2011 10:25 AM, meino.cra...@gmx.de wrote: Hi, is it possible to configure Spamassassin to filter out spam-mail, if the mail contains certain keywords and/or the subject line match a certain pattern without diving too deep into the source and the ruleset of spamassassin? I'd consider handling that at the MTA level. In Postfix you would use header_check to build rules like that. There is also the added benefit of being able to REJECT the mail before it enters your system rather than accepting the mail, sending to spamassassin, attempting to bounce mail, etc. This site has a number of good examples http://www.posluns.com/guides/hedchek.html kashani
Re: [gentoo-user] modifying iptables: how can I prevent locking me out?
On 1/24/2011 10:59 AM, Mark Knecht wrote: On Mon, Jan 24, 2011 at 10:47 AM, Jarrymr.ja...@gmail.com wrote: Hi, I have to change rather complex iptables rules on server and I do not want to lock me out as this server is about 50 miles away. So how should I do it? I can back up the old rules by running: /etc/init.d/iptables save and it will be saved to /var/lib/iptables/rules-save (some strange format starting with number like [536:119208]) I prepared a script with new (modified) iptables-rules, which I will run in bash. But in case I screw something, how could I force netfilter to load old saved rules, if I for whatever reason do not connect to server (ssh)? Or can I load new iptables-rules for certain time, and then force netfilter to load back the old rules again? Jarry Maybe a cron job that no matter what reloads the old rules 1 hour later? - Mark Yep, that's the way I do it. I'd test that the cron works correctly beforehand. Nothing worse than locking yourself out *and* realizing your cron has a path issue. kashani
Re: [gentoo-user] Setting up SMTP relay
On 1/23/2011 11:23 AM, Alex Schuster wrote: Relaying does not work yet, I get a Relay access denied (in reply to RCPT TO command) error. But my initial goal is reached, I can send mail to {root,wonko}@wonkology.org. That's all I wanted. Many many thanks kashani! Your howto is much more than I expected, it is much appreciated. I realize that postfix is not too complicated, so I will play more with it when I have some spare time. Postifx is definitely worth the investment and people always seem surprised to find that 5-15 lines of config is all they need. You're welcome for the config. I spent most of last week learning the ins and out of authentication and relay hosts that hard way when I changed the domain of our servers and needed to update everything. I'm using a lot of EC2 machines and didn't want to maintain IP lists so I auth all servers trying to relay against my two Postfix servers. This config reflects that and might need some changes for your environment. kashani
Re: [gentoo-user] Setting up SMTP relay
On 1/23/2011 12:20 PM, Alan McKinnon wrote: It manages it's own queues beautifully. But, and this makes me sad, it doesn't really want *me* to manage it's queues. Border controls are hard, and finding the 1,000 mails some idiot with a Windows bot just sent, and deleting them, is really hard. I'm redesigning our mail setup at work,a nd I'm going to do it with exim *and* Postfix. Exim is the front end I can see, work with, and manage. Exim sends on to Postfix as fast as it can, and Postfix transparently relays to recipient. I get best of both worlds :-) I can't say I've ever needed anything more than mailq | grep |awk | postsuper -d - in order to delete mail from the Postfix queues. What sort of things are your trying to do other than delete a lot of spam or bounces? kashani
Re: [gentoo-user] Setting up SMTP relay
On 1/23/2011 4:26 PM, Alan McKinnon wrote: Apparently, though unproven, at 02:02 on Monday 24 January 2011, kashani did opine thusly: On 1/23/2011 12:20 PM, Alan McKinnon wrote: It manages it's own queues beautifully. But, and this makes me sad, it doesn't really want *me* to manage it's queues. Border controls are hard, and finding the 1,000 mails some idiot with a Windows bot just sent, and deleting them, is really hard. I'm redesigning our mail setup at work,a nd I'm going to do it with exim *and* Postfix. Exim is the front end I can see, work with, and manage. Exim sends on to Postfix as fast as it can, and Postfix transparently relays to recipient. I get best of both worlds :-) I can't say I've ever needed anything more than mailq | grep |awk | postsuper -d - in order to delete mail from the Postfix queues. What sort of things are your trying to do other than delete a lot of spam or bounces? First, our internal mail system deals with about 3,000,000 mails a day Mon-Thu so grep | postsuper is a tad inadequate, even if just on the basis of volume The basic tools are fine as long as you understand what they are dealing with - raw text. As soon as you run mailq you have text, you no longer have intelligence about what that text means. So you need lots of grep-fu. I can't control what the users mail out, sometimes they have automated systems that do silly things like send 10,000 notifications an hour to an SMS gateway when they cocked up Nagios. Finding the dodgy ones is no fun when there's a lot of perfectly valid ones in the mix too, and grep doesn't help much other than blindly selecting text matches. There's lots more examples, but they all follow a similar theme. Thanks for the extra detail, I found what you're describing very interesting. I've never dealt with Postfix with more than a couple hundred internal users and more often as spam our customers system. Other than the occasional Nagios blasts I haven't had to deal with much of this. In regards to controlling what users send is it feasible to use a policy server for rate limiting them? The ability to use an extra lookup service to decide whether to access main, filter it, allow relay, etc is one of the things I think Postfix does well. However I suspect the management and hand holding of a rate limit system would create more overhead than cleaning out the queue periodically. kashani
Re: [gentoo-user] Setting up SMTP relay
On 1/22/2011 1:34 PM, Alex Schuster wrote: Hi there! On my desktop PC, I have set up ssmtp with access data for my mail server, so things like smartmontools or portage can send me emails. This is working fine. But there are other PCs in the LAN, which I would also like to get status emails from. Being not the only one with root access there, I do not want to duplicate the ssmtp setup because of the password stored in ssmtp.conf. Is there an easy solution? Like setting up a simple SMTP server on my desktop PC, that accepts connections from the LAN and forwards mails to my external mail server? I once had courier running, but did not really understand the configuration, and would not really like to set it up again. Or dovecot, which I heard good things about, so I would prefer it now. But maybe the default configuration only needs few changes for my purpose? Or maybe there is another simple tool that does just what I want? It's nothing important, so if there's no simple solution, I'll just skip this and check the logs from time to time. Wonko I handle it with Postfix. Dovecot is only imap and won't accept main directly. 1. install postfix with USE sasl or devecot-sasl, I don't believe it matters which. Add the following lines to the bottom of /etc/postfix/main.cf and fill in your hostname, domain, etc as needed. # local settings myhostname = host.domain.com mydomain = domain.com myorigin = $myhostname inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost mynetworks_style = subnet mynetworks = 127.0.0.0/8 10.19.20.0/24 smtpd_recipient_restrictions = #reject_non_fqdn_recipient #reject_non_fqdn_sender #reject_unknown_recipient_domain permit_mynetworks reject_unauth_destination permit I commented out some of the checks above. Enable them if they'll work in your environment. I recommend at least reject_unknown_recipient_domain which doesn't allow recipients to domains that don't exist. 2. run sudo newaliases Postfix bitches if the /etc/mail/aliases.db doesn't exist and will hang on start. 3. Verify postfix works, isn't complaining in the logs, etc. Make sure it's up and running. That you can telnet to port 25 from another machine and even send to a local user on your machine. 4. Add the user/pass stuff to the bottom of /etc/postfix/main.cf # relay host and credentials relayhost = [my.external.relayhost.com] smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl.passwd smtp_sasl_mechanism_filter = digest-md5 smtp_sasl_security_options = noanonymous /etc/postfix/sasl.passwd [my.external.relayhost.com] myusern...@relayhost.com:my_secure_passwd sudo postmap /etc/postfix/sasl.passwd sudo /etc/init.d/postfix restart Things to remember. You need to restart Postfix is your change the password because it caches it. Also the relayhost name needs to match *exactly* between the passwd file and main.cf. 5. Once you're this far it's time to test all the way through. make sure you can send from the localhost machine sendmail -v s...@address.com . Once you're sure that works test from another machine on the network. Ideally it should just work if you've done all the steps. kashani
Re: [gentoo-user] AHCI/IDE-question
On 1/21/2011 10:53 AM, Volker Armin Hemmann wrote: so, why are you doing soemthing incredible stupid in the first place? How about you go have some coffee, maybe have a banana to even out the blood sugar, take a walk around the block, and try this email again without being a complete ass? kashani
Re: [gentoo-user] AHCI/IDE-question
On 1/21/2011 11:27 AM, Volker Armin Hemmann wrote: On Friday 21 January 2011 11:12:34 kashani wrote: On 1/21/2011 10:53 AM, Volker Armin Hemmann wrote: so, why are you doing soemthing incredible stupid in the first place? How about you go have some coffee, maybe have a banana to even out the blood sugar, take a walk around the block, and try this email again without being a complete ass? kashani I am sorry that over the years I lost my patience with none-existing problems. Don't be sorry, just stop doing it. This mailing list isn't anyone's job and if you're not enjoying the people and the questions anymore it might be time for a break. As with all volunteer work sometimes you *will* need to take a break. Hell I've gone months without responding to a single thread and most of the time I only read 20% of the posts. Those are usually the threads that interest me (ask more Postifx, Mysql, Apache, etc, server questions!) and I don't really have time for much more than that. Also with angry one liners you yourself are missing a chance to learn something. Maybe the answer to what's the purpose of your setup? It sounds fairly strange to me. would have been interesting. We might have found out about x kernel bug or weird hardware y. Or it may have been a half baked idea based on some lame blog that we'd all know was false. At worse I've just tossed use AHCI and trying to set IDE with modern hardware might have issues into the back of my brain. kashani
Re: [gentoo-user] Near freezes during large emerges
On 1/19/2011 12:07 AM, William Kenworthy wrote: Do you have a verifiable (as in from a knowledgeable source) reference for this? - it goes against a lot of what I found googling a year ago where swap size was dependent on CPU architecture (i.e., zeon/opteron/athlon etc), not 32/64bit.) You know the more I look into this the weirder it gets. Number of swap devices with later kernels included http://www.kernel.org/doc/man-pages/online/pages/man2/swapon.2.html#NOTES However because the man page mkswap is waay out of date I'm not inclined to trust swapon's man page either. Starting in 2003 we see that mkswap actually had the 2GB limit whereas the kernel already had much higher limits. http://lkml.indiana.edu/hypermail/linux/kernel/0306.0/1725.html The same character revist the issues two years later in 2005. http://lkml.indiana.edu/hypermail/linux/kernel/0506.0/0136.html As far as I can tell it comes down to cluster size, bitness of your OS, and amount of RAM you're willing to dedicate to managing swap. kashani
Re: [gentoo-user] Near freezes during large emerges
On 1/17/2011 8:42 PM, William Kenworthy wrote: No swap contains pages from memory that have not been accessed for awhile so they can be stored elsewhere freeing ram for actual active pages. When they need to be accessed, they have to be swapped back in, and often something swapped back out to make room for it. And for those with gigabytes of swap, keep in mind that the majority of processors can only access up to 32 x 2G swapfiles under linux, so 4G is only going to be half used. Some processors are only able to handle very small swapfiles, whilst amd opterons can handle very large ones. It does appear however that some distros (redhat and suse ?) have modified something to allow larger swap sizes on 64bit systems, but via google it seems very muddy at the moment. On my mostly 32bit systems its only the opterons (which are running 64bit systems) that can access more than 2G swap using gentoo-sources kernels when I tested late last year. BillK On a 32bit x86 Linux OS your swap file or swap partitions can have a max size of 2GB. If you're using a kernel later than 2.4.10 you can have 32 swap device and previous to that it was 8. With a 64bit Linux OS you can have swap devices of 64GB each. kashani
Re: [gentoo-user] Near freezes during large emerges
On 1/17/2011 12:29 AM, Alan McKinnon wrote: Not so much :-) I too have db servers with 96G of ram. 5 of them, so I'm current. I'm just gobsmacked that a desktop needs 3G to build a compiler and system libs. It's consuming 2G to do that, I'll bet that 1.75G of that is pure wastage. Much like authors who proudly declare that they spent 7 years writing some magnum opus. It's a sure bet they were drunk of 6.5 of them :-) Not a compiler or system libs. whenever I undertake a large emerge such as chromium or openoffice OpenOffice. Nuff said. kashani
Re: [gentoo-user] Near freezes during large emerges
On 1/17/2011 4:23 PM, Grant wrote: I think the idea is never use swap if possible, but in a case where you don't have swap space or run out of swap space I think it's still possible to lose data. Isn't swap just an extension of system memory? Isn't adding 4GB of memory just as effective at preventing out-of-memory as dedicating 4GB of HD space to swap? I can understand enabling swap on a laptop or other system with constrained memory capacity, but doesn't it make sense to disable swap and add memory on a 24GB server? Is swap basically a way to save money on RAM? Most users won't willingly trades 4ns data access for 13ms data access. I'd say swap in that situation is a way to gracefully degrade performance so that a user or admin can decide what to do. And yes in some cases that graceful part isn't. In my experience swap has allowed me to log in, kill runaway processes, then shut down the database gracefully to make sure all data was saved. I tend not to configure more than 2-4GB these days on servers. The other thing to remember is alerting on 98% RAM usage under Linux is a not starter because Linux will shove everything into RAM until it's full. However alerting on 5% swap usage does work fairly well. kashani
Re: [SOLVED]Re: [gentoo-user] vbox 64-bit guest will fail to detect a 64-bit CPU and will not be able to boot.
On 1/13/2011 10:32 AM, Valmor de Almeida wrote: I think I had the CONFIG flags set to Y already. The BIOS change and a shut down before booting was what apparently solved it. I shutdown the laptop and went to bed, the next morning after booting the machine I fired up vbox and all worked. I have now a fully functional Windows7 virtual machine; it is impressive how fast it boots and shuts down as virtual machine; also everything seems to work robustly. I installed goggle scketch up under Win7 and it works nicely. Thanks for the inputs. I've read a couple of threads about losing 64bit VM support after a machine goes to sleep. Rebooting fixes the problem temporarily. If you notice that behavior you may want to go ahead with any BIOS upgrade to see if that fixes it. kashani
Re: [gentoo-user] Web Server Memory Issues
On 1/12/2011 10:59 AM, Kaddeh wrote: So, I have run into an interesting problem while building out a web server for a client which I haven't come across before and I was hoping that the list would be a good way for me to find the answer. A little beckground on the systems: P4 @ 3.0Ghz 2GB PC2 4200 2x 250GB drives in RAID1 The system configurations are default for the most part with the server running MySQL and Apache. The problem that I am running into at this point, however is that the machine seems to run out of memory and will segfault either apache or mysql when does so, when apache segfaults, it is a recoverable error, when mysql does it, mysql can't recover short of restarting it. At this point, I have found a soft fix by running a cron job every 6 hours or so to clear the cached memory, which seems to be the problem, however, I would like to find a more permanent fix to this issue. Anything that would help at this point would be much appreciated. Cheers Kad Overall I'd expect your Mysql is running slow, which causes Apache to back up, which create more Apache children while your code blocks on the db, which then uses all the RAM. 1. Assuming you're running prefork, Turn KeepAlives Off if you haven't already. That'll reduce the number of Apache threads sitting around doing nothing but using your RAM. 2. The default my.conf in Gentoo (and nearly all distros) is configured to use 64MB. You should bump this up to 512MB total. The two settings I would touch are the following and THEY ARE SEPARATE POOLS that do not share configured memory with each other. Configure accordingly. innodb_buffer_pool_size = 16M key_buffer = 16M Both variables are dynamic and can be set from with Mysql use set variables key_buffer='1024'; syntax. Assuming you use Innodb tables I'd try 256MB for that setting and 128MB for the key_buffer and see how it goes. 3. Mysql slow query log. Turn it on and look at it. Your db design sounds sketchy at best and I'd be surprised if your weren't seeing a ton of slow queries especially with no db tuning. 4. /tmp is how big? Make sure it's a couple of gigs so that Mysql can build tmp tables in it. Again your db design is strange enough that you might be generating large tmp tables that file /tmp (and / if you haven't separated them) and causes Mysql problems. This is a fairly common problem in my experience. The simplest solution is: sudo mkdid -p /home/mysql sudo chown -R mysql: /home/mysql vi /etc/mysql/my.cnf and change to tmpdir = /home/mysql/ sudo /etc/init.d/mysql restart Yes, tmpdir is *not* a dynamic variable so you will have to restart Mysql to make this change. kashani
Re: [gentoo-user] vbox 64-bit guest will fail to detect a 64-bit CPU and will not be able to boot.
On 1/11/2011 11:04 PM, Valmor de Almeida wrote: Hello, I am trying to build a windows 7 guest using virtualbox-ose-3.1.8. When starting the virtual machine to install the OS, I get the warning: VT-x/AMD-V hardware acceleration has been enabled, but is not operational. Your 64-bit guest will fail to detect a 64-bit CPU and will not be able to boot. Please ensure that you have enabled VT-x/AMD-V properly in the BIOS of your host computer. I have enabled the following in the BIOS: Intel(R) Virtualization Technology Intel(R) VT-d Feature I have not created a KVM module in the kernel (using gentoo-sources-2.6.34-r12). Is this needed? Couple of things to check. 1. Make sure you've turned on all the related BIOS features that may be related. Sometimes it's more than one or two depending on the manufacturer. 2. Verify that your chip supports 64bit VT. I found out recently that my Intel T6600 while 64bit can only run 32bit guests. 3. You're running vbox 3.1.8 which is stable for x86 while vbox 3.2.12 is stable for amd64. Is your host OS 32bit? kashani
Re: [gentoo-user] vbox 64-bit guest will fail to detect a 64-bit CPU and will not be able to boot.
On 1/12/2011 12:04 AM, Valmor de Almeida wrote: System uname: linux-2.6.34-gentoo-r12-x86_64-intel-r-_core-tm-_i7_cpu_l_6...@_2.13ghz-with-gentoo-1.12.14 Timestamp of tree: Sat, 20 Nov 2010 15:45:01 + That chip looks okay. http://ark.intel.com/Product.aspx?id=43563 kashani
Re: [gentoo-user] Latest unstable ntp not generating ntp.drift file.
On 1/5/2011 12:04 AM, Thanasis wrote: I think you should prefer openntpd over ntpd, because I think openntpd is developed by openbsd, which means more secure ... I tried openntp a couple years ago. It was a giant pain in the ass. IIRC it was combination of crap defaults, poor docs, and plain not working. I think this was over five years ago and doubtfully thing have improved, but I definitely wasn't impressed at the time. kashani
Re: [gentoo-user] New project in perl? {OT}
On 1/1/2011 2:34 PM, Grant wrote: I'm sorry this is OT but I really value the opinion of many people subscribed to this list. I'm starting a new project that is quite straightforward and will interface with an old project. The only point of contact between the two projects might be both of them having access to the same database table. The old project is written in a language that is related to perl so I can imagine there would be some benefit to using perl for the new project. Am I foolish to start a new project in perl at this stage in its lifecycle? I won't be doing the coding myself and I wonder if I would be better off with PHP since more coders seem to be familiar with PHP than perl. In '99 I worked with a fellow who styled himself a software architect. The first step of each project he managed involved stating We will write this software in Java. As you can imagine that's sorta backwards. I'd spec the software function, features, etc and then decide which language has better tools or command of the problem space. You will have to balance that against your knowledge of the language and the developer skills you have access to. However even the exercise of deciding Python appears to be the superior language in this problem space, but we're going to go with Perl because the database module for our db already exists and is much more mature. Bob knows Perl better too. is worth doing because it helps define the scope of the project. FWIW the current startup I'm at is using Ruby for the front end and it's been a bit more work that PHP which is what the last company used. That's partly Rails immaturity, our lack of experience with Ruby, and having to learn the Rails/Ruby way. Unless the language you're familiar with is completely unsuitable, I'd say familiarity trumps language features. YMMV. kashani
Re: [gentoo-user] postfixadmin vacation user uid/home in /etc/passwd
On 12/29/2010 9:14 AM, Tanstaafl wrote: Greetings, I'm updating an old system I inherited that has postfixadmin 2.1 installed, and I have a question about the vacation user entry in /etc/passwd... Can I just change it directly (by editing the file with a text editor) without worrying about anything breaking? Currently it is: vacation:x:1003:65501::/home/vacation:/bin/bash and I want to change it to be the same as the INSTALL.TXT recommends: vacation:x:65501:65501::0:0:Virtual Vacation:/nonexistent:/sbin/nologin So, can I just edit the file and be done with it? Also, out of curiosity - can /etc/passwd file contain comments? Thanks... To your original question, if it works I not would touch it. You may want to look in /home/vacation for .forward or other files that might be helping the vacation functions work if you do decide to change /etc/passwd. IIRC and it's been years vacation was a bit flakey under 2.1 and it required a fair amount of undocumented tweaking to work correctly though it did get better in late 2.1.x. I would consider a plan to upgrade to 2.3.2, but it would be far simpler to build a new system and switch over to it than upgrade in place. And safer. kashani
Re: [gentoo-user] postfixadmin vacation user uid/home in /etc/passwd
On 12/29/2010 1:36 PM, Tanstaafl wrote: On 2010-12-29 3:50 PM, kashani wrote: On 12/29/2010 9:14 AM, Tanstaafl wrote: I'm updating an old system I inherited that has postfixadmin 2.1 installed, and I have a question about the vacation user entry in /etc/passwd... snip I would consider a plan to upgrade to 2.3.2, I guess I could have been clearer - I said I was updating the system, and updating pfadmin to 2.3.2 is what I'm doing now... and I want to configure everything *correctly*. Right now, vacation has a shell, and it shouldn't - I just want to know if simply editing /etc/passwd is the correct way to fix it... but it would be far simpler to build a new system and switch over to it than upgrade in place. And safer. I already have the new pfadmin up and running, and I'll be switching over this weekend... Any idea about my other question: Also, out of curiosity - can /etc/passwd file contain comments? Thanks... Sure you can edit it directly though you'll break anyone currently using vacation as soon as you do. Make sure you fix /etc/shadow and /etc/group too. Or use usermod which would be the proper way to make the change. /etc/passwd shouldn't have stand alone comments which might cause weird problems with pwconv, grpconv, etc. Use the comment field of the user. kashani
Re: [gentoo-user] Eeek: many open ports
On 12/13/2010 2:22 PM, Bill Longman wrote: On 12/13/2010 02:02 PM, Kevin O'Gorman wrote: On Mon, Dec 13, 2010 at 1:18 PM, pkpete...@coolmail.se mailto:pete...@coolmail.se wrote: On 2010-12-13 22:08, Kevin O'Gorman wrote: Netstat agrees that they're open but does not disclose which process is listening. Does anybody know how to find this out? netstat only lists listening processes when you're root... Not for me, it doesn't. It lists processes for unix-domain sockets whether I'm root or not, but does not show them for inet-domain at all. I'm using netstat -l or netstat -ln. Is there some other option I need? I didn't see one. You need -p for process. What Bill said. You'll probably want to try sudo netstat -lnp and sudo netstat -lnpt which just shows TCP ports. kashani
Re: [gentoo-user] Should mysql crash sometimes?
On 11/29/2010 5:46 AM, Grant wrote: You can add it to /etc/mysql/my.cnf and restart. Remove it and restart again when you've finished. kashani That worked perfectly, thank you. I've run mysql_upgrade successfully and all of the warnings have disappeared from the mysql log file except the following: [Warning] No argument was provided to --log-bin, and --log-bin-index was not used; so replication may break when this MySQL server acts as a master and has his hostname changed!! Please use '--log-bin=mysqld-bin' to avoid this problem. Should I change the default 'log-bin' line in /etc/mysql/my.cnf to 'log-bin = mysqld-bin'? If you're not replicating, you can ignore that error though what you've posted above should work. I forget what's in the default my.cnf these days, but you should also do the following. Add this line to your /etc/mysql/my.cnf and it'll need to be in the [mysqld] section. expire_logs_days = 7 Then log into Mysql and run this command to set the variable without having to restart Mysql. SET GLOBAL expire_logs_days=7; This will make sure that your logs expire and you don't fill up /var. If you're replicating you'll want to make sure that 7 days fits your needs. kashani
Re: [gentoo-user] Should mysql crash sometimes?
On 11/28/2010 12:30 PM, Grant wrote: I'm told I need to run mysqld with --skip-grant-tables. I'm used to using Gentoo's mysql initscript. Should 'mysqld --skip-grant-tables' work? You can add it to /etc/mysql/my.cnf and restart. Remove it and restart again when you've finished. kashani
Re: [gentoo-user] Postfix broken
On 11/15/2010 8:37 AM, Kevin O'Gorman wrote: Color me stupid. It was stopped. It started when I told it to in /etc/init.d. Now I have to wonder what stopped it. Judging from the mail that got through all of a sudden, I guess it stopped about 2 weeks ago. I'll have to watch this... IIRC updates of the Postfix package that could in result in data loss of queued mail will shutdown Postfix before preceding. Looks like Postfix 2.7.1 hit on Nov 4 and 2.6.7 has been in the system since June. I'd bet you ran the update, Postfix shutdown for safety, and you missed the screen output about restarting it. kashani
Re: [SOLVED] Re: [gentoo-user] Thunderbird and IMAP folders
On 9/2/2010 12:43 PM, Jim Cunning wrote: On 09/01/2010 10:44 AM, Andrea Conti wrote: Hi, I routinely use thunderbird to access mail on a cyrus IMAP server with very large folders (thousands of archived messages). IMAP support in the 3.1 series seems quite stable to me (whereas 2.x had frequent problems with folder indexes and 3.0.x tended to hang randomly while performing server operations) The only problem I can think of is that if you have used the default settings for the message search feature, thunderbird will attempt to build a full-text search index by downloading every message on the server (body included) when it is first run. Thunderbird will try downloading messages from multiple folders in parallel, which might cause a hign load on the server resulting in substantial delays when listing folder contents. If thunderbird is indexing messages (look at the progress indicator on the status bar), try leaving it alone until it is done -- it's a one-time process. If, on the other hand, everything is idle, I'm sorry but I have no idea. HTH, andrea The problem turned out not to be with Thunderbird at all, but with the courier-imap configuration. I found in /var/log/messages some instances of this: imapd-ssl: Maximum connection limit reached for :::10.0.0.1 It appears that the default configuration for MAXPERIP (maximum number of connections to accept from the same IP address) was set to 4. (I assume it's the default, since I never changed it myself.) Changing the value to 10 eliminated the Thunderbird problem entirely. I don't know if some other value between 4 and 10 would work as well. I'm happy with it as it is now. I'd recommend 10 connections per concurrent account that connects to the server from the same IP. If you're running multiple accounts, like kashani-list@ and kashani@ in my case, you'll want at least 20. Same thing applies if you're running webmail for multiple account because all account access will originate from localhost. kashani
Re: [gentoo-user] Gentoos community communication rant
On 9/6/2010 4:55 PM, Al wrote: Well that is the first advantage of a newsreader. It does not spam your mailbox. You select yourself what you want to read by the header. The other contents are never delivered to you, eat up neither traffic nor space. People don't really need to complain of to much traffic. I'd be interested in how many people still have access to a news server these days. I don't and I'm not particularly interested in having to pay for access when email works well enough. kashani
Re: [gentoo-user] Proper way of updating mysql from 5.0.90-r2 to 5.1.50?
On 9/3/2010 10:53 PM, Jarry wrote: On 31. 8. 2010 20:30, Mick wrote: I stop apach mysql, run the update, dispatch-conf and then restart them both. Haven't had problems since. I tried it that way: /etc/init.d/apache2 stop /etc/init.d/mysql stop emerge --ask --update --deep --newuse world emerge --depclean revdep-rebuild /etc/init.d/mysql start /etc/init.d/apache2 start Still the same: databases are gone, mysql is empty. Only users are there. This is strange: how can updating mysql from one stable version to higher stable cause complete loss of databases??? Jarry IIRC the default my.cnf changed for the worse in Gentoo's 5.1.x ebuild. Try making a copy of your original my.cnf and put it into place once you've upgraded. Else you may need to modify the mysql home and data paths in the new my.cnf to reflect where the database are actually installed. kashani
Re: [gentoo-user] Proper way of updating mysql from 5.0.90-r2 to 5.1.50?
On 9/2/2010 11:12 AM, Mick wrote: On Thursday 02 September 2010 06:10:05 kashani wrote: On 9/1/2010 1:00 PM, Aniruddha wrote: On Tuesday 31 August 2010 20:30:55 Mick wrote: But this is apparently not the proper way, because after restarting the server, apache does not show my web-page reporting there is no such a database. I checked it with phpmyadmin, and really, there is absolutely no database in mysql! I quickly restored backup version which I have done just before trying mysql-update, so my web-site is up and running. Now I would like to update mysql the right way, I but do not know how to do it... Hi Jarry, Some years ago I ran into some similar problem, I can't recall exactly what. Lost in folklore (wiki?) were some instructions to first stop mysql before you update it and I have been following them since. I stop apach mysql, run the update, dispatch-conf and then restart them both. Haven't had problems since. There may be a better way for doing this - in which case others who know better will hopefully chime in. I'm curious as well. Imo it shouldn't be necessary to stop mysql server for each update. I did in place upgrades from 5.0.12 or so on up to 5.0.77 or so. You're unlikely to have problems upgrading Mysql within 5.0.x. If you're moving up to 5.1, I would definitely stop inserts into Mysql, How do you stop inserts? Would this also apply to MyISAMs or only InnoDB? Depends on what you can get away with on your system. Applies to both MyISAM and Innodb though generally it's easier to dump myisam tables. 1. restart Mysql with no network, dump, update, restart with network. This of course assumes you have no local clients but you can chmod 600 the mysql.sock as well. I've done it this way in the past, but it's not terribly fancy. Works well in environment where you're not exactly sure what's writing to your db. 2. mysql -u root then FLUSH TABLES WITH READ LOCK while you're holding that connection open, mysqldump. I feel like I'm forgetting something here, but I think it is this simple. 3. Make a slave. Update it, test, all that fun stuff. Point to it, then update the master which is a slave of the slave. Works well, pretty easy, but you need to be comfortable with setting up replication. 4. LVM snapshots, still need to lock the tables, but usually it's fast. Good write up here. http://www.mysqlperformanceblog.com/2006/08/21/using-lvm-for-mysql-backup-and-replication-setup/ 5. Don't bother with a backup. shut down mysql, rsync -av /var/lib/mysql/ var/lib/mysql.orig/ , upgrade, start mysql. If it doesn't work shut down mysql and move the old dir back into place. couple more links http://dev.mysql.com/doc/refman/5.1/en/backup-policy.html http://dev.mysql.com/doc/refman/5.1/en/backup-methods.html kashani
Re: [gentoo-user] Proper way of updating mysql from 5.0.90-r2 to 5.1.50?
On 9/1/2010 1:00 PM, Aniruddha wrote: On Tuesday 31 August 2010 20:30:55 Mick wrote: But this is apparently not the proper way, because after restarting the server, apache does not show my web-page reporting there is no such a database. I checked it with phpmyadmin, and really, there is absolutely no database in mysql! I quickly restored backup version which I have done just before trying mysql-update, so my web-site is up and running. Now I would like to update mysql the right way, I but do not know how to do it... Hi Jarry, Some years ago I ran into some similar problem, I can't recall exactly what. Lost in folklore (wiki?) were some instructions to first stop mysql before you update it and I have been following them since. I stop apach mysql, run the update, dispatch-conf and then restart them both. Haven't had problems since. There may be a better way for doing this - in which case others who know better will hopefully chime in. I'm curious as well. Imo it shouldn't be necessary to stop mysql server for each update. I did in place upgrades from 5.0.12 or so on up to 5.0.77 or so. You're unlikely to have problems upgrading Mysql within 5.0.x. If you're moving up to 5.1, I would definitely stop inserts into Mysql, dump mysql, stop mysql, make a copy of /var/lib/mysql just in case, then upgrade to 5.1. Mysql should be able to upgrade your database in place, but it might not. If mysql-update doesn't work, importing a dumb is the most reliable way to get your data into 5.1. As other people have pointed out you'll need to revdep-rebuild or preserve the older client libs. kashani
Re: [gentoo-user] [OT] Incomplete mysql backup
On 8/19/2010 12:03 PM, Mick wrote: I use mysqldump to back up a database from a development environment and upload it to a production environment. A couple of days ago I was surprised to see that I was getting errors as soon as I uploaded the backed up database to the production machine! I repeated the backup (more in disbelief than anything else) but the error remained. I spent a few minutes looking around and scratching my head as to what was amiss with it, until eventually I noticed that the recent backup was smaller than the previous version (it should have been bigger due to extra data that has accumulated in the database). I had another final go in running the same good ol' mysqldump command and this time it worked. The backup was a reasonable size and the upload restored the application in the production environment in a good working order. Is there a right and a wrong way of backing up mysql? Did I do something wrong? How should one verify that a back up is sound? (Imagine trying to restore from that incomplete backup!) mysqldump -A --single-transaction That's usually the best way to backup if you have a single machine. Without --single-transaction you may or may not get a proper backup when using Innodb tables on a busy server. However in a busy production environment it's usually best to use a slave to do backups. Bringing LVM snapshots into the mix is also useful, but you must lock and flush Mysql in order to get a correct snapshot which makes it only an option on the slave. kashani
Re: [gentoo-user] courier imap over nfs
On 8/1/2010 8:06 AM, Matt Harrison wrote: Just wondering if anyone has any experience with courier-imap serving mailboxes over NFS. From googling around it seems courier should support remote homedirs but I can't get it working. My user authenticates according to the logs, but the client reports invalid credentials. Remove the NFS home directory and it works again. Any help would be appreciated, otherwise I'm going to have to install courier-imap on solaris, and I really don't feel like that :P I'd suspect UID/GID mismatches somewhere. Make sure the machine delivering the email, the home dirs, and the machine running courier-imap all see .maildir as the same user account. You may want to put Courier-imap into verbose or debug mode as well. I'd also look at your NFS config to see if you're doing any squashes into other UIDs. And just for the hell of it, never use mbox over NFS. The locking will kill you on a busy system. kashani
Re: [gentoo-user] mysql use flag witout server, using only client libaries
On 7/31/2010 1:58 AM, Stroller wrote: On 29 Jul 2010, at 21:37, Tomas Krasnican wrote: ... But, when is the mysql in the depend part of rc script (for example, when you emerge syslog-ng with mysql enabled flag, that will be puted here automaticly), the running localy database is required for start this service. It is not required to have it rc-enabled the mysql database, because you have already enabled another service, which it requires.. Surely the rc-scripts should use before and after instead of needs or depends. I haven't looked at this recently, but I'm pretty sure there used to be such a distinction. Stroller. For grins I compiled sql support into syslog-ng. Here's the new rc script. depend() { need net use mysql dns logger netmount postgresql after sshd } It'll load after Mysql only if it exists in the current runlevel. As other people have said, there isn't any problem to solve here. kashani
Re: [gentoo-user] core i5
On 6/23/2010 1:56 PM, Stefan G. Weichinger wrote: Am 23.06.2010 04:27, schrieb kashani: I updated from a Q6600 to an i7 860 recently. Not amazing speed wise, but I can run 8 threads and use more than 8GB of RAM. The RAM was the big thing for me. If you're planning to do a lot with VMs I'd suggest at least an extra drive if not more if you can swing it. You mean for storing the VMs? I have two drives locally now, RAID1 mostly. And I also test storing VMs on an nfsV4-storage via gigabit ethernet. Quite OK. And NFS-storage is more quiet ;-) That's works. :-) I was doing a fair amount of rpm building, svn to git with large trees, kickstart, Mysql, and Puppet work at a job a few months ago which was hitting the host fairly hard. Between the above and Outlook getting an extra drive to isolate the host OS from the VMs was a requirement. Much smoother after that. kashani
Re: [gentoo-user] Re: Legacy GRUB vs GRUB2
On 6/22/2010 1:46 PM, Bill Longman wrote: Because of EFI firmware, that's why mobos would effect it. Like the Sun Openboot PROM docs say somewhere: BIOS? We don't need no stinkin' BIOS. Same with the lame x86 status quo. At least nowadays we could have two different versions of it on board and it's not a hardware chip anymore, but, compared to most other intelligent platforms, PC BIOS is pretty braindead. For the record only Sun servers have ever made me utter, Let me get this straight. I have to update the firware on the POWER SUPPLY too?!? E6500s circa '99. kashani
Re: [gentoo-user] User password scanning on pop3
On 6/20/2010 5:06 PM, deface wrote: Try fail2ban How about reading the whole thread before posting a one liner? kashani
Re: [gentoo-user] User password scanning on pop3
On 6/16/2010 5:26 PM, Rod wrote: Hi, Does anyone know how to block, or auto programs in Gentoo to limit or stop people scanning for a user/password hacking on your firewall? Besides disabling those ports, I still need the port accessable from the outside, and I guess they'd just try imap if pop was blocked. I'm running iptables, postfix courier Have you considered changing over to pop3-ssl and imap-ssl? I fully switched over about six years ago and nearly every job I've had since has used SSL as well. I'd still recommend plain imap to be open on localhost for webmail to interact with it, but you should have far less problems. And less change of sniffers pulling user/pass from wireless connections in cafes. kashani
Re: [gentoo-user] A lot of big files in /var/lib/mysql/ = /var full!
On 4/23/2010 9:25 AM, Jarry wrote: Hi, today I discovered mysql is slowly eating my disk space! Actually, one web-server already had /var 98% full. After a little search I found more than 200 files in /var/lib/mysql/mysqld-bin.01 -~ 000214 of various size, but together take ~10GB of disk space. Yet phpmyadmin shows I have only one database ~15MB. So what is all this mysqld-bin.* crap doing in /var/lib/mysql? I increased /var, but it does not solve the problem. How can I prevent mysql from filling up my whole /var partition? I looked into /var/log/mysql, mysql.err and mysql.log are empty, in mysqld.err there are these messages: --- 100423 15:47:05 [Warning] No argument was provided to --log-bin, and --log-bin-index was not used; so replication may break when this MySQL server acts as a master and has his hostname changed!! Please use '--log-bin=mysqld-bin' to avoid this problem. InnoDB: The InnoDB memory heap is disabled InnoDB: use atomic builtins. 100423 15:47:05 InnoDB: Started; log sequence number 0 43715 100423 15:47:05 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.0.90-log' socket: '/var/run/mysqld/mysqld.sock' port: 3306 Gentoo Linux mysql-5.0.90-r2 --- I must admit I didt not play with mysql configutation much, just followed gentoo MySQL Startup Guide and everything seemed to work... Jarry Add this line to your /etc/init.d/my.cnf and it'll need to be in the [mysqld] section. expire_logs_days = 7 Then log into Mysql and run this command to set the variable without having to restart Mysql. SET GLOBAL expire_logs_days=7; While logged in you can immediately expire the old logs with the following command. Even though you've set seven days as the max time Mysql will not expire the old logs until the current log reaches 1GB and it is time to create a new log. PURGE BINARY LOGS BEFORE DATE_SUB( NOW( ), INTERVAL 7 DAY); Seven days works well for most home systems, but you can set it higher or lower depending on your situation. It is generally not a good idea to turn bin logs off because there are cases when it's easier to recover data or fix tables if you have current logs. kashani
Re: [gentoo-user] cyrus-sasl 2.1.23 remote server rejected your credentials
On 4/21/2010 12:56 PM, laur...@logiquefloue.org wrote: ok, it's 3 days I'm tryin to fix my smtp connection, I have been through the whole configuration many times and getting the certificates also. The last thing I did is add this line again in /etc/postfix/main.cf: smtpd_sasl_path = smtpd which changed the error into a warning for postfix: warning: foo[b.a.r.x]: SASL PLAIN authentication failed: authentication failure then, same for LOGIN: postfix/smtpd[3962]: warning: foo[b.a.r.x]: SASL LOGIN authentication failed: authentication failure I used this howto at first: http://www.gentoo.org/doc/fr/virt-mail-howto.xml and it was working for a long time. I can post mor info if you need. You shouldn't need to add that line because it's part of the default config. Post the output of postconf | grep smtpd_sasl so we can see if their is anything odd in your config. Also make sure that you allow mynetworks before requiring authentication like this example below. If you don't, your mail server will try to authenticate access from localhost. smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated kashani
Re: [gentoo-user] vixie-cron keeps stopping
On 4/15/2010 1:20 AM, Alan McKinnon wrote: On Thursday 15 April 2010 02:58:15 Matt Harrison wrote: I apologise if this has come twice, it didn't appear to post correctly first time, not even on the archives. Its been happening for a while but I haven't got round to find out why, but every so often (anything between a week or an hour) vixie-cron just stops. There's nothing in the logs, the service just stops. I have no idea where to start looking for a culprit so I'm hoping someone here has some good ideas :) thanks in advance Matt You probably don't want to hear this, but: vixie-cron is problematic in the extreme. I have endless hassle with it's weird behaviours. Use a different cron daemon. Strange. I've never had a problem with it and Gentoo though I use Gentoo primarily as a server. kashani
Re: [gentoo-user] Which IPSEC to go?
On 1/24/2010 1:38 PM, Konstantinos Agouros wrote: Hi, since I am a while out of the game of doing ipsec with Linux: What's the way to go? Strongswan/Openswan or ipsec-tools for kame/racoon. Emerge -p gave me some ~ for ipsec-tools while openswan goes without. Any input welcome. I need this for a road warrior setup. Use Openvpn. Way simpler, has a client for all the major OSs, and most importantly isn't based on annoying ipsec. You can use Openvpn between servers as well to setup tunnels. kashani
Re: [gentoo-user] Can't block pop3 attack
Robin Atwood wrote: On Saturday 24 October 2009, Alan McKinnon wrote: On Friday 23 October 2009 21:49:42 Robin Atwood wrote: My syslog is showing zillions of messages: Oct 24 02:25:58 opal xinetd[8054]: START: pop-3 pid=16534 from=61.134.64.199 Oct 24 02:25:59 opal xinetd[16534]: warning: /etc/hosts.allow, line 7: can't verify hostname: gethostbyname(199.64.134.61.broad.gs.dynamic.163data.com.cn) failed Oct 24 02:26:09 opal xinetd[8054]: EXIT: pop-3 status=0 pid=16534 duration=11(sec) I run denyhosts but don't trap pop3 messages so I manually added the IP address to /etc/hosts.deny and..., it made absolutely no difference. I run qpopper which is compiled with xinetd support and xinetd uses tcpd, so I assumed the address would be blocked. Apparently not so. Any ideas? You have allow ALL ALL early in hosts.allow, or you have allow pop3 all earlier in hosts.allow The second! I had forgotten about that. The trouble I set it up that way so I could pick up email from arbitrary locations while travelling. It seems the price of that is allowing idiots to spam your logs. Thanks for the pointer. -Robin You might think about moving to pop3-ssl or imap-ssl and dropping the unencrypted protocols. Usually keeps people from banging on the servers and much safer if you use the occasional unsecured wireless network. kashani
Re: [gentoo-user] Interpreting /proc/cpuinfo
Volker Armin Hemmann wrote: On Samstag 10 Oktober 2009, Keith Dart wrote: === On Fri, 10/09, Florian Philipp wrote: === Could the missing flags be related to a too old kernel (2.6.18)? === Yes, and also how you compile it (what processor type you choose). not really Also, some CPU features are altered by the BIOS settings. seldomly. First of all 2.6.18 is not only old, it is a security risk. Seriously, why do you (OP) even bother to sent an email to the list without first upgrading to a more recent one and checking if the problem persists? Cause if you've been following Florian's post you'd see that he's running a VPS which is probably a heavily patched 2.6.18. At least my VPS is like that. Come on, don't you read everyone's post? Yeah BIOS can effect it, the kernel not so much. Not sure about an openvz style VPS. kashani