Re: [CentOS] samba question
On 5/24/08, Dennis McLeod <[EMAIL PROTECTED]> wrote: > You should really look into the Samba Mailing list.. > https://lists.samba.org/mailman/listinfo/samba > Following your thread, you likely need to add the server to the hosts and > lmhosts files on your XP boxes, as was already mentioned Thanks! will check with the samba list, I am with Centos list only for the moment... I also notice that I can see the workgroup (MYGROUP) in "My Network Places" but cannot double click into it to see the centos share. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPTables help
On Saturday 24 May 2008 10:25:41 Robert Spangler wrote: > On Friday 23 May 2008 21:31, Fajar Priyanto wrote: > > Actually I have written a small tutorial on iptables, but I haven't > > translated it into english. I'll let you know when it's done. Hopefully > > it will be useful for others. > > Please have someone, or for that matter a few people, who have a good > understanding of firewalls look over your tutorial before it is published. > While you show a basic understanding of how firewalls work you lack the > knowledge of true security. Just my observation. You observation is most welcome, Robert. By all mean, I'm surely not an expert. Just someone who wants to help other by guiding a little 1 or 2 tiny steps along the great jungle of Linux knowledge. Everyday is a lesson for me. So, if you please, I really want to know what true security is. Thank you. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 14:53:39 up 6:42, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] read only root file system
On Saturday 24 May 2008 12:05:30 Fred Noz wrote: > Responding to a question posted earlier this month, Centos 5.1 includes > configuration files for enabling the read-only root filesystem. > Actually, all filesystems can be mounted read-only with particular files > and directories mounted on a read-write tmpfs (in RAM). This capability > comes directly from the upstream provider. > When your computer comes back up, the root and any other system > partitions will be mounted read-only. All the files and directories > listed in /etc/rwtab will be mounted read-write on a tmpfs filesystem. > You can add additional files and directories to rwtab to make them > writable after reboot. > > Note that this system is stateless. When you reboot again, everything > written to the tmpfs filesystem vanishes and the system will be exactly > as it was the last time it was booted. You could add a writable > filesystem on disk or NFS for writing files you want to retain after > rebooting. This is very interesting. Thanks for the sharing Fred. So, it's somekind of Live CD on a disk? I can't think of a practical benefit of using such system, is it to protect it from unwanted modification? -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 15:40:28 up 7:29, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPTables help
Fajar Priyanto wrote: On Saturday 24 May 2008 10:25:41 Robert Spangler wrote: On Friday 23 May 2008 21:31, Fajar Priyanto wrote: Actually I have written a small tutorial on iptables, but I haven't translated it into english. I'll let you know when it's done. Hopefully it will be useful for others. Please have someone, or for that matter a few people, who have a good understanding of firewalls look over your tutorial before it is published. While you show a basic understanding of how firewalls work you lack the knowledge of true security. Just my observation. You observation is most welcome, Robert. By all mean, I'm surely not an expert. Just someone who wants to help other by guiding a little 1 or 2 tiny steps along the great jungle of Linux knowledge. Everyday is a lesson for me. So, if you please, I really want to know what true security is. Thank you. Fajar, There is already an iptables tutorial on the Wiki: http://wiki.centos.org/HowTos/Network/IPTables Rather than reinventing the wheel, perhaps you would like to take a look at that and consider contributing and/or helping to improve it if you see areas that you consider are weak. Regards, Ned ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPTables help
On Saturday 24 May 2008 15:57:51 Ned Slider wrote: > There is already an iptables tutorial on the Wiki: > > http://wiki.centos.org/HowTos/Network/IPTables > > Rather than reinventing the wheel, perhaps you would like to take a look > at that and consider contributing and/or helping to improve it if you > see areas that you consider are weak. Yes Ned, thank you. It's not my intention to put down that great tutorial. No, nothing at all. And yes, regarding to the original OP, I recommend to take a look at that URL. Most recommended. Also, if you want to read more, here's another great one from Oscar Anderson: http://iptables-tutorial.frozentux.net/ -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 16:08:03 up 7:56, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: RAID5 or RAID50 for database?
Scott Silva wrote: on 5-22-2008 9:58 PM Bahadir Kiziltan spake the following: You need at least 6 drives for RAID5. I don't know if Perc 4e/Di allows configuring the RAID5. Where did you get this bit of information? You can create a raid 5 with 3 or more disks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos 3 drives is not really recommended, since if 1 dies, you'll probably loose the whole set. Rather use min 4 drives, where 1 drive is a hot spare) -- Kind Regards Rudi Ahlers CEO, SoftDux Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 39, Issue 12
Send CentOS-announce mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CESA-2008:0287 Important CentOS 3 ia64 libxslt - security update (Pasi Pirhonen) 2. CESA-2008:0287 Important CentOS 4 ia64 libxslt - security update (Pasi Pirhonen) 3. CESA-2008:0492 Important CentOS 4 ia64 gnutls - security update (Pasi Pirhonen) 4. CESA-2008:0287 Important CentOS 3 s390(x) libxslt - security update (Pasi Pirhonen) 5. CESA-2008:0492 Important CentOS 4 s390(x) gnutls - security update (Pasi Pirhonen) 6. CESA-2008:0287 Important CentOS 4 s390(x) libxslt - security update (Pasi Pirhonen) -- Message: 1 Date: Fri, 23 May 2008 19:19:15 +0300 From: Pasi Pirhonen <[EMAIL PROTECTED]> Subject: [CentOS-announce] CESA-2008:0287 Important CentOS 3 ia64 libxslt - security update To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory 2008:0287 https://rhn.redhat.com/errata/RHSA-2008-0287.html The following updated files have been uploaded and are currently syncing to the mirrors: ia64: updates/ia64/RPMS/libxslt-1.0.33-6.ia64.rpm updates/ia64/RPMS/libxslt-devel-1.0.33-6.ia64.rpm updates/ia64/RPMS/libxslt-python-1.0.33-6.ia64.rpm -- Pasi Pirhonen - [EMAIL PROTECTED] - http://pasi.pirhonen.eu/ Top-postings silently ignored -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080523/11bcb546/attachment-0001.bin -- Message: 2 Date: Fri, 23 May 2008 19:21:04 +0300 From: Pasi Pirhonen <[EMAIL PROTECTED]> Subject: [CentOS-announce] CESA-2008:0287 Important CentOS 4 ia64 libxslt - security update To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory 2008:0287 https://rhn.redhat.com/errata/RHSA-2008-0287.html The following updated files have been uploaded and are currently syncing to the mirrors: ia64: updates/ia64/RPMS/libxslt-1.1.11-1.c4.1.ia64.rpm updates/ia64/RPMS/libxslt-devel-1.1.11-1.c4.1.ia64.rpm updates/ia64/RPMS/libxslt-python-1.1.11-1.c4.1.ia64.rpm -- Pasi Pirhonen - [EMAIL PROTECTED] - http://pasi.pirhonen.eu/ Top-postings silently ignored -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080523/fa513d44/attachment-0001.bin -- Message: 3 Date: Fri, 23 May 2008 19:22:18 +0300 From: Pasi Pirhonen <[EMAIL PROTECTED]> Subject: [CentOS-announce] CESA-2008:0492 Important CentOS 4 ia64 gnutls -security update To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory 2008:0492 https://rhn.redhat.com/errata/RHSA-2008-0492.html The following updated files have been uploaded and are currently syncing to the mirrors: ia64: updates/ia64/RPMS/gnutls-1.0.20-4.c4.ia64.rpm updates/ia64/RPMS/gnutls-devel-1.0.20-4.c4.ia64.rpm -- Pasi Pirhonen - [EMAIL PROTECTED] - http://pasi.pirhonen.eu/ Top-postings silently ignored -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080523/6785b2ce/attachment-0001.bin -- Message: 4 Date: Fri, 23 May 2008 19:47:47 +0300 From: Pasi Pirhonen <[EMAIL PROTECTED]> Subject: [CentOS-announce] CESA-2008:0287 Important CentOS 3 s390(x) libxslt - security update To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory 2008:0287 https://rhn.redhat.com/errata/RHSA-2008-0287.html The following updated files have been uploaded and are currently syncing to the mirrors: s390: updates/s390/RPMS/libxslt-1.0.33-6.s390.rpm updates/s390/RPMS/libxslt-devel-1.0.33-6.s390.rpm updates/s390/RPMS/libxslt-python-1.0.33-6.s390.rpm s390x: updates/s390x/RPMS/libxslt-1.0.33-6.s390x.rpm updates/s390x/RPMS/libxslt-devel-1.0.33-6.s390x.rpm updates/s390x/RPMS/libxslt-pyth
Re: [CentOS] Re: RAID5 or RAID50 for database?
I'm not a fan of RAID 5 at all since it can only tolerate one failure at all. Go with raid 10 or something like that which is able to handle more than one failure. Intermittent, uncorrectable sector failures during rebuilds are becoming an increasing problem with today's drives. Rudi Ahlers wrote: Scott Silva wrote: on 5-22-2008 9:58 PM Bahadir Kiziltan spake the following: You need at least 6 drives for RAID5. I don't know if Perc 4e/Di allows configuring the RAID5. Where did you get this bit of information? You can create a raid 5 with 3 or more disks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos 3 drives is not really recommended, since if 1 dies, you'll probably loose the whole set. Rather use min 4 drives, where 1 drive is a hot spare) -- Registered Microsoft Partner My "Foundation" verse: Isa 54:17 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: samba question
On Fri, 23 May 2008, Dennis McLeod wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David chong Sent: Thursday, May 22, 2008 3:21 AM To: CentOS mailing list Subject: [CentOS] samba question Hi, I am running Centos5.1, trying to configure samba now. I am quite new in this area and hope help from the list. I could not connect to it from a windows xp pc You should really look into the Samba Mailing list.. https://lists.samba.org/mailman/listinfo/samba I only use two mailing lists (Linux that is...) Centos and Samba.. Following your thread, you likely need to add the server to the hosts and lmhosts files on your XP boxes, as was already mentioned Or simply fix DNS. If your DNS is broken, it will cause all kinds of problems. Maintaining hosts or lmhosts files for more than 1 or 2 machines is insanity. Setting up an internal DNS server is trivial compared to setting up samba. I would suggest you take the time to learn how. Hope this helps. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] small annoying problem with Ati video driver
On Fri, 2008-05-23 at 19:58 -0700, Mark Pryor wrote: > --- "Juan C. Valido" <[EMAIL PROTECTED]> > wrote: > > > I have a small annoying problem with Ati video > > driver, when Centos 5.1 > > starts and gets to the login screen the resolution > > is too high for my > > monitor (better than out of range) and it's annoying > > can I have it start > > in a lower resolution. Thanks... > > Juan, > > If you are referring to the installer, then you can > use kernel params: > > linux askmethod vga=788 (or 791) resolution=1024x768 Thanks I'll try that... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPTables help
On Sat, May 24, 2008 at 2:49 AM, Joseph L. Casale <[EMAIL PROTECTED]> wrote: > Appreciate the help, but I think I am still unsure of that last point. > If the default policy for INPUT is DROP, and a rule "allowing" traffic > is not matched, once it gets to the end it performs the default policy > action from what I have gathered now. What I meant was, if you create an user defined chain, when you get to the end of the chain without matching anything, you will get back to the original chain and resume processing there. If you get to the end of an internal chain (which are INPUT, OUTPUT and FORWARD), then the default policy will apply. Consider this example (just for illustrating the issue) # iptables -N testing # iptables -A FORWARD -d 192.168.5.88 -p tcp --dport 80 -j ACCEPT # iptables -A FORWARD -i eth0 -j testing # iptables -A testing -d 192.168.5.99 -p tcp --dport 22 -j ACCEPT # iptables -A FORWARD -d 192.168.5.77 -p tcp --dport 443 -j ACCEPT # iptables -P FORWARD DROP # iptables -nvL ... Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.88tcp dpt:80 0 0 testingall -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.77tcp dpt:443 ... Chain testing (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.99tcp dpt:22 If the packet is to HTTP in host 192.168.5.88, it will match the first rule of FORWARD and will end processing there. Otherwise, but if the packet is from eth0, it will enter the "testing" chain. If it is SSH to 192.168.5.99, then it will match the (only) rule in "testing" and will end processing there. Otherwise, it will resume processing on the third rule of FORWARD. If the packet is HTTPS to 192.168.5.77, it will match that rule, accept the packet, and end processing there. Otherwise, as it's the end of the FORWARD chain, it will use the default policy, which in this case was set to DROP (the default is ACCEPT). Is it clear now? HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPTables help
On Friday 23 May 2008 11:03, Fajar Priyanto wrote: > On Thursday 22 May 2008 22:30:29 Joseph L. Casale wrote: > > I have a dual homed server in an install for someone who is very cost > > sensitive. This server originally is being setup as an Asterisk server, > > but now the simplest thing for me to do is also set it up to provide > > internet access for the small shop as well. > > > > So it will have one external, WAN facing nic that needs all incoming > > ports except UDP 5060 and 1 -> 6 blocked for all but two ips. > > > > The internal, LAN facing NIC will need all ports except voip/dns/http > > blocked to it, and need to provide masquerading. > > > > I have limited experience with iptables and would love some guidelines. > > Any pointers would be greatly appreciated! > > Hi JLC, > There are 2 ways to implement firewall: negative list and positive list. > Looks like you want a very strict one that is positive list. > > Assuming eth0 is WAN, and eth1 is LAN (assuming 192.168.0.0/24)(please > mind the word wrap): > #Clear all rules and policies first: > iptables -P INPUT ACCEPT > iptables -P OUTPUT ACCEPT > iptables -P FORWARD ACCEPT > iptables -F > iptables -t nat -F Since you believe that he wants a very strict firewall why are you setting the default policy's to ACCEPT? Security 101, strict firewall drops everything from the start. Then you open the access you require, not the other way around. > #Give access for localhost: > iptables -I INPUT -i lo -j ACCEPT > iptables -I OUTPUT -o lo -j ACCEPT > > #To make life easier: > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > > #Allowing needed ports: > iptables -A INPUT -i eth0 -m multiport -p udp --dport 5060,1:6 -s > ipthatyouwantallow -j ACCEPT > iptables -A INPUT -i eth1 -m multiport -p udp --dport > 53,80,5060,1:6 -j ACCEPT > iptables -A OUTPUT -m multiport -p udp --dport 53 -j ACCEPT > iptables -A FORWARD -m multiport -p udp --dport 53,5060,1:6 -s > ipthatyouallow -j ACCEPT > iptables -A FORWARD -m multiport -p tcp --dport 80 -j ACCEPT First question you need to ask yourself is there any hosting services on this box that will require a connection form the WAN side. If not then you should change your input statements to allow only the LAN. You do not require the INPUT statements for packets that pass through the box as the FORWARD will handle all traffic passing through. Second question is if you are using ESTABLISHED,RELATED why are you not using NEW in the above rules? Third question is have you enables connection tracking? If you are using ESTABLISHED,RELATED then the system needs a way to keep track of the connection. If you want a 100% secure firewall then you will not allow any INPUT. All modification would have to be done from the box using a keyboard. If this is not an option then you can allow access from a trusted IP only and setup other security options. > #For masquerading: > iptables -t nat -A POSTROUTING -o eth0 -d ! 192.168.0.0/24 -j MASQUERADE If the WAN port is connected directly to the Internet then you should MASQ all out going traffic and anything that is heading to 192.168.0.0/24 should be dropped. > #For logging (troubleshooting): > iptables -A INPUT -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix > '** INPUT DROP ** ' > iptables -A FORWARD -m limit --limit 2/m --limit-burst 2 -j > LOG --log-prefix '** FORWARD DROP ** ' > iptables -A OUTPUT -m limit --limit 2/m --limit-burst 2 -j > LOG --log-prefix '** OUTPUT DROP ** ' Logging any packets that make it this far is a good idea. > #Finally dropping all other traffic (positive list firewall): > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP This should be at the top for the firewall not the ACCEPT you have there now. > #Don't forget to save it: > service iptables save > > I might make some mistakes up there, so the logging is very important. You Just a few. :) For your reading enjoyment. http://iptables.rlworkman.net/chunkyhtml/index.html -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] 40 second delay on automounts with 2.6.18-53.1.21.el5 kernel
after this latest centos 5 kernel update, i am seeing 40 second delays on automount points. nothing in the rpm changelog looks obviously related to autofs and the autofs module seems to be the same as the previous kernel. i'm starting to do some strace'ing and other debugging, but nothing has jumped out at me yet. i'm hoping someone else has seen it so i know i'm not alone :-). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 40 second delay on automounts with 2.6.18-53.1.21.el5 kernel
On Sat, May 24, 2008 12:47 pm, Joe Pruett wrote: > after this latest centos 5 kernel update, i am seeing 40 second delays on > automount points. nothing in the rpm changelog looks obviously related to > autofs and the autofs module seems to be the same as the previous kernel. > i'm starting to do some strace'ing and other debugging, but nothing has > jumped out at me yet. i'm hoping someone else has seen it so i know i'm > not alone :-). What type(s) of filesystems are you experiencing this with? I am seeing no additional delays with CIFS filesystems after the upgrade. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] read only root file system
On Saturday 24 May 2008 12:05:30 Fred Noz wrote: > Responding to a question posted earlier this month, Centos 5.1 > includes configuration files for enabling the read-only root > filesystem. Actually, all filesystems can be mounted read-only with > particular files and directories mounted on a read-write tmpfs (in > RAM). This capability comes directly from the upstream provider. > When your computer comes back up, the root and any other system > partitions will be mounted read-only. All the files and directories > listed in /etc/rwtab will be mounted read-write on a tmpfs filesystem. > You can add additional files and directories to rwtab to make them > writable after reboot. > > Note that this system is stateless. When you reboot again, everything > written to the tmpfs filesystem vanishes and the system will be > exactly as it was the last time it was booted. You could add a > writable filesystem on disk or NFS for writing files you want to > retain after rebooting. This is very interesting. Thanks for the sharing Fred. So, it's somekind of Live CD on a disk? I can't think of a practical benefit of using such system, is it to protect it from unwanted modification? Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial - Fajar, There are many practical reasons why one would want to run a Linux system, whether it be desktop or server, with a read-only root. One reason is for ease of maintenance, especially when there are many systems to maintain. You might be administering computers in a classroom, internet access point, or library and you want to be certain that after reboot, the system is exactly as it was the last time it was rebooted, even if the users mess with the system accidentally or on purpose. For example, if a user fills up the /tmp filesystem and causes the system to crash, after booting, the system will have an empty /tmp filesystem. It will not require that fsck to be run because the other filesystems were mounted read-only. This implies no risk of filesystem corruption (except due to physical failures on the disk). Not needing fsck saves time on boot. You could use read-only root on embedded systems where there is no way an administrator could get to the system to fix it. Read-only root is beneficial on a system running on flash media because this avoids having recurring writes wear out some sectors on the media. This is a practical way to run a large group of diskless systems. A single read-only root filesystem can be made available on a network from an NFS server. Many diskless clients can use this readonly-root simultaneously. Of course, this is a way to implement a live CD. In addition to easy maintenance, readonly-root adds a layer of security. The security is broken if someone gains access to the root user, but then many security protections are lost if someone gains root. Even a Database server can benefit from being run on read-only root. The data disk would certainly be mounted read-write, but there is no reason why the operating system and database application software need to be on disks mounted read-write. When an administrator wants to perform an update, upgrade, software, installation. or other system change, the administrator sets the readonly filesystems to read-write using a simple mount command. After the administrator finishes making the changes, a simple mount command (or reboot) sets the readonly filesystems back to read-only. Of course, on systems where the root and system filesystems have no physical write capability, such as on a live CD, they cannot be set to read-write. - Fred - Fred Noz [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 40 second delay on automounts with 2.6.18-53.1.21.el5 kernel
- Original message - From: "Joe Pruett" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Sat, 24 May 2008 09:47:43 -0700 (PDT) Subject: [CentOS] 40 second delay on automounts with 2.6.18-53.1.21.el5 kernel after this latest centos 5 kernel update, i am seeing 40 second delays on automount points. nothing in the rpm changelog looks obviously related to autofs and the autofs module seems to be the same as the previous kernel. i'm starting to do some strace'ing and other debugging, but nothing has jumped out at me yet. i'm hoping someone else has seen it so i know i'm not alone :-). ___ I am not seeing any delay on automount. I upgraded both NFS client and server to the 2.6.18-53.1.21.el5 kernel. - Fred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID5 or RAID50 for database?
On Fri, May 23, 2008 at 5:31 PM, Guy Boisvert <[EMAIL PROTECTED]> wrote: > Well, i respect Open Source (and your opinion) very much but your comparison > imply that you had access to Adaptec's code! Maybe you really had access, i > don't know. If it's the case, then thanks you for having shared this > knowledge. No need to see adaptec source code. Actively developed and widely used open-source projects have great success over their closed-sourced big-budgeted projects. But you are correct at one point: I do not have right to blame any vendor without a fair comparison. However, none of them tends to show theirs for a comparison. But again, according to general inclination, I have a great feeling that I am right. Besides, this is all about the philosophy of open-source. linux kernel-raid still has my vote. Nevertheless, closed-source firmwares are everywhere, should we become paranoid? Maybe one day, but today, software linux kernel-raid is a good competitor in raid world, so I think it is a good choice to be paranoid about raid-stuff. (And of course we should, it is a cheap and great redundancy and for both data safety and service continuety) As an example, IBM's SAN devices are great I think. I'd used one and loved its performance and simplicity and elasticity. No software open-source solution can easily race with it. > You're talking about failed disks or controller? > > With controller, easy with my backups (or backup card). People with no > tolerance to failing controller arrange things accordingly like i do. > > With disks, irrelevant. This is what I'm trying to explain. Even the same vendor breaks compatibility between different vendors and I'm still talking about controller cards. I have to have backup cards for all configurations I have. After using a backup card, I either have to supply a new backup for controller card or have to transfer my configuration to a new card. For external solutions, I had only managed one configuration since now so no comment/comparison on them. > Well, educate me (and maybe others) M8. I learn things everyday and i like > it. How would you do RAID10 with 3 disks? I know how to do it with at > least 4, then 6 and so on. > > As for RAID-10, more below. Do not ask me, ask linux kernel raid10 developer [2] > Well, english is neither my native language! As for reading, i'm not that > bad but i may have misunderstood what you really meant. In that case, > please forgive me! I didn't meant to be rude or anything. Please accept my apologies. I think I behaved somehow rude. No need to talk about such non-technical issued in this kind of a list :) > I agree that the compatibility is great with software RAID. However, there > are some limitations at least in performance (Bus saturation, etc). > > I "tried to read" your reference (the URL you kindly provided me, thanks) > and, quote: > > "When the top array is a RAID 0 (such as in RAID 10 and RAID 50) most > vendors omit the "+", though RAID 5+0 is clearer." > > "RAID 1+0: mirrored sets in a striped set (minimum four disks; even number > of disks) provides fault tolerance and improved performance but increases > complexity. The key difference from RAID 0+1 is that RAID 1+0 creates a > striped set from a series of mirrored drives. In a failed disk situation > RAID 1+0 performs better because all the remaining disks continue to be > used. The array can sustain multiple drive losses so long as no mirror loses > both its drives." > > > So they say, and correct me if i'm wrong, that RAID10 is a RAID 1 of RAID 0. > A mirror of stripe sets. You said it's not that, i lost you on this one. linux kernel raid10 is a combination of both raid0 and raid1, not sum of them. As developer himself says in [2] So you have 3x500GB disks and 750GB raid-volume. [2] http://neil.brown.name/blog/20040827225440 Have a nice sunday P.S.: Once more, I am sorry to steal someone's thread which is about raid5/raid50 but I am currently using raid10 in many configurations and even after some disk failures I recovered easily. So, I can honestly recommend raid10 over raid5(0) configurations. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-Samba question
My main system is a CentOS 5.1 64-bit desktop with gobs of disk and a couple of printers attached that work just fine. I have it set up with samba so my VMWare guest Windows XP can access most of the files and the printers. But, when I try to connect to the printers from a remote machine that has a Win98/WinXP dual boot, I can't see the printers at all. Both 98/XP can ping the host by IP address or by name (I've updated the host on both and the lmhost file on the 98 boot), but the 98 boot can't see the network at all, and the XP boot can't see anything on my CentOS box, although it at least sees that the box is there. Here's my smb.conf: # Global parameters [global] workgroup = MARKHOME domain master = yes preferred master = yes server string = Samba Server printcap name = /etc/printcap cups options = raw log file = /var/log/samba/%m.log max log size = 50 password server = none username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins support = yes dns proxy = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [homes] comment = Home Directories valid users = %S path = /home/%u create mask = 664 directory mask = 775 writeable = yes browseable = yes [tmp] comment = Temporary file space path = /tmp writeable = yes guest ok = yes [printers] comment = All Printers path = /var/spool/samba browseable = yes printable = yes What am I missing? Thanks. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 40 second delay on automounts with 2.6.18-53.1.21.el5 kernel
On Sat, 24 May 2008, Marko A. Jennings wrote: What type(s) of filesystems are you experiencing this with? I am seeing no additional delays with CIFS filesystems after the upgrade. for nfs mounts. i am using a centos 4 nfs server, but from running strace and enabling -d for automount, the delay seems to be before it unvokes mount so i think it is just client side. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] USBDisk question
I have an external USB drive, and when mounted, it was /media/usbdisk. When I recently tried my rsync backup, a usbdisk1 had been created...I guess by the auto-mounting (when the disk is turned on). Is there a way to remove the usbdisk1 and set it up so that the auto-mounting will use usbdisk? Or should I just leave it be? I needed to change my command line for the rsync backup to usbdisk1. Many thanks... Todd -- Ariste Software Petaluma, CA 94952 http://www.toddcary.com/aristephotography/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] resizing partition
I'm going to have to resize a partition (shrink it) to make room for more swap space. This is actually not too big of a deal, since we're not talking about a "system" partition (/, /var, /usr, etc), but one where an application resides. So I won't even have to go to "rescue" mode to do this. I can umount this thing live. (and since I'm working on it remotely, that's important). But this system was not configured with LVM. So it occurs to me, that in dealing with a non-LVM partition(s), if the swap space I want to enlarge isn't next to the partition I shrink, my options would be to: 1. Manually "move" the other partitions, probably very risky 2. Simply make a second swap space that's next to the partition I shrink. Have I got the right idea? === Al ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] resizing partition
I'm going to have to resize a partition (shrink it) to make room for more swap space. This is actually not too big of a deal, since we're not talking about a "system" partition (/, /var, /usr, etc), but one where an application resides. So I won't even have to go to "rescue" mode to do this. I can umount this thing live. (and since I'm working on it remotely, that's important). But this system was not configured with LVM. So it occurs to me, that in dealing with a non-LVM partition(s), if the swap space I want to enlarge isn't next to the partition I shrink, my options would be to: 1. Manually "move" the other partitions, probably very risky 2. Simply make a second swap space that's next to the partition I shrink. Have I got the right idea? === Al You could also create a swap file and put it in the partition you would be shrinking and use that instead of repartitioning. Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] USBDisk question
> > i have the same question > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
