RE: [CentOS] Re: Support policy CentOS 5

[Patrick Derwael]

>
> Patrick Derwael wrote:
> > */[Patrick Derwael] /*
> > The  point is that Parallel supports exactly CentOS 4.4 and 5.0, Fedora
> > 4 and 6 and RHEL 4ES and 5ES.
>
>


> Primary focus of this policy is to address the
> specific issue you are running up against

My only issue is that I want to be able to get support from Parallels, and
(I know software vendors!!) it would be too easy for them to say "Sorry,
your OS version is not supported"...


> Now, I dont know what parallel is or what you are doing there, but I
> dont belive the Vendor that only one update level is supported. Perhaps
> they have a dependancy on a specific package ( like the kernel ) - those
> are easy to lock into a version with things like yum-versionlock.

Parallels is selling virtualization products and web hosting solutions. I
was originally using a hosting package called Ensim, but Parallels bought
Ensim over a while ago. Today, due to business growth, I need to expand my
hosting capacity and to add an extra licence from Parakllels.

> > As far as my other systems are concerned, (pen testing) I will reinstall
> > them under Centos 5.2 in the coming weeks
>
> you dont need to reinstall to get from 5.0 to 5.2, if you do a yum
> update, that will bring in all the updated packages. ( remember
> 5.0+updates == 5.2 ).

I currently run Fedora 7 --> I have to rebuild brand new systems from ISOs

Thanks !



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Re: Support policy CentOS 5

[Patrick Derwael]

> Do you have a link to this application's website? Maybe we could determine
> why it might be stuck to a limited set of OS releases. If a software can't
> keep up with a limited subset of OS updates, maybe they are concerned more
> costs then security.

Scott, more info here:

http://www.parallels.com/en/pro/reqs/

Cheers


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Re: Support policy CentOS 5

[Patrick Derwael]

> But, read that table carefully. It says "CentOS 5" not "CentOS 5.0"
> "CentOS 5" tracks the current point release and is now equivalent
> to "CentOS 5.2".  Running "CentOS 5.0" means you do not receive any
> updates from a subsequent point release and are locked into the
> package versions that were current just before the release of
> CentOS 5.1.
>
> --

Bob,

Small typo it is REALLY 4.4 and 5.0

Thanks


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Re: Support policy CentOS 5

[nate]

Patrick Derwael wrote:

> My only issue is that I want to be able to get support from Parallels, and
> (I know software vendors!!) it would be too easy for them to say "Sorry,
> your OS version is not supported"...

I suggest you contact the vendor to verify whether or not CentOS 5.1
and 5.2 and onwards are supported. I suspect if they support something
as generic as "RHEL 5 ES" and they support CentOS 5.0 then they'll
support all versions of CentOS 5.0. Since CentOS 5.2 is based off
of RHEL ES 5.2.

If not, then I suggest starting a subscription of RHEL 5 ES, or
pick another software vendor that'll support you, or support
yourself. I don't recall having any issues getting support from
VMWare for ESX running CentOS guest VMs.

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Re: Support policy CentOS 5

[Patrick Derwael]

> I suggest you contact the vendor to verify whether or not CentOS 5.1
> and 5.2 and onwards are supported. I suspect if they support something
> as generic as "RHEL 5 ES" and they support CentOS 5.0 then they'll
> support all versions of CentOS 5.0. Since CentOS 5.2 is based off
> of RHEL ES 5.2.

In the past, Ensim used to be very strict on the OS version they support.
I guess Parallels would not be more flexible, but you are right, I will
double check... you never know !

>
> If not, then I suggest starting a subscription of RHEL 5 ES, or
> pick another software vendor that'll support you, or support
> yourself. I don't recall having any issues getting support from
> VMWare for ESX running CentOS guest VMs.
>
> nate

I dont expect issues at OS level (otherwise, I would go for RH), but
Parallels products can be very touchy when it comes to interaction with
OS.

Thanks

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] LVM not removing LV

[Mag Gam]

I am using RHEL 5.1 with custom kernel.


I have a LV I am trying to remove and its keep complaining its open. I
have unmounted the filesystem, lsof shows nothing, fuser shows
nothing. I am certain a reboot will fix it, but I don't know why this
occurs. Can anyone shed some light on this?

Are there some other LVM hacks I can use for this?

TIA
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Support policy CentOS 5

[Ray Leventhal]

> Do you have a link to this application's website? Maybe we could
> determine why it might be stuck to a limited set of OS releases. If a
> software can't keep up with a limited subset of OS updates, maybe they
> are concerned more with costs then security.
>
>
>   
The OP is happily incorrect on the 5.0 issue.  CentOS 5.x is fully
supported under Paralells Pro X for Linux from 10.1.0 and up (current
release is 10.3.1).  I know this because I run it on CentOS 5.2

HTH,
-Ray
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Is there a way to save the routing table permanently?

[Stephen Moccio]

You can place the statement in /etc/sysconfg/static-routes.

 

This file will be used when the network starts up.

 

  _  

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of ABBAS KHAN
Sent: Tuesday, August 19, 2008 9:38 AM
To: CentOS mailing list
Subject: [CentOS] Is there a way to save the routing table permanently?

 

I'm adding the default gateway to the route through "route add default gw
10.10.10.10" which is also shown in "route -n" but the problem is that as
soon as I restart the network through /etc/init.d/network restart; the route
sets to default one...!
SO, my question is there any way to save the modified route permanently by
hardcoding the changes?

Thanks.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a way to save the routing table permanently?

[Rob Townley]

Are you sure this is actually processed?  Do you have a working example for
CentOS 4.x or 5.x?  One that works with two NICS that would use two
different gateways to the internet?  I would like nothing more to get this
to work in a streamlined fashion.

i didn't have success with the /etc/sysconfig/static-routes  file, but maybe
i didn't specify the routes using the correct syntax?

This web page recommends a complete rewrite of the
/etc/sysconfig/network-scripts/ifup-routes script!
http://www.akadia.com/services/redhat_static_routes.html


On Fri, Aug 22, 2008 at 7:58 AM, Stephen Moccio <[EMAIL PROTECTED]> wrote:

>  You can place the statement in /etc/sysconfg/static-routes.
>
>
>
> This file will be used when the network starts up.
>
>
>  --
>
> *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On
> Behalf Of *ABBAS KHAN
> *Sent:* Tuesday, August 19, 2008 9:38 AM
> *To:* CentOS mailing list
> *Subject:* [CentOS] Is there a way to save the routing table permanently?
>
>
>
> I'm adding the default gateway to the route through "route add default gw
> 10.10.10.10" which is also shown in "route -n" but the problem is that as
> soon as I restart the network through /etc/init.d/network restart; the route
> sets to default one...!
> SO, my question is there any way to save the modified route permanently by
> hardcoding the changes?
>
> Thanks.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LVM not removing LV

[nate]

Mag Gam wrote:
> I am using RHEL 5.1 with custom kernel.
>
>
> I have a LV I am trying to remove and its keep complaining its open. I
> have unmounted the filesystem, lsof shows nothing, fuser shows
> nothing. I am certain a reboot will fix it, but I don't know why this
> occurs. Can anyone shed some light on this?
>
> Are there some other LVM hacks I can use for this?

Not really a hack but you need to deactivate it:

lvchange -a n 

Verify that it's deactivated with the lvdisplay command

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a way to save the routing table permanently?

[nate]

Rob Townley wrote:
> Are you sure this is actually processed?  Do you have a working example for
> CentOS 4.x or 5.x?  One that works with two NICS that would use two
> different gateways to the internet?  I would like nothing more to get this
> to work in a streamlined fashion.

Two default gateways in linux do not work as one might
expect. You need to do fancy stuff with the iproute2 command.

The static-routes file works fine for, static routes. Multiple gateways
is more complex then just telling the system you have them, the
system by default will use the first one available.

This article looks informative, though I've never done multiple
gateways on linux before, I always do one gateway, to a real
router(or layer 3 switch) and then do the routing from there.

http://www.linuxjournal.com/article/7291

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a way to save the routing table permanently?

[David Hrbáč]

Rob Townley napsal(a):
> Are you sure this is actually processed?  Do you have a working example for
> CentOS 4.x or 5.x?  One that works with two NICS that would use two
> different gateways to the internet?  I would like nothing more to get this
> to work in a streamlined fashion.
> 
> i didn't have success with the /etc/sysconfig/static-routes  file, but maybe
> i didn't specify the routes using the correct syntax?

Well,
I use on one of my routers in /etc/sysconfig/static-routes:
any net 192.168.36.0 netmask 255.255.255.0 gw 192.168.38.254
any net 192.168.37.0 netmask 255.255.255.0 gw 192.168.38.253

Running C4.6, route:
[EMAIL PROTECTED] ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse
Iface
212.47.23.188   0.0.0.0 255.255.255.252 U 0  00 eth0
192.168.38.00.0.0.0 255.255.255.0   U 0  00 eth1
192.168.36.0192.168.38.254  255.255.255.0   UG0  00 eth1
192.168.37.0192.168.38.253  255.255.255.0   UG0  00 eth1
0.0.0.0 212.47.23.189   0.0.0.0 UG0  00 eth0

David Hrbáč


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Growing RAID5 on CentOS 4.6

[Stephen Harris]

I have 4 disks in a RAID5 array.  I want to add a 5th.  So I
did
  mdadm --add /dev/md3 /dev/sde1
This worked but, as expected, the disk isn't being used in the raid5 array.

md3 : active raid5 sde1[4] sdd4[3] sdc3[2] sdb2[1] sda1[0]
  2930279808 blocks level 5, 64k chunk, algorithm 2 [4/4] []

So then I tried the next step:
  mdadm --grow --raid-devices=5 /dev/md3

But now I have problems...
  mdadm: Cannot set device size/shape for /dev/md3: Invalid argument

Can CentOS 4.6 grow md5 arrays?  Or is the kernel and mdadm version too
old?

( http://www.economysizegeek.com/2006/07/15/migrate-raid1-to-raid5-and-grow/
  hints that I need 2.6.17 and mdadm 2.5.2, but it's hard to know what
  the RHEL/CentOS kernel has in it 'cos version numbers no longer match)

I wonder if I could boot off a Ubuntu CD or something and grow the array
that way.  Would be annoying (many hours of server downtime)...

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LVM not removing LV

[Toby Bluhm]

nate wrote:

Mag Gam wrote:

I am using RHEL 5.1 with custom kernel.



Might be something about your custom kernel that affects lvm operations.
It could be you have a version mis-match in lvm components in your system.




I have a LV I am trying to remove and its keep complaining its open. I
have unmounted the filesystem, lsof shows nothing, fuser shows
nothing. I am certain a reboot will fix it, but I don't know why this
occurs. Can anyone shed some light on this?

Are there some other LVM hacks I can use for this?



No snapshots still present for that lv?




Not really a hack but you need to deactivate it:

lvchange -a n 

Verify that it's deactivated with the lvdisplay command



Current versions of lvm/lvremove will do that automatically.


--
Toby Bluhm
Alltech Medical Systems America, Inc.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LVM not removing LV

[Toby Bluhm]

Toby Bluhm wrote:

nate wrote:

.
.
.


Verify that it's deactivated with the lvdisplay command



Current versions of lvm/lvremove will do that automatically.




. . . but verifying is still a good idea.


--
Toby Bluhm
Alltech Medical Systems America, Inc.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum Issues with Dev groups

[Jim Perrin]

On Thu, Aug 21, 2008 at 10:45 PM, Joseph L. Casale
<[EMAIL PROTECTED]> wrote:
>>There are two times when this becomes an issue. One is on x86_64
>>systems where build deps can cross architectures, and the other is
>>when using systems like openvz/virtuozzo where the glibc is often
>>replaced or otherwise lobotomized.
>>
>>Which one is yours?
>
> Ahh, all the CentOS boxes are either x64 Xen Dom0 or U...
> What happens to glibc on these, especially in the Dom0 case where
> I hand installed the xen rpm's and glibc wasn't touched after initial update?

which xen rpms did you install? The ones from centos, or the ones from
xensource?

Generally when building for x86_64, it's best to remove all traces of
x86 packages on the system. If you're doing some cross-compiling
(building x86 on x86_64) then it's far easier to use a build utility
like mock which creates your environment for you in a separate area.
While it requires a bunch more space, it produces 'clean' rpms which
are untainted by any strays packages or source installed bits you may
have on the system.

-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix mysql_pgsql update?

[Karanbir Singh]

John Thomas wrote:

Should postfix-2.3.3-2.el5.centos.mysql_pgsql be updated for:
https://rhn.redhat.com/errata/RHSA-2008-0839.html
and, if so, may I humbly request it?


I will look into this today, at the moment the openssh issue takes 
priority! News on that front in the next few hours. I know lots of 
people are waiting for feedback on that.


Regards,

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] system-config-kickstart

[Jerry Geis]

When I run this command on centos 5.2 it just sets there nothing ever 
happens.

Any ideas? I have ran it on two centos 5.2 machines. I can control C out.
I am running it as root and a normal user both. Same thing - just sits 
there.


jerry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] RH's servers breached

[kfx]

What's the point on this for us, CentOS users ?

http://www.redhat.com/security/data/openssh-blacklist.html

Regards,
kfx
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] system-config-kickstart

[Mogens Kjaer]

Jerry Geis wrote:
When I run this command on centos 5.2 it just sets there nothing ever 
happens.


It's an X application. Can you run X programs the way you're logged in?

Mogens

--
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] OT - Offline uncorrectable sectors

[Lorenzo Quatrini]

I have few disk that have offline uncorrectables sectors;

I found on this page how to identify the sectors and force a write on them to
trigger the relocation of bad sectors on the disk:

http://smartmontools.sourceforge.net/BadBlockHowTo.txt

My question is:

since I'm too lazy to follow all the procedure, do you think that a force
rewrite of the full disk would work?

Eg. "dd if=/dev/sda pf=/dev/sda bs=512"

Shoudl this be done at runlevel 1 or offline or I can do it without too many
worries, since I'm reading and rewriting the same data on the disk?

TIA and sorry for the OT

Lorenzo Quatrini
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Various OpenGL apps crashing in CentOS 5?

[Rubin]

Hi All,

I'm experiencing odd behaviour with various OpenGL apps I'm (trying to) 
use. I have an IBM Thinkpad X60s with the Intel GMA chipset, the 945GM 
to be precise. I have glxinfo/glxgears working normally, disabled 
composite in xorg.conf and everything seems fine.


However, there are a few applications that I use that show rather 
strange behaviour that I think is related to the same underlying (as yet 
unidentified) problem. Here is my list:


* Google Earth 4.3
Installed in /opt/googleearth. Starts, but with extremely slow 
performance. Unusable, Closing the window takes about 10 seconds.


* OpenOffice 2.4.0
Installed in /opt/openoffice. Failed to start when using the "intel" or 
"i810" Xorg driver. "vesa" driver works fine. Later learned that setting 
GTK_MODULES="" works around the problem while using the "intel" or 
"i810" drivers and that it might have to do with the gnome integration 
stuff in OpenOffice.


* Maya 2008
Installed in /opt/maya. Fails to start (sig 11) when using the "intel" 
or "i810" Xorg driver. "vesa" driver works fine (but with abominable 3D 
performance obviously). A gdb backtrace tells me:

#0  0x in ?? ()
#1  0xad1e3427 in _mesa_endDispatchOverride () from /usr/lib/dri/i915_dri.so
#2  0xad1e3c54 in _mesa_make_current () from /usr/lib/dri/i915_dri.so
#3  0xad1beb18 in intelMakeCurrent () from /usr/lib/dri/i915_dri.so
#4  0xad1a4531 in __driUtilUpdateDrawableInfo () from 
/usr/lib/dri/i915_dri.so

#5  0x00aa8c5c in glXDestroyContext () from /usr/lib/libGL.so.1
#6  0x00aaae3f in glXMakeCurrentReadSGI () from /usr/lib/libGL.so.1
#7  0x00aab0e3 in glXMakeCurrent () from /usr/lib/libGL.so.1
#8  0xb48cf778 in GlXCreateMDraw () from /opt/maya/lib/lib3dGraphics.so
#9  0x07e7f4e1 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
#10 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
#11 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
#12 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
#13 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
#14 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
#15 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
#16 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
#17 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
#18 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
#19 0x07e7f91e in XtRealizeWidget () from /usr/lib/libXt.so.6
#20 0xb54900d2 in Twindow::unStow () from /opt/maya/lib/libExtensionLayer.so
#21 0xb547162e in TiceShowWindowCmd::doCommand () from 
/opt/maya/lib/libExtensionLayer.so
#22 0xb5ac16f1 in Mel_Command_Dispatch () from 
/opt/maya/lib/libCommandEngine.so

#23 0xb5ae4160 in node_exec () from /opt/maya/lib/libCommandEngine.so
#24 0xb5b060eb in fc_if () from /opt/maya/lib/libCommandEngine.so
#25 0xb5ae4160 in node_exec () from /opt/maya/lib/libCommandEngine.so
#26 0xb5ae4326 in sophia_call_executable () from 
/opt/maya/lib/libCommandEngine.so
#27 0xb5b0085a in SophiaExecutable::evaluate () from 
/opt/maya/lib/libCommandEngine.so
#28 0xb5ac6e43 in TcommandEngine::sourceFile () from 
/opt/maya/lib/libCommandEngine.so

#29 0x08059e66 in TmayaApp::initGUI ()
#30 0xb533bc10 in Tapplication::start () from 
/opt/maya/lib/libExtensionLayer.so

#31 0x08054e96 in appmain ()
#32 0x080640d6 in main ()


I'm fairly sure this has something to do with the mesa 3d driver for the 
Intel 945GM but I cannot confirm this and I would like to search 
further. Does anyone have any suggestions as to where I could look next?


Thanks in advance,

Kind regards,


Rurib.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT - Offline uncorrectable sectors

[nate]

Lorenzo Quatrini wrote:
> I have few disk that have offline uncorrectables sectors;

Ideally it should be done using the manufacturer's tools,
and really any disk that has even one bad sector that the OS
can see should not be relied upon, it should be considered a
failed disk. Disks automatically keep spare sectors that the
operating system cannot see and re-maps bad sectors to them,
if your seeing bad sectors that means that collection of
spares has been exhausted. I've never seen a disk manufacturer
not accept a disk that had bad sectors on it (that was still
under warranty) in as long as I can remember..

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Yum Issues with Dev groups

[Joseph L. Casale]

>which xen rpms did you install? The ones from centos, or the ones from
>xensource?

Rolled my own from the 3.2.0 srpm.

>Generally when building for x86_64, it's best to remove all traces of
>x86 packages on the system.

How do you do this at install? Wouldn't that be cleaner? I suppose a
rpm command with a --queryformat ARCH string would list all that is x86
and I couild pipe that into a remove command? Any ideas on how to do this
cleanly?

>If you're doing some cross-compiling
>(building x86 on x86_64) then it's far easier to use a build utility
>like mock which creates your environment for you in a separate area.
>While it requires a bunch more space, it produces 'clean' rpms which
>are untainted by any strays packages or source installed bits you may
>have on the system.

I have to learn more about mock, I just a trivial build root...

Thanks!
jlc


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT - Offline uncorrectable sectors

[Lorenzo Quatrini]

nate ha scritto:
> Lorenzo Quatrini wrote:
>> I have few disk that have offline uncorrectables sectors;
> 
> Ideally it should be done using the manufacturer's tools,
> and really any disk that has even one bad sector that the OS
> can see should not be relied upon, it should be considered a
> failed disk. Disks automatically keep spare sectors that the
> operating system cannot see and re-maps bad sectors to them,
> if your seeing bad sectors that means that collection of
> spares has been exhausted. I've never seen a disk manufacturer
> not accept a disk that had bad sectors on it (that was still
> under warranty) in as long as I can remember..
> 
> nate
> 
For what I understand Offline uncorrectable means that the sector would be
relocated the next time it is accessed for writing... so it is on a "wait for
relocation" status.
I don't know of any other way to force this relocation other tha actually
writing over the sector (a simple read doesn't trigger the relocation)...

And yes, I know that a disk with bad blocks isn't reliable, but you remember?
I'm too lazy to send my home disks back to the manufacturer ;)

Lorenzo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT - Offline uncorrectable sectors

[William L. Maltby]

On Fri, 2008-08-22 at 08:59 -0700, nate wrote:
> Lorenzo Quatrini wrote:
> > I have few disk that have offline uncorrectables sectors;
> 
> Ideally it should be done using the manufacturer's tools,

Second that!

> and really any disk that has even one bad sector that the OS
> can see should not be relied upon, it should be considered a
> failed disk. Disks automatically keep spare sectors that the
> operating system cannot see and re-maps bad sectors to them,
> if your seeing bad sectors that means that collection of
> spares has been exhausted. I've never seen a disk manufacturer

?? Uncertain about "spares has been exhausted". I recently had one SATA
drive that kept reporting a bad sector (actually grew to three). Being
inured against panic attacks by long exposure to panic-inducing
situations, I decided to let it ride a bit (it was an empty re-used
partition upon which I would mke2fs and temporarily mount and use) and
see if the number continued to grow. To this end, I ran the smart tools
extended tests, several times over a period of a week, and saw no new
ones. This was reassuring as traditionally if failure is imminent the
number tends to grow quickly. A few appearances of bad sectors early in
the drive lifetime is not an unusual occurrence and is not reason for
trade in of the drive (after all, in this case the manufacturer just
runs the repair software on it and re-sells it). It *is* a reason for
heightened caution and alertness, depending on your situation.

After deciding the drive was not in its death-throes, I downloaded the
DOS utilities from the manufacturer web site and ran the repair
utilities. No smart tools reports of bad sectors since then (about 2
months so far).

Now, I don't know (or care) if an alternate sector was assigned, just
that the sector was flagged unusable. For my use (temporary use - no
permanent or critical data) this is fine. Last several mke2fs runs have
produced the same amount of usable blocks and i-nodes, so I don't see
evidence that no spare was available.

I do expect that a few more sectors will be found as the drive ages
until the manufacturing weak areas have all aged sufficiently to cause
failures.
> not accept a disk that had bad sectors on it (that was still
> under warranty) in as long as I can remember..

If your application is critical and you still have warranty, the only
cost is inconvenience, delay and more work to get it exchanged. You will
likely receive a "reconditioned" drive though. So for me, in my
situation, the download and use of the manufacturers repair software is
better. Only bad part is instead of using floppies now, they seem to
want a CD/DVD to boot from. A minor inconvenience considering the
alternatives.

> 
> nate
> 

HTH
-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT - Offline uncorrectable sectors

[nate]

Lorenzo Quatrini wrote:

> For what I understand Offline uncorrectable means that the sector would be
> relocated the next time it is accessed for writing... so it is on a "wait
> for
> relocation" status.
> I don't know of any other way to force this relocation other tha actually
> writing over the sector (a simple read doesn't trigger the relocation)...

Not sure myself but the manufacturer's testing tools have
non destructive ways of detecting and re-mapping bad sectors.
Of course a downside to the manufacturer's tools is they often
only support a limited number of disk controllers.

It's probably been since the IBM Deathstar 75GXP that I last recall
having drives with bad sectors on them but typically at least at that
time, when the OS encountered a bad sector it didn't handle it too
gracefully, often times had to reboot the system. Perhaps the linux
kernel is more robust for those things these days (I had roughly 75%
of my 75GXP drives fail - more than 30).

Interesting that the man page for e2fsck in RHEL 4 doesn't describe
the -c option, but the man page for it in RHEL 3 does, not sure if
that is significant(RHEL4 man page mentions the option, but no
clear description of what it does). Haven't checked RHEL/CentOS 5.

from RHEL 3 manpage:
   -c This option causes e2fsck to run  the  badblocks(8)
  program  to find  any blocks which are bad on the
  filesystem, and then marks them as bad by adding
  them to the  bad  block  inode.   If  this option
  is specified twice, then the bad block scan will
  be done using a non-destructive read-write test.

So if you haven't heard of it already, try e2fsck -c  ?
I recall using this off and on about 10 years ago but found the
manufacturer's tools to be more accurate.

> And yes, I know that a disk with bad blocks isn't reliable, but you
> remember?
> I'm too lazy to send my home disks back to the manufacturer ;)

Ahh ok, I see...just keep in mind that it's quite possible the
bad sector count will continue to mount as time goes on..

good luck ..


nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT - Offline uncorrectable sectors

[Akemi Yagi]

On Fri, Aug 22, 2008 at 9:26 AM, nate <[EMAIL PROTECTED]> wrote:
> Lorenzo Quatrini wrote:

> Not sure myself but the manufacturer's testing tools have
> non destructive ways of detecting and re-mapping bad sectors.
> Of course a downside to the manufacturer's tools is they often
> only support a limited number of disk controllers.
>
> It's probably been since the IBM Deathstar 75GXP that I last recall
> having drives with bad sectors on them but typically at least at that
> time, when the OS encountered a bad sector it didn't handle it too
> gracefully, often times had to reboot the system. Perhaps the linux
> kernel is more robust for those things these days (I had roughly 75%
> of my 75GXP drives fail - more than 30).
>
> Interesting that the man page for e2fsck in RHEL 4 doesn't describe
> the -c option, but the man page for it in RHEL 3 does, not sure if
> that is significant(RHEL4 man page mentions the option, but no
> clear description of what it does). Haven't checked RHEL/CentOS 5.
>
> from RHEL 3 manpage:
>   -c This option causes e2fsck to run  the  badblocks(8)
>  program  to find  any blocks which are bad on the
>  filesystem, and then marks them as bad by adding
>  them to the  bad  block  inode.   If  this option
>  is specified twice, then the bad block scan will
>  be done using a non-destructive read-write test.
>
> So if you haven't heard of it already, try e2fsck -c  ?
> I recall using this off and on about 10 years ago but found the
> manufacturer's tools to be more accurate.
>
>> And yes, I know that a disk with bad blocks isn't reliable, but you
>> remember?
>> I'm too lazy to send my home disks back to the manufacturer ;)
>
> Ahh ok, I see...just keep in mind that it's quite possible the
> bad sector count will continue to mount as time goes on..

There is a thread on this topic in the CentOS forum:

http://www.centos.org/modules/newbb/viewtopic.php?topic_id=15880&forum=39

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT - Offline uncorrectable sectors

[William L. Maltby]

On Fri, 2008-08-22 at 18:07 +0200, Lorenzo Quatrini wrote:
> nate ha scritto:
> >

> For what I understand Offline uncorrectable means that the sector would be
> relocated the next time it is accessed for writing... so it is on a "wait for
> relocation" status.

If my memory is still good (I don't recall if it is or not!  :-) you are
correct.

> I don't know of any other way to force this relocation other tha actually
> writing over the sector (a simple read doesn't trigger the relocation)...

You can force this with dd using various seek, skip and blksize
parameters to (re)write only the desired sectors. The "if=" parameter
would reference the physical device or partition and the "skip=" would
be the offset to the sector. Be very careful and have good backups. In
fact, you could test by making an image of the partition and doing a
test run on that.

It might be a lot easier to reference the sector from start of disk, as
the reported sectors will be in reference to that.


> 
> And yes, I know that a disk with bad blocks isn't reliable, but you remember?
> I'm too lazy to send my home disks back to the manufacturer ;)

If my other post is correct, it may still be reliable (or be getting old
enough to become so).

> 
> Lorenzo
> 

HTH
-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT - Offline uncorrectable sectors

[nate]

William L. Maltby wrote:

> ?? Uncertain about "spares has been exhausted".

I don't recall where I read it, and I suppose it may be
misinformation, but it made sense at the time. The idea is
the disks are not made to hold EXACTLY the amount of blocks
that the specs are for. There are some extra blocks, that
the disk "hides" from the disk controller. The disk automatically
re-maps these hidden blocks(making them visible again). By
the time bad blocks start showing up on the OS level these
extra blocks are already full, an indication that there is
far more bad blocks on the disk than just the ones that you
can see at the OS level.

> Now, I don't know (or care) if an alternate sector was assigned, just
> that the sector was flagged unusable. For my use (temporary use - no
> permanent or critical data) this is fine. Last several mke2fs runs have
> produced the same amount of usable blocks and i-nodes, so I don't see
> evidence that no spare was available.

Note that mke2fs doesn't write over the entire disk, I doubt it
even scans the entire disk. I've used a technology called thin
provisioning where only data that is written to disk is actually
allocated on disk(e.g. you can create a 1TB volume, if you only
write 1GB to it, it only uses 1GB, allowing you to oversubscribe
the system, and dynamically grow physical storage as needed). When
allocating thinly provisioned volumes and formatting them with
mke2fs, even on multi hundred gig systems only a few megs are written
to disk(perhaps a hundred megs).

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RH's servers breached

[Rui Miguel Silva Seabra]

On Fri, Aug 22, 2008 at 05:43:08PM +0200, kfx wrote:
> What's the point on this for us, CentOS users ?
>
> http://www.redhat.com/security/data/openssh-blacklist.html

That will only test for compiled RPMS of certain OpenSSH packages.

Those RPMS have been signed by the PGP key, so either the key server or
the build server were compromised (possibly they are the same, I don't
know).

I'd do a detailed review of the SRPMS and patches during this period...

Rui

-- 
Kallisti!
Today is Prickle-Prickle, the 15th day of Bureaucracy in the YOLD 3174
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Various OpenGL apps crashing in CentOS 5?

[William L. Maltby]

On Fri, 2008-08-22 at 17:55 +0200, Rubin wrote:
> Hi All,
> 
> I'm experiencing odd behaviour with various OpenGL apps I'm (trying to) 
> use. I have an IBM Thinkpad X60s with the Intel GMA chipset, the 945GM 
> to be precise. I have glxinfo/glxgears working normally, disabled 
> composite in xorg.conf and everything seems fine.
> 
> However, there are a few applications that I use that show rather 
> strange behaviour that I think is related to the same underlying (as yet 
> unidentified) problem. Here is my list:
> 
> * Google Earth 4.3
> Installed in /opt/googleearth. Starts, but with extremely slow 
> performance. Unusable, Closing the window takes about 10 seconds.
> 
> * OpenOffice 2.4.0
> Installed in /opt/openoffice. Failed to start when using the "intel" or 
> "i810" Xorg driver. "vesa" driver works fine. Later learned that setting 
> GTK_MODULES="" works around the problem while using the "intel" or 
> "i810" drivers and that it might have to do with the gnome integration 
> stuff in OpenOffice.

CentOS 5.2 has Gnome 2.16.0 from 2/18/2007. In recent conversations with
a tech for an application I use, I believe 2.18 is the current RH
version. Maybe when this makes it to CentOS (if I'm correct and it will
be an update soon), maybe this will fix your issue.

> 

> Rurib.
> 

-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum Issues with Dev groups

[Akemi Yagi]

On Fri, Aug 22, 2008 at 9:02 AM, Joseph L. Casale
<[EMAIL PROTECTED]> wrote:
>>which xen rpms did you install? The ones from centos, or the ones from
>>xensource?
>
> Rolled my own from the 3.2.0 srpm.
>
>>Generally when building for x86_64, it's best to remove all traces of
>>x86 packages on the system.
>
> How do you do this at install? Wouldn't that be cleaner? I suppose a
> rpm command with a --queryformat ARCH string would list all that is x86
> and I couild pipe that into a remove command? Any ideas on how to do this
> cleanly?

First inspect what i386 packages are on your system:

rpm -qa --queryformat "%{name}-%{version}-%{release}.%{arch}\n" | grep i386

If you are sure you can delete all of them, then:

yum remove *.i386

will do the job.  It will ask Y/n, so look through the list before
hitting the Enter key :-D

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Is there a way to save the routing table permanently?

[Scott Silva]

on 8-22-2008 7:01 AM David Hrbáč spake the following:

Rob Townley napsal(a):

Are you sure this is actually processed?  Do you have a working example for
CentOS 4.x or 5.x?  One that works with two NICS that would use two
different gateways to the internet?  I would like nothing more to get this
to work in a streamlined fashion.

i didn't have success with the /etc/sysconfig/static-routes  file, but maybe
i didn't specify the routes using the correct syntax?


Well,
I use on one of my routers in /etc/sysconfig/static-routes:
any net 192.168.36.0 netmask 255.255.255.0 gw 192.168.38.254
any net 192.168.37.0 netmask 255.255.255.0 gw 192.168.38.253

Running C4.6, route:
[EMAIL PROTECTED] ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse
Iface
212.47.23.188   0.0.0.0 255.255.255.252 U 0  00 eth0
192.168.38.00.0.0.0 255.255.255.0   U 0  00 eth1
192.168.36.0192.168.38.254  255.255.255.0   UG0  00 eth1
192.168.37.0192.168.38.253  255.255.255.0   UG0  00 eth1
0.0.0.0 212.47.23.189   0.0.0.0 UG0  00 eth0

David Hrbáč
Static routes work fine, but having 2 default routes will not be easy in 
linux. You can't be sure that packets can find there way back to their origin.
Yours seems to work for you, but I bet it is because the packets are luckily 
getting back. It usually fails miserably.


--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Support policy CentOS 5

[Scott Silva]

on 8-22-2008 12:10 AM Patrick Derwael spake the following:




Do you have a link to this application's website? Maybe we could determine
why it might be stuck to a limited set of OS releases. If a software can't
keep up with a limited subset of OS updates, maybe they are concerned more
costs then security.


Scott, more info here:

http://www.parallels.com/en/pro/reqs/

Cheers
Strange that they show a locked version for CentOS (4.4 and 5.0), but don't 
show a locked version for RHEL (they don't show any release points for RHEL). 
I think they are under the same confusion that many other people have that 
CentOS releases are different versions and not just update sets.


If you want to be safe, drop them an e-mail and ask. If they want to sell 
software, they should help you.



--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT - Offline uncorrectable sectors

[William L. Maltby]

On Fri, 2008-08-22 at 09:33 -0700, nate wrote:
> William L. Maltby wrote:
> 
> > ?? Uncertain about "spares has been exhausted".
> 
> I don't recall where I read it, and I suppose it may be
> misinformation, but it made sense at the time. The idea is
> the disks are not made to hold EXACTLY the amount of blocks
> that the specs are for. There are some extra blocks, that
> the disk "hides" from the disk controller. The disk automatically
> re-maps these hidden blocks(making them visible again). By

That is correct. Back in the old days, we had access to a "spares"
cylinder and could manually maintain the alternate sectors table. We
could wipe it, add sectors etc.

As technology progressed, this capability disappeared and the drive
electronics and proms began taking care of it.

What I don't know (extreme lack of sufficient interest to find out so
far) is if the self-monitoring tools report a sector when a *read*
results in either a hard or soft failure and if it tries to reassign at
that time. My local evidence seems to indicate that the report is made
at read time but assignment of a spare is not made then. This because
the same three sectors kept reporting over and over.

After running the repair software, messages stopped, indicating that the
bad sector was then marked unusable and alternate sectors had been
assigned.

> the time bad blocks start showing up on the OS level these
> extra blocks are already full, an indication that there is
> far more bad blocks on the disk than just the ones that you
> can see at the OS level.

Correct.

> 
> > Now, I don't know (or care) if an alternate sector was assigned, just
> > that the sector was flagged unusable. For my use (temporary use - no
> > permanent or critical data) this is fine. Last several mke2fs runs have
> > produced the same amount of usable blocks and i-nodes, so I don't see
> > evidence that no spare was available.
> 
> Note that mke2fs doesn't write over the entire disk, I doubt it
> even scans the entire disk.

Correct, unless the check is forced. I failed to note in my previous
post that a *substantial* portion of the partition was written (which I
knew included the questionable sectors through manual math and the
nature of file system usage).

>  I've used a technology called thin
> provisioning where only data that is written to disk is actually
> allocated on disk(e.g. you can create a 1TB volume, if you only
> write 1GB to it, it only uses 1GB, allowing you to oversubscribe
> the system, and dynamically grow physical storage as needed). When
> allocating thinly provisioned volumes and formatting them with
> mke2fs, even on multi hundred gig systems only a few megs are written
> to disk(perhaps a hundred megs).

Yep. Only a few copies of the superblock and the i-node tables are
written by the file system make process. That's why it's important for
files systems in critical applications to be created with the check
forced. Folks should also keep in mind that the default check, read
only, is really not sufficient for critical situations. The full
write/read check should be forced on *new* partitions/disks.

> 
> nate
> 

-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: OT - Offline uncorrectable sectors

[Scott Silva]

on 8-22-2008 9:07 AM Lorenzo Quatrini spake the following:

nate ha scritto:

Lorenzo Quatrini wrote:

I have few disk that have offline uncorrectables sectors;

Ideally it should be done using the manufacturer's tools,
and really any disk that has even one bad sector that the OS
can see should not be relied upon, it should be considered a
failed disk. Disks automatically keep spare sectors that the
operating system cannot see and re-maps bad sectors to them,
if your seeing bad sectors that means that collection of
spares has been exhausted. I've never seen a disk manufacturer
not accept a disk that had bad sectors on it (that was still
under warranty) in as long as I can remember..

nate


For what I understand Offline uncorrectable means that the sector would be
relocated the next time it is accessed for writing... so it is on a "wait for
relocation" status.
I don't know of any other way to force this relocation other tha actually
writing over the sector (a simple read doesn't trigger the relocation)...

And yes, I know that a disk with bad blocks isn't reliable, but you remember?
I'm too lazy to send my home disks back to the manufacturer ;)


Then I hope you are not too lazy to do some proper backups!
Sending a disk back to be replaced is a lot less work then recovering a failed 
array when the disk tanks. How much is your data worth?
I know by experience that a 6 drive raid 5 array can run near $10,000 US to 
recover.


--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] A couple of minutes on GnuPG and signing files

[R P Herrold]

There has been a notice of a breach (see: CVE-2007-4752) as to 
some binary content upstream of CentOS. I do not address that 
matter here beyond stating that the CentOS team have responded 
to the matter, and will continue this review process:


updated 22 Aug 2008 CentOS acknowledge CVE-2007-4752 and are
reviewing our build and signing processes and hosts for signs
of tampering subsequent to retrieval of SRPMs

It can be hard for a person to get a capsule writeup on signed 
content, and how to verify that it is indeed authentic.  I 
have placed clearsigned content addressing this process at my 
personal domain webserver:


http://www.herrold.com/import-key-howto.txt.asc

and as an attachment to this email. I have verified that the 
copy at my site verifies.  this email.  Hopefully this attched 
writeup will transit the CentOS mailing list manager intact. 
I also include it inline below, but this may mangle the 
signature.


-- Russ herrold

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



A few minutes on using detached and clearsigned content.

In light of today's CVE-2007-4752 by the CentOS project's upstream:
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
I issue this brief piece on using GnuPG


1. View a proposed key to use, at the MIT keyserver

from: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x650D5882


2. Copy and create a local instance

[EMAIL PROTECTED] redhat]$ vi rht-key

[EMAIL PROTECTED] redhat]$ gpg --import rht-key
gpg: key 650D5882: duplicated user ID detected - merged
gpg: key 650D5882: public key "Red Hat, Inc. (Security Response Team)
<[EMAIL PROTECTED]>" imported
gpg: Total number processed: 1
gpg:   imported: 1
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0  valid:   2  signed:   5  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:   5  signed:   2  trust: 0-, 0q, 0n, 1m, 4f, 0u
gpg: next trustdb check due at 2009-03-14


3. Compute a local fingerprint of the candidate

[EMAIL PROTECTED] redhat]$ gpg --fingerprint  650D5882
pub   1024D/650D5882 2001-11-21
  Key fingerprint = 9273 2337 E5AD 3417 5265  64AB 5E54 8083 650D 5882
uid  Red Hat, Inc. (Security Response Team)
<[EMAIL PROTECTED]>
sub   2048g/7EAB9AFD 2001-11-21

[EMAIL PROTECTED] redhat]$


4. Compare and validate the fingerprint of the candidate against the RHT
statement of the same fingerprint:

http://www.redhat.com/security/team/key/


5. You do NOT need to accept a key permanently to check signed content
purportedly with it; consider the Red Hat notice at:
http://www.redhat.com/security/data/openssh-blacklist.html


6. We can retrieve the checking script

wget https://www.redhat.com/security/data/openssh-blacklist-1.0.sh

and the (presumptively) signed checksum of that file

wget https://www.redhat.com/security/data/openssh-blacklist-1.0.sh.asc

This is called a detached signature


7. And then we can validate ('--verify') that the signature and the file were
signed by a person in possession of the private key.

Hopefully that private key is itself protected, as behind one way firewalls,
and with a 'pass phrase' which matches a known public (which we retrieved
and added earlier).  This procedural security process is followed by me [one
way firewalls, and pass phrases, and other CentOS team members], along with
other measures.

[EMAIL PROTECTED] redhat]$ gpg  --verify openssh-blacklist-1.0.sh.asc \
openssh-blacklist-1.0.sh
gpg: Signature made Fri 22 Aug 2008 05:02:29 AM EDT using DSA key ID
650D5882
gpg: Good signature from "Red Hat, Inc. (Security Response Team)
<[EMAIL PROTECTED]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 9273 2337 E5AD 3417 5265  64AB 5E54 8083 650D 5882
[EMAIL PROTECTED] redhat]$


8. As we have not indicated to gpg that we permanently trust this key, gpg
adds the WARNING -- this is expected and correct under this outline.  The
validation checks out.


9. This file can be clearsigned -- the process we will follow is this:

[EMAIL PROTECTED] .gnupg]$ gpg --clearsign import-key-howto.txt

You need a passphrase to unlock the secret key for
user: "R P Herrold <[EMAIL PROTECTED]>"
1024-bit DSA key, ID 9B649644, created 2003-02-09

File`import-key-howto.txt.asc' exists. Overwrite? (y/N) y
[EMAIL PROTECTED] .gnupg]$


10. That is, import-key-howto.txt is clearsigned, and a new file, 
import-key-howto.txt.asc, is produced.  As I did it twice, to add this text,

the warning about Overwriting a file appeared.


11. This is a non-detached (clearsigned, file, and might also be tested by
retrieving the indicated key contents, and doing a '--verify'


12. As I have previously certified my own key, I can do it more simply
locally:

[EMAIL PROTECTED] .gnupg]$ gpg --verify import-key-howto.txt.asc
gpg: Signature made F

Re: [CentOS] Re: Is there a way to save the routing table permanently?

[nate]

Scott Silva wrote:

>> Kernel IP routing table
>> Destination Gateway Genmask Flags Metric RefUse
>> Iface
>> 212.47.23.188   0.0.0.0 255.255.255.252 U 0  00
>> eth0
>> 192.168.38.00.0.0.0 255.255.255.0   U 0  00
>> eth1
>> 192.168.36.0192.168.38.254  255.255.255.0   UG0  00
>> eth1
>> 192.168.37.0192.168.38.253  255.255.255.0   UG0  00
>> eth1
>> 0.0.0.0 212.47.23.189   0.0.0.0 UG0  00
>> eth0

[..]
> Yours seems to work for you, but I bet it is because the packets are luckily
> getting back. It usually fails miserably.

Except it's not :) the previous poster only has 1 default
gateway as indicated by the routing table above.

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Is there a way to save the routing table permanently?

[John R Pierce]

Scott Silva wrote:

Destination Gateway Genmask Flags Metric RefUse
Iface
212.47.23.188   0.0.0.0 255.255.255.252 U 0  0
0 eth0
192.168.38.00.0.0.0 255.255.255.0   U 0  0
0 eth1
192.168.36.0192.168.38.254  255.255.255.0   UG0  0
0 eth1
192.168.37.0192.168.38.253  255.255.255.0   UG0  0
0 eth1
0.0.0.0 212.47.23.189   0.0.0.0 UG0  0
0 eth0


David Hrbáč
Static routes work fine, but having 2 default routes will not be easy 
in linux. You can't be sure that packets can find there way back to 
their origin.
Yours seems to work for you, but I bet it is because the packets are 
luckily getting back. It usually fails miserably.


thats not two DEFAULT routes, thats simply routes to various specific 
networks via gateways on the eth1 network.


and, yes, having two routes to destination 0.0.0.0 will rarely do what 
you want.   it will, however, create all kinda messes.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] A couple of minutes on GnuPG and signing files

[R P Herrold]

On Fri, 22 Aug 2008, R P Herrold wrote:

...  Hopefully this attched writeup will transit the CentOS 
mailing list manager intact. I also include it inline below, 
but this may mangle the signature.


'attached' of course -- part of the 'orc_orc' spelling 
authenticity test. ;)


Following up on myself, under alpine, the attachment did 
indeed make it through unscathed, but the inline content 
signature was broken, as I had feared.


-- Russ herrold
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Re: Is there a way to save the routing table permanently?

[RobertH]

Hasn't this been hashed over several times in the past year to the same end
result?

:-)

It appeared to me the original issue (this time) was being able to do
primary and secondary dns on one box with different ip addresses because the
registrar needed two different ip addresses when registering a domain.

If you must do it at home and you cannot get this solution to work as you
expect, get a routed subnet on one side.

or 

...better yet, since both links appear to be residential, ask a buddy with a
colo for for access and make it the primary dns and pull secondary on your
residential, or get a VPS server or two, or something else...

Unless it is a pure don't care if down sometimes hobby, having primary and
secondary dns on last mile residential links, regardless of budget or your
reliability perceptions, is not particularly wise.

 - rh



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a way to save the routing table permanently?

[Florin Andrei]

ABBAS KHAN wrote:
I'm adding the default gateway to the route through "route add default 
gw 10.10.10.10 " which is also shown in "route -n" 
but the problem is that as soon as I restart the network through 
/etc/init.d/network restart; the route sets to default one...!
SO, my question is there any way to save the modified route permanently 
by hardcoding the changes?


It would be very nice if the init.d script would allow the sysadmin to 
do something like "service network saveroutes". I always thought that 
would be a neat feature.


It should probably go into Red Hat's bugzilla before it gets implemented.

--
Florin Andrei

http://florin.myip.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: system-config-kickstart

[Jerry Geis]

Jerry Geis wrote:
When I run this command on centos 5.2 it just sets there nothing ever 
happens.

Any ideas? I have ran it on two centos 5.2 machines. I can control C out.
I am running it as root and a normal user both. Same thing - just sits 
there.


jerry

I created a new user, logged in as that user and no was able to bring it 
up.

Not sure what happened with my default user.

Jerry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Growing RAID5 on CentOS 4.6

[Jussi Hirvi]

> So then I tried the next step:
> mdadm --grow --raid-devices=5 /dev/md3
> But now I have problems...
> mdadm: Cannot set device size/shape for /dev/md3: Invalid argument

What happens, if you add
--size=max
?

- Jussi

--
Jussi Hirvi  *  Green Spot
Topeliuksenkatu 15 C  *  00250 Helsinki  *  Finland
Tel. & fax +358 9 493 981  *  SMS +358 40 771 2098
[EMAIL PROTECTED]  *  http://www.greenspot.fi


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Growing RAID5 on CentOS 4.6

[Stephen Harris]

On Fri, Aug 22, 2008 at 08:26:01PM +0300, Jussi Hirvi wrote:
> > So then I tried the next step:
> > mdadm --grow --raid-devices=5 /dev/md3
> > But now I have problems...
> > mdadm: Cannot set device size/shape for /dev/md3: Invalid argument
> 
> What happens, if you add
> --size=max

% mdadm --grow --raid-devices=5 --size=max /dev/md3
mdadm: can change at most one of size, raiddisks, and layout

"--size=max" is for use when a failed disk is replaced with a bigger one.

Good thought, though.

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disk quotas for Sendmail

[Jussi Hirvi]

Alexander Dalloz <[EMAIL PROTECTED]> escribio (21.8.2008 16:44)
> What I would do is following: change this line in the Makefile
> 
> $(CC) $(OPTS) $(DEFINES) $(EFENCE) -o milterquota milterquota.c
> $(SENDMAIL_OBJ)/libmilter/libmilter.a $(SENDMAIL_OBJ)/libsm/libsm.a -pthread
> 
> replace $(SENDMAIL_OBJ)/libmilter/libmilter.a
> with /usr/lib64/libmilter.a
> and
> replace $(SENDMAIL_OBJ)/libsm/libsm.a
> with /usr/lib64/libsm.a  OR  /usr/lib/libsm.a (if not x86_64 but i386
> CentOS)
> 
> You need to "yum install sendmail-devel" to have these files. That
> should be sufficient.

Thanks Alex, 

You made me realize the obj.Linux is not important in itself - it's only
important to indicate where libmilter.a and libsm.a are. That was easy. On
my CentOS 5 system, the path is simply /usr/lib/.

Now milterquota is up and running. Only so far it doesn't seem to respect my
milterquota.conf. I will probably work it out soon.

Thanks also for "rpm -q --list", whoever mentioned that (I don't have that
message on my home box).

- Jussi

--
Jussi Hirvi  *  Green Spot
Topeliuksenkatu 15 C  *  00250 Helsinki  *  Finland
Tel. & fax +358 9 493 981  *  SMS +358 40 771 2098
[EMAIL PROTECTED]  *  http://www.greenspot.fi


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum Issues with Dev groups

[Joshua Baker-LePain]

On Fri, 22 Aug 2008 at 9:37am, Akemi Yagi wrote


On Fri, Aug 22, 2008 at 9:02 AM, Joseph L. Casale
<[EMAIL PROTECTED]> wrote:

which xen rpms did you install? The ones from centos, or the ones from
xensource?


Rolled my own from the 3.2.0 srpm.


Generally when building for x86_64, it's best to remove all traces of
x86 packages on the system.


How do you do this at install? Wouldn't that be cleaner? I suppose a
rpm command with a --queryformat ARCH string would list all that is x86
and I couild pipe that into a remove command? Any ideas on how to do this
cleanly?


First inspect what i386 packages are on your system:

rpm -qa --queryformat "%{name}-%{version}-%{release}.%{arch}\n" | grep i386

If you are sure you can delete all of them, then:

yum remove *.i386

will do the job.  It will ask Y/n, so look through the list before
hitting the Enter key :-D


Actually, both of those commands should be looking for i[36]86, otherwise 
you'll miss, e.g., glibc.i686.


--
Joshua Baker-LePain
QB3 Shared Cluster Sysadmin
UCSF
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Re: Is there a way to save the routing table permanently?

[nate]

RobertH wrote:
>
> Hasn't this been hashed over several times in the past year to the same end
> result?

I think so..

> It appeared to me the original issue (this time) was being able to do
> primary and secondary dns on one box with different ip addresses because the
> registrar needed two different ip addresses when registering a domain.

In which case you can get two(or more) IPs from the same ISP..


> ...better yet, since both links appear to be residential, ask a buddy with a
> colo for for access and make it the primary dns and pull secondary on your
> residential, or get a VPS server or two, or something else...
>
> Unless it is a pure don't care if down sometimes hobby, having primary and
> secondary dns on last mile residential links, regardless of budget or your
> reliability perceptions, is not particularly wise.

I've been hosting my own DNS/web/mail on my home DSL (1Mbps, 4 static
IPs) for about 7 years now, though I'm moving to a co-lo early next
month. My ISP was bought out again(3rd time..), and the new ISP says
they'll be changing my IPs later this year, so save myself some
trouble and make the jump to a local co-lo, and reduce power usage
in my apartment, and reduce noise, and reduce the amount of pain
involved in moving to a new location(co-ordinating minimal downtime),
and save about $40/mo (current 1Mbps DSL+ISP vs 1Mbps co-lo and
16Mbps cable modem).

I will miss it though, the flexibility of having static IPs and stuff
at home to be able to mess with stuff, not as much flexibility being
restricted to 1 rack unit of space at a local co-lo(short of
virtualization which I'm doing). Though I haven't really done
anything creative with it in several years.

My two name servers are right next to each other on the same subnet,
behind the same firewall, on the same physical server(two systems
are virtualized). But my availability requirements aren't as high
as say the company I work for who has four F5 global traffic managers
split between the West and East coasts of the U.S., each on a different
ISP(our internal goal is 5 nines of availability), and several
hundred servers serving data.

nate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Growing RAID5 on CentOS 4.6

[Jussi Hirvi]

>> What happens, if you add
>> --size=max

Stephen Harris <[EMAIL PROTECTED]> escribio (22.8.2008 20:27)
> % mdadm --grow --raid-devices=5 --size=max /dev/md3
> mdadm: can change at most one of size, raiddisks, and layout
> 
> "--size=max" is for use when a failed disk is replaced with a bigger one.

Ok. I haven't done raid5 - this as a disclaimer.

How about simply
% mdadm --grow /dev/md3

What do you get with
% mdadm --detail /dev/md3
?

- Jussi

--
Jussi Hirvi  *  Green Spot
Topeliuksenkatu 15 C  *  00250 Helsinki  *  Finland
Tel. & fax +358 9 493 981  *  SMS +358 40 771 2098
[EMAIL PROTECTED]  *  http://www.greenspot.fi


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Yum Issues with Dev groups

[Joseph L. Casale]

>Actually, both of those commands should be looking for i[36]86, otherwise
>you'll miss, e.g., glibc.i686.

Joshua,
Any way to simply not install them when doing an install?
jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a way to save the routing table permanently?

[Les Mikesell]

Florin Andrei wrote:

ABBAS KHAN wrote:
I'm adding the default gateway to the route through "route add default 
gw 10.10.10.10 " which is also shown in "route -n" 
but the problem is that as soon as I restart the network through 
/etc/init.d/network restart; the route sets to default one...!
SO, my question is there any way to save the modified route 
permanently by hardcoding the changes?


It would be very nice if the init.d script would allow the sysadmin to 
do something like "service network saveroutes". I always thought that 
would be a neat feature.


Routes only work when you can reach the next hop.  That is,  if you try 
to add a route through an interface that is not up, the command will 
fail and the route will not be added.  If you want a route to be added 
when an interface comes up, there is already a place to do that. 
However, as others have pointed out you shouldn't expect multiple 
concurrent default routes to do something useful - but if you have 
multiple interfaces you can configure them both to add default routes 
and bring only one up at a time.


--
  Les Mikesell
   [EMAIL PROTECTED]

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Growing RAID5 on CentOS 4.6

[Stephen Harris]

On Fri, Aug 22, 2008 at 08:41:25PM +0300, Jussi Hirvi wrote:
> How about simply
> % mdadm --grow /dev/md3

% mdadm --grow  /dev/md3
mdadm: no changes to --grow

> What do you get with
> % mdadm --detail /dev/md3

/dev/md3:
Version : 00.90.01
  Creation Time : Wed Aug 20 08:44:30 2008
 Raid Level : raid5
 Array Size : 2930279808 (2794.53 GiB 3000.61 GB)
Device Size : 976759936 (931.51 GiB 1000.20 GB)
   Raid Devices : 4
  Total Devices : 5
Preferred Minor : 3
Persistence : Superblock is persistent

Update Time : Fri Aug 22 13:56:47 2008
  State : clean
 Active Devices : 4
Working Devices : 5
 Failed Devices : 0
  Spare Devices : 1

 Layout : left-symmetric
 Chunk Size : 64K

   UUID : 8263db8a:f99c070f:349a59c2:2129ca73
 Events : 0.80605

Number   Major   Minor   RaidDevice State
   0   810  active sync   /dev/sda1
   1   8   181  active sync   /dev/sdb2
   2   8   352  active sync   /dev/sdc3
   3   8   523  active sync   /dev/sdd4

   4   8   65-  spare   /dev/sde1

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RH's servers breached

[Scott Beardsley]

> What's the point on this for us, CentOS users ?

I'd like to know if CentOS has been affected by RH's compromise. Can 
someone please comment? AFAIK, CentOS builds from RHEL SRPMs right? So 
as Rui mentioned the script that RH provided is useless. They do give 
the version info of the compromised packages:


# The signed tampered packages were:
#
# openssh-3.9p1-8.RHEL4.24 for i386, x86_64 architecture
# openssh-3.9p1-9.el4 for i386, x86_64 architecture
# openssh-4.3p2-26 for x86_64 architecture
# openssh-4.3p2-26.el5 for x86_64 architecture

Of course I have all of these on my local CentOS mirror right now. It 
would be nice to know if I'm serving compromised packages. RH doesn't 
mention whether the SRPMs were compromised. If they were I suspect 
CentOS is affected also.


Thanks in advance,
Scott
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Yum Issues with Dev groups

[Joshua Baker-LePain]

On Fri, 22 Aug 2008 at 11:41am, Joseph L. Casale wrote


Actually, both of those commands should be looking for i[36]86, otherwise
you'll miss, e.g., glibc.i686.



Any way to simply not install them when doing an install?


Unfortunately, not that I'm aware of.

--
Joshua Baker-LePain
QB3 Shared Cluster Sysadmin
UCSF
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum Issues with Dev groups

[Akemi Yagi]

On Fri, Aug 22, 2008 at 11:10 AM, Joshua Baker-LePain <[EMAIL PROTECTED]> wrote:
> On Fri, 22 Aug 2008 at 11:41am, Joseph L. Casale wrote
>
>>> Actually, both of those commands should be looking for i[36]86, otherwise
>>> you'll miss, e.g., glibc.i686.
>>
>>
>> Any way to simply not install them when doing an install?
>
> Unfortunately, not that I'm aware of.

There is a known issue with yum.  See, for example,

http://lists.centos.org/pipermail/centos-devel/2008-June/002961.html

And a newer version of yum has a fix for that:

http://lists.centos.org/pipermail/centos-devel/2008-June/002967.html

For people who are interested, yum-3.2.17-0_beta is in the *testing*
repo at this moment.

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: Google Earth, v.4.3.7284.3916 (beta) on CentOS 5.2 (32 bit)

[Lanny Marcus]

The version of Google Earth I installed last December was working
great this morning. Then, I decided to update to the latest version
and when I tried to do that with yum, I didn't have the right name for
the package (now, I think it may be "google-earth"), so I downloaded
the file (GoogleEarthLinux.bin) and installed with "sh
GoogleEarthLinux.bin"The latest version is now installed and I can
launch it, without any problem,  but, it does not seem to
work.   :-)

Does anyone have this version of Google Earth working properly on
CentOS 5.2 (32 bit)?If so, did you need to do something extra, to
get it to work? TIA!  Lanny

Google Earth
4.3.7284.3916 (beta)
Build Date
Jul 8 2008
Build Time
18:49:58
Renderer
OpenGL
Operating System
Linux (2.6.18.1)
Video Driver
Tungsten Graphics, Inc
Max Texture Size
2048x2048
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Growing RAID5 on CentOS 4.6

[Ross S. W. Walker]

Stephen Harris wrote:
> On Fri, Aug 22, 2008 at 08:41:25PM +0300, Jussi Hirvi wrote:
> > How about simply
> > % mdadm --grow /dev/md3
> 
> % mdadm --grow  /dev/md3
> mdadm: no changes to --grow
> 
> > What do you get with
> > % mdadm --detail /dev/md3
> 
> /dev/md3:

> Number   Major   Minor   RaidDevice State
>0   810  active sync   /dev/sda1
>1   8   181  active sync   /dev/sdb2
>2   8   352  active sync   /dev/sdc3
>3   8   523  active sync   /dev/sdd4
> 
>4   8   65-  spare   /dev/sde1

Stephen,

I don't think you can grow it without backing it up, destroying
it, rebuilding it with 5 devices, then restoring.

>From the man page:

   Grow   Grow  (or shrink) an array, or otherwise reshape it in some way.
  Currently supported growth options including changing the active
  size of component devices in RAID level 1/4/5/6 and changing the
  number of active devices in RAID1.

I take it to mean you can grow the segment size on all devices in the
array, say you swapped out 160GB drives with 320GB drives one by one
and now you want your array to fill up the remaining 160GB, then you
can grow it, but you can only add devices to a RAID1...

What do you think this is ZFS?

Sheesh!

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum Issues with Dev groups

[Joshua Baker-LePain]

On Fri, 22 Aug 2008 at 11:22am, Akemi Yagi wrote


On Fri, Aug 22, 2008 at 11:10 AM, Joshua Baker-LePain <[EMAIL PROTECTED]> wrote:

On Fri, 22 Aug 2008 at 11:41am, Joseph L. Casale wrote


Actually, both of those commands should be looking for i[36]86, otherwise
you'll miss, e.g., glibc.i686.



Any way to simply not install them when doing an install?


Unfortunately, not that I'm aware of.


There is a known issue with yum.  See, for example,

http://lists.centos.org/pipermail/centos-devel/2008-June/002961.html

And a newer version of yum has a fix for that:

http://lists.centos.org/pipermail/centos-devel/2008-June/002967.html

For people who are interested, yum-3.2.17-0_beta is in the *testing*
repo at this moment.


When Joseph said "when doing an install", I assumed that meant at system 
install time.  I know of no way of doing a pure x86_64 install via 
anaconda (although I'd love to be told I'm wrong on that).


For installing packages/package groups, then yum comes into the picture.

--
Joshua Baker-LePain
QB3 Shared Cluster Sysadmin
UCSF
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Growing RAID5 on CentOS 4.6

[Stephen Harris]

On Fri, Aug 22, 2008 at 02:25:20PM -0400, Ross S. W. Walker wrote:
> I don't think you can grow it without backing it up, destroying
> it, rebuilding it with 5 devices, then restoring.

You _can_... but it requires a newer kernel.  See, for example,

  http://linux-raid.osdl.org/index.php/Growing#Adding_partitions

Newer kernels have this option:

  config MD_RAID5_RESHAPE
bool "Support adding drives to a raid-5 array"
depends on MD_RAID456
default y
---help---
  A RAID-5 set can be expanded by adding extra drives. This
  requires "restriping" the array which means (almost) every
  block must be written to a different place.

  This option allows such restriping to be done while the array
  is online.


But it seems this isn't available in the CentOS 4.6 kernel.

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Growing RAID5 on CentOS 4.6

[John R Pierce]

Stephen Harris wrote:

  A RAID-5 set can be expanded by adding extra drives. This
  requires "restriping" the array which means (almost) every
  block must be written to a different place.

  This option allows such restriping to be done while the array
  is online.
  


thats also a very risky operation as its extremely difficult to make it 
restartable in case of a mishap during hte many-hours-long restriping 
operation.   I wouldn't undertake this on any production system without 
a full backup first.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a way to save the routing table permanently?

[Florin Andrei]

Les Mikesell wrote:

Florin Andrei wrote:


It would be very nice if the init.d script would allow the sysadmin to 
do something like "service network saveroutes". I always thought that 
would be a neat feature.


Routes only work when you can reach the next hop.  That is,  if you try 
to add a route through an interface that is not up, the command will 
fail and the route will not be added.  If you want a route to be added 
when an interface comes up, there is already a place to do that. 
However, as others have pointed out you shouldn't expect multiple 
concurrent default routes to do something useful - but if you have 
multiple interfaces you can configure them both to add default routes 
and bring only one up at a time.


I wasn't thinking that far. I was just considering the fairly common 
situation when you add a few static routes manually, to fix routing 
problems, and you realize that's the configuration you want to keep. And 
then it would be nice if the init.d script would just freeze the current 
static routes for you.


--
Florin Andrei

http://florin.myip.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Growing RAID5 on CentOS 4.6

[Ross S. W. Walker]

John R Pierce wrote:
> Stephen Harris wrote:
> >   A RAID-5 set can be expanded by adding extra drives. This
> >   requires "restriping" the array which means (almost) every
> >   block must be written to a different place.
> >
> >   This option allows such restriping to be done while the array
> >   is online.
> >   
> 
> thats also a very risky operation as its extremely difficult to make it 
> restartable in case of a mishap during hte many-hours-long restriping 
> operation.   I wouldn't undertake this on any production system without 
> a full backup first.

It would probably be faster to backup, rebuild and restore too...

Besides saying it is available in the latest kernels is like saying
it's available in another OS... That's nice, but does nobody here
any good.


-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Is there a way to save the routing table permanently?

[Rob Townley]

On Fri, Aug 22, 2008 at 12:12 PM, RobertH <[EMAIL PROTECTED]> wrote:

>
> Hasn't this been hashed over several times in the past year to the same end
> result?
>
> :-)
>
> It appeared to me the original issue (this time) was being able to do
> primary and secondary dns on one box with different ip addresses because
> the
> registrar needed two different ip addresses when registering a domain.


Actually, the original issue was system-config-network not keeping static IP
information (IP, SM, NS, GW) or at least not throwing a warning.  I guess i
made it digress.


>
> If you must do it at home and you cannot get this solution to work as you
> expect, get a routed subnet on one side.


i can think of many meanings for a "routed subnet" - is it something you buy
from your ISP?


>
>
> or
>
> ...better yet, since both links appear to be residential, ask a buddy with
> a
> colo for for access and make it the primary dns and pull secondary on your
> residential, or get a VPS server or two, or something else...


Actually, it is commercial cable and doable by other systems, so i am not
giving up.  i am going to start with studying "ip rules" as opposed to "ip
routes".  When the same IP configuration is on a laptop connected to both
wireless and Cat5 wired behind two different firewalls, they do not have
this problem.  Granted, these usually use dynamic connections and are not
providing critical services, but it works.  Why not for static
configurations and why doesn't system-config-network at least throw an
warning.


>
>
> Unless it is a pure don't care if down sometimes hobby, having primary and
> secondary dns on last mile residential links, regardless of budget or your
> reliability perceptions, is not particularly wise.
>
>  - rh
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Growing RAID5 on CentOS 4.6

[Stephen Harris]

On Fri, Aug 22, 2008 at 02:50:29PM -0400, Ross S. W. Walker wrote:
> It would probably be faster to backup, rebuild and restore too...

The whole reason I need to extend like this is because I don't have any
easy way of backing up 1.3Tbytes of data.

While the rebuild is happening the existing volume is still available.

> Besides saying it is available in the latest kernels is like saying
> it's available in another OS... That's nice, but does nobody here
> any good.

Well... there's the potential for me to build a kernel with the latest
vanilla sources, temporarily boot into that, extend the array and then
boot back to a supported kernel afterwards...  Maybe!

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Yum Issues with Dev groups

[Joseph L. Casale]

>> For people who are interested, yum-3.2.17-0_beta is in the *testing*
>> repo at this moment.

That fixed it! Its installing now...

>When Joseph said "when doing an install", I assumed that meant at system
>install time.  I know of no way of doing a pure x86_64 install via
>anaconda (although I'd love to be told I'm wrong on that).
>
>For installing packages/package groups, then yum comes into the picture.

Yea, I was after a way to install a x64 system only. Seems bizarre that a
facility to accomplish does not exist at install time given the requirement
exists.

Thanks guys!
jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Growing RAID5 on CentOS 4.6

[Ross S. W. Walker]

Stephen Harris wrote:
> On Fri, Aug 22, 2008 at 02:50:29PM -0400, Ross S. W. Walker wrote:
> > It would probably be faster to backup, rebuild and restore too...
> 
> The whole reason I need to extend like this is because I 
> don't have any
> easy way of backing up 1.3Tbytes of data.
> 
> While the rebuild is happening the existing volume is still available.
> 
> > Besides saying it is available in the latest kernels is like saying
> > it's available in another OS... That's nice, but does nobody here
> > any good.
> 
> Well... there's the potential for me to build a kernel with the latest
> vanilla sources, temporarily boot into that, extend the array and then
> boot back to a supported kernel afterwards...  Maybe!

Or you could just boot from a LiveCD of a distro that was this and
run a conversion there, it would make it unavailable during the
conversion though.

If the array was part of a LVM VG, you could create another 4 drive
array and add it to the VG and extend the LVs that way, or do a
pvmove and move everything from the old array to the new.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Various OpenGL apps crashing in CentOS 5?

[Vaclav Mocek]

Hi,

it is strange, I have the laptop Acer 5204 and the desktop with the same
GPU (945GM and 945G). OpenOffice and GoogleEarth work fine without any
problem. 

Vaclav

Rubin wrote:
> Hi All,
>
> I'm experiencing odd behaviour with various OpenGL apps I'm (trying
> to) use. I have an IBM Thinkpad X60s with the Intel GMA chipset, the
> 945GM to be precise. I have glxinfo/glxgears working normally,
> disabled composite in xorg.conf and everything seems fine.
>
> However, there are a few applications that I use that show rather
> strange behaviour that I think is related to the same underlying (as
> yet unidentified) problem. Here is my list:
>
> * Google Earth 4.3
> Installed in /opt/googleearth. Starts, but with extremely slow
> performance. Unusable, Closing the window takes about 10 seconds.
>
> * OpenOffice 2.4.0
> Installed in /opt/openoffice. Failed to start when using the "intel"
> or "i810" Xorg driver. "vesa" driver works fine. Later learned that
> setting GTK_MODULES="" works around the problem while using the
> "intel" or "i810" drivers and that it might have to do with the gnome
> integration stuff in OpenOffice.
>
> * Maya 2008
> Installed in /opt/maya. Fails to start (sig 11) when using the "intel"
> or "i810" Xorg driver. "vesa" driver works fine (but with abominable
> 3D performance obviously). A gdb backtrace tells me:
> #0  0x in ?? ()
> #1  0xad1e3427 in _mesa_endDispatchOverride () from
> /usr/lib/dri/i915_dri.so
> #2  0xad1e3c54 in _mesa_make_current () from /usr/lib/dri/i915_dri.so
> #3  0xad1beb18 in intelMakeCurrent () from /usr/lib/dri/i915_dri.so
> #4  0xad1a4531 in __driUtilUpdateDrawableInfo () from
> /usr/lib/dri/i915_dri.so
> #5  0x00aa8c5c in glXDestroyContext () from /usr/lib/libGL.so.1
> #6  0x00aaae3f in glXMakeCurrentReadSGI () from /usr/lib/libGL.so.1
> #7  0x00aab0e3 in glXMakeCurrent () from /usr/lib/libGL.so.1
> #8  0xb48cf778 in GlXCreateMDraw () from /opt/maya/lib/lib3dGraphics.so
> #9  0x07e7f4e1 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
> #10 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
> #11 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
> #12 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
> #13 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
> #14 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
> #15 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
> #16 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
> #17 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
> #18 0x07e7f663 in XtUnrealizeWidget () from /usr/lib/libXt.so.6
> #19 0x07e7f91e in XtRealizeWidget () from /usr/lib/libXt.so.6
> #20 0xb54900d2 in Twindow::unStow () from
> /opt/maya/lib/libExtensionLayer.so
> #21 0xb547162e in TiceShowWindowCmd::doCommand () from
> /opt/maya/lib/libExtensionLayer.so
> #22 0xb5ac16f1 in Mel_Command_Dispatch () from
> /opt/maya/lib/libCommandEngine.so
> #23 0xb5ae4160 in node_exec () from /opt/maya/lib/libCommandEngine.so
> #24 0xb5b060eb in fc_if () from /opt/maya/lib/libCommandEngine.so
> #25 0xb5ae4160 in node_exec () from /opt/maya/lib/libCommandEngine.so
> #26 0xb5ae4326 in sophia_call_executable () from
> /opt/maya/lib/libCommandEngine.so
> #27 0xb5b0085a in SophiaExecutable::evaluate () from
> /opt/maya/lib/libCommandEngine.so
> #28 0xb5ac6e43 in TcommandEngine::sourceFile () from
> /opt/maya/lib/libCommandEngine.so
> #29 0x08059e66 in TmayaApp::initGUI ()
> #30 0xb533bc10 in Tapplication::start () from
> /opt/maya/lib/libExtensionLayer.so
> #31 0x08054e96 in appmain ()
> #32 0x080640d6 in main ()
>
>
> I'm fairly sure this has something to do with the mesa 3d driver for
> the Intel 945GM but I cannot confirm this and I would like to search
> further. Does anyone have any suggestions as to where I could look next?
>
> Thanks in advance,
>
> Kind regards,
>
>
> Rurib.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum Issues with Dev groups

[Akemi Yagi]

On Fri, Aug 22, 2008 at 11:32 AM, Joshua Baker-LePain <[EMAIL PROTECTED]> wrote:
> On Fri, 22 Aug 2008 at 11:22am, Akemi Yagi wrote

 Any way to simply not install them when doing an install?
>>>
>>> Unfortunately, not that I'm aware of.
>>
>> There is a known issue with yum.  See, for example,
>>
>> http://lists.centos.org/pipermail/centos-devel/2008-June/002961.html
>>
>> And a newer version of yum has a fix for that:
>>
>> http://lists.centos.org/pipermail/centos-devel/2008-June/002967.html
>>
>> For people who are interested, yum-3.2.17-0_beta is in the *testing*
>> repo at this moment.
>
> When Joseph said "when doing an install", I assumed that meant at system
> install time.  I know of no way of doing a pure x86_64 install via anaconda
> (although I'd love to be told I'm wrong on that).

You are correct I believe.  anaconda is another story.  It might
depend on the package selection but "pure" x86_64 installation is
problematic.  If I remember correctly, even with a minimal install, a
few i386 packages were installed.

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a way to save the routing table permanently?

[Rob Townley]

On Fri, Aug 22, 2008 at 12:44 PM, Les Mikesell <[EMAIL PROTECTED]>wrote:

> Florin Andrei wrote:
>
>> ABBAS KHAN wrote:
>>
>>> I'm adding the default gateway to the route through "route add default gw
>>> 10.10.10.10 " which is also shown in "route -n" but
>>> the problem is that as soon as I restart the network through
>>> /etc/init.d/network restart; the route sets to default one...!
>>> SO, my question is there any way to save the modified route permanently
>>> by hardcoding the changes?
>>>
>>
>> It would be very nice if the init.d script would allow the sysadmin to do
>> something like "service network saveroutes". I always thought that would be
>> a neat feature.
>>
>
> Routes only work when you can reach the next hop.  That is,  if you try to
> add a route through an interface that is not up, the command will fail and
> the route will not be added.  If you want a route to be added when an
> interface comes up, there is already a place to do that. However, as others
> have pointed out you shouldn't expect multiple concurrent default routes to
> do something useful - but if you have multiple interfaces you can configure
> them both to add default routes and bring only one up at a time.
>
> --
>  Les Mikesell
>   [EMAIL PROTECTED]
>
>
;Are you suggesting the following?
;assume eth1 is a better ISP than eth0
ifdown eth0
ifup eth1
ISP on eth1 goes down
automagically detect down ISP on eth1, so
ifdown eth1
ifup eth0
automagically detect ISP back up on eth1, so
ifdown eth0 again
;That isn't gonna fly.

Looks like nate pointed out the right journal article and looks very
promising.  Will let you know how it goes.

"Source-based routing capabilities are common on high end networking gear,
but they rarely are seen or utilized in server environments. Linux has
excellent but poorly understood source-based routing support. The whole
universe of advanced Linux routing and traffic shaping is well described at
lartc.org."

ip rules and ip route priority are key.




>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Growing RAID5 on CentOS 4.6

[Stephen Harris]

On Fri, Aug 22, 2008 at 03:05:30PM -0400, Ross S. W. Walker wrote:
> Stephen Harris wrote:

> Or you could just boot from a LiveCD of a distro that was this and
> run a conversion there, it would make it unavailable during the
> conversion though.

*grin*  My first email on this subject...
  
  I wonder if I could boot off a Ubuntu CD or something and grow the array
  that way.  Would be annoying (many hours of server downtime)...


> If the array was part of a LVM VG, you could create another 4 drive
> array and add it to the VG and extend the LVs that way, or do a
> pvmove and move everything from the old array to the new.

Well, it _is_...  the old array was 4*500Gb.  The new array is 5*1Tb.
In each I've built a single VG/LV.  But my machine can't handle 9 SATA
disks (power, controller limitations, space).  So what I did was use one
of the TByte disks to copy the data, built the other 4 into an array,
copied the data from the last disk onto the array and then... failed to
extend the array.

I still have the old 4*500GB on a shelf, but I don't have anything I can
plug it into.

(My other option is to buy a couple of SATA controllers, build a second
machine then transfer data over the network)

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RH's servers breached

[Jim Perrin]

On Fri, Aug 22, 2008 at 1:59 PM, Scott Beardsley <[EMAIL PROTECTED]> wrote:
>> What's the point on this for us, CentOS users ?
>
> I'd like to know if CentOS has been affected by RH's compromise. Can someone
> please comment? AFAIK, CentOS builds from RHEL SRPMs right? So as Rui
> mentioned the script that RH provided is useless. They do give the version
> info of the compromised packages:


Russ has posted some information about this to planet.centos.org, but
basically at this point it does not appear to affect the CentOS
population. Karanbir has been crawling through the build system to
verify this, and we may release an announcement about this later.

 If you want to check this out on your own, see ->
http://www.securiteam.com/exploits/5MP0E20CAM.html for details, or for
the short version run 'strings /usr/sbin/sshd | grep bella'



-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Growing RAID5 on CentOS 4.6

[Ross S. W. Walker]

Stephen Harris wrote:
> On Fri, Aug 22, 2008 at 03:05:30PM -0400, Ross S. W. Walker wrote:
> > Stephen Harris wrote:
> 
> > Or you could just boot from a LiveCD of a distro that was this and
> > run a conversion there, it would make it unavailable during the
> > conversion though.
> 
> *grin*  My first email on this subject...
>   
>   I wonder if I could boot off a Ubuntu CD or something and grow the array
>   that way.  Would be annoying (many hours of server downtime)...

I wouldn't use Ubuntu or any Debian based distro cause it's EVMS just
might bugger up the LVM config...

Try Fedora or OpenSuse they use straight LVM.

> > If the array was part of a LVM VG, you could create another 4 drive
> > array and add it to the VG and extend the LVs that way, or do a
> > pvmove and move everything from the old array to the new.
> 
> Well, it _is_...  the old array was 4*500Gb.  The new array is 5*1Tb.
> In each I've built a single VG/LV.  But my machine can't handle 9 SATA
> disks (power, controller limitations, space).  So what I did was use one
> of the TByte disks to copy the data, built the other 4 into an array,
> copied the data from the last disk onto the array and then... failed to
> extend the array.
> 
> I still have the old 4*500GB on a shelf, but I don't have anything I can
> plug it into.
> 
> (My other option is to buy a couple of SATA controllers, build a second
> machine then transfer data over the network)

Instead of a second machine, how about an external disk enclosure?

You can get them rack mountable or tower based. Look for a nice
15 drive enclosure, then you have room to build 2 arrays...

A nice hardware RAID card with battery backed cache would make
the arrays scream too, for RAID5/6 I always go hardware with
BBU Cache. I almost always do the OS disks as software RAID1.

Hey with the enclosure going you can use the internal drives
for volume snapshots and be able to keep quite a few without
killing the storage performance.


-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Growing RAID5 on CentOS 4.6

[Stephen Harris]

On Fri, Aug 22, 2008 at 03:31:31PM -0400, Ross S. W. Walker wrote:
> I wouldn't use Ubuntu or any Debian based distro cause it's EVMS just
> might bugger up the LVM config...

Huh.  Dunno what EVMS is, but thanks for the warning!

> Instead of a second machine, how about an external disk enclosure?
> 
> You can get them rack mountable or tower based. Look for a nice
> 15 drive enclosure, then you have room to build 2 arrays...

This is a home server; I'm not made of money :-)

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Is there a way to save the routing table permanently?

[Scott Silva]

on 8-22-2008 10:01 AM nate spake the following:

Scott Silva wrote:


Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse
Iface
212.47.23.188   0.0.0.0 255.255.255.252 U 0  00
eth0
192.168.38.00.0.0.0 255.255.255.0   U 0  00
eth1
192.168.36.0192.168.38.254  255.255.255.0   UG0  00
eth1
192.168.37.0192.168.38.253  255.255.255.0   UG0  00
eth1
0.0.0.0 212.47.23.189   0.0.0.0 UG0  00
eth0


[..]

Yours seems to work for you, but I bet it is because the packets are luckily
getting back. It usually fails miserably.


Except it's not :) the previous poster only has 1 default
gateway as indicated by the routing table above.

nate

That is what I get for a half-a$$ed read and a quick response.

--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a way to save the routing table permanently?

[Les Mikesell]

Rob Townley wrote:



Routes only work when you can reach the next hop.  That is,  if you
try to add a route through an interface that is not up, the command
will fail and the route will not be added.  If you want a route to
be added when an interface comes up, there is already a place to do
that. However, as others have pointed out you shouldn't expect
multiple concurrent default routes to do something useful - but if
you have multiple interfaces you can configure them both to add
default routes and bring only one up at a time.


;Are you suggesting the following?
;assume eth1 is a better ISP than eth0
ifdown eth0
ifup eth1
ISP on eth1 goes down
automagically detect down ISP on eth1, so
ifdown eth1
ifup eth0
automagically detect ISP back up on eth1, so
ifdown eth0 again
;That isn't gonna fly. 



The 'right' way to use multiple ISP's is to configure BGP routing with 
all of them so you learn the best routes to any destination.  However 
that is non-trivial to set up and maintain and requires a large block of 
public IP addresses.


I haven't read the whole thread here - what problem are you trying to solve?

--
  Les Mikesell
[EMAIL PROTECTED]

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Growing RAID5 on CentOS 4.6

[Ross S. W. Walker]

Stephen Harris wrote:
> On Fri, Aug 22, 2008 at 03:31:31PM -0400, Ross S. W. Walker wrote:
> > I wouldn't use Ubuntu or any Debian based distro cause it's EVMS just
> > might bugger up the LVM config...
> 
> Huh.  Dunno what EVMS is, but thanks for the warning!

EVMS is like a storage management framework, that lvm is just a component
of. It's very ambitious, but also very complex, and it writes out it's
own meta-data for volumes that are managed by it.

> > Instead of a second machine, how about an external disk enclosure?
> > 
> > You can get them rack mountable or tower based. Look for a nice
> > 15 drive enclosure, then you have room to build 2 arrays...
> 
> This is a home server; I'm not made of money :-)

Ah, Ok, well a JBOD enclosure needn't break the bank, especially
if it's an empty one. Google around and you can probably find a
white box JBOD enclosure that fits your budget. There are even
nice desktop enclosures with 4x SATA/SAS connectors for 6 or 8
drives.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Google Earth, v.4.3.7284.3916 (beta) on CentOS 5.2 (32 bit)

[MHR]

On Fri, Aug 22, 2008 at 11:22 AM, Lanny Marcus <[EMAIL PROTECTED]> wrote:
> The version of Google Earth I installed last December was working
> great this morning. Then, I decided to update to the latest version
> and when I tried to do that with yum, I didn't have the right name for
> the package (now, I think it may be "google-earth"), so I downloaded
> the file (GoogleEarthLinux.bin) and installed with "sh
> GoogleEarthLinux.bin"The latest version is now installed and I can
> launch it, without any problem,  but, it does not seem to
> work.   :-)
>

Where did you get this?

mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RH's servers breached

[Paul Norton]

On Aug 22, 2008, at 12:25 PM, Jim Perrin wrote:


Russ has posted some information about this to planet.centos.org, but
basically at this point it does not appear to affect the CentOS
population. Karanbir has been crawling through the build system to
verify this, and we may release an announcement about this later.


I see an announcement for the packages on the announce list, but no  
more informamtion anywhere from the CentOS team (Planet or ML).  Are  
these packages "just to be safe" or was there something actually found?


--
Paul Norton
Systems Administrator
Neoverve - www.neoverve.com
Neoverve Blog - http://blog.neoverve.com/

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RH's servers breached

[Lance Davis]

On Fri, 22 Aug 2008, Paul Norton wrote:


On Aug 22, 2008, at 12:25 PM, Jim Perrin wrote:


Russ has posted some information about this to planet.centos.org, but
basically at this point it does not appear to affect the CentOS
population. Karanbir has been crawling through the build system to
verify this, and we may release an announcement about this later.


I see an announcement for the packages on the announce list, but no more 
informamtion anywhere from the CentOS team (Planet or ML).  Are these 
packages "just to be safe" or was there something actually found?


We have released updated packages because updated packages have been 
released upstream.


We have no reason to believe that any CentOS servers, packages or 
keys have been compromised.


We have been completing a full audit of our build systems that has so 
far not shown any evidence of any issues.


Regards
Lance

--
uklinux.net -
The ISP of choice for the discerning Linux user.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RH's servers breached

[Jim Perrin]

On Fri, Aug 22, 2008 at 5:15 PM, Paul Norton <[EMAIL PROTECTED]> wrote:

> I see an announcement for the packages on the announce list, but no more
> informamtion anywhere from the CentOS team (Planet or ML).  Are these
> packages "just to be safe" or was there something actually found?

There's a CVE associated with a different (unrelated) bug in how ssh
handled forwarded x11 sessions. The upstream announcement is here ->
http://rhn.redhat.com/errata/RHSA-2008-0855.html.

So there are new packages anyway in spite of the other bits.


-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS position on systems intrusion at Red Hat

[Karanbir Singh]

Earlier in the day today Red Hat made an announcement [1] that there had been an
intrusion into some of their computer systems last week. In the same
announcement they mention that some of the packages for OpenSSH on RHEL-4 ( i386
and x86_64 ) as well as RHEL-5 ( x86_64 ) were signed by the intruder. In their
announcement they also clarified that they were confident that none of these,
potentially compromised, packages made their way into or through RHN to client
and customer machines. As a security measure a script [3] was made available
along with a semi-detailed description of the issue [2].

We take security issues very seriously, and as soon as we were made aware of the
situation I undertook a complete audit of the entire CentOS4/5 Build and Signing
infrastructure. We can now assure everyone that no compromise has taken place
anywhere within the CentOS Infrastructure. Our entire setup is located behind
multiple firewalls, and only accessible from a very small number of
places, by only a few people. Also included in this audit were all entry points
to the build services, signing machines, primary release machines and
connectivity between all these hosts.

Since OpenSSH is a critical component of any Linux machine, we considered it
essential to audit the last two released package sets (
openssh-4.3p2-26.el5.src.rpm, openssh-4.3p2-26.el5_2.1.src.rpm ). I have just
finished this code audit, and can assure everyone that there is no compromised
code included in either of these packages. A similar check is also being done
for the CentOS-4 sources.

Packages released today, by upstream, ( based on :
openssh-4.3p2-26.el5_2.1.src.rpm, openssh-3.9p1-11.el4_7.src.rpm ) address two
issues. Firstly they contain a fix for
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752 . And secondly, in
the remote event that someone had indeed got compromised packages via RHN, their
packages would get updated to a known good state. We wanted to get these
packages out right away to address the first issue, and also to cover users
converting non updated RHEL installs to CentOS in the next few weeks/months.
Release of these packages into the mirror.centos.org network does *not* imply
that CentOS users are affected by the intrusion at Red Hat.

Finally, while we feel confident that there is no possibility of this compromise
having been passed onto the CentOS userbase, we still encourage users to verify
their packages independently using whatever resources they might have available.

--

[1]: https://rhn.redhat.com/errata/RHSA-2008-0855.html

[2]: http://www.redhat.com/security/data/openssh-blacklist.html

[3]: https://www.redhat.com/security/data/openssh-blacklist-1.0.sh :Its
important to note that this script *only* checks for packages built within
Red Hat, and will *not* be a reliable source of verification on CentOS since we
rebuild from sources, using no Red Hat binary.

-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, [EMAIL PROTECTED]

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Google Earth, v.4.3.7284.3916 (beta) on CentOS 5.2 (32 bit)

[Lanny Marcus]

On Fri, Aug 22, 2008 at 3:48 PM, MHR <[EMAIL PROTECTED]> wrote:
> On Fri, Aug 22, 2008 at 11:22 AM, Lanny Marcus <[EMAIL PROTECTED]> wrote:
>> The version of Google Earth I installed last December was working
>> great this morning. Then, I decided to update to the latest version
>> and when I tried to do that with yum, I didn't have the right name for
>> the package (now, I think it may be "google-earth"), so I downloaded
>> the file (GoogleEarthLinux.bin) and installed with "sh
>> GoogleEarthLinux.bin"The latest version is now installed and I can
>> launch it, without any problem,  but, it does not seem to
>> work.   :-)

> Where did you get this?

Mark: I got it from google.com   I have google among my yum
repositories, but I couldn't remember what the package was called, so
I
couldn't  "yum update" and I downloaded and installed their file, but
it won't go. It isn't getting any date from the Google Earth servers.
That
worked perfectly, with the older version I had been using. Lanny
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LVM not removing LV

[Mag Gam]

I can't even deactivate it.

On Fri, Aug 22, 2008 at 10:33 AM, Toby Bluhm <[EMAIL PROTECTED]> wrote:
> Toby Bluhm wrote:
>>
>> nate wrote:
>
> .
> .
> .
>>>
>>> Verify that it's deactivated with the lvdisplay command
>>>
>>
>> Current versions of lvm/lvremove will do that automatically.
>>
>
>
> . . . but verifying is still a good idea.
>
>
> --
> Toby Bluhm
> Alltech Medical Systems America, Inc.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Google Earth, v.4.3.7284.3916 (beta) on CentOS 5.2 (32 bit)

[Lanny Marcus]

On Fri, Aug 22, 2008 at 6:49 PM, Lanny Marcus <[EMAIL PROTECTED]> wrote:
> On Fri, Aug 22, 2008 at 3:48 PM, MHR <[EMAIL PROTECTED]> wrote:
>> On Fri, Aug 22, 2008 at 11:22 AM, Lanny Marcus <[EMAIL PROTECTED]> wrote:
>>> The version of Google Earth I installed last December was working
>>> great this morning. Then, I decided to update to the latest version
>>> and when I tried to do that with yum, I didn't have the right name for
>>> the package (now, I think it may be "google-earth"), so I downloaded
>>> the file (GoogleEarthLinux.bin) and installed with "sh
>>> GoogleEarthLinux.bin"The latest version is now installed and I can
>>> launch it, without any problem,  but, it does not seem to
>>> work.   :-)
>
>> Where did you get this?
>
> Mark: I got it from google.com   I have google among my yum
> repositories, but I couldn't remember what the package was called, so
> I
> couldn't  "yum update" and I downloaded and installed their file, but
> it won't go. It isn't getting any date from the Google Earth servers.
> That
> worked perfectly, with the older version I had been using. Lanny
>

I tried to install google-earth with yum but either that isn't the
name of the package or it is not available in the Google repository.
Then, I did some reading on the Google site. Question: How do I
determine whether or not the CPU in this box (I think it's an Intel
Celeron 2.6 GHz) supports SSE2 or not? I suspect the CPU does *not*
support SSE2.   Posting some information below:

>Hi Folks,

>After taking a peek and looking at some of the issues in this thread:

>http://groups.google.com/group/earth-linux/browse_thread/thread/b2a5e...

>I thought you guys deserved an update. The long and short of it is
>that Google Earth 4.3 only works in Linux on machines with processors
>that support SSE2. This means a P4, A64, or greater is now required. I
>too was sad to see my little Athlon XP-M machine unable to run 4.3
>with all of it's beautiful sunlight and atmosphere effects.

>However, I'd like to let you know that we're aware of this and we're
>looking into getting 4.2 available for you folks!

>Thanks for your patience,
>ERR

[EMAIL PROTECTED] ~]$ sudo yum install google-earth
Password:
Loading "priorities" plugin
Loading "fastestmirror" plugin
Loading mirror speeds from cached hostfile
* google: dl.google.com
* rpmforge: apt.sw.be
* extras: mirrors.liquidweb.com
* updates: ftp.usf.edu
* base: styx.biochem.wfubmc.edu
* addons: mirror.linux.duke.edu
* adobe-linux-i386: linuxdownload.adobe.com
282 packages excluded due to repository priority protections
Setting up Install Process
Parsing package install arguments
No package google-earth available.
Nothing to do
[EMAIL PROTECTED] ~]$
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Google Earth, v.4.3.7284.3916 (beta) on CentOS 5.2 (32 bit) (SOLVED)

[Lanny Marcus]

On Fri, Aug 22, 2008 at 8:00 PM, Lanny Marcus <[EMAIL PROTECTED]> wrote:
> On Fri, Aug 22, 2008 at 6:49 PM, Lanny Marcus <[EMAIL PROTECTED]> wrote:
>> On Fri, Aug 22, 2008 at 3:48 PM, MHR <[EMAIL PROTECTED]> wrote:
>>> On Fri, Aug 22, 2008 at 11:22 AM, Lanny Marcus <[EMAIL PROTECTED]> wrote:
 The version of Google Earth I installed last December was working
 great this morning. Then, I decided to update to the latest version
 and when I tried to do that with yum, I didn't have the right name for
 the package (now, I think it may be "google-earth"), so I downloaded
 the file (GoogleEarthLinux.bin) and installed with "sh
 GoogleEarthLinux.bin"The latest version is now installed and I can
 launch it, without any problem,  but, it does not seem to
 work.   :-)
>>
>>> Where did you get this?
>>
>> Mark: I got it from google.com   I have google among my yum
>> repositories, but I couldn't remember what the package was called, so
>> I
>> couldn't  "yum update" and I downloaded and installed their file, but
>> it won't go. It isn't getting any date from the Google Earth servers.
>> That
>> worked perfectly, with the older version I had been using. Lanny
>>
>
> I tried to install google-earth with yum but either that isn't the
> name of the package or it is not available in the Google repository.
> Then, I did some reading on the Google site. Question: How do I
> determine whether or not the CPU in this box (I think it's an Intel
> Celeron 2.6 GHz) supports SSE2 or not? I suspect the CPU does *not*
> support SSE2.   Posting some information below:
>
>>Hi Folks,
>
>>After taking a peek and looking at some of the issues in this thread:
>
>>http://groups.google.com/group/earth-linux/browse_thread/thread/b2a5e...
>
>>I thought you guys deserved an update. The long and short of it is
>>that Google Earth 4.3 only works in Linux on machines with processors
>>that support SSE2. This means a P4, A64, or greater is now required. I
>>too was sad to see my little Athlon XP-M machine unable to run 4.3
>>with all of it's beautiful sunlight and atmosphere effects.
>
>>However, I'd like to let you know that we're aware of this and we're
>>looking into getting 4.2 available for you folks!
>
>>Thanks for your patience,
>>ERR


SOLVED. I went back to the previous version of Google Earth for Linux.
It must be that the Celeron CPU does *not* support SSE2. Previous
version works great.  :-)

Google Earth
4.2.0205.5730
Build Date
Nov 13 2007
Build Time
17:50:46
Renderer
OpenGL
Operating System
Linux (2.6.18.1)
Video Driver
Tungsten Graphics, Inc
Max Texture Size
2048x2048
Server
kh.google.com
User
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LVM not removing LV

[nate]

Mag Gam wrote:
> I can't even deactivate it.

Can you post output of

lvdisplay -v 
vgdisplay -v
mount

Not sure what to suggest at this point I've never
had lvremove not work for me, though my lvms have
always been setup in a real basic configuration.

nate



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Google Earth, v.4.3.7284.3916 (beta) on CentOS 5.2 (32 bit)

[John R Pierce]

Lanny Marcus wrote:

 Question: How do I
determine whether or not the CPU in this box (I think it's an Intel
Celeron 2.6 GHz) supports SSE2 or not? I suspect the CPU does *not*
support SSE2.  



this gets fun.  AFAIK, there's several generations of Celerons and its 
quite frustrating to tell them apart from purely a clock speed.


The original Celerons were based on cache reduced P2 Deschutes, and 
later P3 Coppermine, these had 66Mhz busses, and used socket 370 (or 
even Slot 1 for the oldest versions).   These had MMX and/or SSE 
depending on the age.


there were Celerons from 2.0 to 2.8Ghz that were 478 pin 400Mhz FSB, and 
P4 "Northwood" generation technology.I do believe these are  SSE2 
but I'm having trouble finding definitive documentation of this.


there are also Celeron "D" that are Prescott and can be either socket 
478 or LGA775 and run from 2.13 up to 3.33Ghz, using a 533Mhz FSB, these 
have SSE3.



and nowdays, there are celerons that are based on Core   really 
really confusing.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Adding new Hard disk to server with RAID-5

[Lunix1618]

Hi all,

I have Dell 2950 III with RAID-5 installed and managed by hardware Raid 
controller, I also use LVM when install CentOS. Now I get more 03 Hard 
disk and I would like to add it in to the running system. My question is:


1) if new hard disks add in to the machine, I have to rebuild the RAID 
volume with RAID management (raid controller) and the volume will be 
expanded, but is that make any problem to LVM at OS level ?


2) if (1's) answer is YES, what I need to do to prevent trouble occur ?

If any one exprience or know the place can help me start pls share. 
Sorry for the dumb question but I never did this before as a newbie 
Linux admin - I am 'handmade' formerWindows admin


Thanks for your help.
regards.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Adding new Hard disk to server with RAID-5

[Chris Brentano]

#1.) It should just appear as unpartitioned space to the OS. You can  
then partition it and add that partition to one of your LVs, and then  
use the LVM and ext filesystem tools to grow your existing LV and then  
resize the filesystem to fit.


Good articles on LVM:
- http://kbase.redhat.com/faq/FAQ_96_4842.shtm
- http://www.linux.com/base/ldp/howto/LVM-HOWTO/extendlv.html
- http://tldp.org/HOWTO/LVM-HOWTO/extendlv.html
- http://www.netadmintools.com/art367.html

Once you learn to use LVM to your advantage you will wonder how you  
ever got along without it. :) Especially when you start dealing with  
DAS and storage shelves, etc.


- Chris


On 22 Aug, 2008, at 7:35 PM, Lunix1618 wrote:


Hi all,

I have Dell 2950 III with RAID-5 installed and managed by hardware  
Raid

controller, I also use LVM when install CentOS. Now I get more 03 Hard
disk and I would like to add it in to the running system. My  
question is:


1) if new hard disks add in to the machine, I have to rebuild the RAID
volume with RAID management (raid controller) and the volume will be
expanded, but is that make any problem to LVM at OS level ?

2) if (1's) answer is YES, what I need to do to prevent trouble  
occur ?


If any one exprience or know the place can help me start pls share.
Sorry for the dumb question but I never did this before as a newbie
Linux admin - I am 'handmade' formerWindows admin

Thanks for your help.
regards.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB drive detected, but nothing gets mounted.

[Mark Hull-Richter]

On Wed, 2008-08-20 at 10:46 -0700, nate wrote:
> MHR wrote:
> 
> > So, is this a bug in the automounter?  Is there a reason why a
> > removable (flash) drive MUST have a label for the automounter to see
> > it?  This doesn't happen with flash memory cards (compact flash, SD),
> > just USB flash (disk) drives.  Seems funky
> 
> Anything in the logs?
> 
> nate
> 
I didn't think to look then, and I can't find anything there now.

Interesting side note: I have another drive that (still) has no label,
amd CentOS mounts that one as /media/disk every time.  Go figure.

mhr


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB drive detected, but nothing gets mounted.

[Anne Wilson]

On Saturday 23 August 2008 07:28:22 Mark Hull-Richter wrote:
> On Wed, 2008-08-20 at 10:46 -0700, nate wrote:
> > MHR wrote:
> > > So, is this a bug in the automounter?  Is there a reason why a
> > > removable (flash) drive MUST have a label for the automounter to see
> > > it?  This doesn't happen with flash memory cards (compact flash, SD),
> > > just USB flash (disk) drives.  Seems funky
> >
> > Anything in the logs?
> >
> > nate
>
> I didn't think to look then, and I can't find anything there now.
>
> Interesting side note: I have another drive that (still) has no label,
> amd CentOS mounts that one as /media/disk every time.  Go figure.
>
Maybe the drive that doesn't mount doesn't announce itself correctly?  Rather 
like the problem with some monitors.  I believe I have read of such problems, 
but can't remember where.  For automounting to work some info has to be read 
from the drive, I believe, so this does seem a possibility.

Anne


signature.asc
Description: This is a digitally signed message part.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB drive detected, but nothing gets mounted.

[Ric Moore]

On Sat, 2008-08-23 at 07:45 +0100, Anne Wilson wrote:
> On Saturday 23 August 2008 07:28:22 Mark Hull-Richter wrote:
> > On Wed, 2008-08-20 at 10:46 -0700, nate wrote:
> > > MHR wrote:
> > > > So, is this a bug in the automounter?  Is there a reason why a
> > > > removable (flash) drive MUST have a label for the automounter to see
> > > > it?  This doesn't happen with flash memory cards (compact flash, SD),
> > > > just USB flash (disk) drives.  Seems funky
> > >
> > > Anything in the logs?
> > >
> > > nate
> >
> > I didn't think to look then, and I can't find anything there now.
> >
> > Interesting side note: I have another drive that (still) has no label,
> > amd CentOS mounts that one as /media/disk every time.  Go figure.
> >
> Maybe the drive that doesn't mount doesn't announce itself correctly?  Rather 
> like the problem with some monitors.  I believe I have read of such problems, 
> but can't remember where.  For automounting to work some info has to be read 
> from the drive, I believe, so this does seem a possibility.

Would you believe that I got that Xvfb issue resolved by installing
CentOS??  Ric


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos