Re: [CentOS] DRBD very slow....

[Roman Savelyev]

No way in 8.2
It's a socket option, managed well in 8.3 and later releases.
If you don't hav large amount of very small syncronius writes, you don't 
need it.
- Original Message - 
From: "Coert Waagmeester" 
To: "CentOS mailing list" 
Sent: Monday, July 27, 2009 10:30 AM
Subject: Re: [CentOS] DRBD very slow


>
> On Mon, 2009-07-27 at 10:18 +0400, Roman Savelyev wrote:
>> > Invest in a HW RAID card with NVRAM cache that will negate the need
>> > for barrier writes from the OS as the controller will issue them async
>> > from cache allowing I/O to continue flowing. This really is the safest
>> > method.
>> It's a better way. But socket oprions in DRBD up to 8.2 (Nagel alghoritm)
>> can decrease performance in large amount of small syncronius writes.
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>
> Hello Roman,
>
> I am running drbd 8.2.6 (the standard centos version)
>
> How do I disable that nagle algorithm?
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3, no AHCI on HP DL320 G5p?

[Veiko Kukk]

Joshua Baker-LePain wrote:
> On Mon, 27 Jul 2009 at 1:19pm, Veiko Kukk wrote
> 
>>> I'm not sure for this particular model server, but normally this is a
>>> *BIOS* setting for the SATA controller.
>> There are no settings in BIOS for AHCI mode, it's only possible to
>> choose between raid and sata controller mode, i have chosen sata mode.
> 
> Check to see if there's a BIOS update on HP's site.  I had some DL160s 
> with an old BIOS with no option for AHCI mode.  After upgrading to the 
> most recent BIOS, the option was there.
> 

Yes, there was an update, changelog described changes regarding to sata2 
drives should work properly with this update. Did the update yesterday, 
but nothing changed except the bios version number.
Also tried ahci=on with no success.

---
Veiko
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3, no AHCI on HP DL320 G5p?

[Veiko Kukk]

Tony Mountifield wrote:
> That's probably why. To use AHCI you need to set it to RAID mode.
> Having done that, you can still use the drives independently if you
> prefer kernel RAID; you just have to go into the BIOS RAID setup and
> set the drives to JBOD mode (or something like that), by telling it
> to remove all RAID information from the drives.

I don't think so, because I have another DL320 (older G3 version) with 
same bios setup (sata mode). On that G3, ahci is working.

--
Veiko
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DRBD on a xen host: crash on high I/O

[Andrea Dell'Amico]

On Tue, 2009-07-28 at 14:31 -0400, William L. Maltby wrote:

> > When the two hosts are in sync, if I activate more than a few (six or
> > seven) xen guests, the master server crashes spectacularly and reboots.
> > 
> > I've seen a kernel dump over the serial console, but the machine
> > restarts immediately so I didn't write it down.
> 
> If you have an available pc, hook it up in place of the serial console
> and start a terminal emulator, e.g. minicom or whatever you prefer, and
> turn on full logging. This should save everyting in a file that you can
> then review.

Uhm. The console is on the DRAC5 card. I think I would need to activate
some network kernel crash dump feature.

> If it's a Windows based, just remember to get rid of the ^M with
> dos2unix, or equivalent, after you send it to a *IX box.
> 
> I don't know anything about the rest of your problem, sorry.

As I wrote, it's a production server. I cannot stop it when I want, I
need to reserve a weekend session.
In the meantime, I was asking if there's a known problem with a setup
like mine.

Thanks, anyway

> HTH

ciao
andrea
-- 
Officina Metropolis Pub
http://www.officinametropolis.com/


signature.asc
Description: This is a digitally signed message part
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] postfix and mail origin checks

[Karanbir Singh]

hi,

Whats the 'robust' way to make sure email to a specific destination is 
only accepted if it came over the localhost:25 or /usr/sbin/sendmail 
route ? anything else should get a 5xx error. Emails to other 
destinations should remain unaffected.

Using postfix/c4. Had a look around, and header_checks might be one way 
to go.

-- 
Karanbir Singh : http://www.karan.org/  : 2522...@icq
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Off-topic: strange problem with file size

[Marcelo M. Garcia]

Hi

I'm having a curious problem with some files. The account has 77GB of 
data[1], but there some files with more than 100GB[2], in fact, two of 
then have more than 200GB[3].

The OS is Opensuse 10.2 x86_64.

Has anyone seem something like this? How can I inspect more closely what 
  is going on?

Thanks

Marcelo



[1]
maryland:/maryland2 # du -sh alireza/
77G alireza/
maryland:/maryland2 #

[2]
maryland:~ # find /maryland2/alireza/ -size +100G -print
/maryland2/alireza/Restart/1to1-2/events-cfluid-rem-add-pasi/test.rsi
/maryland2/alireza/Restart/1to1-2/lqfCyclic/Restart/a.rsi
/maryland2/alireza/Restart/1to1-2/lqfCyclic/a.rsi
maryland:~ #

[3]
maryland:~ # ls -lh 
/maryland2/alireza/Restart/1to1-2/lqfCyclic/Restart/a.rsi
-rw-r--r-- 1 alireza cdrom 223G Jul 13 09:56 
/maryland2/alireza/Restart/1to1-2/lqfCyclic/Restart/a.rsi
maryland:~ #
maryland:~ #
maryland:~ # ls -lh /maryland2/alireza/Restart/1to1-2/lqfCyclic/a.rsi
-rw-r--r-- 1 alireza cdrom 223G Jul 13 09:56 
/maryland2/alireza/Restart/1to1-2/lqfCyclic/a.rsi
maryland:~ #
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and mail origin checks

[RedShift]

Karanbir Singh wrote:
> hi,
> 
> Whats the 'robust' way to make sure email to a specific destination is 
> only accepted if it came over the localhost:25 or /usr/sbin/sendmail 
> route ? anything else should get a 5xx error. Emails to other 
> destinations should remain unaffected.
> 
> Using postfix/c4. Had a look around, and header_checks might be one way 
> to go.
> 

The easiest way is probably to edit master.cf and make smtpd only listen on 
localhost:25.


So instead of

# smtp  inet  n   -   n   -   -   smtpd

Use

127.0.0.1:smtp  inetn   -   n   -   -   smtpd


Otherwise us an access table.


Glenn
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Off-topic: strange problem with file size

[Mogens Kjaer]

On 07/29/2009 02:46 PM, Marcelo M. Garcia wrote:
> Hi
>
> I'm having a curious problem with some files. The account has 77GB of
> data[1], but there some files with more than 100GB[2], in fact, two of
> then have more than 200GB[3].
>
> The OS is Opensuse 10.2 x86_64.
>
> Has anyone seem something like this? How can I inspect more closely what
>is going on?

They are most likely sparse files.

Mogens
-- 
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Mobile: +45 22 12 53 25
Email: m...@crc.dk Homepage: http://www.crc.dk
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and mail origin checks

[Karanbir Singh]

On 07/29/2009 01:58 PM, RedShift wrote:
>> Emails to other destinations should remain unaffected.
^^

> The easiest way is probably to edit master.cf and make smtpd only listen on 
> localhost:25.

well, no. The machine gets a few thousand other emails from all over the 
place. Would not want to stop that :)

 > Otherwise us an access table.

how ?


-- 
Karanbir Singh : http://www.karan.org/  : 2522...@icq
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and mail origin checks

[Ralph Angenendt]

RedShift wrote:
> Karanbir Singh wrote:
> > Whats the 'robust' way to make sure email to a specific destination
> > is only accepted if it came over the localhost:25 or
> > /usr/sbin/sendmail route ? anything else should get a 5xx error.
> > Emails to other destinations should remain unaffected.
> > 
> > Using postfix/c4. Had a look around, and header_checks might be one
> > way to go.
> > 
> 
> The easiest way is probably to edit master.cf and make smtpd only
> listen on localhost:25.

Ummm. The question was "how to *identify* mails coming from localhost",
not "restrict everything to localhost".

> Otherwise us an access table.

I'd be curious how you would do that.

Ralph


pgpiw294YW9o4.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] limits.conf

[Eugene Vilensky]

Hello,

I understand the function and reason of limits.conf, and I have some
limited experience configuring values for (essentially single-user)
Oracle systems.

How do I understand correctly what my limits should be for multiuser
system system, are there best practice guidance?

Are there some typical settings this list has had experience with for
multiuser environments?

Appreciated,
Eugene
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and mail origin checks

[Andreas Rogge]

> hi,
> 
> Whats the 'robust' way to make sure email to a specific destination is 
> only accepted if it came over the localhost:25 or /usr/sbin/sendmail 
> route ? anything else should get a 5xx error. Emails to other 
> destinations should remain unaffected.
> 
I guess you should need to configure two incoming variant in master.cf,
so you have one smtpd listening for localhost and one on the real ip.
For the one on the real ip you just set a recipient restriction that
disallows your specific destination (directly in master.cf itself).

I didn't test, but it should work.

Regards,
Andreas

-- 
Solvention
Egermannstr. 6-8
53359 Rheinbach

Tel: +49 2226 158179-0
Fax: +49 2226 158179-9

http://www.solvention.de
mailto:i...@solvention.de


smime.p7s
Description: S/MIME Cryptographic Signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and mail origin checks

[Spook ZA]

Hi

2009/7/29 Karanbir Singh 
>
> On 07/29/2009 01:58 PM, RedShift wrote:
> >> Emails to other destinations should remain unaffected.
> ^^
>
> > The easiest way is probably to edit master.cf and make smtpd only listen on 
> > localhost:25.
>
> well, no. The machine gets a few thousand other emails from all over the
> place. Would not want to stop that :)
>
>  > Otherwise us an access table.
>
> how ?

I personally have separated my interfaces using master.cf (one for
internal and one for external and one for anti-virus from localhost).

192.168.1.1:25   inetn   -   n   -   -   smtpd
  -o smtpd_client_restrictions=
222.22.22.333:25  inet  n   -   n   -   -   smtpd
#
# Anti-virus
#
amavisd-new unix  -  - n  -2   smtp
  -o smtp_data_done_timeout=1200s
  -o disable_dns_lookups=yes
127.0.0.1:10025 inet n   -   n   -   -   smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o strict_rfc821_envelopes=yes

I override smtpd_client_restrictions from internal so that it doesnt
try look up RBLs and the last part is the anti-virus re-injection.

Other than that, I havent investigated further what other rules you can apply.

This is similar to what Andreas Rogge has suggested elsewhere in this thread.

Regards,
  Andrew.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DRBD on a xen host: crash on high I/O

[Ross Walker]

On Jul 29, 2009, at 7:52 AM, "Andrea Dell'Amico"  
 wrote:

> On Tue, 2009-07-28 at 14:31 -0400, William L. Maltby wrote:
>
>>> When the two hosts are in sync, if I activate more than a few (six  
>>> or
>>> seven) xen guests, the master server crashes spectacularly and  
>>> reboots.
>>>
>>> I've seen a kernel dump over the serial console, but the machine
>>> restarts immediately so I didn't write it down.
>>
>> If you have an available pc, hook it up in place of the serial  
>> console
>> and start a terminal emulator, e.g. minicom or whatever you prefer,  
>> and
>> turn on full logging. This should save everyting in a file that you  
>> can
>> then review.
>
> Uhm. The console is on the DRAC5 card. I think I would need to  
> activate
> some network kernel crash dump feature.
>
>> If it's a Windows based, just remember to get rid of the ^M with
>> dos2unix, or equivalent, after you send it to a *IX box.
>>
>> I don't know anything about the rest of your problem, sorry.
>
> As I wrote, it's a production server. I cannot stop it when I want, I
> need to reserve a weekend session.
> In the meantime, I was asking if there's a known problem with a setup
> like mine.

I read on another forum how a user using iSCSI for domUs was  
experiencing network hangs due to the fact that dom0 didn't have  
enough scheduler credits to handle the network throughput. That might  
be related.

http://lists.centos.org/pipermail/centos-virt/2009-June/001021.html

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and mail origin checks

[RedShift]

Karanbir Singh wrote:
> On 07/29/2009 01:58 PM, RedShift wrote:
>>> Emails to other destinations should remain unaffected.
> ^^
> 
>> The easiest way is probably to edit master.cf and make smtpd only listen on 
>> localhost:25.
> 
> well, no. The machine gets a few thousand other emails from all over the 
> place. Would not want to stop that :)
> 
>  > Otherwise us an access table.
> 
> how ?
> 
> 

Start by setting up recipient classes, like this:


everybody = permit
limited = check_client_access hash:/etc/postfix/tables/limited_client_access

smtpd_restriction_classes = everybody, limited

smtpd_recipient_restrictions = 
 permit_mynetworks
 reject_unauth_destination
 check_recipient_access hash:/etc/postfix/tables/recipient_access


And now for the tables:


recipient_access:
 mypreci...@example.net limited
 *  everybody

limited_client_access:
 1.2.3.4 OK
 *   REJECT


I'm quickly writing this almost all out of my head so it might not be entirely 
"drop into place".


Glenn
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DRBD on a xen host: crash on high I/O

[Andrea Dell'Amico]

On Wed, 2009-07-29 at 09:55 -0400, Ross Walker wrote:

> I read on another forum how a user using iSCSI for domUs was  
> experiencing network hangs due to the fact that dom0 didn't have  
> enough scheduler credits to handle the network throughput. That might  
> be related.
> 
> http://lists.centos.org/pipermail/centos-virt/2009-June/001021.html

I'm pretty sure the crash is DRBD related: until the secondary drbd
server is detached, all is working well. There are 23 guests running,
right now, some of them paravirtualized, other full virtualized. Some of
them use files images, other logical volumes (all of them over a drbd
device).
And I don't have a resource starvation, but a kernel crash and an
immediate reboot.

> -Ross

ciao
andrea
-- 
"In six days God created the heaven and the earth. On the seventh day,
Stanley Kubrick sent everything back for modifications."
- http://www.jonhs.com/freemovies/dark_side_of_the_moon.htm



signature.asc
Description: This is a digitally signed message part
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] limits.conf

[Kwan Lowe]

On Wed, Jul 29, 2009 at 9:45 AM, Eugene Vilensky wrote:
> Hello,
>
> I understand the function and reason of limits.conf, and I have some
> limited experience configuring values for (essentially single-user)
> Oracle systems.
>
> How do I understand correctly what my limits should be for multiuser
> system system, are there best practice guidance?
>
> Are there some typical settings this list has had experience with for
> multiuser environments?

I manage primarily multiuser systems (AIX, RH and CentOS). Without
knowing your workload it's hard to say, but here are some values I
change:

1) nproc limit - setting this will cap the number of processes that a
user can create. Size according to workload requirements. I use this
mainly to prevent a runaway process.

2) rss/data - on user accessible systems I set this to prevent things
like runaway queries.

3) maxlogins - need to set this because some settings are per login,
so a user could circumvent a resource limit with multiple logins. Also
required for some licensing compliance.

There are also filesystem limits that I enforce with edquota. I use
this mainly on /home.

You need to profile the system first. Use top, vmstat, etc.. to
determine what the typical workload requirements are for each user and
process.

The main goal is to allow each user to complete their workloads
without hogging resources or making the system unstable. Ideally the
users could batch submit their jobs or otherwise schedule the work so
that each job gets the full server. If this is not possible and users
are "selfish", then enforce strict limits so that they will tune their
jobs properly.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] relatime in plus kernel

[Yuji Tsuchimoto]

Dear CentOS lovers,

Is someone interested in the linux-2.6-smarter-relatime.patch for centosplus
kernel?
This patch solves disk I/O performance dramatically on servers,
And recent distributions (fedora9 and later, etc.) and official kernel
applies it.

RHEL6 may include it, but RHEL5 is not.
How about the linux-2.6-smarter-relatime.patch?

Best Regards, Yuji

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] relatime in plus kernel

[Karanbir Singh]

On 07/29/2009 03:54 PM, Yuji Tsuchimoto wrote:
> Is someone interested in the linux-2.6-smarter-relatime.patch for centosplus
> kernel?

Akemi is managing the plus kernel tree at the moment, but I am 
relatively sure that if you were to propose the patch, she would 
consider it.


-- 
Karanbir Singh : http://www.karan.org/  : 2522...@icq
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] etc passwd and groups file

[Carlos Santana]

Hi,

I need to maintain a same user/group list on multiples systems. Can we
just copy the same passwd and groups file on all machines?
If we create a new user on one system then I will need to copy this to
all other systems. This is quite cumbersome. Any suggestions?

-
CS.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] relatime in plus kernel

[Yuji Tsuchimoto]

Dear Karanbir and all,

That sounds nice.
I'll try to make a patch for the current plus kernel.

Thanks, Yuji

> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> Behalf Of Karanbir Singh
> Sent: Thursday, July 30, 2009 12:10 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] relatime in plus kernel
> 
> On 07/29/2009 03:54 PM, Yuji Tsuchimoto wrote:
> > Is someone interested in the linux-2.6-smarter-relatime.patch for
centosplus
> > kernel?
> 
> Akemi is managing the plus kernel tree at the moment, but I am
> relatively sure that if you were to propose the patch, she would
> consider it.
> 
> 
> --
> Karanbir Singh : http://www.karan.org/  : 2522...@icq
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] etc passwd and groups file

[Seán O Sullivan]

2009/7/29 Carlos Santana :
> I need to maintain a same user/group list on multiples systems. Can we
> just copy the same passwd and groups file on all machines?
> If we create a new user on one system then I will need to copy this to
> all other systems. This is quite cumbersome. Any suggestions?

Go the directory route, OpenLDAP or CentOS Directory Server.

If there was some reason needed to stick with /etc/passwd and
/etc/group, use puppet, cfeingine, or some other configuration
management system to manage your files.


Seán
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] etc passwd and groups file

[Filipe Brandenburger]

Hi,

On Wed, Jul 29, 2009 at 11:13, Carlos Santana wrote:
> I need to maintain a same user/group list on multiples systems. Can we
> just copy the same passwd and groups file on all machines?

Tipically yes (assuming all systems were freshly installed from
scratch and do not have any conflicts), but you will have the problem
even you said below:

> If we create a new user on one system then I will need to copy this to
> all other systems. This is quite cumbersome. Any suggestions?

Set up LDAP and use NSS (RPM package named nss_ldap) to get the
account information from LDAP.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] etc passwd and groups file

[John R Pierce]

Carlos Santana wrote:
> Hi,
>
> I need to maintain a same user/group list on multiples systems. Can we
> just copy the same passwd and groups file on all machines?
> If we create a new user on one system then I will need to copy this to
> all other systems. This is quite cumbersome. Any suggestions?
>   


the old fashion way of doing this was NIS ... but I'm with everyone else 
in saying go with LDAP directory services, and further, use a NFS 
automount for their home directories.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] etc passwd and groups file

[jacob]

http://fedoranews.org/mediawiki/index.php/How_to_setup_and_maintain_Open
LDAP_server_for_your_network

this site has a very good howto on how to get started with ldap and how
to migrate existing users in from NIS/passwd+shadow

scping the files around works but unless you use pass-phraseless keys it
can be a pain.  There is also a /etc/gshadow file to copy.

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of John R Pierce
Sent: Wednesday, July 29, 2009 8:39 AM
To: CentOS mailing list
Subject: Re: [CentOS] etc passwd and groups file

Carlos Santana wrote:
> Hi,
>
> I need to maintain a same user/group list on multiples systems. Can we
> just copy the same passwd and groups file on all machines?
> If we create a new user on one system then I will need to copy this to
> all other systems. This is quite cumbersome. Any suggestions?
>   


the old fashion way of doing this was NIS ... but I'm with everyone else

in saying go with LDAP directory services, and further, use a NFS 
automount for their home directories.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] etc passwd and groups file

[Carlos Santana]

I intend to install lustre file system on the systems.  It does not
support LDAP and need to have etc passwd/groups database. All file
system clients need to have  same passwd and groups so that UID and
GID are the same when they contact file system server. So I am not
sure, how will I manage this. Any suggestions?


-
CS.



On Wed, Jul 29, 2009 at 10:38 AM, John R Pierce wrote:
> Carlos Santana wrote:
>> Hi,
>>
>> I need to maintain a same user/group list on multiples systems. Can we
>> just copy the same passwd and groups file on all machines?
>> If we create a new user on one system then I will need to copy this to
>> all other systems. This is quite cumbersome. Any suggestions?
>>
>
>
> the old fashion way of doing this was NIS ... but I'm with everyone else
> in saying go with LDAP directory services, and further, use a NFS
> automount for their home directories.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] etc passwd and groups file

[Filipe Brandenburger]

Hi,

On Wed, Jul 29, 2009 at 11:45, Carlos Santana wrote:
> I intend to install lustre file system on the systems.  It does not
> support LDAP and need to have etc passwd/groups database.

Where does that information come from?

Even though Lustre might not support LDAP directly, it should work
with NSS which makes the access to the user/group information
transparent to applications. Unless an application accesses
/etc/passwd directly (which I sincerely doubt Lustre does) it will
work with nss_ldap.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] etc passwd and groups file

[John R Pierce]

Carlos Santana wrote:
> I intend to install lustre file system on the systems.  It does not
> support LDAP and need to have etc passwd/groups database. All file
> system clients need to have  same passwd and groups so that UID and
> GID are the same when they contact file system server. So I am not
> sure, how will I manage this. Any suggestions?
>   

NIS is the old fashion way, and its not considered particularly secure 
as it uses IP addresses as authentication, so keep the whole cluster 
behind a firewall.

with NIS, there is one master system with the yp/passwd and yp/shadow 
files (as well as groups, hosts, etc), and these are pushed to all the 
other systems on updates.users on any system would change their 
password with `yppasswd` command, which pushes the changes to the NIS 
master.




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] etc passwd and groups file

[jacob]

Pushing passwd, group and shadow files can just be scripted to scp them
from one master machine to all the client nodes. an ssh key can be used
with the private key only existing on the master node so only it can
push out changes (protect it with your life as this has the potential to
be a nasty hole) on a regular basis. remove passwd from all slave nodes
and replace it with a script that either says to go to the master and
change their password there or have it feed their input to the master
via an ssh tunnel to have the change made.


I see by Lustre's site that is supports MIT kerberos for authentication.
this would be better then pushing out shadow, you would still need a
tool to push out user id's though, ldap could handle this part as they
are typically handled together, and if Lustre recognizes PAM then it
should be transparent to it. 

A quick google search shows that Googlecode.com has a document
suggesting ldap and kerb.
http://lustrecluster.googlecode.com/files/LustreHowTo.pdf

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Carlos Santana
Sent: Wednesday, July 29, 2009 8:46 AM
To: CentOS mailing list
Subject: Re: [CentOS] etc passwd and groups file

I intend to install lustre file system on the systems.  It does not
support LDAP and need to have etc passwd/groups database. All file
system clients need to have  same passwd and groups so that UID and
GID are the same when they contact file system server. So I am not
sure, how will I manage this. Any suggestions?


-
CS.



On Wed, Jul 29, 2009 at 10:38 AM, John R Pierce
wrote:
> Carlos Santana wrote:
>> Hi,
>>
>> I need to maintain a same user/group list on multiples systems. Can
we
>> just copy the same passwd and groups file on all machines?
>> If we create a new user on one system then I will need to copy this
to
>> all other systems. This is quite cumbersome. Any suggestions?
>>
>
>
> the old fashion way of doing this was NIS ... but I'm with everyone
else
> in saying go with LDAP directory services, and further, use a NFS
> automount for their home directories.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] etc passwd and groups file

[William L. Maltby]

On Wed, 2009-07-29 at 10:13 -0500, Carlos Santana wrote:
> Hi,
> 
> I need to maintain a same user/group list on multiples systems. Can we
> just copy the same passwd and groups file on all machines?

Don't forget about /etc/shadow.

> If we create a new user on one system then I will need to copy this to
> all other systems. This is quite cumbersome. Any suggestions?
> 
> -
> CS.
> 

-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] BIND vulnerability

[Kenneth Porter]

Slashdot carried this story yesterday on a BIND vulnerability:



The upstream report:



Red Hat's Bugzilla:



>From what I'm reading, if one has an Internet-facing master for a zone, one 
is vulnerable, even if dynamic DNS isn't being used.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[Karanbir Singh]

On 07/29/2009 05:15 PM, Kenneth Porter wrote:
> From what I'm reading, if one has an Internet-facing master for a zone, one
> is vulnerable, even if dynamic DNS isn't being used.

yes, which is one of many reasons why a zone masters is usually setup to 
not be publicly available.

-- 
Karanbir Singh : http://www.karan.org/  : 2522...@icq
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] etc passwd and groups file

[Carlos Santana]

Lustre 1.6+ versions do not support LDAP.

Thank you all for sighting different methods. I am exploring them for now.
More comments welcome.

-
CS.


On Wed, Jul 29, 2009 at 11:07 AM,  wrote:
> Pushing passwd, group and shadow files can just be scripted to scp them
> from one master machine to all the client nodes. an ssh key can be used
> with the private key only existing on the master node so only it can
> push out changes (protect it with your life as this has the potential to
> be a nasty hole) on a regular basis. remove passwd from all slave nodes
> and replace it with a script that either says to go to the master and
> change their password there or have it feed their input to the master
> via an ssh tunnel to have the change made.
>
>
> I see by Lustre's site that is supports MIT kerberos for authentication.
> this would be better then pushing out shadow, you would still need a
> tool to push out user id's though, ldap could handle this part as they
> are typically handled together, and if Lustre recognizes PAM then it
> should be transparent to it.
>
> A quick google search shows that Googlecode.com has a document
> suggesting ldap and kerb.
> http://lustrecluster.googlecode.com/files/LustreHowTo.pdf
>
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> Behalf Of Carlos Santana
> Sent: Wednesday, July 29, 2009 8:46 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] etc passwd and groups file
>
> I intend to install lustre file system on the systems.  It does not
> support LDAP and need to have etc passwd/groups database. All file
> system clients need to have  same passwd and groups so that UID and
> GID are the same when they contact file system server. So I am not
> sure, how will I manage this. Any suggestions?
>
>
> -
> CS.
>
>
>
> On Wed, Jul 29, 2009 at 10:38 AM, John R Pierce
> wrote:
>> Carlos Santana wrote:
>>> Hi,
>>>
>>> I need to maintain a same user/group list on multiples systems. Can
> we
>>> just copy the same passwd and groups file on all machines?
>>> If we create a new user on one system then I will need to copy this
> to
>>> all other systems. This is quite cumbersome. Any suggestions?
>>>
>>
>>
>> the old fashion way of doing this was NIS ... but I'm with everyone
> else
>> in saying go with LDAP directory services, and further, use a NFS
>> automount for their home directories.
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[RedShift]

Kenneth Porter wrote:
> Slashdot carried this story yesterday on a BIND vulnerability:
> 
> 
> 

According to a commenter, this should provide a temporary countermeasure:

iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'

Haven't tested it, would like to know the results...


Glenn



> The upstream report:
> 
> 
> 
> Red Hat's Bugzilla:
> 
> 
> 
>>From what I'm reading, if one has an Internet-facing master for a zone, one 
> is vulnerable, even if dynamic DNS isn't being used.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
> 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] etc passwd and groups file

[Robert Heller]

At Wed, 29 Jul 2009 10:13:46 -0500 CentOS mailing list  
wrote:

> 
> Hi,
> 
> I need to maintain a same user/group list on multiples systems. Can we
> just copy the same passwd and groups file on all machines?
> If we create a new user on one system then I will need to copy this to
> all other systems. This is quite cumbersome. Any suggestions?

Check out OpenLDAP:

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-ldap.html

> 
> -
> CS.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
>

-- 
Robert Heller -- 978-544-6933
Deepwoods Software-- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
hel...@deepsoft.com   -- http://www.deepsoft.com/ModelRailroadSystem/
 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Software RAID-1 partition constantly syncing

[Jeff Gregor]

I have a partition set up as software RAID-1 on a CentOS 5.3 machine. 
Today, the system was rebooted, when it came back up I noticed that it 
had started to resync. It completes the sync, then immediately starts again.

 From the log:
Jul 29 09:46:02 cbserver kernel: md: syncing RAID array md2
Jul 29 09:46:02 cbserver kernel: md: minimum _guaranteed_ reconstruction 
speed: 5000 KB/sec/disc.
Jul 29 09:46:02 cbserver kernel: md: using maximum available idle IO 
bandwidth (but not more than 20 KB/sec) for reconstruction.
Jul 29 09:46:02 cbserver kernel: md: using 128k window, over a total of 
239946752 blocks.
Jul 29 11:02:01 cbserver kernel: md: md2: sync done.
Jul 29 11:02:01 cbserver kernel: md: syncing RAID array md2
Jul 29 11:02:01 cbserver kernel: md: minimum _guaranteed_ reconstruction 
speed: 5000 KB/sec/disc.
Jul 29 11:02:01 cbserver kernel: md: using maximum available idle IO 
bandwidth (but not more than 20 KB/sec) for reconstruction.
Jul 29 11:02:01 cbserver kernel: md: using 128k window, over a total of 
239946752 blocks.
Jul 29 11:56:36 cbserver kernel: md: md2: sync done.
Jul 29 11:56:37 cbserver kernel: md: syncing RAID array md2
Jul 29 11:56:37 cbserver kernel: md: minimum _guaranteed_ reconstruction 
speed: 5000 KB/sec/disc.
Jul 29 11:56:37 cbserver kernel: md: using maximum available idle IO 
bandwidth (but not more than 20 KB/sec) for reconstruction.
Jul 29 11:56:37 cbserver kernel: md: using 128k window, over a total of 
239946752 blocks.

Any idea what is causing this? And how to make it stop?

Thanks!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[David Hrbáč]

RedShift napsal(a):
> According to a commenter, this should provide a temporary countermeasure:
> 
> iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'
> 
> Haven't tested it, would like to know the results...
> 

Well, good point, but Centos does not ship libipt_u32.so. Even more
Centos 4.x is now undergoing rebuild process, so no updates even
security updates are being released. Which is something I can accept.

Those looking for patched bind for Centos 4.x may use packages I have
built with CVE-2009-0696 patch.
http://fs12.vsb.cz/hrb33/el4/hrb/testing/i386/repoview/letter_b.group.html
http://fs12.vsb.cz/hrb33/el4/hrb/testing/x86_64/repoview/letter_b.group.html

Regards,
David Hrbáč









___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] mod_perl2 and DBD::SQLite

[Mark Hedges]

On Thu, 23 Jul 2009, Fred Moyer wrote:
> Looks like d...@httpd is aware of the issue and will be
> releasing a fix.  Haven't tried 5.3 centos but this sounds
> like they shipped a version of apache that caused this.
>
> http://www.mail-archive.com/d...@httpd.apache.org/msg44177.html
>

Hello, it seems like httpd-devel 2.2.3 was patched with a
bug from an upstream version.  DBD::SQLite no longer works
under mod_perl2, generating an error which is "not an error"
upon any attempt to select something.  (The same selects all
work in a command-line script.)
(https://rt.cpan.org/Ticket/Display.html?id=47983)

I tried to sign up for a centos bug report username, but the
signup form is buggy, the captcha never works

Any chance someone can try to fix this?

Mark
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Default PHP Build ! include Mysql Support?

[Chuck]

Do you need to roll your own PHP build to support MySQL now? I don't see
support built into the included libphp module..

Thx,
CC
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Default PHP Build ! include Mysql Support?

[Kwan Lowe]

On Wed, Jul 29, 2009 at 1:24 PM, Chuck wrote:
>
> Do you need to roll your own PHP build to support MySQL now? I don't see
> support built into the included libphp module..
>

You need to install the php-mysql module :)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Default PHP Build ! include Mysql Support?

[Jim Perrin]

On Wed, Jul 29, 2009 at 1:24 PM, Chuck wrote:
>
> Do you need to roll your own PHP build to support MySQL now? I don't see
> support built into the included libphp module..

It's not compiled in statically. It's built as a module. You need to
install php-mysql.

yum list php\* will show you loads of goodies you're probably missing.


-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[luc...@lastdot.org]

On Wed, Jul 29, 2009 at 5:59 PM, David Hrbáč wrote:
> RedShift napsal(a):
>> According to a commenter, this should provide a temporary countermeasure:
>>
>> iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'
>>
>> Haven't tested it, would like to know the results...
>>
>
> Well, good point, but Centos does not ship libipt_u32.so. Even more
> Centos 4.x is now undergoing rebuild process, so no updates even
> security updates are being released. Which is something I can accept.
>
> Those looking for patched bind for Centos 4.x may use packages I have
> built with CVE-2009-0696 patch.
> http://fs12.vsb.cz/hrb33/el4/hrb/testing/i386/repoview/letter_b.group.html
> http://fs12.vsb.cz/hrb33/el4/hrb/testing/x86_64/repoview/letter_b.group.html

Well done, David but there's a little problem with those rpms:
Preparing...### [100%]
package bind-libs-9.2.4-30.el4_7.2 (which is newer than
bind-libs-9.2.4-30.el4.hrb.2.1) is already installed
package bind-utils-9.2.4-30.el4_7.2 (which is newer than
bind-utils-9.2.4-30.el4.hrb.2.1) is already installed
package bind-9.2.4-30.el4_7.2 (which is newer than
bind-9.2.4-30.el4.hrb.2.1) is already installed
package bind-chroot-9.2.4-30.el4_7.2 (which is newer than
bind-chroot-9.2.4-30.el4.hrb.2.1) is already installed
Maybe you can bump the version a bit.

>
> Regards,
> David Hrbáč
>
>
>
>
>
>
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Default PHP Build ! include Mysql Support?

[RedShift]

Chuck wrote:
> 
> Do you need to roll your own PHP build to support MySQL now? I don't see 
> support built into the included libphp module..
> 
> Thx,
> CC
> 
> 
> 
> 

Use yum search php and watch the output very closely, that should 
(hopefully...) give you the clues you need to enable support for MySQL.


Glenn
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[Karanbir Singh]

On 07/29/2009 06:29 PM, luc...@lastdot.org wrote:
>> Those looking for patched bind for Centos 4.x may use packages I have
>> built with CVE-2009-0696 patch.
>> http://fs12.vsb.cz/hrb33/el4/hrb/testing/i386/repoview/letter_b.group.html
>> http://fs12.vsb.cz/hrb33/el4/hrb/testing/x86_64/repoview/letter_b.group.html

there are packages linked to people.redhat.com that point at the ones in 
QA at Red Hat at the moment, I would recommend you use those

-- 
Karanbir Singh : http://www.karan.org/  : 2522...@icq
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Default PHP Build ! include Mysql Support?

[Robert Heller]

At Wed, 29 Jul 2009 12:24:44 -0500 CentOS mailing list  
wrote:

> 
> 
> 
> Do you need to roll your own PHP build to support MySQL now? I don't see
> support built into the included libphp module..

You need to include some additional packages:

(CentOS 4Plus): php-mysql-5.1.6-3.el4s1.10

You should be able to do something like:

yum install php-mysql

to get MySQL support for PHP.


> 
> Thx,
> CC
> 
> MIME-Version: 1.0
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
>   
>

-- 
Robert Heller -- 978-544-6933
Deepwoods Software-- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
hel...@deepsoft.com   -- http://www.deepsoft.com/ModelRailroadSystem/
   
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Default PHP Build ! include Mysql Support?

[Chuck]

So PHP now supports modules and you can add/remove features on the fly? Or
does installing the php-mysql module replace the libphp.so module in the
apache tree?

-Chuck

On Wed, Jul 29, 2009 at 12:29 PM, Jim Perrin  wrote:

> On Wed, Jul 29, 2009 at 1:24 PM, Chuck wrote:
> >
> > Do you need to roll your own PHP build to support MySQL now? I don't see
> > support built into the included libphp module..
>
> It's not compiled in statically. It's built as a module. You need to
> install php-mysql.
>
> yum list php\* will show you loads of goodies you're probably missing.
>
>
> --
> During times of universal deceit, telling the truth becomes a revolutionary
> act.
> George Orwell
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Default PHP Build ! include Mysql Support?

[Jim Perrin]

On Wed, Jul 29, 2009 at 1:41 PM, Chuck wrote:
>
> So PHP now supports modules and you can add/remove features on the fly? Or
> does installing the php-mysql module replace the libphp.so module in the
> apache tree?


PHP supports modules, though not on the fly. You still have to
restart/reload httpd if you add a module to php.

-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Grub fallback problem

[Matthias Blankenhaus]

Hi !

I am running CentOS 5 using grub 0.97  


  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[Kenneth Porter]

On Wednesday, July 29, 2009 6:36 PM +0100 Karanbir Singh 
 wrote:

> there are packages linked to people.redhat.com that point at the ones in
> QA at Red Hat at the moment, I would recommend you use those

RHEL errata are up:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1179 https://rhn.redhat.com/errata/RHSA-2009-1179.html

  Red Hat Enterprise Linux 4

Via RHSA-2009:1180 https://rhn.redhat.com/errata/RHSA-2009-1180.html
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DRBD on a xen host: crash on high I/O

[Andrea Dell'Amico]

On Wed, 2009-07-29 at 16:16 +0200, Andrea Dell'Amico wrote:
> On Wed, 2009-07-29 at 09:55 -0400, Ross Walker wrote:

> I'm pretty sure the crash is DRBD related: until the secondary drbd
> server is detached, all is working well. There are 23 guests running,
> right now, some of them paravirtualized, other full virtualized. Some of
> them use files images, other logical volumes (all of them over a drbd
> device).
> And I don't have a resource starvation, but a kernel crash and an
> immediate reboot.

It seems that one:
http://thread.gmane.org/gmane.linux.network.drbd/17537 but I didn't
loose the link between primary and secondary.

Andrea
-- 
"Fortune does not change men, it unmasks them."
- Suzanne Necker


signature.asc
Description: This is a digitally signed message part
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Grub fallback problem

[Matthias Blankenhaus]

Let's try this again :)

I am running CentOS 5 (core pkgs) / x86_64 using grub 0.97 and I am trying to 
configure a fallback between two partitions on my local disk, each installed 
with a CentOS image.   The idea is to be able to install a new test OS image 
and fall back in case of a problem to the default image.  This is a great grub 
feature !  Except it does not work for me :(

grub.conf:
#---
default saved
timeout=5
fallback 1

title NEW OS
  root (hd0,0)
  kernel /boot/vmlinuz-new root=/dev/sda1 panic=5
  initrd /boot/initrd-new.img
  savedefault fallback

title DEFAULT OS
  root (hd0,1)
  kernel /boot/vmlinuz-default root=/dev/sda2
  initrd /boot/initrd-default.img
  savedefault
#---

Grub is installed on /dev/sda1, but not on /dev/sda2.  /dev/sda1 is 
the primary boot partition.  Both partitions are formatted with ext3.

The problem is that the fallback does not work for me.  For instance, if I 
specify on purpose a wrong root device with the NEW OS, e.g. root=/dev/sda3, 
then the kernel panics and reboots properly after 5 sec.  However, grub then 
attempts to boot the NEW OS all over again.  The same is true when I fully boot 
NEW OS with the right root device and then panic the kernel on purpose.

Now, I have read somewhere that grub requires a default file to get
the savedefault feature working.  However, I could neither find the 
'savedefault' command nor the grub default file under /boot/grub or
anywhere else.  One more thing, when I choose the boot title manually
then grub seems to remember my last choice.  In other words, grub is
preserving my last choice from a previous boot.

Am I doing something wrong ?  Do I need to install something in addition to 
grub 0.97 ?

Your help is much appreciated,
Matthias

--- On Wed, 7/29/09, Matthias Blankenhaus  wrote:

> From: Matthias Blankenhaus 
> Subject: Grub fallback problem
> To: centos@centos.org
> Date: Wednesday, July 29, 2009, 11:19 AM
> Hi !
> 
> I am running CentOS 5 using grub 0.97  
> 
> 
>       
> 


  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Default PHP Build ! include Mysql Support?

[Robert Heller]

At Wed, 29 Jul 2009 12:41:59 -0500 CentOS mailing list  
wrote:

> 
> 
> 
> So PHP now supports modules and you can add/remove features on the fly? Or
> does installing the php-mysql module replace the libphp.so module in the
> apache tree?

Installing php-mysql *adds* a module (shared library in this case).  It
is much like the way Perl extensions work: you install the base package
(perl-.i386.rpm for example), and then you install the
addons you want.  Some are pure perl code
(perl--.noarch.rpm) and some are C/C++
coded (perl--.i386.rpm).   Same with php.

> 
> -Chuck
> 
> On Wed, Jul 29, 2009 at 12:29 PM, Jim Perrin  wrote:
> 
> > On Wed, Jul 29, 2009 at 1:24 PM, Chuck wrote:
> > >
> > > Do you need to roll your own PHP build to support MySQL now? I don't see
> > > support built into the included libphp module..
> >
> > It's not compiled in statically. It's built as a module. You need to
> > install php-mysql.
> >
> > yum list php\* will show you loads of goodies you're probably missing.
> >
> >
> > --
> > During times of universal deceit, telling the truth becomes a revolutionary
> > act.
> > George Orwell
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> 
> MIME-Version: 1.0
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
>   
>   

-- 
Robert Heller -- 978-544-6933
Deepwoods Software-- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
hel...@deepsoft.com   -- http://www.deepsoft.com/ModelRailroadSystem/
 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[Chris Boyd]

On Jul 29, 2009, at 11:21 AM, Karanbir Singh wrote:

> yes, which is one of many reasons why a zone masters is usually  
> setup to
> not be publicly available.


The localhost 127.0.0.1 zone can also be used as an attack vector  
according to the folks on the DNS Ops list, so it's looking like  
pretty much every bind installation will need to be updated.

--Chris
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[Ray Van Dolson]

On Wed, Jul 29, 2009 at 02:10:56PM -0500, Chris Boyd wrote:
> 
> On Jul 29, 2009, at 11:21 AM, Karanbir Singh wrote:
> 
> > yes, which is one of many reasons why a zone masters is usually  
> > setup to
> > not be publicly available.
> 
> 
> The localhost 127.0.0.1 zone can also be used as an attack vector  
> according to the folks on the DNS Ops list, so it's looking like  
> pretty much every bind installation will need to be updated.
> 
> --Chris

Do you have a link to a mailing lists post describing this?  Would like
to pass it along...

Ray
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[luc...@lastdot.org]

On Wed, Jul 29, 2009 at 6:36 PM, Karanbir Singh wrote:
> On 07/29/2009 06:29 PM, luc...@lastdot.org wrote:
>>> Those looking for patched bind for Centos 4.x may use packages I have
>>> built with CVE-2009-0696 patch.
>>> http://fs12.vsb.cz/hrb33/el4/hrb/testing/i386/repoview/letter_b.group.html
>>> http://fs12.vsb.cz/hrb33/el4/hrb/testing/x86_64/repoview/letter_b.group.html
>
> there are packages linked to people.redhat.com that point at the ones in
> QA at Red Hat at the moment, I would recommend you use those

Ok, thanks, but
where exactly am I to see something useful on people.redhat.com? I can
only see an image.

>
> --
> Karanbir Singh : http://www.karan.org/  : 2522...@icq
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[Chris Boyd]

On Jul 29, 2009, at 2:19 PM, Ray Van Dolson wrote:

> Do you have a link to a mailing lists post describing this?  Would  
> like
> to pass it along...


This is the head of the thread:

https://lists.dns-oarc.net/pipermail/dns-operations/2009-July/004315.html

Some of the relevant discussion:

On Tue, Jul 28, 2009 at 06:21:22PM -0700,
Peter Losher  wrote
a message of 30 lines which said:

"Testing indicates that the attack packet has to be formulated against a
zone for which that machine is a master. Launching the attack against
slave zones does not trigger the assert.

We tested that removing the zones which are typically there by
default, and in mode master (such as localhost and
0.0.127.in-addr.arpa) works fine: the published exploit no longer
works afterwards.

This can be an interim solution for those who don't have a clean
upgrade path (for instance, RHEL did not push the patch yet).
___
dns-operations mailing list
dns-operati...@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

=

like, for example,  .localhost or  0.0.127.in-addr.arpa.

--bill


On Tue, Jul 28, 2009 at 11:47:46PM +0200, Michael Graff wrote:
A purely cache only server should not be affected. Being auth for a
single zone would make you be vulnerable.

--Michael


On Jul 28, 2009, at 23:26, Duane Wessels  wrote:



On Tue, 28 Jul 2009, Keith Mitchell wrote:

dns_db_findrdataset() fails when the prerequisite section of the
dynamic
update message contains a record of type ?ANY? and where at least one
RRset for this FQDN exists on the server.

Does it affect only installations with authoritative data?  Or are
caches affected
as well?

DW
___
dns-operations mailing list
dns-operati...@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
___


=


Tom Daly wrote:
A purely cache only server should not be affected. Being auth for
a single zone would make you be vulnerable.

Some quick and dirty research/testing on our side indicates that
being an authoritative slave doesn't make you vulnerable either, it
is only if you are authoritative master, i.e.:

zone blat.com { type master; ... };

Our (FreeBSD) testing indicates the same.

Then again, if you choose to be RFC1912 compliant, you probably
made yourself vulnerable.

Unfortunately for this issue I added 1912 plus a bunch of other
default zones to our default resolver config, so if you use our stuff
out of the box you are vulnerable.


Doug
___
dns-operations mailing list
dns-operati...@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH attacks from china

[Sorin Srbu]

>-Original Message-
>From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
>Behalf Of Kai Schaetzl
>Sent: Sunday, July 26, 2009 5:32 PM
>To: centos@centos.org
>Subject: Re: [CentOS] SSH attacks from china
>
>Sorin Srbu wrote on Sat, 25 Jul 2009 19:40:28 +0200:
>
>> What if you have legit users from China and Korea trying to connect to
your
>> server(s)?
>
>What if he does not? See, you always use the solution that fits you and
your
>setup/environment/needs.

But of course, I didn't have the info I have now from the OP. I just meant
that banning all ip's from a particular region might not be a good idea
generally speaking. This particular OP, also only banned ip-access for some
particular services.

-- 
/Sorin


smime.p7s
Description: S/MIME cryptographic signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH attacks from china

[Sorin Srbu]

>-Original Message-
>From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
>Behalf Of luc...@lastdot.org
>Sent: Sunday, July 26, 2009 11:27 PM
>To: CentOS mailing list
>Subject: Re: [CentOS] SSH attacks from china
>
>Vietnam and Indonezia are also suspects in my list.
>The biggest problem with this approach is that even tho I could ban
>whole Asia and Russia, a significant part of the attacks do not
>originate from there, but from countries like USA, UK, etc, controlled
>by hackers (also) from the aforementioned areas...
>The latest case of password breaking I had to deal with was from an
>USA IP address.. they managed to insert an iframe in all index.html
>and index.php files on the respective FTP account. The iframe however
>was pointing to a .ru website hosted in France.. Isn't globalization
>fun?!
>Anyway, just banning ranges of IP addresses may not enough, so to rely
>on this _only_ would be careless.

Exactly, that was what I trying to get at!

So you're not going to ban all ip addresses from the US I take it, since
most spam, crapware, attacks and whatnot originate from there, as you point
out? ;-)
-- 
/Sorin


smime.p7s
Description: S/MIME cryptographic signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[David Hrbáč]

luc...@lastdot.org napsal(a):
> Well done, David but there's a little problem with those rpms:
> Preparing...### [100%]
> package bind-libs-9.2.4-30.el4_7.2 (which is newer than
> bind-libs-9.2.4-30.el4.hrb.2.1) is already installed
> package bind-utils-9.2.4-30.el4_7.2 (which is newer than
> bind-utils-9.2.4-30.el4.hrb.2.1) is already installed
> package bind-9.2.4-30.el4_7.2 (which is newer than
> bind-9.2.4-30.el4.hrb.2.1) is already installed
> package bind-chroot-9.2.4-30.el4_7.2 (which is newer than
> bind-chroot-9.2.4-30.el4.hrb.2.1) is already installed
> Maybe you can bump the version a bit.
> 

Right... 30.el4_7.2 > 30.el4.hrb.2.1 :o) I do not want to change the
version more because:
- I do not want to have el4_7, it's not Centos release
- EL4.8 ships 30.el4_8.4

So I do not want to release 31.el4_7.2 ...

As to included patch, it the very same code RH released within the
latest errata.
Regards,
David
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[Karanbir Singh]

On 07/29/2009 08:27 PM, luc...@lastdot.org wrote:
> where exactly am I to see something useful on people.redhat.com? I can
> only see an image.

The CentOS update have now been released, you should be able to yum 
update on C5 already.

-- 
Karanbir Singh : http://www.karan.org/  : 2522...@icq
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH attacks from china

[luc...@lastdot.org]

On Wed, Jul 29, 2009 at 9:10 PM, Sorin Srbu wrote:
>>-Original Message-
>>From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
>>Behalf Of luc...@lastdot.org
>>Sent: Sunday, July 26, 2009 11:27 PM
>>To: CentOS mailing list
>>Subject: Re: [CentOS] SSH attacks from china
>>
>>Vietnam and Indonezia are also suspects in my list.
>>The biggest problem with this approach is that even tho I could ban
>>whole Asia and Russia, a significant part of the attacks do not
>>originate from there, but from countries like USA, UK, etc, controlled
>>by hackers (also) from the aforementioned areas...
>>The latest case of password breaking I had to deal with was from an
>>USA IP address.. they managed to insert an iframe in all index.html
>>and index.php files on the respective FTP account. The iframe however
>>was pointing to a .ru website hosted in France.. Isn't globalization
>>fun?!
>>Anyway, just banning ranges of IP addresses may not enough, so to rely
>>on this _only_ would be careless.
>
> Exactly, that was what I trying to get at!
>
> So you're not going to ban all ip addresses from the US I take it, since
> most spam, crapware, attacks and whatnot originate from there, as you point
> out? ;-)

I might just do that, but of course, for a certain range of ports.
Actually a better idea would be to just allow connections on the most
sensitive services only from our country since we do no business with
people abroad. It would be interesting to see which method is more
performant, iptables+ipset or iptables-geoip.

> --
> /Sorin
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[David Hrbáč]

luc...@lastdot.org napsal(a):
> 
> Ok, thanks, but
> where exactly am I to see something useful on people.redhat.com? I can
> only see an image.

Maybe he is pointing to http://people.redhat.com/atkac/bind/. But I do
not see the point. This is RHEL 4.8 version with patch. Anyone running
Centos 4.8? I'm still with 4.7 so bind-libs-9.2.4-30.el4_7.2 with patch
is the way for me, far better then having unpatched bind, waiting
another couple of weeks to get bind updated finally. Sorry.
David Hrbáč
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[Karanbir Singh]

On 07/29/2009 09:19 PM, David Hrbáč wrote:
> Maybe he is pointing to http://people.redhat.com/atkac/bind/. But I do
> not see the point. This is RHEL 4.8 version with patch.

http://lists.centos.org/pipermail/centos-devel/2009-July/004794.html

I've updated 2 machines, and had no problems here. But some wider 
testing would be good and we can get them into the main repos so more 
people benefit.

-- 
Karanbir Singh : http://www.karan.org/  : 2522...@icq
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[nate]

David Hrbáč wrote:
>
> Maybe he is pointing to http://people.redhat.com/atkac/bind/. But I do
> not see the point. This is RHEL 4.8 version with patch. Anyone running
> Centos 4.8? I'm still with 4.7 so bind-libs-9.2.4-30.el4_7.2 with patch
> is the way for me, far better then having unpatched bind, waiting
> another couple of weeks to get bind updated finally. Sorry.

4.8 packages for the most part should install on 4.7 w/o a fuss.
I installed 4.6 packages on 4.4 for quite some time, and I install
some 5.3 packages on 5.2 without any issues. One of the nice
things about a stable(binary compatibility) distro.

nate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] kvm in Centos 5.3

[Kanwar Ranbir Sandhu]

Hi All,

Is KVM support in CentOS 5.3 complete?  That is, can a CentOS 5.3 system
host KVM VMs or does CentOS 5.3 only support being virtualized via KVM?

I ask because I installed KVM on a CentOS 5.3 host, but I can't find a
kvm module anywhere in /lib/modules/* (let alone the running kernel).

Regards,

Ranbir

-- 
Kanwar Ranbir Sandhu
Linux 2.6.27.25-170.2.72.fc10.x86_64 x86_64 GNU/Linux 
17:55:54 up 5 days, 9:22, 5 users, load average: 1.13, 0.47, 0.28 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kvm in Centos 5.3

[Kwan Lowe]

On Wed, Jul 29, 2009 at 6:01 PM, Kanwar Ranbir
Sandhu wrote:
> Hi All,
>
> Is KVM support in CentOS 5.3 complete?  That is, can a CentOS 5.3 system
> host KVM VMs or does CentOS 5.3 only support being virtualized via KVM?
>
> I ask because I installed KVM on a CentOS 5.3 host, but I can't find a
> kvm module anywhere in /lib/modules/* (let alone the running kernel).
>

I don't think kvm is available upstream until 5.4.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kvm in Centos 5.3

[Victor Padro]

On Wed, Jul 29, 2009 at 5:01 PM, Kanwar Ranbir
Sandhu wrote:
> Hi All,
>
> Is KVM support in CentOS 5.3 complete?  That is, can a CentOS 5.3 system
> host KVM VMs or does CentOS 5.3 only support being virtualized via KVM?
>
> I ask because I installed KVM on a CentOS 5.3 host, but I can't find a
> kvm module anywhere in /lib/modules/* (let alone the running kernel).
>
> Regards,
>
> Ranbir
>
> --
> Kanwar Ranbir Sandhu
> Linux 2.6.27.25-170.2.72.fc10.x86_64 x86_64 GNU/Linux
> 17:55:54 up 5 days, 9:22, 5 users, load average: 1.13, 0.47, 0.28
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

You need to install the module.
if it's intel: modprobe kvm-intel
if it's amd modprobe kvm-amd

please check the documentation here:
http://wiki.centos.org/HowTos/KVM

-- 
Usuario Linux Registrado #452368
Usuario Ubuntu Registrado #28025

"Doing a thing well is often a waste of time."
--
//Netbook - HP Mini 1035NR 2GB 60GB - Windows XP/Ubuntu 9.04
//Desktop - Core 2 Duo 1.86Ghz 8GB 500GB - Windows 7(testing)
//Desktop - Core 2 Duo 2.40Ghz 8GB 320GB - MacOS Leopard
//Desktop - Athlon 64 2.7Ghz 8GB 400GB - Ubuntu Jaunty
//Server - Pentium D 3.2Ghz 8GB 1TB - Debian Lenny
//Server - Celeron 1.8Ghz 1GB 160GB - Pfsense
//Server - NSLU2 266Mhz 32MB 1TB - Debian Lenny
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] python 2.4.3-24.el5_3.6

[Markus Falb]

there is a python update

...snippel
$ yum update
...
Updating:
 python   i386   
2.4.3-24.el5_3.6   updates   5.9 M
Installing for dependencies:
 kernel-PAE   i686   
2.6.18-128.1.6.el5 updates15 M
snappel...

why does it require kernel-PAE ?
manual download and install via
$ rpm -Fvh python...
worked without the need for another kernel.



-- 
best regards,
markus

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kvm in Centos 5.3

[Kanwar Ranbir Sandhu]

On Wed, 2009-07-29 at 18:06 -0400, Kwan Lowe wrote:
> I don't think kvm is available upstream until 5.4.

I figured that out about 5 minutes after sending the email.  Just great.
Anyone know when 5.4 is hitting?

Thanks for the reply!

Regards,

Ranbir
-- 
Kanwar Ranbir Sandhu
Linux 2.6.27.25-170.2.72.fc10.x86_64 x86_64 GNU/Linux 
18:21:08 up 5 days, 9:48, 5 users, load average: 0.61, 0.31, 0.36 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kvm in Centos 5.3

[Akemi Yagi]

On Wed, Jul 29, 2009 at 3:22 PM, Kanwar Ranbir
Sandhu wrote:
> On Wed, 2009-07-29 at 18:06 -0400, Kwan Lowe wrote:
>> I don't think kvm is available upstream until 5.4.

kvm is available now.  Here is the CentOS wiki article for kvm-howto.

http://wiki.centos.org/HowTos/KVM

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] out of memory

[Jerry Geis]

I am getting this message quite often lately.

Centos 5.3, AMD dual core 5050e system x64

1 GIG ram, 4 GIG swap

I dont have that much running that the kernel should be cutting out my 
processes.

Any thoughts?

Jerry




emTotal:   766264 kB
MemFree:583984 kB
Buffers:  9572 kB
Cached:  31004 kB
SwapCached:  36280 kB
Active:  20240 kB
Inactive:59780 kB
HighTotal:   0 kB
HighFree:0 kB
LowTotal:   766264 kB
LowFree:583984 kB
SwapTotal: 4096564 kB
SwapFree:  3932136 kB
Dirty:  12 kB
Writeback:   0 kB
AnonPages:   13184 kB
Mapped:  16340 kB
Slab:22428 kB
PageTables:  13980 kB
NFS_Unstable:0 kB
Bounce:  0 kB
CommitLimit:   4479696 kB
Committed_AS:   442124 kB
VmallocTotal: 34359738367 kB
VmallocUsed:280856 kB
VmallocChunk: 34359457495 kB
HugePages_Total: 0
HugePages_Free:  0
HugePages_Rsvd:  0
Hugepagesize: 2048 kB


096kB = 3424kB
Node 0 Normal: empty
Node 0 HighMem: empty
46 pagecache pages
Swap cache: add 8934611, delete 8934611, find 7869746/7929974, race 11+11
Free swap  = 0kB
Total swap = 4096564kB
Free swap:0kB
196064 pages of RAM
13511 reserved pages
5948 pages shared
0 pages swap cached
kthread invoked oom-killer: gfp_mask=0xd0, order=1, oomkilladj=0

Call Trace:
 [] out_of_memory+0x8e/0x2f5
 [] __alloc_pages+0x245/0x2ce
 [] alloc_page_interleave+0x3d/0x74
 [] __get_free_pages+0xe/0x71
 [] copy_process+0xc6/0x15b8
 [] alloc_pid+0x1ee/0x28a
 [] do_fork+0x69/0x1c1
 [] keventd_create_kthread+0x0/0xc4
 [] kernel_thread+0x81/0xeb
 [] keventd_create_kthread+0x0/0xc4
 [] kthread+0x0/0x132
 [] child_rip+0x0/0x11
 [] keventd_create_kthread+0x1d/0xc4
 [] run_workqueue+0x94/0xe4
 [] worker_thread+0x0/0x122
 [] worker_thread+0xf0/0x122
 [] default_wake_function+0x0/0xe
 [] kthread+0xfe/0x132
 [] child_rip+0xa/0x11
 [] kthread+0x0/0x132
 [] child_rip+0x0/0x11

Mem-info:
Node 0 DMA per-cpu:
cpu 0 hot: high 0, batch 1 used:0
cpu 0 cold: high 0, batch 1 used:0
cpu 1 hot: high 0, batch 1 used:0
cpu 1 cold: high 0, batch 1 used:0
Node 0 DMA32 per-cpu:
cpu 0 hot: high 186, batch 31 used:146
cpu 0 cold: high 62, batch 15 used:47
cpu 1 hot: high 186, batch 31 used:18
cpu 1 cold: high 62, batch 15 used:55
Node 0 Normal per-cpu: empty
Node 0 HighMem per-cpu: empty
Free pages:5652kB (0kB HighMem)
Active:78394 inactive:78664 dirty:0 writeback:0 unstable:0 free:1413 slab:5343 
mapped-file:6627 mapped-anon:157109 pagetables:5859
Node 0 DMA free:2160kB min:48kB low:60kB high:72kB active:0kB inactive:0kB 
present:10724kB pages_scanned:0 all_unreclaimable? yes
lowmem_reserve[]: 0 739 739 739
Node 0 DMA32 free:3492kB min:3452kB low:4312kB high:5176kB active:313576kB 
inactive:314656kB present:757376kB pages_scanned:1226904 all_unreclaimable? yes
lowmem_reserve[]: 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active:0kB inactive:0kB 
present:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0 0
Node 0 HighMem free:0kB min:128kB low:128kB high:128kB active:0kB inactive:0kB 
present:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 4*4kB 4*8kB 2*16kB 5*32kB 4*64kB 1*128kB 2*256kB 0*512kB 1*1024kB 
0*2048kB 0*4096kB = 2160kB
Node 0 DMA32: 19*4kB 11*8kB 0*16kB 0*32kB 8*64kB 2*128kB 0*256kB 1*512kB 
0*1024kB 1*2048kB 0*4096kB = 3492kB
Node 0 Normal: empty
Node 0 HighMem: empty
45 pagecache pages
Swap cache: add 8934620, delete 8934620, find 7869746/7929974, race 11+11
Free swap  = 0kB
Total swap = 4096564kB
Free swap:0kB
196064 pages of RAM
13511 reserved pages
4950 pages shared
0 pages swap cached

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] out of memory

[Stephen John Smoogen]

On Wed, Jul 29, 2009 at 4:30 PM, Jerry Geis wrote:
> I am getting this message quite often lately.
>
> Centos 5.3, AMD dual core 5050e system x64
>
> 1 GIG ram, 4 GIG swap
>

Well that is a lot of swap for a server.. if something really starts
using that much swap its going to most likely end up in a bad race
where you are swapping out more stuff than you are getting in.  For
most large memory systems my rule of thumb is no more than 1:1 on
swap. Adding to 1 to 3 more GB of memory can fix some of these issues
sometimes because you have more room to stuff things in when trying to
swap stuff in.

> Free swap  = 0kB
> Total swap = 4096564kB
> Free swap:            0kB

Something is eating up swap. Not sure what it is from the message.. so
you are going to need to look in using some sort of script to track
whats going on and see if you can find out what is doing it.



-- 
Stephen J Smoogen.

Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] python 2.4.3-24.el5_3.6

[Markus Falb]

Markus Falb wrote:

> there is a python update
> 
> ...snippel
> $ yum update
> ...
> Updating:
>  python   i386
> 2.4.3-24.el5_3.6   updates   5.9 M
> Installing for dependencies:
>  kernel-PAE   i686
> 2.6.18-128.1.6.el5 updates15 M
> snappel...
> 
> why does it require kernel-PAE ?
> manual download and install via
> $ rpm -Fvh python...
> worked without the need for another kernel.

i found out the libxml2-python rpm is triggering the kernel dependency. 
when i uninstall libxml2-python the dep goes away.

...snippel
[r...@bombas ~]# yum deplist libxml2-python
...
  dependency: /usr/lib/python2.4
   provider: python.i386 2.4.3-24.el5
   provider: kernel-PAE.i686 2.6.18-128.1.6.el5
snappel...

strange.

-- 
best regards,
markus

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] python 2.4.3-24.el5_3.6

[Benjamin Franz]

Markus Falb wrote:
> i found out the libxml2-python rpm is triggering the kernel dependency. 
> when i uninstall libxml2-python the dep goes away.
>
> ...snippel
> [r...@bombas ~]# yum deplist libxml2-python
> ...
>   dependency: /usr/lib/python2.4
>provider: python.i386 2.4.3-24.el5
>provider: kernel-PAE.i686 2.6.18-128.1.6.el5
> snappel...
>
> strange.
>   
I'm getting dependency issues on the python update itself:


I'm getting a missing dependency of /usr/lib64/python2.4 on the python 
update. :(

--> Processing Dependency: /usr/lib64/python2.4 for package: libxslt-python
--> Processing Dependency: /usr/lib64/python2.4 for package: gamin-python
--> Processing Dependency: /usr/lib64/python2.4 for package: libxml2-python
--> Finished Dependency Resolution
gamin-python-0.1.7-8.el5.x86_64 from installed has depsolving problems
  --> Missing Dependency: /usr/lib64/python2.4 is needed by package 
gamin-python-0.1.7-8.el5.x86_64 (installed)
libxslt-python-1.1.17-2.el5_2.2.x86_64 from installed has depsolving 
problems
  --> Missing Dependency: /usr/lib64/python2.4 is needed by package 
libxslt-python-1.1.17-2.el5_2.2.x86_64 (installed)
libxml2-python-2.6.26-2.1.2.7.x86_64 from installed has depsolving problems
  --> Missing Dependency: /usr/lib64/python2.4 is needed by package 
libxml2-python-2.6.26-2.1.2.7.x86_64 (installed)
Error: Missing Dependency: /usr/lib64/python2.4 is needed by package 
libxslt-python-1.1.17-2.el5_2.2.x86_64 (installed)
Error: Missing Dependency: /usr/lib64/python2.4 is needed by package 
libxml2-python-2.6.26-2.1.2.7.x86_64 (installed)
Error: Missing Dependency: /usr/lib64/python2.4 is needed by package 
gamin-python-0.1.7-8.el5.x86_64 (installed)

:(

-- 
Benjamin Franz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DRBD on a xen host: crash on high I/O

[Ross Walker]

On Jul 29, 2009, at 2:30 PM, "Andrea Dell'Amico"  
 wrote:

> On Wed, 2009-07-29 at 16:16 +0200, Andrea Dell'Amico wrote:
>> On Wed, 2009-07-29 at 09:55 -0400, Ross Walker wrote:
>
>> I'm pretty sure the crash is DRBD related: until the secondary drbd
>> server is detached, all is working well. There are 23 guests running,
>> right now, some of them paravirtualized, other full virtualized.  
>> Some of
>> them use files images, other logical volumes (all of them over a drbd
>> device).
>> And I don't have a resource starvation, but a kernel crash and an
>> immediate reboot.
>
> It seems that one:
> http://thread.gmane.org/gmane.linux.network.drbd/17537 but I didn't
> loose the link between primary and secondary

The OP with the iSCSI problem saw no resource starvation either, yet  
the hypervisor was rate limiting his dom0 CPU usage to the point where  
he was missing interrupts.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] python 2.4.3-24.el5_3.6

[John R. Dennison]

On Wed, Jul 29, 2009 at 04:03:37PM -0700, Benjamin Franz wrote:
>
> I'm getting dependency issues on the python update itself:
> 
> 
> I'm getting a missing dependency of /usr/lib64/python2.4 on the python 
> update. :(

This happened on one of two identical (mirror image) servers of
mine.

"yum clean all && yum update" fixed it.




John

-- 
"Which is more believable: In the beginning there was God, who created the
universe, or in the beginning there was nothing, which exploded" - 


pgpXmNwNu6i48.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] python 2.4.3-24.el5_3.6

[Benjamin Franz]

John R. Dennison wrote:
> On Wed, Jul 29, 2009 at 04:03:37PM -0700, Benjamin Franz wrote:
>   
>> I'm getting dependency issues on the python update itself:
>>
>>
>> I'm getting a missing dependency of /usr/lib64/python2.4 on the python 
>> update. :(
>> 
>
>   This happened on one of two identical (mirror image) servers of
>   mine.
>
>   "yum clean all && yum update" fixed it.
That did the trick. :)

-- 
Benjamin Franz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB, AutoMount & VNC

[Jason Thrasher]

Hi Guy,
I'm curious if you found a solution to the headless automount problem  
on centos?  I'm running into a similar problem, though I am not using  
VNC.  My machine is simply headless, with only network and power  
supplied, and I'm trying to trigger a bash script to run when a new  
device is added (like USB, DVD, CDROM, etc) using a custom udev rule.

Automount seems to only work for removable devices if a user is logged  
in locally on the console, not via ssh.  Something about the tty  
nature of the login seems to be affecting how udev handles these  
removable devices.  When a user is logged in locally, it fires the  
udev rules, and will run my udev rule which triggers other actions.  I  
can't get this to work without the local login though.

any ideas or pointers?

thanks,
Jason


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] relatime in plus kernel

[Akemi Yagi]

On Wed, Jul 29, 2009 at 8:13 AM, Yuji Tsuchimoto wrote:
> Dear Karanbir and all,
>
> That sounds nice.
> I'll try to make a patch for the current plus kernel.
>
> Thanks, Yuji

Yujiさん,

Yes, if you could provide a patch that can be cleanly applied to the
CentOS kernel, that would be great.

よろしく。

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[Stephen Harris]

In-Reply-To=<4a70b20c.5020...@karan.org>
Reply-To: 

(Apologies if this isn't in the thread properly; I'm trying to fake it from
the website headers :-))

Karanbir Singh wrote:
> http://lists.centos.org/pipermail/centos-devel/2009-July/004794.html
> 
> I've updated 2 machines, and had no problems here. But some wider 
> testing would be good and we can get them into the main repos so more 
> people benefit.

I just updated one machine; the process ended up with named not running.

I did 
  rpm -Uvh bind-utils-9.2.4-30.el4_8.4.i386.rpm bind-9.2.4-30.el4_8.4.i386.rpm 
bind-libs-9.2.4-30.el4_8.4.i386.rpm

and got

  Jul 29 20:29:15 linode named:  succeeded
  Jul 29 20:29:16 linode named[2873]: shutting down: flushing changes
  Jul 29 20:29:16 linode named[2873]: stopping command channel on 127.0.0.1#953
  Jul 29 20:29:16 linode named[2873]: no longer listening on 127.0.0.1#53
  Jul 29 20:29:16 linode named[2873]: no longer listening on 66.160.141.105#53
  Jul 29 20:29:17 linode named[2873]: exiting
  Jul 29 20:29:18 linode named:  failed

After a restart it appeared to work...

  Jul 29 20:29:41 linode named[31609]: starting BIND 9.2.4 -u named
  Jul 29 20:29:41 linode named[31609]: using 4 CPUs
  Jul 29 20:29:41 linode named[31609]: loading configuration from 
'/etc/named.conf'

etc...

The daemon seems to be responding properly to requests after this manual
start.

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] aautomatic updates

[Mike -- EMAIL IGNORED]

On Tue, 28 Jul 2009 22:14:25 -0500, Robert wrote:

[...]
> Don't you just hate it when you know something and can't remember it!?!

Yes, and it happens more often as time passes.
Mike.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kvm in Centos 5.3

[Kanwar Ranbir Sandhu]

On Wed, 2009-07-29 at 15:26 -0700, Akemi Yagi wrote:
> kvm is available now.  Here is the CentOS wiki article for kvm-howto.
> 
> http://wiki.centos.org/HowTos/KVM

I noticed that, too.  The version in the testing repo is the one I'd be
interested in.  But, I have a couple of questions:

1. How stable is it?
2. Any idea if moving from this testing version to the eventual official
release in CentOS 5.4 will present any problems?  (I suspect not)

Regards,

Ranbir

-- 
Kanwar Ranbir Sandhu
Linux 2.6.27.25-170.2.72.fc10.x86_64 x86_64 GNU/Linux 
21:49:02 up 5 days, 13:15, 4 users, load average: 0.40, 0.21, 0.18 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] LSI MegaRAID system status

[Raymond Lillard]

Dear list,

I have inherited a CentOS-5 box with a LSI Sata Raid controller.
It is configured as a RAID5 w/hot-standby.  My concern is that
I have no present means of determining the RAID status w/o
downing the system and going into the bios to get status.  If
a disk has failed and brought the standby disk online, I would
like to know about it, the day it happens by seeing it in syslog
or getting an e-mail message.

The only solution I have found is on the LSI web-site.  It is
tool called "MegaMon for Linux".  It most recent release was
in 2005 and it requires that I use their driver.  Just the
package title gives me chills.  It runs as a daemon and is
almost constantly polling the h/w .

I would much prefer a simple command line tool that I can
wrap a script around and run it under cron.

My questions are:

1.  Does anyone know of a command line tool ?

2.  Failing a positive response to #1, has anyone any experience
with "MegaMon for Linux", good or otherwise ?

Thanks to all,
Ray


The h/w is a dual Opteron dual-core system with lots of memory.
The relevant dmesg lines and lspci output are shown below:

dmesg:

 megaraid cmm: 2.20.2.7 (Release Date: Sun Jul 16 00:01:03 EST 2006)
 megaraid: 2.20.5.1 (Release Date: Thu Nov 16 15:32:35 EST 2006)
 megaraid: probe new device 0x1000:0x0409:0x1000:0x3008: bus 3:slot 14:func 0
 GSI 17 sharing vector 0xA8 and IRQ 17
 ACPI: PCI Interrupt :03:0e.0[C] -> GSI 18 (level, low) -> IRQ 17
 megaraid: fw version:[814B] bios version:[H431]
 scsi5 : LSI Logic MegaRAID driver
 scsi[5]: scanning scsi channel 0 [Phy 0] for non-raid devices
 scsi[5]: scanning scsi channel 1 [virtual] for logical drives
   Vendor: MegaRAID  Model: LD 0 RAID5 1144G  Rev: 814B
   Type:   Direct-Access  ANSI SCSI revision: 02
*SCSI device sdc: 2343745536 512-byte hdwr sectors (118 MB)
*sdc: Write Protect is off
*sdc: Mode Sense: 00 00 00 00
*sdc: asking for cache data failed
*sdc: assuming drive cache: write through
*SCSI device sdc: 2343745536 512-byte hdwr sectors (118 MB)
*sdc: Write Protect is off
*sdc: Mode Sense: 00 00 00 00
*sdc: asking for cache data failed
*sdc: assuming drive cache: write through
* sdc: sdc1 sdc2 sdc3
*sd 5:1:0:0: Attached scsi disk sdc


lspci -v

 03:0e.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID (rev 0a)
 Subsystem: LSI Logic / Symbios Logic MegaRAID SATA 300-8X RAID Controller
 Flags: bus master, stepping, 66MHz, medium devsel, latency 64, IRQ 17
 Memory at cfcf (32-bit, prefetchable) [size=64K]
 Memory at fe50 (32-bit, non-prefetchable) [size=1M]
 Expansion ROM at fe4e [disabled] [size=128K]
 Capabilities: [c0] Power Management version 2
 Capabilities: [d0] Message Signalled Interrupts: 64bit+ Queue=0/1 Enable-
 Capabilities: [e0] PCI-X non-bridge device
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LSI MegaRAID system status

[Eugene Vilensky]

http://www.monitoringexchange.org/cgi-bin/page.cgi?g=2416.html;d=1

google has more.

On Wednesday, July 29, 2009, Raymond Lillard  wrote:
>
> Dear list,
>
> I have inherited a CentOS-5 box with a LSI Sata Raid controller.
> It is configured as a RAID5 w/hot-standby.  My concern is that
> I have no present means of determining the RAID status w/o
> downing the system and going into the bios to get status.  If
> a disk has failed and brought the standby disk online, I would
> like to know about it, the day it happens by seeing it in syslog
> or getting an e-mail message.
>
> The only solution I have found is on the LSI web-site.  It is
> tool called "MegaMon for Linux".  It most recent release was
> in 2005 and it requires that I use their driver.  Just the
> package title gives me chills.  It runs as a daemon and is
> almost constantly polling the h/w .
>
> I would much prefer a simple command line tool that I can
> wrap a script around and run it under cron.
>
> My questions are:
>
> 1.  Does anyone know of a command line tool ?
>
> 2.  Failing a positive response to #1, has anyone any experience
>     with "MegaMon for Linux", good or otherwise ?
>
> Thanks to all,
> Ray
>
>
> The h/w is a dual Opteron dual-core system with lots of memory.
> The relevant dmesg lines and lspci output are shown below:
>
> dmesg:
>
>  megaraid cmm: 2.20.2.7 (Release Date: Sun Jul 16 00:01:03 EST 2006)
>  megaraid: 2.20.5.1 (Release Date: Thu Nov 16 15:32:35 EST 2006)
>  megaraid: probe new device 0x1000:0x0409:0x1000:0x3008: bus 3:slot 14:func 0
>  GSI 17 sharing vector 0xA8 and IRQ 17
>  ACPI: PCI Interrupt :03:0e.0[C] -> GSI 18 (level, low) -> IRQ 17
>  megaraid: fw version:[814B] bios version:[H431]
>  scsi5 : LSI Logic MegaRAID driver
>  scsi[5]: scanning scsi channel 0 [Phy 0] for non-raid devices
>  scsi[5]: scanning scsi channel 1 [virtual] for logical drives
>    Vendor: MegaRAID  Model: LD 0 RAID5 1144G  Rev: 814B
>    Type:   Direct-Access                      ANSI SCSI revision: 02
> *SCSI device sdc: 2343745536 512-byte hdwr sectors (118 MB)
> *sdc: Write Protect is off
> *sdc: Mode Sense: 00 00 00 00
> *sdc: asking for cache data failed
> *sdc: assuming drive cache: write through
> *SCSI device sdc: 2343745536 512-byte hdwr sectors (118 MB)
> *sdc: Write Protect is off
> *sdc: Mode Sense: 00 00 00 00
> *sdc: asking for cache data failed
> *sdc: assuming drive cache: write through
> * sdc: sdc1 sdc2 sdc3
> *sd 5:1:0:0: Attached scsi disk sdc
>
>
> lspci -v
>
>  03:0e.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID (rev 0a)
>      Subsystem: LSI Logic / Symbios Logic MegaRAID SATA 300-8X RAID Controller
>      Flags: bus master, stepping, 66MHz, medium devsel, latency 64, IRQ 17
>      Memory at cfcf (32-bit, prefetchable) [size=64K]
>      Memory at fe50 (32-bit, non-prefetchable) [size=1M]
>      Expansion ROM at fe4e [disabled] [size=128K]
>      Capabilities: [c0] Power Management version 2
>      Capabilities: [d0] Message Signalled Interrupts: 64bit+ Queue=0/1 Enable-
>      Capabilities: [e0] PCI-X non-bridge device
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

-- 
Regards,
Eugene Vilensky
evilen...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LSI MegaRAID system status

[Joseph L. Casale]

>I would much prefer a simple command line tool that I can
>wrap a script around and run it under cron.

I did this when I didn't have a Nagios environment or an snmp
setup (LSI provides an SNMP monitoring package for it).

Simply use the MegaCLI to query for status of all LD's and
grep for failure modes.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] rattle rattle

[donavan nelson]

Can I rattle this cage open?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Open Letter to Lance Davis

[R P Herrold]

I seem to be having network and email issues tonight;  please 
excuse any duplication


-- Russ herrold

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


HTML dump on Thu Jul 30 00:30:33 EDT 2009
 http://www.centos.org/


   Open Letter to Lance Davis

   July 30, 2009 04:39 UTC

   This is an Open Letter to Lance Davis from fellow CentOS Developers It is
   regrettable that we are forced to send this letter but we are left with
   no other options. For some time now we have been attempting to resolve
   these problems:

   You seem to have crawled into a hole ... and this is not acceptable.

   You have long promised a statement of CentOS project funds; to this date
   this has not appeared.

   You hold sole control of the centos.org domain with no deputy; this is
   not proper.

   You have, it seems, sole 'Founders' rights in the IRC channels with no
   deputy ; this is not proper.

   When I (Russ) try to call the phone numbers for UK Linux, and for you
   individually, I get a telco intercept 'Lines are temporarily busy' for
   the last two weeks. Finally yesterday, a voicemail in your voice picked
   up, and I left a message urgently requesting a reply. Karanbir also
   reports calling and leaving messages without your reply.

   Please do not kill CentOS through your fear of shared management of the
   project.

   Clearly the project dies if all the developers walk away.

   Please contact me, or any other signer of this letter at once, to arrange
   for the required information to keep the project alive at the
   'centos.org' domain.

   Sincerely,
   Russ Herrold
   Ralph Angenendt
   Karanbir Singh
   Jim Perrin
   Donavan Nelson
   Tim Verhoeven
   Tru Huynh
   Johnny Hughes

- --
This document clearsigned with the key indicated and of record at the
customary keyservers

See:
http://orcorc.blogspot.com/2008/08/gnupg-few-minutes-on-using-detached-and.html

user: "R P Herrold "
1024-bit DSA key, ID 9B649644, created 2003-02-09
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFKcSQKMRh1QZtklkQRAqIFAJ96+UzMm7O0/JanMcYYqnX+UPJhMwCeOoL9
s83yIVHOmbcASgmb4hE8GRY=
=2Yg2
-END PGP SIGNATURE--BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


HTML dump on Thu Jul 30 00:30:33 EDT 2009
 http://www.centos.org/


   Open Letter to Lance Davis

   July 30, 2009 04:39 UTC

   This is an Open Letter to Lance Davis from fellow CentOS Developers It is
   regrettable that we are forced to send this letter but we are left with
   no other options. For some time now we have been attempting to resolve
   these problems:

   You seem to have crawled into a hole ... and this is not acceptable.

   You have long promised a statement of CentOS project funds; to this date
   this has not appeared.

   You hold sole control of the centos.org domain with no deputy; this is
   not proper.

   You have, it seems, sole 'Founders' rights in the IRC channels with no
   deputy ; this is not proper.

   When I (Russ) try to call the phone numbers for UK Linux, and for you
   individually, I get a telco intercept 'Lines are temporarily busy' for
   the last two weeks. Finally yesterday, a voicemail in your voice picked
   up, and I left a message urgently requesting a reply. Karanbir also
   reports calling and leaving messages without your reply.

   Please do not kill CentOS through your fear of shared management of the
   project.

   Clearly the project dies if all the developers walk away.

   Please contact me, or any other signer of this letter at once, to arrange
   for the required information to keep the project alive at the
   'centos.org' domain.

   Sincerely,
   Russ Herrold
   Ralph Angenendt
   Karanbir Singh
   Jim Perrin
   Donavan Nelson
   Tim Verhoeven
   Tru Huynh
   Johnny Hughes

- --
This document clearsigned with the key indicated and of record at the
customary keyservers

See:
http://orcorc.blogspot.com/2008/08/gnupg-few-minutes-on-using-detached-and.html

user: "R P Herrold "
1024-bit DSA key, ID 9B649644, created 2003-02-09
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFKcSQKMRh1QZtklkQRAqIFAJ96+UzMm7O0/JanMcYYqnX+UPJhMwCeOoL9
s83yIVHOmbcASgmb4hE8GRY=
=2Yg2
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LSI MegaRAID system status -- SOLVED

[Raymond Lillard]

Thanks to both of you who replied.

Mr. Vilensky's approach seemed easiest and his google powers
exceed mine.

The link he provided was the key.
http://www.monitoringexchange.org/cgi-bin/page.cgi?g=2416.html;d=1

The only issue for me was that the megarc URL has been
changed.  I found the package at:
http://www.lsi.com/DistributionSystem/AssetDocument/files/support/rsa/utilities/megaconf/ut_linux_megarc_1.11.zip

Problem solved.

Best to all,
Ray

Raymond Lillard wrote:
> Dear list,
> 
> I have inherited a CentOS-5 box with a LSI Sata Raid controller.
> It is configured as a RAID5 w/hot-standby.  My concern is that
> I have no present means of determining the RAID status w/o
> downing the system and going into the bios to get status.  If
> a disk has failed and brought the standby disk online, I would
> like to know about it, the day it happens by seeing it in syslog
> or getting an e-mail message.
> 
> The only solution I have found is on the LSI web-site.  It is
> tool called "MegaMon for Linux".  It most recent release was
> in 2005 and it requires that I use their driver.  Just the
> package title gives me chills.  It runs as a daemon and is
> almost constantly polling the h/w .
> 
> I would much prefer a simple command line tool that I can
> wrap a script around and run it under cron.
> 
> My questions are:
> 
> 1.  Does anyone know of a command line tool ?
> 
> 2.  Failing a positive response to #1, has anyone any experience
> with "MegaMon for Linux", good or otherwise ?
> 
> Thanks to all,
> Ray
> 
> 
> The h/w is a dual Opteron dual-core system with lots of memory.
> The relevant dmesg lines and lspci output are shown below:
> 
> dmesg:
> 
>  megaraid cmm: 2.20.2.7 (Release Date: Sun Jul 16 00:01:03 EST 2006)
>  megaraid: 2.20.5.1 (Release Date: Thu Nov 16 15:32:35 EST 2006)
>  megaraid: probe new device 0x1000:0x0409:0x1000:0x3008: bus 3:slot 14:func 0
>  GSI 17 sharing vector 0xA8 and IRQ 17
>  ACPI: PCI Interrupt :03:0e.0[C] -> GSI 18 (level, low) -> IRQ 17
>  megaraid: fw version:[814B] bios version:[H431]
>  scsi5 : LSI Logic MegaRAID driver
>  scsi[5]: scanning scsi channel 0 [Phy 0] for non-raid devices
>  scsi[5]: scanning scsi channel 1 [virtual] for logical drives
>Vendor: MegaRAID  Model: LD 0 RAID5 1144G  Rev: 814B
>Type:   Direct-Access  ANSI SCSI revision: 02
> *SCSI device sdc: 2343745536 512-byte hdwr sectors (118 MB)
> *sdc: Write Protect is off
> *sdc: Mode Sense: 00 00 00 00
> *sdc: asking for cache data failed
> *sdc: assuming drive cache: write through
> *SCSI device sdc: 2343745536 512-byte hdwr sectors (118 MB)
> *sdc: Write Protect is off
> *sdc: Mode Sense: 00 00 00 00
> *sdc: asking for cache data failed
> *sdc: assuming drive cache: write through
> * sdc: sdc1 sdc2 sdc3
> *sd 5:1:0:0: Attached scsi disk sdc
> 
> 
> lspci -v
> 
>  03:0e.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID (rev 0a)
>  Subsystem: LSI Logic / Symbios Logic MegaRAID SATA 300-8X RAID Controller
>  Flags: bus master, stepping, 66MHz, medium devsel, latency 64, IRQ 17
>  Memory at cfcf (32-bit, prefetchable) [size=64K]
>  Memory at fe50 (32-bit, non-prefetchable) [size=1M]
>  Expansion ROM at fe4e [disabled] [size=128K]
>  Capabilities: [c0] Power Management version 2
>  Capabilities: [d0] Message Signalled Interrupts: 64bit+ Queue=0/1 Enable-
>  Capabilities: [e0] PCI-X non-bridge device
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND vulnerability

[Mogens Kjaer]

On 07/29/2009 10:15 PM, Karanbir Singh wrote:
...
> The CentOS update have now been released, you should be able to yum
> update on C5 already.
>

Thanks!

On my C5 server:

# rpm -qa bind
bind-9.3.4-10.P1.el5_3.3

On my RHEL 5 server:

# rpm -qa bind
bind-9.3.4-10.P1.el5_3.1
# yum clean all
# yum update
...
Setting up Update Process
No Packages marked for Update

CentOS quicker than upstream? :-)

Mogens

-- 
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Mobile: +45 22 12 53 25
Email: m...@crc.dk Homepage: http://www.crc.dk
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos