[CentOS] Monitoring a remote server with Conky ?
Hi, I've been using Conky for some time, a nifty utility to monitor just about anything on the PC. Vital things like CPU, RAM, swap, disks, current song playing in MPD :o) Here's what it looks like : http://www.microlinux.fr/images/bureau_conky.png And with more detail : http://www.microlinux.fr/images/conky_zoom.png Now I wonder... I'd really like to use that to monitor my remote server. I know this feature isn't officially supported by Conky, but I'm right now thinking about a workaround. Something like: OK, my server is 'headless' (e. g.: no graphical server, nothing), but why not install just xorg-x11-server-Xorg, then use Conky and forward it to my local display with SSH -X ? I'm pondering this question, thinking about the possible issues... ... so maybe one of you guys here has come up with some solution ? Cheers, Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] DHCP auth&auth software
2009/10/19 Marko Vojinovic : > with a form the user is supposed to fill in and send. After he does so, an > administrator does a sanity check of the data the user provided, and grants or > denies access. If access is granted, the user gets a new, unrestricted dhcp > lease, which provides him with a normal access to local network. Just be aware that, as far as I hear the experts, MAC addresses can be sniffed off the air even on "protected"/"encrypted" WiFi networks and so an intruder can find authorised ones. So trusting the MAC address for authentication is not secure. The way I hear that this is usually done is to create a VPN tunnel over the WiFi connection. Legitimate users still have to authenticate over that VPN tunnel and therefore even a fake sniffed MAC address won't help an intruder. The VPN also enhances protection of legitimate traffic. I never implemented this (neither the WiFi protection nor the MAC sniffing) so can't testify from personal experience. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitoring a remote server with Conky ?
On Mon, Oct 19, 2009 at 7:59 AM, Niki Kovacs wrote: > Hi, > > I've been using Conky for some time, a nifty utility to monitor just > about anything on the PC. Vital things like CPU, RAM, swap, disks, > current song playing in MPD :o) > > Here's what it looks like : > > http://www.microlinux.fr/images/bureau_conky.png > > And with more detail : > > http://www.microlinux.fr/images/conky_zoom.png > > Now I wonder... I'd really like to use that to monitor my remote server. > I know this feature isn't officially supported by Conky, but I'm right > now thinking about a workaround. Something like: OK, my server is > 'headless' (e. g.: no graphical server, nothing), but why not install > just xorg-x11-server-Xorg, then use Conky and forward it to my local > display with SSH -X ? I'm pondering this question, thinking about the > possible issues... > > ... so maybe one of you guys here has come up with some solution ? > > Cheers, > > Niki > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Don't know about conky, but I think gkrellm can work in a server-client scheme. Maybe that works for you. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitoring a remote server with Conky ?
One more vote for gkrellm. You can install gkrellm-daemon from the epel repo on the server and then monitor from your workstation. On Mon, Oct 19, 2009 at 9:22 AM, Lucian @ lastdot.org wrote: > On Mon, Oct 19, 2009 at 7:59 AM, Niki Kovacs > wrote: > > Hi, > > > > I've been using Conky for some time, a nifty utility to monitor just > > about anything on the PC. Vital things like CPU, RAM, swap, disks, > > current song playing in MPD :o) > > > > Here's what it looks like : > > > > http://www.microlinux.fr/images/bureau_conky.png > > > > And with more detail : > > > > http://www.microlinux.fr/images/conky_zoom.png > > > > Now I wonder... I'd really like to use that to monitor my remote server. > > I know this feature isn't officially supported by Conky, but I'm right > > now thinking about a workaround. Something like: OK, my server is > > 'headless' (e. g.: no graphical server, nothing), but why not install > > just xorg-x11-server-Xorg, then use Conky and forward it to my local > > display with SSH -X ? I'm pondering this question, thinking about the > > possible issues... > > > > ... so maybe one of you guys here has come up with some solution ? > > > > Cheers, > > > > Niki > > ___ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > Don't know about conky, but I think gkrellm can work in a > server-client scheme. Maybe that works for you. > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Backing up a centos serveR? how to ? Newbie question..
Hi all, excuse my newbie question but how can i backup my centos server? i have a dozzen of virtual hosts over it as well as substantial database entries.. i've backed up the following directories using rsync: workspace/ /etc/httpd/ /etc/apache-tomcat-6.0.20/ /usr/lib/mysql/ /var/lib/mysql though i'm still not at ease with this, so i decided to do a some sort of clone or something to move this server to a VMWARE which i will turn on when needed (if main server failed) any advice on how to do so ? i've looked around and tried using "clonezilla" though that didn't work with me, i guess i mustve done something wrong... each time i try to boot from the cloned image of the local disk (which in turn cloned to the VM's local disk) it gives an error bout root records... so any other way ? any sort of help is greatly appreciated :) thanks and best regards, Roland _ Keep your friends updated—even when you’re not signed in. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] allowing users to issue the "shutdown" command
On 17-Oct-2009 Robert wrote: > > > Buz Davis wrote: >> I am running CentOS 5.3 and have just the two accounts "root" and >> "buz". I would like to be able to issue "shutdown" from the account >> "buz", and thus created >> /etc/shutdown.allow with the single entry "buz" (without any quotes). >> I still >> get the error message "only root can do this" (or something similar) >> even if I include the '-a' option on the shutdown command. What am I >> missing ? >> > I'm not going to verify this right now but I believe "buz" can execute > the command "poweroff" to shutdown -h now > and "reboot" to shutdown -r now. > > [...@mavis rj]$ ls -l `which poweroff` > lrwxrwxrwx 1 root root 13 Apr 2 2009 /usr/bin/poweroff -> > consolehelper > [...@mavis rj]$ ls -l `which reboot` > lrwxrwxrwx 1 root root 13 Apr 2 2009 /usr/bin/reboot -> > consolehelper > [...@mavis rj]$ >From the man page: If halt or reboot is called when the system is not in runlevel 0 or 6, in other words when it's running normally, shutdown will be invoked instead (with the -h or -r flag). For more info see the shutdown(8) manpage. -Philip ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] trying to understand OSS, GPL, BSD & other licensing model for software distribution.
Late follow-up: Rudi Ahlers schrieb: > Now, my question(s) is as follows: > > Can I sell one script as GPL, but another as AGPL, or even BSD under > the same company name? And if these 2 are tied together (i.e. being > able to be used together, although seperate programs / script - for > example Apache + PHP), how would I license them? > > Here's a recent article about this subject: http://www.h-online.com/open/features/Open-core-closed-heart-816723.html cheers, Rainer ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] DHCP auth&auth software
On Monday 19 October 2009 08:05:39 Amos Shapira wrote: > 2009/10/19 Marko Vojinovic : > > with a form the user is supposed to fill in and send. After he does so, > > an administrator does a sanity check of the data the user provided, and > > grants or denies access. If access is granted, the user gets a new, > > unrestricted dhcp lease, which provides him with a normal access to local > > network. > > Just be aware that, as far as I hear the experts, MAC addresses can be > sniffed off the air even on "protected"/"encrypted" WiFi networks and > so an intruder can find authorised ones. So trusting the MAC address > for authentication is not secure. Thanks for the warning, but my issue is maintenance rather than security. My Institute hosts cca 250 researchers and employees, each having a desktop machine and every other having a laptop in addition, so I have more or less 400 machines on the network every day. And when one of them starts spamming or spreading viruses or downloading illegal material via p2p or whatever, first thing I need to do is to locate the machine among 400 others in a 3-floor building. Or at least determine the machine owner. I've never had a case of deliberate network intrusion&misuse, since physical access to the building is rather restricted. So far problems have occurred exclusively because of user ignorance. Users don't bother to obey local policy about p2p, antivirus and other protection, so I have to find them and make them obey it. And finding them is not easy if the only information I have is the dynamically assigned IP. > The way I hear that this is usually done is to create a VPN tunnel > over the WiFi connection. Legitimate users still have to authenticate > over that VPN tunnel and therefore even a fake sniffed MAC address > won't help an intruder. The VPN also enhances protection of legitimate > traffic. I agree this would be more secure, but is an overkill in my situation. And it makes life more complicated for me and other admins, as well as users. :-) But nevertheless, thanks for the info! :-) Best, :-) Marko ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
2009/10/19 ken : > In the couple of months I've had the need to contact Redhat support on > just one issue and their "support" has been terrible, so far completely > useless and a waste of time. I don't know what Redhat charges us for The only guy I personally know who went with RedHat "because their support was included for free with our servers" reported the same. I'm a bit surprised (and disappointed) to hear such negative testimonials about RedHat support. Do others have different experience? Could it be the the quality of support is tiered by how much you pay, enough to make a difference? Personally - my organisation runs over a hundred CentOS servers and growing rapidly, so for now it's not directly relevant to us. But I am aware of the connection between RedHat's health and CentOS', as well as RedHat's large volume of contribution back to the FOSS world, and would like to see them do well. Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] DHCP auth&auth software
On Monday 19 October 2009 01:36:58 Mathew S. McCarrell wrote: > On Sun, Oct 18, 2009 at 11:38 AM, Marko Vojinovic wrote: > > On Sunday 18 October 2009 15:18:29 Jonathan Moore wrote: > > > On Sun, Oct 18, 2009 at 8:58 AM, Marko Vojinovic > > > > wrote: > > > > I imagine the following scenario: someone walks into my office > > > > building with a laptop (a colleague, a visitor, a guest, whoever), > > > > and hooks up onto the local net (wired or wireless). The server > > > > detects an unknown > > > > MAC > > > > > > address, issues a bogus dhcp lease which resolves all dns queries to > > > > a single internal web page with a form the user is supposed to fill > > > > in > > > > and > > > > > > send. After he does so, an administrator does a sanity check of the > > > > data > > > > > > the user provided, and grants or denies access. If access is granted, > > > > the > > > > > > user gets a new, unrestricted dhcp lease, which provides him with a > > > > normal access to local network. > > > > > > > > So what are my options? > > You might find Netreg (http://netreg.sourceforge.net/) useful. My > university uses it and it works quite well. This also looks promising. Thanks for the info! :-) Best, :-) Marko ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
Amos Shapira schrieb: > 2009/10/19 ken : > >> In the couple of months I've had the need to contact Redhat support on >> just one issue and their "support" has been terrible, so far completely >> useless and a waste of time. I don't know what Redhat charges us for >> > > The only guy I personally know who went with RedHat "because their > support was included for free with our servers" reported the same. > > I'm a bit surprised (and disappointed) to hear such negative > testimonials about RedHat support. > > Do others have different experience? > > Could it be the the quality of support is tiered by how much you pay, > enough to make a difference? > I think the end-result may be just that, but for a different reason than one may think. Note that I don't have a deeper insight into what actually goes on at RedHat, but this is what I think happens, based on my own observations supporting customers. If you are a large customer, you open cases more often and maybe even have dedicated support-staff. After a while, that staff knows the way around your hardware, your network and gets a feeling for where the problem may lie. It's incredibly difficult to diagnose a problem with just the few lines you usually get from a support-ticket - I dare say almost impossible. Also, of course, with a larger contract, you may get to 2nd and 3rd-level support easier/quicker. Best Regards, Rainer ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] DHCP auth&auth software
2009/10/19 Marko Vojinovic : > I've never had a case of deliberate network intrusion&misuse, since physical > access to the building is rather restricted. So far problems have occurred > exclusively because of user ignorance. Users don't bother to obey local policy > about p2p, antivirus and other protection, so I have to find them and make > them > obey it. And finding them is not easy if the only information I have is the > dynamically assigned IP. I understand now that your situation is different from the one I envisioned when I wrote my previous post. Just wondering how easy is it to get within reach of your WiFi network - my mobile phone keeps picking up wireless networks wherever I go in urban areas and almost every stop outside the city (petrol stations etc). Is your building isolated enough to prevent someone from accessing your wireless networks from outside the secure area? Cheers, --Amos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Backing up a centos serveR? how to ? Newbie question..
From: RoLaNd RoLaNd >excuse my newbie question but how can i backup my centos server? >i have a dozzen of virtual hosts over it as well as substantial database >entries.. >i've backed up the following directories using rsync: >workspace/ >/etc/httpd/ >/etc/apache-tomcat-6.0.20/ >/usr/lib/mysql/ >/var/lib/mysql For mysql, I would use mysqldump instead of rsyncing the whole mysql directories... Something like: mysqldump | gzip -9 > -.gz JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] the ongoing wait for centos 5.4
Hi, I could download from the following torrents: http://sunsite.rediris.es/mirror/CentOS/5.4/isos/x86_64/CentOS-5.4-x86_64-bin-DVD.torrent http://sunsite.rediris.es/mirror/CentOS/5.4/isos/i386/CentOS-5.4-i386-bin-DVD.torrent The download was very quick, maybe because I'm now on business trip in London, where I believe there is a strong CentOS community. I installed the x86_64 in a virtual machine (KVM on Fedora 11 x86_64) and did the media check. I'm now seeding (reasonably) from the overpriced internet connection in the hotel room :) Many many thanks to the CentOS developers and the community, Mathieu On Mon, Oct 19, 2009 at 07:18, John R. Dennison wrote: > On Mon, Oct 19, 2009 at 02:06:58PM +0800, CentOS List wrote: >> >> If you had try harder and try them all, you should be able to find these >> mirrors with 5.4 in them. >> >> http://centos.cs.wisc.edu/pub/mirrors/linux/centos/5.4/ >> http://mirror.highspeedweb.net/CentOS/5.4/ >> http://mirror.sanctuaryhost.com/centos/5.4/isos/ >> http://mirror.fdcservers.net/centos/5.4/isos/ > > If you would try harder you'd notice that at least two of these > are incomplete. > > > > > > John > > -- > From empirical experience, your Exchange admin needs to put down the > crack pipe and open a window to disperse the fumes. - Ralf Hildebrandt > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] the ongoing wait for centos 5.4
>If I use BitTorrent to download the DVD image from >tracker.centos.org, I assume the file has to be complete >or could it still be missing something? I fetched my dvd's yesterday via bittorrent perfectly fine... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Backing up a centos serveR? how to ? Newbie question..
may be rsync help You Or u can try raid 0[mirrorig] for replicate failover triying drbd and heartbeat but I've tested and unsuccessfull on my zimbra machines Regards, David ./nobody John Doe wrote: > From: RoLaNd RoLaNd > >> excuse my newbie question but how can i backup my centos server? >> i have a dozzen of virtual hosts over it as well as substantial database >> entries.. >> i've backed up the following directories using rsync: >> workspace/ >> /etc/httpd/ >> /etc/apache-tomcat-6.0.20/ >> /usr/lib/mysql/ >> /var/lib/mysql >> > > For mysql, I would use mysqldump instead of rsyncing the whole mysql > directories... > Something like: > mysqldump | gzip -9 > -.gz > > JD > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Backing up a centos serveR? how to ? Newbie question..
Hi Roland On Mon, Oct 19, 2009 at 9:15 AM, RoLaNd RoLaNd wrote: > excuse my newbie question but how can i backup my centos server? We use Mondo Rescue (www.mondorescue.org/) and it works perfectly providing bare-iron recovery. We tend to use tape drives to back up our application and database (Oracle) and DVDs created by Mondo for everything else. Works perfectly with RHEL and CentOS. Recently I had some issues with recovering latest Dell servers like R900 or R710 series but after a bit of fiddling and extra commands to recognise external enclosures, they always ended up being recovered w/o any issues. -- Hakan (m1fcj) - http://www.hititgunesi.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Backing up a centos serveR? how to ? Newbie question..
RoLaNd RoLaNd wrote: > Hi all, > > > excuse my newbie question but how can i backup my centos server? > > i have a dozzen of virtual hosts over it as well as substantial database > entries.. > > i've backed up the following directories using rsync: > > workspace/ > /etc/httpd/ > /etc/apache-tomcat-6.0.20/ > /usr/lib/mysql/ > /var/lib/mysql > > > though i'm still not at ease with this, so i decided to do a some sort > of clone or something to move this server to a VMWARE which i will turn > on when needed (if main server failed) > > any advice on how to do so ? > > i've looked around and tried using "clonezilla" though that didn't work > with me, i guess i mustve done something wrong... each time i try to > boot from the cloned image of the local disk (which in turn cloned to > the VM's local disk) it gives an error bout root records... Can you be more specific about the error message? This should be like any other case of moving linux to different hardware. If the disk drivers don't match what is installed you have to rebuild the initrd with correct drivers. Or, the quick-fix is to boot from a live CD and copy the contents of /boot over from a machine (or VM) where the same version was installed on the same real or virtual hardware. > so any other way ? If you are going to VMware, you can probably use the vmware converter program that you can download for free. It will convert a running machine to a vmware image file or from one version of vmware to another, including the ESXi server where you don't have normal access to the filesystem. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitoring a remote server with Conky ?
Niki Kovacs wrote: > Hi, > > I've been using Conky for some time, a nifty utility to monitor just > about anything on the PC. Vital things like CPU, RAM, swap, disks, > current song playing in MPD :o) > > Here's what it looks like : > > http://www.microlinux.fr/images/bureau_conky.png > > And with more detail : > > http://www.microlinux.fr/images/conky_zoom.png > > Now I wonder... I'd really like to use that to monitor my remote server. > I know this feature isn't officially supported by Conky, but I'm right > now thinking about a workaround. Something like: OK, my server is > 'headless' (e. g.: no graphical server, nothing), but why not install > just xorg-x11-server-Xorg, then use Conky and forward it to my local > display with SSH -X ? I'm pondering this question, thinking about the > possible issues... > > ... so maybe one of you guys here has come up with some solution ? If you use X remotely much, just take the whole desktop with freenx on the server and the NX client that you can download from http://www.nomachine.com. It is very efficient and lets you disconnect/reconnect with everything still running, even from a different client - or even platform. == Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Backing up a centos serveR? how to ? Newbie question..
David Suhendrik wrote: > may be rsync help You > Or u can try raid 0[mirrorig] > for replicate failover triying drbd and heartbeat but I've tested and > unsuccessfull on my zimbra machines > > RAID IS NOT A BACKUP. I repeat. RAID IS NOT A BACKUP. Nor is replication. Best regards, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] DHCP auth&auth software
Marko Vojinovic wrote: > Does anyone know about some free (as in beer, and maybe as in speech) > software > which would implement authentication and authorization of a user prior to > issuing a valid dhcp lease? > > I imagine the following scenario: someone walks into my office building with > a > laptop (a colleague, a visitor, a guest, whoever), and hooks up onto the > local > net (wired or wireless). The server detects an unknown MAC address, issues a > bogus dhcp lease which resolves all dns queries to a single internal web page > with a form the user is supposed to fill in and send. After he does so, an > administrator does a sanity check of the data the user provided, and grants > or > denies access. If access is granted, the user gets a new, unrestricted dhcp > lease, which provides him with a normal access to local network. > What about 802.11x authentication? If they are authenticated, they are assigned to the 'internal' vlan and if not, an alert or something else is triggered? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitoring a remote server with Conky ?
On Mon, Oct 19, 2009 at 2:59 AM, Niki Kovacs wrote: > Hi, > > I've been using Conky for some time, a nifty utility to monitor just > about anything on the PC. Vital things like CPU, RAM, swap, disks, > current song playing in MPD :o) > > Here's what it looks like : > > http://www.microlinux.fr/images/bureau_conky.png > > And with more detail : > > http://www.microlinux.fr/images/conky_zoom.png > > Now I wonder... I'd really like to use that to monitor my remote server. > I know this feature isn't officially supported by Conky, but I'm right > now thinking about a workaround. Something like: OK, my server is > 'headless' (e. g.: no graphical server, nothing), but why not install > just xorg-x11-server-Xorg, then use Conky and forward it to my local > display with SSH -X ? I'm pondering this question, thinking about the > possible issues... > > ... so maybe one of you guys here has come up with some solution ? > > Cheers, > > Niki You typically do not monitor servers with these kinds of tools. They are made for workstations that have real people sitting at them. What you want for servers is software that saves to a log file, and then you view the log files as you desire. One of the most common tools for this is 'sar', which is part of the systat package. There is an interesting GUI tool for it called kSar that can use the logs from sar and generate graphs. For "realtime" monitoring, one would typically look at snmp and cacti to generate graphs, send alerts, etc... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitoring a remote server with Conky ?
On Mon, 2009-10-19 at 08:59 +0200, Niki Kovacs wrote: > Hi, > > I've been using Conky for some time, a nifty utility to monitor just > about anything on the PC. Vital things like CPU, RAM, swap, disks, > current song playing in MPD :o) > > Here's what it looks like : > > http://www.microlinux.fr/images/bureau_conky.png > > And with more detail : > > http://www.microlinux.fr/images/conky_zoom.png > > Now I wonder... I'd really like to use that to monitor my remote server. > I know this feature isn't officially supported by Conky, but I'm right > now thinking about a workaround. Something like: OK, my server is > 'headless' (e. g.: no graphical server, nothing), but why not install > just xorg-x11-server-Xorg, then use Conky and forward it to my local > display with SSH -X ? I'm pondering this question, thinking about the > possible issues... > > ... so maybe one of you guys here has come up with some solution ? > > Cheers, > > Niki Hi Niki, You could try a local script that gets values from a server that you would like to monitor... I might suggest looking into setting up snmpd on the server and using snmp walk to probe specific values (that relate to processes/free memory). What exactly would you be looking to monitor on the remote server? Tait signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Backing up a centos serveR? how to ? Newbie question..
On Monday 19 October 2009 08:56:48 RedShift wrote: > David Suhendrik wrote: > > may be rsync help You > > Or u can try raid 0[mirrorig] > > for replicate failover triying drbd and heartbeat but I've tested and > > unsuccessfull on my zimbra machines > > RAID IS NOT A BACKUP. > > I repeat. > > RAID IS NOT A BACKUP. > > Nor is replication. Exactly. RAID above RAID 0 does provide redundancy towards hard disk errors. It makes the system more robust. But the data is still in the same set of drives. Backup, as with scp, rsync and cron to a different computer is what you need. We backup our computers every hour with the above. It's very low impact and all we can loose are some changes in the last two hours if the system dies during rsync. David, RAID 0 is not mirroring. What it does is extend capacity over two or more drives. RAID 1 is mirroring. Bobby ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Backing up a centos serveR? how to ? Newbie question..
A really good place to find out info about the various raid levels and what their good for is here: http://www.acnc.com/04_01_00.html But please don't confuse raid with something like Bacula :) Regards Per At Monday, 19-10-2009 on 16:28 "Bobby" wrote: On Monday 19 October 2009 08:56:48 RedShift wrote: > David Suhendrik wrote: > > may be rsync help You > > Or u can try raid 0[mirrorig] > > for replicate failover triying drbd and heartbeat but I've tested and > > unsuccessfull on my zimbra machines > > RAID IS NOT A BACKUP. > > I repeat. > > RAID IS NOT A BACKUP. > > Nor is replication. Exactly. RAID above RAID 0 does provide redundancy towards hard disk errors. It makes the system more robust. But the data is still in the same set of drives. Backup, as with scp, rsync and cron to a different computer is what you need. We backup our computers every hour with the above. It's very low impact and all we can loose are some changes in the last two hours if the system dies during rsync. David, RAID 0 is not mirroring. What it does is extend capacity over two or more drives. RAID 1 is mirroring. Bobby ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] update of openssh-server i386 4.3p2-36.el5, dependencies
so far: - not a yum bug - not a configuration issue - other persons could reproduce this behaviour even under RHEL right? so this backport is actually broken or let's say the guy who did this, improved encryptFS-utils that much, it uses now X11 libraries even if it actually has no GUI... still right? ok, so now what is the next step? There is a ticket for this issue but it is reported as a yum bug (see my last post). we all just wait until somebody kicks some #$!@ of the responsible code monkeys? -- Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 - sicherer, schneller und einfacher! http://portal.gmx.net/de/go/atbrowser ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] update of openssh-server i386 4.3p2-36.el5, dependencies
zagiatakrapo...@gmx.ch wrote: > so far: > - not a yum bug > - not a configuration issue > - other persons could reproduce this behaviour even under RHEL > > right? > > so this backport is actually broken or let's say the guy who did this, > improved encryptFS-utils that much, it uses now X11 libraries even if it > actually has no GUI... > > still right? > > ok, so now what is the next step? > There is a ticket for this issue but it is reported as a yum bug (see my last > post). > > we all just wait until somebody kicks some #$!@ of the responsible code > monkeys? > > > rant on I usually stay out of flame wars an observe from the side lines or just discard the offending messages. However this time you have gone too far by calling the people who make this project possible both the CentOS team and the RedHat staff "Code Monkeys". I would suggest that you volunteer to fix the problem instead of name calling and being abusive or else pay for support to Redhat or another distro. ChrisG rant off ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitoring a remote server with Conky ?
Tait Clarridge a écrit : > > You could try a local script that gets values from a server that you > would like to monitor... I might suggest looking into setting up snmpd > on the server and using snmp walk to probe specific values (that relate > to processes/free memory). > > Thanks for all the numerous! I'll take a peek at all of them as soon as I have a spare moment and then report back. Cheers, Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Postfix, Milters and SELinux
Hi folks, I want to run Postfix with external milter application on a CentOS 5.3 mailgateway. At the moment SELinux is preventing postfix' cleanup daemon from accessing sockets. Before I to through the process of audit2allow trial and error - has anybody out there successfully gone though this and can send me a policy I can work with? Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] apache env vars - best practices
I've been setting custom env vars for Apache 1 of 2 ways; 1 - Changing the passwd file so Apache has a shell and loading a custom .bashrc file. 2 - Using the SetEnv directive in my httpd.conf file. I'm crazy about neither one as they both have limitations; 1 - I don't like giving Apache its own shell. 2 - The SetEnv directive only takes 2 args so if I have a var with multiple values like a path, it won't work. What's the cleanest way to set complex env vars for Apache? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache env vars - best practices
aurfal...@gmail.com wrote: > What's the cleanest way to set complex env vars for Apache? What are you needing to set such variables for? I've run apache for probably nearly 15 years now, doing many different types of things but never have I had to set complex environment variables. Have you tried sourcing the variables from the init script? One way may be to put the variables in /etc/sysconfig/httpd Perhaps there is a better way to do what you want without needing such environment variables. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache env vars - best practices
Hi Nate, We have our internal server running scripts and referencing variables in custom paths. So for example; Some one runs a Python script of http://intranet/batch The batch.py references some variables defined in certain paths. I need a good way of defining a path with multiple vars like FOO=/foo:/ bar... etc... I'm not having too much luck with setting vars in /etc/sysconfig/httpd either. On Oct 19, 2009, at 10:58 AM, nate wrote: > aurfal...@gmail.com wrote: > >> What's the cleanest way to set complex env vars for Apache? > > What are you needing to set such variables for? I've run apache > for probably nearly 15 years now, doing many different types of > things but never have I had to set complex environment > variables. > > Have you tried sourcing the variables from the init script? > One way may be to put the variables in /etc/sysconfig/httpd > > Perhaps there is a better way to do what you want without > needing such environment variables. > > nate > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache env vars - best practices
aurfal...@gmail.com wrote: > I've been setting custom env vars for Apache 1 of 2 ways; > > 1 - Changing the passwd file so Apache has a shell and loading a > custom .bashrc file. > > 2 - Using the SetEnv directive in my httpd.conf file. > > I'm crazy about neither one as they both have limitations; > > 1 - I don't like giving Apache its own shell. > > 2 - The SetEnv directive only takes 2 args so if I have a var with > multiple values like a path, it won't work. > > What's the cleanest way to set complex env vars for Apache? I'm not aware of any exceptions to environment variables being single key/value strings. The value of a path is a single string as far as the environment mechanism goes, even if the code that evaluates it splits on :'s by convention. I don't think there is such a thing as a complex env var. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache env vars - best practices
Hi Les, What I mean is that if I use the Apache directive; SetEnv BATCHPATH /foo It works. If I set; SetEnv BATCHPATH /foo:/bar Apache errors with a syntax that SetEnv takes 2 args only, a key and a value. I need multiple values for 1 key, as one would see in a standard mix env. Any ideas? On Oct 19, 2009, at 11:11 AM, Les Mikesell wrote: > aurfal...@gmail.com wrote: >> I've been setting custom env vars for Apache 1 of 2 ways; >> >> 1 - Changing the passwd file so Apache has a shell and loading a >> custom .bashrc file. >> >> 2 - Using the SetEnv directive in my httpd.conf file. >> >> I'm crazy about neither one as they both have limitations; >> >> 1 - I don't like giving Apache its own shell. >> >> 2 - The SetEnv directive only takes 2 args so if I have a var with >> multiple values like a path, it won't work. >> >> What's the cleanest way to set complex env vars for Apache? > > I'm not aware of any exceptions to environment variables being single > key/value strings. The value of a path is a single string as far as > the > environment mechanism goes, even if the code that evaluates it > splits on > :'s by convention. I don't think there is such a thing as a complex > env > var. > > -- > Les Mikesell >lesmikes...@gmail.com > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache env vars - best practices
aurfal...@gmail.com wrote: > Hi Nate, > > We have our internal server running scripts and referencing variables > in custom paths. > > So for example; > > Some one runs a Python script of http://intranet/batch > > The batch.py references some variables defined in certain paths. > > I need a good way of defining a path with multiple vars like FOO=/foo:/ > bar... etc... Could you not have the scripts themselves grab the variables? nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Calling all Hackers from Big stan
> I want to learn to hack what do I need to do in order to start. Umm, watch: Hackers: http://www.imdb.com/title/tt0113243/ Takedown: http://www.imdb.com/title/tt0159784/ Isn't that how we all learned? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache env vars - best practices
aurfal...@gmail.com wrote: > Hi Les, > > What I mean is that if I use the Apache directive; > > SetEnv BATCHPATH /foo > > It works. > > If I set; > > SetEnv BATCHPATH /foo:/bar > > Apache errors with a syntax that SetEnv takes 2 args only, a key and a > value. > Doesn't for me on stock Apache in CentOS 5.3. You have something unique going there? Suppose you counld try enclosing the value in double quotes... -Alan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Still Confused about Firewalling
Hi All, Sorry, I am still confused about implementing a firewall without having my ISP static route all of my traffic to my public IP's to a single public IP. So before when I have done this for work all traffic has been statically routed. Now I have a comcast modem and it is 'pass through' so traffic for all my 13 IP's is allowed and I have to decide what to do. So I am looking at Vyatta or UnTangle. I have a machine with 3 NIC'e in it. I think one would be In, DMZ and last private. What happens? I have one cable from my comcast gateway to my firewalls NIC, but how does it answer for all IP's that I have so i can evaluate the request incoming to a rule set and decide if allowed or denied? I am missing something fundamental! Can anyone help this click in my head? Without statically routing my traffic I dont get it. Say a request comes to my webserver 172.13.167.xxx on port 80, but my firewall's IP for the card is 172.13.167.zzz how does it answer for 172.13.167.xxx? -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Calling all Hackers from Big stan
On Mon, Oct 19, 2009 at 2:19 PM, ML wrote: > > >> I want to learn to hack what do I need to do in order to start. > > Umm, watch: > > Hackers: http://www.imdb.com/title/tt0113243/ > > Takedown: http://www.imdb.com/title/tt0159784/ > > Isn't that how we all learned? You're forgetting: Sneakers: http://www.imdb.com/title/tt0105435/ One of my favorites. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache env vars - best practices
Hi Nate, These scripts are called by the user in a standard env and would prefer it to stay un modified when running via Apache. On Oct 19, 2009, at 11:17 AM, nate wrote: > aurfal...@gmail.com wrote: >> Hi Nate, >> >> We have our internal server running scripts and referencing variables >> in custom paths. >> >> So for example; >> >> Some one runs a Python script of http://intranet/batch >> >> The batch.py references some variables defined in certain paths. >> >> I need a good way of defining a path with multiple vars like FOO=/ >> foo:/ >> bar... etc... > > Could you not have the scripts themselves grab the variables? > > nate > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Calling all Hackers from Big stan
> > You're forgetting: > > Sneakers: http://www.imdb.com/title/tt0105435/ > > One of my favorites. > +1 -- Linux counter #213090 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Calling all Hackers from Big stan
On 19.10.2009 6:26, Ross Walker wrote: > On Mon, Oct 19, 2009 at 2:19 PM, ML wrote: > >> >> >>> I want to learn to hack what do I need to do in order to start. >>> >> Umm, watch: >> >> Hackers: http://www.imdb.com/title/tt0113243/ >> >> Takedown: http://www.imdb.com/title/tt0159784/ >> >> Isn't that how we all learned? >> > You're forgetting: > > Sneakers: http://www.imdb.com/title/tt0105435/ > > One of my favorites. > > -Ross > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > And one more, Wargames: http://www.imdb.com/title/tt0086567/ Bgrds, Finnzi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache env vars - best practices
aurfal...@gmail.com wrote: > Hi Les, > > What I mean is that if I use the Apache directive; > > SetEnv BATCHPATH /foo > > It works. > > If I set; > > SetEnv BATCHPATH /foo:/bar > > Apache errors with a syntax that SetEnv takes 2 args only, a key and a > value. Doesn't happen here. If I paste that line into my httpd.conf, apache digests it and reports this in /server-info: Current Configuration: In file: /etc/httpd/conf/httpd.conf 1: SetEnv BATCHPATH /foo:/bar -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache env vars - best practices
aurfal...@gmail.com wrote: > Hi Nate, > > These scripts are called by the user in a standard env and would > prefer it to stay un modified when running via Apache. How about a wrapper script then? The wrapper could set the vars and then call the unmodified script nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Still Confused about Firewalling
ML wrote: > Hi All, > > Sorry, I am still confused about implementing a firewall without > having my ISP static route all of my traffic to my public IP's to a > single public IP. > > So before when I have done this for work all traffic has been > statically routed. > > Now I have a comcast modem and it is 'pass through' so traffic for all > my 13 IP's is allowed and I have to decide what to do. > > So I am looking at Vyatta or UnTangle. I have a machine with 3 NIC'e > in it. I think one would be In, DMZ and last private. > > What happens? I have one cable from my comcast gateway to my firewalls > NIC, but how does it answer for all IP's that I have so i can evaluate > the request incoming to a rule set and decide if allowed or denied? > > I am missing something fundamental! Can anyone help this click in my > head? Without statically routing my traffic I dont get it. > > Say a request comes to my webserver 172.13.167.xxx on port 80, but my > firewall's IP for the card is 172.13.167.zzz how does it answer for > 172.13.167.xxx? > > -Jason > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos You are looking for aliases. Most probably in your firewall settings you can set up aliases, so the "main nic", with an ip address of 172.13.167.xxx will also capture 172.13.167.xxx +1 and so on. (IPCOP and pfsense has these options for sure.) So, you will end up with a "default IP", which is the ip of your firewall, and 12 aliases. Then you can port forward any of those public ip's to the desired private ips. IIRC, the linux nomenclature would be similar to "eth0" "eth0:1" etc... with different public ip addresses referencing the same hardware nic. Hope this helps. Monty ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Calling all Hackers from Big stan
2009/10/19 Finnur Örn Guðmundsson : > On 19.10.2009 6:26, Ross Walker wrote: >> On Mon, Oct 19, 2009 at 2:19 PM, ML wrote: >> >>> >>> I want to learn to hack what do I need to do in order to start. >>> Umm, watch: >>> >>> Hackers: http://www.imdb.com/title/tt0113243/ >>> >>> Takedown: http://www.imdb.com/title/tt0159784/ >>> >>> Isn't that how we all learned? >>> >> You're forgetting: >> >> Sneakers: http://www.imdb.com/title/tt0105435/ >> >> One of my favorites. >> > And one more, > > Wargames: http://www.imdb.com/title/tt0086567/ But of course! How could we forget the one that started it all! -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] gpg command works fine from login shell, not from cron script
I have an odd situation here, maybe one of you can help. We have a
script that runs via a cron job. It's purpose is to decrypt
PGP-encrypted files in a certain directory. I have tried the command
two different ways, both fail with the same error message:
gpg --decrypt $file > ${file%.txt}.decrypted.txt
gpg --output ${file%.txt}.decrypted.txt --decrypt $file
(Don't even ask about the name substitution. The end-user insists
they MUST submit files with a .txt extension, and not .pgp or .gpg)
Anyway, I can run the script fine from a login shell. It works
beautifully. But when it runs from a cron job two things happen:
1. A file of zero size is created called file.decrypted.txt
2. The error message in the cron email I get says:
gpg: encrypted with ELG-E key, ID
gpg: decryption failed: secret key not available
Why does it say "secret key not available"? The output of gpg -K
shows that the key is in fact available, and this is further confirmed
when I run the script manually and the files are decrypted just fine.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache env vars - best practices
>> Hi Les, >> >> What I mean is that if I use the Apache directive; >> >> SetEnv BATCHPATH /foo >> >> It works. >> >> If I set; >> >> SetEnv BATCHPATH /foo:/bar >> >> Apache errors with a syntax that SetEnv takes 2 args only, a key >> and a >> value. >> > You have something unique going there? Yea, the fact that I'm an idiot! As usual, my typing is killing me and multiple values are fine, it was just a syntax error of my doing. Sorry for the wasted traffic on this one. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache env vars - best practices
On Mon, Oct 19, 2009 at 12:49 PM, wrote: > I've been setting custom env vars for Apache 1 of 2 ways; > > 1 - Changing the passwd file so Apache has a shell and loading a > custom .bashrc file. > > 2 - Using the SetEnv directive in my httpd.conf file. > > I'm crazy about neither one as they both have limitations; > > 1 - I don't like giving Apache its own shell. > > 2 - The SetEnv directive only takes 2 args so if I have a var with > multiple values like a path, it won't work. > > What's the cleanest way to set complex env vars for Apache? I put "export FOO=bar" in /etc/sysconfig/httpd and then PassEnv FOO in httpd.conf. Then scripts (PHP in my case) run by apache inherit FOO in the environment. I can't speak for python though. Don't know why it wouldn't work with what you call complex vars. -- Jeff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Passenger Best Practice
On Sun, 18 Oct 2009 17:13:38 +0100, Stephen Nelson-Smith wrote: > I want to move from running puppet under it's own web brick server, > to using passenger. > > I'd like to get an idea of how folk are running passenger? Ideally > I'd like to keep everything rpm based, so would need ruby enterprise > rpms, and then the mod_rails / passenger plugin? > > How are you folk doing it? > Despite your desire for an rpm only solution, I believe that the best way to handle Passenger remains RubyGems. I have installed Enterprise Ruby and Passenger, but as far as I can recall, this still required building from source and using RubyGems to update the passenger gem. Even if an rpm solution was available, I do not consider this the preferred way to go when supporting a Ruby installation dependent upon gems. Gems are the canonical method of maintaining Ruby library extensions and it seems self-defeating to require further re-packaging. Sincerely, -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache env vars - best practices
aurfal...@gmail.com wrote: > Hi Les, > > What I mean is that if I use the Apache directive; > > SetEnv BATCHPATH /foo > > It works. > > If I set; > > SetEnv BATCHPATH /foo:/bar > > Apache errors with a syntax that SetEnv takes 2 args only, a key and a > value. > > I need multiple values for 1 key, as one would see in a standard mix > env. > > Any ideas? Which Apache version? I put your second example into my httpd.conf and didn't see any errors. I do see the error you report if I insert a space into the path. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache env vars - best practices
>> Hi Les, >> >> What I mean is that if I use the Apache directive; >> >> SetEnv BATCHPATH /foo >> >> It works. >> >> If I set; >> >> SetEnv BATCHPATH /foo:/bar >> >> Apache errors with a syntax that SetEnv takes 2 args only, a key >> and a >> value. >> >> I need multiple values for 1 key, as one would see in a standard mix >> env. >> >> Any ideas? > > I do see the error you report if I insert a space into the path. I'm an adiot. A typo caused the errors and my typing or beyond horrid. I must say, this is the nicest list, every one willing to help. Thanks foe the response. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gpg command works fine from login shell, not from cron script
Sean Carolan wrote: > Why does it say "secret key not available"? The output of gpg -K > shows that the key is in fact available, and this is further confirmed > when I run the script manually and the files are decrypted just fine. Is the cron job running as a different user? eg; are you running gpg as a non-privileged user and the cronjob as root? -- Spiro Harvey Knossos Networks Ltd 021-295-1923 www.knossos.net.nz signature.asc Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gpg command works fine from login shell, not from cron script
On Mon, Oct 19, 2009, Sean Carolan wrote: >I have an odd situation here, maybe one of you can help. We have a >script that runs via a cron job. It's purpose is to decrypt >PGP-encrypted files in a certain directory. I have tried the command >two different ways, both fail with the same error message: Typically this type of problem is caused by environment variables that are set in a login shell, but are missing or different than those set for jobs running under cron. A relatively simple way of finding the differences in the environment is to use the ``env'' command. In the shell, execute the command ``env | sort > /tmp/env.shell''. Then create a simple script and run it under cron: #!/bin/bash # (or whatever you run as a shell) env | sort > /tmp/env.cron exit. Use ``diff -u /tmp/env.shell /tmp/env.cron'' to see the differences. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Skype: jwccsllc (206) 855-5792 When I hear a man applauded by the mob I always feel a pang of pity for him. All he has to do to be hissed is to live long enough. -- H.L. Mencken, Minority Report ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gpg command works fine from login shell, not from cron script
On Mon, Oct 19, 2009 at 2:41 PM, Spiro Harvey wrote: > Is the cron job running as a different user? eg; are you running gpg as > a non-privileged user and the cronjob as root? The cronjob script runs from /etc/crontab. Let me try root's personal crontab instead. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
Rainer Duffner wrote: > Amos Shapira schrieb: > >> 2009/10/19 ken : >> >> >>> In the couple of months I've had the need to contact Redhat support on >>> just one issue and their "support" has been terrible, so far completely >>> useless and a waste of time. I don't know what Redhat charges us for >>> >>> >> The only guy I personally know who went with RedHat "because their >> support was included for free with our servers" reported the same. >> >> I'm a bit surprised (and disappointed) to hear such negative >> testimonials about RedHat support. >> >> Do others have different >> experience?http://download.openoffice.org/other.html#en-US >> >> Could it be the the quality of support is tiered by how much you pay, >> enough to make a difference? >> >> > > > I think the end-result may be just that, but for a different reason than > one may think. > > Note that I don't have a deeper insight into what actually goes on at > RedHat, but this is what I think happens, based on my own observations > supporting customers. > > If you are a large customer, you open cases more often and maybe even > have dedicated support-staff. > After a while, that staff knows the way around your hardware, your > network and gets a feeling for where the problem may lie. > It's incredibly difficult to diagnose a problem with just the few lines > you usually get from a support-ticket - I dare say almost impossible. > Also, of course, with a larger contract, you may get to 2nd and > 3rd-level support easier/quicker. > > > > Best Regards, > Rainer > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > My Experience has been that its the difference between installing system and setting up systems for production use. In New Zealand at least it seems that if you can have a system where everything is installed in the standard way with a default configuration then you can get assistance. If your installation varies from this at all, the first statement is we won't / can't help until you move to the standard default configuration. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] DHCP auth&auth software
- "Marko Vojinovic" escreveu: > Does anyone know about some free (as in beer, and maybe as in speech) > software which would implement authentication and authorization of a user > prior > to issuing a valid dhcp lease? > > I imagine the following scenario: someone walks into my office > building with a laptop (a colleague, a visitor, a guest, whoever), and hooks > up onto > the local net (wired or wireless). The server detects an unknown MAC address, > issues a bogus dhcp lease which resolves all dns queries to a single internal > web page with a form the user is supposed to fill in and send. After he does > so, an administrator does a sanity check of the data the user provided, and > grants or denies access. If access is granted, the user gets a new, > unrestricted > dhcp lease, which provides him with a normal access to local network. > > The goal is to have a database which relates IP or MAC addresses to > people names, so I can track a person down efficiently if he brings an > infected/spamming machine into the building. > > I would know how to build this infrastructure manually, but it's a lot > of work, and I don't want to reinvent the wheel. Google somehow failed to > help, or I failed to provide the right keywords. :-( > After reading this thread I think you can try PacketFence (www.packetfence.org) and there are some others less powerfull ones on the wikipedia under the NAC topic: http://en.wikipedia.org/wiki/Network_Access_Control Antonio. -- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Antonio S. Martins Jr. - Support Analist | "Only The Shadow Knows | | Universidade Estadual de Maringá - Brasil| what evil lurks in the | | NPD - Núcleo de Processamento de Dados | Heart of Men!" | | E-Mail: asmart...@uem.br / sha...@uem.br | !!! Linux User: 52392 !!! | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ "Real Programmers don’t need comments — the code is obvious." -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
On Tue, Oct 20, 2009 at 09:12:01AM +1300, Clint Dilks wrote: > Rainer Duffner wrote: > > Amos Shapira schrieb: > > > >> 2009/10/19 ken : > >> > >> > >>> In the couple of months I've had the need to contact Redhat support on > >>> just one issue and their "support" has been terrible, so far completely > >>> useless and a waste of time. I don't know what Redhat charges us for > >>> > >>> > >> The only guy I personally know who went with RedHat "because their > >> support was included for free with our servers" reported the same. > >> > >> I'm a bit surprised (and disappointed) to hear such negative > >> testimonials about RedHat support. > >> > >> Do others have different > >> experience?http://download.openoffice.org/other.html#en-US > >> > >> Could it be the the quality of support is tiered by how much you pay, > >> enough to make a difference? > >> As long as we're sharing anecdotal stories... my experiences have typically been really really good with RH Support. Perhaps our issues were atypical in that most of them were well troubleshot locally ahead of time, software bug type issues. We typically had a BZ already open and were able to escalate to engineers and get a lot of high quality give and take both in the SR and the BZ. The first line of support I can imagine would be fairly typical in that you'll be asked to try a lot of basic things first that may seem trivial and insulting... Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
Clint Dilks a écrit : > My Experience has been that its the difference between installing system > and setting up systems for production use. In New Zealand at least it > seems that if you can have a system where everything is installed in the > standard way with a default configuration then you can get assistance. > If your installation varies from this at all, the first statement is we > won't / can't help until you move to the standard default configuration. I was recently called by a small local company (20 employees) who run Linux: Slackware on the server, and Ubuntu on the desktops. The company had "a few issues with the server" (setup by the boss himself, who didn't have the spare time to maintain the thing). I took a peek at that thing. In short, it's a Slackware 11.0, a bare minimum install, and then about everything from Apache to PostgreSQL to whatever compiled by hand, not even with build scripts, but manually with ./configure (--prefix=.. [options]), make, make install, installed once and then never touched again. I said: "Erm, sorry, but, well, no." :o) Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
On Sun, Oct 18, 2009 at 9:50 AM, ken wrote: > In the couple of months I've had the need to contact Redhat support on > just one issue and their "support" has been terrible, so far completely > useless and a waste of time. >.. I've opened the lowest-severity cases and generally can express the same frustration. I have also opened a high-severity case and talked to a very knowledgeable engineer with all kinds of cross-functional storage experience. My biggest frustration is they are very aggressive at triaging our cases (we are an academic subscription customer, we pay much less but only a few machines are covered by the commercial SLAs) down to the lowest severity possible unless we yell loudly that we are down. But, fwiw, I've had the above experience with IBM, HDS, and Cisco. It's a script that we follow until we yell loud enough at the right people. IBM probably being the worst. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gpg command works fine from login shell, not from cron script
> Typically this type of problem is caused by environment variables > that are set in a login shell, but are missing or different than > those set for jobs running under cron. You nailed it, Bill. Running the cron from root's personal crontab worked fine. Must have been environment variable related. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
Niki Kovacs wrote: > Clint Dilks a écrit : > > >> My Experience has been that its the difference between installing system >> and setting up systems for production use. In New Zealand at least it >> seems that if you can have a system where everything is installed in the >> standard way with a default configuration then you can get assistance. >> If your installation varies from this at all, the first statement is we >> won't / can't help until you move to the standard default configuration. >> > > I was recently called by a small local company (20 employees) who run > Linux: Slackware on the server, and Ubuntu on the desktops. The company > had "a few issues with the server" (setup by the boss himself, who > didn't have the spare time to maintain the thing). > > I took a peek at that thing. In short, it's a Slackware 11.0, a bare > minimum install, and then about everything from Apache to PostgreSQL to > whatever compiled by hand, not even with build scripts, but manually > with ./configure (--prefix=.. [options]), make, make install, > installed once and then never touched again. > > I said: "Erm, sorry, but, well, no." > > :o) > > Niki > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > And that is completely understandable but my point is with a support contract you arrange yourself with some company both parties agree to what is covered and what isn't. So you know when you are going outside of your support arrangements and deal with things accordingly. In the case of Red Hat it can take time to understand what the boundaries are. You can also run into the issue of Management assuming that paid support means support for everything. In my case I have always working in Research or Academic environments and there is no way that a default build can meet production needs. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
Clint Dilks wrote: > My Experience has been that its the difference between installing system > and setting up systems for production use. In New Zealand at least it > seems that if you can have a system where everything is installed in the > standard way with a default configuration then you can get assistance. > If your installation varies from this at all, the first statement is we > won't / can't help until you move to the standard default configuration. > which is about as useful as Microsoft Windows support... is it broken? "reinstall windows" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
>which is about as useful as Microsoft Windows support... is it broken? >"reinstall windows" FFS, this attitude amongst opensource guys that MS is the devil and are trying to murder your family or sabotage your life is such BS. Take the Tin Foil Hat off and settle down, MS support is easily on par w/ or *the* best support there is. I maintain both Linux/Unix and Windows machines, and since high school days I have been using PSS and there is nothing like it. They have have *ALWAYS* fixed everything but one issue I have had, where that one issue I resolved before them. Spreading your FUD reflects on _you_ not MS. I love Linux (and prefer to toil in this forest) but don't preach that anti-ms crap, its utter malarkey. Geesh... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gpg command works fine from login shell, not from cron script
On Mon, Oct 19, 2009, Sean Carolan wrote: >> Typically this type of problem is caused by environment variables >> that are set in a login shell, but are missing or different than >> those set for jobs running under cron. > >You nailed it, Bill. Running the cron from root's personal crontab >worked fine. Must have been environment variable related. This is probably in a FAQ somewhere as it bites many. I first ran into this problem at least 25 years ago running Xenix on Radio Shack Model 16s while doing cron updates of FilePro stuff which barfed without a TERM environment variable set even though notthing was using it. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Skype: jwccsllc (206) 855-5792 No matter how much I may exaggerate it, it must have a certain amount of truth...Now rumor travels fast but it don't stay put as long as truth Will Rogers ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
Joseph L. Casale wrote: >> which is about as useful as Microsoft Windows support... is it broken? >> "reinstall windows" > > FFS, this attitude amongst opensource guys that MS is the devil and are > trying to murder your family or sabotage your life is such BS. The people with the the attitude probably acquired it naturally by trying to run something earlier than about Windows 2000 SP2. Or NT SP6a (its very last update). > Take the Tin Foil Hat off and settle down, MS support is easily on par w/ > or *the* best support there is. Maybe today. How long has it been that you could start something on a windows box and expect it to still be running a year later? People runing unix/linux have expected and achieved that for decades. > I maintain both Linux/Unix and Windows machines, and since high school days > I have been using PSS and there is nothing like it. How long has that been? > They have have *ALWAYS* > fixed everything but one issue I have had, where that one issue I resolved > before them. > > Spreading your FUD reflects on _you_ not MS. > > I love Linux (and prefer to toil in this forest) but don't preach that anti-ms > crap, its utter malarkey. If you forget history, you are doomed to repeat it. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Calling all Hackers from Big stan
Marko Vojinovic wrote: > and use it to boot the other machine. Then decide what exactly you want to do > with it, look for some tutorials/instructions/HOWTOs on the net, and start > experimenting by trying to crack your target machine. Learn as you go by > reading the logs on both machines and all other info available on the net. > Google is your friend. :-) Especiallyhttp://google.com/linux :-) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] iptables question
The logs on my mail server are filling up with this kind of thing: Oct 19 17:03:51 bnofmail kernel: REJECT: IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=195.140.240.6 DST=XX.XX.XX.XX LEN=189 TOS=0x00 PREC=0x00 TTL=52 ID=6284 DF PROTO=TCP SPT=25 DPT=32776 WINDOW=65535 RES=0x00 ACK PSH URGP=0 The source port is always 25 and the destination is a high-numbered port. The destination address is the private IP of the server. These seem to be related to outgoing email connections based on the source IPs, but I don't know why they are not part of an established connection. The mail server seems to be running just fine regardless of these blocked connections. Any ideas? -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitoring a remote server with Conky ?
While you take suggestions - look also for collecd. It's very easy to setup, customise and "interogate" graphs. Cheers, -Amos On 10/20/09, Niki Kovacs wrote: > Tait Clarridge a écrit : > >> >> You could try a local script that gets values from a server that you >> would like to monitor... I might suggest looking into setting up snmpd >> on the server and using snmp walk to probe specific values (that relate >> to processes/free memory). >> >> > Thanks for all the numerous! I'll take a peek at all of them as soon as > I have a spare moment and then report back. > > Cheers, > > Niki > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] EDAC Kernel Panic 2.6.9-78 and above
I've got a production system running CentOS 4 that was rock solid until I upgraded from 2.6.9-55 to 2.6.9-78.0.13 (now running 2.6.9-89.0.11). The system now crashes intermittently after a few weeks. I finally caught the panic message : EDAC MC0: INTERNAL ERROR: channel-b out of range (4 >= 4) Kernel panic - not syncing: MC0: Uncorrected Error Looking at the kernel changelog, I see that EDAC support was added for the Intel 5000 chipset in 2.6.9-68.20.EL which this server runs. I'm trying to determine if this is a potential memory issue, or is this related to some other hardware item. Also considering disabling EDAC in the kernel (is "noedac" a valid option?) as a last resort. I will run memtest86+ on the server as soon as possible to check the memory, just formulating my game plan if it's something else. Thoughts? Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Fwd: [BKO] CentOS for boot.kernel.org
Hey I would be happy to maintain such a thing but I would need someone as a backup. Cheers Didi -- Forwarded message -- From: J.H. Date: Mon, Oct 19, 2009 at 9:51 PM Subject: Re: [BKO] CentOS for boot.kernel.org To: Geerd-Dietger Hoffmann Cc: b...@hera.kernel.org Didi, I assume you mean with respect to the live images as opposed to the network installers (since we already support CentOS as a network install target). As for the live image there's a couple of things that would need to be figured out, (1) does the live image already support iscsi out of the box and (2) does it already support httpfs out of the box. (1) is possible, (2) I'm guessing is it doesn't, and likely never will officially. If the live image doesn't already support booting off of an iscsi target than adding it should be trivial, if it doesn't than we'll have to hack into the initrd and add it. It's not a *huge* change but it means the following to the initrd: adding: - networking into the initrd - iscsid - iscsiadm - lib files for dns resolution and then it's just a few small adjustments to the init script so that it brings up the iscsi interface, and puts the image in the right place before letting it plow forward as normal. Probably the most useful, to us, is if the kernel + initrd were separate like they are for the normal pxe installs but that's not a requirement by any stretch. I suppose the question ultimately becomes, is this something the CentOS project is interested in generally providing or are we looking at specific support for BKO? Just trying to figure out if we are going to end up in the having to forward port the changes continually on new releases or if this is something that CentOS is willing to pick up and maintain. - John "Warthog9" Hawley Geerd-Dietger Hoffmann wrote: > > Hey > > I was wondering if I could help to get a CentOS image on boot.kernel > > Would be really nice to have more bistros available. > > Cheers Didi > > > My www page: www.ribalba.de > Email / Jabber: riba...@gmail.com > Skype : ribalba > > ___ > BKO mailing list > b...@hera.kernel.org > http://linux.kernel.org/mailman/listinfo/bko ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
>Maybe today. How long has it been that you could start something on a >windows box and expect it to still be running a year later? People >runing unix/linux have expected and achieved that for decades. A long time:) Windows _is_ reliable, what isn't reliable is the myriad of cheap sh!t hardware some people expect to work and cheap sh!t software some people wonder why windows runs poorly with. Linux breaks just as hard with bad software. >How long has that been? Maybe 15 years? >If you forget history, you are doomed to repeat it. Well, I have never had bad history with windows since nt3.51 or nt4 days. It broke when I did stupid things, but ran for a long time when I had good hardware and knew what I was doing. Thankfully my history is repeating itself:) I've had a 2003 DC running at one place for so many years, I cant even begin to imagine when that thing was put in service. It hum's right along side some sun & centos machines:) jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
ken wrote: > On 10/18/2009 08:17 AM Kwan Lowe wrote: > >>> I'm pretty sure most corporations will continue to pay to use Red Hat. >>> It's pretty tough to go the head of IT and tell them you want to use >>> an OS without a corporate support license. Support is a security >>> blanket, if nothing else -- and it's a place to lay blame if something >>> goes wrong. (Though there are some exceptions.) >>> >> If my company is in any way representative, then RedHat has nothing to >> fear from CentOS. Though a few of the engineers use CentOS as >> workstations or POC machines, our policy is that we have commercial >> support of our production software. We have run into issues with other >> applications that are no longer under support. >> >> CentOS has actually played a large role in getting RedHat into our >> environment. Without the ability to demo POCs, I think it would be >> unlikely that we would have tried Linux. >> >> (I of course am not speaking for my company in any way.) >> > > In the couple of months I've had the need to contact Redhat support on > just one issue and their "support" has been terrible, so far completely > useless and a waste of time. I don't know what Redhat charges us for > support, but whatever it is, it hasn't been worth it. I even went so > far as to express this to others in the department and have a private > conversation with the head of the department (my boss's boss), > expressing my disappointment with redhat support to him. > > My experience has been good and I have no negative feelings about their support offering. We had a critical issue once on a production server with 250 users, and that they solved for us very quickly. Other lower priority issues have been resolved in appropriate time frames. >From my perspective, its all good. Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CENTOS] allowing users to issue the "shutdown" command
Thanks to all who answered. "Poweroff" is exactly what I needed. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EDAC Kernel Panic 2.6.9-78 and above
Chris Miller wrote: > Thoughts? Check your bios/system event log for any indication that it is logging memory errors? Most modern server class motherboards (past 5 years) do this, though not always reliably. I've also had trouble with memtest86 myself, I prefer to run ctcs: http://sourceforge.net/projects/va-ctcs/ The software is really old and is picky what you build it on, if I recall right I could only get it to build on RHEL/CentOS 4 not 5 (though the binaries work fine on 5). It does a good torture test which in my experience can find problems faster than memtest86(which can take days). nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
On Tue, Oct 20, 2009 at 08:29:59AM +1030, Ian Blackwell wrote: > My experience has been good and I have no negative feelings about their > support offering. We had a critical issue once on a production server > with 250 users, and that they solved for us very quickly. Other lower > priority issues have been resolved in appropriate time frames. I am curious, for those who have used RH support, what sorts of issues they have (or have not) resolved. Are these relatively simple issues, or do you (and they) end up digging into the guts of the kernel? --keith -- kkel...@speakeasy.net pgpSInKuHPlui.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
Bowie Bailey wrote on Mon, 19 Oct 2009 17:18:16 -0400: > The destination address is the private IP of the server. These > seem to be related to outgoing email connections based on the source > IPs Is 195.140.240.6 the public IP of that machine? Why do you obfuscate a private IP number? Do you want to say that these are internal mail server connections? If not, the explanation about the IP numbers doesn't make sense to me. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
War is a failure of the imagination. --William Blake On 10/19/2009 06:29 PM Keith Keller wrote: > On Tue, Oct 20, 2009 at 08:29:59AM +1030, Ian Blackwell wrote: >> My experience has been good and I have no negative feelings about their >> support offering. We had a critical issue once on a production server >> with 250 users, and that they solved for us very quickly. Other lower >> priority issues have been resolved in appropriate time frames. > > I am curious, for those who have used RH support, what sorts of issues > they have (or have not) resolved. Are these relatively simple issues, > or do you (and they) end up digging into the guts of the kernel? > > --keith Okay, here's one. Maybe someone here can figure it out. Upgrading from 4.5 to 4.5. From a 4.6 ISO I copied all the RPMs into a directory... let's call it c:/install :). Now the oracle dba has strict parameters on what versions can be installed and which can't. The rpms in c:/install meet those requirements. In addition, since this is a production machine, it can be down at most for one day. So all I want to do is upgrade what's currently on the system. Moreover, if something horks, I want two chances to back out (the second being asking the backup guy to put the system back to yesterday). The command to do this would be rpm --freshen --repackage * run in that crazy c:/install directory (or what the redhat guy called, a "folder"). This command runs fine for one file which has no dependencies (i.e., change '*' to a specific rpm). It also upgrades three or four co-dependent rpms if they're narrowly specified. But if the file/rpm spec is '*', rpm complains about two missing dependencies and stops. Yeah, this directory contains 1507 rpms (IIRC)... which is a lot, but it should still work. This is Linux, after all. And there's plenty enough memory and cpu to handle it. [The rh support written response was that there wasn't a problem, that this was "expected behavior". When I phoned the guy and gently pressed him on that statement, he backed off of it a little, said, "yeah, it should work" but "no one does it that way" and I "really shouldn't expect it to work."] I had a couple other issues with the same command, but I'm not in the office now and don't recall them. Yep, my brain's in time-off mode. But anyone have any experience or background, enough to say why that rpm command above is failing so miserably... and then what might fix it? If so, big thanks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables - Forwarding with port translation thru an OpenVPN tunnel
Thanks to those who responded. The use of Apache's reverse proxy was
something I would never have though of (it's the mind-numbing cold
medication I'm on, LOL)
However, I did manage to get things rolling thru the tunnel by configuring
strong-end routing at the remote server. Requests were indeed arriving at
the remote, but because the request's origin IP address was that of the
outside user's browser, the remote server was simply trying to return
responses via its default route, which is not the tunnel.
I *have* to ask ... why is strong-end routing not the default behavior in
Linux? Anyway ...
Adding 'ip route ' and 'ip rule ' commands when establishing the
tunnel did the trick.
On the remote server, here are the commands run in a script launched by
rc.local:
---
#!/bin/sh
# NOTE: To allow VPNs under OpenVPN, IPv4 Forwarding
# must be enabled in the /etc/sysctl.conf file!
# Enable NAT for the OpenVPN tunnel from the main server:
WAN=eth0# The primary public IP interface
iptables -t nat -A POSTROUTING -s 172.17.xxx.0/24 -o ${WAN} -j MASQUERADE
# Enable strong-end routing for traffic coming in thru the VPN tunnel:
## Table 200 - In/Out traffic via tun0:
ip route add table 200 172.17.xxx.0/24 via 172.17.xxx.yy dev tun0
ip route add table 200 default via 172.17.xxx.yy dev tun0
## Engage! ...
ip rule add from 172.17.xxx.0/24 lookup 200
service openvpn start
---
In the example above, xxx.yy is tun0's 'P-t-P' IP address (usually it's inet
IP address minus 1).
-- and --
On the main server, here are the commands run in a script launched by
rc.local:
---
#!/bin/sh
# NOTE: To allow VPNs under OpenVPN, IPv4 Forwarding
# must be enabled in the /etc/sysctl.conf file!
# Enable NAT for the OpenVPN tunnels:
WAN=eth0# the public IP interface
/sbin/iptables -t nat -A POSTROUTING -s 172.17.xxx.0/24 -o ${WAN} -j
MASQUERADE
TunnelRemoteIP="172.17.xxx.zz" # The inet IP address of the remote server
thru the VPN.
# Force any HTTP/HTTPS requests on eth0:1's secondary IP address
(64.aaa.bbb.ccc)
# to be forwarded to the remote server, with port translation.
# HTTP:
/sbin/iptables -t nat -A PREROUTING -i eth0 -d 64.aaa.bbb.ccc -p tcp --dport
80 -j DNAT --to ${TunnelRemoteIP}:29080
/sbin/iptables -A FORWARD -p tcp -m tcp -i eth0 -o tun0 -d ${TunnelRemoteIP}
--dport 29080 -j ACCEPT
#
# HTTPS:
/sbin/iptables -A PREROUTING -t nat -i eth0 -d 64.aaa.bbb.ccc -p tcp --dport
443 -j DNAT --to ${TunnelRemoteIP}:29443
/sbin/iptables -A FORWARD -p tcp -m tcp -i eth0 -o tun0 -d ${TunnelRemoteIP}
--dport 29443 -j ACCEPT
service openvpn start
sleep 2# Be polite.
/sbin/iptables -A FORWARD -p tcp -m tcp --dport 80 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp -m tcp --dport 443 -j ACCEPT
---
Obviously the above iptables entries could simply be added to the recipe in
/etc/sysconfig/iptables, but I chose to put them in this script so that if I
don't want tunnels to be started I don't run the scripts. There may be
redundant commands in all of this, but at least it works flawlessly for me.
I didn't use any SNAT statements on the rash assumption POSTROUTING does the
same thing.
I hope this may be useful to anyone else out there who encounters this
issue.
Cheers,
Chuck
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
Joseph L. Casale wrote: >> Maybe today. How long has it been that you could start something on a >> windows box and expect it to still be running a year later? People >> runing unix/linux have expected and achieved that for decades. > > A long time:) > Windows _is_ reliable, what isn't reliable is the myriad of cheap sh!t > hardware some people expect to work and cheap sh!t software some people > wonder why windows runs poorly with. > > Linux breaks just as hard with bad software. > >> How long has that been? > > Maybe 15 years? > >> If you forget history, you are doomed to repeat it. > > Well, I have never had bad history with windows since nt3.51 or nt4 days. > It broke when I did stupid things, but ran for a long time when I had > good hardware and knew what I was doing. You must have never done much with NT or pre-SP2 win2k. I couldn't keep it running with our applications for more than a week or so at a time. After NT SP6a and Win2k SP2, things got much, much better with no change in the application load or hardware, so you can't tell me the OS wasn't buggy back then. > Thankfully my history is repeating > itself:) I've had a 2003 DC running at one place for so many years, I cant > even begin to imagine when that thing was put in service. It hum's right along > side some sun & centos machines:) Yes, 2003 is OK. But I've still got a box running RedHat 7.3 from way before that that has never crashed and has had uptimes as long as 4 years (had to shut it down to move it a few times). -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
On Monday 19 October 2009 17:18, Bowie Bailey wrote: > The logs on my mail server are filling up with this kind of thing: > > Oct 19 17:03:51 bnofmail kernel: REJECT: IN=eth0 OUT= > MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=195.140.240.6 > DST=XX.XX.XX.XX LEN=189 TOS=0x00 PREC=0x00 TTL=52 ID=6284 DF PROTO=TCP > SPT=25 DPT=32776 WINDOW=65535 RES=0x00 ACK PSH URGP=0 > > The source port is always 25 and the destination is a high-numbered > port. The destination address is the private IP of the server. These > seem to be related to outgoing email connections based on the source > IPs, but I don't know why they are not part of an established > connection. The mail server seems to be running just fine regardless of > these blocked connections. > > Any ideas? Are you running a mixed firewall rule set? Stateful and Connection or just one or the other? Since you state a private address, I'm going to assume you mean something in the 192.168 or similar space, is NATting an issue? -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] RAID advice? and KVM advice?
Hello All, In the not too distant future I will be commissioning a new CentOS (5.4?) box with 4 identical SATA drives. I'd like to set them up as RAID 1+0 for speed and redundancy. I've read the RHEL 5 deployment guide on raid setup and it seems to cover the basics of software raid pretty well, but doesn't cover 1+0. Does anyone have a reference for that kind of configuration? I'd also like to have two virtual domains, one for CentOS and one for Debian. any suggestions for setup docs for that kind of arrangement? TIA. Dave -- When addiction becomes commonplace in a society, people become addicted not only to alcohol and drugs, but to a thousand other destructive pursuits: money, power, dysfunctional relationships, or video games. A social perspective on addiction does not deny individual differences in vulnerability to addiction, but it removes them from the foreground of attention, because social determinants are more powerful. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID advice? and KVM advice?
Dave Stevens wrote: > pretty well, but doesn't cover 1+0. Does anyone have a reference for > that kind of configuration? There was a discussion on this list about that a few weeks ago.. I think the easiest route if you want software raid 1+0 is to use a combination of RAID 1 software and then use LVM for striping. Myself I would use a 3Ware hardware RAID card. > I'd also like to have two virtual domains, one for CentOS and one for > Debian. any suggestions for setup docs for that kind of arrangement? virtual domain? Not sure what a virtual domain is, do you mean sub domain ? What is a virtual domain? If it's a KVM(as in virtualization) term then don't worry I can't help there, vmware user here. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Calling all Hackers from Big stan
On Mon, 2009-10-19 at 11:19 -0700, ML wrote: > > I want to learn to hack what do I need to do in order to start. > > Umm, watch: > > Hackers: http://www.imdb.com/title/tt0113243/ > > Takedown: http://www.imdb.com/title/tt0159784/ > > Isn't that how we all learned? You left off Freedom Downtime: http://www.imdb.com/title/tt0309614/ --Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
On Mon, Oct 19, 2009 at 3:45 PM, Joseph L. Casale wrote: >>which is about as useful as Microsoft Windows support... is it broken? >>"reinstall windows" > > FFS, this attitude amongst opensource guys that MS is the devil and are > trying to murder your family or sabotage your life is such BS. > > Take the Tin Foil Hat off and settle down, MS support is easily on par w/ > or *the* best support there is. i don't believe the statement lambastes MS because "is about as useful" means about the same. Remember that windows integration website ( don't remember the name but related to nLite and ryanvm) shutdown by Microsoft - it made a great deal of news because they had scripts to take out annoyances such as balloons popping up in the taskbar. MS lawyers had them disbanded. MS Tech Support asked customers to wipe and reinstall, but when the "Wireless Networks Found" balloon didn't pop up, they knew some things had been changed in the windows installation because they just had the customer wipe and reinstall. The point i believe the original poster was making is that "wipe-n-reinstall" is very very very common everywhere even at MS. i have been running NT since 3.0? / 3.1 and wondered why anything but NT ever came out. i don't think MS is evil but i have wasted too much time swapping legitimate MS Office CDs when there were multiple MS Office versions installed. It takes way too much time to install a windows system from scratch, configure how you want it, and then install all the apps on top and then all the updates and then all the updates to the apps ad nauseam. Oh, you want to image that harddrive now? Well you get 3 attempts with sysprep and then you start all over - no thanks. There is no comparison to 'yum -y update' -- i have wasted way too much of my life updating software, hunting down product keys (the COA on the pc case is hidden under the lock or on a misplaced cd). In fact, depending on which method you get to the 2008R2 activation screen it will not take your key. Dealing with proprietary phone tech support regarding software bugs that i could fix myself if i had the code - it is demeaning. In that world, you rarely have an opportunity to talk to the programmer, let alone a good tech. Filing a bug report in Bugzilla and getting a response from one of the programmers directly responsible - that has happened to me in open source. Never happened once as a Win32 developer and user. There really is no long lasting great tech support except open source along with the skill and intelligence we have ourselves and shared over the internet. i am more independent that way. i have more freedom that way. i have more time. > > I maintain both Linux/Unix and Windows machines, and since high school days > I have been using PSS and there is nothing like it. They have have *ALWAYS* > fixed everything but one issue I have had, where that one issue I resolved > before them. > > Spreading your FUD reflects on _you_ not MS. > > I love Linux (and prefer to toil in this forest) but don't preach that anti-ms > crap, its utter malarkey. > > Geesh... > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EDAC Kernel Panic 2.6.9-78 and above
Chris, > I've got a production system running CentOS 4 that was rock solid > until I upgraded from 2.6.9-55 to 2.6.9-78.0.13 (now running > 2.6.9-89.0.11). The system now crashes intermittently after a few > weeks. I finally caught the panic message : > EDAC MC0: INTERNAL ERROR: channel-b out of range (4 >= 4) > Kernel panic - not syncing: MC0: Uncorrected Error > Looking at the kernel changelog, I see that EDAC support was added > for the Intel 5000 chipset in 2.6.9-68.20.EL which this server runs. Same issue here with a machine running centos 5.3. The problem began with a kernel update that introduced the 5000 chipset. See the thread "RAM errors after kernel-update" for more details. I couldn't solve the problem yet, but because the machine crashes every two days with this kernel, I had to boot an earlier kernel without chipset support. > I'm trying to determine if this is a potential memory issue, or is > this related to some other hardware item. Also considering disabling > EDAC in the kernel (is "noedac" a valid option?) as a last resort. I > will run memtest86+ on the server as soon as possible to check the > memory, just formulating my game plan if it's something else. Don't use the memtest86+ version that comes with the centos ISO. There is a much newer version available from the authors website. Only the new version identifies the chipset correctly. -- Mit freundlichen Grüßen Michael Schumacher mailto:michael.schumac...@pamas.de ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] sum and limit quota for multiple filesystems/mountpoints
Hi, is there any way to sum and limit quotas for one user across multiple filesystems? E.g. I'd like to use different mountpoints on a mailserver for /var/mail and /home but the user should have only a total of 1GB. or on a samba server the windows profile files should be on an other filesystem as other files for that user. Regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Staatsrätin für Demographischen Wandel und für Senioren im Staatsministerium Geschäftsführer: Prof. Thomas Schadt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID advice? and KVM advice?
Dave Stevens wrote: > Hello All, > > In the not too distant future I will be commissioning a new CentOS > (5.4?) box with 4 identical SATA drives. I'd like to set them up as > RAID 1+0 for speed and redundancy. I've read the RHEL 5 deployment > guide on raid setup and it seems to cover the basics of software raid > pretty well, but doesn't cover 1+0. Does anyone have a reference for > that kind of configuration? > Hello The current anaconda doesn't allow you to select RAID10, however, RAID10 does work if you configure such an array manually. > I'd also like to have two virtual domains, one for CentOS and one for > Debian. any suggestions for setup docs for that kind of arrangement? > Read the virtualization docs. Best regards, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
