[CentOS] Yum segmentation fault when updating to CentOS v5.5
Hi all, I'm getting a segmentation fault with yum when I try to update a CentOS v5.4 install to v5.5. What I've done: * Ran yum clean all. * Ran yum update yum* * Ran yum update, and got the segmentation fault. * Yum suggested running with option --skip-broken, which I did. Still got the segmentation fault. * Rebooted machine and ran yum update again. Segmentation fault... * Googled some and found some hints on rebuilding the rpm-database, which I did. * Ran yum update again. Got segmentation fault again. * Disabled all 3rd party repos, rpmforge and epel, tried yum update again and got seg fault. * Disabled all plugins; priorities, fastestmirror and kmod, tried yum pdate again and got seg fault yet again. * Removed /var/cache/yum and ran yum update. Got a seg fault. Any other tips, tricks or hints I could try? FWIW, this is the only machine I've had this problem with. All others I've updated to v5.5 so far have worked w/o a hitch as upgrades go. Thanks for any help. -- BW, Sorin --- # Sorin Srbu[Sysadmin, Systems Engineer] # Dept of Medicinal Chemistry, Phone: +46 (0)18-4714482 >3 signals> GSM # Div of Org Pharm Chem,Mobile: +46 (0)701-718023 # Box 574, Uppsala University, Fax: +46 (0)18-4714482 # SE-751 23 Uppsala, Sweden Visit: BMC, Husargatan 3, D5:512b # Web: http://www.orgfarm.uu.se --- # () ASCII ribbon campaign - Against html E-mail # /\ # # MotD follows: # Multitasking /adj./ 3 PCs and a chair with wheels! smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum segmentation fault when updating to CentOS v5.5
On 05/17/2010 10:46 AM, Sorin Srbu wrote: ... > Any other tips, tricks or hints I could try? Can you strace the yum update process and see what happens before it crashes? Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Mobile: +45 22 12 53 25 Email: m...@crc.dk Homepage: http://www.crc.dk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum segmentation fault when updating to CentOS v5.5
2010/5/17 Sorin Srbu > Hi all, > > I'm getting a segmentation fault with yum when I try to update a CentOS > v5.4 > install to v5.5. > try updating only some of the packages. if there's one package which can not be updated with yum, rpm -Uvh -- Among the maxims on Lord Naoshige's wall, there was this one: "Matters of great concern should be treated lightly." Master Ittei commented, "Matters of small concern should be treated seriously." (Ghost Dog : The Way of The Samurai) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum segmentation fault when updating to CentOS v5.5
>-Original Message- >From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf >Of Mogens Kjaer >Sent: Monday, May 17, 2010 10:54 AM >To: CentOS mailing list >Subject: Re: [CentOS] Yum segmentation fault when updating to CentOS v5.5 > >On 05/17/2010 10:46 AM, Sorin Srbu wrote: >... >> Any other tips, tricks or hints I could try? > >Can you strace the yum update process and see what >happens before it crashes? > >Mogens I don't have strace installed, and cannot install it because yum doesn't work. I'll see if I can find a "regular" rpm package and install it manually. Thanks for the hint. I'll be back in a while, with more info hopefully. -- /Sorin smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum segmentation fault when updating to CentOS v5.5
>-Original Message- >From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf >Of cornel panceac >Sent: Monday, May 17, 2010 10:59 AM >To: CentOS mailing list >Subject: Re: [CentOS] Yum segmentation fault when updating to CentOS v5.5 > > I'm getting a segmentation fault with yum when I try to update a >CentOS v5.4 > install to v5.5. > > > >try updating only some of the packages. if there's one package which can not be >updated with yum, rpm -Uvh Tried with yum update kernel*, yum update kernel-headers, yum update *lib* and yum update httpd. Still gives me the seg fault error. 8-/ -- /Sorin smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum segmentation fault when updating to CentOS v5.5
>-Original Message- >From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf >Of Sorin Srbu >Sent: Monday, May 17, 2010 11:22 AM >To: 'CentOS mailing list' >Subject: Re: [CentOS] Yum segmentation fault when updating to CentOS v5.5 > >>-Original Message- >>From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On >Behalf >>Of cornel panceac >>Sent: Monday, May 17, 2010 10:59 AM >>To: CentOS mailing list >>Subject: Re: [CentOS] Yum segmentation fault when updating to CentOS v5.5 >> >> I'm getting a segmentation fault with yum when I try to update a >>CentOS v5.4 >> install to v5.5. >> >> >> >>try updating only some of the packages. if there's one package which can >not be >>updated with yum, rpm -Uvh > >Tried with yum update kernel*, yum update kernel-headers, yum update *lib* >and yum update httpd. Still gives me the seg fault error. 8-/ Never mind this problem. Just tried to start httpd and it gave me a segmentation fault as well. Something is not right with this particular machine and I think it's for the best to do a complete reinstall anyway. Thanks all. -- /Sorin smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos release 5.5 issue
Philip Manuel wrote: > Hi > > One of our developers has come across an issue with the new release. He > provided this piece of code to show the problem:- > > > Anyone else seen this or found a bug with these function definitions ? > Yes, confirmed. You should file a bug. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] bluetooth mouse
Hello, I believe that it is well known that the scroll wheel on the Microsoft Bluetooth Mouse 5000 does not work on CentOS 5.4. It does, however, work as expected on Fedora 12 & Ubuntu 9.10 & 10.04. Does anyone know if there is a driver upgrade path for CentOS that will fix this problem? Thanks, roger wells -- Roger Wells, P.E. SAIC 221 Third St Newport, RI 02840 401-847-4210 (voice) 401-849-1585 (fax) roger.k.we...@saic.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL 6 Beta available for public download
On 16 May 2010 10:39, Karanbir Singh wrote: > On 05/15/2010 11:48 PM, Ron Loftin wrote: >> >> What would be the proper way to request such a thing? > > s/request/offer to do this/ and its game on. > > Open an issue at bugs.centos.org, with the details, and we can help from > there on. > > - KB Whilst it may be that CentOS as a community can pull together to offer a non-PAE kernel (presumably as a CentOS-Plus) it seems odd that RH would have insist on something that has been present since the Pentium Pro (ffs) but which isn't part of the first 2 iterations of the pentium M (i believe the post dothan CPUs that went with the sonoma chipset was the first to have pae "enabled"). The idea that they are doing this deliberatly to ensure newish hardware is poppycock (sorry about the swearing). What happens if intel decide to ship new supa-budget chips which also have no pae or emt-64? Why make it a i386 kernel (with pae) rather than a i686 without or are there some 80(2/3/4)86 revisions with pae that i don't know of? It just seems to be a bad engineering decision. Anyways wrong place for a rant never liked Mondays On a more useful note: I would be more than happy to help out in any effort to provide a non-pae kernel for CentOS 6 :) mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [Fwd: Re: iptables]
> Date: Thu, 29 Apr 2010 00:13:43 +0200 > From: gavro...@gavroche.pl > To: centos@centos.org > Subject: Re: [CentOS] [Fwd: Re: iptables] > > On Fri, Apr 23, 2010 at 06:08:45PM -0400, Robert Spangler wrote: > > On Friday 23 April 2010 15:20, cahit Eyigünlü wrote: > > > > > how or why i have redesigned it to this and it seems like worked : > > > > See big problems in your future. > > > > > :INPUT ACCEPT [0:0] > > > :FORWARD ACCEPT [0:0] > > > :OUTPUT ACCEPT [0:0] > > > > Anyone with a little bit of security awareness would never set the default > > policy to ACCEPT and the reason is below. You would think RH would know > > better. > > > > > -A INPUT -j RH-Firewall-1-INPUT > > > -A FORWARD -j RH-Firewall-1-INPUT > > > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > > > -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT > > > > With this rule above you just opened up you complete system to what ever it > > is > > connected to. That is why it is working. I am hoping this box doesn't > > have > > Internet access. > > > > > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT > > > -A RH-Firewall-1-INPUT -p 50 -j ACCEPT > > > -A RH-Firewall-1-INPUT -p 51 -j ACCEPT > > > -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT > > > -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT > > > -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT > > > -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j > > > ACCEPT > > > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j > > > ACCEPT > > > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j > > > ACCEPT > > > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j > > > ACCEPT > > > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j > > > ACCEPT > > > "/etc/sysconfig/iptables" 40L, 1617C > > > > Even if you didn't have the line with '-i eth0 -j ACCEPT' you system was > > still > > open to everyone because at this point if none of the rules apply and the > > firewall falls back to the policy setting to decide what to do with a > > packet. > > Since all your policies are set to ACCEPT the packet is accepted and the > > hacker is in. > > > > For this reason one would think RH would do a little more and set the > > default > > policies to DROP. It is so easy to miss the reject or drop statements at > > the > > end and the policy would catch them for you. > > > > I know some will argue that RH did what they needed to do, but they could > > go > > that extra step don't you think. > > Absolutely agree with you. It would save us from threads like that > because people would need to read about iptables and stop to ask silly > questions. > > -- > Dominik Zyla > Setting the default policy to DROP is not always the best approach, especially if you do remote administration. What happens when you are connected remotely and execute: # iptables -F You are either jumping in the car to drive to the server or on the phone trying to reach someone local to assist because the default DROP policy just killed your session. In my opinion a better option for creating a default DROP policy is to add the following rule (INPUT chain in this example) as the last entry in a chain: -A INPUT -j DROP Now you have a chain that performs like one with a default DROP policy but does not kill your remote session if all rules are flushed. Len _ Hotmail is redefining busy with tools for the New Busy. Get more from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_2___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] route question
On May 15, 2010, at 7:13 AM, Dominik Zyla wrote: > On Fri, May 14, 2010 at 03:02:04PM -0400, Jerry Geis wrote: >>> >>> GATEWAY=74.223.8.177 on /etc/sysconfig/network file ? >>> >> Actually I have that in the ifcfg-eth1 and ifcfg-eth2. And this is >> hte >> route I get. >> >> DEVICE=eth1 >> ONBOOT=YES >> BOOTPROTO=static >> IPADDR=74.223.8.179 >> NETMASK=255.255.255.240 >> GATEWAY=74.223.8.177 >> >> >> DEVICE=eth2 >> ONBOOT=Yes >> BOOTPROTO=static >> IPADDR=24.123.23.170 >> NETMASK=255.255.255.248 >> GATEWAY=24.123.23.169 >> >> route -n >> Kernel IP routing table >> Destination Gateway Genmask Flags Metric Ref >> Use >> Iface >> 24.123.23.168 0.0.0.0 255.255.255.248 U 0 >> 00 eth2 >> 74.223.8.1760.0.0.0 255.255.255.240 U 0 >> 00 eth1 >> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 >> 00 eth0 >> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 >> 00 eth2 >> 0.0.0.0 24.123.23.169 0.0.0.0 UG0 >> 00 eth2 >> >> >> I dont want 74.X traffic going out 24.X network. I want it going back >> out the 74.X network. >> How do I setup the ifcfg-eth files so the GW above will route back >> out >> the correct gw? > > It won't work. You can't have two default gateways. Init scripts first > set your gateway via eth1, then parse ifcfg-eth2 (alphabetical) and > overwrites previous settings. True, you can have only one gateway of last resort and the OP needs to pick which one, but you can do policy based routing in iptables, and if reverse NAT is configured I believe incoming connections should work as advertised. There was a thread just recently discussing solutions for this type of setup. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync - dirs and symlinks only, not contents
From: "aurfal...@gmail.com" >Any thoughts on how to copy dirs, subdirs and sym links only w/o contents? Not sure what you mean by broken but, did you check -k or -K? Maybe if you give an example... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] route question
> > I searched for "Destination nat" just to make sure I did not miss > something and it looks like what I have above. > > Thanks, > > jerry > Ok - I found out how to enable iptables logging. I can see a connection from 98.X on port 25 going to .58 as desired. Then we can see that the return is going out eth2 - and - it should be going out eth1 based on postrouting. May 17 10:30:10 mngateway kernel: IN=eth1 OUT=eth0 SRC=98.220.57.24 DST=192.168.1.58 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=17126 DF PROTO=TCP SPT=49060 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 May 17 10:30:10 mngateway kernel: IN=eth0 OUT=eth2 SRC=192.168.1.58 DST=98.220.57.24 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=25 DPT=49060 WINDOW=5792 RES=0x00 ACK SYN URGP=0 Everything on eth2 is working as needed. Incoming gets correctly pre-routed and outgoing gets correctly post-routed. Its just eth1 that is not correctly post-routing. What have I "uncorrectly configured" so return packets that connect on eth1 go back out eth1? below are my config lines again. Jerry - eth0 is internal eth1 is 74.X network eth2 is 24.X network INTERFACE="eth1" MYIP="74.223.8.179" GWIP="192.168.1.1" # setup port 22 iptables -t nat -A PREROUTING -i $INTERFACE -p tcp -d $MYIP --dport 22 -j DNAT --to 192.168.1.58:22 iptables -t nat -A POSTROUTING -o $INTERFACE -d 192.168.1.58 -j SNAT --to $GWIP # Setup the port for sendmail iptables -t nat -A PREROUTING -i $INTERFACE -p tcp -d $MYIP --dport 25 -j DNAT --to 192.168.1.58:25 iptables -t nat -A POSTROUTING -o $INTERFACE -d 192.168.1.58 -j SNAT --to $GWIP route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 24.123.23.168 0.0.0.0 255.255.255.248 U 0 00 eth2 74.223.8.1760.0.0.0 255.255.255.240 U 0 00 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth2 0.0.0.0 24.123.23.169 0.0.0.0 UG0 00 eth2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync - dirs and symlinks only, not contents
On May 17, 2010, at 7:45 AM, John Doe wrote: > From: "aurfal...@gmail.com" >> Any thoughts on how to copy dirs, subdirs and sym links only w/o >> contents? > > Not sure what you mean by broken but, did you check -k or -K? > Maybe if you give an example... > > JD Upon looking at them again, they are intact. However the contents or file data does get copied over when using the - l flag. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Package Information Site?
Greetings all- Over the years, I've become incredibly spoiled by 'packages.debian.org' which allows me to search for a package, view it's description, download it, see dependencies, see similar packages, etc... Does such a site or resource exist for CentOS? Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package Information Site?
On 17.5.2010 18.03, Tim Nelson wrote: > Greetings all- > > Over the years, I've become incredibly spoiled by 'packages.debian.org' which > allows me to search for a package, view it's description, download it, see > dependencies, see similar packages, etc... > > Does such a site or resource exist for CentOS? You could start with yum info . See man yum for more (yum whatprovides...). - Jussi -- Jussi Hirvi * Green Spot Topeliuksenkatu 15 C * 00250 Helsinki * Finland Tel. +358 9 493 981 * Mobile +358 40 771 2098 (only sms) jussi.hi...@greenspot.fi * http://www.greenspot.fi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Free and Robust Hotspot Management Software ?
> > - Linux-based solution: Endian Firewall -> > http://www.endian.com/en/solutions/technology/endianhotspot/ No hotspot functions in the free and open source version of Endian > > - FreeBSD-based solution: pfSense (see Captive Portal) -> > http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43 This works well... > > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] release of 5.5? (filesystem troubles)
on 5-14-2010 2:22 AM Tom Brown spake the following: >>> is there an estimate when centos 5.5 will be released? > > as far as i knew it was out - at least it seemed to drop on me on the 10th > > eg centos-release-5-5.el5.centos.x86_64.rpm Remember... releases start to mirror before the official announcements for one very good reason... If they announce before the mirrors are mostly synced, then the list fills up with complaints... So if you see new files out there some where, please DON'T spread it around, as it will just slow down the mirror updates and make the wait even longer. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Useful NFS hint
Don't do NFS localhost mounts from fstab eg localhost:/origdir /newdir nfs ro 0 0 (Indeed, don't do localhost NFS mounts at all). Why? Because at shutdown time nfsd is terminated before the unmounting, so the shutdown hangs trying to access NFS server localhost. And at boot time it tries to do NFS mounts before nfsd starts up. _sigh_ -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] upgrading to a minor release 4.1 to 4.2
on 5-13-2010 9:37 PM sheraz naz spake the following: > Hi, > > I need to upgrade a system running 4.1 to 4.2, but before I do I want to > list out all the packages that will be updated/installed/removed. I can > run up2date -l to get a list of updates but does that show packages that > need to be installed and removed as well or just the updates? > > Second, how would I go about upgrading 4.1 to 4.2 instead of 4.8 (i.e. > latest update). > > Unfortunately I don't have access to centos 4.x at the moment.and > googling just centos 4.1 to 4.2 is not bringing up relevant information. > That would be like changing the dirty oil in your car for some oil that is only slightly less dirty. Your system would be only slightly less vulnerable, and a risk. If the system is isolated from the internet, you MIGHT be safe. But if it touches the wild wild west of the online world, you are just another hacker target just waiting to be found. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update successful. Thanks.
Thanks! ssh jzhome 'cat /etc/issue' CentOS release 5.5 (Final) Kernel \r on an \m ^_^ -- John Maclean MSc. (DIC) BSc. (Hons) Linux Systems and Applications 07739 171 531 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] decent WMS on CentOS?
Can anyone recommend a decent WMS (Warehouse Management System) that runs on CentOS decently? Thank you. DNK ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] decent WMS on CentOS?
Greetings, On Mon, May 17, 2010 at 11:22 PM, dnk wrote: > Can anyone recommend a decent WMS (Warehouse Management System) that > runs on CentOS decently? > > Most open source ERPs does that openbravo, adempiere etc. etc. Regards, Rajagopal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Apparent BIND problem doing RBL lookups for Postfix - PartII
Recap of config (There's a "New" section below that covers new data...) --- Current config: CentOS 5, running BIND 9.3.6 *** (We updated everything to most recent versions when this was initially posted, mid April, and it made no difference in the symptoms.) i386 Hardware: P4, 2.8Ghz, 1G memory Sata drives - non mirrored etc. Load is light, usually under 0.1 -- This box is running Postfix as our mail server. BIND (9.3.6) [Latest.] -- Problem: Postfix is doing RBL lookups on zen.spamhaus.org. Everything goes along groovy - but then lookups start failing. Early in the process, we get stuff like this: [We have a "successful" lookup, and then a failure...] --- Apr 14 14:25:05 mail postfix/smtpd[22281]: NOQUEUE: reject: RCPT from bzq-79-183-5-119.red.bezeqint.net[79.183.5.119]: 554 5.7.1 Service unavailable; Client host [79.183.5.119] blocked using zen.spamhaus.org; from=xxx to=yyy proto=SMTP helo= Apr 14 14:25:07 mail postfix/smtpd[22804]: warning: 33.229.242.205.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=33.229.242.205.zen.spamhaus.org type=A: Host not found, try again --- As you can see, we had a lookup succeed and then just right after, one fail - claiming it got no answer from BIND. I get others after this that SUCCEED - so it's not in 100% failure mode yet. After time eventually all the zen queries [or most all] fail. [It appears as though after around 4 hours, most all queries to zen are failing.] A bind restart fixes the problem. [Hmmm...] --- First, someone's going to ask - perhaps Zen's blocking you. I don't think so. Here's why. -We're non-commercial, using the definition set my spamhaus, -mail connects TOTAL are well less than 100K a day. (Less than 10K in actuality) -and thus having more than 300K queries is pretty unlikely. -Also, let me remind you that a restart of the bind service seems to make the failures go away for a while, so if zen were blocking our queries, I'd think that wouldn't make a difference. [Also, from the updates below, we can run an alternate distro as a dedicated DNS box, and it queries zen just fine. So, we're NOT being rate limited.] --- I certainly suspect a problem with BIND, but I can't find it, and have no idea where to go from here. I simply don't know where to look any more. If BIND were having a problem, say allocating memory, or something, shouldn't it be in a debug level 5 log? = New information: Tried running a separate DNS box on Fedora 12 - again with all the current patches. We then point the DNS server on the postfix box at our stand-alone Fedora 12 box. The exact same symptoms occur on the FC12 box. --- Next, tried a Ubuntu box also running the latest patches and pointed the Postix box there. Problem solved - or at least mostly so. [We still get around a 2% failure rate - timeouts - but it is always quite low, and stays at a constant level.] So, as was suggested in this thread it appears to be a RH specific implementation bug. I have a WAG that it might be related to UDP fragmentation on DNSSec packets - but I have no idea if that's realistic or not. [Part of why I lean this way is that this isn't reported widely as a problem, and so I'd assume it's a combination of effects bug - perhaps related to how our firewall passes fragmented UDP replies.] I obviously have more testing to do, but I welcome any comments... TIA -Greg ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apparent BIND problem doing RBL lookups for Postfix - PartII
On Mon, May 17, 2010 at 11:40 PM, wrote: > I obviously have more testing to do, but I welcome any comments... > I don't have any solution to your problem but ... I have seen something similar on a Debian box running a local BIND server. Repo is defined as "ftp.debian.org". apt-get install gives error "unable to resolve ftp.debian.org" but "host ftp.debian.org localhost" gives the IP number of the server. File /etc/resolv.conf lists 127.0.0.1 as the first name server. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Useful NFS hint
Stephen Harris wrote on 05/17/2010 12:15 PM: > Don't do NFS localhost mounts from fstab Why would you want to do localhost: NFS mounts anyway? Phil ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Useful NFS hint
On Mon, May 17, 2010 at 04:04:45PM -0400, Phil Schaffner wrote: > Stephen Harris wrote on 05/17/2010 12:15 PM: > > Don't do NFS localhost mounts from fstab > > Why would you want to do localhost: NFS mounts anyway? 'cos the current kernel doesn't allow read-only bind mounts and I need to present information in a locked down read-only area. (need to test if the latest kernel has the patch backported; previous one didn't) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Useful NFS hint
On Mon, 17 May 2010, Stephen Harris wrote: > On Mon, May 17, 2010 at 04:04:45PM -0400, Phil Schaffner wrote: >> Stephen Harris wrote on 05/17/2010 12:15 PM: >>> Don't do NFS localhost mounts from fstab >> >> Why would you want to do localhost: NFS mounts anyway? > > 'cos the current kernel doesn't allow read-only bind mounts and I > need to present information in a locked down read-only area. +1. On one server, we provide a read-write CVS tree accessible to developers -- but we nfs-mount a read-only view of the same filesystem into the cvsd chroot environment for anonymous users. If cvsd is found to have a vulnerability, the chroot and nfs layers are likely to limit the damage. -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] route question
On 05/17/2010 07:49 AM, Jerry Geis wrote: > Ok - I found out how to enable iptables logging. I can see a connection > from 98.X on port 25 going to .58 as desired. > Then we can see that the return is going out eth2 - and - it should be > going out eth1 based on postrouting. No, it shouldn't. You cannot accomplish what you are trying to do with only iptables. Since we don't know what host is using 192.168.1.58, it's not even clear that you need iptables at all. You must use route policies. These are set up by the "ip route" and "ip rule" commands. I posted an example of how to do multi-homing with shorewall a few days ago: http://lists.centos.org/pipermail/centos/2010-May/094304.html If you're not familiar with policy based routing, you should definitely be using something like shorewall that can take care of some of this for you. This document can explain what's going on. http://www.shorewall.net/MultiISP.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update successful. Thanks.
On 05/16/2010 09:27 PM, Ron Blizzard wrote: > The issue came up *after* I had downloaded all the update files. My > used space was 99%, approximately 230 Megs were shown available at /. > There was no memory available in my tmpfs directory/partition. ... > If you think that I have enough information to file a bug report I'll > go ahead and do that how about yum.log ? if you dont mind attaching that, I think there is enough info for a bugreport on bugs.centos.org - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package Information Site?
On 05/17/2010 04:03 PM, Tim Nelson wrote: > Greetings all- > > Over the years, I've become incredibly spoiled by 'packages.debian.org' which > allows me to search for a package, view it's description, download it, see > dependencies, see similar packages, etc... > > Does such a site or resource exist for CentOS? I wrote a small ruby app that parsed yum metadata and can easily export that via a json or REST interface, but never made it to be a webUI since my web interface skills are a bit lacking. If there is real interest in something of this nature, I can prolly export something like this using a small sinatra.rb app - would someone be willing to help with the ui stuff ? - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync - dirs and symlinks only, not contents
You can try this option!!! *-d, --dirs* Tell the sending side to include any directories that are encountered. Unlike *--recursive*, a directory's contents are not copied unless the directory name specified is "." or ends with a trailing slash (e.g. ".", "dir/.", "dir/", etc.). Without this option or the *--recursive*option, rsync will skip all directories it encounters (and output a message to that effect for each one). If you specify both *--dirs* and *--recursive*, *--recursive* takes precedence. The *--dirs* option is implied by the *--files-from* option or the * --list-only* option (including an implied *--list-only* usage) if * --recursive* wasn't specified (so that directories are seen in the listing). Specify *--no-dirs* (or *--no-d*) if you want to turn this off. There is also a backward-compatibility helper option, *--old-dirs* (or * --old-d*) that tells rsync to use a hack of "-r --exclude='/*/*'" to get an older rsync to list a single directory without recursing. On Mon, May 17, 2010 at 12:01 PM, wrote: > On May 17, 2010, at 7:45 AM, John Doe wrote: > > > From: "aurfal...@gmail.com" > >> Any thoughts on how to copy dirs, subdirs and sym links only w/o > >> contents? > > > > Not sure what you mean by broken but, did you check -k or -K? > > Maybe if you give an example... > > > > JD > > Upon looking at them again, they are intact. > > However the contents or file data does get copied over when using the - > l flag. > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos] Useful NFS hint
On Mon, 17 May 2010, Phil Schaffner wrote: > Stephen Harris wrote on 05/17/2010 12:15 PM: >> Don't do NFS localhost mounts from fstab > > Why would you want to do localhost: NFS mounts anyway? Perhaps for a restricted 'regrafting' RO overmount down in a autobuilder's chroot tree, rather than a 'bind' mount ? I can see some rare uses for it as a way to solve ACL problems -- Russ herrold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos] Useful NFS hint
On May 17, 2010, at 5:37 PM, R P Herrold wrote: > On Mon, 17 May 2010, Phil Schaffner wrote: > >> Stephen Harris wrote on 05/17/2010 12:15 PM: >>> Don't do NFS localhost mounts from fstab >> >> Why would you want to do localhost: NFS mounts anyway? > > Perhaps for a restricted 'regrafting' RO overmount down in a > autobuilder's chroot tree, rather than a 'bind' mount ? I can > see some rare uses for it as a way to solve ACL problems Since these are RO to local system why not mount them "soft,intr"? Or you could use automount. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos] Useful NFS hint
On Mon, May 17, 2010 at 06:41:40PM -0400, Ross Walker wrote: > On May 17, 2010, at 5:37 PM, R P Herrold wrote: > > > On Mon, 17 May 2010, Phil Schaffner wrote: > > > >> Stephen Harris wrote on 05/17/2010 12:15 PM: > >>> Don't do NFS localhost mounts from fstab > >> > >> Why would you want to do localhost: NFS mounts anyway? > > > > Perhaps for a restricted 'regrafting' RO overmount down in a > > autobuilder's chroot tree, rather than a 'bind' mount ? I can > > see some rare uses for it as a way to solve ACL problems > > Since these are RO to local system why not mount them "soft,intr"? > > Or you could use automount. I didn't realize you couldn't do bind mounts read-only. Interesting. What about re-mounting the same block device (presumably as ext3) in ro mode at another mountpoint? Or if that complained, maybe created an additional block device under /dev with identical major/minor numbers and mounting *that* RO? Maybe ext3 wouldn't handle that too well... Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos] Useful NFS hint
On May 17, 2010, at 6:44 PM, Ray Van Dolson wrote: > On Mon, May 17, 2010 at 06:41:40PM -0400, Ross Walker wrote: >> On May 17, 2010, at 5:37 PM, R P Herrold wrote: >> >>> On Mon, 17 May 2010, Phil Schaffner wrote: >>> Stephen Harris wrote on 05/17/2010 12:15 PM: > Don't do NFS localhost mounts from fstab Why would you want to do localhost: NFS mounts anyway? >>> >>> Perhaps for a restricted 'regrafting' RO overmount down in a >>> autobuilder's chroot tree, rather than a 'bind' mount ? I can >>> see some rare uses for it as a way to solve ACL problems >> >> Since these are RO to local system why not mount them "soft,intr"? >> >> Or you could use automount. > > I didn't realize you couldn't do bind mounts read-only. Interesting. > > What about re-mounting the same block device (presumably as ext3) in > ro > mode at another mountpoint? > > Or if that complained, maybe created an additional block device under > /dev with identical major/minor numbers and mounting *that* RO? > > Maybe ext3 wouldn't handle that too well... Do not try that, at best it will give you inconsistent views of the file system, at worse it will scramble your file system. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos] Useful NFS hint
On Mon, May 17, 2010 at 06:49:20PM -0400, Ross Walker wrote: > On May 17, 2010, at 6:44 PM, Ray Van Dolson wrote: > > > On Mon, May 17, 2010 at 06:41:40PM -0400, Ross Walker wrote: > >> On May 17, 2010, at 5:37 PM, R P Herrold wrote: > >> > >>> On Mon, 17 May 2010, Phil Schaffner wrote: > >>> > Stephen Harris wrote on 05/17/2010 12:15 PM: > > Don't do NFS localhost mounts from fstab > > Why would you want to do localhost: NFS mounts anyway? > >>> > >>> Perhaps for a restricted 'regrafting' RO overmount down in a > >>> autobuilder's chroot tree, rather than a 'bind' mount ? I can > >>> see some rare uses for it as a way to solve ACL problems > >> > >> Since these are RO to local system why not mount them "soft,intr"? > >> > >> Or you could use automount. > > > > I didn't realize you couldn't do bind mounts read-only. Interesting. > > > > What about re-mounting the same block device (presumably as ext3) in > > ro > > mode at another mountpoint? > > > > Or if that complained, maybe created an additional block device under > > /dev with identical major/minor numbers and mounting *that* RO? > > > > Maybe ext3 wouldn't handle that too well... > > Do not try that, at best it will give you inconsistent views of the > file system, at worse it will scramble your file system. > > -Ross I would like to try it, but definitely do not try it on data you can't afford to lose. :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos] Useful NFS hint
On 05/17/2010 03:44 PM, Ray Van Dolson wrote: > What about re-mounting the same block device (presumably as ext3) in ro > mode at another mountpoint? > > Or if that complained, maybe created an additional block device under > /dev with identical major/minor numbers and mounting *that* RO? > > Maybe ext3 wouldn't handle that too well... I'm reasonably certain that in the former case "mount" will refuse to mount the device twice, and in the latter case the kernel will report that the filesystem was not unmounted properly and refuse to mount the FS until it has been. Even if mount and the kernel allowed you to do this, at some point the kernel could potentially read inconsistent data from the device and crash. You'd never want to do this. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package Information Site?
On 05/17/2010 02:13 PM, Karanbir Singh wrote: > If there is real interest in something of this nature, I can prolly > export something like this using a small sinatra.rb app - would someone > be willing to help with the ui stuff ? There's already repoview: https://fedorahosted.org/repoview/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package Information Site?
On Tue, May 18, 2010 at 3:46 AM, Gordon Messmer wrote: > On 05/17/2010 02:13 PM, Karanbir Singh wrote: >> If there is real interest in something of this nature, I can prolly >> export something like this using a small sinatra.rb app - would someone >> be willing to help with the ui stuff ? > > There's already repoview: > https://fedorahosted.org/repoview/ > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Repoview doesn't provide search; also it doesn't show dependencies and so on... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
