Re: [CentOS] haproxy ssl

[John Doe]

From: Tim Dunphy 

> I am attempting to load balance SSL web servers using haproxy on centos 5.7.
> I am using HA-Proxy version 1.4.18 

Never used haproxy but maybe you want 'option ssl-hello-chk'...
But search for "Since haproxy does not handle SSL" in their architecture 
(although old) doc...
Anyway, you'd get more answers if you ask their mailing list...

JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] haproxy ssl

[Craig White]

On Tue, 2011-10-18 at 02:52 +, Tim Dunphy wrote:
> hello list,
> 
>  I am attempting to load balance SSL web servers using haproxy on centos 5.7.
> 
>  I am using HA-Proxy version 1.4.18 
> 
> 
>   Here is the stanza in the config regarding SSL:
> 
>listen https 192.168.1.200:443
> mode tcp
> balance roundrobin
> option forwardfor except 192.168.1.200
> option redispatch
> maxconn 1
> reqadd X-Forwarded-Proto:\ https
> server web1 web1.summitnjhome.com:443  maxconn 5000
> server web2 web2.summitnjhome.com:443  maxconn 5000
> 
> I can connect to https on each web server and have it serve content. the IP 
> 192.168.1.200 is a virtual IP created with keepalived and floating between 
> two load balancers.

> 
>  I can connect to the virtual ip via openssl s_connect and GET / where i see 
> the source code for the home page
 snip 
> And the port 443 is being listened to..
> 
>   [root@VIRTCENT02:~] #lsof -i :443
> COMMAND  PIDUSER   FD   TYPE DEVICE SIZE NODE NAME
> haproxy 1763 haproxy6u  IPv4   7586   TCP VIRTUAL.example.com:https 
> (LISTEN)
> 
> [root@VIRTCENT01:~] #netstat -tulpn | grep 443
> tcp0  0 192.168.1.200:443   0.0.0.0:*   
> LISTEN  1752/haproxy
> 
> 
>  But a page will not render in a web page. 
> 
>   Unable to connect
>   
>Firefox can't establish a connection to the server at virtual.example.com. 
>   
> 
>  And there is no activity in the haproxy debug logs when I hit the web page 
> at this address which should map to that ip.
> 
>  [root@VIRTCENT01:~] #host virtual.example.com
> virtual.example.com has address 192.168.1.200
> 
> Thanks in advance!

I think your setup seems mostly ok but I ended up giving up on haproxy
for SSL connections for a few reasons including limitations for
handling/forwarding headers & source IP addresses. I also found it
easier to use nginx (or apache I suppose) to handle the first connection
(terminate the SSL connection for the browser as a proxy) and to use
normal http for haproxy load balancing (which then can use http mode
instead of tcp mode and forward added headers) to the actual web
servers.

Craig



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fwd: Re: SELinux triggered during Libvirt snapshots

[Daniel J Walsh]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/17/2011 03:40 PM, Trey Dockendorf wrote:
> 
> On Oct 17, 2011 2:06 PM, "Daniel J Walsh"  > wrote:
>> 
> On 10/17/2011 02:09 PM, Trey Dockendorf wrote:
>> On Oct 17, 2011 10:30 AM, "Daniel J Walsh" >  > >> wrote:
> 
>> On 10/17/2011 11:19 AM, Trey Dockendorf wrote:
>>> Forwarding back to list. -- Forwarded message
>>> -- From: "Trey Dockendorf" >>  >> >> Date: Oct
>> 17, 2011 10:06 AM Subject:
>>> Re: [CentOS] SELinux triggered during Libvirt snapshots To: 
>>> "Daniel J Walsh" mailto:dwa...@redhat.com>
>> >>
> 
> 
> 
>>> On Mon, Oct 17, 2011 at 7:47 AM, Daniel J Walsh 
>>> mailto:dwa...@redhat.com>
>> >> wrote:
> 
>>> On 10/14/2011 08:17 PM, Trey Dockendorf wrote:
>> I recently began getting periodic emails from SEalert
>> that SELinux is preventing /usr/libexec/qemu-kvm
>> "getattr" access from the directory I store all my
>> virtual machines for KVM.
>> 
>> All VMs are stored under /vmstore , which is it's own 
>> mount point, and every file and folder under /vmstore 
>> currently has the correct context that was set by doing
>> the following:
>> 
>> semanage fcontext -a -t virt_image_t "/vmstore(/.*)?" 
>> restorecon -R /vmstore
>> 
>> So far I've noticed then when taking snapshots and also 
>> when using virsh to make changes to a domain's XML file. 
>> I haven't had any problems for the 3 or 4 months I've
>> run this KVM server using SELinux on Enforcing, and so
>> I'm not really sure what information is helpful to debug
>> this.  The server is CentOS 6 x86_64 updated to CR.  This
>> is the raw audit entry, (hostname removed)
>> 
>> node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): 
>> avc: denied { getattr } for pid=1842 comm="qemu-kvm" 
>> name="/" dev=dm-2 ino=2 
>> scontext=system_u:system_r:svirt_t:s0:c772,c779 
>> tcontext=system_u:object_r:fs_t:s0 tclass=filesystem 
>> node=kvmhost.tld type=SYSCALL 
>> msg=audit(1318634450.285:28): arch=c03e syscall=138 
>> success=no exit=-13 a0=9 a1=7fff1cf153f0 a2=0 
>> a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295 
>> uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 
>> sgid=107 fsgid=107 tty=(none) ses=4294967295 
>> comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" 
>> subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
>> 
>> I've attached the alert email as a quote below,
>> (hostname removed)
>> 
>> Any help is greatly appreciated, I've had to deal little 
>> with SELinux fortunately, but at the moment am not
>> really sure if my snapshots are actually functional or if
>> this is just some false positive.
>> 
>> Thanks - Trey
>> 
>> Summary
>>> 
>>> SELinux is preventing /usr/libexec/qemu-kvm "getattr" 
>>> access on /vmstore.
>>> 
>>> Detailed Description
>>> 
>>> SELinux denied access requested by qemu-kvm. It is not 
>>> expected that this
 access is required by qemu-kvm and this access may 
 signal an intrusion attempt. It is also possible
 that the specific version or configuration of the 
 application is causing it to require additional 
 access.
>>> 
>>> Allowing Access
>>> 
>>> You can generate a local policy module to allow this 
>>> access - see FAQ
 Please file a bug report.
>>> 
>>> Additional Information
>>> 
>>> Source Context:
>>> system_u:system_r:svirt_t:s0:c772,c779
>>> 
>>> Target Context:   system_u:object_r:fs_t:s0
>>> 
>>> Target Objects:   /vmstore [ filesystem ]
>>> 
>>> Source:   qemu-kvm
>>> 
>>> Source Path:   /usr/libexec/qemu-kvm
>>> 
>>> Port:   
>>> 
>>> Host:   kvmhost.tld
>>> 
>>> Source RPM Packages:   qemu-kvm-0.12.1.2-2.160.el6_1.8
>>> 
>>> Target RPM Packages:
>>> 
>>> Policy RPM:   selinux-policy-3.7.19-93.el6_1.7
>>> 
>>> Selinux Enabled:   True
>>> 
>>> Policy Type:   targeted
>>> 
>>> Enforcing Mode:   Enforcing
>>> 
>>> Plugin Name:   catchall
>>> 
>>> Host Name:   kvmhost.tld
>>> 
>>> Platform:   Linux kvmhost.tld
>>> 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27
 19:49:27 BST 2011 x86_64 x86_64
>>> 
>>> Alert Count:   1
>>> 
>>> First Seen:   Fri Oct 14 18:20:50 2011
>>> 
>>> Last Seen:   Fri Oct 14 18:20:50 2011
>>> 
>>> Local ID:   c73c7440-06ee-4611-80ac-712207ef9aa6
>>> 
>>> Line Numbers:
>>> 
>>> Raw Audit Messages :
>>> 
>>> 
 node=kvmhost.t

Re: [CentOS] haproxy ssl

[Brian Mathis]

On Mon, Oct 17, 2011 at 10:52 PM, Tim Dunphy  wrote:
> hello list,
>
>  I am attempting to load balance SSL web servers using haproxy on centos 5.7.
>
>  I am using HA-Proxy version 1.4.18
>
>  Here is the stanza in the config regarding SSL:
>
>   listen https 192.168.1.200:443
>        mode tcp
>        balance roundrobin
>        option forwardfor except 192.168.1.200
>        option redispatch
>        maxconn 1
>        reqadd X-Forwarded-Proto:\ https
>        server web1 web1.summitnjhome.com:443  maxconn 5000
>        server web2 web2.summitnjhome.com:443  maxconn 5000
>
> I can connect to https on each web server and have it serve content. the IP 
> 192.168.1.200 is a virtual IP created with keepalived and floating between 
> two load balancers.
>
>  I can connect to the virtual ip via openssl s_connect and GET / where i see 
> the source code for the home page
>
>  For now it's just a demo page with more complex content living deeper in the 
> directory structure.
>
>  A port scan with nmap shows that port 443 is open...
>
> And the port 443 is being listened to..
>
>  But a page will not render in a web page.
>
>   Firefox can't establish a connection to the server at virtual.example.com.
>
>  And there is no activity in the haproxy debug logs when I hit the web page 
> at this address which should map to that ip.
>
>  [root@VIRTCENT01:~] #host virtual.example.com
> virtual.example.com has address 192.168.1.200
>
> Thanks in advance!
> tim


You cannot use haproxy with SSL.  You need to terminate the SSL
connection before reaching haproxy, such as (already mentioned) using
apache as a front end proxy.  Then on the backend you need to connect
to the node servers using http, not SSL (using SSL there is a waste of
resources anyway).

HAproxy needs to be able to see the http traffic, and especially since
you are using 'reqaddd' to add something into the stream.  You can't
do any of that using tcp mode, nor can you get any kind of session
stickyness with tcp load balancing.

Tcp mode is only meant for things that keep a persistent connection,
not http that uses multiple non-persistent connections.


-☙ Brian Mathis ❧-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [HW] Do the HDD cages in rack mount chassis indicate visual/audio HDD failure?

[Arun Khan]

Hi Michael,

On Fri, Oct 14, 2011 at 5:35 PM, Michael Schumacher  wrote:
>
> On Tuesday, October 11, 2011 you wrote:
>
>
>> I would appreciate clarification on the following:
>
>> (a) Indicate disk failure. LED lights up and/or audio alarm?
>> (b) The failed HDD can be swapped.
>
> Don't rely on the LED going on. I mark all my hot swap disks with
> labels with their serial number. This label is visible from the
> outside without removing the HD.
> That way, I can double check that I remove the faulty disk.
> Pulling the wrong disk is the last thing you want to risk in a RAID
> setup. Relying on a fault LED is close to that.
> Also make a list of the HD serial numbers and their position within
> the RAID in time. Store that in a safe place.

Thanks for these very helpful suggestions - good admin practice.

> I pulled ONCE the wrong disk out of a Raid5 array. :-(
> You know what that means?

You mean, it is not OK to pull out a "functioning" disk?  Pulling one
disk out of RAID 5 should be OK.  Am I missing something?

Thanks,
-- Arun Khan
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [HW] Do the HDD cages in rack mount chassis indicate visual/audio HDD failure?

[Karanbir Singh]

On 10/11/2011 03:29 PM, Arun Khan wrote:
> Are the hot swap bays compatible with Linux mdadm RAID?  i.e. Upon
> detection of disk failure, the respective HDD LED on the bay can be
> turned ON?

no, not all are. Only a few work with mdadm ( or rather in a way that
mdadm can work with them, even the basic mdadm hotswap capability is
new'ish. Test it a few times to make sure it works for your setup. ).

> I am trying to reduce the cost if I can get by
> with mdadm RAID10 with additional tools to detect failed drive and

Also, mdraid10 isnt the same as a normal raid-10, unless you meant to
imply that you are doing a raid10 with md-raid tools.

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [HW] Do the HDD cages in rack mount chassis indicate visual/audio HDD failure?

[Karanbir Singh]

On 10/18/2011 04:11 PM, Arun Khan wrote:
> You mean, it is not OK to pull out a "functioning" disk?  Pulling one
> disk out of RAID 5 should be OK.  Am I missing something?

grab yourself a bunch of usb keys +  a usb hub - fire up mdadm on your
laptop and use those keys as target disks and see how things work with
mdadm and hotswap. Much fun to be had there. I would also recommend
using CentOS6.

Pulling a disk that isnt set bad and deactivated in mdadm can cause some
very funky results - best of all, the machine will freeze and you can
reinsert the disk boot up and carry on. Worst of all, you will lose all
the data on the array.

btw, dont think that these issues dont affect hardware raid - they do.
its just that the management for these things is slightly more
abstracted away and the controllers are better integrated with the disk
cages.

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [HW] Do the HDD cages in rack mount chassis indicate visual/audio HDD failure?

[Les Mikesell]

On Tue, Oct 18, 2011 at 10:11 AM, Arun Khan  wrote:
>
>>> I would appreciate clarification on the following:
>>
>>> (a) Indicate disk failure. LED lights up and/or audio alarm?
>>> (b) The failed HDD can be swapped.
>>
>> Don't rely on the LED going on. I mark all my hot swap disks with
>> labels with their serial number. This label is visible from the
>> outside without removing the HD.
>> That way, I can double check that I remove the faulty disk.
>> Pulling the wrong disk is the last thing you want to risk in a RAID
>> setup. Relying on a fault LED is close to that.
>> Also make a list of the HD serial numbers and their position within
>> the RAID in time. Store that in a safe place.
>
> Thanks for these very helpful suggestions - good admin practice.
>
>> I pulled ONCE the wrong disk out of a Raid5 array. :-(
>> You know what that means?
>
> You mean, it is not OK to pull out a "functioning" disk?  Pulling one
> disk out of RAID 5 should be OK.  Am I missing something?

Usually you would be swapping drives to repair an already-broken raid.
 Unless you have a hot spare and the raid has already rebuilt on it,
pulling a working disk will take a 2nd drive out of the failed raid5
and kill it.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [HW] Do the HDD cages in rack mount chassis indicate visual/audio HDD failure?

[Arun Khan]

On Tue, Oct 18, 2011 at 8:57 PM, Les Mikesell  wrote:
> On Tue, Oct 18, 2011 at 10:11 AM, Arun Khan  wrote:
>>
>>
>>> I pulled ONCE the wrong disk out of a Raid5 array. :-(
>>> You know what that means?
>>
>> You mean, it is not OK to pull out a "functioning" disk?  Pulling one
>> disk out of RAID 5 should be OK.  Am I missing something?
>
> Usually you would be swapping drives to repair an already-broken raid.
>  Unless you have a hot spare and the raid has already rebuilt on it,
> pulling a working disk will take a 2nd drive out of the failed raid5
> and kill it.
>

Thanks I get it now :)

-- Arun Khan
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [HW] Do the HDD cages in rack mount chassis indicate visual/audio HDD failure?

[Arun Khan]

On Tue, Oct 18, 2011 at 8:52 PM, Karanbir Singh  wrote:
> Also, mdraid10 isnt the same as a normal raid-10, unless you meant to
> imply that you are doing a raid10 with md-raid tools.

Yes, the plan is to create raid10 with the md tools.

-- Arun Khan
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 80, Issue 6

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CEBA-2011-1372 CentOS 5 x86_64 aspell FASTTRACK   Update
  (Johnny Hughes)
   2. CEBA-2011-1372 CentOS 5 i386 aspell FASTTRACK Update
  (Johnny Hughes)
   3. CEBA-2011-1375 CentOS 5 i386 evince FASTTRACK Update
  (Johnny Hughes)
   4. CEBA-2011-1375 CentOS 5 x86_64 evince FASTTRACK   Update
  (Johnny Hughes)
   5. CEBA-2011-1376 CentOS 5 x86_64 gpart FASTTRACKUpdate
  (Johnny Hughes)
   6. CEBA-2011-1376 CentOS 5 i386 gpart FASTTRACK  Update
  (Johnny Hughes)
   7. CEBA-2011:1374  CentOS 5 i386 autofs Update (Johnny Hughes)
   8. CEBA-2011:1374  CentOS 5 x86_64 autofs Update (Johnny Hughes)


--

Message: 1
Date: Mon, 17 Oct 2011 20:03:04 +
From: Johnny Hughes 
Subject: [CentOS-announce] CEBA-2011-1372 CentOS 5 x86_64 aspell
FASTTRACK   Update
To: centos-annou...@centos.org
Message-ID: <20111017200304.ga20...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2011-1372 

Upstream details at : http://rhn.redhat.com/errata/RHBA-2011-1372.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

x86_64:
32c1b48c17a72e336d975050b65f9928  aspell-0.60.3-12.i386.rpm
d16277c57a858e0ed63dbfc8db133ce4  aspell-0.60.3-12.x86_64.rpm
aec8503cf1dc3e0915c7b1697df159dd  aspell-devel-0.60.3-12.i386.rpm
fd442d540727f67bb1fd75aaee4362f0  aspell-devel-0.60.3-12.x86_64.rpm

Source:
729f389a46aad672005acb8f323cdb95  aspell-0.60.3-12.src.rpm


-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net



--

Message: 2
Date: Mon, 17 Oct 2011 20:03:04 +
From: Johnny Hughes 
Subject: [CentOS-announce] CEBA-2011-1372 CentOS 5 i386 aspell
FASTTRACK   Update
To: centos-annou...@centos.org
Message-ID: <20111017200304.ga20...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2011-1372 

Upstream details at : http://rhn.redhat.com/errata/RHBA-2011-1372.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

i386:
32c1b48c17a72e336d975050b65f9928  aspell-0.60.3-12.i386.rpm
aec8503cf1dc3e0915c7b1697df159dd  aspell-devel-0.60.3-12.i386.rpm

Source:
729f389a46aad672005acb8f323cdb95  aspell-0.60.3-12.src.rpm


-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net



--

Message: 3
Date: Mon, 17 Oct 2011 20:06:29 +
From: Johnny Hughes 
Subject: [CentOS-announce] CEBA-2011-1375 CentOS 5 i386 evince
FASTTRACK   Update
To: centos-annou...@centos.org
Message-ID: <20111017200629.ga21...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2011-1375 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1375.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

i386:
bf96cfb88f633b15e7178b41e41134bd  evince-0.6.0-17.el5.i386.rpm

Source:
504d8af60587451cf83b8d907a6d3574  evince-0.6.0-17.el5.src.rpm


-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net



--

Message: 4
Date: Mon, 17 Oct 2011 20:06:30 +
From: Johnny Hughes 
Subject: [CentOS-announce] CEBA-2011-1375 CentOS 5 x86_64 evince
FASTTRACK   Update
To: centos-annou...@centos.org
Message-ID: <20111017200630.ga21...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2011-1375 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1375.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

x86_64:
86e080bb248662e878810a6923a53ec1  evince-0.6.0-17.el5.x86_64.rpm

Source:
504d8af60587451cf83b8d907a6d3574  evince-0.6.0-17.el5.src.rpm


-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net



--

Message: 5
Date: Mon, 17 Oct 2011 20:09:33 +
From: Johnny Hughes 
Subject: [CentOS-announce] CEBA-2011-1376 CentOS 5 x86_64 gpart
FASTTRACK   Update
To: centos-annou...@centos.org
Message-ID: <20111017200933.ga21...@chakra.karan.org>
Content-Type: text/plain; ch

Re: [CentOS] [HW] Do the HDD cages in rack mount chassis indicate visual/audio HDD failure?

[Arun Khan]

On Tue, Oct 18, 2011 at 8:55 PM, Karanbir Singh  wrote:
> On 10/18/2011 04:11 PM, Arun Khan wrote:
>> You mean, it is not OK to pull out a "functioning" disk?  Pulling one
>> disk out of RAID 5 should be OK.  Am I missing something?
>
> grab yourself a bunch of usb keys +  a usb hub - fire up mdadm on your
> laptop and use those keys as target disks and see how things work with
> mdadm and hotswap. Much fun to be had there. I would also recommend
> using CentOS6.

Thanks for the suggestion - a great way to experiment.

>From the feedback on this thread, I am leaning towards h/w raid controller.

> Pulling a disk that isnt set bad and deactivated in mdadm can cause some
> very funky results - best of all, the machine will freeze and you can
> reinsert the disk boot up and carry on. Worst of all, you will lose all
> the data on the array.

I agree.

> btw, dont think that these issues dont affect hardware raid - they do.
> its just that the management for these things is slightly more
> abstracted away and the controllers are better integrated with the disk
> cages.

About 10 years ago, I had a h/w raid controller go bad (HDDs connected
via SCSI cable - no HDD bays involved).  The replacement card
recreated the RAID array - lost all data.  I did have a back up to
restore most of the data.

-- Arun Khan
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [HW] Do the HDD cages in rack mount chassis indicate visual/audio HDD failure?

[Les Mikesell]

On Tue, Oct 18, 2011 at 11:05 AM, Arun Khan  wrote:
>
>> btw, dont think that these issues dont affect hardware raid - they do.
>> its just that the management for these things is slightly more
>> abstracted away and the controllers are better integrated with the disk
>> cages.
>
> About 10 years ago, I had a h/w raid controller go bad (HDDs connected
> via SCSI cable - no HDD bays involved).  The replacement card
> recreated the RAID array - lost all data.  I did have a back up to
> restore most of the data.

I don't think anything is immune to failure.  Another fun case is a
randomly-bad memory bit causing different things to be written to
software raid mirrors.  I had one that took 3+ days of running
memtest86 to catch.

-- 
  Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Fried Email Server! Perl Problem

[Jack Fredrikson]

I hate it when I crash my email server. Here's what tailing 
/var/log/qmail/qmail-smtp/current gives me:

[root@toast jack]# tail /var/log/qmail/qmail-smtpd/current 
@40004e9ddbd031610f54 tcpserver: status: 0/20
@40004e9ddbd72c767c04 tcpserver: status: 1/20
@40004e9ddbd72c7ab60c tcpserver: pid 12039 from 210.76.164.235
@40004e9ddbd739a20d1c tcpserver: ok 12039 mail.toast.com:209.216.9.56:25 
mail.cdfy-china.com:210.76.164.235::2804
@40004e9ddbd81c826894 Can't load 
'/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/auto/DB_File/DB_File.so' for 
module DB_File: libdb-4.3.so: failed to map segment from shared object: Cannot 
allocate memory at /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/XSLoader.pm 
line 70.
@40004e9ddbd81c827c1c  at 
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/DB_File.pm line 251
@40004e9ddbd81c828004 Compilation failed in require at 
/var/qmail/bin/qmail-scanner-queue.pl line 480.
@40004e9ddbd81c8287d4 BEGIN failed--compilation aborted at 
/var/qmail/bin/qmail-scanner-queue.pl line 480.
@40004e9ddbda0c5bb434 tcpserver: end 12039 status 0
@40004e9ddbda0c5bbfec tcpserver: status: 0/20


So I checked the permissions:


[root@toast jack]# vi 
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/DB_File.pm
[root@toast jack]# ls -al 
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/DB_File.pm
-rw-r--r-- 1 root root 63389 Jun 13 02:58 
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/DB_File.pm
[root@toast jack]# ls -al 
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/auto/DB_File/DB_File.so
-rwxr-xr-x 1 root root 54216 Jun 13 02:58 
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/auto/DB_File/DB_File.so
[root@toast jack]# ls -al 
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/XSLoader.pm
-rw-r--r-- 1 root root 10461 Jun 13 02:58 
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/XSLoader.pm


and did a netstat:

netstat -na | grep :25
tcp    0  0 0.0.0.0:25  0.0.0.0:*   
LISTEN  
tcp    0  0 209.216.9.56:25 65.98.228.108:6326  
SYN_RECV    
tcp    0  0 209.216.9.56:25 205.156.137.71:8785 
TIME_WAIT   

and ps

[root@toast jack]# ps wax|grep qmail
11571 ?    S  0:00 qmail-send
11573 ?    S  0:00 multilog t s10 n20 /var/log/qmail/qmail-send
11575 ?    S  0:00 /usr/local/bin/tcpserver -v -x /etc/tcp.smtp.cdb -c 
20 -R -u 502 -g 501 0 smtp /var/qmail/bin/qmail-smtpd mail.13gems.com 
/home/vpopmail/bin/vchkpw /usr/bin/true
11579 ?    S  0:00 multilog t s10 n20 /var/log/qmail/qmail-smtpd
11580 ?    S  0:00 qmail-lspawn ./Maildir
11581 ?    S  0:00 qmail-rspawn
11582 ?    S  0:00 qmail-clean
11584 ?    S  0:00 tcpserver -H -R -v -c100 0 110 qmail-popup 
mail.13gems.com /home/vpopmail/bin/vchkpw qmail-pop3d Maildir
11586 ?    S  0:00 multilog t s10 n20 /var/log/qmail/qmail-pop3d
13315 pts/0    R+ 0:00 grep qmail
15615 ?    S  0:00 supervise qmail-send
15617 ?    S  0:00 supervise qmail-pop3d
15619 ?    S  0:00 supervise qmail-smtpd


I'm at a loss as to what to do next. Any ideas?
TIA,

Jack
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Samba + Openldap

[Al]

Anyone have an update tutorial/howto for samba to authenticate to ldap?

Regards,
Al
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fried Email Server! Perl Problem

[Marcelo Beckmann]

Em 18-10-2011 18:16, Jack Fredrikson escreveu:
> I hate it when I crash my email server. Here's what tailing 
> /var/log/qmail/qmail-smtp/current gives me:
>
> [root@toast jack]# tail /var/log/qmail/qmail-smtpd/current
> @40004e9ddbd031610f54 tcpserver: status: 0/20
> @40004e9ddbd72c767c04 tcpserver: status: 1/20
> @40004e9ddbd72c7ab60c tcpserver: pid 12039 from 210.76.164.235
> @40004e9ddbd739a20d1c tcpserver: ok 12039 mail.toast.com:209.216.9.56:25 
> mail.cdfy-china.com:210.76.164.235::2804
> @40004e9ddbd81c826894 Can't load 
> '/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/auto/DB_File/DB_File.so' 
> for module DB_File: libdb-4.3.so: failed to map segment from shared object: 
> Cannot allocate memory at 
> /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/XSLoader.pm line 70.
> @40004e9ddbd81c827c1c  at 
> /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/DB_File.pm line 251
> @40004e9ddbd81c828004 Compilation failed in require at 
> /var/qmail/bin/qmail-scanner-queue.pl line 480.
> @40004e9ddbd81c8287d4 BEGIN failed--compilation aborted at 
> /var/qmail/bin/qmail-scanner-queue.pl line 480.


Hi,

I had a problem and saw log like this ('failed to map segment from 
shared object: Cannot allocate memory') when I setup a new qmail-toaster 
server on CentOS 6 some weeks ago.

In my case the problem was with submission service:
]# head /var/log/qmail/submission/current
@40004e8632f1279bcb1c tcpserver: status: 0/200
@40004e8c8d660a78233c tcpserver: status: 0/200
@40004e8cc0f40b7c931c tcpserver: status: 1/200
@40004e8cc0f40b7fd70c tcpserver: pid 20116 from 127.0.0.1
@40004e8cc0f40b809674 tcpserver: ok 20116 
mx.webers.com.br:127.0.0.1:587 :127.0.0.1::60821
@40004e8cc0f40b8dd514 /var/qmail/bin/qmail-smtpd: error while 
loading shared libraries: libselinux.so.1: failed to map segment from 
shared object: Cannot allocate memory


In my case, the solution was to increase memory, softlimit line on 
/var/qmail/supervise/submission/run:

exec /usr/bin/softlimit -m 6400 \< increse this value
 /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
 -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
 $SMTPD $VCHKPW /bin/true 2>&1


Maybe it would be useful for your case too.


Best regards,
-- 
Marcelo Beckmann
Suporte Corporativo - supo...@webers.com.br
Webers Tecnologia - http://www.webers.com.br
Curitiba   (PR) (41) 3094-6600
Rio de Janeiro (RJ) (21) 4007-1207
São Paulo  (SP) (11) 4007-1207
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fried Email Server! Perl Problem

[John R Pierce]

On 10/18/11 1:16 PM, Jack Fredrikson wrote:
> @40004e9ddbd81c826894 Can't load 
> '/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/auto/DB_File/DB_File.so' 
> for module DB_File: libdb-4.3.so: failed to map segment from shared object: 
> Cannot allocate memory at 
> /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/XSLoader.pm line 70.

you might need to increase your per process memory...  64bit stuff often 
requires twice the ram of 32bit stuffs.



-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

[Paul Heinlein]

On Tue, 18 Oct 2011, Al wrote:

> Anyone have an update tutorial/howto for samba to authenticate to ldap?

I recommend the smbldap-tools suite of applications for that task:

   https://gna.org/projects/smbldap-tools/

-- 
Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

[Craig White]

On Oct 18, 2011, at 1:43 PM, Al wrote:

> Anyone have an update tutorial/howto for samba to authenticate to ldap?

use the real documentation from samba

'By Example' (walks you by the hand)

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

[Brett Serkez]

> > Anyone have an update tutorial/howto for samba to authenticate to ldap?
> -
>
Not so much a Samba issue, make sure you have a known local username and
password so you are not locked out if the LDAP server fails to start for
whatever reason, especially if you disable network logins as root, as you
should!

Brett
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

[Miguel Medalha]

> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>

http://www.samba.org/samba/docs/man/Samba-Guide/happy.html
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Hot upgrade from 5.2 Centos to 5.7 Centos

[Vinay Nagrik]

Hello Group,

I am installed some application running on top of Centos 5.2 OS and these
applications are running fine.  However, we are thinking of upgrading our
5.2 Centos to 5.7 (hot upgrade).  That is we want to upgrade from 5.2 Centos
to 5.7 Centos and not disturb the applications.

Is it possible?  Could someone please help.

-- 
Thanks

Nagrik
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hot upgrade from 5.2 Centos to 5.7 Centos

[John R Pierce]

On 10/18/11 3:02 PM, Vinay Nagrik wrote:
> I am installed some application running on top of Centos 5.2 OS and these
> applications are running fine.  However, we are thinking of upgrading our
> 5.2 Centos to 5.7 (hot upgrade).  That is we want to upgrade from 5.2 Centos
> to 5.7 Centos and not disturb the applications.
>
> Is it possible?  Could someone please help.

assuming those applications didn't replace system files that are under 
RPM management, then a yum update should be just fine.

I recently upgraded a system that had been left at 5.4 a little too 
long, and found I had to update yum and some other things first, before 
the full yum update would work, I also had to do a yum cleanall after 
that update of yum itself.

do watch the output of the yum update for `rpmnew` files, and diff each 
of these with your system files, and merge the changes manually (I 
usually copy my stuff from the old file to the rpmnew file, then mv 
x.rpm x...)   this is typically .conf files.


-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fried Email Server! Perl Problem

[Jack Fredrikson]

From: Marcelo Beckmann 

To: CentOS mailing list 
Sent: Tuesday, October 18, 2011 4:43 PM
Subject: Re: [CentOS] Fried Email Server! Perl Problem

> exec /usr/bin/softlimit -m 6400 \    < increse this value
>     /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
>     -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
>     $SMTPD $VCHKPW /bin/true 2>&1

Yeah, I forgot to mention I'd tried that, but not as high as you went. Tried it 
again, but it didn't help :(
Thanks, though.
Jack
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fried Email Server! Perl Problem

[Jack Fredrikson]

From: John R Pierce 

To: centos@centos.org
Sent: Tuesday, October 18, 2011 4:45 PM
Subject: Re: [CentOS] Fried Email Server! Perl Problem

On 10/18/11 1:16 PM, Jack Fredrikson wrote:
>> @40004e9ddbd81c826894 Can't load 
>> '/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/auto/DB_File/DB_File.so' 
>> for module DB_File: libdb-4.3.so: failed to map segment from shared object: 
>> Cannot allocate memory at 
>> /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/XSLoader.pm line 70.

> you might need to increase your per process memory...  64bit stuff often 
> requires twice the ram of 32bit stuffs.

How do I do that? I don't even know which program is complaining here!
TIA,
Jack
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fried Email Server! Perl Problem

[Christopher Chan]

On Wednesday, October 19, 2011 06:40 AM, Jack Fredrikson wrote:
> From: John R Pierce
>
> To: centos@centos.org
> Sent: Tuesday, October 18, 2011 4:45 PM
> Subject: Re: [CentOS] Fried Email Server! Perl Problem
>
> On 10/18/11 1:16 PM, Jack Fredrikson wrote:
>>> @40004e9ddbd81c826894 Can't load 
>>> '/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/auto/DB_File/DB_File.so' 
>>> for module DB_File: libdb-4.3.so: failed to map segment from shared object: 
>>> Cannot allocate memory at 
>>> /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/XSLoader.pm line 70.
>
> How do I do that? I don't even know which program is complaining here!

What does it do on line 70 of XSLoader.pm?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

[Craig White]

On Oct 18, 2011, at 2:56 PM, Miguel Medalha wrote:

> 
>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>> 
> 
> http://www.samba.org/samba/docs/man/Samba-Guide/happy.html

indeed - that is one of the chapters from the 'By Example' to which I referred 
to earlier

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hot upgrade from 5.2 Centos to 5.7 Centos

[Ljubomir Ljubojevic]

Vreme: 10/19/2011 12:18 AM, John R Pierce piše:
> On 10/18/11 3:02 PM, Vinay Nagrik wrote:
>> I am installed some application running on top of Centos 5.2 OS and these
>> applications are running fine.  However, we are thinking of upgrading our
>> 5.2 Centos to 5.7 (hot upgrade).  That is we want to upgrade from 5.2 Centos
>> to 5.7 Centos and not disturb the applications.
>>
>> Is it possible?  Could someone please help.
>
> assuming those applications didn't replace system files that are under
> RPM management, then a yum update should be just fine.
>
> I recently upgraded a system that had been left at 5.4 a little too
> long, and found I had to update yum and some other things first, before
> the full yum update would work, I also had to do a yum cleanall after
> that update of yum itself.
>
> do watch the output of the yum update for `rpmnew` files, and diff each
> of these with your system files, and merge the changes manually (I
> usually copy my stuff from the old file to the rpmnew file, then mv
> x.rpm x...)   this is typically .conf files.
>
>

Shouldn't he run "yum upgrade" instead of update? upgrade will take into 
account any possible obsoletes.

-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hot upgrade from 5.2 Centos to 5.7 Centos

[John R Pierce]

On 10/18/11 4:16 PM, Ljubomir Ljubojevic wrote:
> Shouldn't he run "yum upgrade" instead of update? upgrade will take into
> account any possible obsoletes.

as far as I know, those are equivalent.

upgrade is equivalent to update with --obsoletes   and --obsoletes is 
true by default:

 # grep obsoletes /etc/yum.conf
 obsoletes=1


-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hot upgrade from 5.2 Centos to 5.7 Centos

[Les Mikesell]

On Tue, Oct 18, 2011 at 5:02 PM, Vinay Nagrik  wrote:
> Hello Group,
>
> I am installed some application running on top of Centos 5.2 OS and these
> applications are running fine.  However, we are thinking of upgrading our
> 5.2 Centos to 5.7 (hot upgrade).  That is we want to upgrade from 5.2 Centos
> to 5.7 Centos and not disturb the applications.
>
> Is it possible?  Could someone please help.

It is rare for a 'yum update' to disturb already working applications.
 It is possible of course, but the point of 'enterprise' distributions
is that a lot of care is taken to not break things (i.e. make changes
that aren't backwards compatible) within a major release version.

Not sure if it is necessary but there were some quirks in the updates
along the way that might make it a good idea to:

yum update glibc\* rpm\* yum\* python\*
before doing a full 'yum update'.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hot upgrade from 5.2 Centos to 5.7 Centos

[Barry Brimer]

Hello Group,

I am installed some application running on top of Centos 5.2 OS and these
applications are running fine.  However, we are thinking of upgrading our
5.2 Centos to 5.7 (hot upgrade).  That is we want to upgrade from 5.2 Centos
to 5.7 Centos and not disturb the applications.

Is it possible?  Could someone please help.


It is rare for a 'yum update' to disturb already working applications.
It is possible of course, but the point of 'enterprise' distributions
is that a lot of care is taken to not break things (i.e. make changes
that aren't backwards compatible) within a major release version.

Not sure if it is necessary but there were some quirks in the updates
along the way that might make it a good idea to:

yum update glibc\* rpm\* yum\* python\*
before doing a full 'yum update'.


I might suggest a yum clean all before the above command.  I've seen a 5.0 
yum update to a 5.6 without issue, but there was very little on the 
server.___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Xfce from minimal install

[Johan Vermeulen]

  Dear All,

because I have a lot of older machines and laptops (512Mb) I would like 
to use Xfce.

So I installed CentOs 6 from the normal netinstall cd and selected 
minimal ( just over 200 packages).

 From there I enabled EPEL repo and did :

#yum groupinstall Xfce

after that I installed Xorg and the driver for Intel ( it's on a Dell 
laptop )

after startx I get a get a lot of gnome-session warnings;

'Unable to find provider 'gnome-panel' of
'gnome session: Pango warning '
and many more.


So can anyone help me make further adjustments?

thanks for any tips in advance.

greetings, James

  Opensource Software is the future.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos