Re: [CentOS] Is this right? -- Centos 6 and RHEL 6 infrastrure for continuous update/upgrade
> I would assume (and I know it's not good to do that!) that the updates > and patches that are pushed out through the repos are something not to > be ingored,so why would the severity of one be that big an > issue?(and I'm just curious...not trying to start a war!..LoL!) > For a start there's threes categories: bug fixes, enhancements and security fixes. The first will cover things like typos in man pages or behaviour that is not right but has no risk to the system. The second adds something new to a package - tzdata is a good example here. The third is security issues - these will generally fix one or more CVE announcements. Within that third category there are different levels of security issue depending on the nature of the problem. For example if something needs an interactive login as an unprivileged user to cause a process (eg mysqld) to fail that could be low security risk given the need to be on the system and only a denial of service to that one subsystem and no data loss. A higher category might be an unprivileged user being able to escalate their privileges to obtain increased access to a system they shouldn't have - there was a sudo exploit last year that would fall into this. The most severe category of security issue would allow am unprivileged user to remotely gain privileged access... This leads to full system compromises and should always be patched asap - especially on public facing systems. Sometimes it's possible to chain these things together... Fire example there might be a way for an unprivileged user to run arbitrary code (think a php big perhaps) which you could then chain to a local privilege escalation to take full control of a system. This is also why selinux is important to confine services to prevent them from going out of their allowed domain and mitigating security issues as and when they arise. As an admin rather than just updating everything all the time it's best practice to schedule updates and test them before major roll outs. Depending on the severity of the issue it may be something you delay to a standardised patching schedule (eg once a month update things) or treat as an emergency an roll out much quicker. Does that help explain things? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] A problem
> > I am a new user of CentOS, I have installed "CentOS-5.8-i386" as a virtual > machine on VMware Workstation 9.0 for learning purposes. As a side issue if you are installing for learning purposes use CentOS 6 instead... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SpamAssassin reporting help
Do you use Parallels Plesk? Did you update? Seems to be related ... http://download1.parallels.com/Plesk/PP10/10.4/release-notes/parallels-plesk-panel-10.4-for-linux- based-os.html - see bug 85 I told them to reopen it, since I am getting those mails too since 3 days ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] LibreOffice 4.0 on Centos 5.9
I've just installed LibreOffice 4.0.0.3 on my Centos 5.9 system. the previous version (3.4.x) was working fine. But 4.0.0.3 won't start up. When run from a terminal it prints: no suitable windowing system found, exiting. Is this yet another case of apps moving on beyond compatibility with the older components in C5? Or any hints for making it work? Thanks! -- Fred Smith -- fre...@fcshome.stoneham.ma.us - "For him who is able to keep you from falling and to present you before his glorious presence without fault and with great joy--to the only God our Savior be glory, majesty, power and authority, through Jesus Christ our Lord, before all ages, now and forevermore! Amen." - Jude 1:24,25 (niv) - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LibreOffice 4.0 on Centos 5.9
On 10.02.2013 14:11, fred smith wrote: > I've just installed LibreOffice 4.0.0.3 on my Centos 5.9 system. the > previous version (3.4.x) was working fine. But 4.0.0.3 won't start up. > When run from a terminal it prints: > > no suitable windowing system found, exiting. > > Is this yet another case of apps moving on beyond compatibility with > the older components in C5? > > Or any hints for making it work? > > Thanks! Check this http://www.mail-archive.com/libreoffice-bugs@lists.freedesktop.org/msg78793.html -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is this right? -- Centos 6 and RHEL 6 infrastrure for continuous update/upgrade
On 02/10/2013 03:37 AM, James Hogarth wrote: >> I would assume (and I know it's not good to do that!) that the updates >> and patches that are pushed out through the repos are something not to >> be ingored,so why would the severity of one be that big an >> issue?(and I'm just curious...not trying to start a war!..LoL!) >> > For a start there's threes categories: bug fixes, enhancements and security > fixes. > > The first will cover things like typos in man pages or behaviour that is > not right but has no risk to the system. > > The second adds something new to a package - tzdata is a good example here. > > The third is security issues - these will generally fix one or more CVE > announcements. > > Within that third category there are different levels of security issue > depending on the nature of the problem. > > For example if something needs an interactive login as an unprivileged user > to cause a process (eg mysqld) to fail that could be low security risk > given the need to be on the system and only a denial of service to that one > subsystem and no data loss. > > A higher category might be an unprivileged user being able to escalate > their privileges to obtain increased access to a system they shouldn't have > - there was a sudo exploit last year that would fall into this. > > The most severe category of security issue would allow am unprivileged user > to remotely gain privileged access... This leads to full system compromises > and should always be patched asap - especially on public facing systems. > > Sometimes it's possible to chain these things together... Fire example > there might be a way for an unprivileged user to run arbitrary code (think > a php big perhaps) which you could then chain to a local privilege > escalation to take full control of a system. > > This is also why selinux is important to confine services to prevent them > from going out of their allowed domain and mitigating security issues as > and when they arise. > > As an admin rather than just updating everything all the time it's best > practice to schedule updates and test them before major roll outs. > Depending on the severity of the issue it may be something you delay to a > standardised patching schedule (eg once a month update things) or treat as > an emergency an roll out much quicker. > > Does that help explain things? > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos Most DEFINITELY! I can see I'll be "picking your brains" as MUCH as possibleas I attempt to get an RHCSA certification!...LoL! I've been using Fedora 18 and CEntOS on two different machines now, and I would always see these "SEL Alerts"...not knowing what they wereI will be paying MUCH more attention to them from now on. Also I am going to check for updates more frequently, I currently have my machien just give me a notification when there's new updates available, but maybe scheduling it for the last / first of every month isn't such a bad idea, at least I'd be able to keep track of what's going on on those machines! As it stands now I can't tell you when last either one of them were updated!well thnaks so much for the info Mr. Hogarth!Have a good weekend! EGO II ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LibreOffice 4.0 on Centos 5.9
On Sun, Feb 10, 2013 at 03:31:44PM +0100, Reindl Harald wrote: > > > Am 10.02.2013 15:11, schrieb fred smith: > > I've just installed LibreOffice 4.0.0.3 on my Centos 5.9 system. the > > previous version (3.4.x) was working fine. But 4.0.0.3 won't start up. > > When run from a terminal it prints: > > > > no suitable windowing system found, exiting. > > > > Is this yet another case of apps moving on beyond compatibility with > > the older components in C5? > > > > Or any hints for making it work? > > why are you using a LTS distribution to get the latest > packages run whch even are not in Fedora? because, well, it's my main home machine which among other things acts as a mail server for the domain, and I just hate having to go thru the pain of re-customizing a new installation to get it the way I want/like it. that's why I run a non-bleeding-edge distro. which, of course, then implies that some new software won't be compatible. Hence my question regarding compatibility. > > maybe at least CentOS 6 instead 5 would be a better base > for bleeding software I'm sure I'll upgrade it soon (for some values of "soon"), but in the meantime, still wondering if anyone else has made it work. -- Fred Smith -- fre...@fcshome.stoneham.ma.us - "Not everyone who says to me, 'Lord, Lord,' will enter the kingdom of heaven, but only he who does the will of my Father who is in heaven." -- Matthew 7:21 (niv) - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LibreOffice 4.0 on Centos 5.9
On 02/10/2013 12:34 PM, fred smith wrote: > On Sun, Feb 10, 2013 at 03:31:44PM +0100, Reindl Harald wrote: >> >> Am 10.02.2013 15:11, schrieb fred smith: >>> I've just installed LibreOffice 4.0.0.3 on my Centos 5.9 system. the >>> previous version (3.4.x) was working fine. But 4.0.0.3 won't start up. >>> When run from a terminal it prints: >>> >>> no suitable windowing system found, exiting. >>> >>> Is this yet another case of apps moving on beyond compatibility with >>> the older components in C5? >>> >>> Or any hints for making it work? >> why are you using a LTS distribution to get the latest >> packages run whch even are not in Fedora? > because, well, it's my main home machine which among other things > acts as a mail server for the domain, and I just hate having to go > thru the pain of re-customizing a new installation to get it the way > I want/like it. that's why I run a non-bleeding-edge distro. > > which, of course, then implies that some new software won't be > compatible. Hence my question regarding compatibility. > >> maybe at least CentOS 6 instead 5 would be a better base >> for bleeding software > I'm sure I'll upgrade it soon (for some values of "soon"), but in the > meantime, still wondering if anyone else has made it work. > > Me being a total noobie when it comes to CentOS (I've installed 6!) I am guessing that I'd be better off just using what works with it. I'm not trying to break my fledgling server, which doesn't even have any apps on it yet, except what came with it. I may at some point install Apache.and maybe SAMBA on it! EGO II ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LibreOffice 4.0 on Centos 5.9
On Sun, Feb 10, 2013 at 04:11:00PM +, Nux! wrote: > On 10.02.2013 14:11, fred smith wrote: > > I've just installed LibreOffice 4.0.0.3 on my Centos 5.9 system. the > > previous version (3.4.x) was working fine. But 4.0.0.3 won't start up. > > When run from a terminal it prints: > > > > no suitable windowing system found, exiting. > > > > Is this yet another case of apps moving on beyond compatibility with > > the older components in C5? > > > > Or any hints for making it work? > > > > Thanks! > > Check this > http://www.mail-archive.com/libreoffice-bugs@lists.freedesktop.org/msg78793.html Ah-HA! that does the trick,... thanks a bunch! Now I have LO starting, but the document (foo.odt) I'm trying to read (which works fine in LO 3.x on a windows box, both versions reading from the same shared folder out on the network) it claims is corrupt, asks if I want to repair it and instantly says it can't be repaired. Still works well on the older/windows LO. SIGH. ah. looks like it's already been reported: http://www.mail-archive.com/libreoffice-bugs@lists.freedesktop.org/msg76791.html and the workaround may be to copy it to a local drive. funny how it has no problem with .rtf files on the same netowrk share. :( -- Fred Smith -- fre...@fcshome.stoneham.ma.us - "Not everyone who says to me, 'Lord, Lord,' will enter the kingdom of heaven, but only he who does the will of my Father who is in heaven." -- Matthew 7:21 (niv) - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 'Best' Platform
Στις 25-01-2013 20:22, SilverTip257 έγραψε: > On Fri, Jan 25, 2013 at 11:19 AM, Dennis Jacobfeuerborn < > denni...@conversis.de> wrote: > >> On 01/25/2013 05:09 PM, Gene Poole wrote: >> > OK, What's the best CentOS platform for KVM? CentOS 5 or CentOS >> 6? >> >> At this time you should only install CentOS 5 when you absolutely >> have to >> for compatibility reasons. For new Installations you should always >> use >> CentOS 6. >> > > As Dennis said, use CentOS 6 unless you must absolutely use 5. > Newer packages and it will have a longer support life cycle from > today > until it is EOLed. > > Since CentOS follows Upstream's cycle closely here are dates. > https://access.redhat.com/support/policy/updates/errata/ > > >> >> Regards, >> Dennis >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> While I agree that CentOS6 is the new and better OS I should say that it has several serious problems (bugs) that have been bugging us for several months to the point the we began considering going backwards to 5 which was solid as rock from day 1. Apparently these bugs (related to the kernel and possibly nfs4) have been fixed in RH EL6 but only to those that maintain a service contract. regards Andreas ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 'Best' Platform
> > While I agree that CentOS6 is the new and better OS I should say that > it has several serious problems (bugs) that have been bugging us for > several > months to the point the we began considering going backwards to 5 which > was solid > as rock from day 1. Apparently these bugs (related to the kernel and > possibly nfs4) > have been fixed in RH EL6 but only to those that maintain a service > contract. > Are there by chance bugzilla entries for those? Just out of curiosity - NFSV4 is an area of interest to us, in the future. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 'Best' Platform
Στις 10-02-2013 23:08, Rainer Duffner έγραψε: >> >> While I agree that CentOS6 is the new and better OS I should say >> that >> it has several serious problems (bugs) that have been bugging us for >> several >> months to the point the we began considering going backwards to 5 >> which >> was solid >> as rock from day 1. Apparently these bugs (related to the kernel and >> possibly nfs4) >> have been fixed in RH EL6 but only to those that maintain a service >> contract. >> > > > > Are there by chance bugzilla entries for those? > Just out of curiosity - NFSV4 is an area of interest to us, in the > future. > > Yes, there are. I have been following them closely (and patiently) but you will have to wait until tomorrow for their bugzilla id's. regards Andreas ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOs 6 DHCP Server and virtual interface
On 02/03/2013 04:38 AM, Grzegorz Sołtys wrote: > I have a virtualized Server with only one physical interface eth0 (WAN). > To run OpenVPN i need to use DHCP server. I don't think you do. OpenVPN can allocate addresses without ISC DHCP, typically. > And here is the question: is > there a chance to run DHCP server on eth0:0 interface? Or it is impossible ? Probably not. An alias is not an interface. You can configure the alias, and tell DHCP to only serve the subnet that matches, but requests come in to the main interface via broadcast. No matter what you do, DHCPd is really serving eth0, not eth0:0. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to limit upload bandwidth for a KVM guest?
On 02/03/2013 06:06 PM, Neil Aggarwal wrote: > I would like to limit the bandwidth available to a guest. I tried using > the tc command, but it is only limiting the download speed to the > guest. TC is fairly complex, and only really effectively limits speed sent. If you want to limit the upload speed of a guest, you'd put the rules on the interface that hosts the default route for traffic from the guest. Shorewall does a reasonably good job of dealing with most of the complexity of tc under Linux. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to limit upload bandwidth for a KVM guest?
On 04.02.2013 02:06, Neil Aggarwal wrote: > Hello: > > I am using a CentOS server as a KVM host using bridged networking > for the guest servers. > > I would like to limit the bandwidth available to a guest. I tried > using > the tc command, but it is only limiting the download speed to the > guest. > > Is there a way to limit the upload speed from the guests? > > Thanks, > Neil You need to read about 'tc'. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 'Best' Platform
2013/1/25 Gene Poole : > OK, What's the best CentOS platform for KVM? CentOS 5 or CentOS 6? C6 -- Eero, RHCE ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS caching is not working on CentOS
On 02/08/2013 11:09 AM, Ed Morrison wrote: > For whatever reason I can not get dns caching to work on any of my > centos boxes. Running Centos 5 and 6. Any thoughts on why these will > not run? The services start fine but when telling to perform a dig > using itself as the resolver the queries fail (See below). ... > [root@qmail ~]# ps -aux | grep pdns-recursor > root 7908 0.0 0.1 61208 568 pts/2R+ 11:07 0:00 grep > pdns-recursor This certainly doesn't look like the service started fine. Check the messages and audit log after starting pdns-recursor. If the process is running (it is not in the output you included above), check the same logs after issuing queries as well. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] routing problem?
On 02/08/2013 07:39 AM, Natxo Asenjo wrote: > Do you have any tips on how to reach vlan 5 on the virt host from vlan 1? Not without the configuration from your switch. The most likely problem is this: Your workstation is sending traffic to 192.168.5.10. The switch sends it through VLAN 5 to eth2 on your virtualization host. The host replies to that traffic using the correct address, but through interface eth0, since that is the only interface with a route to the workstation. Those packets would go to the default gateway. Either your switch or your default gateway may be doing ingress filtering, or reverse path filtering, or stateful firewalling. Any of those would block the reply traffic, and at least one of them is very likely in place by default on either an L3 switch or a router. What you're attempting to do is called multi-homing, and it's fairly complicated to do on Linux. You need to have multiple default routes, and you need the kernel to select the default route based on the addresses of the packets that it sends. That involves making multiple routing tables, tagging packets pre-routing, and using ip rules to select the appropriate routing table. Shorewall will simplify this if you use it to build your firewall rules. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS caching is not working on CentOS
On 02/09/2013 07:01 PM, Jorge Fábregas wrote: > Check the following line in /etc/named.conf and make sure you have both > ip addresses: I'm sorry. I thought you were running BIND. I'm on that list too...got to pay more attention next time! Anyway, check the bind (no pun intended!) address doing "netstat -nulp" and verify the line containing UDP/53. Check if it's only listening on 192.168.1.6. If so, there you have it. -- Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Strange error pop up on my box
I'm getting a strange error pop up on my box: # No more mirrors are available Required data could not be found on any of the configured software sources. There were no more download mirrors that could be tried. More details failure: repodata/filelists.sqlite.bz2 from elrepo: [Errno 256] No more mirrors to try. # How to figure out what's causing this error? Linux mushroom.patch 2.6.32-279.22.1.el6.i686 #1 SMP Wed Feb 6 00:31:03 UTC 2013 i686 i686 i386 GNU/Linux Tail of dmesg: hub 1-0:1.0: unable to enumerate USB device on port 7 usb 1-7: new high speed USB device number 7 using ehci_hcd usb 1-7: New USB device found, idVendor=0781, idProduct=74d1 usb 1-7: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-7: Product: SanDisk Sansa Clip+ usb 1-7: Manufacturer: SanDisk usb 1-7: SerialNumber: 9C01F60D9554B7A8 usb 1-7: configuration #1 chosen from 1 choice Initializing USB Mass Storage driver... scsi8 : SCSI emulation for USB Mass Storage devices usb-storage: device found at 7 usb-storage: waiting for device to settle before scanning usbcore: registered new interface driver usb-storage USB Mass Storage support registered. usb-storage: device scan complete scsi 8:0:0:0: Direct-Access SanDisk Sansa Clip+ 4GB v01. PQ: 0 ANSI: 0 scsi 8:0:0:1: Direct-Access SanDisk Sansa Clip+ 4GB v01. PQ: 0 ANSI: 0 sd 8:0:0:0: Attached scsi generic sg3 type 0 sd 8:0:0:1: Attached scsi generic sg4 type 0 sd 8:0:0:0: [sdc] 7683072 512-byte logical blocks: (3.93 GB/3.66 GiB) sd 8:0:0:0: [sdc] Write Protect is off sd 8:0:0:0: [sdc] Mode Sense: 04 00 00 00 sd 8:0:0:0: [sdc] Assuming drive cache: write through sd 8:0:0:0: [sdc] Assuming drive cache: write through sdc: sd 8:0:0:1: [sdd] 61497344 512-byte logical blocks: (31.4 GB/29.3 GiB) sd 8:0:0:0: [sdc] Assuming drive cache: write through sd 8:0:0:0: [sdc] Attached SCSI removable disk sd 8:0:0:1: [sdd] Write Protect is off sd 8:0:0:1: [sdd] Mode Sense: 04 00 00 00 sd 8:0:0:1: [sdd] Assuming drive cache: write through sd 8:0:0:1: [sdd] Assuming drive cache: write through sdd: sdd1 sd 8:0:0:1: [sdd] Assuming drive cache: write through sd 8:0:0:1: [sdd] Attached SCSI removable disk SELinux: initialized (dev sdc, type vfat), uses genfs_contexts SELinux: initialized (dev sdd1, type vfat), uses genfs_contexts -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange error pop up on my box
On 10.02.2013 23:32, Mark LaPierre wrote: > I'm getting a strange error pop up on my box: > > # > No more mirrors are available > > Required data could not be found on any of the configured software > sources. > There were no more download mirrors that could be tried. > > More details > failure: repodata/filelists.sqlite.bz2 from elrepo: [Errno 256] No > more > mirrors to try. > # I wouldn't worry about it if it doesn't persist; probably a network/mirror hiccup. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange error pop up on my box
On 02/10/2013 07:20 PM, Nux! wrote: > On 10.02.2013 23:32, Mark LaPierre wrote: >> I'm getting a strange error pop up on my box: >> >> # >> No more mirrors are available >> >> Required data could not be found on any of the configured software >> sources. >> There were no more download mirrors that could be tried. >> >> More details >> failure: repodata/filelists.sqlite.bz2 from elrepo: [Errno 256] No >> more >> mirrors to try. >> # > > I wouldn't worry about it if it doesn't persist; probably a > network/mirror hiccup. > So you're thinking that maybe this is related to Software Update then. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] mdadm: hot remove failed for /dev/sdg: Device or resource busy
Hello all, I have run into a sticky problem with a failed device in an md array, and I asked about it on the linux raid mailing list, but since the problem may not be md-specific, I am hoping to find some insight here. (If you are on the MD list, and are seeing this twice, I humbly apologize.) The summary is that during a reshape of a raid6 on an up to date CentOS 6.3 box, one disk failed, and was marked as such in the array, but is not allowing me to remove it: # mdadm /dev/md127 --fail /dev/sdg mdadm: set /dev/sdg faulty in /dev/md127 # mdadm /dev/md127 --remove /dev/sdg mdadm: hot remove failed for /dev/sdg: Device or resource busy And in dmesg, I get an error like so: md: cannot remove active disk sdg from md127 ... More details, including mdadm -D output and other diagnostics, are at http://www.spinics.net/lists/raid/msg41928.html . As I note there, the array seems fine otherwise, but is not currently in active use (so perhaps my options are greater than if I wished to keep it deployed). As the other messages in that thread show, I think I've already done the ''obvious'' steps to try to remove the device from the array. Checking things out further, I found that it may be that udev did not completely remove the disk, even though the controller no longer believes that the exported unit exists. (udevadm output is here: http://www.spinics.net/lists/raid/msg41950.html ) So my hypothesis is that if I can somehow force udev to drop the references to the disk completely, perhaps I can remove sdg from the array and start a rebuild with the spare already available. I found these docs for Fedora: https://docs.fedoraproject.org/en-US/Fedora/14/html/Storage_Administration_Guide/removing_devices.html But of course I can't do step 3, since md is refusing to give up sdg. But sdg is already gone, so I really don't care about outstanding IO, and it's a bit too late to worry about a 100% clean removal. So my questions are, will step 7 actually clean up references to sdg, and how likely is it that doing so would let me remove it from the array? And finally, if the above is not a wise way to go, are there better things to try? If other diagnostic output is desired please let me know. Thanks! --keith -- kkel...@wombat.san-francisco.ca.us ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mdadm: hot remove failed for /dev/sdg: Device or resource busy
Hi Keith, It seems that the mdadm -D indicates the root cause of "device busy": >5 8 96 5 faulty spare rebuilding /dev/sdg Is there any clue in /proc/mdstat and /var/log/messages? On 02/11/2013 12:39 PM, Keith Keller wrote: > Hello all, > > I have run into a sticky problem with a failed device in an md array, > and I asked about it on the linux raid mailing list, but since the > problem may not be md-specific, I am hoping to find some insight here. > (If you are on the MD list, and are seeing this twice, I humbly > apologize.) > > The summary is that during a reshape of a raid6 on an up to date CentOS > 6.3 box, one disk failed, and was marked as such in the array, but is > not allowing me to remove it: > > # mdadm /dev/md127 --fail /dev/sdg > mdadm: set /dev/sdg faulty in /dev/md127 > # mdadm /dev/md127 --remove /dev/sdg > mdadm: hot remove failed for /dev/sdg: Device or resource busy > > And in dmesg, I get an error like so: > > md: cannot remove active disk sdg from md127 ... > > More details, including mdadm -D output and other diagnostics, are at > http://www.spinics.net/lists/raid/msg41928.html . As I note there, the > array seems fine otherwise, but is not currently in active use (so > perhaps my options are greater than if I wished to keep it deployed). > As the other messages in that thread show, I think I've already done > the ''obvious'' steps to try to remove the device from the array. > > Checking things out further, I found that it may be that udev did not > completely remove the disk, even though the controller no longer > believes that the exported unit exists. (udevadm output is here: > http://www.spinics.net/lists/raid/msg41950.html ) So my hypothesis is > that if I can somehow force udev to drop the references to the disk > completely, perhaps I can remove sdg from the array and start a rebuild > with the spare already available. I found these docs for Fedora: > > https://docs.fedoraproject.org/en-US/Fedora/14/html/Storage_Administration_Guide/removing_devices.html > > But of course I can't do step 3, since md is refusing to give up sdg. > But sdg is already gone, so I really don't care about outstanding IO, > and it's a bit too late to worry about a 100% clean removal. So my > questions are, will step 7 actually clean up references to sdg, and how > likely is it that doing so would let me remove it from the array? > > And finally, if the above is not a wise way to go, are there better > things to try? If other diagnostic output is desired please let me > know. Thanks! > > --keith > -- Vincent Li ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mdadm: hot remove failed for /dev/sdg: Device or resource busy
Hi Vincent, On 2013-02-11, Vincent Li wrote: > Hi Keith, > > It seems that the mdadm -D indicates the root cause of "device busy": > > >5 8 96 5 faulty spare rebuilding /dev/sdg Well, this is one thing I don't quite get. In the past, when a device has been marked faulty (even on this array), md has permitted me to remove it. These occasions were not during a reshape, however. Naively I would think that md would give up IO on a failed device, and so it would no longer be busy. And the dmesg report implies that md thinks the device is still "active" even though it marked it faulty. > Is there any clue in /proc/mdstat and /var/log/messages? Not really. Here's mdstat: Personalities : [raid6] [raid5] [raid4] md127 : active raid6 sdm[13](S) sdg[5](F) sdj[8] sdi[7] sdk[10] sdc[1] sdn[12] sdd[2] sde[3] sdf[4] sdh[6] sdb[0] sdl[11] 17578013184 blocks super 1.2 level 6, 512k chunk, algorithm 2 [12/11] [U_UU] resync=PENDING unused devices: As you may expect, sdg is set as faulty, and sdm is marked as a spare; in the past, if things were nice, sdg would be removed automatically and a new rebuild would start with sdm. There isn't anything compelling in messages, either. The only items I see that seem relevant are errors when tools like mdadm -E /dev/sdg reports read errors. This is in fact what led me to look at udevadm info; I expected that mdadm -E would not find anything on sdg, because I thought that sdg no longer existed at all. That's when I found sdg in this limbo state. Though oddly enough, udevinfo has changed: # udevadm info --name=sdg --query=all P: /devices/pci:00/:00:0b.0/:01:03.0/host2/target2:0:5/2:0:5:0/block/sdg N: sdg W: 102 S: block/8:96 S: disk/by-path/pci-:01:03.0-scsi-0:0:5:0 E: UDEV_LOG=3 E: DEVPATH=/devices/pci:00/:00:0b.0/:01:03.0/host2/target2:0:5/2:0:5:0/block/sdg E: MAJOR=8 E: MINOR=96 E: DEVNAME=/dev/sdg E: DEVTYPE=disk E: SUBSYSTEM=block E: MPATH_SBIN_PATH=/sbin E: ID_SCSI=1 E: ID_TYPE=generic E: ID_BUS=scsi E: ID_PATH=pci-:01:03.0-scsi-0:0:5:0 E: LVM_SBIN_PATH=/sbin E: DEVLINKS=/dev/block/8:96 /dev/disk/by-path/pci-:01:03.0-scsi-0:0:5:0 It no longer thinks there is any connection to the mdraid or the controller, but it's still different from what I'd expect if there were no udev entries for the device at all. --keith -- kkel...@wombat.san-francisco.ca.us ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 'Best' Platform
> Are there by chance bugzilla entries for those?
> Just out of curiosity - NFSV4 is an area of interest to us, in the future.
Have you checked the newest kernel from the last few days? It has a few nfs
fixes included:
$ rpm -q --changelog kernel-2.6.32-279.22.1.el6.x86_64 | head -100 | egrep
'(^\*|nfs)'
* Tue Feb 05 2013 Johnny Hughes [2.6.32-279.22.1.el6.centos]
* Sun Jan 13 2013 Frantisek Hrbata [2.6.32-279.22.1.el6]
- [fs] nfs: Properly handle the case where the delegation is revoked (Steve
Dickson) [846840 842435]
- [fs] nfs: Move cl_delegations to the nfs_server struct (Steve Dickson)
[846840 842435]
- [fs] nfs: Introduce nfs_detach_delegations() (Steve Dickson) [846840 842435]
- [fs] nfs: Fix a number of RCU issues in the NFSv4 delegation code (Steve
Dickson) [846840 842435]
* Mon Jan 07 2013 Frantisek Hrbata [2.6.32-279.21.1.el6]
* Thu Jan 03 2013 Frantisek Hrbata [2.6.32-279.20.1.el6]
* Sat Nov 24 2012 Frantisek Hrbata [2.6.32-279.19.1.el6]
* Sat Nov 17 2012 Frantisek Hrbata [2.6.32-279.18.1.el6]
- [net] nfs: Fix buffer overflow checking in __nfs4_get_acl_uncached (Frantisek
Hrbata) [811794 822871] {CVE-2012-2375}
- [net] nfs: Fix the acl cache size calculation (Sachin Prabhu) [811794 822871]
{CVE-2012-2375}
- [net] nfs: Fix range checking in __nfs4_get_acl_uncached and
__nfs4_proc_set_acl (Sachin Prabhu) [811794 822871] {CVE-2012-2375}
- [net] nfs: nfs_getaclargs.acl_len is a size_t (Sachin Prabhu) [811794 822871]
{CVE-2012-2375}
- [net] nfs: Don't use private xdr_stream fields in decode_getacl (Sachin
Prabhu) [811794 822871] {CVE-2012-2375}
- [net] nfs: Fix pointer arithmetic in decode_getacl (Sachin Prabhu) [811794
822871] {CVE-2012-2375}
- [net] nfs: Simplify the GETATTR attribute length calculation (Sachin Prabhu)
[811794 822871] {CVE-2012-2375}
- [fs] nfs: Avoid beyond bounds copy while caching ACL (Sachin Prabhu) [811794
822871] {CVE-2012-2375}
- [fs] nfs: Avoid reading past buffer when calling GETACL (Sachin Prabhu)
[811794 822871] {CVE-2012-2375}
* Wed Nov 14 2012 Frantisek Hrbata [2.6.32-279.17.1.el6]
I see NFS4 geeting used more and more, but still many production sites staying
on NFSv3.
greetings,
Florian La Roche
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
