Re: [CentOS] SELinux vs. virsh
On Sunday, August 24, 2014 06:45:14 Daniel J Walsh wrote:
> On 08/23/2014 10:45 AM, Bill Gee wrote:
> > On Friday, August 22, 2014 08:50:26 Daniel J Walsh wrote:
> >> On 08/21/2014 10:03 AM, Bill Gee wrote:
> >>> On Thursday, August 21, 2014 12:00:03 centos-requ...@centos.org wrote:
> Re: [CentOS] SELinux vs. logwatch and virsh
> From: Daniel J Walsh
> To: CentOS mailing list
>
> On 08/18/2014 02:13 PM, Bill Gee wrote:
> > Hi Dan -
> >
> > "ausearch -m avc -ts recent" produces no output. If I run it as
> > "ausearch
> > -f virsh" then it produces output similar to this. Each day's run of
> > logwatch produces three of these audit log entries. The a1 and a2
> > values
> > are different for each entry, but everything else is the same.
> >
> > ===
> > time->Mon Aug 18 03:21:03 2014
> > type=SYSCALL msg=audit(1408350063.257:7492): arch=c03e syscall=21
> > success=no exit=-13 a0=11ee230 a1=4 a2=7fff722837b0 a3=7fff72283640
> > items=0 ppid=2815 pid=2816 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0
> > egid=0 sgid=0 fsgid=0 tty=(none) ses=981 comm="bash"
> > exe="/usr/bin/bash"
> > subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)
> > type=AVC msg=audit(1408350063.257:7492): avc: denied { read }
> > for pid=2816 comm="bash" name="virsh" dev="dm-0" ino=135911290
> > scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:virsh_exec_t:s0 tclass=file
> > ===
> >
> > I thought about using audit2allow as you suggest. The problem is then
> > I
> > don't really know what change is required. What exactly will it
> > do? And is there a guarantee that it will work?
>
> logwatch is executing virsh probably to communicate with libvirt to
> rotate logs or something. You can look in /etc/logrotate.d for a
> script
> with virsh to tell you what the command is trying to do.
> >>>
> >>> Hi Dan -
> >>>
> >>> I know EXACTLY what virsh is being called for. I wrote the script! It
> >>> has
> >>> nothing to do with logrotate. I want virsh to tell logwatch what the
> >>> status is of all virtual machines running on the host. Logwatch will
> >>> then include that in its daily summary report. SELinux is getting in
> >>> the
> >>> way.
> >>>
> >>> Regards - Bill Gee
> >>> ___
> >>> CentOS mailing list
> >>> CentOS@centos.org
> >>> http://lists.centos.org/mailman/listinfo/centos
> >>
> >> Well logrotate is calling the script, and you just need to add the allow
> >> rules to allow logrotate to execute the script and communicate with
> >> libvirt. Or you need to run the script in a separate cron job to
> >> collect the data before the logrotate script runs.
> >>
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> http://lists.centos.org/mailman/listinfo/centos
> >
> > Hi Dan -
> >
> > Oops, I screwed up the subject line on the last posting. Hopefully
> > corrected with this message.
> >
> > Comment - I changed my configuration so that virsh is run by a script in
> > cron.daily rather than being called from logwatch. It saves output to a
> > file in /tmp. Logwatch was changed to simply "cat" the file. However,
> > this STILL produces an SELinux violation. I am not any closer to the
> > goal.
> >
> > Question - How do I add an "allow" rule to SELinux? What exactly is to be
> > allowed and how is SELinux told to do it?
> >
> > Here is what ausearch finds:
> >
> > =
> > time->Sat Aug 23 03:06:04 2014
> > type=SYSCALL msg=audit(1408781164.014:1373): arch=c03e syscall=2
> > success=no exit=-13 a0=7fffb24e3da6 a1=0 a2=1fff
> > a3=7fffb24e31d0 items=0 ppid=25741 pid=25742 auid=0 uid=0 gid=0 euid=0
> > suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=127 comm="cat"
> > exe="/usr/bin/cat"
> > subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)
> > type=AVC msg=audit(1408781164.014:1373): avc: denied { open } for
> > pid=25742 comm="cat" path="/tmp/libvirt-status" dev="dm-0" ino=768471
> > scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023
> > tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
> >
> > =
> >
> > Observation - My original idea on this is to have logwatch execute virsh
> > directly. I know it is possible to make that work. The same computer has
> > two other logwatch items that I created. One of them runs uptime and the
> > other runs sensors. Both work perfectly. I see that the uptime and
> > sensors programs are set for SELinux type=bin_t, which is not the same as
> > what virsh is set for. I think what I need to do is figure out how to
> > ADD (not replace) a new type on the virsh program.
> >
> > Thanks - Bill Gee
> >
> >
> > ___
> > CentOS mailin
[CentOS] OT: Linksys router misbehaviour
I'm running a Linksys WRT54GL router from my CentOS-7 home server. Every now and then (maybe once every 2 days) the router's WiFi cuts out, and I've found no way to solve this except to disconnect the power from the router, wait 10 seconds and then re-connect. This always works. The router is running under dd-wrt. My question is - which makes it a tiny bit CentOS-related - does anyone with such a router know of a way to wake the router up in such a case through the computer? I wouldn't have dared to ask this question here or anywhere until recently, as I assumed my ancient Linksys routers were obsolete. But I've been reading posts recently saying that there hasn't really been a Linux router to replace the WRT54GL, and in particular Linksys's recent 11n replacement is not as good as the old model in many ways. Anyway, if anyone has an answer to my query I should be very grateful. I have a couple of IP cameras working by WiFi on the computer, which I can look at remotely. I've connected one by TP-Link through the router, and this doesn't cut out, but it is not wholly satisfactory. But this shows that the router is alive and well, only its WiFi side is failing. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linksys router misbehaviour
On Mon, Aug 25, 2014 at 9:50 AM, Timothy Murphy wrote: > I'm running a Linksys WRT54GL router from my CentOS-7 home server. > Every now and then (maybe once every 2 days) the router's WiFi cuts out, > and I've found no way to solve this except to disconnect the power > from the router, wait 10 seconds and then re-connect. > This always works. > The router is running under dd-wrt. > > My question is - which makes it a tiny bit CentOS-related - > does anyone with such a router know of a way > to wake the router up in such a case through the computer? > I think it depends on how it cuts out. I had an old ASUS router running openwrt which had some issues with its wireless. My workaround was to run a cronjob in router that would do wifi up every hour or so. > I wouldn't have dared to ask this question here or anywhere > until recently, as I assumed my ancient Linksys routers were obsolete. > But I've been reading posts recently saying that > there hasn't really been a Linux router to replace the WRT54GL, > and in particular Linksys's recent 11n replacement > is not as good as the old model in many ways. > > Anyway, if anyone has an answer to my query I should be very grateful. > > I have a couple of IP cameras working by WiFi on the computer, > which I can look at remotely. > I've connected one by TP-Link through the router, > and this doesn't cut out, but it is not wholly satisfactory. > But this shows that the router is alive and well, > only its WiFi side is failing. > > > -- > Timothy Murphy > e-mail: gayleard /at/ eircom.net > School of Mathematics, Trinity College, Dublin 2, Ireland > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linksys router misbehaviour
On Mon, Aug 25, 2014 at 03:50:50PM +0200, Timothy Murphy wrote: > I'm running a Linksys WRT54GL router from my CentOS-7 home server. > Every now and then (maybe once every 2 days) the router's WiFi cuts out, > and I've found no way to solve this except to disconnect the power > from the router, wait 10 seconds and then re-connect. > This always works. > The router is running under dd-wrt. > > My question is - which makes it a tiny bit CentOS-related - > does anyone with such a router know of a way > to wake the router up in such a case through the computer? > > I wouldn't have dared to ask this question here or anywhere > until recently, as I assumed my ancient Linksys routers were obsolete. > But I've been reading posts recently saying that > there hasn't really been a Linux router to replace the WRT54GL, > and in particular Linksys's recent 11n replacement > is not as good as the old model in many ways. > > Anyway, if anyone has an answer to my query I should be very grateful. You may be able to browse to the router's web page and find a clicable thingy there somewhere that does a reboot. I used to run that exact combination, but no longer have one around to look at, so I don't recall any details. or if you can run a cron job on it, you may be able to reboot that way. Also note another poster suggested another way to do it via cron. Fred -- Fred Smith -- fre...@fcshome.stoneham.ma.us - "Not everyone who says to me, 'Lord, Lord,' will enter the kingdom of heaven, but only he who does the will of my Father who is in heaven." -- Matthew 7:21 (niv) - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Compiling modules in kernel source but not included in distro.
On Sun, Aug 24, 2014 at 2:40 PM, Andrew Stringer wrote: > Hi Akemi, > >> On Sun, Aug 24, 2014 at 8:22 AM, Andrew Stringer >> If you still wish to learn how to build a kernel module, we can help you. >> > Yes, although not of huge interest now I have achieved what I wanted to, > it would be of interst to find out what I was doing wrong. Hi Andrew. Glad to hear you've got things working for you. Regarding the .ko file you built, check /var/log/messages for more hint and also post the output of 'modinfo' of your module. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NetworkManager
Em 23-08-2014 19:30, Steve Clark escreveu: > On 08/22/2014 07:42 PM, Digimer wrote: >> On 22/08/14 07:07 PM, Les Mikesell wrote: >>> On Fri, Aug 22, 2014 at 5:46 PM, Digimer wrote: To continue your analogy, should car companies have stopped changing after the 20s? I mean, the cars then got you were you needed to go, right? >>> The point is to abstract an interface so you can make changes behind >>> it without breaking the things already built around it. You can >>> always add things without breaking anything that already worked for >>> your community of users. If you didn't care about that yourself, >>> you'd be recompiling a gentoo weekly instead of being here. >> To echo John, this is a major release. It's where, when needed, things >> can change and break backwards compatibility. If a change like this >> happened as a y-stream release, sure, I'll grab my pitch fork along with >> you. >> >> It's not realistic to expect backwards compatibility to last forever. >> The sysv init stuff had a good long run, but it was time to change. Now, >> you're welcome to disagree with me (and the archives are littered >> already with this argument), but in the end, it changed. A major version >> was the right place to do it, and now it is done. >> >> So this brings me back to my original point... Unless you plan to wage a >> war against things like Network Manager, systemd or what have you in the >> faint home of reverting in the next major release, you don't have a lot >> of viable long term options. >> >> Learn the new ways or fade from relevance. >> >> I say this without passing judgment on the merits of the new or old >> ways, simply as a fact of life. Even if you did hold out hope for, say, >> RHEL 8 to return to the old ways, you will have a hard time avoiding >> EL7. It will almost certainly be adopted wide-scale and that will >> provide inertia. >> > NetworkManager is the window's world way of doing things for people that > don't really understand > what is going on. I see no use for it immediately disable it. But it pains me > to have to take the time. TBH, I also had some pain on learning it, but now that we also have nmcli (command line tool), I actually feel it's easier than the old ifcfg- files. It's better script-able than before. Marcelo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NetworkManager
On 25/08/14 12:38 PM, Marcelo Ricardo Leitner wrote: > Em 23-08-2014 19:30, Steve Clark escreveu: >> On 08/22/2014 07:42 PM, Digimer wrote: >>> On 22/08/14 07:07 PM, Les Mikesell wrote: On Fri, Aug 22, 2014 at 5:46 PM, Digimer wrote: > To continue your analogy, should car companies have stopped changing > after the 20s? I mean, the cars then got you were you needed to go, right? The point is to abstract an interface so you can make changes behind it without breaking the things already built around it. You can always add things without breaking anything that already worked for your community of users. If you didn't care about that yourself, you'd be recompiling a gentoo weekly instead of being here. >>> To echo John, this is a major release. It's where, when needed, things >>> can change and break backwards compatibility. If a change like this >>> happened as a y-stream release, sure, I'll grab my pitch fork along with >>> you. >>> >>> It's not realistic to expect backwards compatibility to last forever. >>> The sysv init stuff had a good long run, but it was time to change. Now, >>> you're welcome to disagree with me (and the archives are littered >>> already with this argument), but in the end, it changed. A major version >>> was the right place to do it, and now it is done. >>> >>> So this brings me back to my original point... Unless you plan to wage a >>> war against things like Network Manager, systemd or what have you in the >>> faint home of reverting in the next major release, you don't have a lot >>> of viable long term options. >>> >>> Learn the new ways or fade from relevance. >>> >>> I say this without passing judgment on the merits of the new or old >>> ways, simply as a fact of life. Even if you did hold out hope for, say, >>> RHEL 8 to return to the old ways, you will have a hard time avoiding >>> EL7. It will almost certainly be adopted wide-scale and that will >>> provide inertia. >>> >> NetworkManager is the window's world way of doing things for people that >> don't really understand >> what is going on. I see no use for it immediately disable it. But it pains >> me to have to take the time. > > TBH, I also had some pain on learning it, but now that we also have > nmcli (command line tool), I actually feel it's easier than the old > ifcfg- files. It's better script-able than before. > > Marcelo Bingo! Things have to change to improve, and the improve you inevitably take some false starts. Once you get it right though... :) -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linksys router misbehaviour
On 8/25/2014 6:50 AM, Timothy Murphy wrote: > But I've been reading posts recently saying that > there hasn't really been a Linux router to replace the WRT54GL, > and in particular Linksys's recent 11n replacement > is not as good as the old model in many ways. thats a very odd statement. the radios on the WRT54Gx family were nowhere near as good as the N600 and such newer radios. the WRT54's had very slow processors. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Hardware raid health?
I just had an IBM in a remote location with a hardware raid1 have both drives go bad. With local machines I probably would have caught it from the drive light before the 2nd one died... What is the state of the art in linux software monitoring for this? Long ago when that box was set up I think the best I could have done was a Java GUI tool that IBM had for their servers - and that seemed like overkill for a simple monitor.Is there anything more lightweight that knows about the underlying drives in a hardware raid set on IBM's - and also recent HP servers? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardware raid health?
On 25/08/14 04:03 PM, Les Mikesell wrote: > I just had an IBM in a remote location with a hardware raid1 have both > drives go bad. With local machines I probably would have caught it > from the drive light before the 2nd one died... What is the state of > the art in linux software monitoring for this? Long ago when that > box was set up I think the best I could have done was a Java GUI tool > that IBM had for their servers - and that seemed like overkill for a > simple monitor.Is there anything more lightweight that knows about > the underlying drives in a hardware raid set on IBM's - and also > recent HP servers? IBM used LSI-based controllers, I believe. For our monitoring, we wrote a little script that calls MegaCli64 every 30 seconds and checks for changes. If anything of note changes (drive health, BBU/FBU issues, temperature issues, etc) it sends us an email. It would be fairly easy to do the same for hpacucli, I would imagine. Unfortunately, though it's all open source, it's part of a package that monitors a pile of things (including IPMI sensors, APC UPSes, Red Hat HA stack, etc), so it wouldn't be drop-in-and-go. That said, you could probably fairly easily strip it down if you wanted to use it, too. If you're curious, I show how to set it up here. If you're comfortable with perl, it'll be pretty easy to adapt, I suspect. https://alteeve.ca/w/AN!Cluster_Tutorial_2#Setting_Up_Alerts Cheers -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardware raid health?
> -Original Message- > From: centos-boun...@centos.org > [mailto:centos-boun...@centos.org] On Behalf Of Les Mikesell > Sent: Monday, August 25, 2014 16:03 > To: CentOS mailing list > Subject: [CentOS] Hardware raid health? > > I just had an IBM in a remote location with a hardware raid1 have both > drives go bad. With local machines I probably would have caught it > from the drive light before the 2nd one died... What is the state of > the art in linux software monitoring for this? Long ago when that > box was set up I think the best I could have done was a Java GUI tool > that IBM had for their servers - and that seemed like overkill for a > simple monitor.Is there anything more lightweight that knows about > the underlying drives in a hardware raid set on IBM's - and also > recent HP servers? We use MegaCLI, but it has the risk of hanging the box (observed only once). Just changed out a drive last night because of it. -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardware raid health?
On 25/08/14 04:11 PM, Jason Pyeron wrote: >> -Original Message- >> From: centos-boun...@centos.org >> [mailto:centos-boun...@centos.org] On Behalf Of Les Mikesell >> Sent: Monday, August 25, 2014 16:03 >> To: CentOS mailing list >> Subject: [CentOS] Hardware raid health? >> >> I just had an IBM in a remote location with a hardware raid1 have both >> drives go bad. With local machines I probably would have caught it >> from the drive light before the 2nd one died... What is the state of >> the art in linux software monitoring for this? Long ago when that >> box was set up I think the best I could have done was a Java GUI tool >> that IBM had for their servers - and that seemed like overkill for a >> simple monitor.Is there anything more lightweight that knows about >> the underlying drives in a hardware raid set on IBM's - and also >> recent HP servers? > > We use MegaCLI, but it has the risk of hanging the box (observed only once). > > Just changed out a drive last night because of it. > > -Jason Can you share any detail on this? Controller/drive model? MegaCli version? How exactly did it lock up? I use it extensively so this worries me. :) -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardware raid health?
On 8/25/2014 1:03 PM, Les Mikesell wrote:
> I just had an IBM in a remote location with a hardware raid1 have both
> drives go bad. With local machines I probably would have caught it
> from the drive light before the 2nd one died... What is the state of
> the art in linux software monitoring for this? Long ago when that
> box was set up I think the best I could have done was a Java GUI tool
> that IBM had for their servers - and that seemed like overkill for a
> simple monitor.Is there anything more lightweight that knows about
> the underlying drives in a hardware raid set on IBM's - and also
> recent HP servers?
>
IF megacli64 works for this raid controller, then I tweaked some python
scripts I found online and use these two scripts.. these live in
/root/bin as they are only for root's use.
here's the typical output of the first script...
[root@server1 bin]# lsi-raidinfo
-- Controllers --
-- ID | Model
c0 | LSI MegaRAID SAS 9261-8i
-- Volumes --
-- ID | Type | Size | Status | InProgress
volume c0u0 | RAID10 1x2 | 2727G | Optimal | None
volume c0u1 | RAID60 1x8 | 16370G | Optimal | None
volume c0u2 | RAID60 1x8 | 16370G | Optimal | None
-- Disks --
-- Encl:Slot | vol-span-unit | Model | Status
disk 8:0 | 0-0-0 | Z291VTS5ST33000650NS 0003 | Online, Spun Up
disk 8:1 | 0-0-1 | Z291VTRPST33000650NS 0003 | Online, Spun Up
disk 8:2 | 1-0-0 | Z291VTKWST33000650NS 0003 | Online, Spun Up
disk 8:3 | 1-0-1 | Z291VT9YST33000650NS 0003 | Online, Spun Up
disk 8:4 | 1-0-2 | Z291VTT6ST33000650NS 0003 | Online, Spun Up
disk 8:5 | 1-0-3 | Z291VT6CST33000650NS 0003 | Online, Spun Up
disk 8:6 | 1-0-4 | Z291VTLAST33000650NS 0003 | Online, Spun Up
disk 8:7 | 1-0-5 | Z291VTK1ST33000650NS 0003 | Online, Spun Up
disk 8:8 | 1-0-6 | Z291VTNGST33000650NS 0003 | Online, Spun Up
disk 8:9 | 1-0-7 | Z291VTRAST33000650NS 0003 | Online, Spun Up
disk 8:10 | 2-0-0 | Z291VV05ST33000650NS 0003 | Online, Spun Up
disk 8:11 | 2-0-1 | Z291VTW1ST33000650NS 0003 | Online, Spun Up
disk 8:12 | 2-0-2 | Z291VTRLST33000650NS 0003 | Online, Spun Up
disk 8:13 | 2-0-3 | Z291VTRXST33000650NS 0003 | Online, Spun Up
disk 8:14 | 2-0-4 | Z291VSZGST33000650NS 0003 | Online, Spun Up
disk 8:15 | 2-0-5 | Z291VSW1ST33000650NS 0003 | Online, Spun Up
disk 8:16 | 2-0-6 | Z291VTB5ST33000650NS 0003 | Online, Spun Up
disk 8:17 | 2-0-7 | Z291VSX8ST33000650NS 0003 | Online, Spun Up
disk 8:18 | x-x-x | Z291VTS7ST33000650NS 0003 | Hotspare, Spun down
disk 8:19 | x-x-x | Z291VT3HST33000650NS 0003 | Hotspare, Spun down
first script parses megacli64's gawdawful output format
/root/bin/lsi-raidinfo:
#!/usr/bin/python
# megaclisas-status 0.6
# renamed lsi-raidinfo
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Pulse 2; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
#
# Copyright (C) 2007-2009 Adam Cecile (Le_Vert)
## modified by johnpus...@gmail.com 08/14/11
# fixed for LSI 9285-8e on Openfiler
## modified by pie...@hogranch.com 2012-01-05
# fixed for newer version of megacli output on RHEL6/CentOS6
# output format extended to show raid span-unit and rebuild % complete
import os
import re
import sys
if len(sys.argv) > 2:
print 'Usage: lsi-raidinfo [-d]'
sys.exit(1)
# if argument -d, only print disk info
printarray = True
printcontroller = True
if len(sys.argv) > 1:
if sys.argv[1] == '-d':
printarray = False
printcontroller = False
else:
print 'Usage: lsi-raidinfo [-d]'
sys.exit(1)
# Get command output
def getOutput(cmd):
output = os.popen(cmd)
lines = []
for line in output:
if not re.match(r'^$',line.strip()):
lines.append(line.strip())
return lines
def returnControllerNumber(output):
for line in output:
if re.match(r'^Controller Count.*$',line.strip()):
return int(line.split(':')[1].strip().strip('.'))
def returnControllerModel(output):
for line in output:
if re.match(r'^Product Name.*$',line.strip()):
return line.split(':')[1].strip()
def returnArrayNumber(output):
i = 0
for line in output:
if re.match(r'^Virtual (Drive|Disk).*$',line.strip()):
i += 1
return i
def returnArrayInfo(output,controllerid,arrayid):
id = 'c'+str(controllerid)+'u'+str(arrayid)
# print 'DEBUG: id = '+str(id)
operationlinennumber = False
linenumber = 0
units = 1
ty
Re: [CentOS] Hardware raid health?
> -Original Message- > From: Digimer > Sent: Monday, August 25, 2014 16:23 > > On 25/08/14 04:11 PM, Jason Pyeron wrote: > >> -Original Message- > >> From: centos-boun...@centos.org > >> [mailto:centos-boun...@centos.org] On Behalf Of Les Mikesell > >> Sent: Monday, August 25, 2014 16:03 > >> To: CentOS mailing list > >> Subject: [CentOS] Hardware raid health? > >> > >> I just had an IBM in a remote location with a hardware > raid1 have both > >> drives go bad. With local machines I probably would have caught it > >> from the drive light before the 2nd one died... What is > the state of > >> the art in linux software monitoring for this? Long ago when that > >> box was set up I think the best I could have done was a > Java GUI tool > >> that IBM had for their servers - and that seemed like > overkill for a > >> simple monitor.Is there anything more lightweight that > knows about > >> the underlying drives in a hardware raid set on IBM's - and also > >> recent HP servers? > > > > We use MegaCLI, but it has the risk of hanging the box > (observed only once). > > > > Just changed out a drive last night because of it. > > > > -Jason > > Can you share any detail on this? Controller/drive model? MegaCli > version? How exactly did it lock up? Locked up the OS, not the array. Power cycled after the array synced the new drive 6 hours later. On a Dell PE2970 Product Name: PERC 6/i Integrated FW Package Build: 6.2.0-0013 Mfg. Data Mfg. Date : 06/24/08 Rework Date : 06/24/08 Revision No : Battery FRU : N/A Image Versions in Flash: FW Version : 1.22.02-0612 BIOS Version : 2.04.00 WebBIOS Version: 1.1-46-e_15-Rel Ctrl-R Version : 1.02-015B Preboot CLI Version: 01.00-023:#%6 Boot Block Version : 1.00.00.01-0011 MegaCLI SAS RAID Management Tool Ver 8.05.71 Apr 30, 2013 $ while MegaCli64 -PDRbld -ShowProg -PhysDrv [32:1] -aALL; do sleep 1; done The sleep 1 was abusive! > > I use it extensively so this worries me. :) > > -- > Digimer > Papers and Projects: https://alteeve.ca/w/ > What if the cure for cancer is trapped in the mind of a > person without > access to education? > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Packages cmake (base) and metis (epel) conflict with each other
[root@build6 ~]# cat /etc/redhat-release CentOS release 6.5 (Final) [root@build6 ~]# [root@build6 ~]# uname -a Linux build6 2.6.32-431.23.3.el6.x86_64 #1 SMP Thu Jul 31 17:20:51 UTC 2014 x86_64 x86_64x86_64 GNU/Linux [root@build6 ~]# yum clean all Loaded plugins: fastestmirror, security Cleaning repos: base extras updates Cleaning up Everything Cleaning up list of fastest mirrors [root@build6 ~]# [root@build6 ~]# yum --enablerepo=epel install cmake metis Loaded plugins: fastestmirror, security Determining fastest mirrors * base: mirror.keystealth.org * epel: mirrors.solfo.com * extras: mirror.san.fastserv.com * updates: repos.lax.quadranet.com base | 3.7 kB 00:00 base/primary_db | 4.4 MB 00:00 extras | 3.4 kB 00:00 extras/primary_db| 19 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 4.7 MB 00:00 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package cmake.x86_64 0:2.6.4-5.el6 will be installed ---> Package metis.x86_64 0:5.1.0-1.el6 will be installed --> Processing Conflict: metis-5.1.0-1.el6.x86_64 conflicts cmake < 2.8 --> Finished Dependency Resolution Error: metis conflicts with cmake-2.6.4-5.el6.x86_64 You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest [root@build6 ~]# I don't recall ever running into a conflict between packages in base and packages in epel repositories. Anyone else getting the same error? Thanks, -- Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardware raid health?
On 2014-08-25, John R Pierce wrote: > > IF megacli64 works for this raid controller, then I tweaked some python > scripts I found online and use these two scripts.. these live in > /root/bin as they are only for root's use. They can probably go anywhere, since a normal user won't have the permissions to open the proper devices anyway. I use slightly modified versions of these scripts with Nagios. I haven't had a drive fail yet (so one is sure to fail in the next day or two), but the scripts worked when the chiller in the room failed and the temperature spiked--they notified me that the internal temperatures of the ROC and the drives were all too high. There is a GUI to the MegaRAID controllers available. I seldom use it so I can't give too much information about it. If the OP's servers use a different controller there may still be scripts like these, just let us know what the hardware is. (I know they exist for 3ware, I think they may for Areca.) --keith -- kkel...@wombat.san-francisco.ca.us ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Postfix setup
I'm trying to clarify the various ways in which I could set up Postfix + Dovecot + SpamAssassin under CentOS-7, and I'd welcome any comments on the following remarks. As far as I can see there are 3 standard ways of setting this up: 1. Use amavisd 2. Use dovecot + pigeonhole/sieve 3. Use spamass-milter At present I'm following (2), but am thinking of going over to (1), since this seems simpler. (Amavisd wasn't available when I set up CentOS-7, so I didn't consider it then.) It seems to me that (2) is using dovecot in a slightly odd way, since as far as I can see dovecot normally takes email from ~/Maildir/cur/ and then moves marked spam. I'm not quite sure if (3) is a genuine alternative, or if it is why it is not the standard since it seems very simple? -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix setup
On 08/25/2014 03:52 PM, Timothy Murphy wrote: > I'm trying to clarify the various ways in which I could set up > Postfix + Dovecot + SpamAssassin under CentOS-7, > and I'd welcome any comments on the following remarks. > > As far as I can see there are 3 standard ways of setting this up: >1. Use amavisd >2. Use dovecot + pigeonhole/sieve >3. Use spamass-milter > > I'm not quite sure if (3) is a genuine alternative, > or if it is why it is not the standard since it seems very simple? > I'm on CentOS 6 (well, actually Amazon AMI which is sort of somewhere in between CentOS 6 and CentOS 7) and I find (3) to be the easiest option: 1) From EPEL, install "spamass-milter" and "spamass-milter-postfix" RPMs 2) Modify /etc/sysconfig/spamass-milter to uncomment "EXTRA_FLAGS" and adjust spam threshold to your liking 3) Add following line to /etc/postfix/main.cf: smtpd_milters = unix:/var/run/spamass-milter/postfix/sock 4) Make sure spamass-milter, postfix, etc. are running and set to start at boot, using chkconfig, service, and/or systemctl as appropriate. -Greg ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Port scanning from MicroSoft?
On Aug 20, 2014, at 9:06, James B. Byrne wrote: > This mornings activity log shows this: > > . . . > From 23.102.132.99 - 2 packets to tcp(3389) > From 23.102.133.164 - 1 packet to tcp(3389) > From 23.102.134.239 - 2 packets to tcp(3389) > From 23.102.136.210 - 3 packets to tcp(3389) > From 23.102.136.222 - 2 packets to tcp(3389) > From 23.102.137.62 - 3 packets to tcp(3389) > From 23.102.137.101 - 2 packets to tcp(3389) > From 23.102.138.184 - 1 packet to tcp(3389) > From 23.102.138.216 - 1 packet to tcp(3389) > From 23.102.139.11 - 2 packets to tcp(3389) > From 23.102.139.27 - 5 packets to tcp(3389) > From 23.102.140.90 - 2 packets to tcp(3389) > From 23.102.140.158 - 3 packets to tcp(3389) > From 23.102.161.114 - 1 packet to tcp(3389) > From 23.102.170.1 - 2 packets to tcp(3389) > From 23.102.170.48 - 4 packets to tcp(3389) > From 23.102.171.49 - 2 packets to tcp(3389) > From 23.102.172.233 - 2 packets to tcp(3389) > From 23.102.173.124 - 2 packets to tcp(3389) > . . . > > These are either mostly or entirely MicroSoft.com addresses. Any ideas as to > what legitimate use this probing might have? I know that 3389 is MS-RDP. My > question is why would a 'reputable' firm be scanning my systems for open > connections on that port? > > -- > *** E-Mail is NOT a SECURE channel *** > James B. Byrnemailto:byrn...@harte-lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 Azure servers. You’ll also see them from Amazon’s cloud. Neither company apparently does any active monitoring of the total crud they allow people to spew from their VMs. We’ve seen everything from RDP to SSH brute force scripts from both. How one could get into the VM business without KNOWING idiots would happily pay for and utilize VMs on big bandwidth to do stupid human tricks, and take appropriate precautions NOT to become part of the problem… is beyond me. Nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Dual boot with Windows 8.1, UEFI
(apologies for the length - there are questions at the end...)
I've been running Linux for 20 years, and done a lot of dual-boots. I know
that's old-school now, but I run Linux 95% of the time yet don't want to
lose a Windows system I've paid for - but I've never tried removing it
from a system and reinstalling the same licenced copy inside a virtual machine.
I bought a new laptop back in April this year, after trying to check
online for Linux certification to match what was in the local stores.
There's so many models and variants that's almost impossible, but I found
various "HP Pavilion 14" in www.ubuntu.com/certification
and a couple of "HP EliteBook" in hardware.redhat.com/laptop.
So I bought an "HP Pavilion 14-n228ca TouchSmart Notebook",
which came with Windows 8.1 installed.
So I start off doing what I've done on previous occasions - get into the
BIOS, change the boot order, boot a CentOS 6 installation CD as used on
my desktop, go into rescue mode and look at the partitions. Normally I'd
use fdisk, but that says it doesn't understand GPT and I should use
parted. There's 5 partitions, so I use resizefs to shrink the main NTFS
data partition, then delete the partition and recreate it shorter at the
same start location. Then reboot the CD into install mode, create a
Linux partition in the free space, and install CentOS, which adds a
choice of "Other" in grub.conf to boot Windows.
Then I boot CentOS and finish the install - a couple of glitches; it needs
a kernel parameter "iommu=soft" to get the USB mouse to work
("nommu_map_single overflow" messages), and it needs a firmware file
rt3290.bin for the RT3290 WiFi chip to work (submitted bug 1133288).
Then I try to boot into Windows. From GRUB, I get a screen "windows boot
manager" with an error message "file \Boot\BCD - missing or contains
errors".
The boot sequence is a bit weird compared to what I'm used to - this is my
first machine with UEFI. The BIOS has a UEFI boot order and a legacy boot
order, which has to be enabled. UEFI takes precedence. With legacy
enabled, F9 gives a boot menu with
OS boot Manager
Boot from EFI file
Notebook hard drive
Internal CD/DVD ROM Drive
"Notebook hard drive" takes me to GRUB.
"EFI file" takes me walkabout on a Windows file system with folders like
"HP", "Boot", Windows" and what looks like hundreds of locale files -
maybe I can boot in Turkish.
"OS boot Manager" takes me to an HP/Windows system recovery screen with
various options - continue, troubleshoot, turn off.
"continue" goes to a splash screen like "attempting to repair" which
fails. "troubleshoot" has a command prompt option. That's running Windows
cmd.exe in one of the other partitions, mounted as X:
In that, I find commands "chkdsk", "diskpart", "bootrec", "bcdedit" etc.
To cut an even longer story short, I did something like:
X:\ diskpart
diskpart> select disk 0
diskpart> select partition 4 (the NTFS system one)
diskpart> set id=ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
X:\ bcdedit /set {default} device partition=C:
X:\ bcdedit /set {default} osdevice partition=C:
X:\ bootrec /rebuildbcd
After doing that, the system partition appears as C:, passes chkdsk, and
the system boots successfully into Windows.
3 questions:
- what should I have done instead to create a dual-boot system on this
hardware (the above is ridiculous and took hours of trials and research)
- how can I make CentOS boot by default (since there is a valid EFI
record for Windows 8, that seems to take preference unless I hit F9 at
boot and manually select the disk)
- is it possible to make CentOS boot via EFI rather than from the legacy
partition boot record ?
- how can I make Windows boot from GRUB ? (I tried
"bcdedit /export C:\Boot\BCD", but that did not help - or I have the
wrong file or syntax)
Some documentation refers to a tool in Windows 8 called "EasyBCD", but I
can't find it in my system.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dual boot with Windows 8.1, UEFI
Wow.
(Sent from iPhone, so please accept my apologies in advance for any spelling or
grammatical errors.)
> On Aug 25, 2014, at 7:57 PM, Andrew Daviel wrote:
>
> (apologies for the length - there are questions at the end...)
>
> I've been running Linux for 20 years, and done a lot of dual-boots. I know
> that's old-school now, but I run Linux 95% of the time yet don't want to
> lose a Windows system I've paid for - but I've never tried removing it
> from a system and reinstalling the same licenced copy inside a virtual
> machine.
>
> I bought a new laptop back in April this year, after trying to check
> online for Linux certification to match what was in the local stores.
> There's so many models and variants that's almost impossible, but I found
> various "HP Pavilion 14" in www.ubuntu.com/certification
> and a couple of "HP EliteBook" in hardware.redhat.com/laptop.
> So I bought an "HP Pavilion 14-n228ca TouchSmart Notebook",
> which came with Windows 8.1 installed.
>
> So I start off doing what I've done on previous occasions - get into the
> BIOS, change the boot order, boot a CentOS 6 installation CD as used on
> my desktop, go into rescue mode and look at the partitions. Normally I'd
> use fdisk, but that says it doesn't understand GPT and I should use
> parted. There's 5 partitions, so I use resizefs to shrink the main NTFS
> data partition, then delete the partition and recreate it shorter at the
> same start location. Then reboot the CD into install mode, create a
> Linux partition in the free space, and install CentOS, which adds a
> choice of "Other" in grub.conf to boot Windows.
>
> Then I boot CentOS and finish the install - a couple of glitches; it needs
> a kernel parameter "iommu=soft" to get the USB mouse to work
> ("nommu_map_single overflow" messages), and it needs a firmware file
> rt3290.bin for the RT3290 WiFi chip to work (submitted bug 1133288).
>
> Then I try to boot into Windows. From GRUB, I get a screen "windows boot
> manager" with an error message "file \Boot\BCD - missing or contains
> errors".
>
>
> The boot sequence is a bit weird compared to what I'm used to - this is my
> first machine with UEFI. The BIOS has a UEFI boot order and a legacy boot
> order, which has to be enabled. UEFI takes precedence. With legacy
> enabled, F9 gives a boot menu with
> OS boot Manager
> Boot from EFI file
> Notebook hard drive
> Internal CD/DVD ROM Drive
> "Notebook hard drive" takes me to GRUB.
> "EFI file" takes me walkabout on a Windows file system with folders like
> "HP", "Boot", Windows" and what looks like hundreds of locale files -
> maybe I can boot in Turkish.
> "OS boot Manager" takes me to an HP/Windows system recovery screen with
> various options - continue, troubleshoot, turn off.
> "continue" goes to a splash screen like "attempting to repair" which
> fails. "troubleshoot" has a command prompt option. That's running Windows
> cmd.exe in one of the other partitions, mounted as X:
> In that, I find commands "chkdsk", "diskpart", "bootrec", "bcdedit" etc.
> To cut an even longer story short, I did something like:
> X:\ diskpart
> diskpart> select disk 0
> diskpart> select partition 4 (the NTFS system one)
> diskpart> set id=ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
> X:\ bcdedit /set {default} device partition=C:
> X:\ bcdedit /set {default} osdevice partition=C:
> X:\ bootrec /rebuildbcd
>
> After doing that, the system partition appears as C:, passes chkdsk, and
> the system boots successfully into Windows.
>
> 3 questions:
> - what should I have done instead to create a dual-boot system on this
> hardware (the above is ridiculous and took hours of trials and research)
> - how can I make CentOS boot by default (since there is a valid EFI
> record for Windows 8, that seems to take preference unless I hit F9 at
> boot and manually select the disk)
> - is it possible to make CentOS boot via EFI rather than from the legacy
> partition boot record ?
> - how can I make Windows boot from GRUB ? (I tried
> "bcdedit /export C:\Boot\BCD", but that did not help - or I have the
> wrong file or syntax)
>
> Some documentation refers to a tool in Windows 8 called "EasyBCD", but I
> can't find it in my system.
>
>
>
> --
> Andrew Daviel, TRIUMF, Canada
> Tel. +1 (604) 222-7376 (Pacific Time)
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Packages cmake (base) and metis (epel) conflict with each other
On 8/25/2014 15:06, Peter Wood wrote: > > I don't recall ever running into a conflict between packages in base and > packages in epel repositories. I see it here, too. It's clearly a packaging bug, probably due to the fact that the more recent Red Hattish Linuxes use CMake 2.8+. EPEL has a cmake28 package. Installing it doesn't placate the dependency checker, but you could force the install, then link the "cmake28" binary to "cmake". Or, you could try it with the platform CMake, and hope 2.6 is sufficient. It may well be. CMake is fairly stable from a feature standpoint. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Port scanning from MicroSoft?
On 8/25/2014 18:18, Nathan Duehr wrote: > > How one could get into the VM business without KNOWING idiots would > happily pay for and utilize VMs on big bandwidth to do stupid human > tricks, and take appropriate precautions NOT to become part of the > problem… is beyond me. Easy. 1. Most of these bots are probably zombie infections, using resources paid for by someone else. 2. These bots use CPU, memory, and bandwidth, which is how these providers make their money. The more you use, the more money they make. Wondering why they don't take measures to stop it is like wondering why Exxon hasn't started building Tesla Supercharger stations everywhere. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ipset module loaded at startup on CentOS 6.5
On 08/10/2014 02:18 PM, Rob Townley wrote:
> Anybody on here successfully get ipset iptables sets to work _after_ a
> reboot?
Here's an init script that I wrote for CentOS 6. (systemd haters can
take note of how much easier it would have been to write a unit file.)
--
Ian Pilcher arequip...@gmail.com
"I grew up before Mark Zuckerberg invented friendship"
#!/bin/bash
#
# ipset-state Restore ipset state
#
# chkconfig: 2345 07 93
# description: Restores (and saves) ipset state
#
# config: /etc/sysconfig/ipset-state
#
### BEGIN INIT INFO
# Provides: ipset-state
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: restore (and save) ipset state
# Description: restore (and save) ipset state
### END INIT INFO
# Source function library
. /etc/init.d/functions
STATE_FILE=/etc/sysconfig/ipset-state
# only usable by root
[ $EUID = 0 ] || exit 4
if [ ! -x /usr/sbin/ipset ]; then
echo -n "ipset-state: /usr/sbin/ipset does not exist."; warning; echo
exit 4
fi
start() {
touch /var/lock/subsys/ipset-state
# Warn if sets already exist
if [ -n "`/usr/sbin/ipset list -name`" ]; then
echo -n "ipset-state: IP sets already exist."; warning; echo
fi
# Warn if there is no config file
if [ ! -f "$STATE_FILE" ]; then
echo -n "ipset-state: No saved IP set state to restore."; warning; echo
return 0
fi
echo -n "ipset-state: Loading saved IP set state: "
/usr/sbin/ipset -exist restore < "$STATE_FILE"
ret=$?
[ $ret -eq 0 ] && success || failure
echo
return $ret
}
save() {
echo -n "ipset-state: Saving IP set state: "
/usr/sbin/ipset save > "$STATE_FILE"
ret=$?
[ $ret -eq 0 ] && success || failure
echo
return $ret
}
stop() {
save
ret=$?
rm -f /var/lock/subsys/ipset-state
return $ret
}
status() {
echo "ipset-state: IP sets:"
/usr/sbin/ipset list -name | /bin/sed 's/^//'
if [ -f /var/lock/subsys/ipset-state ]; then
echo "ipset-state: Subsystem locked."
return 0
else
echo "ipset-state: Subsystem NOT locked."
return 3
fi
}
restart() {
echo -n "ipset-state: Flushing all IP sets: "
/usr/sbin/ipset flush && success || failure
echo
echo -n "ipset-state: Destroying all IP sets: "
/usr/sbin/ipset -quiet destroy && success || failure
echo
start
return $?
}
case "$1" in
start)
[ -f /var/lock/subsys/ipset-state ] && exit 0
start
RETVAL=$?
;;
stop)
stop
RETVAL=$?
;;
restart|reload|force-reload)
restart
RETVAL=$?
;;
condrestart|try-restart)
[ ! -f /var/lock/subsys/ipset-state ] && exit 0
restart
RETVAL=$?
;;
status)
status
RETVAL=$?
;;
save)
save
RETVAL=$?
;;
*)
echo "Usage: ipt-state {start|stop|restart|condrestart|status|save}"
RETVAL=2
;;
esac
exit $RETVAL
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
