[CentOS] 'initrd' image of CentOS (domU) on Ubuntu (dom0)

[Admin Admin]

Hello,
 
What is the best way to get the xen enabled CentOS 5.2
vmlinuz and initrd images for use as a guest domain
(domU) on Ubuntu host domain (dom0). 

Is there a site where these are available? I am hoping
that I could use the vmlinuz from the latest kernel
rpm, if I go that route, how could I generate the
initrd image given that my host is Ubuntu?

These are for use with post install of domU, which
is setup using xen-create-image.

Thanks



  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 'initrd' image of CentOS (domU) on Ubuntu (dom0)

[Admin Admin]

> > What is the best way to get the xen enabled CentOS
> 5.2
> > vmlinuz and initrd images for use as a guest
> domain
> > (domU) on Ubuntu host domain (dom0). 
> 
> Look in images/xen/.
> 
> -- 
> Ignacio Vazquez-Abrams <[EMAIL PROTECTED]>
> 

Are you sure I could use those? Are n't they used for
installation and probably as a xen host?

Thanks



  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 'initrd' image of CentOS (domU) on Ubuntu (dom0)

[Admin Admin]

> > What is the best way to get the xen enabled CentOS
> 5.2
> > vmlinuz and initrd images for use as a guest
> domain
> > (domU) on Ubuntu host domain (dom0).
> 
> virt-install on a CentOS 5.2 system and transfer the
> image over to Ubuntu.
> 

Could I do it on any system or a system with similar
architecture? Is it possible to generate the initrd
using a live CD?


> > Admin Admin
> 
> Please use something better.
> 
> Kai
> 

I have checked my profile and I had the name listed
as A.A., I don't know where this is coming from. 
Yahoo is slapping it onto the mail message from
some place. I need to figure it out and get rid of it

Thanks


  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RPM creation question

[admin]

Is there any nice way in a .spec file to tell rpmbuild not to call
brp-java-repack-jars?  Some Web Searching indicates that most people
just hack the script.  Is there a better way ?
I've just started building RPMs myself, so I'm curious ... why would you 
want to not call brp-java-repack-jars?


Mick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mod perl query

[admin]

httpd -M will print a list of both static and loaded modules

httpd -l only lists modules compiled into httpd

If mod_perl is installed you should see something like "perl_module" in 
the list


Mick

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] backup question

[admin]

I've had good results using Clonezilla for complete backup of OS+data. 
It backs up entire disks/partitions, so includes everything including 
configuration files, tweaks etc. It is fast compared to something like 
Ghost, and can backup to devices (USB stick or external HDD) or a 
network location. Restores are also fast and have been flawless to date 
(restoring to identical hardware).


If you want to restore an entire system in all its detail in one quick 
operation, something like Clonezilla is worth investigating.


http://www.clonezilla.org/

or Google "Gparted-clonezilla" as many versions of Clonezilla are 
packaged on a Live CD with Gparted.



Gergely Buday wrote:

Dear CentOs users,

I have a centos server with nothing important at the moment, but I
would like to install some web-based project management tool (trac for
the curious) that would contain important data. And, as my network is
growing the configuration of the server is becoming complex. I would
like to have a proper backup so that I can restore the whole system
easily, should any problem occur. What do you recommend?

I'm not an expert on this, so my first idea is that I could do a per
application backup and create a tar file of the /etc. The latter
especially could be too naive. And, a push-the-button method that
handles all in once, not depending on the app number would be much
better.

Another thing: how I could do this to be safe across a centos upgrade?

- Gergely
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] backup question

[admin]

Yep, and USB external hard drives are even cheaper per GB.

Here in Australia an 8G USB stick retails for around AU$50, while a 250G 
2.5" external HDD is around AU$140 by comparison (about 1/10 the cost 
per GB).


Anne Wilson wrote:

On Sunday 22 June 2008 15:27:34 Les Mikesell wrote:

Anne Wilson wrote:

I've had good results using Clonezilla for complete backup of OS+data.

Is there any compression?  Does it span multiple CDs if necessary?

It does an image copy and knows enough about most filesystems to only
copy the used portions of the disk.  Yes it compresses, no it doesn't
split - or write CD's directly.  It lets you store the image in a
variety of places (network mount via samba, NFS, or ssh), local disks
which could be USB external, etc.).  After the image is stored, you can
use a command line to convert the image to a bootable DVD image
containing clonezilla and the image. But it doesn't split and you have
to use some other utility to burn the DVD.   It would probably work
pretty well to install clonezilla to boot from a large USB disk where
you could store images directly and restore from them.


With usb sticks becoming so cheap that's a viable option, then.  Thanks

Anne


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] backup question

[admin]

I think so, at least you do the way I use it because you boot the 
machine off the Clonezilla CD, then mount the device/partition you're 
backing up to and select the device/partition being backed up.


But Clonezilla also has a whole network mode of operation involving a 
Clonezilla server, so I can't rule it out ... maybe someone else can?




Gary Richardson wrote:
Do you need to shut your machine down to use clonezilla? After a quick 
skim of the site, I can't find anything that says you don't.


On Sun, Jun 22, 2008 at 7:27 AM, Les Mikesell <[EMAIL PROTECTED] 
> wrote:


Anne Wilson wrote:



I've had good results using Clonezilla for complete backup
of OS+data.


Is there any compression?  Does it span multiple CDs if necessary?


It does an image copy and knows enough about most filesystems to
only copy the used portions of the disk.  Yes it compresses, no it
doesn't split - or write CD's directly.  It lets you store the image
in a variety of places (network mount via samba, NFS, or ssh), local
disks which could be USB external, etc.).  After the image is
stored, you can use a command line to convert the image to a
bootable DVD image containing clonezilla and the image. But it
doesn't split and you have to use some other utility to burn the
DVD.   It would probably work pretty well to install clonezilla to
boot from a large USB disk where you could store images directly and
restore from them.

-- 
 Les Mikesell

  [EMAIL PROTECTED] 


___
CentOS mailing list
CentOS@centos.org 
http://lists.centos.org/mailman/listinfo/centos





___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: PHP 5.2 for CentOS 5.x

[admin]

Agree with everything you're saying about bleeding edge distros.

Having written quite a bit of PHP, however, I think its fair to say that 
most developers are fully aware that software is always evolving and 
probably believe that you may as well write for the latest version 
because before long it'll be mainstream anyway.


Occasionally there are real generational differences between versions.

I find the constant upgrade treadmill with things like CMSs (Drupal etc) 
a real pain as well.


Donald Buchan wrote:

I changed to linux a couple of years ago for a bunch of reasons.  WGA
was one of them.

Being noob at the time -- still think I am today -- I had someone do it
for me.

They were going to put CentOS 4.4 in, but at the last minute, they put
in Fedora 5.  Apparently, the -devel fork.  What a disaster.

I was glad when my laptop got CentOS 4.4. It was stable.  It worked.
Things didn't break.  No dependency hell.  Shortly after, Fedora was
nuked and both desktop and laptop were on 4.4.  Today both machines have
gone through the upgrade cycles are at 4.7, quite happily.

My "new" desktop (the old one is now the home router, DVD burder,
Azureus download box, and has my 80gig mass storage drive; it has 5.2 as
of this morning.

What do I think of non-EL distros?

I'm glad I'm not having to curse for weeks every six months when I have
to upgrade, that's what I think of them.

And I'm a desktop user.  No servers per se.

Now I have to see if the new printer I got at Christmas will work
without major surgery, like it needed for the 4.6 desktop. :)  (I figure
HP gave the summer student who knows linux a pet project to make the
open source driver, and (s)he probably was using the latest drivers and
libraries while downing Jolt Cola. :) )

On Tue, 2008-06-24 at 10:40 -0700, John R Pierce wrote:

Tony Mountifield wrote:

I always get frustrated with apps requiring the latest and greatest
versions of PHP, etc., before they are made available for the major
distributions.

Is it that the very newest feature is really indispensable and the app
can't possibly make do without it, or just because the developer has the
bleeding-edge version on his own box and doesn't make the effort to test
his app with more mainstream versions?
  


totally.  its the new/shiny syndrome.   more than once, I've found 1-2 
simple 1-line fixes enabled a newer version of a given PHP app to run on 
an older version of PHP.


sadly, much of the OSS community seem to think that stable enterprise 
distributions like RHEL and SuSE are evil incarnate, second only to 
Microsoft (which they inevitably spell with a $).



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS roadmap/EPEL

[admin]

There are lots of exciting things happening in the CentOS ecosystem at 
the moment, by which I mean "upstream" or "across stream" in Fedora and 
RHEL.


I'm thinking of projects that equip RH-like EL in general for serious 
entry into the enterprise, things like the Fedora Directory Server, and 
RedHat's Emerging Technologies projects such as Cobbler, FreeIPA and 
Ovirt. Also JBoss middleware.


Will these sort of packages end up in CentOS eventually, or are there 
any major problems installing EPEL packages on CentOS?


I know CentOS is very popular in the web hosting world, but enterprise 
grade directory servers, provisioning servers and virtualisation 
technologies could also see greater take up of CentOS in areas like 
local government and education for example (medium sized but slightly 
cash-challenged organisations).


I suppose this is some kind of roadmap question, or a question about 
using EPEL packages on CentOS. Personally, I'm interested in using these 
"emerging technologies" in the local government environment.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS roadmap/EPEL

[admin]

> the CentOS DirServer has been in the
testing repo for a bit, and the same with 
cobbler/koan/func/smolt/maatkit etc.


Is the testing repo publicly accessible? If so, where?

Sorry if that's a stupid question, but I can't find it on 
mirror.centos.org or searching the website for "testing repo".

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Widescreen monitor won't configure to a wide screen - SOLVED

[admin]

Yes ... there are 2 places to set this, one is controlled by the 
resolution setting the other is controlled by the Display setting. They 
are at "System => Preferences => Screen Resolution" and "System => 
Administration => Display" in the Main Menu.


I had an identical problem at work yesterday with a brand new Samsung 
2243BW 22" LCD monitor (1680x1050), using CentOS 5.1.


No matter what combination of things I tried at the two locations above, 
or in xorg.conf, I couldn't get the resolution right, the screen was 
obviously "stretched" horizontally and the fonts fuzzy.


Since I mostly write code in a console, I eventually just replaced the 
monitor with the original and got back to work :-)


Mick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] learning centos

[admin]

IMHO the best way to learn is to read the official documentation, and 
get some hands on practice.


I have purchased both Michael Jang's RHCE book and Tammy Fox's RHEL5 
book (I'm preparing for RHCE), and while they are both very useful, the 
official documentation seems the best for really spelling things out.


Lanny Marcus wrote:

On Tue, Aug 12, 2008 at 7:11 AM, pedro henrique antunes de oliveira
<[EMAIL PROTECTED]> wrote:

Hello, I'm new to CENTOS and I'd like to learn how to use it from ground up.
Can anyone recommend me books on it?
I already have the documentation from the web site, can I start with it?
I've already done very basic stuff on archlinux and slackware.


One book you might consider purchasing is "Fedora 9 and Red Hat
Enterprise Linux Bible"  (Wiley)) (Paperback). I do not have
that edition, which just came out, but I have several previous
editions. I am certain there are many other great books about RHEL.
CentOS
is a binary clone (with few exceptions) of RHEL. In addition to the
great data on the CentOS WIki, you can download some of the manuals
from our upstream (RH) on the CentOS web site. Possibly more manuals
are available on the RH web site that you can download. As another
poster pointed out, if you subscribe to and read this mailing list,
you WILL learn. Another good method is "learn by destroying".
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] NFS static ports configuration

[admin]

A couple of RHEL5 books I'm reading at the moment suggest port numbers 
above 1024 for statd, lockd, mountd and rquotad (eg 38001-38006 or 
32764-32767) when configuring NFS to work with a firewall.


The default /etc/sysconfig/nfs on CentOS5 however has defaults under 
1024, such as


mountd  892
statd   662
rquotad 875

Is there something security-related going on here that I'm not aware of, 
or some other explanation? Neither text mentions the use of ports under 
1024 at all.


Thanks
Mick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Backup and reinstall a CentOS server

[admin]

Yes, the /boot partition can be md raid. But it can't be LVM. We're
using md raid for all server that have no hardware raid controllers.
GRUB can be installed on both drives at the same time, no problem.

Good idea and I think it should be no performance problem. But use LVM!
Don't do md raid for each partition you need. Make 2 md raids and put
LVM on the 2nd (first for /boot) and use logicalvolumes for your
partitions...


I believe that if /boot is on RAID1, that md partition has to be on one 
of the first two disks (eg hda, hdb)?


Is there any problem with having /boot on a RAID1 partition across 4 
disks as follows?


/boot   / (LVM)
hda RAID1   RAID5
hdb RAID1   RAID5
hdc RAID1   RAID5
hdd RAID1   RAID5

What about swap? It is best on RAID1, RAID5, LVM, something else or 
doesn't matter?


Mick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Changing hostname?

[admin]

It's worth checking that /etc/sysconfig/network also has whatever 
hostname you wish to use configured in it.


To effect changes, it may be necessary to restart the network:

service network restart

Mick

Niki Kovacs wrote:

Marcus Moeller a écrit :


It should look like this:

127.0.0.1   localhost.localdomainlocalhost   calimero.local
calimero




I slightly altered it:

[EMAIL PROTECTED] ~]$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1   calimero.local calimero localhost.localdomain localhost

[EMAIL PROTECTED] ~]$ hostname
calimero.local
[EMAIL PROTECTED] ~]$ hostname --fqdn
calimero.local

Wouldn't this be more correct?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Multiple Linux instances on the same box - dual/triple/etc boot ?

[admin]

I much prefer using the free VMware server for development and
testing different OS versions.  It's far more difficult to screw
the pooch using virtual machines, and one can always make snapshots
before upgrades or major changes making it easy to undo the
changes and try again.  I find this invaluable when testing major
software installations.


Yes, this seems like a case where virtualisation is a good solution. 
I've only just started learning to run Xen myself, but the advantages of 
virtualisation over dual/triple booting etc are pretty clear. As well as 
the ones you mention, different machines can also be run concurrently 
and networked.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: NameVirtualHost and CGI Problems

[admin]

Have you run several Virtual Hosts with the same IP address?


Yes, I run multiple Virtual Hosts on my development server and they all 
look like this:


NameVirtualHost *:80


  DocumentRoot /var/www/html/site1
  ServerName site1.localhost
  other stuff 



  DocumentRoot /var/www/html/site2
  ServerName site2.localhost
  other stuff 



  DocumentRoot /var/www/html/site3
  ServerName site3.localhost
  other stuff 


Have you got your ServerNames set up properly in /etc/hosts or DNS?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Good [L]AMP tutorial for CentOS 5.2 ?

[admin]

1. Is there a "right" way to install software on Linux in general, an 
CentOS in particular? For example, the Package Manager on CentOS 5.2 
allows you to install certain software, but often not the latest 
version. So if I go download MySQL 5.0.67 from the web, how do I install 
it and make it play nice with the rest of the system? Ditto for PHP 
5.2.6. And once installed (either by the Package Manager -- and by the 
way, why are the apps it lists so out of date?), what's the best way to 
update PHP and MySQL? Is it simply a matter of downloading the binaries 
again and overwriting the existing install? On Mac OS X, such downloads 
come as .pkg files that seem to take care of so many details without 
requiring a trip to the command line.


2. Where should software, such as PHP, MySQL, Apache2, be installed? 
/usr/bin ?


3. Is it a bad idea to install some software from the command-line via 
wget, some software from the graphical Package Manager, and some 
software from the the web? What I mean is, so far it seems like Linux 
manages the list of installed packages, and I just wonder if I'm 
screwing things up this way.


The recommended way to install software is using a yum or at least rpm. 
The further you stray from core CentOS packages installed the CentOS 
way, the more likely you will get stuck with a broken system that this 
list or the forums will find difficult to support. That said, there are 
some good repos out there including dag.wieers.com and EPEL.


The versions used in CentOS are derived directly from the upstream 
product. This is an enterprise distro after all, stability is valued 
more highly that being on the bleeding edge. But yes, old versions of 
PHP and PostgreSQL can be problematic when something like the latest 
Drupal (7) requires PHP5.2, and PostgreSQL 8.3 is way better than 8.1.
It is possible to upgrade these but not possible to describe how to do 
it here. Google can help.


Software should be installed wherever the RPM wants to put it. It is all 
about maintaining a stable, reliable system in a known state.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cambiar nombre al host sin reiniciar el sistema

[admin]

Aslo need restart your log daemon.

/etc/init.d/rsyslog restart

Thanks


Mauricio Tavares писал 26-01-2014 17:14:
> On Sun, Jan 26, 2014 at 10:09 AM, Always Learning 
>  wrote:
>> Using: From translate.google.com
>>
>>> Rodrigo Pichiñual Norin 
>>
>> Hello everyone:
>>
>> I want to change the name of my host, but without reboot
>>
>> 1) edit / etc / sysconfig / network
>>
>> HOSTNAME = name_hostname
>>
>   I believe that is the FQDN
>
>> 2) edit / etc / hosts
>>
>>   192.168.x.x name_hostname
>>
>>
>> I know the restart rename but my point is not to restart the
>> server.
>>
>After you do all that, type
>
> hostname name_hostname
>
> test then by doing
>
> hostname -f
> hostname -s
>
> man hostname should provide more info.
>
>> can??
>>
>>
>> thanks
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos 6.5 - Fping - SE Linux - Missing type enforcement (TE) allow rule

[admin]

Hi gents,

I seem to have a small issue with fping and Observium(a monitoring 
solution). The particular VPS I'm using does have SELinux enabled and it 
seems to be causing issues when the httpd process is attempting to use 
Fping?


Here is what I know so far :

Output from "audit2why -a" :

---
type=AVC msg=audit(1414265994.125:6744): avc:  denied  { create } for  
pid=8968 comm="fping" scontext=unconfined_u:system_r:httpd_t:s0

  Was caused by:
Missing type enforcement (TE) allow rule.

You can use audit2allow to generate a loadable module 
to allow this access.


---

Which does seem to confirm that something is wrong between httpd and fping.

I then ran "audit2allow -M fping-httpd < audit2allow" which did create 
both the .te and .pp files. The issue is that inside the .te file, I 
have a warning saying that the rules already exists! Which does make 
sense since I had to allow those particular function for the Mysql

connection to function properly.

---
.te file :

"module fping-httpd 1.0;

require {
type httpd_t;
class capability net_raw;
class rawip_socket create;
}

#= httpd_t ==

# This avc is allowed in the current policy
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket create;
"
---

Is the "Missing type enforcement" related to all of this? I really don't 
want to disable SELinux and would rather learn to actually use it properly.


Thank you!


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6.5 - Fping - SE Linux - Missing type enforcement (TE) allow rule

[admin]

I've just recreated the module and enabled it, yet I can't seem to allow 
fping to be used by the httpd process. It seems that the last error was 
just a byproduct of a bad module I had not properly removed. Are there 
any additional troubleshooting steps I could try?


What I've done so far :

1) grep fping /var/log/audit/audit.log | audit2allow -M observium_fping
2) semodule -i observium_fping.pp

3) semodule -l | grep fping
**
fping   1.0
observium_fping 1.0
**

4) cat /var/log/audit/audit.log | grep fping

type=AVC msg=audit(1414295291.964:357): avc:  denied  { create } for  
pid=5283 comm="fping" scontext=unconfined_u:system_r:httpd_t:s0 
tcontext=unconfined_u:system_r:httpd_t:s0 tclass=rawip_socket
type=SYSCALL msg=audit(1414295291.964:357): arch=c03e syscall=41 
success=no exit=-13 a0=2 a1=3 a2=1 a3=7fff871b1790 items=0 ppid=5282 
pid=5283 auid=500 uid=48 gid=48 euid=0 suid=0 fsuid=0 egid=48 sgid=48 
fsgid=48 tty=(none) ses=1 comm="fping" exe="/usr/sbin/fping" 
subj=unconfined_u:system_r:httpd_t:s0 key=(null)




On 10/25/2014 8:30 PM, Greg Lindahl wrote:

On Sat, Oct 25, 2014 at 04:22:38PM -0400, admin wrote:


# This avc is allowed in the current policy
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket create;

This confusing output means that the first "allow" line is in the
current policy, and the second is not.

-- greg


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] NFS/RDMA connection closed

[admin]

Hi, we are having a problem with NFS using RDMA protocol over our FDR10 
Infiniband network.  I previously wrote to NFS mailing list about this, 
so you may find our discussion there.  I have taken some load off the 
server which was using NFS for backups, and converted it to use SSH, but 
we are still having critical problems with NFS clients losing connection 
to the server, causing the clients to hang and needing a reboot.  I 
wanted to check in here before filing a bug with CentOS.


Our setup is a cluster with one head node (NFS server) and 9 compute 
nodes (NFS clients).  All the machines are running CentOS 6.9 
2.6.32-696.30.1.el6.x86_64 and using the "Inbox"/CentOS RDMA 
implementation/drivers (not Mellanox OFED).  (We also have other NFS 
clients but they are using 1GbE for NFS connection and, while they will 
still hang with messages like "NFS server not responding, retrying" or 
"timed out", they will eventually recover and don't need a reboot.)


On the server (which is named pac) I will see messages like this:
Jul 30 18:19:38 pac kernel: svcrdma: failed to send reply chunks, rc=-5
Jul 30 18:19:38 pac kernel: svcrdma: failed to send write chunks, rc=-5
Jul 31 15:03:05 pac kernel: svcrdma: failed to send write chunks, rc=-5
Jul 31 15:09:06 pac kernel: svcrdma: failed to send write chunks, rc=-5
Jul 31 15:16:09 pac kernel: svcrdma: failed to send write chunks, rc=-5
Jul 31 15:23:31 pac kernel: svcrdma: Error -107 posting RDMA_READ
Jul 31 15:53:55 pac kernel: svcrdma: failed to send write chunks, rc=-5
Jul 31 16:09:19 pac kernel: svcrdma: failed to send reply chunks, rc=-5
Jul 31 16:09:19 pac kernel: svcrdma: failed to send reply chunks, rc=-5

Previously I had also seen messages like "Jul 11 21:09:56 pac kernel: 
nfsd: peername failed (err 107)!" however have not seen that in this 
latest hangup.


And on the clients (named n001-n009) I will see messages like this:
Jul 30 18:17:26 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
8810674024c0 (stale): WR flushed
Jul 30 18:17:26 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
88106638a640 (stale): WR flushed
Jul 30 18:19:26 n001 kernel: nfs: server 10.10.11.100 not responding, 
still trying
Jul 30 18:19:36 n001 kernel: nfs: server 10.10.10.100 not responding, 
timed out
Jul 30 18:19:38 n001 kernel: rpcrdma: connection to 10.10.11.100:20049 
on mlx4_0, memreg 5 slots 32 ird 16

Jul 30 18:19:38 n001 kernel: nfs: server 10.10.11.100 OK
Jul 31 14:42:08 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
8810671f02c0 (stale): WR flushed
Jul 31 14:42:08 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
8810677bda40 (stale): WR flushed
Jul 31 14:42:08 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
8810677bd940 (stale): WR flushed
Jul 31 14:42:08 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
8810671f0240 (stale): WR flushed
Jul 31 14:43:35 n001 kernel: rpcrdma: connection to 10.10.11.100:20049 
on mlx4_0, memreg 5 slots 32 ird 16
Jul 31 15:01:53 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
881065133140 (stale): WR flushed
Jul 31 15:01:53 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
8810666e3f00 (stale): WR flushed
Jul 31 15:01:53 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
881063ea0dc0 (stale): WR flushed
Jul 31 15:01:53 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
8810677bdb40 (stale): WR flushed
Jul 31 15:03:05 n001 kernel: rpcrdma: connection to 10.10.11.100:20049 
on mlx4_0, memreg 5 slots 32 ird 16
Jul 31 15:07:07 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
881060e59d40 (stale): WR flushed
Jul 31 15:07:07 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
8810677efac0 (stale): WR flushed
Jul 31 15:07:07 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
88106638a640 (stale): WR flushed
Jul 31 15:07:07 n001 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
8810671f03c0 (stale): WR flushed
Jul 31 15:09:06 n001 kernel: rpcrdma: connection to 10.10.11.100:20049 
on mlx4_0, memreg 5 slots 32 ird 16
Jul 31 15:16:09 n001 kernel: rpcrdma: connection to 10.10.11.100:20049 
closed (-103)
Jul 31 15:53:32 n001 kernel: nfs: server 10.10.10.100 not responding, 
timed out
Jul 31 16:08:56 n001 kernel: nfs: server 10.10.10.100 not responding, 
timed out


Jul 30 18:17:26 n002 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
881064461500 (stale): WR flushed
Jul 30 18:17:26 n002 kernel: RPC:   rpcrdma_sendcq_process_wc: frmr 
8810604b2600 (stale): WR flushed
Jul 30 18:19:26 n002 kernel: nfs: server 10.10.11.100 not responding, 
still trying
Jul 30 18:19:38 n002 kernel: rpcrdma: connection to 10.10.11.100:20049 
on mlx4_0, memreg 5 slots 32 ird 16

Jul 30 18:19:38 n002 kernel: nfs: server 10.10.11.100 OK
Jul 31 14:43:35 n002 kernel: rpcrdma: connection to 10.10.11.100:20049 
closed (-103)
Jul 31 16:08:56 n002 kernel: nfs: server 10.10.10.100 not responding, 
timed out


Similar

Re: [CentOS] NFS/RDMA connection closed

[admin]

Hi I also forgot to add the following information which was discussed on 
NFS mailing list with Chuck Lever, leading us to believe there is a 
software bug in the kernel, not necessarily a server overload.


On the NFS server, we also mount some other NFS shares from other NFS 
servers, over 1GbE:

150.x.x.116:/wing on /wing type nfs (rw,addr=150.x.x.116)
10.10.10.201:/opt/ftproot on /opt/ftproot type nfs 
(rw,vers=4,addr=10.10.10.201,clientaddr=10.10.10.100)
150.x.x.202:/archive on /archive type nfs 
(rw,vers=4,addr=150.x.x.202,clientaddr=128.x.x.2)


This hangup/bug seems to occur when we are reading/writing to these 
other shares from the NFS server and the NFS server is also busy 
processing our work from the cluster using the RDMA exports.  There used 
to be two other NFS mounts, which were used to send/write backups to, 
and were scheduled every night at 8PM.  I noticed the RDMA errors from 
my original post were all showing up shortly after 8PM.  So we decided 
to get rid of these NFS mounts and convert the backup to transfer via 
SSH instead.  The RDMA errors stopped happening after 8PM when the 
backup ran, but now the errors are still showing up, when we are 
reading/writing to the other NFS mounts above that we still need.


It seems we should be able to use these different mounts and exports 
without issue, leading us to believe there is a software bug somewhere.


Are there any other suggested solutions to this problem?  Perhaps some 
system, network and/or filesystem tuning?  Any comments on adding the 
"inode64,nobarrier" XFS mount options?  Any extra information I can 
gather to help with a bug report?  Debug info or whatnot?


Thanks
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] tcpdump; how to dump all

[admin lewis]

Hi,
My server is connected to the lan and when I run tcpdump I see few packets
captured but lots packets received by filter.
How can I dump every packets received by filter ?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Install on Dell PowerEdge T310

[admin lewis]

Hi,
this is the first time I install linux on a dell server. Simply I
booted from a centos 5.5 x64 dvd but I cant see the disks.. is there
something I miss ?
thanks very much for any help
luigi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install on Dell PowerEdge T310

[admin lewis]

2011/3/23 John R Pierce :
> On 03/23/11 10:40 AM, admin lewis wrote:
>> Hi,
>> this is the first time I install linux on a dell server. Simply I
>> booted from a centos 5.5 x64 dvd but I cant see the disks.. is there
>> something I miss ?
>
> does that system have some form of PERC raid controller?  you need to go
> into the PERC Bios (or use Dell's utility disk and the raid
> configuratator) and define whatever level of hardware raid you want,
> creating logical volumes that your OS will see as 'disks'.
>
>

Thanks very much to all, now I have understood..
anyway it's a perc s300.. I see I can make a virtual disk read-only...
very interesting.. well .. to have a /boot partition read-only is a
non-sense...
thanks to all again... someone has told "google is your friend" ..
..but I say  "I prefer human friend"..
:-)



-- 
Admin Lewis
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install on Dell PowerEdge T310

[admin lewis]

2011/3/24 Alexander Dalloz :
> Am 23.03.2011 19:33, schrieb admin lewis:
>
>> Thanks very much to all, now I have understood..
>> anyway it's a perc s300.. I see I can make a virtual disk read-only...
>> very interesting.. well .. to have a /boot partition read-only is a
>> non-sense...
>> thanks to all again... someone has told "google is your friend" ..
>> ..but I say  "I prefer human friend"..
>> :-)
>
> https://access.redhat.com/kb/docs/DOC-19840
>

yep, after I created the array, centos cant see any disk... :-(
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Rules for port forwarding

[admin lewis]

Hi,
does anyone remember the rules for port forwarding ?
the followings does not work:
iptables -A FORWARD -i eth0 -o eth1 -p tcp –dport 80 -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -i eth0 –dport 80 -j DNAT –to
192.168.20.1:80

thx lewis
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] [OT] ups advice

[admin lewis]

Hi
I have a Dell PowerEdge T310 *tower* server.. I have to buy an ups by
apc... anyone could help me giving an hint ?
a simple "smart ups 1000" could be enough ?

thx so much!!

lewis.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] ups advice

[admin lewis]

2011/4/14 Bowie Bailey :
> On 4/14/2011 12:06 PM, admin lewis wrote:
>> Hi
>> I have a Dell PowerEdge T310 *tower* server.. I have to buy an ups by
>> apc... anyone could help me giving an hint ?
>> a simple "smart ups 1000" could be enough ?
>
> APC's website has a "UPS Selector" feature that will recommend a UPS
> based on your equipment.
>
> --
> Bowie


I take a APC Smart-UPS 1000VA LCD 230V
It seems good a enough to give 15-20 minutes of power to my server.
very very thanks for your simple but very useful hint.
lewis
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] ups advice

[admin lewis]

2011/4/14 John R Pierce :
> On 04/14/11 9:06 AM, admin lewis wrote:
>> Hi
>> I have a Dell PowerEdge T310 *tower* server.. I have to buy an ups by
>> apc... anyone could help me giving an hint ?
>> a simple "smart ups 1000" could be enough ?
>>
>>
>
> apc smartups or eaton powerware woudl be my choices.    1000VA should be
> fine.
>
> avoid consumer UPS's like apc backups, they are junk.
>
>
> how long do you need the system to stay powered when the power fails?
> just long enough to shutdown?  or do you need it to stay up for some
> period of time?
>
>

Few minutes... 10 minutes should be enough.. and then shutdown the machine ..
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] XFS on Centos 6.2 ?

[admin lewis]

Hi,
I need of to mount an XFS partition on Centos 6.2 .. but I cant find
the kernel module..
it that true the xfs is available only under x86_64 ?

-- 
Linux Server, Microsoft Windows 2003/2008 Server, Exchange 2007
http://predellino.blogspot.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos 6.2 install some problems

[admin lewis]

Hi,
I have reinstalled centos 6.2 x86_64 because it seems there is not xfs
mod on i386.
But i have found an orther problem. After the partitioning there is
not any prompt to choice the type of server I want (minimal, web etc)
So now I have a desktop installation...
I want to remove xorg, gnome etc..
and an other bug.. i am unable to setup Eth interface ... with
system-config-network-tui i cant see any eth..
I have 4 NIC.. and all works well..
cheers
luigi


-- 
Linux Server, Microsoft Windows 2003/2008 Server, Exchange 2007
http://predellino.blogspot.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Partitioning production server

[admin lewis]

Hi,
I have to install a production server with postgresql.. with few hundreds of
MB (2-300)
would u advice me to partitioning the disk ?
The server will be under vmware environment with SAN as storage.


-- 
--
Lewis
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Net CD/DVD writer

[admin lewis]

Hi,
i'm looking for a net cd writer software. I've found webcdwriter
(http://joerghaeger.de/webCDwriter/) but it seems not more upgraded.
Anyone know something else ?
thx lewis
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] temp dir, httpd and selinux

[admin lewis]

Hi,
I have a php software installed on a centos server with selinux
enforced activeted.
The php software (glpi --> http://www.glpi-project.org) have a plugin
that must write on a temp dir... but selinux dont give access to that
dir to write.
How should i do ?
lewis
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] how to set ACLs on windows share

[admin lewis]

Hi,
I have to get/set acls on a windows share by script.
I can mount the windows share by mount.cifs but I don't know how to set/get
acls... anyone could help me ?
thx so much.

-- 
Admin Lewis
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to set ACLs on windows share

[admin lewis]

2010/10/26 Miguel Medalha 

>
>  I have to get/set acls on a windows share by script.
>> I can mount the windows share by mount.cifs but I don't know how to
>> set/get acls... anyone could help me ?
>> thx so much.
>>
>
> You would benefit from posing this question to the Samba mailing list:
>
> sa...@lists.samba.org
>
> Do you want to set the ACLs from the Windows side or from the Unix server
> side?
>
> What do you use to store ACLs? Linux ACLs? A Samba VFS module?
>
>

Hi, I found the solution... smbcacls ...
anyway... I have a linux client and I want to get/set acls on a windows
share, by script.
anyway
thx.
bye
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Secure a python http server

[admin lewis]

Hi,
I want to make secure my python http server.. what should i use ?
chroot ? there are something more secure ?
On my centos server I've SE enabled..then .. sandboxing ?
Thanks very much
lewis


-- 
Linux and Windows 2003/2008 Server.
http://predellino.blogspot.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Secure a python http server

[admin lewis]

2011/8/30 Steven Crothers :
> You wrote the application... nobody can tell you how to secure code they've
> never seen.
>
> On Tue, Aug 30, 2011 at 1:16 PM, admin lewis  wrote:
>>
>> Hi,
>> I want to make secure my python http server.. what should i use ?
>> chroot ? there are something more secure ?
>> On my centos server I've SE enabled..then .. sandboxing ?

http://mapproxy.org/

that's it..
lewis



-- 
Linux Server, Microsfot Windows 2003/2008 Server, Exchange 2007
http://predellino.blogspot.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apparent BIND problem doing RBL lookups for Postfix

[sys Admin]

What happens if you change your resolv.conf to google's dns ?


On 4/15/10, Nataraj  wrote:
> listserv.traf...@sloop.net wrote:
>>> Check out the following bug report. I would also look at other bind bug
>>> reports. My sense is that redhat has deviated quite a bite from the ISC
>>> version of bind. In particular I believe that they disabled or otherwise
>>> modified the caching behavior back about 6-8 months ago when there were
>>> major security issues with bind. I have felt that my Red Hat/Centos name
>>> servers have not worked as well as Fedora or ISC bind name servers since
>>> this time. You might try installing ISC bind and see if that solves your
>>> problem.
>>>
>>
>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=553334
>>>
>>
>>
>>> Nataraj
>>>
>>
>> Interesting - though in our case it's failing long before a few
>> million lookups. I don't much relish compiling ISC versions to run on
>> my box - the security implications and other hassles don't seem
>> trivial. [We don't allow external [the world] lookups - just local
>> "trusted" users, but that only mitigates some of the security concerns.]
>>
>> Perhaps it's possible to use an older version that's security
>> patched. Ugh.
>>
> Though I have not done it in a while, It's not a big deal to build ISC
> bind.  If you have compilers installed, you untar it and run "make" or
> "make install", maybe setting up the path for installation.  With the
> security issues today, I often run a separate system for name servers
> (actually I use virtual machines).  In fact, mostly I setup both an
> internal and a external nameserver where the internal one forwards
> queries to the external one so it never receives packets from the
> Internet.   So the internal one could be on your mail server and the
> external one could be a seperate box.  For test purposes, you could try
> ISC bind on any old box just to determine if it solves the problem.
>
> Alternatively, if the problem is urgent I guess you could buy a red hat
> license and try to get them to up the priority on resolving this.   If
> you have the time and skills, you could install a debug compiled version
> of CentOS bind and try to either debug it or capture a dump of it when
> it breaks and submit that to developers.
>
> I don't think running ISC bind for a short time is a major risk.  It's
> quite widely deployed in the field.
>
> Nataraj
>
>> -Greg
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

-- 
Sent from my mobile device
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] kernel autoconfigure ?

[admin lewis]

Anyone know if there is a kernel autoconfigure tool to compile from source ?
thanks
luigi


-- 
Linux Server, Microsoft Windows 2003/2008 Server, Exchange 2007
http://predellino.blogspot.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kernel autoconfigure ?

[admin lewis]

2012/3/27 Johnny Hughes :
> On 03/26/2012 04:45 PM, admin lewis wrote:
>> Anyone know if there is a kernel autoconfigure tool to compile from source ?
>> thanks
>> luigi
>
> What are you trying to accomplish.
>

Simply I want enable grsecurity. I downloaded vanilla kernel and
grsecurity patch but I dont want reconfigure every kernel options..
because it's too long read and understand every feature of the kernel.
Also I want disable all modules I dont need. Finally I dont want
initrd.
Thanks very much for any help
luigi


-- 
Linux Server, Microsoft Windows 2003/2008 Server, Exchange 2007
http://predellino.blogspot.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Help in troubleshoot cause of high kernel activity

[Noob Centos Admin]

Hi, I had been experiencing a problem on our dedicated server running Centos
5, and unable to successfully track down the problem.

Since about 6 days ago, I noticed a spike in load/CPU utilization which went
from a typical 0.2x-0.3x to 3.x. At the same time, average traffic also went
up and so did the log usage. Prior to this, the server was working fine and
there had been no changes to the configuration.

Initially, I narrowed it down to the mail system. Exim was generating
significantly more log data than usual. This was eventually narrowed down to
apparently our server and another server playing ping pong between two users
who coincidentally were on vacation and had both their mailboxes filled.
Thus it caused an endless loop of "Message Undelivered" and "Auto-reply".

Once this was identified and cleared up, I had expected things to go back to
normal. However, load/traffic remained high.

Looking at "top" output, I noted that %sys was as high and often much higher
than %user. However, individual process %CPU just didn't add up to the total
top was reporting. Top reports 160~170 sleeping tasks and only 4 active most
of the time, which was largely exim then httpd/mysql/php.

top Snapshot
==
top - 17:25:03 up 7 days, 19:16,  1 user,  load average: 2.03, 2.84, 3.04
Tasks: 168 total,   4 running, 164 sleeping,   0 stopped,   0 zombie
Cpu(s): 26.5%us, 50.3%sy,  0.0%ni, 16.6%id,  6.1%wa,  0.0%hi,  0.5%si,
0.0%st
Mem:   1915208k total,  1880256k used,34952k free,   142100k buffers
Swap: 16777208k total,66140k used, 16711068k free,  1276564k cached


iostat Snapshot

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
   18.960.00   25.57   5.16   0.01 50.30

Device:tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
sda  54.1963.31  2460.80   42689802 1659234904
sdb  55.1276.41  2460.80   51521720 1659234904
md1 315.95   139.72  2442.00   94207644 1646554216
md0   0.01 0.00 0.02   1422  14736
dm-0 39.1365.85   292.50   44399402  197219496
dm-1267.1836.18  2110.08   24398010 1422756072
dm-2  9.6437.6839.42   25408576   26578648
fd0   0.00 0.00 0.00 16  0
sr0   0.00 0.00 0.00136  0

Searching around for ways to interpret the output, I tried sar/iostat and
essentially, the information off the net indicates there wasn't a disk
problem, %io was relatively low and mdadm shows the RAID 1 disks working
perfectly fine. Since %sys is consistently highest, it appears that the
kernel was doing something outside of norm.

The problem is I have no idea what else to do to determine what "something"
is.

I've looked at netstat and there doesn't appear to be excessive connections,
logwatch summary also does not appear to give any clue as there are no
records of unusual failed log in attempts.

Please advise what else can I look into or check. Thanks in advance!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help in troubleshoot cause of high kernel activity

[Noob Centos Admin]

On Sat, Mar 29, 2008 at 6:37 PM, Johnny Hughes <[EMAIL PROTECTED]> wrote:

> Well .. top says you have 4 processes running ... if that is consistent
> (4 processes always in a run state) then you should be able to determine
> the running processes with the command:
>
> ps -ef r
>
> (I think)
>
> I would think one of always running processes is the one that is taking
> up CPU time.
>
> Also while in top, -H might show some hidden threads in the output.
>

Thanks for the advise although I never got a chance to use it.

For some inexplicable Murphy-like reason, the server load went back to
normal levels shortly after I sent off the email to the list.

The only possible explanation I could think of was that I killed the
setroubleshootd process because it froze up after I tried to fiddle with the
SELinux settings. There was some error in the log about unable to connect to
the audit socket.

After observing the back to normal loads for a few hours to confirm it
wasn't a momentarily drop, I restarted the setroubleshootd process and yet
the load remain normal.

So my current uneducated guess is that the barrage of undeliverable email
messages on the very first day caused SELinux to choke on a system/kernel
level until the reporting daemon was killed to whatever was getting tied up
to move on?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Find reason for heavy load

[Noob Centos Admin]

My Centos 5 server has seen the average load jumped through the roof
recently despite having no major additional clients placed on it.
Previously, I was looking at an average of less than 0.6 load, I had a
monitoring script that sends an email warning me if the current load stayed
above 0.6 for more than 2 minutes. This script used to trigger perhaps once
an hour during peak periods. Even so, I seldom see numbers higher than 1.x

On 4th Dec, somebody from an Indian IP range started hammering my SMTP
service, attempting to use it as an open relay. Naturally that didn't work
and only end up budging my typical 400KB daily log report into 2MB~4MB
affairs.

After observing a few days to determine the IP range, I started blocking the
Indian subnet with apf. Initially I had problems with getting apf to wok
properly but after a couple of days managed to get the block working and my
daily log went back down to expected size when all those connection attempts
disappear from exim's log.

Now this is when my server load started to shoot through the roof with
figures like 8.64 5.90 3.62 being reported by my monitoring script,
triggering so often. I had to raise my threshold to 1.6 to keep my own
script from spamming myself.

I've tried changing several things on the server, since initially it seems
like the high load may be due to I/O wait. So I turning off non-essential
services like OpenNMS to see if that had any effect. I also turned off apf
and inserted rules manually into iptables to reduce the number of iptable
rules the system has to process.

All that doesn't seem to help much, I'm still getting consistent server
loads in the 2.x to 3.x range almost all the time.

The problem is using top, none of my processes are showing abnormal CPU%,
most are well under 5%, manually adding them up doesn't equate the 200% to
300% the load figures of 2.x and 3.x are indicating.

Even top's own summary says CPU % is in the 20~30% range, what's worrying is
the System% is also in the same range. I have no idea what is "system" doing
since it appears that anything running inside the kernel is lumped under
"system". Or why even totalling both % up, I would expect 50~60% to
translate to the expected load of 0.5~0.6 yet system load stats is 5x what's
expected.

I've installed utilities like dstat to try to see if I can figure out which
process is making the system calls that is clogging up the server but either
I don't understand it or it's not the right tool.

So I'll appreciate some advice on how/what should I do next to identify the
cause. Thanks in advance!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Find reason for heavy load

[Noob Centos Admin]

Hi,

> last time I saw something like that, it was a bunch of chinese 'bots'
> hammering on my public services like ssh.
>another admin had turned
> pop3 on too, this created a very heavy load yet they didn't show up in
> top (bunches of pop3 and ssh processes showed up in ps -auxww,
> however, plug netstat -an

Unfortunately the server is meant for web/email purposes so I can't
turn off pop3/smtp. Naturally ps shows up a lot of httpd/mysql &
exim/dovecot processes but a cursory glance doesn't see any suspicious
IPs.

Similarly, I did a quick look at netstat -an and most of the IP are
from local ISP that my clients are using.

One thing that occurred to me is, does using iptables to block smtp
attempt uses more "system" resources as opposed to letting the bot
flood my smtp logs with pointless attempts? :)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Find reason for heavy load

[Noob Centos Admin]

Hi,

> Try blocking the IPs on the router and see if that helps.

Unfortunately the server's in a DC so the router is not under our control.

> You can also run iostat and look at the disk usage which also
> generates load.

I did try iostat and its iowait% did coincide with top's report, which
is basically in the low 1~2%.

However, iostat reports much lower %user and $system compared to top
running at the same time so I'm not quite sure if I can rely on its
figures.

> How many cores does your machine have? Load avg is calculated for a
> single core, so a quad core would reach 100% utilization at a load of
> 4, but high iowaits can generate an artificially high load avg as well
> (and why one sees greater than 100% utilization).

It's a dual core that's why I was getting concerned since loads above
2.0 would imply the system's processing capacity was apparently maxed.
However, load and percentages don't add up.

For example, now I'm seeing
top - 14:04:30 up 171 days,  7:14,  1 user,  load average: 3.33, 3.97, 3.81
Tasks: 246 total,   2 running, 236 sleeping,   0 stopped,   8 zombie
Cpu(s): 13.3%us, 16.0%sy,  0.0%ni, 67.5%id,  3.0%wa,  0.0%hi,  0.2%si,  0.0%st

iostat
Linux 2.6.18-128.1.16.el5xen 12/30/2009
avg-cpu:  %user   %nice %system %iowait  %steal   %idle
   3.280.201.162.380.01   92.97


> I really wish load would be broken down as CPU/memory/disk instead of
> the ambiguous load avg, and show network read/write utilization in
> ifconfig.

Totally agreed. All the load number is doing is telling me something
is using up resources somewhere but not a single clue otherwise!
Confusing, frustrating and worrying at the same time :(
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Find reason for heavy load

[Noob Centos Admin]

Hi,

> > since initially it seems like the high load may be due to I/O wait
> Maybe this will help you to identify the IO loading process:
>
>  http://dag.wieers.com/blog/red-hat-backported-io-accounting-to-rhel5

Thanks for the suggestion, I did install dstat earlier while trying to
figure things out on my own. However, I think my kernel being the
older version does not support the latest feature the website was
pointing out. Given that it's a live server not within physical touch,
I'm a little wary of doing kernel updates that might just kill it :D

I'll try other methods first and see if they help, if not, I'll
probably have to bite the bullet and do it over a weekend where I get
more time to repair any inadvertent damage.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Find reason for heavy load

[Noob Centos Admin]

 Hi,

> You should also try out "atop" instead of just using top.  The major
> advantage is that it gives you more information about the disk and
> network utilization.

Thanks for the tip, I tried it and if the red lines are any
indication, it seems that atop thinks my disks (md raid 1) are the
problem being busy over 60~70% of the time. However that is sort of
expected since most of the expected activity on the server is
smtp/pop3.

Unfortunately, I did not know about atop previously and don't have a
baseline to compare against :(
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Find reason for heavy load

[Noob Centos Admin]

Hi,


> Dstat could at least tell you if your problem is CPU or I/O.

This was the result of running the following command which I obtained
from reading up about two weeks ago when I started trying to
investigate the abnormal server behaviour.

dstat -c --top-cpu -d --top-bio --top-latency
usr sys idl wai hiq siq|  cpu process   | read  writ| latency process
  4   1  93   2   0   0|mysqld   0.0|  80k   82k|khelper 8
 42  46   0  12   0   0|httpd 12| 648k0 |ksoftirqd/0   111
 26  37  12  26   0   0|httpd1.5| 520k   11M|ksoftirqd/175
 23  49   8  19   0   0|exim 1.0| 652k   16k|ksoftirqd/044
 26  44   3  28   0   0|exim 1.0| 652k 1296k|ksoftirqd/044
 32  41   4  23   0   0|exim 1.5| 620k   16k|ksoftirqd/050
 28  52   3  16   0   0|exim 1.5| 700k0 |ksoftirqd/147
 21  41  11  28   0   0|exim 1.0| 556k   11M|ksoftirqd/079
 27  46   3  24   0   0|exim 1.5| 684k   16k|ksoftirqd/140
 29  45   2  24   0   0|exim 1.0| 672k  944k|ksoftirqd/025
 28  33   3  37   0   0|httpd 14| 852k 5992k|ksoftirqd/139
 36  39   2  23   0   0|httpd5.0|1024k0 |ksoftirqd/084


> Even better, run
>
> vmstat 2 10
>
> Look at the first two columns.  What column have higher numbers?  If r,
> you're CPU-bound.  If b, you're I/O bound.

procs ---memory-- ---swap-- -io --system--
-cpu--
 r  b   swpd   free   buff  cache   si   sobibo   in   cs us sy id wa st
 8  1   3092 131460 100692 83366800402110  4  1 92  2  0
 9  1   3092 130708 100700 83501600   578   206  577 1420 32 50  3 15  0
 7  1   3092 128324 100716 83614800   546  2866  594 1465 31 44  7 18  0
 4  1   3092 126860 100724 83726800   540   256  596 1505 28 43  6 23  0
 7  2   3092 125600 100740 83856400   620   234  661 1442 30 41  2 26  0
 5  1   3092 124028 100756 83975200   570  2692  635 1430 24 45  6 25  0
 6  0   3092 122040 100784 84096400   584  1464  682 1434 27 44  2 28  0
 6  1   3092 120588 100792 84223200   602   278  624 1562 32 46  2 20  0
 2  3   3092 120556 100840 84306400   440  2908  603 1299 22 35  6 37  0
 3  1   3092 119832 100876 84408800   430  1104  605 1348 23 36  1 40  0

According to this, am I correct to conclude that I'm CPU bound and the
system is busy doing some unknown processing?

> Did you check if you have a defect disk or a rebuilding array?  That
> could be the cause.

I usually run a "cat /proc/mdstat" whenever I log into the server to
check my MD raid status. So far the array appears ok. There are no
disk warning when I run "dmesg". smartctl also reports no error logged
and passed for both disks, although no self test was ran. Would I be
safe to conclude that the disks are OK and not part of the problem?

Thanks again to everybody for the suggestions and help so far.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Find reason for heavy load

[Noob Centos Admin]

Hi,

> Yes, these figures indicate that you are fairly close to being cpu bound.
>
> What kind of filtering are you doing? If you have any connection
> tracking/state related rules set, you will need to be using a fair
> amount of cpu.

Initially, when the load start going up, I had thought the APF
filtering rules were the problem since the Indian fellow is still
hammering away at the server even now. However, I've since taken the
risk of turning off APF and rely on static iptables rules, which adds
up to less than one screenful on SSH.

I also thought it might had to do with exim/spamassassin but making a
few changes to reduce the number of emails that goes to spamd doesn't
seem to be helping much.

In fact as you can see from the stats, load has gone up even further
since. I've been averaging 10+ for the whole working day. At the
moment it's between 6 to 10 when it should be at 0.3 from past months
of logs.

This is despite the fact most of my clients should be out celebrating
New Year's Eve. From weeks of logs, the Indian spammer is also a very
punctual fellow who should have knock off work about 17 minutes ago.
So there shouldn't be any heavy 'known' activities on the server at
this point.

So I'm quite stumped as to what's chewing up the CPU cycles. I am also
starting to worry if the server's been compromised and is now doing
something I don't want it to be.

I'm probably going to shutdown the mail/httpd services after midnight
when the impact is the least and see how the server reacts for a
couple of minutes with everything else cut off.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Find reason for heavy load

[Noob Centos Admin]

Hi,

> I do not know about now but I had to unload the modules in question.
> Just clearing the rules was not enough to ensure that the netfilter
> connection tracking modules were not using any cpu at all.

Thanks for pointing this out. Being a noob admin as my pseudonym
states, I'd assumed stopping apf and restarting iptables was
sufficient. I'll have to look up unloading module later.

> /me shrugs. When I was the mta admin at Outblaze Ltd. (messaging
> business now owned by IBM and called Lotus Live) spammers always ensured
> I got called. All they do is just press the big red button (aka start
> the script/system) and then go and play while I would have to deal with
> whatever was started.

Based on the almost precise timing of around 9:30 to 5:30 India time,
I'm inclined to think in my case it wasn't so much a spammer pressing
a red button but a compromised machine in an office starting up when
the user gets into office and knocks off on time at 5:30 :D

> I remember only one occasion when the spams were
> launched but neutralized very soon because they were pushing a website
> and I found a sample real early and so the anti spam system could just
> dump the spams and knock out accounts being used to send the crap.

Could I ask how do I knock out the accounts sending the crap if they
are not within my systems?

> First, try rmmod'ing the netfilter modules after you have cleared away
> the state related rules to make sure that you are only using static
> rules in netfilter...unless you have done that already..

I think I'm only using static rules because after I restart iptables,
I would then do a service iptables status to check my rules were in,
and that list was very short compared to when APF was active.

The good news is, I think I've fixed the big problem after doing my
shutdown tests and returned to the original problem.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Find reason for heavy load

[Noob Centos Admin]

I initiated services shutdown as previously planned and once the
external services like exim, dovecot, httpd, crond (because it kept
restarting these services), the problem child stood out like a sore
thumb.

There was two exim instances that didn't go away despite service exim
stop. Once I killed these two PID, the load average started dropping
rapidly. After a minute or so, the server went back to a happy 0.2~0.3
load and disk activity became almost negligible.

I think these, orphaned? zombied?, exim instances were related to a
mail loop problem I discovered earlier today where one of my client on
holiday had a full mailbox and keep bouncing mails from a contact
whose site was suspended. Although I terminated that loop, it seemed
that exim had gotten those two instances stuck in limbo sucking up
processing power and hitting the disk somewhere unknown since they
weren't showing up in my exim logs.

After observing a while, I brought the services back and once exim got
started, my load went back to 2.x ~ 3.x. Unfortunately while I was
typing this email, I realize it didn't stop there. I'm up to 4.x ~ 5.x
load level by now.

So the application that is the cause of the load is definitely exim,
more specifically I think it's spam assassin because now that the mail
logs entries are slow, I can read the spamd details and mails are
taking between 3 to 8 seconds to be checked.

Thanks again to everybody who had offer suggestions and advice and do
have a Happy New Year :)


On 1/1/10, Noob Centos Admin  wrote:
> Hi,
>
>> I do not know about now but I had to unload the modules in question.
>> Just clearing the rules was not enough to ensure that the netfilter
>> connection tracking modules were not using any cpu at all.
>
> Thanks for pointing this out. Being a noob admin as my pseudonym
> states, I'd assumed stopping apf and restarting iptables was
> sufficient. I'll have to look up unloading module later.
>
>> /me shrugs. When I was the mta admin at Outblaze Ltd. (messaging
>> business now owned by IBM and called Lotus Live) spammers always ensured
>> I got called. All they do is just press the big red button (aka start
>> the script/system) and then go and play while I would have to deal with
>> whatever was started.
>
> Based on the almost precise timing of around 9:30 to 5:30 India time,
> I'm inclined to think in my case it wasn't so much a spammer pressing
> a red button but a compromised machine in an office starting up when
> the user gets into office and knocks off on time at 5:30 :D
>
>> I remember only one occasion when the spams were
>> launched but neutralized very soon because they were pushing a website
>> and I found a sample real early and so the anti spam system could just
>> dump the spams and knock out accounts being used to send the crap.
>
> Could I ask how do I knock out the accounts sending the crap if they
> are not within my systems?
>
>> First, try rmmod'ing the netfilter modules after you have cleared away
>> the state related rules to make sure that you are only using static
>> rules in netfilter...unless you have done that already..
>
> I think I'm only using static rules because after I restart iptables,
> I would then do a service iptables status to check my rules were in,
> and that list was very short compared to when APF was active.
>
> The good news is, I think I've fixed the big problem after doing my
> shutdown tests and returned to the original problem.
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Find reason for heavy load

[Noob Centos Admin]

Just an concluding update to anybody who might be interested :)

My apologies for blaming spamassassin in the earlier email. It was
taking so long because of the real problem.

Apparently the odd exim processes that was related to the mail loop
problem I nipped was still the culprit. I had overlooked the fact that
by the time I caught onto the mail loop issue, there were actually
hundreds if not thousands of bounced and rebounced messages in the
queue already. Attempting to deliver these messages queued before I
terminated the mail loop was what those exim processes were trying to
do.

This would had been ok if not for the other problem. The user
apparently went on 2 week vacation since 15th and thought it was a
good idea to enlarge his mailbox before doing so. So there was this
2.5GB mailbox choked full of both valid & rebounced mails, plus the
queue of more rebounced mails. So every time exim attempted to add the
queued mails to the user's account, the quota system rejected it. The
cpu load was probably due to this never ending ping pong match between
exim and the quota.

Yeah, I can't help but feel this must be such a noob mistake allowing
that to develop without realizing it.

Now that I've purged the queue of those bounced messages and other
housekeeping for that user, server load has finally gone back to the
expected sub 1.0 levels so I can finally go and enjoy my holiday :)



On 1/1/10, Noob Centos Admin  wrote:
> I initiated services shutdown as previously planned and once the
> external services like exim, dovecot, httpd, crond (because it kept
> restarting these services), the problem child stood out like a sore
> thumb.
>
> There was two exim instances that didn't go away despite service exim
> stop. Once I killed these two PID, the load average started dropping
> rapidly. After a minute or so, the server went back to a happy 0.2~0.3
> load and disk activity became almost negligible.
>
> I think these, orphaned? zombied?, exim instances were related to a
> mail loop problem I discovered earlier today where one of my client on
> holiday had a full mailbox and keep bouncing mails from a contact
> whose site was suspended. Although I terminated that loop, it seemed
> that exim had gotten those two instances stuck in limbo sucking up
> processing power and hitting the disk somewhere unknown since they
> weren't showing up in my exim logs.
>
> After observing a while, I brought the services back and once exim got
> started, my load went back to 2.x ~ 3.x. Unfortunately while I was
> typing this email, I realize it didn't stop there. I'm up to 4.x ~ 5.x
> load level by now.
>
> So the application that is the cause of the load is definitely exim,
> more specifically I think it's spam assassin because now that the mail
> logs entries are slow, I can read the spamd details and mails are
> taking between 3 to 8 seconds to be checked.
>
> Thanks again to everybody who had offer suggestions and advice and do
> have a Happy New Year :)
>
>
> On 1/1/10, Noob Centos Admin  wrote:
>> Hi,
>>
>>> I do not know about now but I had to unload the modules in question.
>>> Just clearing the rules was not enough to ensure that the netfilter
>>> connection tracking modules were not using any cpu at all.
>>
>> Thanks for pointing this out. Being a noob admin as my pseudonym
>> states, I'd assumed stopping apf and restarting iptables was
>> sufficient. I'll have to look up unloading module later.
>>
>>> /me shrugs. When I was the mta admin at Outblaze Ltd. (messaging
>>> business now owned by IBM and called Lotus Live) spammers always ensured
>>> I got called. All they do is just press the big red button (aka start
>>> the script/system) and then go and play while I would have to deal with
>>> whatever was started.
>>
>> Based on the almost precise timing of around 9:30 to 5:30 India time,
>> I'm inclined to think in my case it wasn't so much a spammer pressing
>> a red button but a compromised machine in an office starting up when
>> the user gets into office and knocks off on time at 5:30 :D
>>
>>> I remember only one occasion when the spams were
>>> launched but neutralized very soon because they were pushing a website
>>> and I found a sample real early and so the anti spam system could just
>>> dump the spams and knock out accounts being used to send the crap.
>>
>> Could I ask how do I knock out the accounts sending the crap if they
>> are not within my systems?
>>
>>> First, try rmmod'ing the netfilter modules after you have cleared away
>>> the state related rules to make sure that you are only using static
>&g

Re: [CentOS] Are SSD disks worth the cost for server usage?

[Noob Centos Admin]

Hi,

> - A: one is with 80 GB SSD (and 12 GB memory)
> http://www.ovh.co.uk/products/eg_ssd.xml
> - B: the other with 750 GB SATA2 (and 8 GB memory).
> http://www.ovh.co.uk/products/eg_best_of.xml

The Intel SSD are fast but have a history of firmware problems. So I
wouldn't suggest using them on a mission critical data. Personally I
think asking for more RAM on the SATA server would do more for
performance especially since you are going to be running several VM.

Just my noobish 2 cents' worth.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos/Linux Disk Caching, might be OT in some ways

[Noob Centos Admin]

I'm trying to optimize some database app running on a CentOS server
and wanted to confirm some things about the disk/file caching
mechanism.

>From what I've read, Linux has a Virtual Filesystem layer that sits
between the physical file system and everything else. So no matter
what FS is used, applications are still addressing the VFS. Due to
this, disk caching is done on an inode/block basis.

I'm assuming that this is still the case in CentOS or am I badly mistaken?

If that is correct, then here is my scenario and hypothesis.

Assuming the server has xxx MB of free memory and the database consist
of several tables more than xxx MB in size. So no table will fit
entirely into memory. And assuming other processes do not interfere
with the caching behaviour or available memory etc.

Given the inode caching behaviour, if the DBMS only access a bunch of
inodes that total less than xxx MB, is it therefore likely to be
always using the cache, hence faster?

My thought is that if this is the case, then I could likely speed up
the application behaviour if I further split the tables into parts
that are more frequently accessed, and parts that are unlikely
touched.

e.g. the table may currently have rows with 20 fields and total
1KB/row, but very often say only 5/20 fields are used in actual
processing. Reading x rows from this table may access x inodes which
would not fit into the cache/memory.

However if now I break the table into two parts with those 5 fields
into a smaller table, there would be a speed increase since the
reading the same x rows from this table would only access 1/x inodes.
Further more, these would more likely fit into the disk/memory cache
for even faster access.

Or would I simply be duplicating what the DBMS's index files would
already be doing and therefore see no improvement?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos/Linux Disk Caching, might be OT in some ways

[Noob Centos Admin]

Hi,

> If you want a fast database forget about file system caching,
> use Direct I/O and put your memory to better use - application
> level caching.

The web application is written in PHP and runs off MySQL and/or
Postgresql. So I don't think I can access the raw disk data directly,
nor do I think it would be safe since that bypasses the DBMS's checks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos/Linux Disk Caching, might be OT in some ways

[Noob Centos Admin]

Hi,

> 20 feilds or columns is really nothing. BUT That's dependant on the type
> of data being inserted.

20 was an arbitary number :)

> Ok so break the one table down create 2 or more, then you will have
> "Joins" & clustered indexes thus slowing you down more possibly.  That
> is greatly dependant on your select, delete, and update scripts.

That was the reason the original develop gave for having these massive
rows! Admittedly it is easier to read but when each row also contains
text/blob fields, they tend to grow rather big. Some users have been
complaining the server seems to be getting sluggish so I'm trying to
plan ahead and make changes before it becomes a real problem.

> Possibly very correct, but Nate is very correct on how you are accessing
> the DB ie direct i/o also.  Your fastest access come in optimized SPROCS
> and Triggers and TSQL.  Slam enough memory into the server and load it
> in memory.

It's an old server with all slots populated so adding memory is not an
option. I thought of doing an image and porting it into a VM on a
newer/faster machine. But then at the rate this client's usage
growing, I foresee that as simply delaying the inevitable.


> If speed is what your after why are you worried about VFS?
> CentOS does support Raw Disk Access (no filesystem).

To be honest, I don't really care about VFS since I didn't know it
existed until I started looking up Linux file/disk caching :D

So I assumed that was what PHP and DBMS like MySQL/Postgresql would be
working through. It made sense since they wouldn't need to worry about
what filesystem was really used.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos/Linux Disk Caching, might be OT in some ways

[Noob Centos Admin]

Hi,

> Split the TEXT/BLOB data out of the primary table into tables of their
> own indexed to the primary table by it's key column.

This is part of what I was planning to do, there are a lot of stuff I
am planning to split out into their own tables with reference key. The
problem is I'm unsure whether the added overheads of joins would
negate the IO benefits hence trying to figure out more about how
Centos/Linux does the caching.

> Think about distributing the parts to different boxes as necessary.
> You can start with the DBMS which is the logical candidate.

Eventually I figured that would probably have to be done but I don't
know enough at this point. So I'm taking the approach of optimizing
stage by stage starting with things I'm more familiar with and less
likely to muck up totally, i.e.from the app/script side first. Then
after getting more familiar with the setup, experiment with the
hardware based solutions.


> On the DBMS backend, give it plenty of memory, good storage for the
> workload and good networking.

Again problem is old server so memory is maxed, drives controller is
probably not helping.

> On the Apache/PHP side, look for a good DBMS inter-connect and some
> PHP caching module and of course enough CPU for the PHP code and
> network for Apache+DBMS inter-connect.
>
> If you wanted to split it up even more you could look into some sort
> of PHP distributed cache/processing system and have PHP processed
> behind Apache.

Thanks for the heads up, I didn't realize it was possible to separate
the PHP processing from Apache itself. However, for the time being,
I'm probably still limited to a single server situation so will keep
this in mind for future.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos/Linux Disk Caching, might be OT in some ways

[Noob Centos Admin]

Hi,

>>>
>>> I believe the OP said he was running postgresql.
>>>
>>
>> Quoted from OPs previous mail hes not sure lol
>>
>> """The web application is written in PHP and runs off MySQL and/or
>> Postgresql."""
>
> Ah, well #1 on his list then is to figure out what he is running!

LOL, I know it sounds quite noobish, coming across like I've no idea
what DBMS it is running on. The system currently runs on MySQL but
part of my update requirement was to decouple the DBMS so that we can
make an eventual switch to postgresql.

Hence the solution cannot be dependent on some specific MySQL functionality.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos/Linux Disk Caching, might be OT in some ways

[Noob Centos Admin]

MySQL's acquisition was one of the factor, the client wants to keep
everything on the opensource side as far as possible.

On the technical side, all tables are using the InnoDB engine because
myISAM doesn't support either. Also previously during development, it
was discovered that on some particular application/function, MyISAM
caused a heavy load that went away after switching to InnoDB.

Also, as part of my idea was to subsequently put the tables on
different disks for better improvement. Postgresql supports that while
MySQL appears to require all the tables remain on the same filesystem.

There were other considerations that was discussed internally
previously but without digging up docs, off hand, these are the key
factors I can recall that drove the decision to eventually replace
MySQL with Postgresql.


On 1/27/10, Chan Chung Hang Christopher
 wrote:
>
>>> Ah, well #1 on his list then is to figure out what he is running!
>>
>> LOL, I know it sounds quite noobish, coming across like I've no idea
>> what DBMS it is running on. The system currently runs on MySQL but
>> part of my update requirement was to decouple the DBMS so that we can
>> make an eventual switch to postgresql.
>>
>> Hence the solution cannot be dependent on some specific MySQL
>> functionality.
>
>
> mysql's isam tables have a reputation for surviving just about anything
> and great builtin replication support...
>
> postgresql less so (I suspect due to fake fsync/fsyncdata in the days
> before barriers) but maybe things have improved a lot nowadays.
>
> Why are you switching?
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos/Linux Disk Caching, might be OT in some ways

[Noob Centos Admin]

Hi,

On 1/27/10, Ross Walker  wrote:
>
> But if your doing mysql on top of LVM your basically doing the same,
> cause LVM (other then current kernels) doesn't support barriers.
>
> Still if you have a battery backed write-caching controller that
> negates the fsync risk, LVM or not, mysql or postgresql.

This is a bit of a surpise. Am I understanding correctly that running
postgresql or mysql on top of LVM negates any data reliability
measures the DBMS might have in the event of an unexpected shutdown?

I have several servers configured to run LVM on top of MD1 for the
convenience of being able to add more space to a volume in the future.
I didn't realize this was a reliability risk. :(
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS/SNMP update breaks MRTG?

[Noob Centos Admin]

I got itchy fingers over the weekend and decided to fix what wasn't
broken and upgraded one of the older servers from Centos 5.2 to Centos
5.3. Following the recommended process of updating glibc and such
before the rest, it appeared to work perfectly and rebooted without
problem.

However, MRTG 2.15.2 started complaining about unexpected values. I
installed/updated both MRTG (2.16.2) and net-snmp to the latest
available in hope of fixing it. Subsequently, MRTG stopped working
altogether.

I've spent the whole weekend and whole Monday morning trying to fix it
and thus far have only finally managed to get garbage values showing
up in MRTG again as opposed to nothing. And this required learning
about SNMP and adding many additional lines to  the original MRTG
configuration file, none of which I had to do previously.

Did anybody else have similar experiences with MRTG failing after the
update and what was the simple fix? It does not make any sense that I
have to jump through so much hoops to get just the default
functionality back. Thus I believe there must be one small thing I'm
overlooking.

Thanks for any advice.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS/SNMP update breaks MRTG?

[Noob Centos Admin]

Hi,

> Perhaps the OIDs changed for the interfaces you are monitoring.
>
> Have you tried re-running cfgmaker to regenerate mrtg.cfg? It should
> pick up the correct OIDs again.

Yes I did, however the default MRTG configuration appears to contain
almost nothing. Consulting with others. it seems to be the norm, MRTG
should pick up the standard OIDs for the basics, i.e. load and network
traffic if nothing's specified.

Currently, I had to manually insert target lines after figuring out
the OIDs in order to get garbage data into the log files. Garbage data
because while the debug log shows some numbers corresponding to output
from top, MRTG is producing graphs that bear no resemblance to it.

Reproducing the entire default MRTG configuration would therefore
pretty much require a very long config file, as well as coming up with
formulas to twist the data into something that would produce sensible
graphs... which obviously don't seem like the right way to do it.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS/SNMP update breaks MRTG?

[Noob Centos Admin]

Hi,

> Did the update overwrite your snmpd.conf file?  The 'view' on the default one
> may not permit access to the things mrtg needs to see.  Try changing it to .1 
> to
> expose everything.

It might have done so. To be honest I have no idea since I've never
touched the SNMP configuration before this and simply used the
default. Currently there's nothing inside the snmpd.conf except a
rocommunity which is the public user.

I've added lines from an online source that claims that is the default
snmpd configuration and it looks like it should be allowing view all
to the public user. In any case, even prior to adding these lines, I
could get the relevant values off SNMP using command line with the
public community user, so I don't think I was blocking any thing in
SNMP

--- snmpd.conf --
#existing line
rocommunity  public localhost

#added by me
com2sec   publicdefault   public
group publicv1   public
group publicv2c  public
group publicusm  public
view  all  included  .1
accesspublic""   any  noauthexact all  none none
 end 


As expected, MRTG behaviour remains unchanged. In fact, looking at the
mrtg log, with the default blank mrtg.cfg it does not even appear to
be trying to poll SNMP. This is because if I added the target lines
myself, MRTG would at least scream at me if SNMP does not return
values or cannot find the variable name.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS/SNMP update breaks MRTG?

[Noob Centos Admin]

Thanks guys for all the suggestions. None of it changed the situation
but I'm beginning to think that it might have to do with SNMP not
accepting word names in MRTG, or more specifically some kind of
language encoding issue.

This is because of the following reasons

1. It's been pointed that out that MRTG need to be started with the
options env LANG=C because it won't work properly if LANG is UTF8

2. On some options I try in MRTG, the log shows some error about Wide
characters returned from SNMP, and I see a chinese character, which
obviously shouldn't be a return value.

3. Addressing SNMP variables by name does not work in MRTG, but works
from command line. e.g. something like ssRawCpuLoad is fine in command
line, but does not work in MRTG config file, only the dot-numeric
equivalent would return some kind of data in MRTG.

4. The problem started AFTER I rebooted the system after the update,
so the reboot might have possibly allowed some settings to take effect
with regards to the server's encoding. Maybe Centos 5.3 went from an
EN_US language default to UTF8 default?

If this is indeed the case, how would I possible change the
interface/shell language settings back to the English one, since I
don't typically need to input non-English characters nor view them in
shell?

I've added a LANG='en_US' and export LANG line in /etc/profile but it
doesn't seem to be doing anything. Do I need a reboot for it to work
like I am guessing based on #4 above?

Thanks!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS/SNMP update breaks MRTG?

[Noob Centos Admin]

Hi,

> I don't see any similar problem on machines upgraded to Centos5.3 that
> are monitored with (and running) OpenNMS, so I'd guess that since you
> didn't change your snmpd.conf settings it is MRTG-specific.

I think it's my server, quite possibly I screwed up something during
the initial setup two years ago or along the way updating it from 5.0
and so forth until it's not behaving in any recognizable manner
anymore.

> And btw: OpenNMS might be overkill for your purpose, but you might want
> to take a look:  http://www.opennms.org.

It looks good and I decided to give it a try in hope that maybe it can
be up and running faster than I can get MRTG to work again.
Unfortunately, as above mentioned, my server does not behave like a
CentOS server anymore. Following the steps at OpenNMS, I get to the
install -dis stage where it promptly dies because it cannot find jrrd.

downloaded jrrd but it refuses to ./configure because it cannot find rrd_create

yum install rrdtool but there was no rrd_create

searched online and the only result that was similar... was somebody
having the same problem on a Solaris server <-- hence making me wonder
if I was logging into the wrong server. Using the instructions there
however, I at least learnt how to tell configure where rrdtool was...
but it still cannot find rrd_create for the ./configure process

Having spent almost 5 days on this, I'm officially giving up on
monitoring the server with these tools. Writing a PHP script seems a
lot faster, I've already gotten a basic script running to pull load
figures from exec'ing uptime and emailing warnings if the load figures
stay above a certain level.

Now I just have to expand the script to exec snmpget for the other
metrices I need to keep track of. It's really frustrating that I have
to resort to writing my own code when these things worked fine for
other people.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS/SNMP update breaks MRTG?

[Noob Centos Admin]

Hi,
> well, i note there's a few versions of rrdtool in the various
> repositories.   the stock CentOS 5 version 9from upstream) is 1.2.30,
> while rpmforge has 1.3.7, also a seperate rrdutils package (I have no
> idea whats in it)

*sigh* The stuff of nightmares, I did have 1.3.7 installed after
checking. But searching on this direction finally yielded an important
piece of information. Somebody posted back in 2008 on a site to IGNORE
the jrrd problem because OpenNMS supposedly comes with some kind of
java rrd already installed (which begs the question of why then is the
jrrd step mentioned in the install guide).

So I went ahead with the install process which then complained that my
postgresql was the wrong version, i.e. 8.4 instead of max of 8.3, but
at least this time it kindly offered a -Q option to ignore the version
restrictions at my own risk.

I did. Then it was on to another problem, with OpenNMS dying on
startup due to port clash with DHCP. Fortunately again, this was noted
as something that happens quite often on Linux systems and a quick fix
was to simply comment out the dhcp configuration.

After that, it was just the usual matter of opening a port in iptables
for the opennms/tomcat and FINALLY something was working.

I'm crossing my fingers that ignoring the jrrd, ignoring the versions
and ignoring the dhcp monitor isn't going to bite me one of these
days. For now, "ignore"nce is bliss :D
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS/SNMP update breaks MRTG?

[Noob Centos Admin]

Hi,

> java.  I don't remember seeing this problem when installing from the opennms 
> yum
> repository, though.

I didn't expect it either, honestly. In most cases, updates/installs
does go relatively painlessly if I don't mess up following
instructions/guides. In this case, I guess I just tripped up over the
unessential jrrd.

> Are you getting any benefit from mixing all of these non-stock versions on 
> your
> system?  How many different repositories that contain conflicting versions of
> packages do you use?  Normally epel doesn't overwrite stock packages and 
> opennms

I've no idea honestly, my primary role isn't server admin and I'm just
winging it as I go along to support what I'm supposed to be doing with
the server.

The PG 8.4 was because we're developing something for our client who's
on that server, so I'm standardizing on 8.4 and likely will stick with
it for quite a while, rather than going with the 8.3 since there
appears to be quite a few changes in 8.4, especially on warm standby
features.

Apart from what's needed, I usually try to avoid installing things on
the public web servers we have.

> That is normal - typically you'd run opennms on a machine dedicated to
> monitoring, with perhaps thousands of targets so it wouldn't be running a lot 
> of
> other services.

Well, unfortunately, there's only that pair of machine in that
particular location. I really needed the monitoring tool up on it
because I've been noticing a higher than normal load since the
weekend. My quick hack of a PHP/cat /proc/loadavg script was also
alerting me consistently. After a couple of hours on opennms, it
became obvious that something was hitting the server. Turns out that
the client did not set the appropriate measures on their forum
software and bots were having a field day hitting it to break the
image recognition and finally got through to spamming.

> Removing it won't bother opennms.  It has an assortment of application probes
> that it uses in addition to snmp and is intended to work automatically with
> large numbers of targets - when it discovers a node (or you add it),  it 
> probes
> the application ports to see what is running, then periodically tests again 
> and
> notifies you when something that was previously running stops working.  
> However,
> it is very configurable and you can add/remove whatever you want.

Yup, it's pretty cool and that web interface really helps. While I am
perfectly at home using a text editor, I really don't want to have to
wade through and edit tons of text just to do something a few clicks
should handle.

Thanks again for pointing me to opennms :)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS/SNMP update breaks MRTG?

[Noob Centos Admin]

Hi,

> A possible work-around is to use a VPN like openvpn to give you what
> look like normal routes to remote locations even with private addressing.

Given the amount of trouble I've had just getting monitoring to work,
I don't think I'm even going to try fiddling with openVPN.

Besides which, after I went to sleep happily last night, I  woke up
this morning to find openNMS has decided to mysteriously stop working
just like MRTG previously. The service is running, opennms -v status
indicates every is a-OK, but the web interface is just not responding.
No log entries, not a single clue. Nothing changed, except my mood or
maybe the datacenter decided port 8980 is an hacking attempt and
decided to close it off. :(

I'm so tired of this whole monitoring crap that I'm not even going to
bother to fix it. My crude load warning script still runs fine. So
until it starts complaining consistently about the load, I think I'm
just going to be an irresponsible admin on top of being a noob one and
just do work that I'm getting paid for. *sigh*
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NIC traffic monitoring, recording and reporting software?

[Noob Centos Admin]

On Fri, Jul 17, 2009 at 12:07 AM, James B. Byrne wrote:
> I have snmpd and mrtg running and reporting against my Cisco router.
>  What I want to do is to configure snmp so that I can monitor
> network traffic across the host's own eth0 NIC.  Is this even
> possible for a generic NIC running on a x86_64 or i686 host?

Shouldn't be a problem since I was monitoring my server's own NIC
traffic and load with MRTG before it stopped working. If I'm not
mistaken, it's a matter of configuring snmp to check localhost in
addition to your router's IP.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Help: Server security compromised?

[Noob Centos Admin]

Hi,

Need some help about this as it's gotten me really concerned.

I'm probably reading too much into this but for about two weeks now my daily
log has increased by almost 10 times.

After running through a couple of days of logs with a script, it seems that
I'm getting flooded on SMTP from this IP
219.64.114.52 which belongs to VSNL and appears to be statically assigned IP
(219.64.114.52.chn.bb-static.vsnl.net). This IP address is apparently listed
in the spamhous.org Policy Block List, eXploit Block List and Composite
Block List, which basically indicates it's either an open proxy or a
hijacked system.

I'm not sure what it's trying to do, but for exactly 10 hours a day which
correspond to India 9:30am or so until 7pm or so, I will get massive amounts
of SMTP connections from this host. It will attempt to masquerade as domains
on my server while trying to send to non-existent accounts on these domains.

2008-08-06 13:32:58 H=(.com) [219.64.114.52] F=<[EMAIL PROTECTED]>
rejected RCPT <[EMAIL PROTECTED]>:
2008-08-06 13:32:58 H=(.com) [219.64.114.52] incomplete
transaction (connection lost) from <[EMAIL PROTECTED]>
2008-08-06 13:32:58 unexpected disconnection while reading SMTP
command from (.com) [219.64.114.52]
2008-08-06 13:32:58 H=(.com) [219.64.114.52]
F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>:
2008-08-06 13:32:58 H=(.com) [219.64.114.52] incomplete
transaction (connection lost) from <[EMAIL PROTECTED]>
2008-08-06 13:32:58 unexpected disconnection while reading SMTP
command from (.com) [219.64.114.52]



At this point, I thought it was just a case of a dedicated spamming, until I
decided I had enough of multi-megabytes daily logs flooding my mailbox, plus
the fact it was probably contributing to an increase server load in the past
weeks as the mail daemon had to handle the connections.

So I thought I could just block the IP using iptables.

I had a bad experience locking myself out by accident after editing the
iptables file so for this time I decided to test from command line first
using instructions from the Internet like this

/sbin/iptables -A RH-Firewall-1-INPUT -s 219.64.114.52 -j DROP

and I got an error that chain/command

/sbin/iptables -L produces "blank" output

[EMAIL PROTECTED] confused]# /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source   destination

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination



which was of course a shock to me, since that seems to say that my server
firewall is basically non-existent.

I did a /sbin/service iptables restart and iptables -L produced the expected
output showing all the rules on file. I could then add the new rule from
command line without any messages.

Minutes later, my tail -f on the exim log started spewing the smtp messages
AGAIN.

iptables -L again shows NO RULES

Everytime I restart, iptables, for a short while, the rules are there. But
minutes later, it's wiped. So I'm very concerned that the server had been
compromised and something is wiping my iptables.

Or am I just badly mistaken about the way iptables -L is supposed to work?

If not, what should I do next to find and eliminate this problem? Thanks in
advance for any advice!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help: Server security compromised?

[Noob Centos Admin]

More information, after noting the cyclical shutdown of the firewall, I
looked into crontab and found a line that stops apf every 5 minutes and
directs the output to null.

I cannot copy the exact line now because of my stupidity (good reason why I
call myself a noob).

After noting this, which obviously is not a line I entered, which I suspect
(wrongly) was injected by some hacker, I removed it. Then proceeded to check
apf which was installed by a third party script.

As I noted the comments in the apf.conf, I realized that the autoshutdown of
the firewall was due to development settings in the apf.conf file to prevent
lockout due to bad firewall configurations. And just as I had the "OH SHIT"
thought, my SSH got disconnected and I promptly found myself locked out of
the server.

Since I followed some of the rules about SSH and used a non-standard port
for SSH and disable SSHD listening on the default port 22, I've no way back
into the server and all services on that server are now apparently dead to
the way. :(

So I'm now prepping for a long ride to the IDC if a reboot doesn't help my
stupidity.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help: Server security compromised?

[Noob Centos Admin]

On Wed, Aug 6, 2008 at 3:06 PM, Bent Terp <[EMAIL PROTECTED]> wrote:

> On Wed, Aug 6, 2008 at 8:29 AM, Noob Centos Admin
> <[EMAIL PROTECTED]> wrote:
> > Since I followed some of the rules about SSH and used a non-standard port
> > for SSH and disable SSHD listening on the default port 22, I've no way
> back
>
> IMNSHO that's not particularly effective - much better to set up SSH
> keys and either set
> 'PermitRootLogin without-password' in /etc/ssh/sshd_config; or
> set 'PermitRootLogin no', and then su or sudo from your regular user -
> I know the latter IS more secure, but it's also more annoying to work
> with


I did that too, no root login and everytime I have to su from normal user.
It is a pain to work with especially with having to use full pathnames for
commands instead of say just doing a "service httpd restart". But I figured
it was better safe than sorry and as well as I can do since I could not
figure out how to properly create a self-sign SSL cert.


Remember to reinstall from scratch if your server has been compromised
> - there are thousands of dark dusty corners for the bugs to hide, once
> they're inside, so don't expect to be able to flush them out.
>

Well, the thing is I'm not sure if it's compromised since now it became
obvious that the iptables is just being reset by the apf settings.. which is
at the moment a good thing since on reboot, apf re-added the lines to
disable the firewall every 5 minutes so I'm able to get back into the
server.

Now I just have to figure out where exactly can I add the block for the
offending VNSL IP address and have it work without choking up. However, I
decided to try whatever it is on Saturday so clients won't be hopping mad
why everything's dead.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help: Server security compromised?

[Noob Centos Admin]

Hi,


On Wed, Aug 6, 2008 at 3:07 PM, Robert - elists <[EMAIL PROTECTED]>wrote:

> If server is not compromised, just edit the smtp configs to deny acceptance
> from that ip block
>
The EXIM configurations are even more nightmarish than iptables, which at
least made some sort of sense. I've been plugging the ip address into the
various bad_sender bad_host etc files in the exim configuration directory
but it's still not ignoring it. The EXIM smpt/MTA will still accept the
connection, then check and realize hey something's not quite right, then
issue a reject before the VNSL machine terminates the connection. So the
server's still wasting resources handling tens of thousands of such
transaction and chewing up log space at the same time.

Hence I have to resort to just blocking from iptables.

Of course, it could very well be my own admitted incompetence that I'm doing
something wrong here so Exim is not working the way I expect. I'm very very
wary about messing any deeper with the mail settings because a server that's
obviously dead to the world is much easier to notice than client emails
mysteriously disappearing for days due to bad config before they realize it.


Why doesn't the server have an ILO port or something to that effect?
>

Well, my boss's a cheapskate and his clients are cheapskate so a couple of
years back I was assigned the server administration job on top of my regular
day role to setup the server with OTS parts. Hence the half baked setup
based on a tight budget and whatever information I can glean from the
internet and the good folks on forums and mailing lists.

So for the ILO? Well, only today did the term enter my mind. Although I did
vaguely remember suggestions for a remote reboot button but it was beyond my
know how to setup.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help: Server security compromised?

[Noob Centos Admin]

Hi,


If you use
> su
> only, you assume root privileges without the root environment.
> Rather do
> su -
> which gives you the full root environment, including path.
> The same holds for other users, i..e
> su - joe
> switches the user to the user joe with full environment.
>

Thanks a million for that! Going to save me a ton of time from issuing
whereis command to find commands when I need to follow instructions off a
website!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help: Server security compromised?

[Noob Centos Admin]

Thanks Steward and Robert for those suggestions, they make plenty of sense!.


About the two SSH terminal, if I activate a wrong firewall change that
blocks the SSH port, would it not also terminate the existing terminals
since new packets going in would be rejected, or does it not affect already
established TCP connections?


Probably also going to make a script to shutdown the firewall as well as one
for reboot. Since so far all 3 times my noobness involves firewalling myself
out, although in a slightly different way each time!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help: Server security compromised?

[Noob Centos Admin]

On Thu, Aug 7, 2008 at 1:54 AM, Sorin Srbu <[EMAIL PROTECTED]> wrote:

>  Seen this?
>
>
> http://www.askbjoernhansen.com/2007/09/18/safely_change_firewall_rules_remotely.html
>
Unfortunately, only after you pointed it out :(
But thankfully whoever wrote APF apparently knows this, hence it does insert
an automatic reset of the firewall after 5 minutes.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help: Server security compromised?

[Noob Centos Admin]

On Thu, Aug 7, 2008 at 11:53 PM, Ray Leventhal <[EMAIL PROTECTED]> wrote:

>
> My US$0.02 on this.I'm a fan of apf as a front-end to iptables...but it
> takes some reading to understand the switches and the entire RAB (reactive
> address blocking) configuration options.  Sadly, RAB is poorly documented,
> but with a bit of tinkering, I've enjoyed this feature tremendously as it
> cuts down on the hammering I used to get to port 22 by the bots and script
> kiddies.


Sad to say my usual tasks keep me sufficiently occupied that I hardly have
the time to study what APF actually does. It came with ELS (Easy Linux
Security) scripts with directadmin, sounds like A Good Idea (tm) so I just
installed it. Personally I'm aghast at the manner in which I'm running the
server but practically there is only that much time I can devote to being
the server admin.


If you've a static IP at your workstation, add your IP address to the apf
> nicely formed 'allow_hosts.rules' file, usually located in /etc/apf.  This
> is a simple IP address or IP block list (using slash notation, i.e.
> 192.168.1.0/24) to allow access to an IP or range of IPs.  Further, the
> deny_hosts.rules list is the same format for hosts to always deny.


I had considered this allowed only x.x.x.x ip strategy very early on since
it appeared to be an obvious way to head off attacks/probes from external
parties. Unfortunately, like most folks, I'm on dynamic IP. My primary role
also requires me to run around very often, necessitating urgent
administration from a variety of potential sub-networks from whichever ISP
happens to be providing access at the location. So I figured it would be
quite impractical to attempt to limit access to only certain IP addresses.


Although thinking about it now, extending the concept from a previous
suggestion, I suppose it is theoretically possible to write a privileged
script accessible from one of the server hosted domains to activate an
allow-host rule addition to the firewall and a cronjob that routinely
activates another script to removed added hosts after 1 hour or something.
So anytime access is needed, I would hit the website to activate the script
to open up SSH access to the IP I am using at the moment and then SSH in.

But of course, easier said than done since I barely know shell scripting and
allowing exec in PHP had always been met with a big frown personally. :D
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Help setting up external drive via Firewire

[Noob Centos Admin]

I got a WD 1TB My Book with eSATA/USB/Firewire400 connectivity to backup
data on a client Centos 5.1 machine.

USB 2.0 works fine out of the box but is rather slow, Nautilus predicts
about 1+ hour to fully backup just one day's worth of data or about 100GB.

So I was hoping Firewire would be faster, which is why we got the version
with all 3 interfaces to experiment with first.

Following the suggestions given to another user here
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=15767&forum=37

I updated the system's kernel to the CentoPlus
[EMAIL PROTECTED] ~]$ uname -s -r
Linux 2.6.18-92.1.10.el5

After a reboot, everything appears to work as expected, with the
motherboard's TI Firewire controller detected
[EMAIL PROTECTED] ~]# lspci | grep 1394
04:07.0 FireWire (IEEE 1394): Texas Instruments TSB43AB23 IEEE-1394a-2000
Controller (PHY/Link)

However, now I'm stuck as the system does not appear to detect the drive
when I connect the firewire cable and turn it on.
I've followed some of the suggestions to check the drive status like
"fdisk -l" but this only shows the drives already installed in the system
"tail -f /var/log/dmesg" shows no new messages when the drive is
connected/powered on

So I'm at a loss as to what else I should be doing to get Firewire to work
and will appreciate any help on this.

Thanks!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help setting up external drive via Firewire

[Noob Centos Admin]

On Wed, Aug 13, 2008 at 4:50 PM, Laurence Alexander Hurst <
[EMAIL PROTECTED]> wrote:

> 2 things jump out:
>1. As has already been pointed out that is not a Centos Plus kernel.
> Did you reboot after installing the new kernel? (You have to reboot for a
> kernel update in order to be running the new kernel).


Thanks Akemi & Lawrence for pointing out the obvious that I was blind to! :D
I overlooked the exclude line for the Centos Update repo so yum took the
wrong kernel update instead. Now downloading  2.6.18-92.1.10.el5.centos.plus
and hopes everything will work after this.



>
>2. 1 hour to copy 100GB sounds like a very good speed. Obviously the
> eSATA interface will be the fastest as it will the the same as having it
> plugged directly into the SATA controller. For reference I recently copied
> 73GB from an internal SATA drive to an internal (software) raid0 array (made
> up of 2 SATA disks), and that took 1.5hours.


The first day's transfer just completed and it took about 1hr 10 minutes for
101GB, from du -h, which I think is in terms of 1024. So that's like
24.6MB/s which admittedly appears to be around the maximum real world data
transfer rate for USB 2.0. According to some reviews of this WD model, the
Firewire was supposedly up to 1/3 faster (they had figures of 35MBps vs
44Mbps).

So I am hoping to see a similar speed from the Firewire here to save some 20
minutes of waiting time, a whole week's backup would be almost 2.5 hours of
savings!

Going to reboot the system now with the new kernel and hopes I don't lose
the NIC or something :D
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help setting up external drive via Firewire

[Noob Centos Admin]

On Wed, Aug 13, 2008 at 5:16 PM, Rainer Duffner <[EMAIL PROTECTED]>wrote:

>
> There's a reason someone came up with this eSATA stuff...


Unfortunately the machine has no more spare SATA connectors. Installing an
eSATA card and such, would probably be yet another learning experience on a
machine the client is not particularly keen on seening downtime as it's
collecting data 24/7 :(
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help setting up external drive via Firewire

[Noob Centos Admin]

The kernel update was successful and dmesg returns the following
ieee1394: The root node is not cycle master capable; selecting a new root
node and resetting...
ieee1394: Error parsing configrom for node 0-00:1023
ieee1394: Node changed: 0-00:1023 -> 0-01:1023
ieee1394: Node added: ID:BUS[0-00:1023]  GUID[0090a9f6717e5649]
ieee1394: sbp2: Driver forced to serialize I/O (serialize_io=1)
ieee1394: sbp2: Try serialize_io=0 for better performance
scsi6 : SBP-2 IEEE-1394
ieee1394: sbp2: Logged into SBP-2 device
ieee1394: Node 0-00:1023: Max speed [S400] - Max payload [2048]
  Vendor: WDModel: My Book   Rev: 1028
  Type:   Direct-Access  ANSI SCSI revision: 04
SCSI device sde: 1953525168 512-byte hdwr sectors (1000205 MB)
sde: Write Protect is off
sde: Mode Sense: 10 00 00 00
sde: cache data unavailable
sde: assuming drive cache: write through
SCSI device sde: 1953525168 512-byte hdwr sectors (1000205 MB)
sde: Write Protect is off
sde: Mode Sense: 10 00 00 00
sde: cache data unavailable
sde: assuming drive cache: write through
 sde:<6>sd 6:0:0:0: Device not ready: <6>: Current: sense key: Not Ready
Add. Sense: Logical unit not ready, initializing command required

end_request: I/O error, dev sde, sector 0
Buffer I/O error on device sde, logical block 0
sd 6:0:0:0: Device not ready: <6>: Current: sense key: Not Ready
Add. Sense: Logical unit not ready, initializing command required

end_request: I/O error, dev sde, sector 0
Buffer I/O error on device sde, logical block 0
sd 6:0:0:0: Device not ready: <6>: Current: sense key: Not Ready
Add. Sense: Logical unit not ready, initializing command required

end_request: I/O error, dev sde, sector 0
Buffer I/O error on device sde, logical block 0
sd 6:0:0:0: Device not ready: <6>: Current: sense key: Not Ready
Add. Sense: Logical unit not ready, initializing command required

end_request: I/O error, dev sde, sector 0
Buffer I/O error on device sde, logical block 0
ldm_validate_partition_table(): Disk read failed.
Dev sde: unable to read RDB block 0
 unable to read partition table
sd 6:0:0:0: Attached scsi disk sde
sd 6:0:0:0: Attached scsi generic sg4 type 0
scsi7 : SBP-2 IEEE-1394
ieee1394: sbp2: Logged into SBP-2 device
ieee1394: Node 0-00:1023: Max speed [S400] - Max payload [2048]
  Vendor: WDModel: My Book DeviceRev:
  Type:   Enclosure  ANSI SCSI revision: 04
scsi 7:0:1:0: Attached scsi generic sg5 type 13


fdisk -l
Disk /dev/sde: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot  Start End  Blocks   Id  System
/dev/sde1   *   1  121601   976760001c  W95 FAT32 (LBA)


The problem now is when I try to mount /dev/sde1, mount tells me that
special device /dev/sde1 does not exist.

Neither does trying to mount /dev/sg4 or /dev/sg5 works, mount says they are
"not a block device".

What should I be trying next? Thanks!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help setting up external drive via Firewire

[Noob Centos Admin]

Scratch that last message. I removed the drive to verify the copied content
on another machine and realized I forgot to copy one folder. Plugged it
back, with the wrong connector, using the Firewire instead of USB, probably
because my mind was still on the Firewire issue.

This time round, gnome desktop automounted the drive and there it was on my
desktop to my surprise.

Checking with mount
/dev/sde1 on /media/My Book type vfat
(rw,noexec,nosuid,nodev,shortname=winnt,uid=502)

I've no idea why or what happened, just glad it works! :D

Now testing it out with another day's data about 112G worth and Nautilus is
estimating about 60 minutes, so that's about 31.8MB/s or 29% faster.
Although Nautilus was a bit optimistic with the previous transfer so the
Firewire still likely a good 20% to 25% faster.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help setting up external drive via Firewire

[Noob Centos Admin]

On Fri, Aug 15, 2008 at 8:56 AM, Filipe Brandenburger
<[EMAIL PROTECTED]>wrote:

> On Wed, Aug 13, 2008 at 18:43, Bill Campbell <[EMAIL PROTECTED]> wrote:
> > My experience with Firewire has not been all that good.  I figured that
> > since Apple had been using it for years, and it is an IEEE standard, that
> > Firewire would be more reliable than USB.  I was also a bit wary as the
> USB
> > disk drivers on SuSE gave warning messages saying they might not be very
> > reliable.
>
> Same here. I just migrated our backups from Firewire 800 to USB2,
> because the Firewire was causing us a kernel crash per week and we
> were having to reboot our server because of the backup drives. This on
> three different machines, one running SuSE 10 and two others with
> CentOS 5 with the centosplus kernel.
>
> I haven't had any problem with the machine since the FW drive was plugged
> in and left plugged in since I have not been physically back on location.
> What causes this crash and how would I know it is related to FW or not, in
> the event but hopefully never, the system does crash?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 4 X 500 gb drives - best software raid config for a backup server?

[Noob Centos Admin]

On Thu, Feb 19, 2009 at 4:22 AM, Ray Van Dolson  wrote:

> The other side of the coin (as I think you mentioned) is that many are
> not comfortable having LVM handle the mirroring.  Are its mirroring
> abilities as mature or fast as md?  It's certainly not documented as
> well at the very least. :)
>

I remember googling for this before setting up a server some weeks ago and
somebody did a benchmark. The general conclusion was stick to md for RAID 1,
it has better performance. IIRC, one of the reason was while md1 will read
from both disk, LVM mirror apparently only reads from the "master" unless it
fails.

Furthermore, given the nightmare of a time I'm having trying to restore a
LVM PV sitting across 3 pairs of md RAID 1, I'll strongly recommend against
tempting fate by using LVM for mirroring as well.

Thankfully for the underlying md mirror, I can at least activate the LVM vg
and offload data in rescue mode even if it won't work off a normal boot.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 4 X 500 gb drives - best software raid config for a backup server?

[Noob Centos Admin]

On Sat, Feb 21, 2009 at 6:04 PM, John R Pierce  wrote:

> Kay Diederichs wrote:
> > hdparm -tT tests one type of disk access, other tools test other
> > aspects. I gave the hdparm numbers because everyone can reproduce them.
> > For RAID0 with two disks you do see - using e.g. hdparm - the doubling
> > of performance from two disks.
> > If you take the time to read (or do) RAID benchmarks you'll discover
> > that Linux software RAID1 is about as fast as a single disk (and RAID0
> > with two disks is about twice the speed). It's as simple as that.
> >
>
>
> maybe with a simple single threaded application.  if there are
> concurrent read requests pending it will dispatch them to both drives.


I'm waiting for a 10 hour backup to be completed before doing recovery on a
server (ok recovery is a nice way to put it, truth is I gave up any hope of
making the screwed LVM setup work and going to wipe/reinstall after the
backup), I'll probably be able to try some tests.

However, I don't know enough to do this properly. So some questions:

Would running two CP command to copy 2 different set of files to two
different targets suffice as a basic two thread test?

Is there a way to monitor actual disk transfers from command line without
having to do manual timing?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 4 X 500 gb drives - best software raid config for a backup server?

[Noob Centos Admin]

On Sat, Feb 21, 2009 at 11:42 PM, Chan Chung Hang Christopher <
christopher.c...@bradbury.edu.hk> wrote:

>
>  Would running two CP command to copy 2 different set of files to two
>> different targets suffice as a basic two thread test?
>>
>>
> So long as you generate disk access through a file system and not hdparm.
>
>> Is there a way to monitor actual disk transfers from command line without
>> having to do manual timing?
>>
> Like I said: iostat
>
> Thanks for the information. I checked iostat on one of my older servers
running off CentOS 5.0 (2.6.18-53.1.21.el5xen) which was also running md
raid 1 and it also confirmed that the md raid 1 was getting reads from both
member devices.

Although looking at it now, I think I really screwed up that installation,
being my first, I had md running on top of LVM PV *slap forehead*
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 4 X 500 gb drives - best software raid config for a backup server?

[Noob Centos Admin]

On Sun, Feb 22, 2009 at 7:05 PM, Ian Forde  wrote:

> RAID in software, whether RAID1 or RAID5/6, always has manual steps
> involved in recovery.  If one is using standardized hardware, such as HP
> DL-x80 hardware or Dell x950 boxes, HW RAID obviates the need for a
> "recovery procedure".  It's just easier.  You can still boot from a
> single drive, since that's what the bootloader sees.  There are no
> vendor instructions or utilities needed for recovery.  Nor is there a
> backup controller needed.
>

If I have to do hardware raid, I'll definitely spec in a backup controller.
Learnt this the hard way when my raid 5 controller died years after I first
got it and I could no longer find a replacement.

For high budget projects, having the extra raid controller as insurance
isn't a big deal. But for most budget setup and cost conscious clients, soft
raid obviates that hardware dependency.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Easiest way to get samba up and working for Windows users?

[Noob Centos Admin]

Everytime I have to setup samba to handle Windows users, sometime
inadvertently goes wrong or doesn't work the way I expected, or takes
forever to setup, especially when there are many users and various policies.
So far, the easiest, sureest and quickest method appears to be install
WindowsXP into VMWare and use it to handle Windows sharing. Needless to say,
this strucks me as rather ironic and stupid.

Thus could anybody please suggest a working frontend to samba that makes it
easy to add users, set their permissions and get something that works like
basic windows file sharing?

So far I've tried the following which all don't quite work.

1. CentOS's samba configuration tool
- added users never show up on the share configuration so the only shares it
could create was for public access.

2. Webmin
- thinks it added the users, but again they never show up when checked
against the bundled CentOS tool and needless to say, the shares never work
too

3. Samba SWAT
- Very confusing tool, selecting shares sometimes end up as another share,
and again, doesn't seem to work.


So I just need a very basic tool that will reliably allow me to do the
following
- specify user name, specify password, and maybe specify a group
- specify a share the user or group has read only or read/write access
- force new files/folders to take on group ID so that it behaves like a
normal windows share

Don't need print services or anything, it's just far easier to dump a
hardware print server into the network than to contemplate the additional
complexity of making something like CUPS work.

Just need to make sure that the Windows users can browse to the folders, get
a prompt for their login and password where needed.

Thanks!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Easiest way to get samba up and working for Windows users?

[Noob Centos Admin]

On Tue, Feb 24, 2009 at 3:12 AM, Craig White  wrote:

>
> probably not the answer you want to hear but...
> swat is supposed to be the tool for simple administration.


I was afraid of that. By the time I gave up and completed the task manually,
I was thinking maybe it might be easier to write my own script to repeat all
those useradd, gpasswd -a, smbpasswd and nano smb.conf :(


> You are asking several questions but lumping them all under one category
> samba. The concept of UNIX or Linux administration is simple text files
> that can be manipulated with just about any editor that suits you though  I
> would suggest that you refrain from using Windows editors because they  add
> line endings that often cause issues.


No worries about that one, I only edit conf files on my CentOS box using
nano. The closest to using Windows for this is to manage my servers are SSH
through putty, and writing long php scripts to be uploaded.


> the group idea is rather simple...
> let's say that you have a directory /home/samba/files and you set up a
> share in smb.conf called [Files], and all your users are members of the
> group 'users' then you would simply 'chgrp users /home/samba/files' and
> 'chmod g+s /home/samba/files' and that enables the 'group sticky bit' so
> that all files and folders in that directory are owned by group 'users'


For a single common to everybody share it was easy of course. In fact, for
something like that, I'll do away with bothering everybody with a login and
simply make a single login everybody shares for filesharing.

It's when I have 8 people  who have to share aaa, then a sub group B have to
share bbb, then a subgroup C have to share ccc, then a subgroup of people
from B+C need to share ddd and so forth that it becomes untenable to do
everything by hand and the tools at the moment just dont cut it.

Now adding users is a bit more complicated in that samba users must
> necessarily be Linux users AND samba users so they would have to be added
> to both systems.


This was one of the caveats I discovered over time, struggling with webmin
and the likes.

Something like Webmin can help here in that it can be configured to
> automatically create the samba user at the same time that a Linux user  is
> created but it doesn't do that upon first install.


Except of course webmin doesn't actually create the smbuser correctly. Maybe
it has to do with how I use it, but maybe again like CentOS's tool, that
particular functionality is actually broken.


You probably want to check out something like the 'Samba By Example'
> publication which can be purchased at your favorite bookstore in dead  tree
> form or can be downloaded in PDF form or read online @
> http://www.samba.org/samba/docs (see left side) which will walk you
> through basic steps.


Trust me, I did read through that. I usually don't like to bug people for
help unless I really cannot find any relevant existing information and
cannot figure out what else can I try.


Thanks for replying in any case :)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Easiest way to get samba up and working for Windows users?

[Noob Centos Admin]

On Tue, Feb 24, 2009 at 3:23 AM, Ned Slider  wrote:


> The samba configuration tool (system-config-samba) is finally fixed in
> 5.3 (due out soon) and will now correctly show added samba users :-)
>

Honestly, I'm so glad to see this! Although I won't likely benefit from it
until the next server install or re-install, at least I now know it wasn't
ME! :D
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Easiest way to get samba up and working for Windows users?

[Noob Centos Admin]

On Tue, Feb 24, 2009 at 5:52 AM, Les Mikesell  wrote:
> Is there a windows domain or AD in this picture somewhere?

Not at all for all the usual Windows network migrations I've been
setting up. Typically small offices with less than 20 people so they
simply used workgroups without domains.

> If you want something nicer, run freenx on the server and the NX

Thanks for the suggestion, I discovered freenx just days ago and
actually had the packages installed on the new setup, just have not
gotten around to using it.

> Then the samba shares look like:
>
> [aaa-share]
>    comment = aaa workspace
>    path = /path/to/aaa-share
>    public = no
>    valid users = @aaa
>    writable = yes
>    printable = no
>    force create mode = 0775
>    force directory mode = 775
>    force group = aaa

I just had an OMFG moment reading your conf. Does the valid use...@aaa
means all users in the group aaa? I thought I had read it to mean
exclude hence never tried it, instead I had tried things like valid
users = groupAAA which obviously didn't work.

> If you use smb authentication against a domain controller
>all you have  to do is create the linux users with the same login
> name.  With winbind  you might not even have to do that, but
> then I don't know how you
> control the groups.

Would setting up a domain controller on the CentOS be better in the
long run for only 10 to 20 people situation? I've avoided it since I'm
still learning to setup Linux based servers and didn't want to bite
off more than I can chew.

Thanks again for all the suggestions!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Easiest way to get samba up and working for Window users?

[Noob Centos Admin]

On Tue, Feb 24, 2009 at 6:26 AM, Ned Slider  wrote:
> It is documented on the bug tracker and forums so is a well known
> issue and is fixed in system-config-samba-1.2.41-3.el5. You could
> always grab the upstream src.rpm now and build it yourself.

Thanks for the information, somehow it never struck me to check the
bugtracker for this since I always half assumed it must be something I
am not doing quite correctly!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Easiest way to get samba up and working for Windows users?

[Noob Centos Admin]

On Wed, Feb 25, 2009 at 1:20 AM, Les Mikesell  wrote:
> That makes it somewhat harder to use multiple machines since you end up
> having to create and maintain passwords on each.

True, but the usual work behaviour here means that seldom happen. Even
if they do need to work on somebody else's machine, most customers
simply used the permissions of whoever it is.

I've not quite succeeded in convincing any of them that it's a bad
idea to let everybody else in the department know your password for
"convenience".


> If you have to ask things like that, I'd recommend looking at the free
> SME server distribution.  It mostly uses Centos packages, but is a
> 'windows server' appliance that will do everything you are likely to
> need and more (including acting as a domain controller) with all
> administration through simple web forms.

Thanks for the suggestion, I'll take a look at it but chances are I
won't actually get to try it until at least a couple of months later
either with a new server or an existing. No point ruffling feathers
after just fixing what was broken! :D
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] xen on CentOS 4.7

[Noob Centos Admin]

On Thu, Feb 26, 2009 at 9:41 AM, Agile Aspect  wrote:
> I'm new to Xen and I'm not familiar with the jargon.

I'll second John's suggestion to go with VMWare Server. Being also
pretty new and noob to all these, my first attempt at running WinXP
and Win2003 Server in VMWare server was almost plain sailing.

Xen on the other hand, well, let's just say I spent more time on it
and that machine was re-installed with a non-Xen kernel. And that was
on CentOS5 which supposedly works better with Xen. Maybe it's my
noobness, but the same noob skill applied to VMWare worked fine so...

Given VMWare's long history, I think Xen probably just needs more time
to all the details right.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox plugins gone (but only for one user)

[Noob Centos Admin]

2009/2/26 Rob Kampen :
> Hi gurus
> I have a CentOS 5.2 current x86_64 that has Thunderbird and Firefox working
> well for one user account (my wife) but will not play nice for my account.

Have you tried creating a new profile (not new Linux account) in
Firefox and see if the new profile will work with new installs of the
plugins? In Windows, profile manager starts by running firefox
-profilemanager, not sure exactly if the same works in Linux or you
gotta to a firefox --profilemanager.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Easiest way to get samba up and working for Windows users?

[Noob Centos Admin]

I'm seriously befuddled by Samba now.

I followed the good advice given and got the previous server set up nicely.

I did the same thing on another one and it refuses to work.

1. useradd some users
2. gpasswd -a them to a "staff" group nd smbpasswd -a them
3. chmod g+s the staff directory
4. tested smbclient -L smbserver works
5. Windows user can see the Netbios name but not the share
6. Trying to access fails after timeout
7. Checked iptables/firewall not blocking
8. tail -f samba logs but nothing happens, it's like samba never see
the incoming request. Note that it doesn't log anything with smbclient
-L either.
9. mv the smb.conf and used a very basic one, similar to the one
suggested in this thread.
10. yum remove and installed samba again just in case

Still not working.

I'm almost certain now that samba coder snuck in a devious randomizer
that requires every single installation to only work after an random
sequence of actions is taken. :(

Any hints or magic words?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos