From MSennott at Tribune.com Sat Mar 1 17:22:44 2008 From: MSennott at Tribune.com (Sennott, Mark) Date: Sat, 1 Mar 2008 11:22:44 -0600 Subject: problem using virt-manager to create new vm Message-ID: <783174FB7BD64546AFA5EA71B17FB474032F4EF1@CHIMBEXVS1.TRIBUNE.AD.TRB> Running latest kernel on my dom0 (2.6.18-53.1.13.el5xen x86_64). Using virt-manager to create a new vm, I'm having a problem with getting it to do the install boot. It starts anaconda and downloads these files just fine (I'm using http): 163.194.210.162 - - [01/Mar/2008:10:49:00 -0600] "GET /rhel5164 HTTP/1.1" 301 321 "-" "urlgrabber/3.1.0" 163.194.210.162 - - [01/Mar/2008:10:49:00 -0600] "GET /rhel5164/ HTTP/1.1" 200 12980 "-" "urlgrabber/3.1.0" 163.194.210.162 - - [01/Mar/2008:10:49:01 -0600] "GET /rhel5164/Fedora HTTP/1.1" 404 294 "-" "urlgrabber/3.1.0" 163.194.210.162 - - [01/Mar/2008:10:49:01 -0600] "GET /rhel5164/Server HTTP/1.1" 301 328 "-" "urlgrabber/3.1.0" 163.194.210.162 - - [01/Mar/2008:10:49:01 -0600] "GET /rhel5164/Server/ HTTP/1.1" 200 675326 "-" "urlgrabber/3.1.0" 163.194.210.162 - - [01/Mar/2008:10:49:01 -0600] "GET /rhel5164/images/xen/vmlinuz HTTP/1.1" 200 1919768 "-" "urlgrabber/3.1.0" 163.194.210.162 - - [01/Mar/2008:10:49:01 -0600] "GET /rhel5164/images/xen/initrd.img HTTP/1.1" 200 5497587 "-" "urlgrabber/3.1.0" 163.194.210.162 - - [01/Mar/2008:10:49:35 -0600] "GET /demo01.cfg HTTP/1.0" 200 4666 "-" "anaconda/11.1.2.87" 163.194.210.162 - - [01/Mar/2008:10:49:35 -0600] "GET /rhel5164/images/updates.img HTTP/1.0" 404 306 "-" "anaconda/11.1.2.87" 163.194.210.162 - - [01/Mar/2008:10:49:35 -0600] "GET /rhel5164/disc1/images/updates.img HTTP/1.0" 404 312 "-" "anaconda/11.1.2.87" 163.194.210.162 - - [01/Mar/2008:10:49:35 -0600] "GET /rhel5164/images/product.img HTTP/1.0" 404 306 "-" "anaconda/11.1.2.87" 163.194.210.162 - - [01/Mar/2008:10:49:35 -0600] "GET /rhel5164/disc1/images/product.img HTTP/1.0" 404 312 "-" "anaconda/11.1.2.87" 163.194.210.162 - - [01/Mar/2008:10:49:35 -0600] "GET /rhel5164/images/stage2.img HTTP/1.0" 200 86077440 "-" "anaconda/11.1.2.87" It hangs after images/stage2.img. No useful messages show up in the text log (alt-F3 screen) and I get no prompt on the alt-F2 screen. I am already using the IP in the URL, so that's not the problem. Anyone seem something like this? -------------- next part -------------- An HTML attachment was scrubbed... URL: From dhunley at collab.net Mon Mar 3 14:06:26 2008 From: dhunley at collab.net (Douglas J Hunley) Date: Mon, 3 Mar 2008 09:06:26 -0500 Subject: can't get OS to use LDAP for accounts Message-ID: <200803030906.26623.dhunley@collab.net> I've got a nice clean recently built RHEL4 machine (all updates) that just won't see any users/groups in LDAP. I've run 'authconfig' and marked things as documented for our other, working server. I've bounced the machine. Our application can talk to the LDAP server and see the user/groups in questions. Where do I start debugging this? -- From Steven_Kalisky at symantec.com Mon Mar 3 14:10:08 2008 From: Steven_Kalisky at symantec.com (Steven Kalisky) Date: Mon, 3 Mar 2008 07:10:08 -0700 Subject: can't get OS to use LDAP for accounts In-Reply-To: <200803030906.26623.dhunley@collab.net> References: <200803030906.26623.dhunley@collab.net> Message-ID: Try turning off SELinux and then test. There are setting in SELinux for LDAP. Steven Kalisky OS Unix Engineering Cell: 541 868 7247 Office: 541 335 5908 steven_kalisky at symantec.com -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Douglas J Hunley Sent: Monday, March 03, 2008 6:06 AM To: redhat-sysadmin-list at redhat.com Subject: can't get OS to use LDAP for accounts I've got a nice clean recently built RHEL4 machine (all updates) that just won't see any users/groups in LDAP. I've run 'authconfig' and marked things as documented for our other, working server. I've bounced the machine. Our application can talk to the LDAP server and see the user/groups in questions. Where do I start debugging this? -- -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From mweber at alliednational.com Mon Mar 3 14:24:16 2008 From: mweber at alliednational.com (Michael Weber) Date: Mon, 03 Mar 2008 08:24:16 -0600 Subject: crontab question Message-ID: <47CBB5AF.640A.0013.3@alliednational.com> Greetings! I have a need to run a cron script periodically on two different machines. One should run the script on even hours and the other on odd hours. Is there a way to script the odd hour execution elegantly? 05 1,3,5,7,9,11,13,15,17,19,21,23 * * * root /usr/local/sbin/sync-help-files.sh is nowhere near as nice or intuitive as the even hour version 05 */2 * * * root /usr/local/sbin/sync-help-files.sh Thanx! -Michael E-MAIL CONFIDENTIALITY NOTICE: This communication and any associated file(s) may contain privileged, confidential or proprietary information or be protected from disclosure under law ("Confidential Information"). Any use or disclosure of this Confidential Information, or taking any action in reliance thereon, by any individual/entity other than the intended recipient(s) is strictly prohibited. This Confidential Information is intended solely for the use of the individual(s) addressed. If you are not an intended recipient, you have received this Confidential Information in error and have an obligation to promptly inform the sender and permanently destroy, in its entirety, this Confidential Information (and all copies thereof). E-mail is handled in the strictest of confidence by Allied National, however, unless sent encrypted, it is not a secure communication method and may have been intercepted, edited or altered during transmission and therefore is not guaranteed. From dhunley at collab.net Mon Mar 3 14:30:09 2008 From: dhunley at collab.net (Douglas J Hunley) Date: Mon, 3 Mar 2008 09:30:09 -0500 Subject: can't get OS to use LDAP for accounts In-Reply-To: References: <200803030906.26623.dhunley@collab.net> Message-ID: <200803030930.10015.dhunley@collab.net> On Monday 03 March 2008 09:10:08 Steven Kalisky wrote: > Try turning off SELinux and then test. ?There are setting in SELinux for > LDAP. an excellent idea. let me try that. thx -- From inode0 at gmail.com Mon Mar 3 14:31:17 2008 From: inode0 at gmail.com (inode0) Date: Mon, 3 Mar 2008 08:31:17 -0600 Subject: crontab question In-Reply-To: <47CBB5AF.640A.0013.3@alliednational.com> References: <47CBB5AF.640A.0013.3@alliednational.com> Message-ID: On Mon, Mar 3, 2008 at 8:24 AM, Michael Weber wrote: > Greetings! > > I have a need to run a cron script periodically on two different machines. One should run the script on even hours and the other on odd hours. > > Is there a way to script the odd hour execution elegantly? > > 05 1,3,5,7,9,11,13,15,17,19,21,23 * * * root /usr/local/sbin/sync-help-files.sh > > is nowhere near as nice or intuitive as the even hour version > > 05 */2 * * * root /usr/local/sbin/sync-help-files.sh 1-23/2 ? John From jsbillin at Princeton.EDU Mon Mar 3 14:33:26 2008 From: jsbillin at Princeton.EDU (Jonathan S. Billings) Date: Mon, 03 Mar 2008 09:33:26 -0500 Subject: crontab question In-Reply-To: <47CBB5AF.640A.0013.3@alliednational.com> References: <47CBB5AF.640A.0013.3@alliednational.com> Message-ID: <47CC0C36.2080803@princeton.edu> Michael Weber wrote: > Greetings! > > I have a need to run a cron script periodically on two different > machines. One should run the script on even hours and the other on > odd hours. > > Is there a way to script the odd hour execution elegantly? If the same script is shared or copied to both systems, you could just have the script detect which system it is running on, and have it determine the order. For example, each time the script runs, it leaves a lockfile of some sort, and only the other host can remove it and run the script again. > 05 1,3,5,7,9,11,13,15,17,19,21,23 * * * root > /usr/local/sbin/sync-help-files.sh > > is nowhere near as nice or intuitive as the even hour version > > 05 */2 * * * root /usr/local/sbin/sync-help-files.sh 1-23/2 will run the odd hours. -- Jonathan Billings Computational Science and Engineering Support (CSES) http://www.princeton.edu/~cses/ From dhunley at collab.net Mon Mar 3 14:34:29 2008 From: dhunley at collab.net (Douglas J Hunley) Date: Mon, 3 Mar 2008 09:34:29 -0500 Subject: can't get OS to use LDAP for accounts In-Reply-To: References: <200803030906.26623.dhunley@collab.net> Message-ID: <200803030934.29709.dhunley@collab.net> On Monday 03 March 2008 09:10:08 Steven Kalisky wrote: > Try turning off SELinux and then test. SELinux had previously been disabled. That didn't change anything :( -- From jolt at ti.com Mon Mar 3 14:48:33 2008 From: jolt at ti.com (Olt, Joseph) Date: Mon, 3 Mar 2008 08:48:33 -0600 Subject: can't get OS to use LDAP for accounts In-Reply-To: <200803030934.29709.dhunley@collab.net> Message-ID: <6B34B8A05FA7544BB7F013ACD452E0280240C29C@dlee11.ent.ti.com> Are you getting any messages in /var/log/messages or /var/log/secure? -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Douglas J Hunley Sent: Monday, March 03, 2008 9:34 AM To: redhat-sysadmin-list at redhat.com Subject: Re: can't get OS to use LDAP for accounts On Monday 03 March 2008 09:10:08 Steven Kalisky wrote: > Try turning off SELinux and then test. SELinux had previously been disabled. That didn't change anything :( -- -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From dhunley at collab.net Mon Mar 3 15:31:29 2008 From: dhunley at collab.net (Douglas J Hunley) Date: Mon, 3 Mar 2008 10:31:29 -0500 Subject: can't get OS to use LDAP for accounts In-Reply-To: <6B34B8A05FA7544BB7F013ACD452E0280240C29C@dlee11.ent.ti.com> References: <6B34B8A05FA7544BB7F013ACD452E0280240C29C@dlee11.ent.ti.com> Message-ID: <200803031031.30020.dhunley@collab.net> On Monday 03 March 2008 09:48:33 Olt, Joseph wrote: > Are you getting any messages in /var/log/messages or /var/log/secure? feh. I 'fixed' it. Certain bind passwords were not as documented. Sorry for the noise -- From henson at acm.org Mon Mar 3 18:48:37 2008 From: henson at acm.org (Paul B. Henson) Date: Mon, 3 Mar 2008 10:48:37 -0800 (PST) Subject: Oracle server under RHEL 4 Message-ID: We are deploying Oracle 10g, and I opened a support request with Oracle to try and clarify some of the RPM dependencies. Oracle support indicates they do not provide an explicit list of dependencies, and assume Oracle is being installed on top of a default RPM installation of Red Hat. Generally, for a server, I try to install the minimum number of packages required for the functionality necessary. I consider this good security practice and a basic system administrator task. Not only does Oracle not supply an explicit list of dependencies necessary for their software, they claim that the average system administrator does not want to secure their system via minimization, and prefers to work from a default RPM installation rather than a customized minimal install. I can't imagine running a production enterprise server with all the packages installed via the default RPM option, it includes everything but the kitchen sink 8-/. I'd like to see what the consensus is among Red Hat system administrators on package installation, I would greatly appreciate it if you could reply to the following questions: 1) In general, when deploying a Red Hat server, do you do a default install including all RPMs, or do you do a custom install including only those that you actually need for the server's purpose? 2) If you support Oracle software, in that specific case do you do a default install including all RPMs or a custom install? 3) If the answer to question 2 is a default install, would you prefer a custom install with a minimal number of packages if Oracle made it easier to know what the dependencies were? 4) If you have an active Oracle support contract, and prefer to install a minimal number of packages, would you be willing to open a support request referencing mine to help convince Oracle to provide a better list of dependencies? Thanks much... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768 From Kent.Rankin at orau.org Mon Mar 3 18:51:53 2008 From: Kent.Rankin at orau.org (Rankin, Kent) Date: Mon, 3 Mar 2008 13:51:53 -0500 Subject: Oracle server under RHEL 4 References: Message-ID: <3B1B40BF9A684D49B927F7BE5CEE1D66137B1009@zirconium.orau.net> The install guide lists the dependencies. If I recall correctly, you need the libaio stuff if you're going to use ASM for disk storage, then most of the rest is compat-* stuff for old libgcc and libstdc++. It will require a compat-oracle-rhel4 rpm that is just awful. It will replace your /usr/bin/gcc with a wrapper that includes old gcc 2.96 stuff, and gets overwritten every time you run up2date and /usr/bin/gcc gets replaced. This is needed whenever you relink the Oracle binaries. This is an awful approach to taking care of the problem. -- Kent Rankin Enterprise Systems Administrator Information Systems Department Oak Ridge Associated Universities -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com on behalf of Paul B. Henson Sent: Mon 3/3/2008 1:48 PM To: redhat-sysadmin-list at redhat.com Subject: Oracle server under RHEL 4 We are deploying Oracle 10g, and I opened a support request with Oracle to try and clarify some of the RPM dependencies. Oracle support indicates they do not provide an explicit list of dependencies, and assume Oracle is being installed on top of a default RPM installation of Red Hat. Generally, for a server, I try to install the minimum number of packages required for the functionality necessary. I consider this good security practice and a basic system administrator task. Not only does Oracle not supply an explicit list of dependencies necessary for their software, they claim that the average system administrator does not want to secure their system via minimization, and prefers to work from a default RPM installation rather than a customized minimal install. I can't imagine running a production enterprise server with all the packages installed via the default RPM option, it includes everything but the kitchen sink 8-/. I'd like to see what the consensus is among Red Hat system administrators on package installation, I would greatly appreciate it if you could reply to the following questions: 1) In general, when deploying a Red Hat server, do you do a default install including all RPMs, or do you do a custom install including only those that you actually need for the server's purpose? 2) If you support Oracle software, in that specific case do you do a default install including all RPMs or a custom install? 3) If the answer to question 2 is a default install, would you prefer a custom install with a minimal number of packages if Oracle made it easier to know what the dependencies were? 4) If you have an active Oracle support contract, and prefer to install a minimal number of packages, would you be willing to open a support request referencing mine to help convince Oracle to provide a better list of dependencies? Thanks much... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768 -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 4135 bytes Desc: not available URL: From henson at acm.org Mon Mar 3 19:01:38 2008 From: henson at acm.org (Paul B. Henson) Date: Mon, 3 Mar 2008 11:01:38 -0800 (PST) Subject: Oracle server under RHEL 4 In-Reply-To: <3B1B40BF9A684D49B927F7BE5CEE1D66137B1009@zirconium.orau.net> References: <3B1B40BF9A684D49B927F7BE5CEE1D66137B1009@zirconium.orau.net> Message-ID: On Mon, 3 Mar 2008, Rankin, Kent wrote: > The install guide lists the dependencies. Not all of them. I did a minimal install including only the specifically listed packages, and there was tons of stuff broken. The GUI installer wouldn't even run due to the lack of deprecated X libraries, a number of link failures occurred, and there are other weird errors. Also, among the explicitly listed dependencies are xscreensaver and the Gnome control-panel applet, which seems ludicrous... When I opened a ticket to ask why they needed a screensaver on a headless server, and for a better list of dependencies, is when they gave me the line about only supporting a default RPM installation. > This is an awful approach to taking care of the problem. Yeah, in general it seems Oracle takes awful approaches 8-/. I particularly like the way after every installer patch update the file /dev/null0 shows up 8-/. BTW, for the sake of completeness of my survey could I trouble you to provide your opinion on default RPM versus minimal install? Thanks much... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768 From Kent.Rankin at orau.org Mon Mar 3 19:03:20 2008 From: Kent.Rankin at orau.org (Rankin, Kent) Date: Mon, 3 Mar 2008 14:03:20 -0500 Subject: Oracle server under RHEL 4 References: <3B1B40BF9A684D49B927F7BE5CEE1D66137B1009@zirconium.orau.net> Message-ID: <3B1B40BF9A684D49B927F7BE5CEE1D66137B100B@zirconium.orau.net> I'm with you on the deprecated X stuff. I'm not positive what requires it, but I know that it requests the openmotif libs as well. I also agree on only installing what's necessary. I think that it's a trait of mine that comes from working with commercial unices before I started working with Linux distributions which always want to install gobs of things by default. What I would likely do if I were you and felt it important to trim things down is to maybe fire up a VM of RHEL4 and gradually snapshot and remove components, committing the snapshot only after you are certain that the machine remains operable. At the end of it all, do a rpm -qa and use that as your standard for kickstart-ing your Oracle machines. -- Kent Rankin Enterprise Systems Administrator Information Systems Department Oak Ridge Associated Universities -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com on behalf of Paul B. Henson Sent: Mon 3/3/2008 2:01 PM To: redhat-sysadmin-list at redhat.com Subject: RE: Oracle server under RHEL 4 On Mon, 3 Mar 2008, Rankin, Kent wrote: > The install guide lists the dependencies. Not all of them. I did a minimal install including only the specifically listed packages, and there was tons of stuff broken. The GUI installer wouldn't even run due to the lack of deprecated X libraries, a number of link failures occurred, and there are other weird errors. Also, among the explicitly listed dependencies are xscreensaver and the Gnome control-panel applet, which seems ludicrous... When I opened a ticket to ask why they needed a screensaver on a headless server, and for a better list of dependencies, is when they gave me the line about only supporting a default RPM installation. > This is an awful approach to taking care of the problem. Yeah, in general it seems Oracle takes awful approaches 8-/. I particularly like the way after every installer patch update the file /dev/null0 shows up 8-/. BTW, for the sake of completeness of my survey could I trouble you to provide your opinion on default RPM versus minimal install? Thanks much... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768 -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 4123 bytes Desc: not available URL: From jbourne at hardrock.org Mon Mar 3 19:27:22 2008 From: jbourne at hardrock.org (James Bourne) Date: Mon, 3 Mar 2008 12:27:22 -0700 (MST) Subject: Oracle server under RHEL 4 In-Reply-To: References: Message-ID: On Mon, 3 Mar 2008, Paul B. Henson wrote: FYI, we have several 10g boxes currently including RAC and stand alone so hopefully this helps. > 1) In general, when deploying a Red Hat server, do you do a default install > including all RPMs, or do you do a custom install including only those that > you actually need for the server's purpose? Always custom then build up the package set from there. The install is using a base kickstart template file that we then add the required packages or configs to. > 2) If you support Oracle software, in that specific case do you do a > default install including all RPMs or a custom install? Custom, taking into account oracles preinstall tasks from the Oracle Database Installation Guide. We exclude the obvious: control-panel and xscreensaver are not required. oracle installer (used by our DBA) requires motif and a the graphical libs.. > 3) If the answer to question 2 is a default install, would you prefer a > custom install with a minimal number of packages if Oracle made it easier > to know what the dependencies were? > > 4) If you have an active Oracle support contract, and prefer to install a > minimal number of packages, would you be willing to open a support request > referencing mine to help convince Oracle to provide a better list of > dependencies? I could ask those who have the power to talk to (the) oracle to open it and reference your ticket. No promises but I would try. Regards James > Thanks much... -- James Bourne | Email: jbourne at hardrock.org UNIX Systems Administration | WWW: http://www.hardrock.org Custom UNIX Programming | Linux: The choice of a GNU generation ---------------------------------------------------------------------- "All you need's an occasional kick in the philosophy." Frank Herbert Need an inexpensive domain alternative? http://fastforwarddomains.com From Kelley.Coleman at va.gov Mon Mar 3 19:36:22 2008 From: Kelley.Coleman at va.gov (Coleman, Kelley (HAC)) Date: Mon, 3 Mar 2008 12:36:22 -0700 Subject: Oracle server under RHEL 4 In-Reply-To: References: Message-ID: In response to Paul B. Henson Sent: Monday, March 03, 2008 11:49 AM To: redhat-sysadmin-list at redhat.com Subject: Oracle server under RHEL 4 1) In general, when deploying a Red Hat server, do you do a default install including all RPMs, or do you do a custom install including only those that you actually need for the server's purpose? We had no previous experience with Linux when we began our Oracle on Linux project. We made the decision early on to 'just install everything' with Linux because we hit barriers determining minimum RPM requirements and we were on a deadline. I regret that decision often, especially when it comes to dealing with patching Redhat. I expend a lot of effort patching programs that we will NEVER use because of that decision made early on. We will be rebuilding our environments over the next few months and we will come up with a minimum RPM installation even if we have to figure it out ourselves. 4) If you have an active Oracle support contract, and prefer to install a minimal number of packages, would you be willing to open a support request referencing mine to help convince Oracle to provide a better list of dependencies? Instead of going the support route, you might consider contacting your Oracle Sales Rep. Depending on how connected and pro-active they are, they can be very helpful. They can get you to support engineers who are more technically savvy than the usual Oracle Help Desk support types. Kelley Coleman 303-331-7521-o 303-944-9453-c From rriley at ariba.com Mon Mar 3 21:02:47 2008 From: rriley at ariba.com (Richard Riley) Date: Mon, 3 Mar 2008 16:02:47 -0500 Subject: can't get OS to use LDAP for accounts In-Reply-To: <200803030934.29709.dhunley@collab.net> References: <200803030906.26623.dhunley@collab.net> <200803030934.29709.dhunley@collab.net> Message-ID: <8A5A158B711C154A91790AF8F573CF8B2C3FD1@us-atlmail1.ariba.com> Try stopping iptables on both machines during the test. Richard Riley > >-----Original Message----- > >From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat- > >sysadmin-list-bounces at redhat.com] On Behalf Of Douglas J Hunley > >Sent: Monday, March 03, 2008 9:34 AM > >To: redhat-sysadmin-list at redhat.com > >Subject: Re: can't get OS to use LDAP for accounts > > > >On Monday 03 March 2008 09:10:08 Steven Kalisky wrote: > >> Try turning off SELinux and then test. > > > >SELinux had previously been disabled. That didn't change anything > >:( > > > >-- > > > >-- > >redhat-sysadmin-list mailing list > >redhat-sysadmin-list at redhat.com > >https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From ccampbell at brueggers.com Mon Mar 3 21:10:23 2008 From: ccampbell at brueggers.com (Christian Campbell) Date: Mon, 3 Mar 2008 16:10:23 -0500 Subject: Oracle server under RHEL 4 In-Reply-To: References: Message-ID: > We are deploying Oracle 10g, and I opened a support request with Oracle > to > try and clarify some of the RPM dependencies. > > Oracle support indicates they do not provide an explicit list of > dependencies, and assume Oracle is being installed on top of a default > RPM > installation of Red Hat. I just recently installed two oracle servers on RHEL4. I was provided by our Oracle services provider with the following list of required packages to be installed. I did a custom install, choose packages that I knew I wanted from a sysadmin perspective, and then used up2date to install any missing packages from the list. Apps=11.5.2 DB=10g. No issues yet... doh! List to follow... Best of luck, Christian compat-db-4.1.25-9 compat-gcc-32-3.2.3-47.3 compat-gcc-32-c++-3.2.3-47.3 compat-oracle-rhel4-1.0-5 compat-libcwait-2.0-2 compat-libgcc-296-2.96-132.7.2 compat-libstdc++-296-2.96-132.7.2 compat-libstdc++-33-3.2.3-47.3 cpp-3.4.3-9.EL4 gcc-3.4.3-9.EL4 gcc-c++-3.4.3-9.EL4 gnome-libs-1.4.1.2.90-44 gnome-libs-devel-1.4.1.2.90-44 glibc 2.3.4-2 libaio-devel-0.3.102-1 libaio-0.3.102-1 make-3.80-5 openmotif21-2.1.30-11 pdksh-5.2.14-30 xorg-x11-deprecated-libs-devel-6.8.1-23.EL xorg-x11-deprecated-libs-6.8.1-23.EL NOTE: The compat-oracle-rhel4-1.0-3 and compat-libcwait-2.0-1 packages are available from Oracle Metalink patch 4198954. Christian Campbell Systems Engineer Bruegger's Enterprises Inc. Desk: 802-652-9270 Cell: 802-734-5023 Fax: 802-660-4034 Email: ccampbell at brueggers dot com PGP Public Key available via PGP keyservers or http://www2.brueggers.com/pgp/ccampbell.html "Computer Science is no more about computers than astronomy is about telescopes." --E. Dijkstra -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3090 bytes Desc: not available URL: From mark at dfk-systems.com Mon Mar 3 20:18:19 2008 From: mark at dfk-systems.com (Mark Waterhouse) Date: Mon, 3 Mar 2008 20:18:19 -0000 Subject: Oracle server under RHEL 4 References: Message-ID: <002301c87d6b$ba0a0290$b705a8c0@EUROPE.ROOT.PRI> Paul I completely agree. Almost all of my production server installs start with the bare minimum - in fact, I then remove more rpms (such as ppp etc.) that I dont want present in my base install. Once it has been reduced the minimum, each type of service has a different base of additional rpms. Now, today I dont manage any RHEL machines with Oracle 10g on it so the information below may not be completely accurate, but this is the excerpt from our RHEL3 kickstart installation file (see attached file). We do additional removes and configuration changes in the post kickstart. rpm -e Canna FreeWnn OpenIPMI OpenIPMI-libs apmd aspell-da aspell-de aspell-es aspell-fr aspell-it aspell-nl aspell-no aspell-pt aspell-sv bg5ps h2ps isdn4k-utils kon2 kon2-fonts minicom nhpf parted ppp rp-pppoe wvdial wireless-tools fonts-ISO8859-2 fonts-KOI8-R fonts-KOI8-R-100dpi fonts-hebrew jisksp14 jisksp16-1990 man-pages-cs man-pages-da man-pages-de man-pages-es man-pages-fr man-pages-it man-pages-ja man-pages-ko man-pages-pl man-pages-ru taipeifonts ttfonts-ja ttfonts-ko ttfonts-zh_CN ttfonts-zh_TW irda-utils NetworkManager pcmcia-cs rm -f /etc/sysconfig/pcmcia.rpmsave and then do some additional settings - (see attached file). As for point (4), I think that is a great idea. We are about to undergo a major change to our Oracle infrastructure and this information would be invaluable. Best Regards Mark Waterhouse RHCE ----- Original Message ----- From: "Paul B. Henson" To: Sent: Monday, March 03, 2008 6:48 PM Subject: Oracle server under RHEL 4 > > We are deploying Oracle 10g, and I opened a support request with Oracle to > try and clarify some of the RPM dependencies. > > Oracle support indicates they do not provide an explicit list of > dependencies, and assume Oracle is being installed on top of a default RPM > installation of Red Hat. > > Generally, for a server, I try to install the minimum number of packages > required for the functionality necessary. I consider this good security > practice and a basic system administrator task. > > Not only does Oracle not supply an explicit list of dependencies necessary > for their software, they claim that the average system administrator does > not want to secure their system via minimization, and prefers to work from > a default RPM installation rather than a customized minimal install. > > I can't imagine running a production enterprise server with all the > packages installed via the default RPM option, it includes everything but > the kitchen sink 8-/. > > I'd like to see what the consensus is among Red Hat system administrators > on package installation, I would greatly appreciate it if you could reply > to the following questions: > > > 1) In general, when deploying a Red Hat server, do you do a default > install > including all RPMs, or do you do a custom install including only those > that > you actually need for the server's purpose? > > 2) If you support Oracle software, in that specific case do you do a > default install including all RPMs or a custom install? > > 3) If the answer to question 2 is a default install, would you prefer a > custom install with a minimal number of packages if Oracle made it easier > to know what the dependencies were? > > 4) If you have an active Oracle support contract, and prefer to install a > minimal number of packages, would you be willing to open a support request > referencing mine to help convince Oracle to provide a better list of > dependencies? > > > Thanks much... > > > -- > Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ > Operating Systems and Network Analyst | henson at csupomona.edu > California State Polytechnic University | Pomona CA 91768 > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list > > > -- > This message has been scanned for viruses and dangerous content by DFK > Systems Limited, and is believed to be clean. > To report this message as spam, please click on this link - > https://secure.dfk-systems.com/quarantine/spam.php?srv=01&id=m23InRIl038022 > > -- This message has been scanned for viruses and dangerous content by DFK Systems Limited, and is believed to be clean. To report this message as spam, please click on this link - https://secure.dfk-systems.com/quarantine/spam.php?srv=01&id=m23KILSN060853 -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: rhel3-oracle-kickstart.txt URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: rhel3-oracle-config.txt URL: From harry.sutton at hp.com Mon Mar 3 21:30:00 2008 From: harry.sutton at hp.com (Sutton, Harry (MSE)) Date: Mon, 03 Mar 2008 16:30:00 -0500 Subject: can't get OS to use LDAP for accounts In-Reply-To: <8A5A158B711C154A91790AF8F573CF8B2C3FD1@us-atlmail1.ariba.com> References: <200803030906.26623.dhunley@collab.net> <200803030934.29709.dhunley@collab.net> <8A5A158B711C154A91790AF8F573CF8B2C3FD1@us-atlmail1.ariba.com> Message-ID: <47CC6DD8.2090204@hp.com> I'm a firm believer that it's never a good idea to shut off security features to get things working. Significant improvements in the SELinux administrative and troubleshooting tools make it much easier to get that working properly without having to disable it. As for iptables, I think it's a much better idea to enable logging, even on a temporary basis, to determine which packets are being blocked and then adding rules to allow them. There's a really good article / short video in Red Hat Magazine at http://www.redhatmagazine.com/2007/08/01/video-tip-from-rhces-firewalls/ that explains this really well. /Harry Sutton, RHCA Hewlett-Packard Company Richard Riley wrote: > Try stopping iptables on both machines during the test. > > Richard Riley > > >>> -----Original Message----- >>> From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat- >>> sysadmin-list-bounces at redhat.com] On Behalf Of Douglas J Hunley >>> Sent: Monday, March 03, 2008 9:34 AM >>> To: redhat-sysadmin-list at redhat.com >>> Subject: Re: can't get OS to use LDAP for accounts >>> >>> On Monday 03 March 2008 09:10:08 Steven Kalisky wrote: >>> >>>> Try turning off SELinux and then test. >>>> >>> SELinux had previously been disabled. That didn't change anything >>> :( >>> >>> -- >>> >>> -- >>> redhat-sysadmin-list mailing list >>> redhat-sysadmin-list at redhat.com >>> https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list >>> > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6255 bytes Desc: S/MIME Cryptographic Signature URL: From rriley at ariba.com Mon Mar 3 22:45:44 2008 From: rriley at ariba.com (Richard Riley) Date: Mon, 3 Mar 2008 17:45:44 -0500 Subject: can't get OS to use LDAP for accounts In-Reply-To: <47CC6DD8.2090204@hp.com> References: <200803030906.26623.dhunley@collab.net> <200803030934.29709.dhunley@collab.net><8A5A158B711C154A91790AF8F573CF8B2C3FD1@us-atlmail1.ariba.com> <47CC6DD8.2090204@hp.com> Message-ID: <8A5A158B711C154A91790AF8F573CF8B2C4055@us-atlmail1.ariba.com> I fully agree that security is priority, but some times it is so much quicker to determine if iptables or selinux is the culprit by stopping them just long enough to test and see if the service now works. If it does, then you know quickly where to concentrate your effort. If iptables is the culprit, then I would enable logging to help identify the specifics. I have found that if I enable logging initially on a busy machine, I may lose hours searching the log files only to discover that iptables was not the culprit in the first place. Richard Riley Linux System Administrator Ariba, Inc. ________________________________ From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Sutton, Harry (MSE) Sent: Monday, March 03, 2008 4:30 PM To: redhat-sysadmin-list at redhat.com Subject: Re: can't get OS to use LDAP for accounts I'm a firm believer that it's never a good idea to shut off security features to get things working. Significant improvements in the SELinux administrative and troubleshooting tools make it much easier to get that working properly without having to disable it. As for iptables, I think it's a much better idea to enable logging, even on a temporary basis, to determine which packets are being blocked and then adding rules to allow them. There's a really good article / short video in Red Hat Magazine at http://www.redhatmagazine.com/2007/08/01/video-tip-from-rhces-firewalls/ that explains this really well. /Harry Sutton, RHCA Hewlett-Packard Company Richard Riley wrote: Try stopping iptables on both machines during the test. Richard Riley -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat- sysadmin-list-bounces at redhat.com] On Behalf Of Douglas J Hunley Sent: Monday, March 03, 2008 9:34 AM To: redhat-sysadmin-list at redhat.com Subject: Re: can't get OS to use LDAP for accounts On Monday 03 March 2008 09:10:08 Steven Kalisky wrote: Try turning off SELinux and then test. SELinux had previously been disabled. That didn't change anything :( -- -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -------------- next part -------------- An HTML attachment was scrubbed... URL: From smoseman at novolink.net Mon Mar 3 22:53:43 2008 From: smoseman at novolink.net (Scott Moseman) Date: Mon, 3 Mar 2008 22:53:43 -0000 Subject: can't get OS to use LDAP for accounts In-Reply-To: <8A5A158B711C154A91790AF8F573CF8B2C4055@us-atlmail1.ariba.com> References: <200803030906.26623.dhunley@collab.net> <200803030934.29709.dhunley@collab.net><8A5A158B711C154A91790AF8F573CF8B2C3FD1@us-atlmail1.ariba.com><47CC6DD8.2090204@hp.com> <8A5A158B711C154A91790AF8F573CF8B2C4055@us-atlmail1.ariba.com> Message-ID: I would consider the network topology. If the box is behind a firewall or access lists, thus iptables being an additional (or internal) means of defense, I have no problem stopping it temporarily. If the box is sitting wide open on the Internet, I would probably tinker with the logging. Considering how much junk I have seen on firewall interfaces with brand new IPs with no publicized services, I would not put anything unprotected "out there", even temporarily. Thanks, Scott ________________________________ From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Richard Riley Sent: Monday, March 03, 2008 4:46 PM To: redhat-sysadmin-list at redhat.com Subject: RE: can't get OS to use LDAP for accounts I fully agree that security is priority, but some times it is so much quicker to determine if iptables or selinux is the culprit by stopping them just long enough to test and see if the service now works. If it does, then you know quickly where to concentrate your effort. If iptables is the culprit, then I would enable logging to help identify the specifics. I have found that if I enable logging initially on a busy machine, I may lose hours searching the log files only to discover that iptables was not the culprit in the first place. Richard Riley Linux System Administrator Ariba, Inc. ________________________________ From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Sutton, Harry (MSE) Sent: Monday, March 03, 2008 4:30 PM To: redhat-sysadmin-list at redhat.com Subject: Re: can't get OS to use LDAP for accounts I'm a firm believer that it's never a good idea to shut off security features to get things working. Significant improvements in the SELinux administrative and troubleshooting tools make it much easier to get that working properly without having to disable it. As for iptables, I think it's a much better idea to enable logging, even on a temporary basis, to determine which packets are being blocked and then adding rules to allow them. There's a really good article / short video in Red Hat Magazine at http://www.redhatmagazine.com/2007/08/01/video-tip-from-rhces-firewalls/ that explains this really well. /Harry Sutton, RHCA Hewlett-Packard Company Richard Riley wrote: Try stopping iptables on both machines during the test. Richard Riley -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat- sysadmin-list-bounces at redhat.com] On Behalf Of Douglas J Hunley Sent: Monday, March 03, 2008 9:34 AM To: redhat-sysadmin-list at redhat.com Subject: Re: can't get OS to use LDAP for accounts On Monday 03 March 2008 09:10:08 Steven Kalisky wrote: Try turning off SELinux and then test. SELinux had previously been disabled. That didn't change anything :( -- -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -------------- next part -------------- An HTML attachment was scrubbed... URL: From jbourne at hardrock.org Mon Mar 3 23:05:51 2008 From: jbourne at hardrock.org (James Bourne) Date: Mon, 3 Mar 2008 16:05:51 -0700 (MST) Subject: can't get OS to use LDAP for accounts In-Reply-To: <200803030906.26623.dhunley@collab.net> References: <200803030906.26623.dhunley@collab.net> Message-ID: On Mon, 3 Mar 2008, Douglas J Hunley wrote: > I've got a nice clean recently built RHEL4 machine (all updates) that just > won't see any users/groups in LDAP. I've run 'authconfig' and marked things > as documented for our other, working server. I've bounced the machine. Our > application can talk to the LDAP server and see the user/groups in questions. > Where do I start debugging this? Are you using tls/ssl from the OS side? If so and you have a self signed certificate make sure your CA certificate is in /etc/openldap/cacerts, then re-run authconfig. Also make sure /etc/ldap.conf is readable by world, of course you would have a working ldap setup if you type id username as root but not as a user... Then there are obvious things, check ldap is listed in /etc/nsswitch.conf. Make sure if your uids are below 500 to change /etc/pam.d/system-auth (red hat defaults to system below 500, we use something lower internally), of course also make sure pam_ldap.so is listed in /etc/pam.d/system-auth... Try changing to the IP of the ldap server instead of a hostname.. Try turning off TLS... If you have anonymous bind turned off in your ldap server you'll need to add a binddn and bindpw line (for a read only user)... I think those are the biggest gotchas. Normally I've not seen either selinux (without kernel log messages) or iptables issues in a case like this, just what's above.. Regards James -- James Bourne | Email: jbourne at hardrock.org UNIX Systems Administration | WWW: http://www.hardrock.org Custom UNIX Programming | Linux: The choice of a GNU generation ---------------------------------------------------------------------- "All you need's an occasional kick in the philosophy." Frank Herbert Need an inexpensive domain alternative? http://fastforwarddomains.com From henson at acm.org Tue Mar 4 02:46:52 2008 From: henson at acm.org (Paul B. Henson) Date: Mon, 3 Mar 2008 18:46:52 -0800 (PST) Subject: Oracle server under RHEL 4 In-Reply-To: References: Message-ID: On Mon, 3 Mar 2008, Christian Campbell wrote: > I just recently installed two oracle servers on RHEL4. I was provided by > our Oracle services provider with the following list of required packages > to be installed. Interesting, is that someone who actually works at Oracle, or a third party? I hadn't seen the explicit reference to xorg-x11-deprecated-libs before, although I needed to install that in order to get the java gui to run. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768 From ccampbell at brueggers.com Tue Mar 4 13:30:13 2008 From: ccampbell at brueggers.com (Christian Campbell) Date: Tue, 4 Mar 2008 08:30:13 -0500 Subject: Oracle server under RHEL 4 In-Reply-To: References: Message-ID: > > I just recently installed two oracle servers on RHEL4. I was > provided by > > our Oracle services provider with the following list of required > packages > > to be installed. > > Interesting, is that someone who actually works at Oracle, or a third > party? I hadn't seen the explicit reference to xorg-x11-deprecated-libs > before, although I needed to install that in order to get the java gui > to > run. > It's a third-party provider although they all seem pretty rank-and-file Oracle types (as almost all of their employees have worked for Oracle for a number of years). Almost all of their sentences start with: "Per Oracle...". However, I'm not sure if this list was provided to them by Oracle, or if this is a list they have compiled themselves. My guess is it's something they've come up with. Worked like a charm for us... Christian Christian Campbell Systems Engineer ? Bruegger's Enterprises Inc. Desk: 802-652-9270 Cell: 802-734-5023 Fax: 802-660-4034? Email: ccampbell at brueggers dot com ? PGP Public Key available via PGP keyservers or http://www2.brueggers.com/pgp/ccampbell.html ? "Computer Science is no more about computers than astronomy is about telescopes." --E. Dijkstra -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3090 bytes Desc: not available URL: From henson at acm.org Tue Mar 4 21:22:21 2008 From: henson at acm.org (Paul B. Henson) Date: Tue, 4 Mar 2008 13:22:21 -0800 (PST) Subject: Oracle server under RHEL 4 In-Reply-To: References: Message-ID: On Tue, 4 Mar 2008, Christian Campbell wrote: > Oracle...". However, I'm not sure if this list was provided to them by > Oracle, or if this is a list they have compiled themselves. My guess is > it's something they've come up with. Worked like a charm for us... That's basically the list I think I've been trying to get them to provide, which they say doesn't exist and they don't want anything to do with :(. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768 From mweber at alliednational.com Tue Mar 4 22:01:57 2008 From: mweber at alliednational.com (Michael Weber) Date: Tue, 04 Mar 2008 16:01:57 -0600 Subject: crontab question In-Reply-To: <47CC0C36.2080803@princeton.edu> References: <47CBB5AF.640A.0013.3@alliednational.com> <47CC0C36.2080803@princeton.edu> Message-ID: <47CD7275.640A.0013.3@alliednational.com> John and Jonathon, That worked! Thanx! >>> "Jonathan S. Billings" 3/3/2008 8:33 AM >>> Michael Weber wrote: > Greetings! > > I have a need to run a cron script periodically on two different > machines. One should run the script on even hours and the other on > odd hours. 1-23/2 will run the odd hours. E-MAIL CONFIDENTIALITY NOTICE: This communication and any associated file(s) may contain privileged, confidential or proprietary information or be protected from disclosure under law ("Confidential Information"). Any use or disclosure of this Confidential Information, or taking any action in reliance thereon, by any individual/entity other than the intended recipient(s) is strictly prohibited. This Confidential Information is intended solely for the use of the individual(s) addressed. If you are not an intended recipient, you have received this Confidential Information in error and have an obligation to promptly inform the sender and permanently destroy, in its entirety, this Confidential Information (and all copies thereof). E-mail is handled in the strictest of confidence by Allied National, however, unless sent encrypted, it is not a secure communication method and may have been intercepted, edited or altered during transmission and therefore is not guaranteed. From sprizes at gmail.com Sat Mar 8 15:58:58 2008 From: sprizes at gmail.com (sprizes at gmail.com) Date: Sat, 8 Mar 2008 10:58:58 -0500 Subject: yum update best practices Message-ID: Hello, we run approximately 400 Centos servers at our company. We use cfengine for configuration management. I am looking for some documentation to do patching including kernel patches. I was thinking of just having each host run yum update via cfengine but not sure if there are any gotchas there? Should I just do yum update? or should i exclude the kernel and be more careful with those? how about glibc? I am wondering what other people out there do with such large installations. I'd very much appreciate any help or suggestions on this. Also, kinda related to the above is my question about the correct yum behavior when installing kernels. I've seen it sometimes make the new kernel the default in grub.conf but sometimes it doesnt? what is the designed behavior? best regards, SK From jason at rampaginggeek.com Sat Mar 8 19:10:19 2008 From: jason at rampaginggeek.com (Jason Edgecombe) Date: Sat, 08 Mar 2008 14:10:19 -0500 Subject: yum update best practices In-Reply-To: References: Message-ID: <47D2E49B.904@rampaginggeek.com> sprizes at gmail.com wrote: > Hello, we run approximately 400 Centos servers at our company. We use > cfengine for configuration management. > > I am looking for some documentation to do patching including kernel > patches. I was thinking of just having each host run yum update via > cfengine but not sure if there are any gotchas there? Should I just do > yum update? or should i exclude the kernel and be more careful with > those? how about glibc? > > I am wondering what other people out there do with such large > installations. I'd very much appreciate any help or suggestions on > this. > > > Also, kinda related to the above is my question about the correct yum > behavior when installing kernels. I've seen it sometimes make the new > kernel the default in grub.conf but sometimes it doesnt? what is the > designed behavior? > I'm currently using cfengine on RHEL5 with a nightly yum update for two machine configs for a total of 40 machines. I use a private yum repo that I manually sync with upstream after some testing. I would recommend excluding the kernel updates and having those be triggered manually or explicitly using cfengine. So far, I'm manually triggering kernel updates. I use openafs and vmware-server so I have some kernel-dependent rpms that must be kept on sync. My biggest problem is that I need to move to some way of locking some machines to certain versions of rpms. That would make it easier to roll out updates to my workstations before I push the updates to the servers. One thing that's nice is using a disabled repository for testing things. With this strategy, I run "yum updates --enablerepo=testing" on a testing/staging server to try out new updates. Be sure to look at using cobbler/koan and mrepo for provisioning/updates. I'm keeping an eye on those. Jason From dougw at sdsc.edu Sat Mar 8 19:46:21 2008 From: dougw at sdsc.edu (Doug Weimer) Date: Sat, 8 Mar 2008 11:46:21 -0800 Subject: yum update best practices In-Reply-To: <47D2E49B.904@rampaginggeek.com> References: <47D2E49B.904@rampaginggeek.com> Message-ID: <20080308194621.GA28781@sdsc.edu> On Sat, 08 Mar 2008, Jason Edgecombe wrote: > I'm currently using cfengine on RHEL5 with a nightly yum update for two > machine configs for a total of 40 machines. I use a private yum repo > that I manually sync with upstream after some testing. I would recommend > excluding the kernel updates and having those be triggered manually or > explicitly using cfengine. So far, I'm manually triggering kernel > updates. I use openafs and vmware-server so I have some kernel-dependent > rpms that must be kept on sync. My biggest problem is that I need to > move to some way of locking some machines to certain versions of rpms. > That would make it easier to roll out updates to my workstations before > I push the updates to the servers. Take a look at the cfengine packages action. It has rpm support and allows you to match against specific package versions. http://www.cfengine.org/docs/cfengine-Reference.html#packages It's not extremely fast when testing hundreds of packages, so you may still want to restrict the version checks to non-interactive or nightly runs. Thanks, Doug x25477 From jason at rampaginggeek.com Sat Mar 8 20:03:23 2008 From: jason at rampaginggeek.com (Jason Edgecombe) Date: Sat, 08 Mar 2008 15:03:23 -0500 Subject: yum update best practices In-Reply-To: <20080308194621.GA28781@sdsc.edu> References: <47D2E49B.904@rampaginggeek.com> <20080308194621.GA28781@sdsc.edu> Message-ID: <47D2F10B.1000900@rampaginggeek.com> Doug Weimer wrote: > On Sat, 08 Mar 2008, Jason Edgecombe wrote: > > >> I'm currently using cfengine on RHEL5 with a nightly yum update for two >> machine configs for a total of 40 machines. I use a private yum repo >> that I manually sync with upstream after some testing. I would recommend >> excluding the kernel updates and having those be triggered manually or >> explicitly using cfengine. So far, I'm manually triggering kernel >> updates. I use openafs and vmware-server so I have some kernel-dependent >> rpms that must be kept on sync. My biggest problem is that I need to >> move to some way of locking some machines to certain versions of rpms. >> That would make it easier to roll out updates to my workstations before >> I push the updates to the servers. >> > > Take a look at the cfengine packages action. It has rpm support and > allows you to match against specific package versions. > > http://www.cfengine.org/docs/cfengine-Reference.html#packages > > It's not extremely fast when testing hundreds of packages, so you may > still want to restrict the version checks to non-interactive or nightly runs. > Thanks Doug, I played with the cfengine packages stuff a little, but I did find the slowness that you mentioned. I like the yum update method and using cfengine packages doesn't mesh well with yum update. I think that versioned repositories are more what I need. maybe just have a symlink farms for each yum repository version. Jason From Neill.Flynn at itg.com Fri Mar 14 10:03:25 2008 From: Neill.Flynn at itg.com (Flynn, Neill) Date: Fri, 14 Mar 2008 10:03:25 -0000 Subject: Ulimit issues Message-ID: <03AD8F255D6D244E8902D8F92C6EA8434519DB@MSG-EX01-EUR.wineur.itgeurope.com> Hi all, I'm a Solaris admin with a few RH boxes, I have an issue with the number of descriptors on one of my boxes (Linux HOSTNAME 2.4.21-32.ELsmp #1 SMP Fri Apr 15 21:17:59 EDT 2005 i686 i686 i386 GNU/Linux), I was *asked* to increase the number of open files on the box from 1024 to 2048. I followed the following web page: http://kbase.redhat.com/faq/FAQ_80_1540.shtm. These are the notes from the change: 1. Check if value in higher in /proc/sys/fs/file-max then the new desired open_man_file # cat /proc/sys/fs/file-max 465305 if not - change above to 2048 and add the following line to /etc/sysctl.conf fs.file-max = 2048 (but not needed of /proc/sys/fs/file-max > new max) 2. add the following line to /etc/security/limits.conf * - nofile 2048 below the following line: # so it looks like: # * - nofile 2048 So all I did was the /etc/security/limits.conf file as the /proc/sys/fs/file-max was above what I wanted to change to. I bounced the box and checked using ulimit and limit (for bash and tcsh),I then went home a happy little sysadmin. This morning I got a mail saying the changes haven't worked, I checked again, then I su'd into the user's account and checked - it was fine. I got the users password and telnet'd in directly and discovered that the limits haven't changed. If I su into the account, ssh or rsh into the account, it's fine, telnet seems to be the only issue (but I'm not sure about cron either). So I goggled it and came up with lots of wonderful changes, including: Adding: "ulimit -n 2048" to /etc/profile Adding "limit descriptors 2048" to /etc/csh.login Adding "session required /lib/security/pam_limits.so" to /etc/pam.d/login Nothing worked and I'm still confused, anyone any suggestions (I've already considered turning off telnet ;-) Cheers, Neill This message is for the named person's use only. This communication is for informational purposes only and has been obtained from sources believed to be reliable, but it is not necessarily complete and its accuracy cannot be guaranteed. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. Moreover, this material should not be construed to contain any recommendation regarding, or opinion concerning, any security. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. ITG may monitor traffic data of both business and personal e-mails. By replying to this e-mail, you consent to ITG monitoring the content of any e-mails you send to or receive from ITG. ITG(r) is a global brand that, in Europe, refers to Investment Technology Group Limited ("ITGL"), registered in Ireland No. 283940 and/or its wholly owned subsidiary, Investment Technology Group Europe Limited ("ITGEL"), registered in Ireland No. 283939. The registered office of these companies is Dublin Exchange Facility, IFSC, Dublin 1, Ireland. ITGEL London Branch is registered in England and Wales, Branch No. BROO4642. ITGL and ITGEL are authorised by the Irish Financial Regulator under the European Communities (Markets in Financial Instruments) Regulations 2007 and provide services in other member states of the European Community under Article 14 of the Markets in Financial Instruments Directive. ITGL is a member of the London Stock Exchange, Euronext and the Deutsche Borse and operates POSIT(r), the multilateral trading facility. ITGEL London Branch is regulated by the Financial Services Authority for the conduct of investment business in the UK. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Maarten.Broekman at FMR.COM Fri Mar 14 12:58:08 2008 From: Maarten.Broekman at FMR.COM (Broekman, Maarten) Date: Fri, 14 Mar 2008 08:58:08 -0400 Subject: Ulimit issues References: <03AD8F255D6D244E8902D8F92C6EA8434519DB@MSG-EX01-EUR.wineur.itgeurope.com> Message-ID: <9D4C5DEC799CDB4F8340526B5FD89B1B021D665B@MSGMROCLN2WIN.DMN1.FMR.COM> I ran into this exact problem as well. The way I fixed it was by putting two "ulimit -n" commands in /etc/sysconfig/xinetd. I used one to change the hard limit and one to change the soft limit. This fixed the problem for me. Maarten Broekman _____ From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Flynn, Neill Sent: Friday, March 14, 2008 6:03 AM To: redhat-sysadmin-list at redhat.com Subject: Ulimit issues Hi all, I'm a Solaris admin with a few RH boxes, I have an issue with the number of descriptors on one of my boxes (Linux HOSTNAME 2.4.21-32.ELsmp #1 SMP Fri Apr 15 21:17:59 EDT 2005 i686 i686 i386 GNU/Linux), I was *asked* to increase the number of open files on the box from 1024 to 2048. I followed the following web page: http://kbase.redhat.com/faq/FAQ_80_1540.shtm . These are the notes from the change: 1. Check if value in higher in /proc/sys/fs/file-max then the new desired open_man_file # cat /proc/sys/fs/file-max 465305 if not - change above to 2048 and add the following line to /etc/sysctl.conf fs.file-max = 2048 (but not needed of /proc/sys/fs/file-max > new max) 2. add the following line to /etc/security/limits.conf * - nofile 2048 below the following line: # so it looks like: # * - nofile 2048 So all I did was the /etc/security/limits.conf file as the /proc/sys/fs/file-max was above what I wanted to change to. I bounced the box and checked using ulimit and limit (for bash and tcsh),I then went home a happy little sysadmin. This morning I got a mail saying the changes haven't worked, I checked again, then I su'd into the user's account and checked - it was fine. I got the users password and telnet'd in directly and discovered that the limits haven't changed. If I su into the account, ssh or rsh into the account, it's fine, telnet seems to be the only issue (but I'm not sure about cron either). So I goggled it and came up with lots of wonderful changes, including: Adding: "ulimit -n 2048" to /etc/profile Adding "limit descriptors 2048" to /etc/csh.login Adding "session required /lib/security/pam_limits.so" to /etc/pam.d/login Nothing worked and I'm still confused, anyone any suggestions (I've already considered turning off telnet ;-) Cheers, Neill This message is for the named person's use only. This communication is for informational purposes only and has been obtained from sources believed to be reliable, but it is not necessarily complete and its accuracy cannot be guaranteed. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. Moreover, this material should not be construed to contain any recommendation regarding, or opinion concerning, any security. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. ITG may monitor traffic data of both business and personal e-mails. By replying to this e-mail, you consent to ITG monitoring the content of any e-mails you send to or receive from ITG. ITG(r) is a global brand that, in Europe, refers to Investment Technology Group Limited ("ITGL"), registered in Ireland No. 283940 and/or its wholly owned subsidiary, Investment Technology Group Europe Limited ("ITGEL"), registered in Ireland No. 283939. The registered office of these companies is Dublin Exchange Facility, IFSC, Dublin 1, Ireland. ITGEL London Branch is registered in England and Wales, Branch No. BROO4642. ITGL and ITGEL are authorised by the Irish Financial Regulator under the European Communities (Markets in Financial Instruments) Regulations 2007 and provide services in other member states of the European Community under Article 14 of the Markets in Financial Instruments Directive. ITGL is a member of the London Stock Exchange, Euronext and the Deutsche Borse and operates POSIT(r), the multilateral trading facility. ITGEL London Branch is regulated by the Financial Services Authority for the conduct of investment business in the UK. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Neill.Flynn at itg.com Wed Mar 19 12:01:11 2008 From: Neill.Flynn at itg.com (Flynn, Neill) Date: Wed, 19 Mar 2008 12:01:11 -0000 Subject: Ulimit issues In-Reply-To: <9D4C5DEC799CDB4F8340526B5FD89B1B021D665B@MSGMROCLN2WIN.DMN1.FMR.COM> Message-ID: <03AD8F255D6D244E8902D8F92C6EA8434D3EAC@MSG-EX01-EUR.wineur.itgeurope.com> Thanks Maarten, I tried adding the following to the top of the /etc/sysconfig/xinetd file: ulimit -Hn 65535 ulimit -Sn 2048 and restarting xinetd, but I still get the 1024 limit from ulimit -n after logging in via telnet. Am I doing anything obviously wrong here? Cheers, Neill ________________________________ From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Broekman, Maarten Sent: 14 March 2008 12:58 To: redhat-sysadmin-list at redhat.com Subject: RE: Ulimit issues I ran into this exact problem as well. The way I fixed it was by putting two "ulimit -n" commands in /etc/sysconfig/xinetd. I used one to change the hard limit and one to change the soft limit. This fixed the problem for me. Maarten Broekman ________________________________ From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Flynn, Neill Sent: Friday, March 14, 2008 6:03 AM To: redhat-sysadmin-list at redhat.com Subject: Ulimit issues Hi all, I'm a Solaris admin with a few RH boxes, I have an issue with the number of descriptors on one of my boxes (Linux HOSTNAME 2.4.21-32.ELsmp #1 SMP Fri Apr 15 21:17:59 EDT 2005 i686 i686 i386 GNU/Linux), I was *asked* to increase the number of open files on the box from 1024 to 2048. I followed the following web page: http://kbase.redhat.com/faq/FAQ_80_1540.shtm . These are the notes from the change: 1. Check if value in higher in /proc/sys/fs/file-max then the new desired open_man_file # cat /proc/sys/fs/file-max 465305 if not - change above to 2048 and add the following line to /etc/sysctl.conf fs.file-max = 2048 (but not needed of /proc/sys/fs/file-max > new max) 2. add the following line to /etc/security/limits.conf * - nofile 2048 below the following line: # so it looks like: # * - nofile 2048 So all I did was the /etc/security/limits.conf file as the /proc/sys/fs/file-max was above what I wanted to change to. I bounced the box and checked using ulimit and limit (for bash and tcsh),I then went home a happy little sysadmin. This morning I got a mail saying the changes haven't worked, I checked again, then I su'd into the user's account and checked - it was fine. I got the users password and telnet'd in directly and discovered that the limits haven't changed. If I su into the account, ssh or rsh into the account, it's fine, telnet seems to be the only issue (but I'm not sure about cron either). So I goggled it and came up with lots of wonderful changes, including: Adding: "ulimit -n 2048" to /etc/profile Adding "limit descriptors 2048" to /etc/csh.login Adding "session required /lib/security/pam_limits.so" to /etc/pam.d/login Nothing worked and I'm still confused, anyone any suggestions (I've already considered turning off telnet ;-) Cheers, Neill This message is for the named person's use only. This communication is for informational purposes only and has been obtained from sources believed to be reliable, but it is not necessarily complete and its accuracy cannot be guaranteed. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. Moreover, this material should not be construed to contain any recommendation regarding, or opinion concerning, any security. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. ITG may monitor traffic data of both business and personal e-mails. By replying to this e-mail, you consent to ITG monitoring the content of any e-mails you send to or receive from ITG. ITG(r) is a global brand that, in Europe, refers to Investment Technology Group Limited ("ITGL"), registered in Ireland No. 283940 and/or its wholly owned subsidiary, Investment Technology Group Europe Limited ("ITGEL"), registered in Ireland No. 283939. The registered office of these companies is Dublin Exchange Facility, IFSC, Dublin 1, Ireland. ITGEL London Branch is registered in England and Wales, Branch No. BROO4642. ITGL and ITGEL are authorised by the Irish Financial Regulator under the European Communities (Markets in Financial Instruments) Regulations 2007 and provide services in other member states of the European Community under Article 14 of the Markets in Financial Instruments Directive. ITGL is a member of the London Stock Exchange, Euronext and the Deutsche Borse and operates POSIT(r), the multilateral trading facility. ITGEL London Branch is regulated by the Financial Services Authority for the conduct of investment business in the UK. This message is for the named person's use only. This communication is for informational purposes only and has been obtained from sources believed to be reliable, but it is not necessarily complete and its accuracy cannot be guaranteed. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. Moreover, this material should not be construed to contain any recommendation regarding, or opinion concerning, any security. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. ITG may monitor traffic data of both business and personal e-mails. By replying to this e-mail, you consent to ITG monitoring the content of any e-mails you send to or receive from ITG. ITG(r) is a global brand that, in Europe, refers to Investment Technology Group Limited ("ITGL"), registered in Ireland No. 283940 and/or its wholly owned subsidiary, Investment Technology Group Europe Limited ("ITGEL"), registered in Ireland No. 283939. The registered office of these companies is Dublin Exchange Facility, IFSC, Dublin 1, Ireland. ITGEL London Branch is registered in England and Wales, Branch No. BROO4642. ITGL and ITGEL are authorised by the Irish Financial Regulator under the European Communities (Markets in Financial Instruments) Regulations 2007 and provide services in other member states of the European Community under Article 14 of the Markets in Financial Instruments Directive. ITGL is a member of the London Stock Exchange, Euronext and the Deutsche Borse and operates POSIT(r), the multilateral trading facility. ITGEL London Branch is regulated by the Financial Services Authority for the conduct of investment business in the UK. -------------- next part -------------- An HTML attachment was scrubbed... URL: From list-joonas at nettitieto.fi Wed Mar 19 13:00:32 2008 From: list-joonas at nettitieto.fi (=?windows-1252?Q?Joonas_H=E4m=E4l=E4inen?=) Date: Wed, 19 Mar 2008 15:00:32 +0200 Subject: LVM resize question In-Reply-To: References: Message-ID: <47E10E70.4080003@nettitieto.fi> Lopez, Denise kirjoitti: > Hi all, > > > > I am in the process of setting up a Xen server and I want to have the > Guest OS?s on LVM?s. I have created a 10GB LVM and installed a CentOS > guest on it. Now before it goes production I want to do testing of > increasing the space for the Guest OS. I have found documentation that > says to use resize2fs after you extend the logical volume but when I try > this command on the logical volume I get the following error. > > > > root at xen ~]# resize2fs /dev/XenServers/CentOS5 > > resize2fs 1.39 (29-May-2006) > > resize2fs: Bad magic number in super-block while trying to open > /dev/XenServers/CentOS5 > > Couldn't find valid filesystem superblock. > > > > I tried with the ?f option too but still the same error. > > > > Any ideas? Hips, I don't know if you have got this problem solved, but as there wasn't one confident reply how to solve this on list, I'll reply too. Better later than never as they say. I have similar setup as you have, xen domU:s on lvm, running even Centos guests. I dug this solution when setting them up, and been using it happily ever since: To increase size of partition to 6GB in size: [root at example ~]# lvextend -L6G /dev/domUarray/demodomU Extending logical volume demodomU to 6.00 GB Logical volume demodomU successfully resized If you want to upgrade 10GB partition to 12GB, you either say -L12G or -L+2G and it does the trick. After lvm has been resized, you have to use resize tool of filesystem: [root at example~]# e2fsck -f /dev/domUarray/demodomU e2fsck 1.35 (28-Feb-2004) Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Pass 5: Checking group summary information /dev/domUarray/demodomU: 24528/89664 files (0.7% non-contiguous), 161312/179200 blocks [root at example~]# resize2fs /dev/domUarray/demodomU resize2fs 1.35 (28-Feb-2004) Resizing the filesystem on /dev/domUarray/demodomU to 1572864 (4k) blocks. The filesystem on /dev/domUarray/demodomU is now 1572864 blocks long. Or if using reiserfs: # resize_reiserfs -f /dev/domUarray/demodomU # resize_reiserfs /dev/domUarray/demodomU Upper one of those is for online partition, below is one for offline partition. And you didn't ask, but telling you answer so you know when you encounter it, how to shrink partition: When making it smaller, we do it in reverse order. You also have to know block size of partition you want it to be: # resize2fs /dev/domUarray/demodomU 524288 # lvreduce -L-1G /dev/domUarray/demodomU and same with reiserfs, where you don't have to know block size of new size: # resize_reiserfs -s-1G /dev/domUarray/demodomU # lvreduce -L-1G /dev/domUarray/demodomU Hope this helps you, and others having similar problem. Regards, Joonas H?m?l?inen From Ryan.Sweat at atmosenergy.com Wed Mar 19 13:18:52 2008 From: Ryan.Sweat at atmosenergy.com (Sweat, Ryan) Date: Wed, 19 Mar 2008 08:18:52 -0500 Subject: LVM resize question In-Reply-To: <47E10E70.4080003@nettitieto.fi> References: <47E10E70.4080003@nettitieto.fi> Message-ID: > After lvm has been resized, you have to use resize tool of filesystem: > > > [root at example~]# e2fsck -f /dev/domUarray/demodomU > e2fsck 1.35 (28-Feb-2004) > Pass 1: Checking inodes, blocks, and sizes > Pass 2: Checking directory structure > Pass 3: Checking directory connectivity > Pass 4: Checking reference counts > Pass 5: Checking group summary information > /dev/domUarray/demodomU: 24528/89664 files (0.7% non-contiguous), > 161312/179200 blocks > > [root at example~]# resize2fs /dev/domUarray/demodomU > resize2fs 1.35 (28-Feb-2004) > Resizing the filesystem on /dev/domUarray/demodomU to 1572864 > (4k) blocks. > The filesystem on /dev/domUarray/demodomU is now 1572864 blocks long. > > > Or if using reiserfs: > # resize_reiserfs -f /dev/domUarray/demodomU > # resize_reiserfs /dev/domUarray/demodomU > > Upper one of those is for online partition, below is one for offline > partition. You can also resize ext3 file systems online (while mounted) with the ext2online tool. From lists at brimer.org Wed Mar 19 13:26:39 2008 From: lists at brimer.org (Barry Brimer) Date: Wed, 19 Mar 2008 08:26:39 -0500 (CDT) Subject: Ulimit issues In-Reply-To: <03AD8F255D6D244E8902D8F92C6EA8434D3EAC@MSG-EX01-EUR.wineur.itgeurope.com> References: <03AD8F255D6D244E8902D8F92C6EA8434D3EAC@MSG-EX01-EUR.wineur.itgeurope.com> Message-ID: > I tried adding the following to the top of the /etc/sysconfig/xinetd > file: > ulimit -Hn 65535 > ulimit -Sn 2048 > > and restarting xinetd, but I still get the 1024 limit from ulimit -n > after logging in via telnet. > > Am I doing anything obviously wrong here? I'm not sure with telnet, but with ssh, you end up with privelege separation where the service is not running as root, and therefore is unable to manipulate ulimit values. After you telnet in as userx, do an su - userx .. and then run your ulimit query again. Barry From DNguyen at dallascounty.org Wed Mar 19 14:57:23 2008 From: DNguyen at dallascounty.org (David Nguyen) Date: Wed, 19 Mar 2008 09:57:23 -0500 Subject: File size limitation Message-ID: Hi all, I run command "uncompress" to uncompress a tar file but the command stops when the file size reaches at 2Gig. Is there a way to increase file size limitation to be greater than 2 Gig in Red hat enterprise linux version 3? Thanks, David From Enils.Bashi at FTIConsulting.com Wed Mar 19 15:01:35 2008 From: Enils.Bashi at FTIConsulting.com (Bashi, Enils) Date: Wed, 19 Mar 2008 11:01:35 -0400 Subject: File size limitation In-Reply-To: References: Message-ID: <1205938895.15895.0.camel@ubx.na.fti.local> http://kbase.redhat.com/faq/FAQ_43_2930.shtm On Wed, 2008-03-19 at 09:57 -0500, David Nguyen wrote: > Hi all, > > I run command "uncompress" to uncompress a tar file but the command stops when the file size reaches at 2Gig. Is there a way to increase file size limitation to be greater than 2 Gig in Red hat enterprise linux version 3? > > Thanks, > David > > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- Enils Bashi Sr. Security Engineer\Information Technology Group F T I 410.571.7003 direct 900 Commerce Road Annapolis, MD 21401 www.fticonsulting.com Confidentiality Notice: This email and any attachments may be confidential and protected by legal privilege. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the e-mail or any attachment is prohibited. If you have received this email in error, please notify us immediately by replying to the sender and then delete this copy and the reply from your system. Thank you for your cooperation. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7806 bytes Desc: not available URL: From DNguyen at dallascounty.org Wed Mar 19 20:59:23 2008 From: DNguyen at dallascounty.org (David Nguyen) Date: Wed, 19 Mar 2008 15:59:23 -0500 Subject: Failed to start NFS Message-ID: Hi, I attempted to start NFS on Red hat enterprise 3 but could not start it. It showed mountd failed, how do I get moutd working? # service nfs start Starting NFS services: [ OK ] Starting NFS quotas: Cannot register service: RPC: Unable to receive; errno = Connection refused rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp). [FAILED] Starting NFS daemon: [FAILED] Starting NFS mountd: Cannot register service: RPC: Unable to receive; errno = Connection refused [FAILED] Thanks, David From jolt at ti.com Wed Mar 19 21:02:53 2008 From: jolt at ti.com (Olt, Joseph) Date: Wed, 19 Mar 2008 16:02:53 -0500 Subject: Failed to start NFS In-Reply-To: Message-ID: <6B34B8A05FA7544BB7F013ACD452E0280255606F@dlee11.ent.ti.com> David, Is portmap running? -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of David Nguyen Sent: Wednesday, March 19, 2008 4:59 PM To: redhat-sysadmin-list at redhat.com Subject: Failed to start NFS Hi, I attempted to start NFS on Red hat enterprise 3 but could not start it. It showed mountd failed, how do I get moutd working? # service nfs start Starting NFS services: [ OK ] Starting NFS quotas: Cannot register service: RPC: Unable to receive; errno = Connection refused rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp). [FAILED] Starting NFS daemon: [FAILED] Starting NFS mountd: Cannot register service: RPC: Unable to receive; errno = Connection refused [FAILED] Thanks, David -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From Enils.Bashi at FTIConsulting.com Wed Mar 19 21:03:23 2008 From: Enils.Bashi at FTIConsulting.com (Bashi, Enils) Date: Wed, 19 Mar 2008 17:03:23 -0400 Subject: Failed to start NFS In-Reply-To: References: Message-ID: <1DC970238492C74884BD8B98C188B099FAA731@ANNMX27.na.fti.local> I'm thinking you need to start the portmaper : service portmap start Enils -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of David Nguyen Sent: Wednesday, March 19, 2008 4:59 PM To: redhat-sysadmin-list at redhat.com Subject: Failed to start NFS Hi, I attempted to start NFS on Red hat enterprise 3 but could not start it. It showed mountd failed, how do I get moutd working? # service nfs start Starting NFS services: [ OK ] Starting NFS quotas: Cannot register service: RPC: Unable to receive; errno = Connection refused rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp). [FAILED] Starting NFS daemon: [FAILED] Starting NFS mountd: Cannot register service: RPC: Unable to receive; errno = Connection refused [FAILED] Thanks, David -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7445 bytes Desc: not available URL: From DNguyen at dallascounty.org Wed Mar 19 21:41:06 2008 From: DNguyen at dallascounty.org (David Nguyen) Date: Wed, 19 Mar 2008 16:41:06 -0500 Subject: Failed to start NFS Message-ID: Thanks a lot, Enils and Jolt. I get NFS started after starting portmap. David >>> Enils.Bashi at FTIConsulting.com 03/19/08 4:03 PM >>> I'm thinking you need to start the portmaper : service portmap start Enils -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of David Nguyen Sent: Wednesday, March 19, 2008 4:59 PM To: redhat-sysadmin-list at redhat.com Subject: Failed to start NFS Hi, I attempted to start NFS on Red hat enterprise 3 but could not start it. It showed mountd failed, how do I get moutd working? # service nfs start Starting NFS services: [ OK ] Starting NFS quotas: Cannot register service: RPC: Unable to receive; errno = Connection refused rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp). [FAILED] Starting NFS daemon: [FAILED] Starting NFS mountd: Cannot register service: RPC: Unable to receive; errno = Connection refused [FAILED] Thanks, David -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From DNguyen at dallascounty.org Wed Mar 19 21:49:43 2008 From: DNguyen at dallascounty.org (David Nguyen) Date: Wed, 19 Mar 2008 16:49:43 -0500 Subject: How to fix "Segmentation fault" Message-ID: Hi, I run compress command on Red hat enterprise 3, I receive "Segmentation fault" error while running compress command then it stops compressing the file. Does someone know what causes this error and how to fix it? [1]+ Segmentation fault nohup compress -f coldbackup.tar Thanks, David From bill at magicdigits.com Wed Mar 19 21:59:44 2008 From: bill at magicdigits.com (Bill Watson) Date: Wed, 19 Mar 2008 14:59:44 -0700 Subject: How to fix "Segmentation fault" In-Reply-To: Message-ID: <00e101c88a0c$9c294490$0132a8c0@bill> Any chance the file size >2Gb? If so, then you'd have to pipe the project through something like dd. # cat coldbackup.tar|compress|dd of=coldbackup.tar.Z or syntactically correct equivalent for instance. Bill Watson bill at magicdigits.com -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of David Nguyen Sent: Wednesday, March 19, 2008 2:50 PM To: redhat-sysadmin-list at redhat.com Subject: How to fix "Segmentation fault" Hi, I run compress command on Red hat enterprise 3, I receive "Segmentation fault" error while running compress command then it stops compressing the file. Does someone know what causes this error and how to fix it? [1]+ Segmentation fault nohup compress -f coldbackup.tar Thanks, David -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From DNguyen at dallascounty.org Wed Mar 19 22:20:00 2008 From: DNguyen at dallascounty.org (David Nguyen) Date: Wed, 19 Mar 2008 17:20:00 -0500 Subject: How to fix "Segmentation fault" Message-ID: Yes, it's about 20G but I don't have this issue running on our lab server which is also red hat enterprise 4. I wonder what's missing or wrong on this troubled server and need to find the fixes. Thanks, David >>> bill at magicdigits.com 03/19/08 4:59 PM >>> Any chance the file size >2Gb? If so, then you'd have to pipe the project through something like dd. # cat coldbackup.tar|compress|dd of=coldbackup.tar.Z or syntactically correct equivalent for instance. Bill Watson bill at magicdigits.com -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of David Nguyen Sent: Wednesday, March 19, 2008 2:50 PM To: redhat-sysadmin-list at redhat.com Subject: How to fix "Segmentation fault" Hi, I run compress command on Red hat enterprise 3, I receive "Segmentation fault" error while running compress command then it stops compressing the file. Does someone know what causes this error and how to fix it? [1]+ Segmentation fault nohup compress -f coldbackup.tar Thanks, David -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From herta.vandeneynde at gmail.com Wed Mar 19 22:45:39 2008 From: herta.vandeneynde at gmail.com (Herta Van den Eynde) Date: Wed, 19 Mar 2008 23:45:39 +0100 Subject: How to fix "Segmentation fault" In-Reply-To: References: Message-ID: On 19/03/2008, David Nguyen wrote: > > Yes, it's about 20G but I don't have this issue running on our lab server > which is also red hat enterprise 4. I wonder what's missing or wrong on > this troubled server and need to find the fixes. > > Thanks, > David > > > >>> bill at magicdigits.com 03/19/08 4:59 PM >>> > > Any chance the file size >2Gb? If so, then you'd have to pipe the project > through something like dd. > > # cat coldbackup.tar|compress|dd of=coldbackup.tar.Z or syntactically > correct equivalent for instance. > > Bill Watson > bill at magicdigits.com > > -----Original Message----- > From: redhat-sysadmin-list-bounces at redhat.com > [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of David Nguyen > Sent: Wednesday, March 19, 2008 2:50 PM > To: redhat-sysadmin-list at redhat.com > Subject: How to fix "Segmentation fault" > > > Hi, > > I run compress command on Red hat enterprise 3, I receive "Segmentation > fault" error while running compress command then it stops compressing the > file. Does someone know what causes this error and how to fix it? > > [1]+ Segmentation fault nohup compress -f coldbackup.tar > > > Thanks, > David > What is your maximum file size limit set to ("ulimit -f -H" and "ulimit -f -S")? Kind regards, Herta -- "Life on Earth may be expensive, but it comes with a free ride around the Sun." -------------- next part -------------- An HTML attachment was scrubbed... URL: From cax0cn at gmail.com Sat Mar 22 09:56:11 2008 From: cax0cn at gmail.com (Joseph Chen) Date: Sat, 22 Mar 2008 17:56:11 +0800 Subject: Ulimit issues In-Reply-To: References: <03AD8F255D6D244E8902D8F92C6EA8434D3EAC@MSG-EX01-EUR.wineur.itgeurope.com> Message-ID: <8d423b320803220256j555553ffoeb3ff6997280abd7@mail.gmail.com> After modificated /etc/security/limits.conf , the other point is that you should turn on UsePAM in /etc/ssh/sshd_config Good Luck! On Wed, Mar 19, 2008 at 9:26 PM, Barry Brimer wrote: > > I tried adding the following to the top of the /etc/sysconfig/xinetd > > file: > > ulimit -Hn 65535 > > ulimit -Sn 2048 > > > > and restarting xinetd, but I still get the 1024 limit from ulimit -n > > after logging in via telnet. > > > > Am I doing anything obviously wrong here? > > I'm not sure with telnet, but with ssh, you end up with privelege > separation where the service is not running as root, and therefore is > unable to manipulate ulimit values. After you telnet in as userx, do an > su - userx .. and then run your ulimit query again. > > Barry > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list > -- (Sponser & operater) Ultimate monitoring solution: http://hostpry.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From Roberto.Quagliozzi at edftrading.com Sat Mar 22 10:01:28 2008 From: Roberto.Quagliozzi at edftrading.com (Roberto.Quagliozzi at edftrading.com) Date: Sat, 22 Mar 2008 10:01:28 +0000 Subject: I'm not here! Message-ID: I will be out of the office starting 21/03/2008 and will not return until 07/04/2008. I will only be checking my email sporadically during this period, if you have anything urgent, please call the helpdesk on x4999. ********************************************************************* This communication contains confidential information, some or all of which may be privileged. It is for the intended recipient only and others must not disclose, distribute, copy, print or rely on this communication. If an addressing or transmission error has misdirected this communication, please notify the sender by replying to this e-mail and then delete the e-mail. E-mail sent to EDF Trading may be monitored by the company. Thank you. EDF Trading Limited 80 Victoria Street, 3rd Floor, Cardinal Place, London, SW1E 5JL A Company registered in England No. 4255974. Switchboard: 020 7061 4000 EDF Trading Markets Limited is a member of the EDF Trading Limited Group and is authorised and regulated by the Financial Services Authority. VAT number: GB 735 5479 07 ********************************************************************* From DNguyen at dallascounty.org Tue Mar 25 18:04:05 2008 From: DNguyen at dallascounty.org (David Nguyen) Date: Tue, 25 Mar 2008 13:04:05 -0500 Subject: How to restrict console login Message-ID: Hi, How do I restrict an user login direct from console but still allow others to use su to switch account to this user? I'm talking about a regular account not root account. Thanks, David From jolt at ti.com Tue Mar 25 18:30:40 2008 From: jolt at ti.com (Olt, Joseph) Date: Tue, 25 Mar 2008 13:30:40 -0500 Subject: How to restrict console login In-Reply-To: Message-ID: <6B34B8A05FA7544BB7F013ACD452E028025C4BCE@dlee11.ent.ti.com> David, Have a look at /etc/security/access.conf. You can restrict logon access there, but su should still work. Otherwise, you could setup sudo. Regards, Joseph -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of David Nguyen Sent: Tuesday, March 25, 2008 2:04 PM To: redhat-sysadmin-list at redhat.com Subject: How to restrict console login Hi, How do I restrict an user login direct from console but still allow others to use su to switch account to this user? I'm talking about a regular account not root account. Thanks, David -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From DNguyen at dallascounty.org Tue Mar 25 18:49:06 2008 From: DNguyen at dallascounty.org (David Nguyen) Date: Tue, 25 Mar 2008 13:49:06 -0500 Subject: How to restrict console login Message-ID: Joseph, I had tried that but not work. Finally, I found an article in The Secure Shell - The Definitive Guide from O'Reilly shows how to do this... just simply add following entry into /etc/sshd_config. Stop/start sshd daemon. DenyUsers Thanks for all your help, guys. David >>> jolt at ti.com 03/25/08 1:30 PM >>> David, Have a look at /etc/security/access.conf. You can restrict logon access there, but su should still work. Otherwise, you could setup sudo. Regards, Joseph -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of David Nguyen Sent: Tuesday, March 25, 2008 2:04 PM To: redhat-sysadmin-list at redhat.com Subject: How to restrict console login Hi, How do I restrict an user login direct from console but still allow others to use su to switch account to this user? I'm talking about a regular account not root account. Thanks, David -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From marlon at unifebe.edu.br Tue Mar 25 18:56:57 2008 From: marlon at unifebe.edu.br (Marlon Willrich) Date: Tue, 25 Mar 2008 15:56:57 -0300 Subject: How to restrict console login In-Reply-To: References: Message-ID: <47E94AF9.4020203@unifebe.edu.br> An HTML attachment was scrubbed... URL: From stan.hearn at nscorp.com Tue Mar 25 18:59:45 2008 From: stan.hearn at nscorp.com (Hearn, Stan J.) Date: Tue, 25 Mar 2008 14:59:45 -0400 Subject: How to restrict console login In-Reply-To: Message-ID: You mentioned console access in your first email. This will limit ssh access. Console access means sitting down at the system and logging in. I think that is different. I believe the suggestion by David would limit console access. Stan -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of David Nguyen Sent: Tuesday, March 25, 2008 2:49 PM To: redhat-sysadmin-list at redhat.com Subject: RE: How to restrict console login Joseph, I had tried that but not work. Finally, I found an article in The Secure Shell - The Definitive Guide from O'Reilly shows how to do this... just simply add following entry into /etc/sshd_config. Stop/start sshd daemon. DenyUsers Thanks for all your help, guys. David >>> jolt at ti.com 03/25/08 1:30 PM >>> David, Have a look at /etc/security/access.conf. You can restrict logon access there, but su should still work. Otherwise, you could setup sudo. Regards, Joseph -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of David Nguyen Sent: Tuesday, March 25, 2008 2:04 PM To: redhat-sysadmin-list at redhat.com Subject: How to restrict console login Hi, How do I restrict an user login direct from console but still allow others to use su to switch account to this user? I'm talking about a regular account not root account. Thanks, David -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From rriley at ariba.com Tue Mar 25 20:29:03 2008 From: rriley at ariba.com (Richard Riley) Date: Tue, 25 Mar 2008 16:29:03 -0400 Subject: How to restrict console login In-Reply-To: References: Message-ID: <8A5A158B711C154A91790AF8F573CF8B473FD8@us-atlmail1.ariba.com> Joseph's response to modify /etc/security/acces.conf is the best. You would have an entry similar to the following. -:ALL EXCEPT root tty1 tty2 tty3 tty4 tty5 tty6 The "tty" ports are associated with console access. You may have more or less on your machine. Run "ps -ef |grep tty" to find out exactly what you have. Be sure you test before putting in production - i.e. login via ssh (should be a "pts" port), su to root, make change, maintain this connection, and check console access. Also check another ssh connection. If it works as expected, you should be OK. The first ssh session is to insure you have a session that you can back out the change if new console access fails. Richard Riley Ariba, Inc. > >-----Original Message----- > >From: redhat-sysadmin-list-bounces at redhat.com > >[mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf > >Of Hearn, Stan J. > >Sent: Tuesday, March 25, 2008 3:00 PM > >To: redhat-sysadmin-list at redhat.com > >Subject: RE: How to restrict console login > > > >You mentioned console access in your first email. This will > >limit ssh access. Console access means sitting down at the > >system and logging in. > >I think that is different. I believe the suggestion by > >David would limit console access. > > > >Stan > > > > > >-----Original Message----- > >From: redhat-sysadmin-list-bounces at redhat.com > >[mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf > >Of David Nguyen > >Sent: Tuesday, March 25, 2008 2:49 PM > >To: redhat-sysadmin-list at redhat.com > >Subject: RE: How to restrict console login > > > >Joseph, > > > >I had tried that but not work. Finally, I found an article > >in The Secure Shell - The Definitive Guide from O'Reilly > >shows how to do this... just simply add following entry into > >/etc/sshd_config. > >Stop/start sshd daemon. > > > >DenyUsers > > > >Thanks for all your help, guys. > > > >David > > > >>>> jolt at ti.com 03/25/08 1:30 PM >>> > >David, > > > >Have a look at /etc/security/access.conf. You can restrict > >logon access there, but su should still work. Otherwise, > >you could setup sudo. > > > >Regards, > > > >Joseph > > > >-----Original Message----- > >From: redhat-sysadmin-list-bounces at redhat.com > >[mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf > >Of David Nguyen > >Sent: Tuesday, March 25, 2008 2:04 PM > >To: redhat-sysadmin-list at redhat.com > >Subject: How to restrict console login > > > >Hi, > > > >How do I restrict an user login direct from console but > >still allow others to use su to switch account to this user? > > I'm talking about a regular account not root account. > > > >Thanks, > >David > > > > > >-- > >redhat-sysadmin-list mailing list > >redhat-sysadmin-list at redhat.com > >https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list > > > >-- > >redhat-sysadmin-list mailing list > >redhat-sysadmin-list at redhat.com > >https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list > > > > > >-- > >redhat-sysadmin-list mailing list > >redhat-sysadmin-list at redhat.com > >https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list > > > >-- > >redhat-sysadmin-list mailing list > >redhat-sysadmin-list at redhat.com > >https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list > > From anil.ceeri at gmail.com Mon Mar 31 12:05:39 2008 From: anil.ceeri at gmail.com (Anil Saini) Date: Mon, 31 Mar 2008 17:35:39 +0530 Subject: (no subject) Message-ID: <8169574d0803310505n7fc2e645qdcdc3c173f7b0021@mail.gmail.com> -- Anil Saini M.E. - Software Systems B.E. - Electronics and Communication Project Assistant CISCO LAB Information Processing Center Unit BITS-PILANI -------------- next part -------------- An HTML attachment was scrubbed... URL: