From david at davidcoulson.net Sun Jul 1 02:17:34 2012 From: david at davidcoulson.net (David Coulson) Date: Sat, 30 Jun 2012 22:17:34 -0400 Subject: [rhelv6-list] CPU utilization issue following leap second insertion Message-ID: <4FEFB33E.30802@davidcoulson.net> Most of my RHEL6 systems running Java applications went nuts when the leap second was added: [root at rhtsutility02 stuff]# ssh rhesdevwesb01 grep UTC /var/log/messages Jun 30 19:59:59 rhesdevwesb01 kernel: Clock: inserting leap second 23:59:60 UTC Output of sar during interval in question 07:59:01 PM all 0.12 0.00 0.20 0.00 0.00 99.68 08:00:07 PM all 8.18 0.02 4.14 0.00 0.00 87.66 08:01:07 PM all 70.08 0.00 29.92 0.00 0.00 0.00 08:02:07 PM all 69.49 0.00 30.51 0.00 0.00 0.00 08:03:07 PM all 69.61 0.00 30.39 0.00 0.00 0.00 08:04:07 PM all 69.76 0.00 30.24 0.00 0.00 0.00 I've RHEL4 and RHEL5 systems running the same apps, same JVM, same J2EE (mostly WebSphere), and they were all fine. A couple of my RHEL6 boxes didn't log the 'inserting leap second' dmesg entry, and they did not exhibit an issue - Not sure why they did not log it, since they are all using the same NTP clock sources. Anyone else see this? I'm going to grab a bunch of sosreports and get a case open, but wanted to see if it was something unique to my environment. From bdwheele at indiana.edu Sun Jul 1 02:18:34 2012 From: bdwheele at indiana.edu (Brian Wheeler) Date: Sat, 30 Jun 2012 22:18:34 -0400 Subject: [rhelv6-list] CPU utilization issue following leap second insertion In-Reply-To: <4FEFB33E.30802@davidcoulson.net> References: <4FEFB33E.30802@davidcoulson.net> Message-ID: <4FEFB37A.70405@indiana.edu> Yes, some of my machines are going crazy. I've found that rebooting them seems to work around it... Brian On 06/30/2012 10:17 PM, David Coulson wrote: > Most of my RHEL6 systems running Java applications went nuts when the > leap second was added: > > [root at rhtsutility02 stuff]# ssh rhesdevwesb01 grep UTC /var/log/messages > Jun 30 19:59:59 rhesdevwesb01 kernel: Clock: inserting leap second > 23:59:60 UTC > > Output of sar during interval in question > 07:59:01 PM all 0.12 0.00 0.20 0.00 0.00 > 99.68 > 08:00:07 PM all 8.18 0.02 4.14 0.00 0.00 > 87.66 > 08:01:07 PM all 70.08 0.00 29.92 0.00 0.00 > 0.00 > 08:02:07 PM all 69.49 0.00 30.51 0.00 0.00 > 0.00 > 08:03:07 PM all 69.61 0.00 30.39 0.00 0.00 > 0.00 > 08:04:07 PM all 69.76 0.00 30.24 0.00 0.00 > 0.00 > > I've RHEL4 and RHEL5 systems running the same apps, same JVM, same > J2EE (mostly WebSphere), and they were all fine. > > A couple of my RHEL6 boxes didn't log the 'inserting leap second' > dmesg entry, and they did not exhibit an issue - Not sure why they did > not log it, since they are all using the same NTP clock sources. > > Anyone else see this? I'm going to grab a bunch of sosreports and get > a case open, but wanted to see if it was something unique to my > environment. > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list From bdwheele at indiana.edu Sun Jul 1 02:24:09 2012 From: bdwheele at indiana.edu (Brian Wheeler) Date: Sat, 30 Jun 2012 22:24:09 -0400 Subject: [rhelv6-list] CPU utilization issue following leap second insertion In-Reply-To: <4FEFB37A.70405@indiana.edu> References: <4FEFB33E.30802@davidcoulson.net> <4FEFB37A.70405@indiana.edu> Message-ID: <4FEFB4C9.4020703@indiana.edu> I should add that I have a RHEL5 box which got the leap second and snmp is reporting it is using 100% cpu but has a paltry loadavg of 3, so it may be affected as well. Brian On 06/30/2012 10:18 PM, Brian Wheeler wrote: > Yes, some of my machines are going crazy. I've found that rebooting > them seems to work around it... > > Brian > > > On 06/30/2012 10:17 PM, David Coulson wrote: >> Most of my RHEL6 systems running Java applications went nuts when the >> leap second was added: >> >> [root at rhtsutility02 stuff]# ssh rhesdevwesb01 grep UTC /var/log/messages >> Jun 30 19:59:59 rhesdevwesb01 kernel: Clock: inserting leap second >> 23:59:60 UTC >> >> Output of sar during interval in question >> 07:59:01 PM all 0.12 0.00 0.20 0.00 0.00 >> 99.68 >> 08:00:07 PM all 8.18 0.02 4.14 0.00 0.00 >> 87.66 >> 08:01:07 PM all 70.08 0.00 29.92 0.00 0.00 >> 0.00 >> 08:02:07 PM all 69.49 0.00 30.51 0.00 0.00 >> 0.00 >> 08:03:07 PM all 69.61 0.00 30.39 0.00 0.00 >> 0.00 >> 08:04:07 PM all 69.76 0.00 30.24 0.00 0.00 >> 0.00 >> >> I've RHEL4 and RHEL5 systems running the same apps, same JVM, same >> J2EE (mostly WebSphere), and they were all fine. >> >> A couple of my RHEL6 boxes didn't log the 'inserting leap second' >> dmesg entry, and they did not exhibit an issue - Not sure why they >> did not log it, since they are all using the same NTP clock sources. >> >> Anyone else see this? I'm going to grab a bunch of sosreports and get >> a case open, but wanted to see if it was something unique to my >> environment. >> >> _______________________________________________ >> rhelv6-list mailing list >> rhelv6-list at redhat.com >> https://www.redhat.com/mailman/listinfo/rhelv6-list > > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list From david at davidcoulson.net Sun Jul 1 02:26:50 2012 From: david at davidcoulson.net (David Coulson) Date: Sat, 30 Jun 2012 22:26:50 -0400 Subject: [rhelv6-list] CPU utilization issue following leap second insertion In-Reply-To: <4FEFB37A.70405@indiana.edu> References: <4FEFB33E.30802@davidcoulson.net> <4FEFB37A.70405@indiana.edu> Message-ID: <4FEFB56A.5020206@davidcoulson.net> Yeah, I'm rebooting a couple of non-production systems now. Unfortunately, we're right in the middle of our busy part of the day, so rebooting production isn't a great option. Did you have any RHEL6 systems not log the 'inserting leap second' entry? I've got ~20% of my boxes not logging, and not having the issue - They are older systems which were installed as RHEL6.0, and other boxes are RHEL6.1 and patched current. On 6/30/12 10:18 PM, Brian Wheeler wrote: > Yes, some of my machines are going crazy. I've found that rebooting > them seems to work around it... > > Brian > > > On 06/30/2012 10:17 PM, David Coulson wrote: >> Most of my RHEL6 systems running Java applications went nuts when the >> leap second was added: >> >> [root at rhtsutility02 stuff]# ssh rhesdevwesb01 grep UTC /var/log/messages >> Jun 30 19:59:59 rhesdevwesb01 kernel: Clock: inserting leap second >> 23:59:60 UTC >> >> Output of sar during interval in question >> 07:59:01 PM all 0.12 0.00 0.20 0.00 0.00 >> 99.68 >> 08:00:07 PM all 8.18 0.02 4.14 0.00 0.00 >> 87.66 >> 08:01:07 PM all 70.08 0.00 29.92 0.00 0.00 >> 0.00 >> 08:02:07 PM all 69.49 0.00 30.51 0.00 0.00 >> 0.00 >> 08:03:07 PM all 69.61 0.00 30.39 0.00 0.00 >> 0.00 >> 08:04:07 PM all 69.76 0.00 30.24 0.00 0.00 >> 0.00 >> >> I've RHEL4 and RHEL5 systems running the same apps, same JVM, same >> J2EE (mostly WebSphere), and they were all fine. >> >> A couple of my RHEL6 boxes didn't log the 'inserting leap second' >> dmesg entry, and they did not exhibit an issue - Not sure why they >> did not log it, since they are all using the same NTP clock sources. >> >> Anyone else see this? I'm going to grab a bunch of sosreports and get >> a case open, but wanted to see if it was something unique to my >> environment. >> >> _______________________________________________ >> rhelv6-list mailing list >> rhelv6-list at redhat.com >> https://www.redhat.com/mailman/listinfo/rhelv6-list > > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list From bdwheele at indiana.edu Sun Jul 1 02:27:53 2012 From: bdwheele at indiana.edu (Brian Wheeler) Date: Sat, 30 Jun 2012 22:27:53 -0400 Subject: [rhelv6-list] CPU utilization issue following leap second insertion In-Reply-To: <4FEFB4C9.4020703@indiana.edu> References: <4FEFB33E.30802@davidcoulson.net> <4FEFB37A.70405@indiana.edu> <4FEFB4C9.4020703@indiana.edu> Message-ID: <4FEFB5A9.6090406@indiana.edu> Sorry for the plethora of replies. Strike the RHEL5 case -- it must have been hit by something else when I was doing my testing -- it seems to have calmed down now. Brian On 06/30/2012 10:24 PM, Brian Wheeler wrote: > I should add that I have a RHEL5 box which got the leap second and > snmp is reporting it is using 100% cpu but has a paltry loadavg of 3, > so it may be affected as well. > > Brian > > On 06/30/2012 10:18 PM, Brian Wheeler wrote: >> Yes, some of my machines are going crazy. I've found that rebooting >> them seems to work around it... >> >> Brian >> >> >> On 06/30/2012 10:17 PM, David Coulson wrote: >>> Most of my RHEL6 systems running Java applications went nuts when >>> the leap second was added: >>> >>> [root at rhtsutility02 stuff]# ssh rhesdevwesb01 grep UTC >>> /var/log/messages >>> Jun 30 19:59:59 rhesdevwesb01 kernel: Clock: inserting leap second >>> 23:59:60 UTC >>> >>> Output of sar during interval in question >>> 07:59:01 PM all 0.12 0.00 0.20 0.00 0.00 >>> 99.68 >>> 08:00:07 PM all 8.18 0.02 4.14 0.00 0.00 >>> 87.66 >>> 08:01:07 PM all 70.08 0.00 29.92 0.00 >>> 0.00 0.00 >>> 08:02:07 PM all 69.49 0.00 30.51 0.00 >>> 0.00 0.00 >>> 08:03:07 PM all 69.61 0.00 30.39 0.00 >>> 0.00 0.00 >>> 08:04:07 PM all 69.76 0.00 30.24 0.00 >>> 0.00 0.00 >>> >>> I've RHEL4 and RHEL5 systems running the same apps, same JVM, same >>> J2EE (mostly WebSphere), and they were all fine. >>> >>> A couple of my RHEL6 boxes didn't log the 'inserting leap second' >>> dmesg entry, and they did not exhibit an issue - Not sure why they >>> did not log it, since they are all using the same NTP clock sources. >>> >>> Anyone else see this? I'm going to grab a bunch of sosreports and >>> get a case open, but wanted to see if it was something unique to my >>> environment. >>> >>> _______________________________________________ >>> rhelv6-list mailing list >>> rhelv6-list at redhat.com >>> https://www.redhat.com/mailman/listinfo/rhelv6-list >> >> >> _______________________________________________ >> rhelv6-list mailing list >> rhelv6-list at redhat.com >> https://www.redhat.com/mailman/listinfo/rhelv6-list > > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list From ewwhite at mac.com Sun Jul 1 02:47:08 2012 From: ewwhite at mac.com (Edmund White) Date: Sun, 1 Jul 2012 02:47:08 +0000 Subject: [rhelv6-list] CPU utilization issue following leap second insertion In-Reply-To: <4FEFB5A9.6090406@indiana.edu> Message-ID: I've been following this on Server Fault today: http://serverfault.com/q/403732/13325 provides the full explanation and post-mortem. Some of my EL6 systems are showing abnormally-high loads. -- Edmund White ewwhite at mac.com On 6/30/12 9:27 PM, "Brian Wheeler" wrote: >Sorry for the plethora of replies. Strike the RHEL5 case -- it must >have been hit by something else when I was doing my testing -- it seems >to have calmed down now. > >Brian > >On 06/30/2012 10:24 PM, Brian Wheeler wrote: >> I should add that I have a RHEL5 box which got the leap second and >> snmp is reporting it is using 100% cpu but has a paltry loadavg of 3, >> so it may be affected as well. >> >> Brian >> >> On 06/30/2012 10:18 PM, Brian Wheeler wrote: >>> Yes, some of my machines are going crazy. I've found that rebooting >>> them seems to work around it... >>> >>> Brian >>> >>> >>> On 06/30/2012 10:17 PM, David Coulson wrote: >>>> Most of my RHEL6 systems running Java applications went nuts when >>>> the leap second was added: >>>> >>>> [root at rhtsutility02 stuff]# ssh rhesdevwesb01 grep UTC >>>> /var/log/messages >>>> Jun 30 19:59:59 rhesdevwesb01 kernel: Clock: inserting leap second >>>> 23:59:60 UTC >>>> >>>> Output of sar during interval in question >>>> 07:59:01 PM all 0.12 0.00 0.20 0.00 0.00 >>>> 99.68 >>>> 08:00:07 PM all 8.18 0.02 4.14 0.00 0.00 >>>> 87.66 >>>> 08:01:07 PM all 70.08 0.00 29.92 0.00 >>>> 0.00 0.00 >>>> 08:02:07 PM all 69.49 0.00 30.51 0.00 >>>> 0.00 0.00 >>>> 08:03:07 PM all 69.61 0.00 30.39 0.00 >>>> 0.00 0.00 >>>> 08:04:07 PM all 69.76 0.00 30.24 0.00 >>>> 0.00 0.00 >>>> >>>> I've RHEL4 and RHEL5 systems running the same apps, same JVM, same >>>> J2EE (mostly WebSphere), and they were all fine. >>>> >>>> A couple of my RHEL6 boxes didn't log the 'inserting leap second' >>>> dmesg entry, and they did not exhibit an issue - Not sure why they >>>> did not log it, since they are all using the same NTP clock sources. >>>> >>>> Anyone else see this? I'm going to grab a bunch of sosreports and >>>> get a case open, but wanted to see if it was something unique to my >>>> environment. >>>> >>>> _______________________________________________ >>>> rhelv6-list mailing list >>>> rhelv6-list at redhat.com >>>> https://www.redhat.com/mailman/listinfo/rhelv6-list >>> >>> >>> _______________________________________________ >>> rhelv6-list mailing list >>> rhelv6-list at redhat.com >>> https://www.redhat.com/mailman/listinfo/rhelv6-list >> >> >> _______________________________________________ >> rhelv6-list mailing list >> rhelv6-list at redhat.com >> https://www.redhat.com/mailman/listinfo/rhelv6-list > > >_______________________________________________ >rhelv6-list mailing list >rhelv6-list at redhat.com >https://www.redhat.com/mailman/listinfo/rhelv6-list From bdwheele at indiana.edu Sun Jul 1 03:09:30 2012 From: bdwheele at indiana.edu (Brian Wheeler) Date: Sat, 30 Jun 2012 23:09:30 -0400 Subject: [rhelv6-list] CPU utilization issue following leap second insertion In-Reply-To: References: Message-ID: <4FEFBF6A.3080407@indiana.edu> I'll admit I didn't read the thread, but this seems to do the trick to fix it: service ntpd stop; date; date `date +"%m%d%H%M%C%y.%S"`; date On 06/30/2012 10:47 PM, Edmund White wrote: > I've been following this on Server Fault today: > http://serverfault.com/q/403732/13325 provides the full explanation and > post-mortem. > > Some of my EL6 systems are showing abnormally-high loads. > From pareilly at tcd.ie Tue Jul 3 08:25:15 2012 From: pareilly at tcd.ie (Paul Reilly) Date: Tue, 3 Jul 2012 09:25:15 +0100 Subject: [rhelv6-list] Matahari required? Message-ID: I want to build a minimal headless RHEL 6.3 system with as few services running as possible. I see the qpidd service is running as default now, which must be part of Matahari tcp 0 0 0.0.0.0:5672 0.0.0.0:* LISTEN 4908/qpidd Is it OK to turn this off? Is it OK to remove matahari? Paul -------------- next part -------------- An HTML attachment was scrubbed... URL: From tgc at statsbiblioteket.dk Tue Jul 3 09:58:33 2012 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Tue, 3 Jul 2012 11:58:33 +0200 Subject: [rhelv6-list] Matahari required? In-Reply-To: References: Message-ID: <4FF2C249.1000605@statsbiblioteket.dk> On 03/07/12 10:25, Paul Reilly wrote: > I want to build a minimal headless RHEL 6.3 system with as few services > running as possible. > I see the qpidd service is running as default now, which must be part of > Matahari > qpid is not part of matahari, but matahari requires a message broker and by default that is qpid. > tcp 0 0 0.0.0.0:5672 > 0.0.0.0:* LISTEN 4908/qpidd > > Is it OK to turn this off? If you don't need an AMQP message broker running, then yes. > Is it OK to remove matahari? > Yes, the RHEL 6.3 releasenotes even encourages you to do so. You should read the RHEL 6.3 Technical Notes section 3.12, it covers the deprecation of matahari. -tgc From manfroni at mat.uniroma3.it Tue Jul 3 15:43:29 2012 From: manfroni at mat.uniroma3.it (Tiziana Manfroni) Date: Tue, 3 Jul 2012 17:43:29 +0200 (CEST) Subject: [rhelv6-list] network problem on RHEL6.3 Message-ID: Hi, I have a problem with two network card on RHEL6.3 I configure the network with NetworkManager and in /etc/sysconfig/network-scripts/ifcfg-eth1(2) I change NM_CONTROLLED='no' so I run service NetworkManager stop, chkconfig NetworkManager off and service network restart. In this way only second card works. If I disable the second card, the first works. How can I do? This is my configuration file: /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE="eth1" ONBOOT=yes HWADDR=00:1D:0F:C3:42:F2 TYPE=Ethernet BOOTPROTO=none IPADDR=193.204.165.224 NETMASK=255.255.255.0 GATEWAY=193.204.165.1 DNS1=193.204.165.131 DNS2=193.205.139.10 IPV6INIT=no /etc/sysconfig/network-scripts/ifcfg-eth2 DEVICE="eth2" HWADDR=00:24:01:32:06:C7 TYPE=Ethernet BOOTPROTO=none IPADDR=192.168.114.60 NETMASK=255.255.255.0 #GATEWAY=192.168.114.1 DNS1=193.204.165.131 DNS2=193.205.139.10 IPV6INIT=no ONBOOT=yes /etc/sysconfig/network NETWORKING=yes HOSTNAME=web.mat.uniroma3.it /etc/resolv.conf search mat.uniroma3.it nameserver 193.204.165.131 nameserver 193.205.139.10 Thanks in advance Tiziana ____________________________________________________ ____ / / \ Tiziana Manfroni / / /\ \ Dipartimento di Matematica / / /\ \ \ Universita' Roma Tre / /_/__\ \ \ tel : 0657338237 /________\ \ \ fax : 0657338080 .___________\/ e-mail : manfroni at mat.uniroma3.it ____________________________________________________ From fmdlc at code4life.com.ar Tue Jul 3 16:19:38 2012 From: fmdlc at code4life.com.ar (Facundo M. de la Cruz) Date: Tue, 03 Jul 2012 13:19:38 -0300 Subject: [rhelv6-list] network problem on RHEL6.3 In-Reply-To: References: Message-ID: <4FF31B9A.9050506@code4life.com.ar> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/03/2012 12:43 PM, Tiziana Manfroni wrote: > Hi, I have a problem with two network card on RHEL6.3 > I configure the network with NetworkManager and in > /etc/sysconfig/network-scripts/ifcfg-eth1(2) I change NM_CONTROLLED='no' > so I run service NetworkManager stop, chkconfig NetworkManager off and > service network restart. > In this way only second card works. If I disable the second card, the > first works. > How can I do? > > This is my configuration file: > /etc/sysconfig/network-scripts/ifcfg-eth1 > DEVICE="eth1" > ONBOOT=yes > HWADDR=00:1D:0F:C3:42:F2 > TYPE=Ethernet > BOOTPROTO=none > IPADDR=193.204.165.224 > NETMASK=255.255.255.0 > GATEWAY=193.204.165.1 > DNS1=193.204.165.131 > DNS2=193.205.139.10 > IPV6INIT=no > > /etc/sysconfig/network-scripts/ifcfg-eth2 > DEVICE="eth2" > HWADDR=00:24:01:32:06:C7 > TYPE=Ethernet > BOOTPROTO=none > IPADDR=192.168.114.60 > NETMASK=255.255.255.0 > #GATEWAY=192.168.114.1 > DNS1=193.204.165.131 > DNS2=193.205.139.10 > IPV6INIT=no > ONBOOT=yes > > /etc/sysconfig/network > NETWORKING=yes > HOSTNAME=web.mat.uniroma3.it > > /etc/resolv.conf > search mat.uniroma3.it > nameserver 193.204.165.131 > nameserver 193.205.139.10 > > > > Thanks in advance > > Tiziana > > > ____________________________________________________ > ____ > / / \ Tiziana Manfroni > / / /\ \ Dipartimento di Matematica > / / /\ \ \ Universita' Roma Tre > / /_/__\ \ \ tel : 0657338237 > /________\ \ \ fax : 0657338080 > .___________\/ e-mail : manfroni at mat.uniroma3.it > ____________________________________________________ > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list Hi Tiziiana, Can you send the content of your /etc/udev/rules.dev/70-persistent-net.rule file?. Bests - -- Facundo M. de la Cruz (tty0) Unix Consultant & Security Researcher RHCE (Red Hat Certified Engineer) http://www.codigounix.com.ar/ GPG fingerprint: DF2F 514A 5167 00F5 C753 BF3B D797 C8E1 5726 0789 "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning." - Rich Cook -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJP8xuUAAoJENeXyOFXJgeJ8EEP/A9+nVm9gjaYGsnig69QrRIe hpcqKRsqnO8mh/JrEU+QQdLBpTDfGJbEFDuLhSdcorjBDcr8WEVh0KOMURbYRSrL xeCZ1pGQOK3mudBp+K/tr0e12MyYyftktoGmfM20EjlqEMXsqQhuBAC314fJtNHu WZGTLofaRRb8QBFe2q4LWmvifiojyvXmQ3+FRSU3AVzYZiTIRefrZPBNc7HR8LT/ yUmyZUhKWAe732i2Jntt091dJ37gWZwlrnSlNmS2cpUSRRqs/15RB4uhnKJdO0kv U3xCB7Mt6KzOeS4xojevuVC26TJrRmm8BKRWkKtZ+x3sj4JmtTUn9WwXad8ejvkg AE0UTXgThhL4HarviT7vaQuT/i8AjmQrYMPGQajLgbG1Hj3u08el0CaQgkOMlNp5 OI4uWm7jLB7CNRSezmFBXmzaup5XLZt1SCFm3WQxj11kfi4GUHWJUsJarZLcSI2L b4a+wa7ZgZfgfs5MsLDP85EZIbX/+936B6TAEHB5b6CN8liUGay8QdyQe3jFV6hm +klOHpO+vzfkWf6YgoTY7qVSB2ChTTNLWeBzmJ+rHnPRv6DAExBAgWD9zF/mogOw du9perT8ys9NuCVt/yXUACspDve2TEAzAdqnrSTSVAU6hnXR6/jl2AkTGnwH0Ifl bb1IXYqG9KdUWshgPWVC =vYJp -----END PGP SIGNATURE----- From manfroni at mat.uniroma3.it Wed Jul 4 06:02:01 2012 From: manfroni at mat.uniroma3.it (Tiziana Manfroni) Date: Wed, 4 Jul 2012 08:02:01 +0200 (CEST) Subject: [rhelv6-list] network problem on RHEL6.3 In-Reply-To: <4FF31B9A.9050506@code4life.com.ar> References: <4FF31B9A.9050506@code4life.com.ar> Message-ID: On Tue, 3 Jul 2012, Facundo M. de la Cruz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 07/03/2012 12:43 PM, Tiziana Manfroni wrote: >> Hi, I have a problem with two network card on RHEL6.3 >> I configure the network with NetworkManager and in >> /etc/sysconfig/network-scripts/ifcfg-eth1(2) I change NM_CONTROLLED='no' >> so I run service NetworkManager stop, chkconfig NetworkManager off and >> service network restart. >> In this way only second card works. If I disable the second card, the >> first works. >> How can I do? >> >> This is my configuration file: >> /etc/sysconfig/network-scripts/ifcfg-eth1 >> DEVICE="eth1" >> ONBOOT=yes >> HWADDR=00:1D:0F:C3:42:F2 >> TYPE=Ethernet >> BOOTPROTO=none >> IPADDR=193.204.165.224 >> NETMASK=255.255.255.0 >> GATEWAY=193.204.165.1 >> DNS1=193.204.165.131 >> DNS2=193.205.139.10 >> IPV6INIT=no >> >> /etc/sysconfig/network-scripts/ifcfg-eth2 >> DEVICE="eth2" >> HWADDR=00:24:01:32:06:C7 >> TYPE=Ethernet >> BOOTPROTO=none >> IPADDR=192.168.114.60 >> NETMASK=255.255.255.0 >> #GATEWAY=192.168.114.1 >> DNS1=193.204.165.131 >> DNS2=193.205.139.10 >> IPV6INIT=no >> ONBOOT=yes >> >> /etc/sysconfig/network >> NETWORKING=yes >> HOSTNAME=web.mat.uniroma3.it >> >> /etc/resolv.conf >> search mat.uniroma3.it >> nameserver 193.204.165.131 >> nameserver 193.205.139.10 >> >> >> >> Thanks in advance >> >> Tiziana >> >> > > Hi Tiziiana, > > Can you send the content of your > /etc/udev/rules.dev/70-persistent-net.rule file?. > > Bests > # PCI device 0x1969:0x1048 (atl1) SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:1e:8c:ac:b0:c7", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0" # PCI device 0x10ec:0x8139 (8139too) SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:1d:0f:c3:42:f2", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1" # PCI device 0x1186:0x1300 (8139too) SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:24:01:32:06:c7", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2" > > - -- > Facundo M. de la Cruz (tty0) > Unix Consultant & Security Researcher > RHCE (Red Hat Certified Engineer) > http://www.codigounix.com.ar/ > > GPG fingerprint: DF2F 514A 5167 00F5 C753 BF3B D797 C8E1 5726 0789 > > "Programming today is a race between software engineers striving to > build bigger and better idiot-proof programs, and the Universe trying to > produce bigger and better idiots. So far, the Universe is winning." - > Rich Cook > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQIcBAEBCgAGBQJP8xuUAAoJENeXyOFXJgeJ8EEP/A9+nVm9gjaYGsnig69QrRIe > hpcqKRsqnO8mh/JrEU+QQdLBpTDfGJbEFDuLhSdcorjBDcr8WEVh0KOMURbYRSrL > xeCZ1pGQOK3mudBp+K/tr0e12MyYyftktoGmfM20EjlqEMXsqQhuBAC314fJtNHu > WZGTLofaRRb8QBFe2q4LWmvifiojyvXmQ3+FRSU3AVzYZiTIRefrZPBNc7HR8LT/ > yUmyZUhKWAe732i2Jntt091dJ37gWZwlrnSlNmS2cpUSRRqs/15RB4uhnKJdO0kv > U3xCB7Mt6KzOeS4xojevuVC26TJrRmm8BKRWkKtZ+x3sj4JmtTUn9WwXad8ejvkg > AE0UTXgThhL4HarviT7vaQuT/i8AjmQrYMPGQajLgbG1Hj3u08el0CaQgkOMlNp5 > OI4uWm7jLB7CNRSezmFBXmzaup5XLZt1SCFm3WQxj11kfi4GUHWJUsJarZLcSI2L > b4a+wa7ZgZfgfs5MsLDP85EZIbX/+936B6TAEHB5b6CN8liUGay8QdyQe3jFV6hm > +klOHpO+vzfkWf6YgoTY7qVSB2ChTTNLWeBzmJ+rHnPRv6DAExBAgWD9zF/mogOw > du9perT8ys9NuCVt/yXUACspDve2TEAzAdqnrSTSVAU6hnXR6/jl2AkTGnwH0Ifl > bb1IXYqG9KdUWshgPWVC > =vYJp > -----END PGP SIGNATURE----- > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list > From manfroni at mat.uniroma3.it Wed Jul 4 09:00:43 2012 From: manfroni at mat.uniroma3.it (Tiziana Manfroni) Date: Wed, 4 Jul 2012 11:00:43 +0200 (CEST) Subject: [rhelv6-list] network problem on RHEL6.3 In-Reply-To: References: <4FF31B9A.9050506@code4life.com.ar> Message-ID: I do some tests and I have problems with 192.168.114 private network . Infact if I connect from public network (193.204.165.*) or another private network (192.168.115.) it's all ok, but for example, if I connect from a host with IP address 192.168.114.30 in 'ssh -vvv www at 193.204.165.224' the output is "ssh: connect to 193.204.165.224 port 22: no route to host". When I connect with 'ssh -vvv www at 192.168.114.60' I see "www at 192.168.114.60's password:" I have this network problem for all services on server (http, https, mail) and not for only ssh. This server worked with RHEL5.8 but after upgrade to RHEL6.3 there is this problem. Any idea? Tiziana > > On Tue, 3 Jul 2012, Facundo M. de la Cruz wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> On 07/03/2012 12:43 PM, Tiziana Manfroni wrote: >>> Hi, I have a problem with two network card on RHEL6.3 >>> I configure the network with NetworkManager and in >>> /etc/sysconfig/network-scripts/ifcfg-eth1(2) I change NM_CONTROLLED='no' >>> so I run service NetworkManager stop, chkconfig NetworkManager off and >>> service network restart. >>> In this way only second card works. If I disable the second card, the >>> first works. >>> How can I do? >>> >>> This is my configuration file: >>> /etc/sysconfig/network-scripts/ifcfg-eth1 >>> DEVICE="eth1" >>> ONBOOT=yes >>> HWADDR=00:1D:0F:C3:42:F2 >>> TYPE=Ethernet >>> BOOTPROTO=none >>> IPADDR=193.204.165.224 >>> NETMASK=255.255.255.0 >>> GATEWAY=193.204.165.1 >>> DNS1=193.204.165.131 >>> DNS2=193.205.139.10 >>> IPV6INIT=no >>> >>> /etc/sysconfig/network-scripts/ifcfg-eth2 >>> DEVICE="eth2" >>> HWADDR=00:24:01:32:06:C7 >>> TYPE=Ethernet >>> BOOTPROTO=none >>> IPADDR=192.168.114.60 >>> NETMASK=255.255.255.0 >>> #GATEWAY=192.168.114.1 >>> DNS1=193.204.165.131 >>> DNS2=193.205.139.10 >>> IPV6INIT=no >>> ONBOOT=yes >>> >>> /etc/sysconfig/network >>> NETWORKING=yes >>> HOSTNAME=web.mat.uniroma3.it >>> >>> /etc/resolv.conf >>> search mat.uniroma3.it >>> nameserver 193.204.165.131 >>> nameserver 193.205.139.10 >>> >>> >>> >>> Thanks in advance >>> >>> Tiziana >>> >>> >> >> Hi Tiziiana, >> >> Can you send the content of your >> /etc/udev/rules.dev/70-persistent-net.rule file?. >> >> Bests >> > > > # PCI device 0x1969:0x1048 (atl1) > SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", > ATTR{address}=="00:1e:8c:ac:b0:c7", ATTR{type}=="1", KERNEL=="eth*", > NAME="eth0" > > # PCI device 0x10ec:0x8139 (8139too) > SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", > ATTR{address}=="00:1d:0f:c3:42:f2", ATTR{type}=="1", KERNEL=="eth*", > NAME="eth1" > > # PCI device 0x1186:0x1300 (8139too) > SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", > ATTR{address}=="00:24:01:32:06:c7", ATTR{type}=="1", KERNEL=="eth*", > NAME="eth2" > > >> >> - -- >> Facundo M. de la Cruz (tty0) >> Unix Consultant & Security Researcher >> RHCE (Red Hat Certified Engineer) >> http://www.codigounix.com.ar/ >> From fmdlc at code4life.com.ar Wed Jul 4 12:14:50 2012 From: fmdlc at code4life.com.ar (Facundo M. de la Cruz) Date: Wed, 04 Jul 2012 09:14:50 -0300 Subject: [rhelv6-list] network problem on RHEL6.3 In-Reply-To: References: <4FF31B9A.9050506@code4life.com.ar> Message-ID: <4FF433BA.2040309@code4life.com.ar> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/04/2012 06:00 AM, Tiziana Manfroni wrote: > I do some tests and I have problems with 192.168.114 private network . > Infact if I connect from public network (193.204.165.*) or another > private network (192.168.115.) it's all ok, but for example, if I > connect from a host with IP address 192.168.114.30 in 'ssh -vvv > www at 193.204.165.224' the output is "ssh: connect to 193.204.165.224 port > 22: no route to host". When I connect with 'ssh -vvv www at 192.168.114.60' > I see "www at 192.168.114.60's password:" I have this network problem for > all services on server (http, https, mail) and not for only ssh. This > server worked with RHEL5.8 but after upgrade to RHEL6.3 there is this > problem. > > Any idea? > > Tiziana > Hi Tiziana, This looks as a routing problem. Can you send me the output of 'ifconfig - -a' and 'netstat -nr' command?. :-) Is the server using a CIRD netmask?. Anyway you can check the correct networking configuration with tool as 'ipcalc'. Thanks Best regars. - -- Facundo M. de la Cruz (tty0) Unix Specialist RHCE (Red Hat Certified Engineer) http://www.codigounix.com.ar/ GPG fingerprint: DF2F 514A 5167 00F5 C753 BF3B D797 C8E1 5726 0789 "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning." - Rich Cook -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJP9DO0AAoJENeXyOFXJgeJAScP/3gPmOxfMd02hfXYQ7DimWIu uNFEOaZvBmQszBOP5gXP/utHAnAkLLCIm7En250hZROuZYfx1Uwz4rfiM2iPrcSb ZBl04eEMBN24l9BSCbAlrydpeLAl9HzNJuAKOHL/c9SBv1bw86XHCGEinhbKbBuW 2DOUVzCBkLF/uFgocv/tr+79Wi/le5EhAWUf6aMjUWv4eX0zUz8HX/Ggj+uKHE3U C1DYljBtKxBt6dvgQI3zuvi9akmKPccVryQpArB+4m0nH8AhL9LyJXGGPAKQVkh7 eW0DTv+PmFPRdN24zh8ocMIJMWMS+bhS9Rsf55un9SuazOQxV0WR1yEjoKGwSweQ fwWUckSB7z6tDw2p//dwPcGojPsKZwrQDPkabVF7Jv32d8DEKsLaxqtD49QJLdWd azt2CsnWHLJaua3PjaS0qi2KPbBJrJdX+hX/mewrsJHdGTDCo9wcDObT23pU8EJz Vo0vxtnFda3fuqFCz/6ebt8ZwjU0hzXdD79uKqdgiOYTGS1GOomfdcFFMe3h4+R1 bS8CLQpzMRTRzG0npnXD6cfk65bod8kqhbsQd/6tqCiGovFzFUDtVt4jrV5dBlH9 QwMIpIhEhODLRABT4QapNpEW8WO197eFchyrGLU9lzOWtzOhKMB8UsCtKRDcjKJi gLzd/1HCiH9M0/6QwUz6 =xHPE -----END PGP SIGNATURE----- From john.haxby at gmail.com Wed Jul 4 12:46:36 2012 From: john.haxby at gmail.com (John Haxby) Date: Wed, 4 Jul 2012 13:46:36 +0100 Subject: [rhelv6-list] network problem on RHEL6.3 In-Reply-To: References: <4FF31B9A.9050506@code4life.com.ar> Message-ID: On 4 July 2012 10:00, Tiziana Manfroni wrote: > I do some tests and I have problems with 192.168.114 private network . > Infact if I connect from public network (193.204.165.*) or another private > network (192.168.115.) it's all ok, but for example, if I connect from a > host with IP address 192.168.114.30 in 'ssh -vvv www at 193.204.165.224' the > output is "ssh: connect to 193.204.165.224 port 22: no route to host". When > I connect with 'ssh -vvv www at 192.168.114.60' I see "www at 192.168.114.60's > password:" I have this network problem for all services on server (http, > https, mail) and not for only ssh. This server worked with RHEL5.8 but > after upgrade to RHEL6.3 there is this problem. > > > I'm pretty sure you're tripping over reverse path filtering change. In 5.x, the "net.ipv4.conf.default.rp_filter = 1" means "[loose] reverse path filtering". In 6.x (indeed any kernel after about 2.6.30) it leans "strict reverse path filtering". See /usr/share/doc/kernel-*/Documentation/networking/ip-sysctl.txt for more details. If you want loose mode, then change the "1" to "2" and restart everything. Loose mode reverse path filtering isn't usually recommended, though, not least because asymmetric routing can mess up TCP's flow control. I keep hoping that someone will post a succinct guide to having packets route back through the interface they came in on (I know it can be done, I've just never sat down and worked it out in detail.) jch -------------- next part -------------- An HTML attachment was scrubbed... URL: From wolfy at nobugconsulting.ro Wed Jul 4 12:59:42 2012 From: wolfy at nobugconsulting.ro (Manuel Wolfshant) Date: Wed, 04 Jul 2012 15:59:42 +0300 Subject: [rhelv6-list] network problem on RHEL6.3 In-Reply-To: References: <4FF31B9A.9050506@code4life.com.ar> Message-ID: <4FF43E3E.8070709@nobugconsulting.ro> On 07/04/2012 03:46 PM, John Haxby wrote: > > > On 4 July 2012 10:00, Tiziana Manfroni > wrote: > > I do some tests and I have problems with 192.168.114 private > network . Infact if I connect from public network (193.204.165.*) > or another private network (192.168.115.) it's all ok, but for > example, if I connect from a host with IP address 192.168.114.30 > in 'ssh -vvv www at 193.204.165.224 ' the > output is "ssh: connect to 193.204.165.224 port 22: no route to > host". When I connect with 'ssh -vvv www at 192.168.114.60 > ' I see "www at 192.168.114.60 > 's password:" I have this network > problem for all services on server (http, https, mail) and not for > only ssh. This server worked with RHEL5.8 but after upgrade to > RHEL6.3 there is this problem. > > > > I'm pretty sure you're tripping over reverse path filtering change. > In 5.x, the "net.ipv4.conf.default.rp_filter = 1" means "[loose] > reverse path filtering". In 6.x (indeed any kernel after about > 2.6.30) it leans "strict reverse path filtering". See > /usr/share/doc/kernel-*/Documentation/networking/ip-sysctl.txt for > more details. If you want loose mode, then change the "1" to "2" and > restart everything. > > Loose mode reverse path filtering isn't usually recommended, though, > not least because asymmetric routing can mess up TCP's flow control. > I keep hoping that someone will post a succinct guide to having > packets route back through the interface they came in on (I know it > can be done, I've just never sat down and worked it out in detail.) EXTERNAL_INTERFACE1="eth1.5" EXTERNAL_INTERFACE2="eth1.6" $IPTABLES -t mangle -A PREROUTING -j CONNMARK --restore-mark $IPTABLES -t mangle -A PREROUTING -i "$EXTERNAL_INTERFACE1" -j MARK --set-mark 2 $IPTABLES -t mangle -A PREROUTING -i "$EXTERNAL_INTERFACE2" -j MARK --set-mark 3 $IPTABLES -t mangle -A POSTROUTING -j CONNMARK --save-mark [root at mail ~]# grep mark /etc/sysconfig/network-scripts/rule-eth* /etc/sysconfig/network-scripts/rule-eth1.5:fwmark 2 table T1 /etc/sysconfig/network-scripts/rule-eth1.6:fwmark 3 table T2 The rest is left as exercise for the reader From john.haxby at gmail.com Wed Jul 4 14:25:54 2012 From: john.haxby at gmail.com (John Haxby) Date: Wed, 4 Jul 2012 15:25:54 +0100 Subject: [rhelv6-list] network problem on RHEL6.3 In-Reply-To: <4FF43E3E.8070709@nobugconsulting.ro> References: <4FF31B9A.9050506@code4life.com.ar> <4FF43E3E.8070709@nobugconsulting.ro> Message-ID: On 4 July 2012 13:59, Manuel Wolfshant wrote: > On 07/04/2012 03:46 PM, John Haxby wrote: > >> >> Loose mode reverse path filtering isn't usually recommended, though, not >> least because asymmetric routing can mess up TCP's flow control. I keep >> hoping that someone will post a succinct guide to having packets route back >> through the interface they came in on (I know it can be done, I've just >> never sat down and worked it out in detail.) >> > > EXTERNAL_INTERFACE1="eth1.5" > EXTERNAL_INTERFACE2="eth1.6" > $IPTABLES -t mangle -A PREROUTING -j CONNMARK --restore-mark > $IPTABLES -t mangle -A PREROUTING -i "$EXTERNAL_INTERFACE1" -j MARK > --set-mark 2 > $IPTABLES -t mangle -A PREROUTING -i "$EXTERNAL_INTERFACE2" -j MARK > --set-mark 3 > $IPTABLES -t mangle -A POSTROUTING -j CONNMARK --save-mark > > > > [root at mail ~]# grep mark /etc/sysconfig/network-**scripts/rule-eth* > /etc/sysconfig/network-**scripts/rule-eth1.5:fwmark 2 table T1 > /etc/sysconfig/network-**scripts/rule-eth1.6:fwmark 3 table T2 > > > The rest is left as exercise for the reader > > Thank you very much! jch -- Phear the Penguin -------------- next part -------------- An HTML attachment was scrubbed... URL: From rvdwees at xs4all.nl Wed Jul 4 18:47:16 2012 From: rvdwees at xs4all.nl (Ron van der Wees) Date: Wed, 04 Jul 2012 20:47:16 +0200 Subject: [rhelv6-list] network problem on RHEL6.3 In-Reply-To: References: <4FF31B9A.9050506@code4life.com.ar> <4FF43E3E.8070709@nobugconsulting.ro> Message-ID: <22cc921a-b117-473b-ae1f-0b20af30832b@email.android.com> Ah die camp in .fr is vlak bij cap d agde. Wij zijn veel in valras en een keer in vias geweest. Een beetje weer gehad daar? Wij gaan naar zaton, kroatie. Ron John Haxby wrote: On 4 July 2012 13:59, Manuel Wolfshant wrote: On 07/04/2012 03:46 PM, John Haxby wrote: Loose mode reverse path filtering isn't usually recommended, though, not least because asymmetric routing can mess up TCP's flow control. I keep hoping that someone will post a succinct guide to having packets route back through the interface they came in on (I know it can be done, I've just never sat down and worked it out in detail.) EXTERNAL_INTERFACE1="eth1.5" EXTERNAL_INTERFACE2="eth1.6" $IPTABLES -t mangle -A PREROUTING -j CONNMARK --restore-mark $IPTABLES -t mangle -A PREROUTING -i "$EXTERNAL_INTERFACE1" -j MARK --set-mark 2 $IPTABLES -t mangle -A PREROUTING -i "$EXTERNAL_INTERFACE2" -j MARK --set-mark 3 $IPTABLES -t mangle -A POSTROUTING -j CONNMARK --save-mark [root at mail ~]# grep mark /etc/sysconfig/network-scripts/rule-eth* /etc/sysconfig/network-scripts/rule-eth1.5:fwmark 2 table T1 /etc/sysconfig/network-scripts/rule-eth1.6:fwmark 3 table T2 The rest is left as exercise for the reader Thank you very much! jch -- Phear the Penguin -------------- next part -------------- An HTML attachment was scrubbed... URL: From rvdwees at xs4all.nl Wed Jul 4 18:56:18 2012 From: rvdwees at xs4all.nl (Ron van der Wees) Date: Wed, 04 Jul 2012 20:56:18 +0200 Subject: [rhelv6-list] network problem on RHEL6.3 In-Reply-To: <22cc921a-b117-473b-ae1f-0b20af30832b@email.android.com> References: <4FF31B9A.9050506@code4life.com.ar> <4FF43E3E.8070709@nobugconsulting.ro> <22cc921a-b117-473b-ae1f-0b20af30832b@email.android.com> Message-ID: <69f0e591d912d8b053af45558228ccb5@xs4all.nl> Apologies, my bad by replying to the wrong email. Please ignore my previous post. Ron On 2012-07-04 20:47, Ron van der Wees wrote: From pasik at iki.fi Mon Jul 9 08:48:15 2012 From: pasik at iki.fi (Pasi =?iso-8859-1?Q?K=E4rkk=E4inen?=) Date: Mon, 9 Jul 2012 11:48:15 +0300 Subject: [rhelv6-list] RHEL6.2 XFS brutal performence with lots of files In-Reply-To: References: Message-ID: <20120709084815.GK2058@reaktio.net> On Fri, Jun 22, 2012 at 07:45:22PM -0500, Daryl Herzmann wrote: > On Tue, Jun 5, 2012 at 3:10 PM, Jussi Silvennoinen > wrote: > >> I've been noticing lots of annoying problems with XFS performance with > >> RHEL6.2 on 64bit. ?I typically have 20-30 TB file systems with data > >> structured in directories based on day of year, product type, for example, > >> > >> ?/data/2012/06/05/product/blah.gif > >> > >> Doing operations like tar or rm over these directories bring the system to > >> a grinding halt. ?Load average goes vertical and eventually the power button > >> needs to be pressed in many cases :( A hack workaround is to break apart the > >> task into smaller chunks and let the system breath in between operations... > >> > >> Anyway, I read Ric Wheeler's "Billion Files" with great interest > >> > >> > >> http://www.redhat.com/summit/2011/presentations/summit/decoding_the_code/thursday/wheeler_t_0310_billion_files_2011.pdf > >> > >> It appears there are 'known issues' with XFS and RHEL6.1. ?It does not > >> appear these issues were addressed in RHEL 6.2? > >> > >> Does anybody know if these issues were addressed in the upcoming RHEL 6.3? > >> My impression is that upstream fixes for this only recently (last 6 months?) > >> appeared in the mainline kernel. > >> > >> Perhaps I am missing some tuning that could be done to help with this? > > > > > > Enabling lazy-count does wonders for workloads that involve massive amounts > > of metadata. Unfortunately it's a mkfs-time option only AFAIK. > > Thanks, but it was already enabled... > Did you try monitoring the system while the load avg starts increasing? What's using all the resources? Is it a memleak somewhere? -- Pasi From cgr at u.washington.edu Mon Jul 9 18:33:57 2012 From: cgr at u.washington.edu (Carl G. Riches) Date: Mon, 9 Jul 2012 11:33:57 -0700 (PDT) Subject: [rhelv6-list] RHEL6 igb network driver version? Message-ID: What is the igb network driver version in RHEL6.2? We have some new servers with Intel I360 NICs and are having trouble getting RHEL5.x (for various values of x) to work with them. Does 6.2 support this NIC? Thanks, Carl Carl G. Riches IT Manager Department of Biostatistics Box 357232 voice: 206-616-2725 University of Washington fax: 206-543-3286 Seattle, WA 98195-7232 internet: cgr at u.washington.edu From amyagi at gmail.com Mon Jul 9 18:50:30 2012 From: amyagi at gmail.com (Akemi Yagi) Date: Mon, 9 Jul 2012 11:50:30 -0700 Subject: [rhelv6-list] RHEL6 igb network driver version? In-Reply-To: References: Message-ID: On Mon, Jul 9, 2012 at 11:33 AM, Carl G. Riches wrote: > > What is the igb network driver version in RHEL6.2? We have some new servers > with Intel I360 NICs and are having trouble getting RHEL5.x (for various > values of x) to work with them. Does 6.2 support this NIC? RHEL 6.3 has version 3.2.10-k of the igb driver. If you wish to try a newer version, install ELRepo's kmod-igb which is at version 3.3.6 [1]. Akemi [1] http://elrepo.org/tiki/tiki-index.php?page=Driver+Versions From cgr at u.washington.edu Mon Jul 9 19:24:26 2012 From: cgr at u.washington.edu (Carl G. Riches) Date: Mon, 9 Jul 2012 12:24:26 -0700 (PDT) Subject: [rhelv6-list] RHEL6 igb network driver version? In-Reply-To: References: Message-ID: On Mon, 9 Jul 2012, Akemi Yagi wrote: > On Mon, Jul 9, 2012 at 11:33 AM, Carl G. Riches wrote: >> >> What is the igb network driver version in RHEL6.2? We have some new servers >> with Intel I360 NICs and are having trouble getting RHEL5.x (for various >> values of x) to work with them. Does 6.2 support this NIC? > > RHEL 6.3 has version 3.2.10-k of the igb driver. If you wish to try a > newer version, install ELRepo's kmod-igb which is at version 3.3.6 > [1]. > > Akemi > > [1] http://elrepo.org/tiki/tiki-index.php?page=Driver+Versions > Thanks! Carl From Mark.Gosselin at netscout.com Tue Jul 10 19:11:01 2012 From: Mark.Gosselin at netscout.com (Gosselin, Mark) Date: Tue, 10 Jul 2012 19:11:01 +0000 Subject: [rhelv6-list] mgetty configuration Message-ID: Having trouble with configuration of mgetty under RHEL6.2. /etc/inittab entries don't work any more... Does anyone have "how to" that will walk me through it?? I'm trying to run an mgetty to listen on ttyS0. Thanks! Mark Gosselin -------------- next part -------------- An HTML attachment was scrubbed... URL: From jsbillin at umich.edu Tue Jul 10 20:09:04 2012 From: jsbillin at umich.edu (Jonathan Billings) Date: Tue, 10 Jul 2012 16:09:04 -0400 Subject: [rhelv6-list] mgetty configuration In-Reply-To: References: Message-ID: On Tue, Jul 10, 2012 at 3:11 PM, Gosselin, Mark wrote: > ** ** > > Having trouble with configuration of mgetty under RHEL6.2. /etc/inittab > entries don?t work any more?**** > > ** ** > > Does anyone have ?how to? that will walk me through it?? I?m trying to run > an mgetty to listen on ttyS0. > Take a look at /etc/init/serial.conf, it will give you all that you need to know. If you've got GRUB's kernel line set to use ttyS0 as the console, it'll automatically create an agetty on that serial device automatically. -- Jonathan Billings College of Engineering - CAEN - Unix and Linux Support -------------- next part -------------- An HTML attachment was scrubbed... URL: From jmtilsley at st-claire.org Thu Jul 19 15:40:17 2012 From: jmtilsley at st-claire.org (Tilsley, Jerry M.) Date: Thu, 19 Jul 2012 15:40:17 +0000 Subject: [rhelv6-list] TSQL Issue Message-ID: <5876CF7B7F6E2D48B01C8CB7C3B46C3A49C56D@scrvm-ex2.st-claire.org> All, I have a test/development server that is Redhat 6.2 using FreeTDS-0.91 and unixODBC 2.2.14-11.el6 installed. When I use the TSQL command to test the server I get the following: Unable to connect: Adaptive Server is unavailable or does not exist OS error 111, "Connection refused" There was a problem connecting to the server Now I have a production server that is Redhat 5.8 using FreeTDS-0.82 and unixODBC 2.2.11 which works just fine. Any ideas on how I can track down the issue? Thanks, Jerry ________________________________ Disclaimer**** This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of St. Claire Regional Medical Center. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of the email is strictly prohibited. If you received this email in error please notify the St. Claire Regional Helpdesk by telephone at 606-783-6565. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bseklecki at fedex.com Thu Jul 19 16:02:57 2012 From: bseklecki at fedex.com (Brian Seklecki) Date: Thu, 19 Jul 2012 16:02:57 +0000 Subject: [rhelv6-list] TSQL Issue In-Reply-To: <5876CF7B7F6E2D48B01C8CB7C3B46C3A49C56D@scrvm-ex2.st-claire.org> References: <5876CF7B7F6E2D48B01C8CB7C3B46C3A49C56D@scrvm-ex2.st-claire.org> Message-ID: IPTables? /etc/rc.d/init.d/ip6tables stop && /etc/rc.d/init.d/iptables stop Also, find out what TCP port that Adaptive server listens on and try to telnet to it Eg. PostgreSQL: $ telnet foo 5432 Tryingx.x.x.x... Connected to fo... Escape character is '^]'. ^] telnet> Connection closed. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jmtilsley at st-claire.org Thu Jul 19 16:12:15 2012 From: jmtilsley at st-claire.org (Tilsley, Jerry M.) Date: Thu, 19 Jul 2012 16:12:15 +0000 Subject: [rhelv6-list] TSQL Issue In-Reply-To: References: <5876CF7B7F6E2D48B01C8CB7C3B46C3A49C56D@scrvm-ex2.st-claire.org> Message-ID: <5876CF7B7F6E2D48B01C8CB7C3B46C3A49C781@scrvm-ex2.st-claire.org> Iptables are already stopped as I do not use them. Telnet to the port worked just fine. From: rhelv6-list-bounces at redhat.com [mailto:rhelv6-list-bounces at redhat.com] On Behalf Of Brian Seklecki Sent: Thursday, July 19, 2012 12:03 PM To: 'rhelv6-list at redhat.com' Subject: Re: [rhelv6-list] TSQL Issue IPTables? /etc/rc.d/init.d/ip6tables stop && /etc/rc.d/init.d/iptables stop Also, find out what TCP port that Adaptive server listens on and try to telnet to it Eg. PostgreSQL: $ telnet foo 5432 Tryingx.x.x.x... Connected to fo... Escape character is '^]'. ^] telnet> Connection closed. ________________________________ Disclaimer**** This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of St. Claire Regional Medical Center. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of the email is strictly prohibited. If you received this email in error please notify the St. Claire Regional Helpdesk by telephone at 606-783-6565. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bseklecki at fedex.com Thu Jul 19 16:55:38 2012 From: bseklecki at fedex.com (Brian Seklecki) Date: Thu, 19 Jul 2012 16:55:38 +0000 Subject: [rhelv6-list] TSQL Issue In-Reply-To: <5876CF7B7F6E2D48B01C8CB7C3B46C3A49C781@scrvm-ex2.st-claire.org> References: <5876CF7B7F6E2D48B01C8CB7C3B46C3A49C56D@scrvm-ex2.st-claire.org> <5876CF7B7F6E2D48B01C8CB7C3B46C3A49C781@scrvm-ex2.st-claire.org> Message-ID: "Connection refused" normally means RST on SYN; check 'tcpdump -ttt -vvv -n 'host $DB', if the socket is establishing, "connection refused" may be a protocol-level error that is ambiguous in light of historical TCP socket error standard verbiage. -------------- next part -------------- An HTML attachment was scrubbed... URL: From geslinux at gmail.com Thu Jul 19 19:44:28 2012 From: geslinux at gmail.com (Grzegorz Witkowski) Date: Thu, 19 Jul 2012 20:44:28 +0100 Subject: [rhelv6-list] TSQL Issue In-Reply-To: <5876CF7B7F6E2D48B01C8CB7C3B46C3A49C56D@scrvm-ex2.st-claire.org> References: <5876CF7B7F6E2D48B01C8CB7C3B46C3A49C56D@scrvm-ex2.st-claire.org> Message-ID: On Thu, Jul 19, 2012 at 4:40 PM, Tilsley, Jerry M. wrote: > All, > > > > I have a test/development server that is Redhat 6.2 using FreeTDS-0.91 and > unixODBC 2.2.14-11.el6 installed. When I use the TSQL command to test the > server I get the following: > > > > Unable to connect: Adaptive Server is unavailable or does not exist > > OS error 111, "Connection refused" > > There was a problem connecting to the server > > > > Now I have a production server that is Redhat 5.8 using FreeTDS-0.82 and > unixODBC 2.2.11 which works just fine. Any ideas on how I can track down > the issue? > > > > Thanks, > > > > Jerry > > ------------------------------ > > Disclaimer**** > This email is confidential and intended solely for the use of the > individual to whom it is addressed. Any views or opinions presented are > solely those of the author and do not necessarily represent those of St. > Claire Regional Medical Center. If you are not the intended recipient, be > advised that you have received this email in error and that any use, > dissemination, forwarding, printing or copying of the email is strictly > prohibited. If you received this email in error please notify the St. > Claire Regional Helpdesk by telephone at 606-783-6565. > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list > > Hi, Just guess, as I've no experience with this product, but have you tried to check the log and also I would try to put selinux in permissive if you disabled iptables already. Check the selinux. Regards, Ges -------------- next part -------------- An HTML attachment was scrubbed... URL: From inode0 at gmail.com Thu Jul 19 20:36:52 2012 From: inode0 at gmail.com (inode0) Date: Thu, 19 Jul 2012 15:36:52 -0500 Subject: [rhelv6-list] New glibc and kerberos auth breakage?! Message-ID: So all of my RHEL6.3 boxes that use kerberos for authentication suffer breakage after updating glibc. Downgrading glibc* restores them to expected behavior. With the new glibc installed I have seen both gssapi-with-mic and password auth fail on ssh connections. Lots of spewage from pam about not being able to find users or resolve hosts. pam_succeed_if for instance can no longer find users not local to the machine. Has anyone else encountered anything like this with the recent update? Thanks, John From riehecky at fnal.gov Thu Jul 19 20:54:46 2012 From: riehecky at fnal.gov (Pat Riehecky) Date: Thu, 19 Jul 2012 15:54:46 -0500 Subject: [rhelv6-list] New glibc and kerberos auth breakage?! In-Reply-To: References: Message-ID: <50087416.1010309@fnal.gov> On 07/19/2012 03:36 PM, inode0 wrote: > So all of my RHEL6.3 boxes that use kerberos for authentication suffer > breakage after updating glibc. Downgrading glibc* restores them to > expected behavior. With the new glibc installed I have seen both > gssapi-with-mic and password auth fail on ssh connections. Lots of > spewage from pam about not being able to find users or resolve hosts. > pam_succeed_if for instance can no longer find users not local to the > machine. > > Has anyone else encountered anything like this with the recent update? > > Thanks, > John > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list I haven't but I've got kerberos auth over here. Any chance for replication steps? I'd love some ssh logs! Pat -- Pat Riehecky Scientific Linux Developer From t.h.amundsen at usit.uio.no Thu Jul 19 21:08:27 2012 From: t.h.amundsen at usit.uio.no (Trond Hasle Amundsen) Date: Thu, 19 Jul 2012 23:08:27 +0200 Subject: [rhelv6-list] New glibc and kerberos auth breakage?! In-Reply-To: (inode0@gmail.com's message of "Thu, 19 Jul 2012 15:36:52 -0500") References: Message-ID: <15tbojbe9x0.fsf@tux.uio.no> inode0 writes: > So all of my RHEL6.3 boxes that use kerberos for authentication suffer > breakage after updating glibc. Downgrading glibc* restores them to > expected behavior. With the new glibc installed I have seen both > gssapi-with-mic and password auth fail on ssh connections. Lots of > spewage from pam about not being able to find users or resolve hosts. > pam_succeed_if for instance can no longer find users not local to the > machine. > > Has anyone else encountered anything like this with the recent update? Just guessing... If you have IPv6 addresses in resolv.conf, you could have been bitten by this rather nasty bug: https://bugzilla.redhat.com/show_bug.cgi?id=835090 https://bugzilla.redhat.com/show_bug.cgi?id=837026 An errata was issued yesterday. Regards, -- Trond H. Amundsen Center for Information Technology Services, University of Oslo From inode0 at gmail.com Thu Jul 19 21:16:14 2012 From: inode0 at gmail.com (inode0) Date: Thu, 19 Jul 2012 16:16:14 -0500 Subject: [rhelv6-list] New glibc and kerberos auth breakage?! In-Reply-To: <15tbojbe9x0.fsf@tux.uio.no> References: <15tbojbe9x0.fsf@tux.uio.no> Message-ID: On Thu, Jul 19, 2012 at 4:08 PM, Trond Hasle Amundsen wrote: > inode0 writes: > >> So all of my RHEL6.3 boxes that use kerberos for authentication suffer >> breakage after updating glibc. Downgrading glibc* restores them to >> expected behavior. With the new glibc installed I have seen both >> gssapi-with-mic and password auth fail on ssh connections. Lots of >> spewage from pam about not being able to find users or resolve hosts. >> pam_succeed_if for instance can no longer find users not local to the >> machine. >> >> Has anyone else encountered anything like this with the recent update? > > Just guessing... If you have IPv6 addresses in resolv.conf, you could > have been bitten by this rather nasty bug: > > https://bugzilla.redhat.com/show_bug.cgi?id=835090 > https://bugzilla.redhat.com/show_bug.cgi?id=837026 > > An errata was issued yesterday. I sort of think I am being bitten by the fix. With or without IPv6 addresses in resolv.conf we had working systems prior to applying that update and broken systems after applying it. And reverting that update makes everything work again. Since the errors I see in pam are potentially related to that bit of the update though (failures to resolve the kdc, failures to find the username) I'm guessing there is a connection here. John From riehecky at fnal.gov Thu Jul 19 21:28:18 2012 From: riehecky at fnal.gov (Pat Riehecky) Date: Thu, 19 Jul 2012 16:28:18 -0500 Subject: [rhelv6-list] New glibc and kerberos auth breakage?! In-Reply-To: <50087416.1010309@fnal.gov> References: <50087416.1010309@fnal.gov> Message-ID: <50087BF2.1020701@fnal.gov> On 07/19/2012 03:54 PM, Pat Riehecky wrote: > On 07/19/2012 03:36 PM, inode0 wrote: >> So all of my RHEL6.3 boxes that use kerberos for authentication suffer >> breakage after updating glibc. Downgrading glibc* restores them to >> expected behavior. With the new glibc installed I have seen both >> gssapi-with-mic and password auth fail on ssh connections. Lots of >> spewage from pam about not being able to find users or resolve hosts. >> pam_succeed_if for instance can no longer find users not local to the >> machine. >> >> Has anyone else encountered anything like this with the recent update? >> >> Thanks, >> John >> >> _______________________________________________ >> rhelv6-list mailing list >> rhelv6-list at redhat.com >> https://www.redhat.com/mailman/listinfo/rhelv6-list > > I haven't but I've got kerberos auth over here. Any chance for > replication steps? I'd love some ssh logs! > > Pat > > My test seems to be working fine: $ ssh -v XXXXXXXXXXXXXXXXXXXXXXXXXXX OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to XXXXXXXXXXXXXXXXXXXXXXXXXXXx port 22. debug1: Connection established. debug1: identity file /home/riehecky/.ssh/identity type -1 debug1: identity file /home/riehecky/.ssh/id_rsa type -1 debug1: identity file /home/riehecky/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3p2 debug1: Offering GSSAPI proposal: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-gex-sha1-92scGTGZyysGniM+s/4xLA==,gss-group1-sha1-92scGTGZyysGniM+s/4xLA== debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: Doing group exchange debug1: Calling gss_init_sec_context debug1: Delegating credentials debug1: Received GSSAPI_COMPLETE debug1: Calling gss_init_sec_context debug1: Delegating credentials debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic debug1: Next authentication method: gssapi-keyex debug1: Authentication succeeded (gssapi-keyex). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Requesting X11 forwarding with authentication spoofing. In case this is helpful....... -- Pat Riehecky Scientific Linux Developer From inode0 at gmail.com Fri Jul 20 22:37:57 2012 From: inode0 at gmail.com (inode0) Date: Fri, 20 Jul 2012 17:37:57 -0500 Subject: [rhelv6-list] New glibc and kerberos auth breakage?! In-Reply-To: <50087BF2.1020701@fnal.gov> References: <50087416.1010309@fnal.gov> <50087BF2.1020701@fnal.gov> Message-ID: On Thu, Jul 19, 2012 at 4:28 PM, Pat Riehecky wrote: > On 07/19/2012 03:54 PM, Pat Riehecky wrote: > In case this is helpful....... Pat, Thanks for looking. I'm pretty sure this is hesiod resolution failure in glibc. The resolver has also broken other things it seems now. https://bugzilla.redhat.com/show_bug.cgi?id=841787 John From gianluca.cecchi at gmail.com Mon Jul 23 16:06:05 2012 From: gianluca.cecchi at gmail.com (Gianluca Cecchi) Date: Mon, 23 Jul 2012 18:06:05 +0200 Subject: [rhelv6-list] virtio-scsi disks on rhel 6.3? Message-ID: Hello, virtio-scsi support is claimed as a tech preview in rh el 6.3 release notes. But walking through them and tech notes I don't find any "official" way of using/testing it. In virt-manager I don't find any option... And also on rhn I don't find any reference in kb or tech briefs. Is it supposed to be used only with "virsh edit"? What is the syntax to use in respect with fedora17 based virtualization hosts for example? Thanks in advance, Gianluca From manfroni at mat.uniroma3.it Tue Jul 24 12:29:27 2012 From: manfroni at mat.uniroma3.it (Tiziana Manfroni) Date: Tue, 24 Jul 2012 14:29:27 +0200 (CEST) Subject: [rhelv6-list] NFS no traslate UID,GID Message-ID: Hi, I haxe a NFS server with NIS on RHEL6.3. When the client mounts a directory the system doesn't traslate UID e GID but uses nobody. On server The /etc/exports : /users 192.168.114.101(rw,sync) /etc/default/nfs-common NEED_IDMAPD=yes /etc/idmapd.conf Domain = domainserver Nobody-User = nfsnobody Nobody-Group = nfsnobody Method = nsswitch /etc/nsswitch passwd: files nis group: files nis The file /etc/fstab on client is serverNFS:/users /users nfs4 rw,bg,intr,soft,sec=sys 0 0 but ls -la /users drwx------ 28 nobody nobody 4096 23 lug 17:24 utente How can I resolve this problem? Thanks Tiziana ____________________________________________________ ____ / / \ Tiziana Manfroni / / /\ \ Dipartimento di Matematica / / /\ \ \ Universita' Roma Tre / /_/__\ \ \ tel : 0657338237 /________\ \ \ fax : 0657338080 .___________\/ e-mail : manfroni at mat.uniroma3.it ____________________________________________________ -- users mailing list users at lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org From i.mortimer at uq.edu.au Wed Jul 25 02:09:17 2012 From: i.mortimer at uq.edu.au (Ian Mortimer) Date: Wed, 25 Jul 2012 02:09:17 +0000 Subject: [rhelv6-list] NFS no traslate UID,GID In-Reply-To: References: Message-ID: <1343182157.5135.4.camel@sciit-infra-003.staff.science.uq.edu.au> On Tue, 2012-07-24 at 14:29 +0200, Tiziana Manfroni wrote: > Hi, I haxe a NFS server with NIS on RHEL6.3. When the client mounts a directory > the system doesn't traslate UID e GID but uses nobody. Is rpcidmapd running? If it is: umount _the_nfs_share_ service rpcidmapd restart mount _the_nfs_share_ If it's not running: umount _the_nfs_share_ service rpcidmapd start chkconfig rpcidmapd on mount _the_nfs_share_ -- Ian From afeldt at ou.edu Wed Jul 25 13:39:41 2012 From: afeldt at ou.edu (Feldt, Andrew N.) Date: Wed, 25 Jul 2012 13:39:41 +0000 Subject: [rhelv6-list] NFS no traslate UID,GID In-Reply-To: <1343182157.5135.4.camel@sciit-infra-003.staff.science.uq.edu.au> References: <1343182157.5135.4.camel@sciit-infra-003.staff.science.uq.edu.au> Message-ID: <8ED5B741-E739-49FC-99BA-B5FE6FD1D441@ou.edu> On Jul 24, 2012, at 9:09 PM, Ian Mortimer wrote: > On Tue, 2012-07-24 at 14:29 +0200, Tiziana Manfroni wrote: > >> Hi, I haxe a NFS server with NIS on RHEL6.3. When the client mounts a directory >> the system doesn't traslate UID e GID but uses nobody. > > Is rpcidmapd running? > > If it is: > > umount _the_nfs_share_ > service rpcidmapd restart > mount _the_nfs_share_ > > If it's not running: > > umount _the_nfs_share_ > service rpcidmapd start > chkconfig rpcidmapd on > mount _the_nfs_share_ > > -- > Ian Note that this is due to the fact that NFS mounts are done before ypbind is started. And, rpcidmapd now caches its results, so the translation to 'nobody' remains even after ypbind is started. I consider this a bug that will have to be addressed (maybe by starting ypbind before NFS mounts?) so that NFSv4 mounts can truly function in an NIS environment. Andy From chris at flamengro.co.za Thu Jul 26 09:18:06 2012 From: chris at flamengro.co.za (Chris) Date: Thu, 26 Jul 2012 11:18:06 +0200 Subject: [rhelv6-list] Openldap Problem Message-ID: <50110B4E.5050000@flamengro.co.za> Hi. I am using rhel 6.3, with sssd-1.8.0 and openldap-servers-2.4.23-26, the kernel is 2.6.32-279.2.1.el6.x86_64. The problem I'm having is I get this error message in messages file. "sssd[be[default]]: Could not start TLS encryption. TLS error -5938:Encountered end of file" Errors I saw in sssd_default.log When I add new users I cannot log in with the new names, a ldapseach shows them but getent passwd nothing. Not all the users show up on my other machines, only some. Any help will be appreciated. My slapd.conf file looks like this. /include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args database bdb suffix "dc=flamengro,dc=com" checkpoint 1024 15 rootdn "cn=Manager,dc=flamengro,dc=com" rootpw secret directory /var/lib/ldap/flamengro index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub database monitoraccess to * by dn.exact="cn=Manager,dc=flamengro,dc=com" read by * none access to attrs=userPassword,shadowLastChange by anonymous auth by self write by * none/ My sssd.conf file looks like this / [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam domains = default [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [domain/default] auth_provider = ldap cache_credentials = True ldap_id_use_start_tls = True debug_level = 9 ldap_search_base = dc=flamengro,dc=com # krb5_realm = EXAMPLE.COM chpass_provider = ldap id_provider = ldap ldap_uri = ldap://ibm-01.flamengro.co.za # krb5_kdcip = kerberos.example.com ldap_tls_cacertdir = /etc/openldap/cacerts enumerate = True ldap_sasl_canonicalize = true # krb5_server = kerberos.example.com / -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: chris.vcf Type: text/x-vcard Size: 183 bytes Desc: not available URL: From solarflow99 at gmail.com Thu Jul 26 13:46:53 2012 From: solarflow99 at gmail.com (solarflow99) Date: Thu, 26 Jul 2012 09:46:53 -0400 Subject: [rhelv6-list] Openldap Problem In-Reply-To: <50110B4E.5050000@flamengro.co.za> References: <50110B4E.5050000@flamengro.co.za> Message-ID: I can just say I had much better luck with 389, i found it a clean and easy solution for a production system. On Thu, Jul 26, 2012 at 5:18 AM, Chris wrote: > Hi. > > I am using rhel 6.3, with sssd-1.8.0 and openldap-servers-2.4.23-26, the > kernel is 2.6.32-279.2.1.el6.x86_64. > The problem I'm having is I get this error message in messages file. > > "sssd[be[default]]: Could not start TLS encryption. TLS error > -5938:Encountered end of file" > Errors I saw in sssd_default.log > > When I add new users I cannot log in with the new names, a ldapseach shows > them but getent passwd nothing. > Not all the users show up on my other machines, only some. > > Any help will be appreciated. > > > My slapd.conf file looks like this. > > include /etc/openldap/schema/corba.schema > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/duaconf.schema > include /etc/openldap/schema/dyngroup.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/java.schema > include /etc/openldap/schema/misc.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/openldap.schema > include /etc/openldap/schema/ppolicy.schema > include /etc/openldap/schema/collective.schema > > allow bind_v2 > > pidfile /var/run/openldap/slapd.pid > argsfile /var/run/openldap/slapd.args > > database bdb > suffix "dc=flamengro,dc=com" > checkpoint 1024 15 > rootdn "cn=Manager,dc=flamengro,dc=com" > > rootpw secret > > directory /var/lib/ldap/flamengro > > index objectClass eq,pres > index ou,cn,mail,surname,givenname eq,pres,sub > index uidNumber,gidNumber,loginShell eq,pres > index uid,memberUid eq,pres,sub > index nisMapName,nisMapEntry eq,pres,sub > > database monitoraccess to * > by dn.exact="cn=Manager,dc=flamengro,dc=com" read > by * none > access to attrs=userPassword,shadowLastChange > by anonymous auth > by self write > by * none > > My sssd.conf file looks like this > > [sssd] > config_file_version = 2 > > reconnection_retries = 3 > > sbus_timeout = 30 > services = nss, pam > > domains = default > > [nss] > filter_groups = root > filter_users = root > reconnection_retries = 3 > > [pam] > reconnection_retries = 3 > > [domain/default] > auth_provider = ldap > cache_credentials = True > ldap_id_use_start_tls = True > debug_level = 9 > ldap_search_base = dc=flamengro,dc=com > # krb5_realm = EXAMPLE.COM > chpass_provider = ldap > id_provider = ldap > ldap_uri = ldap://ibm-01.flamengro.co.za > # krb5_kdcip = kerberos.example.com > ldap_tls_cacertdir = /etc/openldap/cacerts > enumerate = True > ldap_sasl_canonicalize = true > # krb5_server = kerberos.example.com > > > > > > > > > > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list > From matthias at saou.eu Thu Jul 26 14:42:12 2012 From: matthias at saou.eu (Matthias Saou) Date: Thu, 26 Jul 2012 16:42:12 +0200 Subject: [rhelv6-list] Openldap Problem In-Reply-To: References: <50110B4E.5050000@flamengro.co.za> Message-ID: <20120726164212.3fac6117@r2d2.marmotte.net> I'd top that by adding that I've recently implemented a solution with the latest IPA provided in RHEL 6.3, and it's amazing. It uses 389 behind the scene, but bundles it with Kerberos and many other useful features, and also abstracts the SSSD configuration away by default. See : http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html Matthias On Thu, 26 Jul 2012 09:46:53 -0400 solarflow99 wrote: > I can just say I had much better luck with 389, i found it a clean and > easy solution for a production system. > > > > On Thu, Jul 26, 2012 at 5:18 AM, Chris wrote: > > Hi. > > > > I am using rhel 6.3, with sssd-1.8.0 and > > openldap-servers-2.4.23-26, the kernel is 2.6.32-279.2.1.el6.x86_64. > > The problem I'm having is I get this error message in messages file. > > > > "sssd[be[default]]: Could not start TLS encryption. TLS error > > -5938:Encountered end of file" > > Errors I saw in sssd_default.log > > > > When I add new users I cannot log in with the new names, a > > ldapseach shows them but getent passwd nothing. > > Not all the users show up on my other machines, only some. > > > > Any help will be appreciated. > > > > > > My slapd.conf file looks like this. > > > > include /etc/openldap/schema/corba.schema > > include /etc/openldap/schema/core.schema > > include /etc/openldap/schema/cosine.schema > > include /etc/openldap/schema/duaconf.schema > > include /etc/openldap/schema/dyngroup.schema > > include /etc/openldap/schema/inetorgperson.schema > > include /etc/openldap/schema/java.schema > > include /etc/openldap/schema/misc.schema > > include /etc/openldap/schema/nis.schema > > include /etc/openldap/schema/openldap.schema > > include /etc/openldap/schema/ppolicy.schema > > include /etc/openldap/schema/collective.schema > > > > allow bind_v2 > > > > pidfile /var/run/openldap/slapd.pid > > argsfile /var/run/openldap/slapd.args > > > > database bdb > > suffix "dc=flamengro,dc=com" > > checkpoint 1024 15 > > rootdn "cn=Manager,dc=flamengro,dc=com" > > > > rootpw secret > > > > directory /var/lib/ldap/flamengro > > > > index objectClass eq,pres > > index ou,cn,mail,surname,givenname eq,pres,sub > > index uidNumber,gidNumber,loginShell eq,pres > > index uid,memberUid eq,pres,sub > > index nisMapName,nisMapEntry eq,pres,sub > > > > database monitoraccess to * > > by dn.exact="cn=Manager,dc=flamengro,dc=com" read > > by * none > > access to attrs=userPassword,shadowLastChange > > by anonymous auth > > by self write > > by * none > > > > My sssd.conf file looks like this > > > > [sssd] > > config_file_version = 2 > > > > reconnection_retries = 3 > > > > sbus_timeout = 30 > > services = nss, pam > > > > domains = default > > > > [nss] > > filter_groups = root > > filter_users = root > > reconnection_retries = 3 > > > > [pam] > > reconnection_retries = 3 > > > > [domain/default] > > auth_provider = ldap > > cache_credentials = True > > ldap_id_use_start_tls = True > > debug_level = 9 > > ldap_search_base = dc=flamengro,dc=com > > # krb5_realm = EXAMPLE.COM > > chpass_provider = ldap > > id_provider = ldap > > ldap_uri = ldap://ibm-01.flamengro.co.za > > # krb5_kdcip = kerberos.example.com > > ldap_tls_cacertdir = /etc/openldap/cacerts > > enumerate = True > > ldap_sasl_canonicalize = true > > # krb5_server = kerberos.example.com > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > rhelv6-list mailing list > > rhelv6-list at redhat.com > > https://www.redhat.com/mailman/listinfo/rhelv6-list > > > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list -- Matthias Saou ?? ?? ?? ?? Web: http://matthias.saou.eu/ ?????????????? Mail/XMPP: matthias at saou.eu ???? ?????? ???? ?????????????????????? GPG: 4096R/E755CC63 ?? ?????????????? ?? 8D91 7E2E F048 9C9C 46AF ?? ?? ?? ?? 21A9 7A51 7B82 E755 CC63 ???? ???? From derek at umiacs.umd.edu Fri Jul 27 00:26:41 2012 From: derek at umiacs.umd.edu (Derek Yarnell) Date: Thu, 26 Jul 2012 20:26:41 -0400 Subject: [rhelv6-list] Openldap Problem In-Reply-To: <50110B4E.5050000@flamengro.co.za> References: <50110B4E.5050000@flamengro.co.za> Message-ID: <5011E041.8060804@umiacs.umd.edu> Hi Chris, You seem to not be setting any TLS settings in your slapd. Are you also starting it with "-h ldaps:///"? Also if so can you do a ldapsearch with the -ZZ option which will ensure TLS starts? eg. in slapd.conf # ssl TLSCipherSuite HIGH TLSCertificateFile /etc/openldap/certs/slapd-cert.pem TLSCertificateKeyFile /etc/openldap/certs/slapd-key.pem TLSVerifyClient never TLSCACertificateFile /etc/openldap/certs/ca-cert.pem Thanks, derek On 7/26/12 5:18 AM, Chris wrote: > Hi. > > I am using rhel 6.3, with sssd-1.8.0 and openldap-servers-2.4.23-26, the > kernel is 2.6.32-279.2.1.el6.x86_64. > The problem I'm having is I get this error message in messages file. > > "sssd[be[default]]: Could not start TLS encryption. TLS error > -5938:Encountered end of file" > Errors I saw in sssd_default.log > > When I add new users I cannot log in with the new names, a ldapseach > shows them but getent passwd nothing. > Not all the users show up on my other machines, only some. > > Any help will be appreciated. > > > My slapd.conf file looks like this. > > /include /etc/openldap/schema/corba.schema > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/duaconf.schema > include /etc/openldap/schema/dyngroup.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/java.schema > include /etc/openldap/schema/misc.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/openldap.schema > include /etc/openldap/schema/ppolicy.schema > include /etc/openldap/schema/collective.schema > > allow bind_v2 > > pidfile /var/run/openldap/slapd.pid > argsfile /var/run/openldap/slapd.args > > database bdb > suffix "dc=flamengro,dc=com" > checkpoint 1024 15 > rootdn "cn=Manager,dc=flamengro,dc=com" > > rootpw secret > > directory /var/lib/ldap/flamengro > > index objectClass eq,pres > index ou,cn,mail,surname,givenname eq,pres,sub > index uidNumber,gidNumber,loginShell eq,pres > index uid,memberUid eq,pres,sub > index nisMapName,nisMapEntry eq,pres,sub > > database monitoraccess to * > by dn.exact="cn=Manager,dc=flamengro,dc=com" read > by * none > access to attrs=userPassword,shadowLastChange > by anonymous auth > by self write > by * none/ > > My sssd.conf file looks like this > / > [sssd] > config_file_version = 2 > > reconnection_retries = 3 > > sbus_timeout = 30 > services = nss, pam > > domains = default > > [nss] > filter_groups = root > filter_users = root > reconnection_retries = 3 > > [pam] > reconnection_retries = 3 > > [domain/default] > auth_provider = ldap > cache_credentials = True > ldap_id_use_start_tls = True > debug_level = 9 > ldap_search_base = dc=flamengro,dc=com > # krb5_realm = EXAMPLE.COM > chpass_provider = ldap > id_provider = ldap > ldap_uri = ldap://ibm-01.flamengro.co.za > # krb5_kdcip = kerberos.example.com > ldap_tls_cacertdir = /etc/openldap/cacerts > enumerate = True > ldap_sasl_canonicalize = true > # krb5_server = kerberos.example.com > > > > / > > > > > > > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list > -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies From stan.hearn at nscorp.com Fri Jul 27 13:48:11 2012 From: stan.hearn at nscorp.com (Hearn, Stan J.) Date: Fri, 27 Jul 2012 09:48:11 -0400 Subject: [rhelv6-list] How do you know when a reboot is required after yum update? In-Reply-To: References: Message-ID: My Package Updater (PUP) in Centos 5 somehow knows when a reboot is needed after an update. How does it know? My concern is that we have systems that appear in satellite to be up-to-date. But if they were never rebooted after an update, they really aren't. I see this question asked frequently, however I've not found the answer. Thanks, Stan From greg at nytefyre.net Fri Jul 27 13:58:07 2012 From: greg at nytefyre.net (Greg Swift) Date: Fri, 27 Jul 2012 08:58:07 -0500 Subject: [rhelv6-list] How do you know when a reboot is required after yum update? In-Reply-To: References: Message-ID: On Fri, Jul 27, 2012 at 8:48 AM, Hearn, Stan J. wrote: > My Package Updater (PUP) in Centos 5 somehow knows when a reboot is needed after an update. > > How does it know? > > My concern is that we have systems that appear in satellite to be up-to-date. But if they were never rebooted after an update, they really aren't. > > I see this question asked frequently, however I've not found the answer. I recently read some discussion on this.... http://fedoraproject.org/wiki/Features/OfflineSystemUpdates http://fedoraproject.org/wiki/Talk:Features/OfflineSystemUpdates From haiwu.us at gmail.com Tue Jul 31 05:37:18 2012 From: haiwu.us at gmail.com (hai wu) Date: Tue, 31 Jul 2012 00:37:18 -0500 Subject: [rhelv6-list] cgroup memory controller overhead Message-ID: If only enabling cgroup memory controller in RHEL6.3, in general, how much performance overhead would that cause? From jfevans1 at aep.com Tue Jul 31 16:30:53 2012 From: jfevans1 at aep.com (jfevans1 at aep.com) Date: Tue, 31 Jul 2012 12:30:53 -0400 Subject: [rhelv6-list] Jeffrey F Evans/OR1/AEPIN is out of the office. Message-ID: I will be out of the office starting 07/30/2012 and will not return until 08/06/2012. For Barco Display Wall questions, contact Jim Thompson or Murali Cheruvu. For Xymon or SupportWeb questions, contact Bill Gorder. For SharePoint/Documentum questions, contact Darrel Grumman. For Linux system questions, contact Rick Bloom. For Change Management, Fingerprinting, or Remedy questions, contact Margaret Wilson or Shawn Null. For PI questions, contact Kalle Chan.