Nathan Duehr | 23 Apr 23:19 2014

Ulimit problem - CentOS 5.10

Running across some curious stuff with ulimit on CentOS 5.10.

We have a non CentOS packaged version of Asterisk (using their packages) that we start at boot time with a
typical RC script.

Recently it started whining that it couldn't open enough file handles.

As we dug further into this, it appears that at boot time, it inherits ulimit from init, which is pretty low:
1024.  

We've set /etc/security/limits.conf and sysctl significantly higher both for root/system wide and also
for the user Asterisk runs under, to no avail.

If we log in via ssh as root (or sudo) the correct root/system-wide ulimit of 8192 is set.

Looking in /proc/[PID]/limits shows the lower ulimit only if the package is started from init (standard
rc3.d type sysV stuff...).  If we restart it via console, remote ssh, anything else, the limit bumps to 8196.

Attempting to force the ulimit up inside the RC script has no effect, since the package is running as a
non-root user.  It fails to raise the limit.

Right now, we're not totally against just taking it out of the startup and starting it manually anyway,
since we really don't want the Asterisk platform coming up after a crash/reboot anyway, and any other
reboots there will always be a human involved, but the way init is handling ulimit seems utterly retarded
and broken.

Some indication (different engineer found it, I haven't seen the RHEL case number) appears to indicate
that folks wanted init ulimited heavily in case of startup DDoS type stuff, but we haven't figured out a
semi-sane unix-conventional type way AROUND this when it's needed that if we were hit by the proverbial
bus, a "normal" unix guy would find. 
(Continue reading)

James B. Byrne | 23 Apr 19:51 2014
Picon

SELInux and POSTFIX


Installed Packages
Name        : postfix
Arch        : x86_64
Epoch       : 2
Version     : 2.6.6
Release     : 6.el6_5
Size        : 9.7 M
Repo        : installed
>From repo   : updates

I am seeing several of these in our maillog file after a restart of the
Postfix service:

Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing
/usr/libexec/postfix/smtp from 'read, write' accesses on the file 546AA6099F.
For complete SELinux messages. run sealert -l
b95663bb-12ce-4f34-9537-dd88a41359e5

 sealert -l b95663bb-12ce-4f34-9537-dd88a41359e5
SELinux is preventing /usr/libexec/postfix/smtp from 'read, write' accesses on
the file 546AA6099F.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that smtp should be allowed read write access on the 546AA6099F
file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
(Continue reading)

James B. Byrne | 23 Apr 14:49 2014
Picon

Re: Samba4 questions


On Tue, April 22, 2014 15:02, John R Pierce wrote:
>
> In Microsoft's Active Directory, you put users and systems in "OU"
> (Organizational Units), and each OU can have group policies and those
> policies can specify login scripts, these can do things like map network
> drives for users.   Presumably, Samba's implementation of AD offers a
> similar facility, but I don't think the domain management tools in Samba
> are anywhere near as well integrated or full featured as what you get
> with a Windows Server system.

>From what I have read on the subject the recommended path for Samba4
management is to install MicroSoft's Remote Server Administration Tools for
Windows X package, where X is whatever version of MS-Windows you run as a
domain member workstation client.  Earlier forms of the software were called
Windows Server Y Administrative Tools Pack where Y refers to the server
version (2000, 2003, etc.)

--

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB@...
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3
James B. Byrne | 23 Apr 14:41 2014
Picon

Re: Yum cannot download from local repository


On Tue, April 22, 2014 13:54, Phoenix, Merka wrote:

>
> Your local file-based repo area is missing the 'mod_ssl' RPM that 'httpd'
> depends on (and has requested that be updated). Because you have excluded all
> the other repos where the 'mod_ssl' might be found (or perhaps they do not
> have the required version matching your httpd packages), the update fails
> because the dependenc(y)s cannot be downloaded.
>

Because of the size of the listing I did not show the entire contents of the
local repo.  However, mod_ssl is indeed present:

ll /root/RPMS/repos/Packages
total 39856
-rw-rw-r--. 1 root root    92768 Apr 21 16:15 apr-1.5.0-1.el6.x86_64.rpm
-rw-rw-r--. 1 root root   413768 Apr 21 16:15
apr-debuginfo-1.5.0-1.el6.x86_64.rpm
-rw-rw-r--. 1 root root   825424 Apr 21 16:15 apr-devel-1.5.0-1.el6.x86_64.rpm
-rw-rw-r--. 1 root root    77588 Apr 21 16:15 apr-util-1.5.3-1.el6.x86_64.rpm
-rw-rw-r--. 1 root root     7136 Apr 21 16:15 apr-util-dbm-1.5.3-1.el6.x86_64.rpm
-rw-rw-r--. 1 root root   433748 Apr 21 16:15
apr-util-debuginfo-1.5.3-1.el6.x86_64.rpm
-rw-rw-r--. 1 root root   489160 Apr 21 16:15
apr-util-devel-1.5.3-1.el6.x86_64.rpm
-rw-rw-r--. 1 root root    12216 Apr 21 16:15
apr-util-freetds-1.5.3-1.el6.x86_64.rpm
-rw-rw-r--. 1 root root     9068 Apr 21 16:15
apr-util-ldap-1.5.3-1.el6.x86_64.rpm
(Continue reading)

centos | 23 Apr 14:00 2014

CentOS-announce Digest, Vol 110, Issue 10

Send CentOS-announce mailing list submissions to
	centos-announce@...

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
	centos-announce-request@...

You can reach the person managing the list at
	centos-announce-owner@...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."

Today's Topics:

   1. CEBA-2014:0418  CentOS 6 mod_perl Update (Johnny Hughes)
   2. CESA-2014:0420 Moderate CentOS 6 qemu-kvm Update (Johnny Hughes)

----------------------------------------------------------------------

Message: 1
Date: Tue, 22 Apr 2014 12:51:09 +0000
From: Johnny Hughes <johnny@...>
Subject: [CentOS-announce] CEBA-2014:0418  CentOS 6 mod_perl Update
To: centos-announce@...
Message-ID: <20140422125109.GA1429@...>
Content-Type: text/plain; charset=us-ascii

CentOS Errata and Bugfix Advisory 2014:0418 
(Continue reading)

Chris Pemberton | 22 Apr 16:16 2014
Picon

Module building and signing

In order to get "Beats Audio" (2.1 channel sound) working on my HP 
k025dx laptop running CentOS 6.5, I need to re-assign some of the pins 
on the Intel HDA soundcard - model 92HD91BXX.  This is trivial in newer 
distros for two reasons:

1. the 'hda-jack-retask' application compiles and runs on newer distros
2.  the snd-hda-intel modules on newer distros are compiled with 
CONFIG_SND_HDA_RECONFIG=y

Even if I could get 'hda-jack-retask' to compile, I'd still need the 
module built with CONFIG_SND_HDA_RECONFIG=y.

So I followed the 2 wiki articles to install full kernel sources and I 
re-compiled the module.

When loading the new module, I get the following error:

FATAL: Error inserting snd_hda_intel 
(/lib/modules/2.6.32-431.11.2.el6.x86_64/extra/snd-hda-intel.ko): 
Invalid module format

I run 'file' on the new and original modules and they seem identical:

/lib/modules/2.6.32-431.11.2.el6.x86_64/extra/snd-hda-intel.ko: ELF 
64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped

/lib/modules/2.6.32-431.11.2.el6.x86_64/kernel/sound/pci/hda/snd-hda-intel.ko: 
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped

My next attempt was to compile an entire kernel, and then copy the new 
(Continue reading)

Alain Péan | 22 Apr 22:18 2014
Picon

Re: Samba4 questions

Le 22/04/2014 22:14, Reindl Harald a écrit :
>>> not perhaps, for sure
>>> >>
>>> >>samba-4.1.0-3.el7.x86_64
>>> >>samba-client-4.1.0-3.el7.x86_64
>>> >>samba-common-4.1.0-3.el7.x86_64
>>> >>samba-libs-4.1.0-3.el7.x86_64
>>> >>
>> >
>> >I notice it is "samba-common-4....", so samba 4 will be the default in RHEL 7, not samba 3.6.x?
> samba 3.x is dead
> Fedora did the swicth to 4.x long ago
> RHEL7 is based on Fedora 19 / Fedora 20
>

Thanks for the information. Samba 4 domains are a very different beast 
than samba 3.x ones (NT4 style). A samba 4 (AD style) includes its own 
DNS, its own LDAP etc...

Alain
Michael Hennebry | 22 Apr 22:08 2014
Picon
Picon

[OT] how do I remove a battery

I've got an MSI K9N Platinum MS 7250 VER 1.1
motherboard with a dead battery.
The battery mounts vertically: 
http://www.cs.ndsu.nodak.edu/~hennebry/computer/battery.png
To me, the tab on the right would seem to need moving.
It does not want to move.
I am reluctant to apply any more force than I
already have without knowing how to apply it.

How do I remove the battery?

--

-- 
Michael   hennebry@...
"SCSI is NOT magic. There are *fundamental technical
reasons* why it is necessary to sacrifice a young
goat to your SCSI chain now and then."   --   John Woods
Alain Péan | 22 Apr 22:06 2014
Picon

Re: Samba4 questions

Le 22/04/2014 21:54, Reindl Harald a écrit :
>> I think you should wait for RHEL 7 (and then CentOS 7), which will be
>> >released soon (June ?). Perhaps, it well include samba4 without anything
>> >to build from source
> not perhaps, for sure
>
> samba-4.1.0-3.el7.x86_64
> samba-client-4.1.0-3.el7.x86_64
> samba-common-4.1.0-3.el7.x86_64
> samba-libs-4.1.0-3.el7.x86_64
>

I notice it is "samba-common-4....", so samba 4 will be the default in 
RHEL 7, not samba 3.6.x ?

Alain
Barbara Krasovec | 22 Apr 10:15 2014
Picon

nfs question

Hello!

We have central ldap for users, idmapd.conf configured on every machine 
and users' home folders on nfs, mounted by automount on several machines.

After the last OS upgrade we notice that permissions on some files (not 
for all users) are corrupted:

For example:
-rw-r--r--    1 4294967294 4294967294    45 Nov 11 21:20 hostlist
drwx------    2 4294967294 4294967294  4096 Jun 27  2012 .ssh
-rw-r--r--    1 4294967294 4294967294     0 Aug 28  2013 test
-rw-r--r--    1 4294967294 4294967294    53 Jan  6 12:44 test.sh

instead of:
-rw-r--r--    1 ops001 ops     45 Nov 11 21:20 hostlist
drwx------    2 ops001 ops   4096 Jun 27  2012 .ssh
-rw-r--r--    1 ops001 ops      0 Aug 28  2013 test
-rw-r--r--    1 ops001 ops     53 Jan  6 12:44 test.sh

Kernel used: 2.6.32-431.11.2.el6.x86_64
Nfs version: nfs-utils-1.2.3-39.el6.x86_64

User/group mapping works fine.
Same behaviour appears when I mount the home folder manually.

Any ideas?
Thanks,
Barbara
(Continue reading)

James B. Byrne | 22 Apr 02:27 2014
Picon

Yum cannot download from local repository

I have set up a local filesystem repo thus:

# cat /etc/yum.repos.d/LocalFiles.repo
# LocalFiles.repo
#
# This repo is used with rpms contained in a local filesystem repo
#  created with createrepo. You can use this repo and yum to install
#  items directly off the local disk.
#
# To use this repo with the other repos:
#  yum --enablerepo=localfiles yum --nogpgcheck <yum command>
#
# or to  ONLY this repo, do this:
#
#  yum --disablerepo=\* --enablerepo=localfiles <yum command>

[localfiles]
name=CentOS-$releasever - Local Files
baseurl=file:///root/RPMS/repos/
enabled=0
gpgcheck=0

In /root/RPMS/repos/ I have this:

ll /root/RPMS/repos/
total 8
drwxr-xr-x. 2 root root 4096 Apr 21 16:17 Packages
drwxr-xr-x. 2 root root 4096 Apr 21 15:57 repodata

And in /root/RPMS/repos/Packages I have this:
(Continue reading)


Gmane