Nux!: Entries Tagged centos

Entries tagged "centos".

I/O stats for Centos

29th August 2010

! Edit 12.04.2011 - RHEL/Centos 5.6 finally brings support for iotop. 
You should be able to find an RPM package in EPEL.

Today someone asked me on #centos how he can see what's using so much I/O on the system. Without thinking I replied "iotop", but a google search turned out there is no iotop for Centos 5.

Solution? Too easy!

If you have the RPMforge repo active on your system then just:

yum install dstat

otherwise:

wget http://download.srv.ro/pub/dag/redhat/el5/en/x86_64/extras/RPMS/dstat-0.7.2-1.el5.rfx.noarch.rpm; \
yum localinstall --nogpgcheck ./dstat-*.rpm

After the installation running `dstat -d --top-bio --top-io` will reveal some nice information.

It's important to install dstat from RPMForge and not EPEL or Centos Base, as you will otherwise get a package that is too old and lacking the necessary plugins.

dstat running:

Tags: centos, dstat, io, linux. | No comments

Avoid cp overwrite confirmation

2nd September 2010

Tonight I have to copy and partially overwrite a lot of data on a Centos 5 system and encountered a little problem.
The "cp" command turned out to be a PITA as it was asking me for confirmation each and every time a file was to be overwritten.
Why is this happening? Because RedHat/Centos guys have added the following alias in bash conf files:

alias cp='cp -i'

-i means interactive, or in more words: "prompt before overwrite (overrides a previous -n option)".
The solution to this safe but annoying alias (in this case) is to `unalias` it or just ignore it by prefixing the command with a \.

\cp -a /home/xyz/* /home/zyx/

No more annoying confirmations, now I can go to bed. ZzzZz.

Tags: centos, cp, linux. | No comments

Linux Raid - replacing a physical device

2nd September 2010

Right now I'm dealing with a broken linux raid 1 in which both physical drives are reporting lots of bad blocks.
I have chosen the drive that exhibited the least problems and I'm having it cloned with dd_rescue on to a new one from a SysRescCD Live CD

dd_rescue /dev/old-b0rk3d-drive /dev/new-clone-drive

It's a good idea to run the above in a screen, especially if you're doing this via the internet.
Once the cloning is completed I simply put the new drive in the original server and expect it to boot - with a degraded but working raid.
In the next step I add a new empty drive, with a similar size (500 GB in my case) and clone the partition table with sfdisk:

sfdisk -d /dev/existing-drive | sfdisk /dev/new-empty-drive

Use `fdisk -l` before and after the partition cloning to be sure you're doing the right thing.
Once we have an identical partition table on both drives we can start adding partitions from the new drive to our linux raid. Assuming the cloned drive is sda and the new drive is sdb, our md setup should loook like this:

root@sysresccd /root % cat /proc/mdstat 
Personalities : [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] 
md3 : active raid1 sda6[1]
      297780736 blocks [2/1] [U_]
      
md1 : active raid1 sda3[1]
      4192896 blocks [2/1] [U_]
      
md2 : active raid1 sda2[1]
      153597376 blocks [2/1] [U_]
      
md0 : active raid1 sda1[1]
      30716160 blocks [2/1] [U_]

And now let's add partitions to our raid layout:

mdadm /dev/md0 --add /dev/sdb1
mdadm /dev/md1 --add /dev/sdb3
mdadm /dev/md2 --add /dev/sdb2
mdadm /dev/md3 --add /dev/sdb6

And that's that, now we can see the raid resync'ing:

cat /proc/mdstat

We're not finished yet!
As this drive (and therefore its clone as well) was secondary (sdb) on the original system I expect problems with grub.
By default, when installing on to a linux raid Centos/Anaconda only installs grub on the first drive (sda in this case) and therefore my drive being sdb will lack this in its MBR.
If this is the case, we won't be able to boot at all from the cloned hdd, so we need to boot again from the Live CD, mount the linux raid from it and then chroot in to the OS and do the grub magic from there.
Assuming everything works nicely form the Live CD and the md devices are properly mounted under /mnt we can start:

export SHELL=/bin/bash
chroot /mnt/clone
#grub
grub> find /boot/grub/stage1
 (hd0,0)
 (hd1,0)
grub> root (hd0,0)
 Filesystem type is ext2fs, partition type 0xfd

grub> setup (hd0)
 Checking if "/boot/grub/stage1" exists... yes
 Checking if "/boot/grub/stage2" exists... yes
 Checking if "/boot/grub/e2fs_stage1_5" exists... yes
 Running "embed /boot/grub/e2fs_stage1_5 (hd0)"...  15 sectors are embedded.
succeeded
 Running "install /boot/grub/stage1 (hd0) (hd0)1+15 p (hd0,0)/boot/grub/stage2 /boot/grub/grub.conf"... succeeded
Done.

grub> root (hd1,0)
 Filesystem type is ext2fs, partition type 0xfd

grub> setup (hd1)
 Checking if "/boot/grub/stage1" exists... yes
 Checking if "/boot/grub/stage2" exists... yes
 Checking if "/boot/grub/e2fs_stage1_5" exists... yes
 Running "embed /boot/grub/e2fs_stage1_5 (hd1)"...  15 sectors are embedded.
succeeded
 Running "install /boot/grub/stage1 (hd1) (hd1)1+15 p (hd1,0)/boot/grub/stage2 /boot/grub/grub.conf"... succeeded
Done.

grub>quit

And we're done now: reboot.
! - Please pay extra attention when doing this kind of operations, it's very easy to format the wrong HDD etc. :-)

Tags: centos, linux, notes, raid. | No comments

Get rid of the orphans in a Centos system

25th September 2010

How to find out orphaned packages in your Centos/RHEL system?

yum install yum-utils
package-cleanup --orphans

`man package-cleanup` for more cool stuff

Tags: centos, linux, rpm, yum. | No comments

Remote Centos 5 installation over VNC

27th September 2010

Remember, remember... no, not the 5th of November, but to use 6+ char passwords for VNC when doing remote Centos installations!

Tags: centos, linux, pxe, vnc. | 1 comment.

RPMs for Courier email suite

29th September 2010

Here's a Centos repo containing RPMs for the Courier suite (imap, mta, authlib etc):
http://dl.nux.ro/rpm/5/courier/
Repo file: http://dl.nux.ro/rpm/nux-courier.repo
The packages have been built directly from the courier tarball, didn't bother to tweak the spec file in any way.
Use them at your own risk etc etc.

Tags: centos, linux, rpm, yum. | No comments

RPMs for the Debian whois client

30th September 2010

Here's another Centos repo containing RPMs for the Debian whois client (jwhois never works!):
http://dl.nux.ro/rpm/5/whois/
Repo file: http://dl.nux.ro/rpm/nux-whois.repo
PS: This should work on Fedora as well.

Tags: centos, debian, linux, rpm, yum. | No comments

Newer kernel for Centos

10th October 2010

Want to try the latest kernel on a Centos server? Although that is highly unadvisable, in the desperate and cataclismic event that you really need it, do not forget to enable CONFIG_SYSFS_DEPRECATED_V2, otherwise you'll end up in a kernel panic.
Thanks Toracat for the tip!

Tags: centos, kernel, linux, notes. | No comments

Centerim fixes and repo

27th October 2010

The centerim.org team finally released a new version of their IM client which fixes the annoying Yahoo disconnection bug that had been plaguing the application for almost 1 year.

There is a known problem with Yahoo connectivity. We believe it is fixed in 4.22.9.49. 
Please test and report back. Thanks.

www.centerim.org
More action can be seen in their bugzilla.
For Centos/RHEL/ScientificLinux users I have started mantaining a repository:

wget http://dl.nux.ro/rpm/nux-centerim.repo -O /etc/yum.repos.d/nux-centerim.repo

(EPEL repo may be required to install some stuff - e.g. gpgme).

PS: Yes, I am aware EPEL includes Centerim, actually my RPM is based on their specfile, but their version is outdated.

Tags: centerim, centos, im, repo, rpm. | No comments

RedHat 6

11th November 2010

Wow! RHEL 6 is out now!!
Thank you RedHat & the Fedora community!
http://press.redhat.com/2010/11/10/red-hat-enterprise-linux-6-a-technical-look-at-red-hats-defining-new-operating-platform/
How does it compare with older RedHat versions? Find out here!
Can't wait to get my hands on Centos 6! Its building has already began!

Tags: centos, redhat, redhat 6. | No comments

ScientificLinux 6

14th November 2010

Apparently the people at CERN & FermiLab have rolled their sleeves, too, as there is already an alpha iso available for download:
ftp://ftp.scientificlinux.org/linux/scientific/6rolling/iso/
For those who don't know, ScientificLinux is Centos' less popular brother (born from the same mother - RedHat), built by and for the people at CERN and FermiLab.
Exciting times!

Tags: centos, redhat, scientificlinux. | No comments

Centos 5 x86_64 OS image for xen domU

21st November 2010

This is my Centos 5 x86_64 domU image. There are many like it on the internet, but this one is mine.
http://dl.nux.ro/xen/domU/

The image contains a rather minimal install of Centos 5, with postfix and ssh started at boot time.The root password is in the cfg file.
Let me know if you need any help or different images (32 bit maybe, I do Centos only).
I will build Centos 6 images as soon as it is released, so stay tuned.

Tags: centos, domu, xen. | No comments

New stuff in RHEL/Centos 5.6

26th November 2010

With some delay I find out that RHEL 5.6 (and consequently Centos 5.6) will have:

  - bind 9.7 - improved DNSsec support
  - PHP 5.3 - support for namespaces
  - ebtables - Ethernet layer firewall
  - dropwatch - network stack packet analysis
  - IPA fonts - Japan JIS X 0213:2004 support
  - sssd - offline credential caching

All good and well, but the PHP upgrade will break a LOT of sites! I really didn't expect this.. I'll have to prepare my arse for a lot of messing around; also shall setup a PHP 5.2 repo for customers. :-(

Tags: bind, centos, php, rhel. | No comments

Elastix on Xen howto

14th January 2011

Elastix is an open source Unified Communications Server software that brings together IP PBX, email, IM, 
faxing and collaboration functionality.
It has a Web interface and includes capabilities such as a Call Center software with predictive dialing.

The Elastix functionality is based on open source projects including Asterisk, HylaFAX, Openfire and Postfix.
Those packages offer the PBX, fax, instant messaging and email functions, respectively.

As presented above (fragment from the wikipedia page), Elastix can be quite useful if you want to run your own PBX.
As it is based on Centos I initially tried to install it the Centos way, but I encountered lots of problems so I ended up using a Linux KVM vm (I'm in love!), tweak that a bit, tar it up and transfer it to a xen dom0.
I have already lost too much time trying to get it installed so I will not comment on this anymore.
I will assume that you will use my Elastix (v2.0.3) xen image and that you also have a working LVM based (Centos) xen dom0. As most things linux there are multiple ways of doing this, this is my way. Let's begin:

- 1 - Let's create 2 LVM volumes for the elastix vps:

lvcreate -L10G -nelastix-root vg0; lvcreate -L1G -nelastix-swap vg0

- 2 - Download and extract the image:

wget http://dl.nux.ro/xen/domU/elastix_32/elastix.tar.bz2; tar xjf elastix.tar.bz2

- 3 - Format the volumes and copy the contents of the tar archive on to the root one:

mkfs.ext3 /dev/vg0/elastix-root
mkswap /dev/vg0/elastix-swap
mkdir /mnt/elastix
mount /dev/vg0/elastix-root /mnt/elastix
cp -a elastix/* /mnt/elastix/
umount /mnt/elastix/

- 4 - Create a xen cfg file for this domU: vi /etc/xen/auto/elastix.cfg

bootloader = "/usr/bin/pygrub"
name = "elastix"
memory = "512"
disk = [ 'phy:/dev/vg0/elastix-root,sda1,w', 'phy:/dev/vg0/elastix-swap,sda2,w' ]
vif = ['vifname=elastix,bridge=xenbr0']
on_poweroff = 'destroy'
on_reboot = 'restart'
on_crash = 'restart'

- 5 - After saving that file start the virtual machine:

xm create -c /etc/xen/auto/elastix.cfg

- 6 - Log in the vm, change the password using the "passwd" command and set up the networking (run "setup" if you don't know which system config files to edit). When asked for a password please input "parola2011" (without the quotes). Please change the root password ASAP!!
- 7 - Visit http://IP_of_VM/ and log in as admin with password parola2011 (change the admin password ASAP!).

Enjoy!

PS: You may want to change some system settings like the keyboard layout (set to uk) and timezone (set to Europe/Bucharest).

Tags: centos, elastix, howto, linux, notes, virt, xen. | No comments

mod_substitute in rhel/centos 5

16th January 2011

Apparently mod_substitute has finally been backported into rhel 5:

Transaction Check Error:
  file /usr/lib64/httpd/modules/mod_substitute.so from install of httpd-2.2.3-43.el5.centos.3.x86_64 conflicts with file from package mod_substitute-2.2.11-1.el5.ld.x86_64

No need for 3rd party repos for this module anymore. Hurray! :-)

Tags: apache, centos, httpd, mod_substitute, rhel. | No comments

No more php53 repo

18th January 2011

As Centos 5.6 and Centos 6 will provide PHP 5.3 shortly, there is no need for my repo so I'm discontinuing that. If you need help migrating to the stock packages let me know.
I will be still packaging PHP 5.2 as there are still cases where this version is needed. For contact use rpm at li.nux.ro

Tags: centos, php, repo, rpm. | No comments

CentOS install over VNC

27th January 2011

Sometimes we need/want to reinstall a remote Centos (or other distro) server. We can either ask the data centre to do it, but this can be costly or we can do it ourselves as long as we still have a functioning system.
The procedure to install Centos (same for RHEL and Fedora) is amazingly simple, the only thing we need is a barely functional system with grub and good connectivity.
My main source of inspiration for this article was a blog post from Karanbir; I'm writing this only to have a lighter, easier to read and copy/paste from document.
In this case I'm also using Centos as the existing remote OS. Here we go:

cd /boot
wget http://ftp.roedu.net/mirrors/centos.org/5/os/x86_64/images/pxeboot/initrd.img -O pxe-initrd.img
wget http://ftp.roedu.net/mirrors/centos.org/5/os/x86_64/images/pxeboot/vmlinuz -O pxe-vmlinuz

Now we need to add a grub entry using the downloaded files and set it default. Add something similar to your grub.conf/menu.lst (make sure to change the IP settings, password** etc):

title Centox-vnc-install
        root (hd0,0)
        kernel /boot/pxe-vmlinuz vnc vncpassword=blahblah132 headless ip=123.231.234.106 netmask=255.255.255.248 gateway=123.231.234.105 dns=4.2.2.3 hostname=blahserver ksdevice=eth0 method=http://ftp.roedu.net/mirrors/centos.org/5/os/x86_64/ keymap=uk lang=en_GB
        initrd /boot/pxe-initrd.img

Double check the above entry is default and reboot. Keep pinging the IP you specified above, when it's up start vncviewer on IP:1. That's it, now you can reinstall your server(s) whenever you want without asking for KVMoIP or the data centre staff to do it for you.
Enjoy!

** Achtung! Vncpassword needs to be at least 6 characters long otherwise you won't be allowed to connect.

Tags: centos, pxe, vnc. | No comments

PHP 5.3 & Bind 9.7 in Centos Testing repo

28th January 2011

Apparently we can now have PHP 5.3 and Bind 9.7 in Centos from the Centos-testing repo even though Centos 5.6 (nor 6.0 for that matter) is not yet released. Nice!

Tags: bind, centos, php, repo. | No comments

Transmission bittorrent client for EL6

24th May 2011

As it turns out there's no graphical bittorrent client in EL6, therefore a quick copy/paste tip so you don't end up butchering your favourite OS like this guy (though he was trying to achieve smth a tad different):

wget ftp://ftp.lug.ro/fedora/linux/releases/14/Everything/x86_64/os/Packages/transmission-common-2.04-2.fc14.1.x86_64.rpm ftp://ftp.lug.ro/fedora/linux/releases/14/Everything/x86_64/os/Packages/transmission-gtk-2.04-2.fc14.1.x86_64.rpm
yum localinstall --nogpgcheck transmission-common-2.04-2.fc14.1.x86_64.rpm transmission-gtk-2.04-2.fc14.1.x86_64.rpm

Modify the paths accordingly if you're on 32 bit arch.

Enjoy! ;-)

Tags: bittorrent, centos, el6, rhel, scientificlinux, tip, transmission. | No comments

Speed up your Centos box by using the pdnsd caching name server

1st July 2011

Update: these exact same instructions work on EL6, too (tested it on my ScientificLinux 6 workstation).

Today I was looking into installing a dns caching server on my Centos box so it wastes less time looking up hostnames. I wanted something as light on resources as possible (my dom0 server has only 512MB RAM).
First I thought of dnsmasq, but then I reconsidered as I didn't want something that can also do DHCP, and anyway, AFAIK dnsmasq doesn't use the dns root servers, but your upstream ISP name servers.
My second thought was dnscache (from the djbdns suite), but I really didn't feel like compiling all that stuff (daemontools, ucspi etc). And anyway.. dnscache is _old_.
After all that fuss I remembered reading about pdnsd somewhere so I checked it out: exactly what I needed!

Why do I like it?

- It's small
- It's fast
- It's secure (goes around dns cache poisoning)
- Does persistent caching (good for not permanent connections, also for machines rebooting often)
- Knows IPv6
- Installation is very easy

Installing it on Centos 5 was a no brainer. The RPM package is not in any 3rd party repos that I use (mostly EPEL nowadays - and of course my own :> ). Luckily the developer also mantains RPMs for Centos x86_32 and x86_64:

rpm -ivh http://www.phys.uu.nl/~rombouts/pdnsd/releases/pdnsd-1.2.8-par_el5.x86_64.rpm

(It's a good idea to check the homepage as newer versions might be available)

The configuration is equally easy (a sample config file comes with the rpm package). Here's mine, should work on most servers:

// Sample pdnsd configuration file. Must be customized to obtain a working pdnsd setup!
// Read the pdnsd.conf(5) manpage for an explanation of the options.
// Add or remove '#' in front of options you want to disable or enable, respectively.
// Remove '/*' and '*/' to enable complete sections.

global {
	perm_cache=1024;
	cache_dir="/var/cache/pdnsd";
#	pid_file = /var/run/pdnsd.pid;
	run_as="pdnsd";
	server_ip = 127.0.0.1;  # Use eth0 here if you want to allow other
				# machines on your network to query pdnsd.
	status_ctl = on;
#	paranoid=on;       # This option reduces the chance of cache poisoning
	                   # but may make pdnsd less efficient, unfortunately.
	query_method=udp_tcp;
	min_ttl=15m;       # Retain cached entries at least 15 minutes.
	max_ttl=1w;        # One week.
	timeout=10;        # Global timeout option (10 seconds).
	neg_domain_pol=on;
}

# The following section is most appropriate if you have a fixed connection to
# the Internet and an ISP which provides good DNS servers.
server {
	label = "root-servers";
	root_server = discover; # Query the name servers listed below
				# to obtain a full list of root servers.
	randomize_servers = on; # Give every root server an equal chance
	                        # of being queried.
	ip = 	198.41.0.4,     # This list will be expanded to the full
		192.228.79.201; # list on start up.
	timeout = 5;
	uptest = query;         # Test availability using empty DNS queries.
	interval = 30m;         # Test every half hour.
	ping_timeout = 300;     # Test should time out after 30 seconds.
	purge_cache = off;
	exclude = .localdomain;
	policy = included;
	preset = off;
}


source {
	owner=localhost;
#	serve_aliases=on;
	file="/etc/hosts";
}

/*
include {file="/etc/pdnsd.include";}	# Read additional definitions from /etc/pdnsd.include.
*/

rr {
	name=localhost;
	reverse=on;
	a=127.0.0.1;
	owner=localhost;
	soa=localhost,root.localhost,42,86400,900,86400,86400;
}
/*
neg {
	name=doubleclick.net;
	types=domain;   # This will also block xxx.doubleclick.net, etc.
}
*/

/*
neg {
	name=bad.server.com;   # Badly behaved server you don't want to connect to.
	types=A,AAAA;
}
*/

Just save the above as /etc/pdnsd.conf and start the daemon:

service pdnsd start

Have it started upon boot:

chkconfig pdnsd on

And update your resolv.conf file:

echo nameserver 127.0.0.1 > /etc/resolv.conf

Enjoy!

Tags: caching, centos, dns, linux, pdnsd. | No comments

Libreoffice repo for EL6

17th December 2011

For those people who wanted to use Libreoffice on their EL6 workstations there weren't many options; basically you had to download a tarball from libreoffice.org and `rpm -ivh` the contained rpms manually - not the best way to have it installed and relatively painful to keep up to date.

But no more - I've been backporting Libreoffice for a while now from Fedora and you're free to use it!
Also, recently I noticed there are RHEL conditionals in the spec files. For those unfamiliar with RPM building this means Redhat is probably getting ready to include Libreoffice in their enterprise distro.

I don't know when we'll see Libreoffice in EL 6 officially but I know it won't be in v6.3. Until then you can use my repo - it should gracefully upgrade existing stock openoffice.org installations:

To install do the following as root:

rpm -ivh http://li.nux.ro/download/nux/libreoffice/el6/i386/nux-libreoffice-release-0-1.el6.nux.noarch.rpm
yum install libreoffice

To upgrade from stock openoffice.org:

rpm -ivh http://li.nux.ro/download/nux/libreoffice/el6/i386/nux-libreoffice-release-0-1.el6.nux.noarch.rpm
yum update

To replace Libreoffice installed from the official libreoffice.org rpms:

yum remove libreoffice\* libobasis\*
rpm -ivh http://li.nux.ro/download/nux/libreoffice/el6/i386/nux-libreoffice-release-0-1.el6.nux.noarch.rpm
yum install libreoffice

If you run into issues feel free to leave a comment or drop me a line: rpm @ li.nux.ro

Tags: centos, el6, libreoffice, openoffice, rhel, scientificlinux. | No comments

Stella - a Centos desktop remix

29th January 2012

Hello everybody, I'm doing a Centos 6 desktop oriented remix called Stella. This has been brewing since the summer and it's starting to get ready.
I've backported a lot of packages from Fedora and Rpmfusion and bundle several other repos, too, resulting in a big range of software available, including but not limited to:
LibreOffice, VLC, MPlayer, Shutter, Arista, Java, Flash, GParted etc

You can read (just slightly) more about it here: li.nux.ro/stella.
I'd love to receive any feedback.

Cheerio!
Nux

Tags: centos, desktop, el6, linux, stella. | 8 comments.

Hide other users' processes in Linux

7th February 2012

And at last we have the equivalent of security.bsd.see_other_uids in Linux without the need to mess around with grsecurity! This is a security feature I've waited to land in Linux for a LONG time.
This characteristic can be enabled if you have kernel 3.3 (EL6/rhel/centos users can get it from here - thanks ajb!), but hopefully RedHat and other distributions will backport this feature in their kernels, too. The required patches are here and here.

So, how it works? Simple:
- mount /proc with the option "hidepid=1" to stop a regular user to see other processes but his when doing `ps` or `top`
- mount /proc with the option "hidepid=2" to not only stop the user from seeing other processes, but also disables the user's capacity to list /proc/$PIDs that are not his
- mount /proc with the option "hidepid=0" to go back to standard behaviour, all users can see all processes - this is the default
- there is also the "gid=xxx" mount option that lets the specified gid see all processes, even when hidepid is set to 1 or 2

You can read more about it here.

Enjoy!

Tags: centos, elrepo, kernel, linux, security.bsd.see_other_uids. | No comments

Generating delta RPMs in EL6

3rd May 2012

man createrepo

Check the "--deltas" switch. :-)

Tags: centos, deltarpm, rpm. | No comments

Nux!