DevHeads.net

Postings by Benjamin Smith

Unable to mount a USB DVD drive

I can't seem to get an external DVD drive to show up on an CentOS 7 server.
Wondering if it's just missing a driver or if I'm missing something
fundamental.

It's an external USB device that works fine on my Fedora 21 Laptop, but I never
get a /dev/ entry (EG: /dev/sr0) on the server.

Keep the politics out, please?

With this post, I run the risk of causing more of the thing that I speak
against. I still think it's important to say it.

CentOS mailing list is a technical forum. It is not a political forum.

Just reading a thread on bitcoins and the entire thread quickly turned into a
political thread with people bitching about everything from Chase Bank to the
Russians, and that's just crap. Wildly inappropriate. If you don't like
Bitcoins, you should just not reply because you aren't going to use the
Bitcoin software.

RasPi 3.x and RH-based Distro (Slightly OT)

With the release of the Rasberry Pi 3.x, I think we have a platform I could
jump on board with. Performance has just been lacking until now!

But I really don't want to jump the "RH ship" - I'd rather stick with an
environment I am comfortable in.

Can anybody comment here on the best way to run RHEL/Fedora/CentOS on a RasPi,
or if there's even a useful port?

Thanks

Ben S

Measuring memory bandwidth utilization

I'd like to know what the cause of a particular DB server's slowdown might be.
We've ruled out IOPs for the disks (~ 20%) and raw CPU load (top shows perhaps
1/2 of cores busy, but the system slows to a crawl.

We're suspecting that we're simply running out of memory bandwidth but have no
way to confirm this suspicion. Is there a way to test for this? Think: iostat
but for memory bandwidth instead of disk IO.

What to do when you've been hacked?

No, we haven't been hacked. ;)
We have a prospective client who is asking us what our policy is in the event
of unauthorized access. Obviously you fix the system(s) that have been
compromised, but what steps do you take to mitigate the effects of a breach?
What is industry best practice? So far, searches haven't produced anything
that looks consistent, except maybe identity monitoring for financial data.
(EG: Target breach)
We host a significant amount of educational data, but no financial information.
How would we even respond to this question?

Using typescript as a default shell?

Is it possible to use 'script' command that records what happens in a session
as the default shell? How could you deal with multiple logins at once? What
about output from rsync and the like?

EL7: Detecting FS errors on XFS while mounted

Is there a way of checking an XFS filesystem for clean/dirty status while
mounted?

One of the checks we've long performed is an FS-level error check. This is
*not a full-on fsck*, this is "asking the file system if it noted any
problems". This is done while the file system is mounted and "hot". For
example, here's how we'd check an ext* partition:

# debugfs -R "show_super_stats -h" /dev/md127 | grep -i "Filesystem state"
We'd look for "Filesystem state: clean" (or something else if not clean).

CentOS6: missing kernel module?

Testing out tipc for cluster development, and running into an immediate snag.
tipcutils was found in EPEL but despite having a "compatible" kernel, it
doesn't seem to actually work.

It's a completely updated system, Intel i5 with 16 GB of RAM, nothing
remarkable.

Any ideas?

Sieve Filter: All email not from friendly name?

I'm using Dovecot and Sieve under postfix on CentOS 6. Sieve filters are working
great for a number of addresses.

I'm trying to set up a sieve filter that catches all email NOT from Cron
Daemon. Nearly all Admin messages come from
"Cron Daemon <username@servername>"
so I want a Sieve Filter that will catch all addresses NOT from this address
and stick it into a folder under INBOX/ProbablySpam but while other filters
seem to work fine, this one does not. My best guess so far:

if anyof (not address :all :contains ["From"] "Cron Daemon") {
fileinto "INBOX.ProbablySpam";
}
...

ODBC for PG 9.4.x?

We recently upgraded our RHEL 6.x servers with PGDG 9.4 and are generally
pleased with the results. However, one of our clients has been accessing our
systems with ODBC on Windows and has been experiencing difficulty. (0.9.2 worked
fine)

Poking around, I noticed that the latest ODBC is 09.03.0400. Is there a 09.04
version in the works? Or is it expected that 9.3.x should interoperate with PG
9.4 ?

We performed the upgrade specifically to make use of Materialized Views.

CentOS 6 and Sieve/Dovecot

I've got dovecot & Sieve installed on an internal mail server, without issue.
It seems to run ~/.dovecot.sieve scripts without issue. However, when trying
to set up sieve scripts with an email client (kmail) the sieve scripts get
published to ~/sieve directory.

I can't seem to find any way to tell sieve to run all scripts in ~/sieve. It
looked as though sieve_before in /etc/dovecot/conf.d/90-sieve.conf might do it
but it doesn't expand ~.

Testing "dark" SSL sites

So, with all the hubbub around POODLE and ssl, we're preparing a new load
balancer using HAProxy.

So we have a set of unit tests written using PHPUnit, having trouble
validating certificates. How do you test/validate an SSL cert for a prototype
"foo.com" server if it's not actually active at the IP address that matches
DNS for foo.com?

For non-ssl sites, I can specify the url like <a href="http://1.2.3.4/path" title="http://1.2.3.4/path">http://1.2.3.4/path</a> and pass an
explicit "host: foo.com" http header but that fails for SSL certificate
validation.

You can also set a hosts file entry, but that's also rather painful.

Convert "bare partition" to RAID1 / mdadm?

I have a large disk full of data that I'd like to upgrade to SW RAID 1
with a minimum of downtime. Taking it offline for a day or more to rsync
all the files over is a non-starter. Since I've mounted SW RAID1 drives
directly with "mount -t ext3 /dev/sdX" it would seem possible to flip
the process around, perhaps change the partition type with fdisk or
parted, and remount as SW RAID1?

I'm not trying to move over the O/S, just a data paritition with LOTS of
data.

block level changes at the file system level?

I'm trying to streamline a backup system using ZFS. In our situation,
we're writing pg_dump files repeatedly, each file being highly similar
to the previous file. Is there a file system (EG: ext4? xfs?) that, when
re-writing a similar file, will write only the changed blocks and not
rewrite the entire file to a new set of blocks?

Assume that we're writing a 500 MB file with only 100 KB of changes.
Other than a utility like diff, is there a file system that would only
write 100KB and not 500 MB of data?

How to enable EDAC kernel module for checking ECC memory?

In order to support ZFS, we upgraded a backups server with a new, ECC
motherboard. We're running CentOS 6 with ZFS on Linux, recently patched.
Now, I want to enable EDAC so we can check for memory errors (and maybe
PCI errors as well) but so far, repeatedly pounding on the Google hasn't
yielded exactly what I need to do to enable EDAC.

One howto was covering PCI and edac, but "modprobe edac_mc" didn't work.
Here's some information below, How do I get edac up and running?

USB blues

I have a freshly built, updated EL6 system and am having problems with
USB stability - at boot everything works fine but within a few hours,
USB devices start disappearing randomly. At first I though the USB
devices were suspect, but removing the suspect devices and an accessory
PCIE USB card hasn't changed anything. As of now, a single USB device is
working. (which is lucky, it hosts the OS) I've rebooted the server
several times trying to diagnose the problem. After a reboot, everything
works great - for a while.

Newer version of FfMpeg

We're trying to build a rich media website, and will need to re-encode
the video content with ffmpeg. Unfortunately, the ffmpeg version that
comes with the most common repos are rather out of date. As in 0.6.5 vs
2.21 being the most current version. However, ffmpeg looks to be a
pretty thorny thing to compile with all the options we need.

Newer version of ffmpeg for EL6?

We're trying to build a rich media website, and will need to re-encode
the video content with ffmpeg. Unfortunately, the ffmpeg version that
comes with the most common repos are rather out of date. As in 0.6.5 vs
2.21 being the most current version. However, ffmpeg looks to be a
pretty thorny thing to compile with all the options we need.

NFS Mount: files owned by nobody

This is one of those simple-been-doing-this-forever things that, for
some reason, has me stumped today.

When I try to NFS (v4) mount a directory, the user/group ownership shows
up as user "nobody" even though /etc/passwd has values for the correct
user names.

Experience with BTRFS?

Was wondering if anyone here could weigh in on using BTRFS for CentOS 6
in a "near production" environment?

I've been using ZFS on Linux and am very happy with the results so far,
but don't particularly want to put all my eggs in one basket. Our
application architecture allows us to have multiple, concurrent
filesystems in mirror so I have the option of running a system under
production-like environment without risking actual loss of customer
data.

Understanding iostat

We have a load balancer/session server that manages sessions in small
files. I did a grep on the directory of session files and the server
load went from 0.50 to 10.x, for all intents and purposes we were down
until I canceled the grep.

According to this article on
<a href="http://www.thattommyhall.com/2011/02/18/iops-linux-iostat/" title="http://www.thattommyhall.com/2011/02/18/iops-linux-iostat/">http://www.thattommyhall.com/2011/02/18/iops-linux-iostat/</a> tps is
roughly analogous to iops. Running iostat on the device reports a tps
that sometimes hits as high as 2000. Given a fairly standard 7200 RPM
SATA drive, with potential IOPS as high as perhaps 100, how is this even
remotely possible?

Why the huge shmmax default setting?

Fresh load of Centos6/64 from new ISO (downloaded 2 weeks ago?) and
getting set up with PostgreSQL, one of the typical steps is to increase
shmmax from its normal, conservative value (eg: 32 MB or something) to
something far more aggressive.

But in recent installs of CentOS 6, this value is generally huge,
typically larger than the RAM installed on the machine!

Unsupported Hardware that works fine?

I recently purchased a set of ASRock Intel i5 MB/CPU combos for a budget
compute cluster. Every time we load up a system and try to boot with a
recent EL6/64 ISO, we get a message that reads:

Postfix relay on Comcast

How to get postfix working on CentOS 6 and Comcast. Recently, they've
changed their policies regards email relay and require authentication
even to send email. (they no longer use IP address ranges, presumably in
an attempt to curb outgoing SPAM)

I didn't see an updated howto anywhere on the Interwebs, thought I'd
point out what I had to do.

CentOS 6 and Intel vPro?

Needed to set up a cluster where horsepower and cost were paramount, so
I thought this would be a good opportunity to try out Intel's business
class "vPro AMT" remote administration technology, and compare it to
IPMI, which I've used for years on servers. From a feature standpoint,
it seems quite impressive, going to far as using standards-based VNC!

Unfortunately, set up is quite a bear, with most of a day spent and
while I can remote power cycle the machine via a web interface, VNC
support is still not to be found.

Install to internal USB?

Saw a trick today, wondering if anybody else had done/tried this? Assume
you have a 1U rackmount with 4 front-accessed drive bays, and you want
all four bays for a 4-disk RAID5 storage.

The idea is to use an internal USB adapter and a couple of bigger USB
thumb drives to install to, RAID 1 style, freeing up all your external
drive bays.

ZFS on Linux in production?

We are a CentOS shop, and have the lucky, fortunate problem of having
ever-increasing amounts of data to manage. EXT3/4 becomes tough to
manage when you start climbing, especially when you have to upgrade, so
we're contemplating switching to ZFS.

As of last spring, it appears that ZFS On Linux <a href="http://zfsonlinux.org/" title="http://zfsonlinux.org/">http://zfsonlinux.org/</a>
calls itself production ready despite a version number of 0.6.2, and
being acknowledged as unstable on 32 bit systems.

However, given the need to do backups, zfs send sounds like a godsend
over rsync which is running into scaling problems of its own.

Port knocking and DNAT rules

So I found an excellent port knocking tutorial using ONLY iptables rules
that looks to be among the best I've ever seen. (warning: techno music,
tough to read screen, you don't need to type it in because I post a link
to script below)

<a href="http://www.youtube.com/watch?v=0zFQocf7C_0" title="http://www.youtube.com/watch?v=0zFQocf7C_0">http://www.youtube.com/watch?v=0zFQocf7C_0</a>

It works fabulously for simply opening a port to a locally managed
service, but I can't seem to get it to work for a PREROUTING/DNAT rule.

Howto: Extremely tight security rsync shell for backups

We've been using rsync since forever to back up all our servers and it's
worked without a problem.

Trying to get a kernel dump

Trying to debug a database server getting cpu softlocks causing SSHD to
hang and not let anybody log in. Figured that a good first step would be
to get some kernel dumps when the problem occurs. According to what I
read at the following web site, I can get dumps for softlock problems
too.