Postings by hw

howto monitor disks on a serveraid-8k?


I'd like to monitor the disks connected to a ServeRaid-8k controller in
a server running Centos 7 such that I can know when one fails.

What's the best way to do that?

exim PAM authentication: all users unknown


how come that exim can not authenticate users using PAM?


driver = plaintext
server_set_id = $auth2
server_prompts = :
server_condition = ${if pam{$auth2:$auth3}{yes}{no}}
server_advertise_condition = ${if def:tls_cipher }
server_debug_print = "auth: $1 $2 $3"


2969 PLAIN authenticator server_condition:
2969 $auth1 =
2969 $auth2 = user
2969 $auth3 = password
2969 $1 =
2969 $2 = user
2969 $3 = password

cyrus: socket options


what are the following messages supposed to tell me and does this
indicate a problem?

# systemctl status cyrus-imapd
master[3766]: unable to setsocketopt(IP_TOS): Operation not supported
master[3766]: unable to setsocketopt(IP_TOS): Operation not supported

Exim says it can not connect to the lmtp socket even when selinux
doesn´t get in the way.

selinux: how to allow access?


how do I allow exim access to a socket in order to be able to do local
deliveries to cyrus?

type=AVC msg=audit(1521179280.845:1920270): avc: denied { name_connect
} for pid=319 comm="exim" dest=24 scontext=system_u:system_r:exim_t:s0
tcontext=system_u:object_r:lmtp_port_t:s0 tclass=tcp_socket

Yet again I could not find any documentation explaining how to do basic
things like this :( Selinux is more like a curse than anything else :(
Why is there not even a good documentation?



I´m trying to figure out how to practically use RADIUS to authenticate

So far, I have only found documentation explaining that the idea is that
users somehow magically need to authenticate against a RADIUS server via
a device like a switch or a wireless access point before they are given or
being denied access to a network. I understand that I have to refer to
the documentation of the switch or access point to figure out how to set
up RADIUS authentication with the particular device.

But how is this achieved in practice?

time foo


isn´t this weird:

# time foo
real 43m39.841s
user 15m31.109s
sys 0m44.136s

Almost 30 minutes have disappeared, but it actually took about that long,
so what happened?

mariadb server memory usage


is this ok for a database server, or do I need to turn the memory allowance
down? The machine has 48GB and mariadb is allowed about 40. The
machine is a dedicated database server.

Mysql seems to go up to what top says is virtually allocated under some
circumstances; I don´t know what mariadb does. I don´t want anything
get killed because memory runs out.

tuned profile and i/o scheduler


is there a way to set the I/O scheduler via a tuned profile?

If so, can the scheduler be set for different disks individually?

more selinux problems ...


how do I allow lighttpd access to a directory like this:

dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles

I tried to create and install a selinux module, and it didn´t work.
The non-working module can not be removed, either:

semodule -r lighttpd-files_articles.pp
libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at priority 400. (No such file or directory).
semodule: Failed!

Currently, only read access is required.

/var/run/... being deleted :((


what keeps deleting files and directories under /var/run? Having them deleted
is extremely annoying because after a reboot, things are suddenly broken because
services don´t start.

xfs not getting it right?


xfs is supposed to detect the layout of a md-RAID devices when creating the
file system, but it doesn´t seem to do that:

# cat /proc/mdstat
Personalities : [raid1]
md10 : active raid1 sde[1] sdd[0]
499976512 blocks super 1.2 [2/2] [UU]
bitmap: 0/4 pages [0KB], 65536KB chunk

# mkfs.xfs /dev/md10p2
meta-data=/dev/md10p2 isize=512 agcount=4, agsize=30199892 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=120799568, im



are there other things than disk I/O that may cause waitstates (as shown by top, for example)?
What about network traffic?

selinux prevents lighttpd from printing


how do I allow CGI programs to print (using 'lpr -P some-printer some-file.pdf') when
lighttpd is being used for a web server?

When selinux is permissive, the printer prints; when it´s enforcing, the printer
does not print, and I´m getting the log message '/bin/lpr: Permission denied'.

'getsebool -a | grep http' doesn´t show any boolean I could make out to be responsible
for this.

Any idea what I need to do/change to allow printing without disabling selinux?

lighttpd and cgi error reporting


is there a way to get error messages created by CGI perl programs (not fastCGI)
logged with lighttpd? Apache used to put all errors into its error log and
lighttpd does not. That makes debugging rather difficult.


<a href="" title=""></a>
says that pst-barcode is included in texlive.

I installed texlive, and it can´t find pst-barcode.sty. Is that a
bug in the packaging Centos does, or is texlive in Centos some
derelict version?

cyrus spool on btrfs?


is there anything that speaks against putting a cyrus mail spool onto a
btrfs subvolume?

share /var/spool/cups-pdf/SPOOL/?


is there a way to set multiple selinux attributes to files/directories?

I would like to share /var/spool/cups-pdf/SPOOL/, which has
'system_u:object_r:print_spool_t:s0' and would also need

The point is that there will be files accumulating that only need to be
deleted, and there might be files users may actually want access to.
Sharing the directory (and a script that automatically deletes files from
there which are too old) would be a way to achieve this.

spice client?


how do I connect to a VM running on a removte machine with some
sort of spice client? There doesn´t seem to be any spice client
available in Centos 7 that works.

how to enforce sunit and swidth for root device/partition when installing?


how can I force the Centos 7 installer to use the particular
sunit and swidth values that are matching the hardware raid
device I´m installing on?

The installer forces me to reformat the partition I want to
install on :( It does not let me specify any options about
creating the file system :(

Even when I create the file system manually with correct values
after telling the installer where to install and before beginning
the installation, xfs_info shows different values for the file
system than I used when I created it once I rebooted.

should NUMA be enabled?


should NUMA be enabled in the BIOS of a server that has
two sockets but only a single CPU in one of the sockets?

From what I´ve been reading, it is unclear to me if NUMA
should be enabled only on systems with multiple CPUs in
multiple sockets or if multiple cores of a single CPU in
a single socket benefit from NUMA being enabled, and if
memory access in general benefits from NUMA being enabled
(in some other ways) even when there is only a single
CPU in a single socket.

It seems clear that NUMA should be enabled an can be taken
advantage of when there are multiple CPUs in multiple sock

kvm/qemu and CPU load


I have a server using its 4 physical network interfaces
bonded, with the bonding interface added to a bridge. The
bridge has the IP, and three VMs are using the bridge. Two
of the VMs are running Debian, one is running Windoze 7.

CPU load caused by the qemu-kvm processes is way higher than
I´m happy with. One of the Debian machine causes around
22% while it´s basically idle, the other one is around 3%,
and the Windoze one is around 50. They are all mostly idle.

I can observe that when some network traffic is going on with
the Windoze machine, it causes a CPU load of 200%.

network setup: meaning of PEERROUTES option


what´s the meaning of the PEERROUTES option in the networking
scripts? I couldn´t find that documented anywhere.

I managed to set up a bonding interface and when sending pings,
I´m getting redirection messages from the gateway unless I
manually add a route to the network. So I guess that for some
reason, the routing doesn´t get set up correctly, and I wonder
how to get that to work. Am I missing the PEERROUTES option,
or does that do something else?

more recent perl version?


are there packages replacing the ancient perl version in
Centos 7 with a more recent one, like 5.24? At least the
state feature is required.