stateless linux
by Peter Schobel
is there any documention that explains exactly what changes the
stateless-client and readonly-root packages make to the client?
Peter Schobel
~
19 years, 5 months
stateless problems
by Peter Schobel
i'm having a few problems with setting up stateless linux for the
rsync-based cached instantiation model
first of all, i couldn't get the post install script in the kickstart
file to work. and i'm not sure why because i could not see any output
from that script but i know that when the system would reboot, the
stateless-client package would not be installed
so i wrote my own post install ks script using bash so that it installs
the stateless-client package - i also added some commands to populate
the variables in the /etc/sysconfig/stateless file because after the
package install, those values were set to default
i'm pretty sure that this is not the way this is supposed to work,
probably i missed something but nevertheless i got myself this far
now my problem is getting the client to replicate the snapshop
the original code in the post-install script was
### Now launch the real bootstrap
sys.path.append ('/mnt/sysimage/usr/share/stateless/')
import bootstrap
bootstrap.run('aware-of-vacuity.boston.redhat.com', 'Test42')
i don't know python and i don't really understand how this is 'supposed'
to work
i am trying to replicate the snapshot manually by running "python
replicator.py update" but i am now getting errors about not being able
to determine which root partition is in reserve
[root@store-lan1-100 stateless]# python replicator.py update
/sbin/e2label: Attempt to read block from filesystem resulted in short
read while trying to open /dev/hda4
Couldn't find valid filesystem superblock.
/sbin/e2label: No such file or directory while trying to open /dev/hda6
Couldn't find valid filesystem superblock.
Traceback (most recent call last):
File "replicator.py", line 767, in ?
update_client_on_cronjob_or_manual()
File "replicator.py", line 737, in update_client_on_cronjob_or_manual
repl = LiveReplicatorBackgroundUpdate()
File "replicator.py", line 675, in __init__
Replicator.__init__ (self, ldap_dir, False)
File "replicator.py", line 583, in __init__
self.root = Replicator.ClientPartitionRole(ROLE_ROOT,
self.temp_dir_name, self)
File "replicator.py", line 387, in __init__
self.locate_partitions()
File "replicator.py", line 405, in locate_partitions
raise PartitionError, "Could not determine which %s is in
reserve"%self.get_name()
__main__.PartitionError: Could not determine which root partition is in
reserve
i'm using FC3 release version
my partition layout is as per the example
[root@store-lan1-100 stateless]# df -m
Filesystem 1M-blocks Used Available Use% Mounted on
/dev/hda2 3027 632 2242 22% /
/dev/hda1 99 9 86 9% /boot
none 252 0 252 0% /dev/shm
/dev/hda5 99 6 89 6% /reserve-boot
/dev/hda3 3027 37 2837 2% /reserve-root
[root@store-lan1-100 stateless]# cat /etc/fstab
# This file is edited by fstab-sync - see 'man fstab-sync' for details
LABEL=/ / ext3 defaults
1 1
LABEL=/boot /boot ext3 defaults
1 2
none /dev/pts devpts gid=5,mode=620
0 0
none /dev/shm tmpfs defaults
0 0
none /proc proc defaults
0 0
LABEL=/reserve-boot /reserve-boot ext3 defaults
1 2
LABEL=/reserve-root /reserve-root ext3 defaults
1 2
none /sys sysfs defaults
0 0
any guidance here would be appreciated,
Peter Schobel
--
#########################
# ##
######################### #
# Peter Schobel # #
# Network Administrator # #
# Porchlight.ca # #
# Unlimited Internet # #
# www.porchlight.ca ##
#########################
19 years, 5 months
Yum and Up2date-Error
by Clovis Tristao
Hi,
I am trying to bring up to date my version of the Fedora Core 3 T1,
using yum or up2date, them is appearing the following message:
Error: missing dep: libdb_cxx-4.2.so for pkg openoffice.org-libs
How do I do to resolve this problem?
Thanks a lot,
Clóvis
--
Clovis Tristao - UNICAMP/Faculdade de Engenharia Agricola
Administrador de Redes - Secao de Informatica (SINFO)
E-mail: mailto:clovis@agr.unicamp.br http://www.agr.unicamp.br
Fone(0xx19) 37881031-37881038 ou FAX(55xx19) 37881005/37881010
19 years, 5 months
rawhide report: 20041123 changes
by Build System
Removed package ash
Updated Packages:
abiword-1:2.2.0-2
-----------------
* Mon Nov 22 2004 Caolan McNamara <caolanm(a)redhat.com> - 1:2.2.0-2
- #abi7961# remove tempnam usages
* Mon Nov 22 2004 Caolan McNamara <caolanm(a)redhat.com> - 1:2.2.0-1
- bump to latest major stable version
- #rh140321# sanity check geometry
apr-0.9.5-3
-----------
* Mon Nov 22 2004 Joe Orton <jorton(a)redhat.com> 0.9.5-3
- really fix apr-config --srcdir
* Mon Nov 22 2004 Joe Orton <jorton(a)redhat.com> 0.9.5-2
- fix apr-config --srcdir again
apr-util-0.9.5-1
----------------
* Mon Nov 22 2004 Joe Orton <jorton(a)redhat.com> 0.9.5-1
- update to 0.9.5
booty-0.45-1
------------
* Mon Nov 22 2004 Karsten Hopp <karsten(a)redhat.de> 0.45-1
- rebuild with python-2.4
cups-1:1.1.22-2
---------------
* Mon Nov 22 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-2
- Fixed cups-lpd file mode (bug #137325).
- Convert all man pages to UTF-8 (bug #107118). Patch from Miloslav Trmac.
* Mon Nov 08 2004 Tim Waugh <twaugh(a)redhat.com>
- New lpd subpackage, from patch by Matthew Galgoci (bug #137325).
docbook-style-xsl-1.67.0-3
--------------------------
* Mon Nov 22 2004 Tim Waugh <twaugh(a)redhat.com> 1.67.0-3
- Avoid non-ASCII in generated man pages.
ethereal-0.10.7-1
-----------------
* Mon Nov 22 2004 Radek Vokal <rvokal(a)redhat.com> 0.10.7-1
- Updated to ethereal 0.10.7
gdb-6.1post-1.20040607.55
-------------------------
* Mon Nov 22 2004 Jeff Johnston <jjohnstn(a)redhat.com> 1.200400607.55
- Multiple ia64 backtrace fixes. Bugzilla 125157
* Thu Nov 11 2004 Elena Zannoni <ezannoni(a)redhat.com> 1.200400607.54
- Bump up release number
* Thu Nov 11 2004 Elena Zannoni <ezannoni(a)redhat.com> 1.200400607.51
- Modify configure line to not use absolute paths. This was
creating problems with makeinfo/texinfo.
- Get rid of makeinfo hack.
Bugzilla 135633
gimp-2:2.2-0.0.pre2.1
---------------------
* Mon Nov 22 2004 Nils Philippsen <nphilipp(a)redhat.com>
- version 2.2-pre2
* Thu Nov 18 2004 Nils Philippsen <nphilipp(a)redhat.com>
- obsolete fixed gimp-perl version to be able to reintroduce it at a
later point
- use correct dir in source URL
* Wed Nov 03 2004 Nils Philippsen <nphilipp(a)redhat.com>
- version 2.2-pre1
iiimf-le-xcin-0.1.7-11.1
------------------------
* Tue Nov 16 2004 Leon Ho <llch(a)redhat.com> - 0.1.7-11
- fixed multibyte punctuation on input styles (#138959)
jpilot-0.99.7-3
---------------
* Mon Nov 22 2004 Ivana Varekova <varekova(a)redhat.com>
- fix bug #139377 - problem with x86_64
kdesdk-3.3.1-3
--------------
* Thu Nov 11 2004 Jeff Johnson <jbj(a)jbj.org> 3:3.3.1-3
- rebuild against db-4.3.21.
* Mon Oct 18 2004 Than Ngo <than(a)redhat.com> 3:3.3.1-2
- rebuilt
kudzu-1.1.96-1
--------------
* Mon Nov 22 2004 Bill Nottingham <notting(a)redhat.com> - 1.1.96-1
- replace significantly suboptimal module availability algorithm
* Tue Oct 12 2004 Bill Nottingham <notting(a)redhat.com> - 1.1.95-1
- fix potential segfault on odd USB controllers (#135450)
* Tue Oct 12 2004 Bill Nottingham <notting(a)redhat.com> - 1.1.94-1
- add a quick hack to avoid warning (#129181)
libavc1394-0.4.1-4
------------------
* Mon Nov 22 2004 Karsten Hopp <karsten(a)redhat.de> 0.4.1-4
- remove bogus ldconfig after makeinstall
mew-4.1-1
---------
* Mon Nov 22 2004 Akira TAGOH <tagoh(a)redhat.com> - 4.1-1
- New upstream release.
- improved IMAP support.
- added the spam filter hook.
- mew-init.el: added the proper location for stunnel.
mkinitrd-4.1.19-1
-----------------
* Mon Nov 22 2004 Jeremy Katz <katzj(a)redhat.com> - 4.1.19-1
- remove use of dietlibc for nash
* Wed Nov 03 2004 Jeremy Katz <katzj(a)redhat.com>
- handle machines with lots of disks in /proc/partitions (#137816)
* Sun Oct 24 2004 Jeremy Katz <katzj(a)redhat.com>
- require cpio (#136814)
module-init-tools-3.1-0.pre5.4
------------------------------
* Mon Nov 22 2004 Jeremy Katz <katzj(a)redhat.com> - 3.1-0.pre5.4
- don't use dietlibc on x86 anymore
openmotif-2.2.3-7
-----------------
* Mon Nov 22 2004 Thomas Woerner <twoerner(a)redhat.com> 2.2.3-7
- latest Xpm patches: CAN-2004-0914 (#134631)
- new patch for tmpnam in imake (only used for build)
patchutils-0.2.30-3
-------------------
* Mon Nov 22 2004 Tim Waugh <twaugh(a)redhat.com> 0.2.30-3
- Moved last fix into docbook-style-xsl.
* Mon Nov 22 2004 Jindrich Novy <jnovy(a)redhat.com> 0.2.30-2
- fix flipdiff.1 man page (#139341)
php-5.0.2-8
-----------
* Mon Nov 22 2004 Joe Orton <jorton(a)redhat.com> 5.0.2-8
- update for db4-4.3 (Robert Scheck, #140167)
- build against mysql-devel
- run tests in %check
redhat-menus-3.7.1-3
--------------------
* Mon Nov 22 2004 <jrb(a)redhat.com> - 3.7.1-3
- Sync to upstream
- #rh138282# Get redhat-evolution.desktop.in
* Mon Nov 22 2004 Dan Williams <dcbw(a)redhat.com> 3.7-5
- #rh137520# Add "application/x-ole-storage" to Calc, Impress, and Writer
desktop files, so Evolution can associate these with OOo
* Tue Nov 16 2004 Dan Williams <dcbw(a)redhat.com> 3.7-4
- #rh137520# Add more supported mime-types to OpenOffice.org .desktop files
rp-pppoe-3.5-23
---------------
* Mon Nov 22 2004 Than Ngo <than(a)redhat.com> 3.5-23
- fix typo in adsl-setup #140287
rpmdb-fedora-1:4-0.20041123
---------------------------
samba-0:3.0.9-2
---------------
* Mon Nov 22 2004 Jay Fenlason <fenlason(a)redhat.com> 3.0.9-2
- New upstream release. This obsoletes the -secret patch.
Include my changetrustpw patch to make "net ads changetrustpw" stop
aborting. This closes #134694
- Remove obsolete triggers for ancient samba versions.
- Move /var/log/samba to the -common rpm. This closes #76628
- Remove the hack needed to get around the bad docs files in the
3.0.8 tarball.
- Change the comment in winbind.init to point at the correct pidfile.
This closes #76641
* Mon Nov 22 2004 Than Ngo <than(a)redhat.com> 3.0.8-4
- fix unresolved symbols in libsmbclient which caused applications
such as KDE's konqueror to fail when accessing smb:// URLs. #139894
* Thu Nov 11 2004 Jay Fenlason <fenlason(a)redhat.com> 3.0.8-3.1
- Rescue the install.mount.smbfs patch from Juanjo Villaplana
(villapla(a)si.uji.es) to prevent building the srpm from trashing your
installed /usr/bin/smbmount
sane-backends-1.0.15-4
----------------------
* Mon Nov 22 2004 Tim Waugh <twaugh(a)redhat.com> 1.0.15-4
- Attempt to be more useful in libusbscanner by waiting a maximum of 30
seconds.
- Add a chcon call to libusbscanner (bug #140059). Based on contribution
from W. Michael Petullo.
selinux-policy-strict-1.19.4-3
------------------------------
* Mon Nov 22 2004 Dan Walsh <dwalsh(a)redhat.com> 1.19-4-3
- Fix location of selinuxenabled
* Mon Nov 22 2004 Dan Walsh <dwalsh(a)redhat.com> 1.19-4-2
- Add some rules to allow httpd_sys_content_t to access to httpdcontent if httpd_unified is set
selinux-policy-targeted-1.19.4-3
--------------------------------
* Mon Nov 22 2004 Dan Walsh <dwalsh(a)redhat.com> 1.19-4-3
- Fix location of selinuxenabled
* Mon Nov 22 2004 Dan Walsh <dwalsh(a)redhat.com> 1.19-4-2
- Add some rules to allow httpd_sys_content_t to access to httpdcontent if httpd_unified is set
sox-12.17.6-1
-------------
* Mon Nov 22 2004 Thomas Woerner <twoerner(a)redhat.com> 12.17.6-1
- new version 12.17.6
star-1.5a54-1
-------------
* Mon Nov 22 2004 Peter Vrabec <pvrabec(a)redhat.com>
- upgrade 1.5a54-1 & rebuild
* Mon Oct 25 2004 Peter Vrabec <pvrabec(a)redhat.com>
- fix dependencie (#123770)
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
stunnel-4.05-4
--------------
* Mon Nov 22 2004 Miloslav Trmac <mitr(a)redhat.com> - 4.05-4
- Convert man pages to UTF-8
sylpheed-1.0.0-0.1.beta3
------------------------
* Mon Nov 22 2004 Akira TAGOH <tagoh(a)redhat.com> - 1.0.0-0.1.beta3
- New upstream release.
- sylpheed-default-browser.patch: updated to apply cleanly.
- sylpheed.1: added a simple man page. (#129387)
system-config-date-1.7.12-1
---------------------------
* Mon Nov 22 2004 Nils Philippsen <nphilipp(a)redhat.com> 1.7.12-1
- remove wrongly encoded character (#140318) and duplicate word from French
man page
tetex-2.0.2-24
--------------
* Mon Nov 22 2004 Jindrich Novy <jnovy(a)redhat.com> 2.0.2-24
- Fix man pages (bug #139341)
tvtime-0.9.15-3
---------------
* Mon Nov 22 2004 Miloslav Trmac <mitr(a)redhat.com> - 0.9.15-3
- Convert German man pages to UTF-8
xfce-utils-4.0.6-2
------------------
* Mon Nov 22 2004 Than Ngo <than(a)redhat.com> 4.0.6-2
- add session desktop file from KDE, better translations
- improve xfterm4 #139183
19 years, 5 months
first encounters with SELINUX, with some suggestions
by Thomas Vander Stichele
Hi,
I upgraded to FC3 this weekend. I always try and go with the defaults
on a new install, because when fielding bug reports for my various
projects I prefer to make the defaults work first so bug reporters and I
have a common ground to work with.
Since the default SELINUX policy is "targeted" I chose this, bracing
myself :)
My first task was getting all my locally hosted websites to run.
I have a few virtualhosts in my /home/thomas/www directory. When
starting apache, the service script complains about these directories
missing.
Please note that I have a separate /home partition on hda6; I don't know
if this affects any policy (yet).
The system log file shows things like:
audit(1100000312.370:0): avc: denied { search } for pid=12350
exe=/usr/sbin/httpd name=thomas dev=hda6 ino=557094
scontext=root:system_r:httpd_t tcontext=system_u:object_r:default_t
tclass=dir
I read through a few howto's, including
http://fedora.redhat.com/docs/selinux-faq-fc3/index.html
(which has all of its internal links broken, can somebody please fix
this, it's quite annoying !) and the writing policy howto mentioned
herein: https://sourceforge.net/docman/display_doc.php?
docid=21959&group_id=21266
The latter has a paragraph about where policy is stored, and mentions
Makefiles and other stuff in /etc/selinux. None of this is present on
my FC3 system, so I'm assuming here that Red Hat has changed some things
from the default SELinux which obliviate this step, but I have way of
finding out how. Am I missing something ? Maybe there's a package I
need to install ?
I decided to learn about SELinux through the equivalent of poking at it
with a large stick.
I started adding some policy
to /etc/selinux/targeted/contexts/files/file_contexts, adding a line
reading:
/home/thomas/www
system_u:object_r:httpd_sys_content_t
The former howto tells me I can run
/sbin/fixfiles relabel /home/thomas/www
but that command just gives me this:
Usage: /sbin/fixfiles {-R rpmpackage[,rpmpackage...] [-l logfile ] [-o
outputfile ] |check|restore|[-F] relabel}
It would seem to me that what I issued was correct, both from the howto
as well as the usage output. Clearly I'm missing something else here.
So I tried this:
restorecon -v -R /home/thomas/www
and that did something. How do these two tools differ ? Why does the
first not work as advertised.
Using ls -alz /home/thomas I seem to get the impression this security
context has been adopted. Still, apache refuses to see the directory.
So I read some more of the howto. There's a binary called audit2allow
that could help me generate rules. So I run it, restart apache a few
times, but the binary doesn't print anything, not even with -v. Maybe
I'm using it wrong, but there's no way of finding out if I am.
At this point, I'm pretty much stuck. So if any kind soul wants to
throw me a bone, please do.
There are some things I find troubling and would want to offer
suggestions for.
- I am a fairly typical developer. I'd like to understand my system and
to do so I read documentation, look at examples and try it out. Yet the
barrier to entry to selinux is pretty high, which seems bad for
something Red Hat wants to be finely integrated into the distribution.
Maybe it would be a good idea to write a simple "getting started" guide
explaining how to do two or three common tasks (I'd say "serving web
pages from a nonstandard directory" would be one of them), making sure
that EVERY STEP works. Right now the howto contains things that do not
work as advertised, and links to docs that reference stuff that is not
present, without a mention close by where to get it.
- A lot of developers I know, including a bunch at Red Hat, *turn off
SELINUX entirely*. IMO, something that gets pushed at heavily as this
should be dogfooded by the development team at Red Hat completely, so
they encounter firsthand what it means and how to fix basic issues.
Knowledge spreads through increasingly growing circles starting from the
center. If all RH developers, who have "easy" access to the SELINUX
people at Red Hat, were to use it, they'd have basic knowledge about it.
When the next circle of developers - outside of redhat, but having links
to inside - gets hit, they do the same. And so on.
It looks to me like the first circle is already completely broken, hence
halting the dissemination of information and increasing the annoyance
level outside of Red Hat. It won't be long before sysadmins and users
ignore the default and turn it off entirely.
- The documentation is not easy to find, out of date, and doesn't match
the system. IMO, if FC3 gets released, the howto for something as basic
as SELINUX should be uptodate and easy to find.
As it is today:
- http://fedora.redhat.com has one link to SELinux, which links to a
project page that seems to be from before FC2 (!) and has no mention of
documentation
- The "docs" link below that links to the docs as a project, not to
docs. Maybe not that bad, but confusing.
- The docs link on the left links to docs, where SELINUX is listed, and
the link mentions that it is for FC3 test 2
- When you click it, the docs say it is for test *3*
- all internal links in that doc are broken
- some commands in that doc do not work: fixfiles, audit2allow
- the document is more of a FAQ than a Howto, a simple "getting started"
would help a lot.
I understand that FC3 is relatively fresh and that not everything can be
in place from the start.
I just want to get a good picture of where SELINUX is at and how to
solve issues, so that I can try to fix stuff myself, and explain to
other people. Otherwise I'll just have to turn off SELINUX myself, and
recommend the same to others when questions are asked about it.
Feel free to comment, both on the particular issue at hand as well as
the general issue of entry barriers to selinux.
Thomas
Dave/Dina : future TV today ! - http://www.davedina.org/
<-*- thomas (dot) apestaart (dot) org -*->
I will play you like a shark
And I'll clutch at your heart
I'll come flying like a spark
To enflame you
<-*- thomas (at) apestaart (dot) org -*->
URGent, best radio on the net - 24/7 ! - http://urgent.fm/
19 years, 5 months
Stale NFS Filehandles and Permission Denied
by Hugh Caley
We recently migrated our main storage to a Nexsan Atabeast fronted by
two PC's running Fedora Core 2. We are being plagued by "Stale NFS
Filehandle" and "Permission Denied" errors on machines mounting the
shares provided by the two PC's. Very sporadic, but annoying.
I can't seem to find any rhyme or reason for this. Clients that have
seen the problem include a machine running RH 7.3 accessing a mount in
fstab, to a Fedora Core 1 client automounting a share. Many times just
running 'ls' on the share a few times will suddenly make it accessable.
Other times a umount/mount is required.
The server machines are running Fedora Core 2 and kernel
2.6.9-1.3_FC2smp. The exported filesystems are ReiserFS on LVM2
volumes. Qlogic QLA2300 fibre adaptors connect the heads to the Nexsan
Atabeast.
After reading some traffic on the Linux kernel list, I added the
"no_subtree_check" option to the fstab entries on the servers and
re-exported. It doesn't seem to have made much of a difference.
I'm not seeing error messages in /var/log/messages on either the clients
nor the hosts.
Anyone else seeing this? Any ideas? Otherwise the performance on the
new systems beats the hell out of our old EMC Celerra; the users are
rather happy with it save for this little problem.
Hugh
--
Hugh Caley | Unix Systems Administrator | CIS
AFFYMETRIX, INC. | 6550 Vallejo St. Ste 100 | Emeryville, CA 94608
Tel: 510-428-8537 | Hugh_Caley(a)affymetrix.com
19 years, 5 months
kernel versions
by Brian Millett
I am a bit confussed as to the versions of the kernel in rawhide. The
only reference is from Dave in:
http://www.redhat.com/archives/fedora-devel-list/2004-November/msg00894.html
"Ignore the version numbers, they're irrelevant between the
streams right now."
I see that in rawhide are "kernel-2.6.9-1.650_devel*" packages. The
latest that I yumed was kernel-2.6.9-1.667.
Any insight is appreciated.
--
Brian Millett
Enterprise Consulting Group "Shifts in paradigms
(314) 205-9030 often cause nose bleeds."
bpmATec-groupDOTcom Greg Glenn
19 years, 5 months
Possibly offtopic : Binary only driver
by Stefan Sonnenberg-Carstens
Dear list,
I work for a german company which aims now
to bring a Windows client to the
linux world due to repeated requests of our customers.
The development is in early stage and I'm gathering
information to create an install package for the
customers.
The problem is that the software depends on a piece
of usb hardware which does some encrpytion.
I get the driver by signing an NDA and therefor
we can't release it openly.
The problem I have now, that the driver needs to be
rebuild with every new kernel version, which is released.
Is there a way to avoid that ?
I have developed kernel drivers for Linux for 2.2.x kernels,
but things seem to have changed ....
Any help is appreciated,
Stefan Sonnenberg
P.S.:
I think many problems have such a problem,
and I believe that Linux success in the customer world
depends on solving such problems.
19 years, 5 months
