CentOS @ Fosdem 2010
Posted by fabian.arrotin in CentOS on January 23rd, 2010
the joy of building ppc rpms for RHEL 5.4 PPC on an unsupported platform
Posted by fabian.arrotin in CentOS on January 8th, 2010
I was a little bit late to build latest rpm packages from spec files commited in the RPMforge svn tree. I had to deal with some external stuff and also fixing the fact that rpm-macros-rpmforge has to be installed in the chroot prior to try to build the prepared SRPM that my script/wrapper created. Now that it has been fixed and it’s working (and newer rpmforge-release package to reflect all current arches), it was time to update the tree i’m building against/for . No problem for RHEL 4.8 PPC as it was ok but i updated the el5 tree to reflect RHEL 5.4 ppc. And then the problem : Mock dies completely on a bunch of errors but the first one seems obvious :
/usr/sbin/glibc_post_upgrade: While trying to execute /usr/sbin/iconvconfig.ppc child terminated abnormally
error: %post(glibc-2.5-42.ppc) scriptlet failed, exit status 115
Grr. Looking at the`rpm -qp –changelog glibc-2.5-42.ppc.rpm` to see the differences among the glibc.ppc releases from RHEL 5.0 to 5.4 gave me some pointers :
build ppc and ppc64 base shared libraries with -mcpu=power4,
i.e. only support power4 and newer CPUs, *.a and *.o in
glibc-devel should still work on any powerpc CPU (#241003)
First thing : I always like when I consider reading such bugzilla report but can’t read it. And the machine I use to build the RPMforge PPC packages for RHEL PPC is quite old (a mac G4 from year 2K with a 7400, altivec supported cpu @ 400MHz). That one, of course, isn’t at the required level compared to the real IBM PPC Power line .. :/
So that means that :
* either I need to find a Power4 (or above) machine to build the RPMforge ppc packages for RHEL5.4 ppc target (someone ?)
* or I need to recompile glibc.ppc with different flags, and all the dependencies … which in the background means producing a CentOS 5 PPC (which is already a slowly but ongoing process) , but I already hear my small machine screaming at me “Welcome to the Hell of dependencies [TM]” … 
Spamassasin default rules don’t like 2010
Posted by fabian.arrotin in CentOS on January 1st, 2010
Maybe some of you have already noticed but the standard Spamassassin rules don’t like 2010. As explained in the SA bug 6269 , the FH_DATE_PAST_20XX rule of course matches every incoming mail starting from today .. Ouch. Time to update your rules or change your score for that rule .. I guess that an update of that rule will be available soon (i hope so) and will be fetched by a simple `sa-update` . In the meantime, time for you to fix it manually !
Accessing Exchange 2007 from a CentOS laptop …
Posted by fabian.arrotin in CentOS on November 30th, 2009
What can you do when the company you work for (or should I say the people who manage the Internal Network) has decided to switch from Lotus Domino to M$ Exchange 2007 ? Ouch … I can’t say that i’m personnally a great Lotus Domino supporter but it’s stable system and a native client exists for all the current platforms (packaged in .rpm and .deb for Linux,as well as in Java installshied wizard for linux distros not using either rpm nor deb packages) .. But what when you have to switch to Exchange backend ? Up to now I always managed to have my professional laptop installed with CentOS and I surely don’t want Windows on my laptop that i use for my day-to-day work 
I had a quick look at the Exchange plugin that you can find for Evolution, but unfortunately that one (that uses OWA in the backend) can only be used against Exchange 2K or 2K3 but is incompatible with 2K7. Then i heard about rumours regarding a new Exchange/Mapi plugin (that requires a newer Evolution/gnome than the one provided in el5). I can’t test it as it requires direct mapi access to the Exchange server and i’m forced (up to now) to use RPC over HTTPS . Damn. It seemed that the only solution was then to install Outlook with Wine on my CentOS laptop .. until i found DavMail : it uses OWA in the backend (and is compatible with Exchange 2k7 OWA) and acts as a IMAP/Caldav/LDAP gateway. Cool, so i can use my MUA of choice (tested now with Thunderbird but i want to test Mutt as well) to read my mails, consult/update my calendar and search/uses the Exchange Addressbook without having to install any M$ component ..
So far, so Good … thanks DavMail !
dm-multipath for IBM DS3xxx
Posted by fabian.arrotin in CentOS on November 9th, 2009
While i’ve used (up to now) the IBM/LSI-logic solution (aka RDAC) to support multiple paths to an IBM storage solution (aka DS4xxx and DS3xxx), it was a pain because each time you wanted to install a new kernel the procedure implied to remove the old/previous rdac module, boot with the new kernel (without mpp), rebuild mpp/rdac and creating a new initrd and then another reboot (with the new initrd containing the correct module).
I’ve now switched to dm-multipath instead. The basic and provided /etc/multipath.conf normally works quite ok, but if you want to tune it to support more storage vendors/solutions you really have to read the multipath documentation. Jim already blogged about the DS4700 FC backend storage .
Here is the version for the DS3200 (SAS connections) :
devices {
device {
vendor “IBM”
product “1726-2xx FAStT”
getuid_callout “/sbin/scsi_id -g -u -s /block/%n”
prio_callout “/sbin/mpath_prio_rdac /dev/%n”
features “0″
hardware_handler “1 rdac”
path_grouping_policy group_by_prio
failback immediate
rr_weight uniform
no_path_retry 300
rr_min_io 1000
path_checker rdac
}
}
Lftp doesn’t work in SSL mode since update to 5.4
Posted by fabian.arrotin in CentOS on October 30th, 2009
The other day I had to configure a box that had to fetch some files from another machine and transfer those files from the DMZ to an external bank. While I usually use SFTP for that, in that specific case i had no choice and had to use FTP/SSL. First thing that hurted me is that to fetch the certificate/private key that the bank created for me, I had to use Internet Explorer on a Windows machine ! Ouch … (yeah, they use activex on the page you have to login to for the certificate request, you *can’t* use openssl yourself to send them the CSR …) bad, bad .. and also funny that they point you to an https website to read the documentation, in which they say how to import they Root CA (which obvsiouly you had to import yourself first to read the same manual …) .. From that time i knew i’d have troubles ..
Okay, exporting the SSL certificate/private key from Internet Exploder, using openssl to convert to PEM and i had those ready to be used on my CentOS 5.4 VM. Lftp seems good for such task and supports ssl too .. After having configured my ~/.lftprc with the correct value (like ssl:key-file and ssl:cert-file) I wasn’t able to connect : the message was : “Fatal error: gnutls_handshake: A TLS fatal alert has been received” . Hmm, strange. I decided to test with the RPMforge version (which is built against OpenSSL and not Gnutls) and that one worked correctly (without having changed the conf files). Okay it’s now working but does that mean that the lftp package from 5.x doesn’t work in ssl mode with a client certificate ? I’ve downgraded the package to the one present in the 5.x branch (before the 5.4) : lftp-3.5.1-2.fc6 instead of lftp-3.7.11-4.el5 and it worked perfectly with the same config files too. Sounds like a bug to me and not a config issue so i opened an bug upstream and on the CentOS mantis system. Let’s see how it goes. In the meantime (if you have the same issue) you can either downgrade to the lftp version you’ll find in the 5.3 tree or update to the version from RPMforge.
CentOS 5.3 on Neoware e90 Thin Client
Posted by fabian.arrotin in CentOS, Fun on September 14th, 2009
As Hp acquired Neoware several months ago, customers are searching for new thin clients .. and I received a Neoware e90 thin client (that wasn’t used anymore). What could I do with it ? … hmm, let’s try to use it at home as a small appliance to host a USB HDD that can be shared . Advantage is that it doesn’t consume a lot of electricity (in comparison with my Asus Barebone with a AMD x2 64) and doesn’t produce noise at all .. which is also a good thing. The thin client I received has a Via Nehemiah cpu @ 800mghz and 128Mb ram. It also has a small IDE-DiskOnChip disk (32mb) but that is obviously too small to setup CentOS on it. I decided to dedicate a small 1Gb USB stick gift I received from a “well-known hypervisor” company (aka Vmware) and use it for / and swap.
I disconnected the DiskOnChip module from the motherboard and configured the bios to boot in pxe as first device and local usb-hdd for the second one (if you need a password, it’s likely to be either ‘dogbites’ or ‘DOGBITES’) and i started a CentOS 5.3 setup. But that didn’t work on first try : the embedded NIC (VIA Technologies, Inc. VT6102 [Rhine-II] (rev 74) ) refused to aquire an IP address . Switching to VT3/VT4 showed me that even if via-rhine.ko kernel module was loaded, it was impossible to have a network connection. (message was related to “netdev watchdog transmit timed out” and some IRQ messages too). I then decided to add the kernel parameter ‘irqpoll’ and then the setup was able to work on the network. One problem solved … Second problem is that with 128mb ram, CentOS 5.x normally isn’t installable. Well, if you use text mode (anyway graphical mode will even refuse to start …) and use disk-druid to create the swap partition, anaconda will use it directly to simulate the missing RAM. Other thing is that I *had* to use was a NFS based setup : I tried a http based setup and it always died on me (maybe because it had to fetch stage2.img while with NFS it just loop-mounts it …). Anyway it installed succesfully on the USB stick (minimal install, so every component removed from the software selection, took 29 minutes to complete) and it rebooted normally. Don’t forget also to add the irqpoll kernel parameter in grub.conf so that you’ll have network connection after reboot … And as an image talks more than a long sentence .. :
virt-install / xen domU ‘out of memory’ issue
Posted by fabian.arrotin in CentOS, Cluster on September 2nd, 2009
I had today to deploy two CentOS 5.3 xen dom0 on two blades and then some domU’s guests. Everything was fine except that when i used our traditionnal deploydomU script (which uses virt-install) it directly complained about memory issue. The exact message was ” ‘Out of memory’, “xc_dom_boot_mem_init: can’t allocate low memory for domain\n ” ” . Strange as I was sure that the dom0 had plenty of memory and the new guest was defined to use only 768Mb .. so what was the issue ? In fact, nothing related to memory : Our new machines get deployed through a pxe boot menu (with syslinux/pxelinux.0 and pxelinux.cfg) in the Labs zone, but a typo was inserted in that menu so that newer CentOS 5.3 x86_64 machines were in fact … using i386 repo !
It took me 5 minutes to consult the great oracle (aka google) , find the same issue and look at both new nodes to confirm with `uname -a` that I tried to deploy a x86_64 domU on a i386 dom0 …
Hehehe, strange that the message is related to memory and not arch .. but several minutes later (and a coffee cup, machines being redeployed correctly *after* the pxelinux.cfg file was modified) everything was back to normal and x86_64 domU’s running fine … hope that it can help other people having the same ‘typo’ :-p
Setting up DRBD on only one active and available node
Posted by fabian.arrotin in CentOS, Cluster, Fun on August 25th, 2009
Recently I had to install a new server that will act as a mail server (Zarafa but that doesn’t matter) and being member of a DRBD cluster (to replicate automagically the Zarafa MySQL DB and Attachments on disks to the other node) . Fine, except that only one physical node was at my disposal : we’ll convert the existing M$ Exchange server physical box to CentOS/DRBD after the migration. So what ?
I was thinking about that nice feature in mdadm when you want to create a Linux software Raid 1 array but with only one available disk (”mdadm –create /dev/md0 –level=1 –raid-devices=2 /dev/sda1 missing” for those of you who don’t know that nice feature) and add the second disk later .. That would be cool to do exactly the same with DRBD : one node active and then add the missing one later .. Don’t try to find a ‘missing’ parameter in the drbd.conf file .. but that’s possible (even if not documented in the online docs) . Do you remember that nice parameter you use when you initialize your first DRBD resource (drbadm — –overwrite-data-of-peer primary $resourcename) ? Why not testing it with only one available node ? Yes, it works .. In fact that remembers me the name of that parameter in the previous DRBD versions (aka “– –do-what-I-say” ) : that was really a way of instructing DRBD to do what you wanted it to do.
The only “issue” found so far is that it isn’t possible to use the “drbdadm resize” command online to extend its size (yes, I use the nested LVM configuration : so backend disks / LVM / LV as a DRBD device / LVM / new LV on top of the drbd device) but I can easily understand why such operation really needs a connection to the second real node (which obviously is missing here)
Oh, while i’m talking about DRBD you have to know (if you use it already) that DRBD 8.3.2 (and the corresponding kABI kmods) are available in the [testing] repo
Suspend issue on Thinkpad R61 / CentOS 5.3 x86_64
Posted by fabian.arrotin in CentOS on August 9th, 2009
I recently received a new laptop (IBM/Lenovo thinkpad R61) and I installed it with CentOS 5.3 x86_64. I used (of course) the nvidia driver from RPMforge (for the nVidia Corporation Quadro NVS 140M card that the R61 contains) but i had issues when trying to suspend/resume : In fact it suspended correctly and resumed , but with a black screen (machine was reachable on the network) so it was a video driver issue. Here is the patch you need to apply to a hal file for the suspend/resume operation to work :
— /usr/share/hal/fdi/information/10freedesktop/21-video-quirk-pm-el5-nvidia.fdi.orig 2009-07-08 17:04:21.000000000 +0200
+++ /usr/share/hal/fdi/information/10freedesktop/21-video-quirk-pm-el5-nvidia.fdi 2009-08-09 18:18:08.000000000 +0200
@@ -16,6 +16,10 @@
<remove key=”power_management.quirk.vga_mode_3″></remove>
<remove key=”power_management.quirk.none”></remove>
<merge key=”power_management.quirk.vbe_post” type=”bool”>true</merge>
+
+ <remove key=”power_management.quirk.vbe_post”></remove>
+ <merge key=”power_management.quirk.s3_mode” type=”bool”>true</merge>
+
</match>
</match>
</device>
CentOS promotion
http://www.centos.org