Today noticed LVM commands lvs/pvs/vgs are very slow to execute, it hangs for quite some time. After strace, it turns out they were waiting for read calls on vxvm volumes.
To change the default filter line to:
filter = [ "a|/dev/sda|", "r|.*|" ]
in /etc/lvm/lvm.conf file.
RHEL5.5
# puppetd -vtd
debug: Failed to load library ‘selinux’ for feature ‘selinux’
debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist
debug: Puppet::Type::User::ProviderLdap: true value when expecting false
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist
debug: Failed to load library ‘ldap’ for feature ‘ldap’
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/run/puppet/puppetd.pid]: Autorequiring File[/var/run/puppet]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/etc/puppet/namespaceauth.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/ssl/private_keys/servername.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/log/puppet/http.log]: Autorequiring File[/var/log/puppet]
debug: /File[/var/lib/puppet/ssl/public_keys/servername.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/servername.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
debug: Finishing transaction 23472570356720 with 0 changes
debug: Using cached certificate for ca, good until Wed May 06 22:24:09 UTC 2015
debug: Using cached certificate for servername, good until Thu May 07 22:21:53 UTC 2015
notice: Ignoring –listen on onetime run
debug: Loaded state in 0.00 seconds
debug: Using cached certificate for ca, good until Wed May 06 22:24:09 UTC 2015
debug: Using cached certificate for servername, good until Thu May 07 22:21:53 UTC 2015
debug: Using cached certificate_revocation_list for ca, good until
debug: catalog supports formats: b64_zlib_yaml marshal pson raw yaml; using pson
debug: Puppet::Type::Package::ProviderRpm: Executing ‘/bin/rpm –version’
debug: Puppet::Type::Package::ProviderAptrpm: Executing ‘/bin/rpm -ql rpm’
debug: Puppet::Type::Package::ProviderUrpmi: Executing ‘/bin/rpm -ql rpm’
debug: Puppet::Type::Package::ProviderYum: Executing ‘/bin/rpm –version’
info: Caching catalog for servername
debug: Puppet::Type::Package::ProviderAptitude: file /usr/bin/aptitude does not exist
debug: Puppet::Type::Package::ProviderAptrpm: file apt-get does not exist
debug: Puppet::Type::Package::ProviderApt: file /usr/bin/apt-get does not exist
debug: Puppet::Type::Package::ProviderFink: file /sw/bin/fink does not exist
debug: Puppet::Type::Package::ProviderDpkg: file /usr/bin/dpkg does not exist
debug: Puppet::Type::Package::ProviderGem: file gem does not exist
debug: Puppet::Type::Package::ProviderPortage: file /usr/bin/eix-update does not exist
debug: Puppet::Type::Package::ProviderFreebsd: file /usr/sbin/pkg_info does not exist
debug: Puppet::Type::Package::ProviderSunfreeware: file pkg-get does not exist
debug: Puppet::Type::Package::ProviderSun: file /usr/bin/pkginfo does not exist
debug: Puppet::Type::Package::ProviderRug: file /usr/bin/rug does not exist
debug: Puppet::Type::Package::ProviderUp2date: file /usr/sbin/up2date-nox does not exist
debug: Puppet::Type::Package::ProviderPorts: file /usr/local/sbin/portupgrade does not exist
debug: Puppet::Type::Package::ProviderOpenbsd: file pkg_info does not exist
debug: Puppet::Type::Package::ProviderHpux: file /usr/sbin/swinstall does not exist
debug: Puppet::Type::Package::ProviderUrpmi: file urpmq does not exist
debug: Creating default schedules
debug: Finishing transaction 23472570224720 with 0 changes
debug: Loaded state in 0.00 seconds
debug: Prefetching yum resources for package
debug: Puppet::Type::Package::ProviderYum: Executing ‘/bin/rpm –version’
debug: Puppet::Type::Package::ProviderYum: Executing ‘/bin/rpm -qa –nosignature –nodigest –qf ‘%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}
”
debug: Puppet::Type::Package::ProviderYum: Executing ‘/usr/bin/python /usr/lib/ruby/site_ruby/1.8/puppet/provider/package/yumhelper.py’
debug: //sudo/File[/etc/sudoers]/require: requires Package[sudo]
info: Applying configuration version ’1273444279′
debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson
debug: //sudo/File[/etc/sudoers]/seluser: SELinux bindings not found. Ignoring parameter.
debug: //sudo/File[/etc/sudoers]/selrole: SELinux bindings not found. Ignoring parameter.
debug: //sudo/File[/etc/sudoers]/seltype: SELinux bindings not found. Ignoring parameter.
debug: Finishing transaction 23472570182240 with 0 changes
debug: Storing state
debug: Stored state in 0.00 seconds
notice: Finished catalog run in 1.79 seconds
Need to install:
# yum search libselinux-ruby
Loaded plugins: dellsysid, rhnplugin, security
=========================== Matched: libselinux-ruby ===========================
libselinux-ruby.x86_64 : SELinux ruby bindings for libselinux
mrepo symlinks won’t show up by default due to selinux.
1. semanage fcontext -a -t httpd_sys_content_t “/var/mrepo(/.*)?”
2. restorecon -R /var/mrepo
Vxvm5MP3 with StorageTek 6540 backend, on RHEL4U6:
Need to install 2 packages:
Refer to: http://seer.entsupport.symantec.com/docs/339235.htm
Note:
Before installing these packages, it was very slow, and storage backend controller kept failing over from A -> B ..
After these package installation, it is much better.
http://kbase.redhat.com/faq/docs/DOC-19446
ql-hba-info-1.2/ql-hba-info.sh -a
systool -c fc_host -v
apt-get install sg3_utils
sg_map -x
I have been wondering about the following one recently:
http://kbase.redhat.com/faq/docs/DOC-9937
I went through the following sessions in Red Hat Summit today:
1. JBoss and eXo => Gatein Portal demo;
2. Performance Tuning I and II;
3. Red Hat Satellite Lab, lab server keeps rebooting, but eventually managed to complete the lab after rebooting so many times;
4. JBoss ON Lab
I have been busy putting workarounds on hundreds of servers here these days due to CVE-2009-2692.
The following is Centos 5:
[root ~]# lsmod | grep hidp
hidp 83649 2
l2cap 89281 5 hidp
bluetooth 118725 2 hidp,l2cap
I couldn’t unload the above kernel modules previously, just figured out that in order to rmmod hidp, I had to do this:
[root ~]# /etc/init.d/hidd status
hidd (pid 3224) is running…
[root ~]# /etc/init.d/hidd stop
Shutting down hidd: [ OK ]
[root ~]# lsmod | grep hidp
hidp 83649 0
l2cap 89281 1 hidp
bluetooth 118725 2 hidp,l2cap
[root ~]# rmmod hidp
[root ~]# rmmod l2cap
[root ~]# rmmod bluetooth
Good now:
[hwu wunderbar_emporium]$ ./exploit
[+] MAPPED ZERO PAGE!
[+] Resolved security_ops to 0xffffffff80462840
[+] Resolved sel_read_enforce to 0xffffffff8011cde6
unable to find a vulnerable domain, sorry
For Netezza head nodes:
# cat /etc/issue
Red Hat Enterprise Linux AS release 4 (Nahant Update 1)
Kernel \r on an \m
# getenforce
Disabled
Selinux is disabled, but the exploit still works.
rmmod l2cap and then rmmod bluetooth works for me.
To record silent mode installation script:
./runInstaller -record -destinationFile /tmp/oracle9iclient.rsp
The recording session hang up when it was 63% complete when doing “copying naeet.o”.
The fix: export LD_ASSUME_KERNEL=2.4.1 (note: export LD_ASSUME_KERNEL=2.4.21 did not work in this case:
$ uname -r
2.6.9-67.ELsmp
./runInstaller -silent -responsefile /home/oracle/admin/Disk1/response/oracle9iclient.rsp
$ Initializing Java Virtual Machine from /tmp/OraInstall2009-02-25_01-20-48AM/jre/bin/java. Please wait…
In Product Registration Page
In UNIX Group Name Page
Install inventory needs to be created on this system before this silent install can proceed. Please run the script in /tmp/orainstRoot.sh with root previleges and retry the silent installation. See /tmp/silentInstall.log for more details.
export LD_ASSUME_KERNEL=2.4.1
$ ./runInstaller -silent -responsefile /home/oracle/admin/Disk1/response/oracle9iclient.rsp
$ Initializing Java Virtual Machine from /tmp/OraInstall2009-02-25_01-24-15AM/jre/bin/java. Please wait…
In Product Registration Page
In UNIX Group Name Page
Inside isClusterMode, bCluster is : false
Inside isCluster, bCluster bfr return is : false
In Cluster Node Selection Page
Inside isCluster, bCluster bfr return is : false
In File Locations Page
In Available Products Page
In Installation Types Page
In Component Locations Page
In Summary Page
Inside isCluster, bCluster bfr return is : false
Inside isCluster, bCluster bfr return is : false
Inside isCluster, bCluster bfr return is : false
In End of Installation Page
The installation of Oracle9i Client was successful.
Please check /home/oracle/oraInventory/logs/silentInstall2009-02-25_01-24-15AM.log for more details.
In Product Registration Page
In UNIX Group Name Page
Inside isCluster, bCluster bfr return is : false
In Cluster Node Selection Page
Inside isCluster, bCluster bfr return is : false
$ cat /etc/issue
Red Hat Enterprise Linux AS release 4 (Nahant Update 6)
Kernel \r on an \m
Metalink notes 360142.1 “When Running OUI, OUI Hangs at 18% Copying naeet.o” mentions to do:
export LD_ASSUME_KERNEL=2.4.21
which did not work in this case.
Metalink notes 377217.1 “What should the value of LD_ASSUME_KERNEL be set to for Linux?”:
RHAS 2.1 2.2.5
RHEL3, RHEL4, OEL4 any value from 2.4.1 to 2.4.19
SLES8, SLES9 2.4.21
RHEL5, OEL5, SLES10 Should not be set
So it is correct that since in this case, it is RHEL4, it should be from 2.4.1 to 2.4.19, not 2.4.21 ..
$ find /lib/ -name libc.so.6
/lib/tls/i686/nosegneg/libc.so.6
/lib/tls/libc.so.6
/lib/i686/libc.so.6
/lib/libc.so.6
# eu-readelf -n /lib/libc.so.6
Note segment of 32 bytes at offset 0×154:
Owner Data size Type
GNU 16 VERSION
OS: Linux, ABI: 2.2.5
# eu-readelf -n /lib/i686/libc.so.6
Note segment of 32 bytes at offset 0×154:
Owner Data size Type
GNU 16 VERSION
OS: Linux, ABI: 2.4.1
# eu-readelf -n /lib/tls/libc.so.6
Note segment of 32 bytes at offset 0×174:
Owner Data size Type
GNU 16 VERSION
OS: Linux, ABI: 2.4.20
Under heavy load today, VMWare guest (Centos5.0, 64bit) time drifts a lot, sometimes 5 or 10 minutes earlier, after restarting ntpd (and guests are configured with right ntpd.conf), the time would be good for a few seconds, then quickly drifts away. Later the time becomes 30 seconds ahead.
The quick fix:
1. notsc kernel parameter added;
2. tools.synctime set to TRUE in .vmx file
Refer to: http://blog.simb.net/2007/08/01/centos-5-apache-223-proxy-balancer-permission-denied-proxy-http/
If getting the following errors:
Service Temporarily Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Feb 18 18:13:53 xx01p kernel: audit(1235002433.312:12): avc: denied { name_connect } for pid=18276 comm=”httpd” dest=9000 scontext=user_u:system_r:httpd_t:s0 tcontext=system
_u:object_r:port_t:s0 tclass=tcp_socket
[Wed Feb 18 18:29:09 2009] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 10.xx.1.xx:9000 (10.xx.1.xx) failed
[Wed Feb 18 18:29:09 2009] [error] ap_proxy_connect_backend disabling worker for (10.235.1.97)
[Wed Feb 18 18:29:13 2009] [error] proxy: HTTP: disabled connection for (10.235.1.97)
# sestatus -b | grep httpd allow_httpd_anon_write off allow_httpd_bugzilla_script_anon_write off allow_httpd_mod_auth_pam off allow_httpd_nagios_script_anon_write off allow_httpd_squid_script_anon_write off allow_httpd_sys_script_anon_write off httpd_builtin_scripting on httpd_can_network_connect off httpd_can_network_connect_db off httpd_can_network_relay off httpd_disable_trans off httpd_enable_cgi on httpd_enable_ftp_server off httpd_enable_homedirs on httpd_rotatelogs_disable_trans off httpd_ssi_exec off httpd_suexec_disable_trans off httpd_tty_comm on httpd_unified on # togglesebool httpd_can_network_connect httpd_can_network_connect: active # sestatus -b | grep httpd allow_httpd_anon_write off allow_httpd_bugzilla_script_anon_write off allow_httpd_mod_auth_pam off allow_httpd_nagios_script_anon_write off allow_httpd_squid_script_anon_write off allow_httpd_sys_script_anon_write off httpd_builtin_scripting on httpd_can_network_connect on httpd_can_network_connect_db off httpd_can_network_relay off httpd_disable_trans off httpd_enable_cgi on httpd_enable_ftp_server off httpd_enable_homedirs on httpd_rotatelogs_disable_trans off httpd_ssi_exec off httpd_suexec_disable_trans off httpd_tty_comm on httpd_unified on # setsebool -P httpd_can_network_connect=1
Theme: Rubric. Blog at WordPress.com.
