Wednesday, December 8, 2010
hosts.conf on os x
Use sudo vi /etc/hosts on OS X to set custom DNS resolutions, e.g. to test an Apache configuration prior to hostmaster changes. The syntax is just the familiar [ip] [tab] [hostname].
Wednesday, November 10, 2010
xen on centos on hp blades: slow networking
Had Xen running on CentOS on some HP 460c blades. CentOS by itself on the blades had great network performance, but the blades running with the Xen kernel had terrible performance, both in the domU and the dom0. It turns out that the issue is the particular networking driver that the CentOS/RHEL/Fedora family has for the blades' Broadcom Corporation NetXtreme II BCM57711E 10-Gigabit PCIe cards. You can see something similar on this RHEL bug.
The lazy workaround is to add "options bnx2x disable_tpa=1" to /etc/modprobe.conf on the dom0 and then restart the dom0. Like so:
The lazy workaround is to add "options bnx2x disable_tpa=1" to /etc/modprobe.conf on the dom0 and then restart the dom0. Like so:
# cat /etc/modprobe.conf
alias eth0 bnx2x
alias eth1 bnx2x
options bnx2x disable_tpa=1
alias scsi_hostadapter cciss
alias scsi_hostadapter1 usb-storage
#
HP advises that you can manually reload the driver, but this did not work for me.
Monday, October 25, 2010
command-line mysql connection works, but not php
I was able to connect to a remote MySQL server from the command line on one of my servers, but that server, running php, was not able to make the connection, just returning a frustrating generic "cannot connect" message. The problem was of course selinux, and the solution:
# setsebool -P httpd_can_network_connect=1
Hat tip.
# setsebool -P httpd_can_network_connect=1
Hat tip.
Tuesday, August 24, 2010
postgres 9 segmentation fault on createuser
No errors in the log, just a sudden segmentation fault after answering y/n on the superuser question. Was able to fix by recompiling postgres without openssl. I think this might be due to the incredibly old version of openssl that ships with CentOS.
Tuesday, April 20, 2010
newlines/escaping in regexes in vi
Regexes in vi make me sad sometimes. I discovered today that when I wanted to replace all instances of:
||
with:
|
|
the correct command wasn't
:%s/\|\|/\|\n\|/g
but rather:
:%s/||/|<ctrl-v><ctrl-m>|/g
... where <ctrl-v> literally means "hit ctrl-v".
||
with:
|
|
the correct command wasn't
:%s/\|\|/\|\n\|/g
but rather:
:%s/||/|<ctrl-v><ctrl-m>|/g
... where <ctrl-v> literally means "hit ctrl-v".
Monday, April 19, 2010
kakadu can't access shared library
We were consistently getting errors from Kakadu (within Djatoka) that it couldn't access a shared library file: libkdu_v60R.so. The permissions on everything were 2770. It turned out that the problem was the 2 being set on the kdu_expand and the kdu_compress. When we changed the permissions back to 770, on those two files only, everything was fine.
I've encountered problems with 2xxx permissions before, as a security feature/bug on Solaris, but never on linux.
I've encountered problems with 2xxx permissions before, as a security feature/bug on Solaris, but never on linux.
Thursday, February 25, 2010
listing physical disks on RHEL
/usr/sbin/lvmdiskscan and /sbin/pvscan, you are my new best friends.
cat /proc/cpuinfo -- we're still buddies. Don't worry.
cat /proc/cpuinfo -- we're still buddies. Don't worry.
Tuesday, February 9, 2010
meta refresh that IE can use
I'm constantly forgetting this. IE needs the "URL=" in the meta-refresh tag, else it chokes on it.
<meta http-equiv="refresh" content="0;URL=http://www.example.com" />
Also, as this Stack Overflow thread notes, IE may disable meta refresh entirely in its security settings.
For this and many other reasons, it's best to use an Apache (or whatever webserver you're using) redirect.
<meta http-equiv="refresh" content="0;URL=http://www.example.com" />
Also, as this Stack Overflow thread notes, IE may disable meta refresh entirely in its security settings.
For this and many other reasons, it's best to use an Apache (or whatever webserver you're using) redirect.
Friday, January 8, 2010
RHEL 5 - postfix suddenly can't send mail
As described in this RedHat bug, selinux-policy-2.4.6-255.el5_4.3 (1/7/2010) breaks postfix sendmail.
You'll see messages like:
fatal: username(1002): unable to execute /usr/sbin/postdrop -r: Success
postfix/sendmail[19202]: warning: premature end-of-input on /usr/sbin/postdrop -r while reading input attribute name
in /var/log/maillog.
You have a couple of options for dealing with this issue.
1. You can roll back to an earlier policy version and wait for a patched version to come out.
2. You can update the policy manually as described in the bug.
3. You can temporarily change selinux to permissive mode using "echo 0 > /selinux/enforce" until RHEL produces the patch. Then you can switch to enforcing again using "echo 1 > /selinux/enforce".
TIMTOWDI and all that, so perhaps you can think of others.
You'll see messages like:
fatal: username(1002): unable to execute /usr/sbin/postdrop -r: Success
postfix/sendmail[19202]: warning: premature end-of-input on /usr/sbin/postdrop -r while reading input attribute name
in /var/log/maillog.
You have a couple of options for dealing with this issue.
1. You can roll back to an earlier policy version and wait for a patched version to come out.
2. You can update the policy manually as described in the bug.
3. You can temporarily change selinux to permissive mode using "echo 0 > /selinux/enforce" until RHEL produces the patch. Then you can switch to enforcing again using "echo 1 > /selinux/enforce".
TIMTOWDI and all that, so perhaps you can think of others.
Subscribe to:
Posts (Atom)