Category Archives: Red Hat Enterprise Linux

Oracle removes gnome packages from its database requirements

As a sysadmin I try to make sure my servers will have the minimal installation needed in order for them to work. In most cases this policy works fine, but some applications depend on too much unneeded software like GUI or sound packages.

Two years ago I wrote about “Why does Oracle’s applications needs xscreensaver in order to run ?“. It seems that finally things have changed.

In it’s latest version of the 10g r2 release notes (B15666-14), Oracle dropped the control-center and gnome-libs packages from the software requirements. This change is only relevant for RHEL5, as the list for RHEL4 (x86_64) haven’t changed except from dropping xscreensaver and adding some other packages.

Notice that for RHEL5, 3 packages were added in order to let the installer display it’s graphical interface:

  • libXp-1.0.0 (i386)
  • libXt-1.0.2 (i386)
  • libXtst-1.0.1 (i386)

I’m glad to see Oracle update it’s software requirements as a lot of people in the databases world are afraid to make changes which are against the official documentation, regardless of how wrong it might be.

Advertisements

Leave a comment

Filed under Proprietary software, Red Hat Enterprise Linux, System Administration

Doing a minimal installation for RHEL 5.3 with kickstart

When installing RHEL 5, it doesn’t matter if you deselect all the packages during the installation. You’ll still end with the @dialup and @java groups.

If you do a kickstart installation, you can set your %packages to
@core
@base
-@dialup
-@java

This also might save you the disks changes (all or some). This will result with about 900+ MB for / (not including /boot). If you want something even more minimal (e.g. only for firewall) you can choose the “%packages –nobase” option.

Leave a comment

Filed under Red Hat Enterprise Linux

Red Hat Enterprise Linux Life Cycle

Last month RHEL 4.8 was released (see release notes). With this release RHEL 4 is entering phase 2 of it’s life cycle. During this phase only urgent software updates will be done and important or critical security issues will be handled.

During the Production 2 life cycle phase, at a minimum, qualified security errata of important or critical impact, as well as, urgent priority bug-fix errata may be released independent of minor releases.

If available, refreshed hardware enablement that does not require substantial software changes may be provided at the discretion of Red Hat via minor releases. New software functionality is not available during this phase. All available and qualified errata will be provided via the minor releases. The focus for minor releases during this life cycle phase lies on resolving defects with a minimum priority of high.

Updated install images will only be provided for minor releases during the Production 2 life cycle phase if required due to installer changes at Red Hat’s discretion.

Regrading RHEL 4, it seems the the release of 4.9 somewhere around Q1 2010, will end the 2nd phase, and the start of the 3rd one. It in the 3rd phase no new hardware is supported, and only mission critical bugs fixes are done. Security bug fixes has the same police like the second phase.

If you’re running RHEL version prior to version 4, notice that RHEL 2.1 just finished it’s 7 years life cycle on may 31st, and RHEL 3 will end it’s life cycle in October 31st, 2010. Details are available at Red Hat Enterprise Linux Life Cycle page.

1 Comment

Filed under Fedora, Red Hat Enterprise Linux

Working for Free? – Motivations of Participating in Open Source Projects

I’ve been asked to summarize an article by Alexander Hars & Shaosong Ou about motivations of participating in open source projects written in 2000 for a psychology course. It was very interested to see how many things can motivate one to invest in open source.

Although none of the motivators was new to me, I still found the article very interesting. In fact, during the presentation of the article to the class I added my point of view and the reasons I participate in open source. I realized that, although not intentionally, I enjoyed every motivator mentioned in the article, except “selling related products and services”.

It would be quite interesting to have this article done again, as the open source world became bigger and has more payed people working on free software. Any volunteers ?

5 Comments

Filed under Debian GNU/Linux, Fedora, Mozilla, Openoffice.org, Red Hat Enterprise Linux, Ubuntu

Network bonding types and configuration in Linux

A few days after the first time I created a network bonding device in Linux, I had to create two network bonding on the same machine.

Sounds simple, but it seems that be default you can create only one device. As I tried to figure how to create two devices, I had a chance to investigate a bit on the issue of network bonding.

While the setting in /etc/sysconfig/network-scripts are quite simple and straight forward (see the RHEL References guide – Channel Bonding Interfaces), the settings in /etc/modules.conf hold some options to choose from.

First, we need to have a line the says that the device is a bonding device, so the the bonding module will manage it: alias bondX bonding

Most how-to also sugget to add the following line: options bond0 mode=0 miimon=100 or options bond0 mode=1 miimon=100

But the mode parameter has a meaning that the system administrator should choose:

  • Mode 0 or balance-rr is the Round-robin policy which gives fault tolerance and load balancing. This mode sends are receives package on each node in a sequential order. So the load is distributed on all NICs.
  • Mode 1 or active-backup which gives only fault tolerance without load balancing. This modes sends all packets through the one active slave. The slave changes only if the active slave fails.

Other, more advanced modes are documented in the Kernel documentation at Documentation/networking/bonding.txt and the RHEL References guide – bonding Module Directives.

Returning to my original issue – creating two network boding devices. By default the bonding module let you create only one bonding device, adding the line options bonding max_bonds=2 to /etc/modules.conf lets you (after reloading the driver) to make two bonding devices.

Notice that this time the options are for the bond module and not for a specific alias of the module.

RHEL5, lets you change the bonding options in the bond config file (e.g. /etc/sysconfig/network-scripts/ifcfg-bondo), with the BONDING_OPTS variable: BONDING_OPTS="mode=1 miimon=100".

On RHEL4, you can achive the same goal with these settings in /etc/modules.conf:

alias bond0 bonding
options bond0 -o bond0 mode=1 miimon=100
alias bond1 bonding
options bond1 -o bond1 mode=0 miimon=50

as it causes the bonding module to be loaded twice and alias each one of the differently.

On RHEL machines you’ll need the iputils packages, which has /sbin/ifenslave to add the slaves to the bond when the are configured.

2 Comments

Filed under Red Hat Enterprise Linux, System Administration

When LVM volume groups collide

I took my hard drive and connected it to another computer with Linux installed. Both HDs had a PV which contained a VG named “vg00”. This collistion was the first time I had encounterd this situation and had to solve it to get access to files on both VGs.

During boot I noticed messages saying there two vg00 on the machine and one is taken precedence over the other. Example message:

[lvm] WARNING: Duplicate VG name vg00: Existing
K0qKAk-Ph5i-BcAX-y4yp-SPF3-TZgj-DufR3L (created here) takes precedence
over K0qKAk-Ph5i-BcAX-y4yp-SPF3-TZgj-DufR3L

The trivial solution is to rename the extra VG to something different and get the access I want to the files. But there are two problems:

  1. As the first vg00 has precedence, I can’t do actions on the second one. The LVM commands ignore the second one.
  2. I can’t act on the first VG as it’s active for most of the system’s file systems.

Trying vgrename command with the second VG UUID didn’t work. I had to deactivate the first VG first (luckily I have the root FS outside of LVM), rename it, and rename the second VG and then rename the first VG again.

This resulted in having vg00 and vg01. And now I could activate them both and access the files.

I hope to have the time to reproduce the problem on another distro to make sure that’s a general LVM2 problem. Having renmae by UUID would save time to fix the problem and help people who need to boot from CD just to get their VG deactivated (since root FS is on LVM).

11 Comments

Filed under Debian GNU/Linux, Red Hat Enterprise Linux

Risk report: Three years of Red Hat Enterprise Linux 4

Mark J Cox, the Director of the Red Hat Security Response Team, published an update to RHEL 4 risk report:

Red Hat® Enterprise Linux® 4 was released on February 15th, 2005. This report takes a look at the state of security for the first three years from
release.

Two of the lines in the conclusion are:

A default installation of Enterprise Linux 4 AS was vulnerable to seven critical security issues over the first three years.

A customised installation of Enterprise Linux 4, selecting every package, would have been vulnerable to 76 critical browser security issues, and 11 in non-browser packages in the three years.

But I doubt how many people use the default installation “as is” or are fulish enough in install everything. I would like to know the security effect of RHEL4 minimal installation, as this my way to install RHEL.

It will also be interesting to see similar reports from other distributions, especially on the response times, as I guess most security issues are common anyway due to shared applications.

Leave a comment

Filed under Red Hat Enterprise Linux