≡ Menu

rhel 5

According to new independent tests Red Hat Linux pulls as much as 12% less power than Windows 2008 on identical hardware. It means Linux is better for reducing data center power consumption or electrical power consumption. From the report:

Our tests point to Linux as the winner of the green flag by margins that topped out at 12%. We ran multiple power consumption tests using Windows Server 2008 Enterprise Edition, Red Hat's Enterprise Linux (RHEL) 5.1 and SUSE Enterprise Linux 10 SP1 on four, popular 1U server machines, one each from Dell and IBM and two from HP. The results showed that while Windows Server 2008 drew slightly less power in a few test cases when it had its maximum power saving settings turned on, it was RHEL that did the best job of keeping the power draw in check across the board.

Read full research report about computer power consumption online:

Now the million dollar question, how important is green computing / green computers to you? Would you make switch to save the power?

Red hat issued update for NSPR and NSS packages that fix a bug and add an enhancement are now
available for download via RHN for RHEL 5.x systems.

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509

NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic
memory management (malloc and free) and shared library linking.

The program would hang when using the batch processing feature of the certutil tool. These packages fix this issue so that the program does not hang when using the batch processing feature of the certutil tool.

These updated packages provide base and cryptography services required by Mozilla Firefox 3.

How do I update my system?

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Simply login as root and type the following command:
# yum update
Sample output:

Loading "rhnplugin" plugin
Loading "security" plugin
rhel-x86_64-server-vt-5   100% |=========================| 1.2 kB    00:00
rhel-x86_64-server-5      100% |=========================| 1.2 kB    00:00
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package yelp.x86_64 0:2.16.0-19.el5 set to be updated
---> Package nspr.i386 0:4.7.1-1.el5 set to be updated
---> Package nspr.x86_64 0:4.7.1-1.el5 set to be updated
---> Package nss.i386 0:3.12.0.3-1.el5 set to be updated
---> Package nss-tools.x86_64 0:3.12.0.3-1.el5 set to be updated
---> Package nss.x86_64 0:3.12.0.3-1.el5 set to be updated
---> Package xulrunner.x86_64 0:1.9-1.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Updating:
 nspr                    i386       4.7.1-1.el5      rhel-x86_64-server-5  119 k
 nspr                    x86_64     4.7.1-1.el5      rhel-x86_64-server-5  117 k
 nss                     i386       3.12.0.3-1.el5   rhel-x86_64-server-5  1.1 M
 nss                     x86_64     3.12.0.3-1.el5   rhel-x86_64-server-5  1.1 M
 nss-tools               x86_64     3.12.0.3-1.el5   rhel-x86_64-server-5  2.2 M
 xulrunner               x86_64     1.9-1.el5        rhel-x86_64-server-5   10 M
 yelp                    x86_64     2.16.0-19.el5    rhel-x86_64-server-5  583 k
Transaction Summary
=============================================================================
Install      0 Package(s)
Update       7 Package(s)
Remove       0 Package(s)
Total download size: 16 M
Is this ok [y/N]: y
Downloading Packages:
(1/7): xulrunner-1.9-1.el 100% |=========================|  10 MB    00:09
(2/7): nss-3.12.0.3-1.el5 100% |=========================| 1.1 MB    00:00
(3/7): nss-tools-3.12.0.3 100% |=========================| 2.2 MB    00:02
(4/7): nss-3.12.0.3-1.el5 100% |=========================| 1.1 MB    00:00
(5/7): nspr-4.7.1-1.el5.x 100% |=========================| 117 kB    00:00
(6/7): nspr-4.7.1-1.el5.i 100% |=========================| 119 kB    00:00
(7/7): yelp-2.16.0-19.el5 100% |=========================| 583 kB    00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : nspr                         ####################### [ 1/14]
  Updating  : nss                          ####################### [ 2/14]
  Updating  : xulrunner                    ####################### [ 3/14]
  Updating  : nspr                         ####################### [ 4/14]
  Updating  : yelp                         ####################### [ 5/14]
  Updating  : nss-tools                    ####################### [ 6/14]
  Updating  : nss                          ####################### [ 7/14]
warning: /etc/pki/nssdb/cert8.db created as /etc/pki/nssdb/cert8.db.rpmnew
warning: /etc/pki/nssdb/key3.db created as /etc/pki/nssdb/key3.db.rpmnew
  Cleanup   : yelp                         ####################### [ 8/14]
  Cleanup   : nspr                         ####################### [ 9/14]
  Cleanup   : nspr                         ####################### [10/14]
  Cleanup   : nss                          ####################### [11/14]
  Cleanup   : nss-tools                    ####################### [12/14]
  Cleanup   : nss                          ####################### [13/14]
  Cleanup   : xulrunner                    ####################### [14/14]
Updated: nspr.i386 0:4.7.1-1.el5 nspr.x86_64 0:4.7.1-1.el5 nss.i386 0:3.12.0.3-1.el5 nss.x86_64 0:3.12.0.3-1.el5 nss-tools.x86_64 0:3.12.0.3-1.el5 xulrunner.x86_64 0:1.9-1.el5 yelp.x86_64 0:2.16.0-19.el5
Complete!

The open source journal has published an interesting hack. It mostly applies to high-end, multiple-disk storage:

Under the right conditions (that is, with certain hardware configurations which I'll identify later) it is possible to literally double your sequential read performance from disk. If you noticed the terrible performance of the 3Ware 9500S RAID controller and cared enough to investigate. It all has to do with a sneaky little block device parameter known as readahead. Without going into too much gory detail, readahead controls how much in advance the operating system reads when, well, reading, as its name implies. By default, some operating systems (in particular, RHEL5 Server) sets this to 256 (512-byte sectors), or about 128 KB. When dealing with large filesystems spanning many disks, this paltry figure can actually nuke your performance.

=> HowTo: Linux: Double your disk read performance in a single command

RHEL 5.1 has been released. Redhat announced the availability of Red Hat Enterprise Linux 5.1, with integrated virtualization. This release provides the most compelling platform for customers and software developers ever, with its industry-leading virtualization capabilities complementing Red Hat's newly announced Linux Automation strategy. It offers the industry’s broadest deployment ecosystem, covering standalone systems, virtualized systems, appliances and web-scale "cloud" computing environments.

Besides supporting Linux virtual machines, RHEL 5.1 will also support Windows XP, Windows 2000, Windows Server 2003 and the forthcoming Windows 2008, Crenshaw said. RHEL 5.1 uses Xen for its virtualization.

How do I upgrade to RHEL 5.1?

Login as the root user and simply type the command to fetch all updates via RHN:
# yum update
Depend upon your network condition and software configuration it may take anywhere between 5-20 minutes. Once completed, just reboot the server:
# reboot
Verify that everything is working fine:
# netstat -tulpn
# netstat -nat
# tail -f /var/log/messages
# egrep -i 'error|warn' /var/log/messages
# egrep -i 'error|warn' /path/to/apps/log

Community driven enterprise CentOS Linux users should expect update soon too. You can apply above commends to upgrade your CentOS box.

Many people asked me to write about setting up Lighttpd under CentOS or RHEL 5 Linux using chroot() call. The instructions are almost same but you need to make little modification as compare to Debian / Ubuntu Linux instructions.

For example purpose we will build jail at /webroot location.
=> Default document root : /home/lighttpd/default/
=> Port : 80
=> IP: Your Public IP address
=> Virtual domain1: /home/lighttpd/vdomain1.com/
=> Virtual domain1 access log file: /var/log/lighttpd/vomain1.com/
=> Default access log file:/var/log/lighttpd/access.log
=> Default error log file:/var/log/lighttpd/error.log
=> Default php error log file: /var/log/lighttpd/php.log

Assumptions

These installation instructions assume you have:

  • Linux distribution
  • Required RPMs (see below for installation instructions)
    • php, php-pear, php-common, php-pdo, php-ldap, php-gd, php-cli, php-mysql
    • mysql, mysql-server etc
    • lighttpd, lighttpd-fastcgi (rpm available here)
  • Installations were tested on Red Hat Enterprise Linux v4/5 or CentOS v4/5 or Fedora Linux 7

Step # 1: Install required packages

Install php and related packages:
# yum install php php-pear php-common php-pdo php-ldap php-gd php-cli php-mysql
Install mysql and related packages:
# yum install mysql mysql-server
Install lighttpd and mod_fastcgi for lighttpd:
# rpm -ivh http://dag.wieers.com/rpm/packages/lighttpd/lighttpd-1.4.18-1.el5.rf.i386.rpm
# rpm -ivh http://dag.wieers.com/rpm/packages/lighttpd/lighttpd-fastcgi-1.4.18-1.el5.rf.i386.rpm

Step # 2: Create /webroot and related directories

# mkdir /webroot
# cd /webroot
# mkdir etc
# mkdir tmp
# chmod 1777 tmp/
# mkdir -p usr/bin
# mkdir -p home/lighttpd/default
# mkdir -p var/run/lighttpd
# mkdir -p var/log/lighttpd
# chown lighttpd:lighttpd var/run/lighttpd/
# chown lighttpd:lighttpd var/log/lighttpd/
# chown -R lighttpd:lighttpd home/

Step # 3: Install chroot script

You need to download and install my script that will help you to build lighttpd in jail:
# cd /sbin/
# wget http://www.cyberciti.biz/files/lighttpd/l2chroot.txt
# mv l2chroot.txt l2chroot
# chmod +x l2chroot

Step # 4: Install php in jail

Now copy php-cgi binary and related shared libraries using l2chroot script:
# cd /webroot/usr/bin
# cp /usr/bin/php-cgi .
# l2chroot php-cgi

Step # 5: Copy required files to /etc

Now you must copy php.ini and related all files to /etc/
# cd /webroot/etc
# cp /etc/passwd .
# cp /etc/group .
# cp /etc/hosts .
# cp /etc/nsswitch.conf .
# cp /etc/resolv.conf .
# cp /etc/php.ini .
# cp -avr /etc/php.d/ .
# cp -avr /etc/ld* .

Update (Oct-1-2008, 1:52pm) : You need to copy entire /etc/ and /usr/share/zoneinfo files to work with latest php version:
# cd /webroot/etc
# /bin/cp -avr /etc/* .

Copy all files from /usr/share/zoneinfo/:
# mkdir -p /webroot/usr/share/
# cd /webroot/usr/share/
# cp -avr /usr/share/zoneinfo/ .

Open group and passwd file and only keep entries for root and lighttpd user:
# vi /webroot/etc/group
Make sure file look as follows:
root:x:0:root
lighttpd:x:101:

Also open passwd file inside jail:
# vi /webroot/etc/passwd
Make sure file look as follows:
root:x:0:0:root:/root:/bin/bash
lighttpd:x:100:101:lighttpd web server:/srv/www/lighttpd:/sbin/nologin

Step # 5: Copy php modules

Now copy php mysql support, php gd and other all modules:
# cd /webroot/usr/lib/
# cp -avr /usr/lib/php/ .
# cd php/modules
# for l in *.so; do l2chroot $l; done

Step # 6: Configure lighttpd chroot call

Open /etc/lighttpd/lighttpd.conf file:
# vi /etc/lighttpd/lighttpd.conf
Setup default document root and chroot directory:
server.document-root = "/home/lighttpd/default/"
server.chroot="/webroot"

Save and close the file.

Step # 7: Restart lighttpd

Type the following command:
# /etc/init.d/lighttpd restart

Jail size

# du -ch /webroot/
Output:

12K     /webroot/var/log/lighttpd
16K     /webroot/var/log
4.0K    /webroot/var/run/lighttpd
8.0K    /webroot/var/run
28K     /webroot/var
8.0K    /webroot/etc/ld.so.conf.d
36K     /webroot/etc/php.d
160K    /webroot/etc
8.0K    /webroot/home/lighttpd/default
12K     /webroot/home/lighttpd
16K     /webroot/home
5.3M    /webroot/lib
4.0K    /webroot/tmp
872K    /webroot/usr/lib/sse2
1.4M    /webroot/usr/lib/mysql
676K    /webroot/usr/lib/php/modules
4.0K    /webroot/usr/lib/php/pear
684K    /webroot/usr/lib/php
9.9M    /webroot/usr/lib
2.9M    /webroot/usr/bin
13M     /webroot/usr
19M     /webroot/
19M     total

Troubleshooting

Always go thought /var/log/messages and server log files:
# tail -f /var/log/messages

Download mysql testing script

Copy and test php mysql connectivity with this script.

The stap program is the front-end to the Systemtap tool. It accepts probing instructions (written in a simple scripting language), translates those instructions into C code, compiles this C code, and loads the resulting kernel module into a running Linux kernel to perform the requested system trace/probe functions.

SystemTap provides free software (GPL) infrastructure to simplify the gathering of information about the running Linux system. This assists diagnosis of a performance or functional problem. SystemTap eliminates the need for the developer to go through the tedious and disruptive instrument, recompile, install, and reboot sequence that may be otherwise required to collect data.

We have several developers who use stap. Usually it works out of box. For example following program prints hello world on screen if SystemTap and related packages are installed:

stap -e 'probe begin { log ("hello world") }'

However under CentOS Linux version 5 (RHEL 5), you will get an error as follows:

semantic error: libdwfl failure (dwfl_linux_kernel_report_offline): No such file or directory while resolving probe point kernel.function("sys_*")

Install kernel-debuginfo package

To get rid of this problem, you have to simply install kernel-debuginfo package:
# yum install kernel-debuginfo
Please note that the installed kernel-debuginfo package must be for the same kernel release level and processor, so you may have to enter the following command:
# yum install kernel-debuginfo-KERNEL-VERSION-NUMBER

Hope this troubleshooting tip will help you out while working with systemtap (stap) scripts.

I've already wrote about setting up a Linux transparent squid proxy system. However I'm getting lots of questions about Squid basic installation and configuration:

How do I install Squid Proxy server on CentOS 5 Liinux server?

Sure Squid server is a popular open source GPLd proxy and web cache. It has a variety of uses, from speeding up a web server by caching repeated requests, to caching web, name server query , and other network lookups for a group of people sharing network resources. It is primarily designed to run on Linux / Unix-like systems. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

Install Squid on CentOS / RHEL 5

Use yum command as follows:
# yum install squid
Output:

Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package squid.i386 7:2.6.STABLE6-4.el5 set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 squid                   i386       7:2.6.STABLE6-4.el5  updates           1.2 M
Transaction Summary
=============================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)
Total download size: 1.2 M
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: squid                        ######################### [1/1]
Installed: squid.i386 7:2.6.STABLE6-4.el5
Complete!

Squid Basic Configuration

Squid configuration file located at /etc/squid/squid.conf. Open file using a text editor:
# vi /etc/squid/squid.conf
At least you need to define ACL (access control list) to work with squid. The defaults port is TCP 3128. Following example ACL allowing access from your local networks 192.168.1.0/24 and 192.168.2.0/24. Make sure you adapt to list your internal IP networks from where browsing should be allowed:
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks

Save and close the file. Start squid proxy server:
# chkconfig squid on
# /etc/init.d/squid start

Output:

init_cache_dir /var/spool/squid... Starting squid: .       [  OK  ]

Verify port 3128 is open:
# netstat -tulpn | grep 3128
Output:

tcp        0      0 0.0.0.0:3128                0.0.0.0:*                   LISTEN      20653/(squid)

Open TCP port 3128

Finally make sure iptables is allowing to access squid proxy server. Just open /etc/sysconfig/iptables file:
# vi /etc/sysconfig/iptables
Append configuration:
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
Restart iptables based firewall:
# /etc/init.d/iptables restart
Output:

Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]

Client configuration

Open a webbrowser > Tools > Internet option > Network settings > and setup Squid server IP address and port # 3128.

See also

You may find our previous squid tips useful:

Squid Security and blocking content Related Tips

Squid Authentication Related Tips

Squid Other Tips