Mxx's questions

I have Ubuntu 14.04 server on which I can't use anything that relies on su. This manifests in inability to restart services or even switch users.

root@ci-web1:~# su - mxx
su: Authentication failure

My /var/log/auth.log shows:

Oct 10 11:14:15 ci-web1 su[19709]: PAM unable to dlopen(pam_rootok.so): /lib/security/pam_rootok.so: cannot open shared object file: No such file or directory
Oct 10 11:14:15 ci-web1 su[19709]: PAM adding faulty module: pam_rootok.so
Oct 10 11:14:15 ci-web1 su[19709]: PAM unable to dlopen(pam_unix.so): /lib/security/pam_unix.so: cannot open shared object file: No such file or directory
Oct 10 11:14:15 ci-web1 su[19709]: PAM adding faulty module: pam_unix.so
Oct 10 11:14:15 ci-web1 su[19709]: pam_authenticate: Authentication failure
Oct 10 11:14:15 ci-web1 su[19709]: FAILED su for mxx by root
Oct 10 11:14:15 ci-web1 su[19709]: - /dev/pts/0 root:mxx

Both of those files are present in /lib/x86_64-linux-gnu/security/. I don't understand why it's looking in /lib/security/.

How to correct this problem?

I have an up-to-date Ubuntu 12.04 server running Apache 2.2.22-1ubuntu1.4.
For every HTTPS request my Apache logs record what appear to be error messages related to encrypted connections.

Self-signed certificate was generated based on instructions from Ubuntu 12.04 » Ubuntu Server Guide » Security » Certificates

Qualys SSL Labs shows no problems with the server config(other than self-signed cert).

Relevant section of Apache config is:

<VirtualHost *:443>
  ServerName site.domain.net:443
  ...snip...
  SSLEngine             on
  SSLCertificateFile    /etc/apache2/ssl/apache.crt
  SSLCertificateKeyFile /etc/apache2/ssl/apache.key
  SSLProtocol           all -SSLv2 -SSLv3
  SSLHonorCipherOrder   on
  SSLCompression        off
</VirtualHost>

Error logs are showing entries similar to this:

[Wed Feb 19 10:47:01 2014] [info] [client xx.xx.61.4] Connection to child 2 established (server site.domain.net:443) 
[Wed Feb 19 10:47:01 2014] [info] Seeding PRNG with 656 bytes of entropy 
[Wed Feb 19 10:47:01 2014] [info] [client xx.xx.61.4] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] 
[Wed Feb 19 10:47:01 2014] [info] [client xx.xx.61.4] Connection closed to child 2 with abortive shutdown (server site.domain.net:443)

Browser is not hitting Stop button as the log implies.

Why am I getting these errors, what do they mean and how to stop them?

I'm running up-to-date Ubuntu 12.04 LTS with Apache 2.2.22-1ubuntu1.4 and OpenSSL 1.0.1-4ubuntu5.11.

I have configured Apache to use ciphersuites list from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Ciphersuite

It looks like this:

<VirtualHost *:443>
    ...
    SSLEngine on
    SSLCertificateFile      /path/to/signed_certificate
    SSLCertificateChainFile /path/to/intermediate_certificate
    SSLCertificateKeyFile   /path/to/private/key
    SSLCACertificateFile    /path/to/all_ca_certs
    SSLProtocol             all -SSLv2
    SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
    SSLHonorCipherOrder     on
    SSLCompression          off
</VirtualHost>

This command shows all the available OpenSSL ciphers.

# openssl ciphers -v 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK' |column -t

ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2  Kx=ECDH        Au=RSA    Enc=AESGCM(128)    Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2  Kx=ECDH        Au=ECDSA  Enc=AESGCM(128)    Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2  Kx=ECDH        Au=RSA    Enc=AESGCM(256)    Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2  Kx=ECDH        Au=ECDSA  Enc=AESGCM(256)    Mac=AEAD
DHE-RSA-AES128-GCM-SHA256      TLSv1.2  Kx=DH          Au=RSA    Enc=AESGCM(128)    Mac=AEAD
DHE-DSS-AES128-GCM-SHA256      TLSv1.2  Kx=DH          Au=DSS    Enc=AESGCM(128)    Mac=AEAD
DHE-DSS-AES256-GCM-SHA384      TLSv1.2  Kx=DH          Au=DSS    Enc=AESGCM(256)    Mac=AEAD
DHE-RSA-AES256-GCM-SHA384      TLSv1.2  Kx=DH          Au=RSA    Enc=AESGCM(256)    Mac=AEAD
ECDHE-RSA-AES128-SHA256        TLSv1.2  Kx=ECDH        Au=RSA    Enc=AES(128)       Mac=SHA256
ECDHE-ECDSA-AES128-SHA256      TLSv1.2  Kx=ECDH        Au=ECDSA  Enc=AES(128)       Mac=SHA256
ECDHE-RSA-AES128-SHA           SSLv3    Kx=ECDH        Au=RSA    Enc=AES(128)       Mac=SHA1
ECDHE-ECDSA-AES128-SHA         SSLv3    Kx=ECDH        Au=ECDSA  Enc=AES(128)       Mac=SHA1
ECDHE-RSA-AES256-SHA384        TLSv1.2  Kx=ECDH        Au=RSA    Enc=AES(256)       Mac=SHA384
ECDHE-ECDSA-AES256-SHA384      TLSv1.2  Kx=ECDH        Au=ECDSA  Enc=AES(256)       Mac=SHA384
ECDHE-RSA-AES256-SHA           SSLv3    Kx=ECDH        Au=RSA    Enc=AES(256)       Mac=SHA1
ECDHE-ECDSA-AES256-SHA         SSLv3    Kx=ECDH        Au=ECDSA  Enc=AES(256)       Mac=SHA1
DHE-RSA-AES128-SHA256          TLSv1.2  Kx=DH          Au=RSA    Enc=AES(128)       Mac=SHA256
DHE-RSA-AES128-SHA             SSLv3    Kx=DH          Au=RSA    Enc=AES(128)       Mac=SHA1
DHE-DSS-AES128-SHA256          TLSv1.2  Kx=DH          Au=DSS    Enc=AES(128)       Mac=SHA256
DHE-RSA-AES256-SHA256          TLSv1.2  Kx=DH          Au=RSA    Enc=AES(256)       Mac=SHA256
DHE-DSS-AES256-SHA             SSLv3    Kx=DH          Au=DSS    Enc=AES(256)       Mac=SHA1
DHE-RSA-AES256-SHA             SSLv3    Kx=DH          Au=RSA    Enc=AES(256)       Mac=SHA1
AES128-GCM-SHA256              TLSv1.2  Kx=RSA         Au=RSA    Enc=AESGCM(128)    Mac=AEAD
AES256-GCM-SHA384              TLSv1.2  Kx=RSA         Au=RSA    Enc=AESGCM(256)    Mac=AEAD
ECDHE-RSA-RC4-SHA              SSLv3    Kx=ECDH        Au=RSA    Enc=RC4(128)       Mac=SHA1
ECDHE-ECDSA-RC4-SHA            SSLv3    Kx=ECDH        Au=ECDSA  Enc=RC4(128)       Mac=SHA1
SRP-DSS-AES-128-CBC-SHA        SSLv3    Kx=SRP         Au=DSS    Enc=AES(128)       Mac=SHA1
SRP-RSA-AES-128-CBC-SHA        SSLv3    Kx=SRP         Au=RSA    Enc=AES(128)       Mac=SHA1
DHE-DSS-AES128-SHA             SSLv3    Kx=DH          Au=DSS    Enc=AES(128)       Mac=SHA1
ECDH-RSA-AES128-GCM-SHA256     TLSv1.2  Kx=ECDH/ECDSA  Au=ECDH   Enc=AESGCM(128)    Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256   TLSv1.2  Kx=ECDH/ECDSA  Au=ECDH   Enc=AESGCM(128)    Mac=AEAD
ECDH-RSA-AES128-SHA256         TLSv1.2  Kx=ECDH/ECDSA  Au=ECDH   Enc=AES(128)       Mac=SHA256
ECDH-ECDSA-AES128-SHA256       TLSv1.2  Kx=ECDH/ECDSA  Au=ECDH   Enc=AES(128)       Mac=SHA256
ECDH-RSA-AES128-SHA            SSLv3    Kx=ECDH/RSA    Au=ECDH   Enc=AES(128)       Mac=SHA1
ECDH-ECDSA-AES128-SHA          SSLv3    Kx=ECDH/ECDSA  Au=ECDH   Enc=AES(128)       Mac=SHA1
AES128-SHA256                  TLSv1.2  Kx=RSA         Au=RSA    Enc=AES(128)       Mac=SHA256
AES128-SHA                     SSLv3    Kx=RSA         Au=RSA    Enc=AES(128)       Mac=SHA1
SRP-DSS-AES-256-CBC-SHA        SSLv3    Kx=SRP         Au=DSS    Enc=AES(256)       Mac=SHA1
SRP-RSA-AES-256-CBC-SHA        SSLv3    Kx=SRP         Au=RSA    Enc=AES(256)       Mac=SHA1
DHE-DSS-AES256-SHA256          TLSv1.2  Kx=DH          Au=DSS    Enc=AES(256)       Mac=SHA256
ECDH-RSA-AES256-GCM-SHA384     TLSv1.2  Kx=ECDH/ECDSA  Au=ECDH   Enc=AESGCM(256)    Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384   TLSv1.2  Kx=ECDH/ECDSA  Au=ECDH   Enc=AESGCM(256)    Mac=AEAD
ECDH-RSA-AES256-SHA384         TLSv1.2  Kx=ECDH/ECDSA  Au=ECDH   Enc=AES(256)       Mac=SHA384
ECDH-ECDSA-AES256-SHA384       TLSv1.2  Kx=ECDH/ECDSA  Au=ECDH   Enc=AES(256)       Mac=SHA384
ECDH-RSA-AES256-SHA            SSLv3    Kx=ECDH/RSA    Au=ECDH   Enc=AES(256)       Mac=SHA1
ECDH-ECDSA-AES256-SHA          SSLv3    Kx=ECDH/ECDSA  Au=ECDH   Enc=AES(256)       Mac=SHA1
AES256-SHA256                  TLSv1.2  Kx=RSA         Au=RSA    Enc=AES(256)       Mac=SHA256
AES256-SHA                     SSLv3    Kx=RSA         Au=RSA    Enc=AES(256)       Mac=SHA1
RC4-SHA                        SSLv3    Kx=RSA         Au=RSA    Enc=RC4(128)       Mac=SHA1
DHE-RSA-CAMELLIA256-SHA        SSLv3    Kx=DH          Au=RSA    Enc=Camellia(256)  Mac=SHA1
DHE-DSS-CAMELLIA256-SHA        SSLv3    Kx=DH          Au=DSS    Enc=Camellia(256)  Mac=SHA1
CAMELLIA256-SHA                SSLv3    Kx=RSA         Au=RSA    Enc=Camellia(256)  Mac=SHA1
DHE-RSA-CAMELLIA128-SHA        SSLv3    Kx=DH          Au=RSA    Enc=Camellia(128)  Mac=SHA1
DHE-DSS-CAMELLIA128-SHA        SSLv3    Kx=DH          Au=DSS    Enc=Camellia(128)  Mac=SHA1
CAMELLIA128-SHA                SSLv3    Kx=RSA         Au=RSA    Enc=Camellia(128)  Mac=SHA1

Notice all the ECDHE ciphers.

However, if I use https://www.ssllabs.com/ssltest/analyze.html it shows that my server supports(in order of preference):

DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS
DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS
DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS
DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS
DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS
DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS
RSA_WITH_AES_128_GCM_SHA256 (0x9c)
RSA_WITH_AES_256_GCM_SHA384 (0x9d)
RSA_WITH_AES_128_CBC_SHA256 (0x3c)
RSA_WITH_AES_128_CBC_SHA (0x2f)
RSA_WITH_AES_256_CBC_SHA256 (0x3d)
RSA_WITH_AES_256_CBC_SHA (0x35)
RSA_WITH_RC4_128_SHA (0x5)
DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS
RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)
DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS
RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)

Notice there are no ECDHE ciphers.

How come Apache is presenting a different list from OpenSSL?

I was inherited this server so I'm not yet fully familiar with its setup.

However, I noticed that C:\inetpub\mailroot\Badmail\ directory contains ~400,000 files. For now I do not want to delete the whole thing, only perhaps files older than 1/1/2012. I tried to use BadMailAdmin script, however when I run it on that dir, it errors out with:

ERROR: C:\inetpub\mailroot\Badmail\: bytes total.
Err.Number: 6
Err.Description: Overflow
Err.Source: Microsoft VBScript runtime error

Possibly because of so many files in there. I tried to use just regular Windows Explorer. It takes ~5min to get dir listing, but when I select a bunch of files to delete it starting chewing 100% CPU of one core and does not comeback in 2 hours that I waited.

If there any way to (quickly) delete some of these files?

Note, this is NOT Exchange server, just regular IIS/smtp.

I have a server running RHEL6.4.

I need to configure .rp_filter sysctl parameter for my server's private interconnect. This server has 2 NICs bonded together. I looked through the documentation and searched online but haven't found conclusive information how exactly it should be configured.

Should I set it on the bonded interface itself?

net.ipv4.conf.bond0.rp_filter = 0

Or should I set it on the 2 physical slave NICs?

net.ipv4.conf.em1.rp_filter = 0
net.ipv4.conf.em2.rp_filter = 0

I can not use net.ipv4.conf.all.rp_filter or net.ipv4.conf.default.rp_filter.

I have a server with dual Intel Xeon E5-2667 CPU (6 cores+HT) running OEL(RHEL) 6.4 For some reason snmp query to it shows cores from only 1 CPU.

Here's output sensors command.

[root@host log]# sensors
coretemp-isa-0000
Adapter: ISA adapter
Physical id 0: +56.0°C  (high = +96.0°C, crit = +102.0°C)
Core 0:        +55.0°C  (high = +96.0°C, crit = +102.0°C)
Core 1:        +50.0°C  (high = +96.0°C, crit = +102.0°C)
Core 2:        +52.0°C  (high = +96.0°C, crit = +102.0°C)
Core 3:        +55.0°C  (high = +96.0°C, crit = +102.0°C)
Core 4:        +52.0°C  (high = +96.0°C, crit = +102.0°C)
Core 5:        +56.0°C  (high = +96.0°C, crit = +102.0°C)

coretemp-isa-0001
Adapter: ISA adapter
Physical id 1: +43.0°C  (high = +96.0°C, crit = +102.0°C)
Core 0:        +43.0°C  (high = +96.0°C, crit = +102.0°C)
Core 1:        +41.0°C  (high = +96.0°C, crit = +102.0°C)
Core 2:        +42.0°C  (high = +96.0°C, crit = +102.0°C)
Core 3:        +41.0°C  (high = +96.0°C, crit = +102.0°C)
Core 4:        +40.0°C  (high = +96.0°C, crit = +102.0°C)
Core 5:        +41.0°C  (high = +96.0°C, crit = +102.0°C)

my /etc/snmp/snmpd.conf has the following line to allow full access:

view all    included  .1                               80

Yet here's what happens when I snmpwalk this server:

[root@host log]# snmpwalk -c public -v 2c localhost sensor
LM-SENSORS-MIB::lmTempSensorsIndex.1 = INTEGER: 1
LM-SENSORS-MIB::lmTempSensorsIndex.2 = INTEGER: 2
LM-SENSORS-MIB::lmTempSensorsIndex.3 = INTEGER: 3
LM-SENSORS-MIB::lmTempSensorsIndex.4 = INTEGER: 4
LM-SENSORS-MIB::lmTempSensorsIndex.5 = INTEGER: 5
LM-SENSORS-MIB::lmTempSensorsIndex.6 = INTEGER: 6
LM-SENSORS-MIB::lmTempSensorsIndex.7 = INTEGER: 7
LM-SENSORS-MIB::lmTempSensorsIndex.8 = INTEGER: 8
LM-SENSORS-MIB::lmTempSensorsDevice.1 = STRING: Physical id 0
LM-SENSORS-MIB::lmTempSensorsDevice.2 = STRING: Core 0
LM-SENSORS-MIB::lmTempSensorsDevice.3 = STRING: Core 1
LM-SENSORS-MIB::lmTempSensorsDevice.4 = STRING: Core 2
LM-SENSORS-MIB::lmTempSensorsDevice.5 = STRING: Core 3
LM-SENSORS-MIB::lmTempSensorsDevice.6 = STRING: Core 4
LM-SENSORS-MIB::lmTempSensorsDevice.7 = STRING: Core 5
LM-SENSORS-MIB::lmTempSensorsDevice.8 = STRING: Physical id 1
LM-SENSORS-MIB::lmTempSensorsValue.1 = Gauge32: 60000
LM-SENSORS-MIB::lmTempSensorsValue.2 = Gauge32: 44000
LM-SENSORS-MIB::lmTempSensorsValue.3 = Gauge32: 42000
LM-SENSORS-MIB::lmTempSensorsValue.4 = Gauge32: 42000
LM-SENSORS-MIB::lmTempSensorsValue.5 = Gauge32: 42000
LM-SENSORS-MIB::lmTempSensorsValue.6 = Gauge32: 41000
LM-SENSORS-MIB::lmTempSensorsValue.7 = Gauge32: 41000
LM-SENSORS-MIB::lmTempSensorsValue.8 = Gauge32: 44000

How can I make snmp report temperature for cores on all cpus?

I have 2 identical Dell R720 servers running identical Oracle Enterprise Linux(RHEL)6.4.

Both servers (supposedly) configured in exactly the same way. However, one of the servers is behaving differently.

Every other reboot its local HDD name(and related partitions) flip from /dev/sda to /dev/sdj. This is problematic because this server is configured with multipathd, and if this flip happens this config does not match other server and Oracle DB(or its clusterware) complains that nodes are not configured identically.

Why does one server has a consistent device names while the other server keeps flipping back and forth?

How can I make local hdd to consistently be /dev/sda?

edit: I created a rules file in /etc/udev/rules.d with the following rule, but it doesn't seem to be working

KERNEL=="sd*" , PROGRAM="scsi_id --page=0x83 -–whitelisted --device=/dev/%k",RESULT=="36b8ca3a0e58a3f00195c25c8117a6822", NAME="sda"

I have Fusion ioDrive2 785GB (731.088 GiB) SSD card. The server is running Oracle Enterprise Linux 6.4 (RHEL6.4 compatible). It is low-level formatted as such:

    "80% factory capacity"
    Format Capacity:    627,999,997,952 bytes
    Sector Size:    4,096 bytes

I want to split this drive into 2 partitions: 600,000,000,000 bytes to partition 1 and the rest to partition 2. I used fdisk -cu /dev/fioa command to create partitions:

Command (m for help): p

Disk /dev/fioa: 628.0 GB, 627999997952 bytes
255 heads, 63 sectors/track, 9543 cylinders, total 153320312 sectors
Units = sectors of 1 * 4096 = 4096 bytes
Sector size (logical/physical): 4096 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 32768 bytes
Disk identifier: 0x4b661ac0

    Device Boot      Start         End      Blocks   Id  System
/dev/fioa1             256   146484375   585936480   83  Linux
/dev/fioa2       146484376   153320311    27343744   83  Linux

Please note total sectors count and End sector for partition fioa2.

Now here's output of gdisk /dev/fioa:

GPT fdisk (gdisk) version 0.8.4

Partition table scan:
  MBR: MBR only
  BSD: not present
  APM: not present
  GPT: not present
***************************************************************
Found invalid GPT and valid MBR; converting MBR to GPT format.
THIS OPERATION IS POTENTIALLY DESTRUCTIVE! Exit by typing 'q' if
you don't want to convert your MBR partitions to GPT format!
***************************************************************

Warning! Secondary partition table overlaps the last partition by
5 blocks!
You will need to delete this partition or resize it in another utility.

Command (? for help): p
Disk /dev/fioa: 153320312 sectors, 584.9 GiB
Logical sector size: 4096 bytes
Disk identifier (GUID): 2744FD52-D432-4BDD-8111-0643B70B5C34
Partition table holds up to 128 entries
First usable sector is 6, last usable sector is 153320306
Partitions will be aligned on 8-sector boundaries
Total free space is 250 sectors (1000.0 KiB)

Number  Start (sector)    End (sector)  Size       Code  Name
   1             256       146484375   558.8 GiB   8300  Linux filesystem
   2       146484376       153320311   26.1 GiB    8300  Linux filesystem

Here please note overlap warning message, last usable sector number and as it compares to the last sector of partition 2.

Which of these 2 tools shows correct information?

I have a PCIe SSD card that uses 8kb block cells. It supports "Virtual Controllers" that can split this drive in half and create LVM RAID0 with 8kb stripe size. On top of that I install a file system that uses 8kb block sizes. My application writes data in 8kb blocks.

Is there space overhead with each added layer that causes this 8kb block 'alignment' to shift and ultimately raw data that is being written to SSD to be (significantly?) larger?

If my application writes 8kb worth of data, does FS then writes 8kb+its metadata, which then translates into 8kb+fs metadata+lvm metadata, which ultimately comes out to 8.5kb and screws up all that alignment?

This is a bit wordy, so please bear with me. :)

We have a RAC cluster of 3 Oracle 11gR2 servers and purchased FusionIO ioDrive2 PCIx cards for these servers to use as OracleDB's Flash Cache. These servers run both our production db instance and a smaller development db. We would like to configure both instances to use these devices as their Flash Cache, dev db having a much smaller size.

It is my understanding that only 1 device can be configured as a destination for Flash Cache.

At the same time this ioDrive2 device supports what's called "Virtual Controllers". It basically splits this device into 2 to double the IOPs (total combined bandwidth remains the same).

So to put this whole picture together: I'll need 2 partitions, one for each db instance. If I utilize "Virtual Controllers" I'll have 2 equally-sized drives.

What I'm thinking of doing is to combine 2 virtual controllers into 1 using LVM and then partition that one combined volume for each db.

How much performance and management overhead will I get with LVM? Are there any caveats I should be aware of with this setup? Is there a better approach to this situation?

I'm in the market for a storage upgrade for our servers. I'm looking at benchmarks of various PCIe SSD devices and in comparisons I see that IOPS change at various queue depths. How can that be and why is that happening? The way I understand things is: I have a device with maximum (theoretical) of 100k IOPS. If my workload consistently produces 100,001 IOPS, I'll have a queue depth of 1, am I correct? However, from what I see in benchmarks some devices run slower at lower queue depths, then speedup at depth of 4-64 and then slow down again at even larger depths. Isn't queue depths a property of OS(or perhaps storage controller), so why would that affect IOPS?

I'm in the market for a new storage solution. While researching various specs one of my coworkers said that some raid controllers can synchronize HDD rotation to the effect of all drives' sector/block 0 passes under the reading head at the same time.

I searched online but have not been able to find information proving/disproving this claim.

We need to accept email from a server that sends out using a non-existing domain. That server is not under my control.

In my main.cf I have

smtpd_client_restrictions       = permit_mynetworks,
                              hash:/etc/postfix/access,
                              permit_sasl_authenticated

in /etc/postfix/access I have

<server's ip>                 OK
vps1.nonexistingdomain.com         OK

However, when I recieve messages from that server in my logs I see:

Jul 26 10:30:07 mail3 postfix/smtpd[24044]: NOQUEUE: reject: RCPT from vps1.nonexistingdomain.com[ip address]: 554 5.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<vps1.nonexistingdomain.com>

As another workaround I tried to manually hardcode this hostname:ip into my /etc/hosts, but that makes no difference.

I have a Dell PowerEdge R710 with dual Intel Xeon E5503 CPUs. It has 96GB(12x8GB) of ECC DIMMs. In its BIOS, memory is configured for "Advanced ECC".

My question is if my DIMMs are already ECC, does it make sense to enable this "Advanced ECC" mode in BIOS or should I switch to "Optimized"?

Dell describes these modes as such:

Advanced ECC Mode This mode uses two MCHs and “ties” them together to emulate a 128-bit data bus DIMM. This is primarily used to achieve a Single Device Data Correction (SDDC) for DIMMs based on x8 DRAM technology. SDDC is supported with x4 based DIMMs in every memory mode. One MCH is completely un-utilized, and any memory installed in this channel will generate a warning message during POST.

Memory Optimized Mode In this mode, the MCHs run independently of each other; for example, one can be idle, one can be performing a write operation, and the other can be preparing for a read operation. Memory may be installed in one, two, or three channels. To fully realize the performance benefit of the memory optimized mode, all three channels per CPU should be populated. This implies that some ‘atypical’ memory configurations, such as 3GB, 6GB, or 12GB, will yield the best performance. This is the recommended mode unless specific RAS features are needed.

Dell PowerEdge R710 Systems Hardware Owner's Manual (PDF)

I have 2 OEL5.5(RHEL5.5) servers. I'm trying to figure out why when I run mount command I get different outputs.

Server1 has the following line in /etc/fstab/

10.11.0.61:/vol/exports/      /exports     nfs     _netdev,rw,bg,hard,nointr,tcp,vers=3,timeo=600,actimeo=0,rsize=32768,wsize=32768,async 1 2

Server2 has the following line in /etc/fstab/

10.11.0.61:/vol/exports/      /exports     nfs     _netdev,rw,bg,hard,nointr,tcp,vers=3,timeo=600,actimeo=0,rsize=32768,wsize=32768     1 2

When I run mount on Server1 I see

10.11.0.61:/vol/exports/ on /exports type nfs (rw,bg,addr=10.11.0.61)

When I run mount on Server2 I see

10.11.0.61:/vol/exports/ on /exports type nfs (rw,bg,hard,nointr,tcp,nfsvers=3,timeo=600,actimeo=0,rsize=32768,wsize=32768,addr=10.11.0.61)

Why does Server2 show more parameters? Does it mean it's mounted differently?

I'm trying to find a way to parse our Amazon S3 access logs to get some webstats.

I've been trying to use AWStats 7, but I got to the point of where after day 9 of a given month it can't process any more logs because it runs out of memory. This server has 4gigs of memory

Our S3 logs are rather big(~1gig/day) and soon CloudFront logs could be 10-20gigs/day.

Is there any software that can generate webstats from S3(and soon cloudfront) logs?

I know about s3stat.com but I want something I can run on my own.