Dec 06

How to fix the “Cannot retrieve repository metadata (repomd.xml)” error in Fedora?

By jason Linux/Unix Oprating system No Comments »

The recently released Fedora 11(CentOS 5) Leonidas has some issues with it’s regular update process. Many users are getting a strange error which complains about the inability of the update system to retrieve the repository metadata, namely repomd.xml. You can see the error as attached in this inlet below:

Error: Cannot retrieve repository metadata (repomd.xml) for repository: fedora. Please verify its path and try again

When we tried to install Fedora 11(CentOS5) for the first time, we also faced a similar problem. A quick twitter search brought us to a conclusion that we were not alone. But a little tweaking of a few system files brought us back on track. In this article we tell you, how to go about resolving the problem in case you face it too.

  • You need to edit two of your repository files: /etc/yum.repos.d/fedora.repo and /etc/yum.repos.d/fedora-updates.repo. Now un-comment all the lines that start with  the term baseurl and place a comment before all lines that start with mirrorlist. This should be done for both the above files.

Now edit your /etc/hosts file and append the following to it’s contents:

80.239.156.215 mirrors.fedoraproject.org

OR you can close yum-updatesd daemon on runlevel 3

chkconfig level 3 yum-updatesd off

/etc/rc.d/init.d/yum-updatesd stop

Now try updating your system or installing any software via Yum. You will see, the error is now resolved and the error message is not shown anymore.

Tagged with:
Dec 06

how to fix “mptctldrivers/message/fusion/mptctl.c::mptctl_ioctl”

By jason Linux/Unix Oprating system No Comments »

on a Dell PowerEdge 2950 I am using the Centos 5.x packages for x86_64 powered by the
OpenVZ kernels.
After the last update to the (as of Centos 5.2) latest kernel
2.6.18-92.1.1.el5.028stab057.2
I got alerted by the same kernel ERROR messages shown in the dmesg output:
….
Fusion MPT base driver 3.04.05
Copyright (c) 1999-2007 LSI Corporation
Fusion MPT misc device (ioctl) driver 3.04.05
mptctl: Registered with Fusion MPT base driver
mptctl: /dev/mptctl @ (major,minor=10,220)
mptctldrivers/message/fusion/mptctl.c::mptctl_ioctl() @596 – ioc0 not found!
mptctldrivers/message/fusion/mptctl.c::mptctl_ioctl() @596 – ioc1 not found!
mptctldrivers/message/fusion/mptctl.c::mptctl_ioctl() @596 – ioc2 not found!
….
These error messages seem to get triggered by IOCTL operations on the
device /dev/mptctl; you can reproduce them by doing a
/usr/bin/srvadmin-services.sh restart
srvadmin-services.sh is part of the Dell Server Management software
(Vers-5.2_rev-A00_Apr-2007 for the PowerEdge 2950; to be installed optionally);
the process behind dsm_sa_datamgr32d seems to be the only reader/writer
of the device file:
[root@d2950]# fuser /dev/mptctl
/dev/mptctl: 19331 22642
[root@d2950]# ps -flp 19331 22642
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
5 S root 19331 1 0 78 0 – 34354 stext 11:49 ? 0:04 /opt/dell/srvadmin/dataeng/bin/dsm_sa_datamgr32d
5 S root 22642 19331 0 78 0 – 31537 – 11:49 ? 0:00 /opt/dell/srvadmin/dataeng/bin/dsm_sa_datamgr32d
When rebooting the box with the formerly used kernel (as of Centos 5.1):
2.6.18-53.1.6.el5.028stab053.6xen
I see in dmesg output:
Fusion MPT misc device (ioctl) driver 3.04.04
mptctl: Registered with Fusion MPT base driver
mptctl: /dev/mptctl @ (major,minor=10,220)
–> so the new kernel (2.6.18-92.1.1.el5.028stab057.2) comes with a
new driver release … inspecting/comparing the source files for
the kernel module mptctl.ko we see:
=====File: /usr/src/redhat/BUILD/ovzkernel-2.6.18-53.1.6.el5.028stab053.6/\
linux-2.6.18.x86_64/drivers/message/fusion/mptctl.c
=================SNIP-START==
static long
__mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
mpt_ioctl_header __user *uhdr = (void __user *) arg;
mpt_ioctl_header khdr;
int iocnum;
unsigned iocnumX;
int nonblock = (file->f_flags & O_NONBLOCK);
int ret;
MPT_ADAPTER *iocp = NULL;
dctlprintk(("mptctl_ioctl() called\n"));
if (copy_from_user(&khdr, uhdr, sizeof(khdr))) {
printk(KERN_ERR "%s::mptctl_ioctl() @%d – "
"Unable to copy mpt_ioctl_header data @ %p\n",
__FILE__, __LINE__, uhdr);
return -EFAULT;
}
ret = -ENXIO; /* (-6) No such device or address */
/* Verify intended MPT adapter – set iocnum and the adapter
* pointer (iocp)
*/
iocnumX = khdr.iocnum & 0xFF;
if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
(iocp == NULL)) {
-> dctlprintk((KERN_ERR "%s::mptctl_ioctl() @%d – ioc%d not found!\n",
-> __FILE__, __LINE__, iocnumX));
return -ENODEV;
}
=================SNIP-END==
=====File: /usr/src/redhat/BUILD/ovzkernel-2.6.18-92.1.1.el5.028stab057.2/\
linux-2.6.18.x86_64/drivers/message/fusion/mptctl.c
=================SNIP-START==
static long
__mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
mpt_ioctl_header __user *uhdr = (void __user *) arg;
mpt_ioctl_header khdr;
int iocnum;
unsigned iocnumX;
int nonblock = (file->f_flags & O_NONBLOCK);
int ret;
MPT_ADAPTER *iocp = NULL;
if (copy_from_user(&khdr, uhdr, sizeof(khdr))) {
printk(KERN_ERR MYNAM "%s::mptctl_ioctl() @%d – "
"Unable to copy mpt_ioctl_header data @ %p\n",
__FILE__, __LINE__, uhdr);
return -EFAULT;
}
ret = -ENXIO; /* (-6) No such device or address */
/* Verify intended MPT adapter – set iocnum and the adapter
* pointer (iocp)
*/
iocnumX = khdr.iocnum & 0xFF;
if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
(iocp == NULL)) {
-> printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d – ioc%d not found!\n",
-> __FILE__, __LINE__, iocnumX);
return -ENODEV;
}
=================SNIP-END==
we see that the newer (Centos 5.2 release) release of the mptctl.c changed
the ‘dctlprintk()’ statement into a ‘printk()’ … this means that a formerly
ONLY when compiling with DEBUG FLAGS ON (i.e. the module Makefile contains:
CFLAGS_mptctl.o += -DMPT_DEBUG_IOCTL)
active debug message print statement got enabled per default … and now we
get a whole lot of messages … it is not clear whether __mptctl_ioctl() should
really be that verbose …
Finally, on our Centos powered box, I was able to compile a more silent mptctl.ko:
[root@d2950]# diff drivers/message/fusion/mptctl.c drivers/message/fusion/mptctl.c-original
595,607c595,596
< #ifdef _MeJ__wants__MPT_DEBUG_IOCTL
< /* MeJ 02-Oct-2008
< we want to get rid of a whole lot of kernel error messages like:
< mptctldrivers/message/fusion/mptctl.c::mptctl_ioctl() @596 – ioc0 not found!
< mptctldrivers/message/fusion/mptctl.c::mptctl_ioctl() @596 – ioc1 not found!
< …..
< i.e. we disable the error message … in former versions of mptctl.c this
< printk() was active only when compiled with:
< CFLAGS_mptctl.o += -DMPT_DEBUG_IOCTL
< */
< printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d – ioc%d not found!\n",
< __FILE__, __LINE__, iocnumX);
< #endif

> printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d – ioc%d not found!\n",
> __FILE__, __LINE__, iocnumX);
and after
make
srvadmin-services.sh stop
rmmod mptctl
mv /lib/modules/2.6.18-92.1.1.el5.028stab057.2/kernel/drivers/message/fusion/mptctl.ko \
/lib/modules/2.6.18-92.1.1.el5.028stab057.2/kernel/drivers/message/fusion/mptctl.ko-original
cp drivers/message/fusion/mptctl.ko \
/lib/modules/2.6.18-92.1.1.el5.028stab057.2/kernel/drivers/message/fusion/mptctl.ko
modprobe -a mptctl
srvadmin-services.sh start
the problem is fixed … opensource is simply great ;-))))
Last but not least: Thanks to all of you for providing such a great distro like Centos to the
community!

Tagged with:
Dec 01

Install puppet on CentOS5 64Bit

By jason Linux/Unix Oprating system No Comments »

A puppet is an inanimate object or representational figure animated or manipulated by an entertainer, who is called a puppeteer. It is used in puppetry, a play or a presentation that is a very ancient form of theatre.

There are many different varieties of puppets, and they are made of a wide range of materials, depending on their form and intended use. They can be extremely complex or very simple in their construction. They may even be found objects. As Oscar Wilde wrote, “There are many advantages in puppets. They never argue. They have no crude views about art. They have no private lives.

Start Install puppet

1. install ruby

yum install ruby ruby-rdoc

2.install puppet server

wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

rpm -Uvh epel-release-5-4.noarch.rpm

yum install puppet-server

chkconfig –level 2345 puppetmaster on

3.modify /etc/hosts file

192.168.1.2           puppet.mydomain.com    puppet

192.168.1.3           web1.mydomain.com  web1

4.install puppet client

wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

rpm -Uvh epel-release-5-4.noarch.rpm

yum install puppet

chkconfig –level 2345 puppet on

5. edit file /etc/puppet/manifests/site.pp  (server side) & start puppet server

# Create  “/tmp/testfile” if it doesn’t exist.
class test_class {
file { “/tmp/testfile”:
ensure => present,
mode => 644,
owner => root,
group => root
}
}

# tell puppet on which client to run the class
node web1 {
include test_class
}

service puppetmaster start

6. start client

/etc/init.d/puppet once –v

7. view no sign client on puppet server

puppetca –list

8. sign for puppet client on puppet server

puppetca –sign web1.mydomain.com

9. test

puppetd –server puppet.mydomain.com --test

 
Tagged with:
Nov 15

Multi-Master Replication Manager for MySQL

By jason Mysql Server No Comments »

MMM (Multi-Master Replication Manager for MySQL) is a set of flexible scripts to perform monitoring/failover and management of MySQL master-master replication configurations (with only one node writable at any time).

The toolset also has the ability to read balance standard master/slave configurations with any number of slaves, so you can use it to move virtual IP addresses around a group of servers depending on whether they are behind in replication.

The current version of this software is stable, but the authors would appreciate any comments, suggestions, bug reports about this version to make it even better. Current version 2.0 development is led by Pascal Hofmann. If you require support, advice or assistance with deployment, please contact Percona or Open Query.

Tagged with:
Oct 26

postfix queue clean script

By jason Shell Script No Comments »

usage:

    1.Delete all include test.com domain’s mail from queue

#perl pfdel.pl @test.com

    2.Delete all include a@test.com mail address’s mail from queue

#perl pfdel.pl a@test.com

    3.Script content

#!/usr/bin/perl -w
#
# pfdel - deletes message containing specified address from
# Postfix queue. Matches either sender or recipient address.
#
# Usage: pfdel <email_address>
#

use strict;

# Change these paths if necessary.
my $LISTQ = "/usr/sbin/postqueue -p";
my $POSTSUPER = "/usr/sbin/postsuper";

my $email_addr = "";
my $qid = "";
my $euid = $>;

if ( @ARGV !=  1 ) {
	die "Usage: pfdel <email_address>\n";
} else {
	$email_addr = $ARGV[0];
}

if ( $euid != 0 ) {
        die "You must be root to delete queue files.\n";
}

open(QUEUE, "$LISTQ |") ||
  die "Can't get pipe to $LISTQ: $!\n";

my $entry = <QUEUE>;	# skip single header line
$/ = "";		# Rest of queue entries print on
			# multiple lines.
while ( $entry = <QUEUE> ) {
	if ( $entry =~ / $email_addr$/m ) {
		($qid) = split(/\s+/, $entry, 2);
		$qid =~ s/[\*\!]//;
		next unless ($qid);

		#
		# Execute postsuper -d with the queue id.
		# postsuper provides feedback when it deletes
		# messages. Let its output go through.
		#
		if ( system($POSTSUPER, "-d", $qid) != 0 ) {
			# If postsuper has a problem, bail.
			die "Error executing $POSTSUPER: error " .
			   "code " .  ($?/256) . "\n";
		}
	}
}
close(QUEUE);

if (! $qid ) {
	die "No messages with the address <$email_addr> " .
	  "found in queue.\n";
}

exit 0;
Tagged with:
Oct 24

Drop probe ip by iptables

By jason Shell Script No Comments »

Modify crontab

* * * * * root /home/cnscn/sh/ssh_scan_crontab.sh >/dev/null 2>&1

ssh_scan_crontab.sh script

  • $ cat /home/cnscn/sh/ssh_scan_crontab.sh
  • #!/bin/bash
  • # Author http://jabin.cublog.cn
  • # Modify cnscn http://cnscn2008.cublog.cn
  • # Modify xinyv
  •  
  • #set timezone
  • export LC_ALL=UTC
  •  
  • # gather 1 minutes log from secure,count and drop it by iptables
  • SCANNER=$(awk 'BEGIN{ tm=strftime("%b %e %H:%M",systime()-60);}  $0 ~ tm && /Failed password/ && /ssh2/ {print $(NF-3)}' /var/log/secure |sort|uniq -c |awk '{print $1"="$2;}')
  •  
  •  
  • for i in $SCANNER
  • do
  • echo $i
  •        # get fialure number
  •        NUM=`echo $i|awk -F= '{print $1}'`
  •  
  •        # get ip address
  •        IP=`echo $i|awk -F= '{print $2}'`
  •  
  •        # drop and log
  •        if [ $NUM -gt 5 ] && [ -z "`/sbin/iptables -vnL INPUT|grep $IP`" ]
  •        then
  •                /sbin/iptables -I INPUT -s $IP -j DROP
  •                echo "/sbin/iptables -I INPUT -s $IP -j DROP" >> /home/cnscn/sh/ssh_scan_iptables.sh
  •                logger -i -t "ssh_scan_crontab" -f /var/log/messages "$IP($NUM)..."
  •        fi
  • done
  • #End of Script
  •  
  •  
  • .start it when system up
  • $ cat myiptables.sh
  • #!/bin/bash
  • #chkconfig: 345 85 15
  • #description: my iptables rules, which can auto run when system start
  •  
  • # This is a script
  • # Edit by liwei, cnscn
  • # establish a static firewall
  •  
  • #network interface
  • interdevice="eth0"
  •  
  • #port
  • #21       ftp
  • #15022    sshd
  • #25       smtp
  • #53       named
  • #80       http
  • #110      pop3
  •  
  • #Allow Access port
  • Open_ports="21 20 22 80"
  •  
  • #
  • Allow_ports="21 20 80 "
  •  
  • #clean old rules
  • iptables -F
  • iptables -X
  • iptables -t nat -F
  • iptables -t nat -X
  •  
  • #Add rule for drop bad ip
  • /home/cnscn/sh/ssh_scan_iptables.sh
  •  
  • #Allow My ip
  • /sbin/iptables -I INPUT -s 111.127.xxx.xxx -j ACCEPT
  •  
  • for eths in $interdevice ; do
  •  
  •   #
  •   #iptables -A INPUT -i ! $eths -j ACCEPT
  •  
  •   #Allow all access’s port(--dport)
  •   for Port in $Open_ports ; do
  •     iptables -A INPUT -i $eths -p tcp --dport $Port -j ACCEPT
  •     iptables -A INPUT -i $eths -p udp --dport $Port -j ACCEPT
  •   done
  •  
  •   #Deny spoof
  •   iptables -A INPUT -i $eths -p tcp -j REJECT --reject-with tcp-reset
  •   iptables -A INPUT -i $eths -p udp -j REJECT --reject-with icmp-port-unreachable
  • done
  •  
  • #forbidden ping
  • echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
  •  
  • #End of Script
    • Tagged with:
    Oct 09

    Install IIS Rewrite and add domain 301 redirect rule

    By jason IIS Server No Comments »

    1. download IIS Rewrite

    2.unzip iis_urlrewirte.zip to special directory (example:c:\rewrite)

    3.Add iisapi for special site

    4.restart iis

    5.rewrite rule
       5.1domain.com redirect to www.domain.com

    # ISAPI_Rewrite 2.x 
    [ISAPI_Rewrite]
    # 3600 = 1 hour
    CacheClockRate 3600
    RepeatLimit 32
    RewriteCond Host: ^domain\.com$ RewriteRule (.*) http\://www\.domain\.com$1 [I,RP]

    # ISAPI_Rewrite 3.0
    [ISAPI_Rewrite] # 3600 = 1 hour
    CacheClockRate 3600
    RepeatLimit 32
    RewriteCond %{HTTP:Host} ^domain\.com$ RewriteRule (.*) http\://www\.domain\.com$1 [NC,R=301]

       5.2 let oldpage.html redirect to newpage.html

    # ISAPI_Rewrite 2.x
    [ISAPI_Rewrite] # 3600 = 1 hour
    CacheClockRate 3600
    RepeatLimit 32
    RewriteRule ^/oldpage.html$ http://domain.com/newpage.html[I,O,RP,L]

    # ISAPI_Rewrite 3.0 
    [ISAPI_Rewrite] # 3600 = 1 hour
    CacheClockRate 3600
    RepeatLimit 32 RewriteRule ^/oldpage.html$ http://domain.com/newpage.html[NC,L,R=301,O]

    6.Refrence

    http://www.isapirewrite.com/

    Tagged with:
    Oct 05

    Config nginx for codeigniter

    By jason Nginx Server No Comments »

    Modify nginx config file

    location ~ \.php($|/) {
    root /var/www/html;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
    fastcgi_split_path_info ^(.+\.php)(.*)$;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    include fastcgi_params;
    }

    Modify codeigniter config

    Before:
    //$config['uri_protocol']       = "AUTO";
    After:
    $config['uri_protocol'] = "PATH_INFO";

    Tagged with:
    Sep 15

    iis7 and apache share port 80 in windows2008

    By jason Apache Server No Comments »

    1) Added or make sure your machine has two or more ip’s
    2) Open a command prompt
    3) Type netsh
    4) Type http
    5) Type sho iplisten. It should be blank
    6) Type add iplisten ipaddress=192.168.0.90
    You should get IP address successfully added
    7) Type sho iplisten again
    It should sho 192.168.0.90 in the list
    8) Type exit to get out of netsh
    9) Type type netstat -an. See if you notice 192.168.0.90:80 in the list. If you see 0.0.0.0:80, do an iisreset
    10) Download and install Apache ( I did it with 2.2.4)
    http://mirror.nyi.net/apache/httpd/binaries/win32/apache_2.2.4-win32-x86…
    11) Do a default install,
    12) Open httpd.conf and adjust the ip listen to 192.168.0.91:80

    # Listen: Allows you to bind Apache to specific IP addresses and/or
    # ports, instead of the default. See also the
    # directive.
    #
    # Change this to Listen on specific IP addresses as shown below to
    # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
    #
    #Listen 12.34.56.78:80
    #Was 80
    #Change to

    Listen 192.168.0.91:80

    12) Restart the Apache service. (for some reason the start / stop thing didn’t work for me, I used net stop apache2 net start apache2.)
    13) Type netstat -an
    14) You should see 192.168.0.90:80 and 192.168.0.91:80. Open a browser and test both IP’s to see if IIS7 and Apache come up.
    15) Test restarting Apache service to see if it works after that.
    16) Turn off Apache, browse IIS, turn of IIS, browse Apache. Test it every which way to see if it works.

    Tagged with:
    Aug 03

    update Dell R410/R710 CentOS netcard driver

    By jason Linux/Unix Oprating system 1 Comment »

    view netcard driver version infomation:

    [root@localhost DRIVER]# modinfo bnx2
    filename: /lib/modules/2.6.18-164.el5/updates/bnx2.ko
    version 2.0.2
    license: GPL
    desciption: Broadcom NetXtreme II BCM5706/5708/5709/5716 Driver

    check netcard type

    [root@localhost ~]# kudzu –probe –class=network
    -
    class: NETWORK
    bus: PCI
    detached: 0
    device: eth0
    driver: bnx2
    desc: "Broadcom Corporation NetXtreme II BCM5716 Gigabit Ethernet"
    network.hwaddr: 84:2b:2b:42:01:b1
    vendorId: 14e4
    deviceId: 163b
    subVendorId: 1028
    subDeviceId: 028c
    pciType: 1
    pcidom:    0
    pcibus:  1
    pcidev:  0
    pcifn:  0

    download new version driver from fllow url

    http://www.broadcom.com/support/ethernet_nic/netxtremeii.php

    Install src rpm and compile:

    unzip linux-6.2.23.zip
    cd Server/Linux/Driver
    rpm ivh netxtreme2-6.2.23-1.src.rpm
    cd /usr/src/redhat/
    rpm -bb SPECS/netxtreme2.spec

    Compile Success will output fllow info

    Wrote: /usr/src/redhat/RPMS/i386/netxtreme2-4.8.10-1.i386.rpm
    Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.59603
    + umask 022
    + cd /usr/src/redhat/BUILD
    + cd netxtreme2-4.8.10
    + rm -rf /var/tmp/netxtreme2-buildroot /usr/src/redhat/BUILD/file.list.netxtreme2
    + exit 0

    Install rpm:

    rpm -ivh RPMS/x86_64/netxtreme2-6.2.23-1.x86_64.rpm
    1:netxtreme2 ######################## [100%]

    reboot the host or run fllow script

    vi lan-up.sh
    #!/bin/sh 
    rmmod bnx2
    modprobe bnx2

    view driver info

    [root@localhost redhat]# modinfo bnx2
    filename:       /lib/modules/2.6.18-194.el5/updates/bnx2.ko
    version:        2.0.23b
    license:        GPL
    description:    Broadcom NetXtreme II BCM5706/5708/5709/5716 Driver
    author:         Michael Chan <mchan@broadcom.com>
    srcversion:     6E0DD070AB24C11F50B2712
    alias:          pci:v000014E4d0000163Csv*sd*bc*sc*i*
    alias:          pci:v000014E4d0000163Bsv*sd*bc*sc*i*
    alias:          pci:v000014E4d0000163Asv*sd*bc*sc*i*
    alias:          pci:v000014E4d00001639sv*sd*bc*sc*i*
    alias:          pci:v000014E4d000016ACsv*sd*bc*sc*i*
    alias:          pci:v000014E4d000016AAsv*sd*bc*sc*i*
    alias:          pci:v000014E4d000016AAsv0000103Csd00003102bc*sc*i*
    alias:          pci:v000014E4d0000164Csv*sd*bc*sc*i*
    alias:          pci:v000014E4d0000164Asv*sd*bc*sc*i*
    alias:          pci:v000014E4d0000164Asv0000103Csd00003106bc*sc*i*
    alias:          pci:v000014E4d0000164Asv0000103Csd00003101bc*sc*i*
    depends:       
    vermagic:       2.6.18-194.el5 SMP mod_unload gcc-4.1
    parm:           disable_msi:Disable Message Signaled Interrupt (MSI) (int)
    parm:           stop_on_tx_timeout:For debugging purposes, prevent a chip  reset when a tx timeout occurs (int)

    Tagged with:
    Previous Entries
    preload preload preload