Tengine, a customized Nginx, goes to open source

Posted on January 10, 2012 by admin

We’re glad to announce that Tengine, our home-baked Nginx at Taobao now becomes an open source project.

Taobao is the largest e-commerce website in Asia and ranked #12 on Alexa’s top global sites list. Our website serves billions of pageviews per day. For busy website as us, Nginx is obviously the best choice. Thanks to Nginx’s high performance, small footprint and flexibility, we have done more with less.

We first learned the Nginx internals by using it as a traditional web server and developing dozens of modules. Then from June of this year we started hacking the Nginx core to expand its capabilities. As some of the features we have developed may also benefit other Nginx users and websites, so why not open source them? We do not want to be just open source software users, but also open source contributors. That’s why the Tengine open source project came out.

Tengine is based on the latest stable version of Nginx (Nginx-1.0.10). There are a few features and bug fixes you may be interested in Tengine:

  • Logging enhancement. It supports syslog (local and remote) and pipe logging. You can also do log sampling, i.e. not all requests have to be written.
  • Protects the server when the system load and memory use goes high.
  • Combines multiple CSS or JavasScript requests into one request to reduce the downloading time.
  • Sets the worker process number and CPU affinities automatically. Setting Nginx’s worker_cpu_affinity is not a pain any more.
  • Enhanced limit_req module with whitelist support and more limit_req directives in one location.
  • More operations engineer friendly server information, so host can be located easily when error happens.
  • More command lines support. You can list all modules compiled in and the directives supported, even the content of configuration file itself.
  • Set expiration for files according to specific content type.
  • Error pages can be set back to ‘default’.

Basically, Tengine can be considered as a better or superset of Nginx. You can download the tar ball here:
http://tengine.taobao.org/download/tengine-1.2.0.tar.gz

We want to say thank you to the Nginx team, especially to Igor. Thank you very much for your great work! We would love to donate the patches against the Nginx-1.1 branch later if you think the patches are okay.

Frankly, I’m not sure whether the features in Tengine right now can impress you guys or not. It’s the first step we moving towards open source after all. We have built a team working on Tengine and have quite a long to-do list. I promise you more enhancements are coming out.

Posted in Nginx | Comments Off

Nginx Internals Talk in Guangzhou, China

Posted on January 10, 2012 by admin

nginx map (click to view large image)

I’m going to give a free talk on nginx’s internals next month (September 19), in Guangzhou, China.

I’ve been reading the source code of nginx for a few days. Digging into this charming code is really a pleasant experience, though at first glance it appeared a little bit difficult to understand. Nginx becomes more and more popular, but unfortunately there is not enough documentation on its architecture and implementation. Now that I have spent a considerable amount of time reading the source code and have gained some knowledge, why not share it with those who want to know things under the hood?

So, if you are interested in this talk and you can be in Guangzhou that day, feel free to join in. Please comment on this post or drop me an email to let me know which parts you are interested in (see the mind map above, draft version though).

There might be a thousand Hamlets in a thousand people’s eyes. Note that I’m not Igor, and the only way I try to understand the nuts and bolts is by reverse engineering it, hence I can’t guarantee you no mistakes or misunderstandings in my talk. And frankly, it is not a trivial topic after all, not only because of the size of nginx’s code base, but also its elaborate design.

The speech will be in Chinese while slides will be in English. Specifics of time and location are coming soon. Stay tuned.

Update:
Time: 14:30-17:30, September 19, 2009
Location: Netease Building Tower E, Guangzhou Information Port #16 Keyun RD. Tianhe District, Guangzhou
Registration: http://blog.laiyonghao.com/2009/09/programming-tech-party/370

Posted in Nginx, Web | Tagged , | Comments Off

A Handy Strace Option

Posted on January 10, 2012 by admin

A Handy Strace Option

August 20, 2009 at 3:39 pm · Filed under Programming

I didn’t notice the ‘-ff’ option of strace until I came across it today. By turning it on, not only fork(2)s can be followed, but also each process’s trace will be written to tracefile.pid, where pid is the process id of each process. Typical usage might look like this:

# strace -o tracelog.txt -ff -T command

This option can be quite handy, when debugging programs that spawn child processes.

Posted in Uncategorized | Comments Off

Why Python?

Posted on January 9, 2012 by admin
Cardinal Biggles had Eric in the comfy chair for over four hours before wringing this confession from him…

My first look at Python was an accident, and I didn’t much like what I saw at the time. It was early 1997, and Mark Lutz’s book Programming Python from O’Reilly & Associates had recently come out. O’Reilly books occasionally land on my doorstep, selected from among the new releases by some mysterious benefactor inside the organization using a random process I’ve given up trying to understand.

One of them was Programming Python. I found this somewhat interesting, as I collect computer languages. I know over two dozen general-purpose languages, write compilers and interpreters for fun, and have designed any number of special-purpose languages and markup formalisms myself. My most recently completed project, as I write this, is a special-purpose language called SNG for manipulating PNG (Portable Network Graphics) images. Interested readers can surf to the SNG home page at http://www.catb.org/~esr/sng/. I have also written implementations of several odd general-purpose languages on my Retrocomputing Museum page, http://www.catb.org/retro/.

I had already heard just enough about Python to know that it is what is nowadays called a “scripting language”, an interpretive language with its own built-in memory management and good facilities for calling and cooperating with other programs. So I dived into Programming Python with one question uppermost in my mind: what has this got that Perl does not?

Perl, of course, is the 800-pound gorilla of modern scripting languages. It has largely replaced shell as the scripting language of choice for system administrators, thanks partly to its comprehensive set of UNIX library and system calls, and partly to the huge collection of Perl modules built by a very active Perl community. The language is commonly estimated to be the CGI language behind about 85% of the “live” content on the Net. Larry Wall, its creator, is rightly considered one of the most important leaders in the Open Source community, and often ranks third behind Linus Torvalds and Richard Stallman in the current pantheon of hacker demigods.

At that time, I had used Perl for a number of small projects. I’d found it quite powerful, even if the syntax and some other aspects of the language seemed rather ad hoc and prone to bite one if not used with care. It seemed to me that Python would have quite a hill to climb as yet another scripting language, so as I read, I looked first for what seemed to set it apart from Perl.

I immediately tripped over the first odd feature of Python that everyone notices: the fact that whitespace (indentation) is actually significant in the language syntax. The language has no analog of the C and Perl brace syntax; instead, changes in indentation delimit statement groups. And, like most hackers on first realizing this fact, I recoiled in reflexive disgust.

I am just barely old enough to have programmed in batch FORTRAN for a few months back in the 1970s. Most hackers aren’t these days, but somehow our culture seems to have retained a pretty accurate folk memory of how nasty those old-style fixed-field languages were. Indeed, the term “free format”, used back then to describe the newer style of token-oriented syntax in Pascal and C, has almost been forgotten; all languages have been designed that way for decades now. Or almost all, anyway. It’s hard to blame anyone, on seeing this Python feature, for initially reacting as though they had unexpectedly stepped in a steaming pile of dinosaur dung.

That’s certainly how I felt. I skimmed through the rest of the language description without much interest. I didn’t see much else to recommend Python, except maybe that the syntax seemed rather cleaner than Perl’s and the facilities for doing basic GUI elements like buttons and menus looked fairly good.

I put the book back on the shelf, making a mental note that I should code some kind of small GUI-centered project in Python sometime, just to make sure I really understood the language. But I didn’t believe what I’d seen would ever compete effectively with Perl.

A lot of other things conspired to keep that note way down on my priority list for many months. The rest of 1997 was eventful for me; it was, among other things, the year I wrote and published the original version of “The Cathedral and the Bazaar”. But I did find time to write several Perl programs, including two of significant size and complexity. One of them, keeper, is the assistant still used to file incoming submissions at the Metalab software archive. It generates the web pages you see atmetalab.unc.edu/pub/Linux/!INDEX.html. The other, anthologize, was used to automatically generate the PostScript for the sixth edition of Linux from the Linux Documentation Project’s archive of HOWTOs. Both programs are available at Metalab.

Writing these programs left me progressively less satisfied with Perl. Larger project size seemed to magnify some of Perl’s annoyances into serious, continuing problems. The syntax that had seemed merely eccentric at a hundred lines began to seem like a nigh-impenetrable hedge of thorns at a thousand. “More than one way to do it” lent flavor and expressiveness at a small scale, but made it significantly harder to maintain consistent style across a wider code base. And many of the features that were later patched into Perl to address the complexity-control needs of bigger programs (objects, lexical scoping, “use strict”, etc.) had a fragile, jerry-rigged feel about them.

These problems combined to make large volumes of Perl code seem unreasonably difficult to read and grasp as a whole after only a few days’ absence. Also, I found I was spending more and more time wrestling with artifacts of the language rather than my application problems. And, most damning of all, the resulting code was ugly—this matters. Ugly programs are like ugly suspension bridges: they’re much more liable to collapse than pretty ones, because the way humans (especially engineer-humans) perceive beauty is intimately related to our ability to process and understand complexity. A language that makes it hard to write elegant code makes it hard to write good code.

With a baseline of two dozen languages under my belt, I could detect all the telltale signs of a language design that had been pushed to the edge of its functional envelope. By mid-1997, I was thinking “there has to be a better way” and began casting about for a more elegant scripting language.

One course I did not consider was going back to C as a default language. The days when it made sense to do your own memory management in a new program are long over, outside of a few specialty areas like kernel hacking, scientific computing and 3-D graphics—places where you absolutely must get maximum speed and tight control of memory usage, because you need to push the hardware as hard as possible.

For most other situations, accepting the debugging overhead of buffer overruns, pointer-aliasing problems, malloc/free memory leaks and all the other associated ills is just crazy on today’s machines. Far better to trade a few cycles and a few kilobytes of memory for the overhead of a scripting language’s memory manager and economize on far more valuable human time. Indeed, the advantages of this strategy are precisely what has driven the explosive growth of Perl since the mid-1990s.

I flirted with Tcl, only to discover quickly that it scales up even more poorly than Perl. Old LISPer that I am, I also looked at various current dialects of Lisp and Scheme—but, as is historically usual for Lisp, lots of clever design was rendered almost useless by scanty or nonexistent documentation, incomplete access to POSIX/UNIX facilities, and a small but nevertheless deeply fragmented user community. Perl’s popularity is not an accident; most of its competitors are either worse than Perl for large projects or somehow nowhere near as useful as their theoretically superior designs ought to make them.

My second look at Python was almost as accidental as my first. In October 1997, a series of questions on the fetchmail-friends mailing list made it clear that end users were having increasing trouble generating configuration files for my fetchmailutility. The file uses a simple, classically UNIX free-format syntax, but can become forbiddingly complicated when a user has POP3 and IMAP accounts at multiple sites. As an example, see Listing 1 for a somewhat simplified version of mine.

Listing 1

I decided to attack the problem by writing an end-user-friendly configuration editor,fetchmailconf. The design objective of fetchmailconf was clear: to completely hide the control file syntax behind a fashionable, ergonomically correct GUI interface replete with selection buttons, slider bars and fill-out forms.

The thought of implementing this in Perl did not thrill me. I had seen GUI code in Perl, and it was a spiky mixture of Perl and Tcl that looked even uglier than my own pure-Perl code. It was at this point I remembered the bit I had set more than six months earlier. This could be an opportunity to get some hands-on experience with Python.

Of course, this brought me face to face once again with Python’s pons asinorum, the significance of whitespace. This time, however, I charged ahead and roughed out some code for a handful of sample GUI elements. Oddly enough, Python’s use of whitespace stopped feeling unnatural after about twenty minutes. I just indented code, pretty much as I would have done in a C program anyway, and it worked.

That was my first surprise. My second came a couple of hours into the project, when I noticed (allowing for pauses needed to look up new features in Programming Python) I was generating working code nearly as fast as I could type. When I realized this, I was quite startled. An important measure of effort in coding is the frequency with which you write something that doesn’t actually match your mental representation of the problem, and have to backtrack on realizing that what you just typed won’t actually tell the language to do what you’re thinking. An important measure of good language design is how rapidly the percentage of missteps of this kind falls as you gain experience with the language.

When you’re writing working code nearly as fast as you can type and your misstep rate is near zero, it generally means you’ve achieved mastery of the language. But that didn’t make sense, because it was still day one and I was regularly pausing to look up new language and library features!

This was my first clue that, in Python, I was actually dealing with an exceptionally good design. Most languages have so much friction and awkwardness built into their design that you learn most of their feature set long before your misstep rate drops anywhere near zero. Python was the first general-purpose language I’d ever used that reversed this process.

Not that it took me very long to learn the feature set. I wrote a working, usable fetchmailconf, with GUI, in six working days, of which perhaps the equivalent of two days were spent learning Python itself. This reflects another useful property of the language: it is compact–you can hold its entire feature set (and at least a concept index of its libraries) in your head. C is a famously compact language. Perl is notoriously not; one of the things the notion “There’s more than one way to do it!” costs Perl is the possibility of compactness.

But my most dramatic moment of discovery lay ahead. My design had a problem: I could easily generate configuration files from the user’s GUI actions, but editing them was a much harder problem. Or, rather, reading them into an editable form was a problem.

The parser for fetchmail’s configuration file syntax is rather elaborate. It’s actually written in YACC and Lex, two classic UNIX tools for generating language-parsing code in C. In order for fetchmailconf to be able to edit existing configuration files, I thought it would have to replicate that elaborate parser in Python. I was very reluctant to do this, partly because of the amount of work involved and partly because I wasn’t sure how to ascertain that two parsers in two different languages accept the same. The last thing I needed was the extra labor of keeping the two parsers in synchronization as the configuration language evolved!

This problem stumped me for a while. Then I had an inspiration: I’d let fetchmailconf use fetchmail’s own parser! I added a –configdump option to fetchmail that would parse .fetchmailrc and dump the result to standard output in the format of a Python initializer. For the file above, the result would look roughly like Listing 2 (to save space, some data not relevant to the example is omitted).

Listing 2

Python could then evaluate the fetchmail –configdump output and have the configuration available as the value of the variable “fetchmail”.

This wasn’t quite the last step in the dance. What I really wanted wasn’t just for fetchmailconf to have the existing configuration, but to turn it into a linked tree of live objects. There would be three kinds of objects in this tree: Configuration (the top-level object representing the entire configuration), Site (representing one of the sites to be polled) and User (representing user data attached to a site). The example file describes five site objects, each with one user object attached to it.

I had already designed and written the three object classes (that’s what took four days, most of it spent getting the layout of the widgets just right). Each had a method that caused it to pop up a GUI edit panel to modify its instance data. My last remaining problem was somehow to transform the dead data in this Python initializer into live objects.

I considered writing code that would explicitly know about the structure of all three classes and use that knowledge to grovel through the initializer creating matching objects, but rejected that idea because new class members were likely to be added over time as the configuration language grew new features. If I wrote the object-creation code in the obvious way, it would be fragile and tend to fall out of sync when either the class definitions or the initializer structure changed.

What I really wanted was code that would analyze the shape and members of the initializer, query the class definitions themselves about their members, and then adjust itself to impedance-match the two sets.

This kind of thing is called metaclass hacking and is generally considered fearsomely esoteric—deep black magic. Most object-oriented languages don’t support it at all; in those that do (Perl being one), it tends to be a complicated and fragile undertaking. I had been impressed by Python’s low coefficient of friction so far, but here was a realtest. How hard would I have to wrestle with the language to get it to do this? I knew from previous experience that the bout was likely to be painful, even assuming I won, but I dived into the book and read up on Python’s metaclass facilities. The resulting function is shown in Listing 3, and the code that calls it is in Listing 4.

Listing 3

Listing 4

That doesn’t look too bad for deep black magic, does it? Thirty-two lines, counting comments. Just from knowing what I’ve said about the class structure, the calling code is even readable. But the size of this code isn’t the real shocker. Brace yourself: this code only took me about ninety minutes to write—and it worked correctly the first time I ran it.

To say I was astonished would have been positively wallowing in understatement. It’s remarkable enough when implementations of simple techniques work exactly as expected the first time; but my first metaclass hack in a new language, six days from a cold standing start? Even if we stipulate that I am a fairly talented hacker, this is an amazing testament to Python’s clarity and elegance of design.

There was simply no way I could have pulled off a coup like this in Perl, even with my vastly greater experience level in that language. It was at this point I realized I was probably leaving Perl behind.

This was my most dramatic Python moment. But, when all is said and done, it was just a clever hack. The long-term usefulness of a language comes not in its ability to support clever hacks, but from how well and how unobtrusively it supports the day-to-day work of programming. The day-to-day work of programming consists not of writing new programs, but mostly reading and modifying existing ones.

So the real punchline of the story is this: weeks and months after writing fetchmailconf, I could still read the fetchmailconf code and grok what it was doing without serious mental effort. And the true reason I no longer write Perl for anything but tiny projects is that was never true when I was writing large masses of Perl code. I fear the prospect of ever having to modify keeper or anthologize again—but fetchmailconf gives me no qualms at all.

Perl still has its uses. For tiny projects (100 lines or fewer) that involve a lot of text pattern matching, I am still more likely to tinker up a Perl-regexp-based solution than to reach for Python. For good recent examples of such things, see thetimeseries and growthplot scripts in the fetchmail distribution. Actually, these are much like the things Perl did in its original role as a sort of combination awk/sed/grep/sh, before it had functions and direct access to the operating system API. For anything larger or more complex, I have come to prefer the subtle virtues of Python—and I think you will, too.

Resources

All listings referred to in this article are available by anonymous download in the fileftp.linuxjournal.com/pub/lj/listings/issue73/3882.tgz.

Eric Raymond is a Linux advocate and the author of The Cathedral & The Bazaar . He can be reached via e-mail at (esr@thyrsus.com). 

Posted in Python | Tagged | Comments Off

Linux: Neighbour Table Overflow Error and Solution

Posted on January 1, 2012 by admin

I setup a CentOS Linux based Linux server running as a gateway and firewall server. However, I’m getting the following messages in the /var/log/messages log file:

Dec 20 00:41:01 fw01 kernel: Neighbour table overflow.
Dec 20 00:41:01 fw01 last message repeated 20 times

OR


Dec 20 00:41:01 fw03 kernel: [ 8987.821184] Neighbour table overflow.
Dec 20 00:41:01 fw03 kernel: [ 8987.860465] printk: 100 messages suppressed.

Why does kernel throw “Neighbour table overflow” messages in syslog? How do I fix this problem under Debian / CentOS / RHEL / Fedora / Ubuntu Linux?

For busy networks (or gateway / firewall Linux server) it is mandatory to increase the kernel’s internal ARP cache size. The following kernel variables are used:

net.ipv4.neigh.default.gc_thresh1
net.ipv4.neigh.default.gc_thresh2
net.ipv4.neigh.default.gc_thresh3

To see current values, type:
# sysctl net.ipv4.neigh.default.gc_thresh1
Sample outputs:

net.ipv4.neigh.default.gc_thresh1 = 128

Type the following command:
# sysctl net.ipv4.neigh.default.gc_thresh2
Sample outputs:

net.ipv4.neigh.default.gc_thresh2 = 512

Type the following command:
# sysctl net.ipv4.neigh.default.gc_thresh3
Sample outputs:

net.ipv4.neigh.default.gc_thresh3 = 1024

So you need to make sure that the arp table to become bigger than the above defaults. The above limitations are good for small network or a single server. This will also affect your DNS traffic.

How Do I Fix “Neighbour Table Overflow” Error?

Edit /etc/sysctl.conf file, enter:
# vi /etc/sysctl.conf
Append the following values (this is taken from server that protects over 200 desktops running MS-Windows, Linux, and Apple OS X):

 ## works best with <= 500 client computers ##
# Force gc to clean-up quickly
net.ipv4.neigh.default.gc_interval = 3600

# Set ARP cache entry timeout
net.ipv4.neigh.default.gc_stale_time = 3600

# Setup DNS threshold for arp
net.ipv4.neigh.default.gc_thresh3 = 4096
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh1 = 1024

To load new changes type the following command:
# sysctl -p

Posted in Linux | Tagged , | Comments Off

Linux: Find Out What Partition a File Belongs To

Posted on January 1, 2012 by admin

How do I find out that /users/f/foo/file.txt file belongs to a specific partition? How do I find out on what partition a file exits?

The df command report file system disk space usage including file names and directory names. The syntax is as follows:

 
df
df /path/to/dir
df /path/to/file

In this example find out partition name for a file called /users/f/foo/file.txt, enter:
$ df -T /users/f/foo/file.txt
Sample outputs:

Filesystem    Type   1K-blocks      Used Available Use% Mounted on
/dev/sda5     ext4   472439072 146088944 302351616  33% /

The above command indicates that the file called “/users/f/foo/file.txt” belongs to /dev/sda5 partition. The following command only shows partition name:

 df /users/f/foo/file.txt | awk '/^\/dev/ {print $1}'

OR

 
awk '/^\/dev/ {print $1}' <<<"$(df /users/f/foo/file.txt)"

Sample outputs:

/dev/sda5

I recommend that you place the following bash function in your ~/.bashrc file

 
# find partition name for a given filename
findpart() { [ -e "$1" ] && df -P "$1"  | awk '/^\/dev/ {print $1}' || echo "$1 not found"; }

Sample usage:
$ findpart /foo/bar
$ findpart /etc
$ findpart /home/vivek/test.txt
Sample session:

df Command To Find Out On What Partition a File (Directory) Exits

Posted in Linux, Uncategorized | Tagged , , | Comments Off

Mediawiki PHP Fatal error: Cannot redeclare wfProfileIn() Error and Solution

Posted on January 1, 2012 by admin

I’m running the Mediawiki software under Apache web server running on the Unix operating systems. I’m getting the following in my php error log:

PHP Fatal error: Cannot redeclare wfProfileIn() (previously declared in /var/www/html/wiki/includes/profiler/Profiler.php:14) in /var/www/html/wiki/includes/ProfilerStub.php on line 25.

How do I fix this problem under Mediawiki version 1.18.0?

According to this:

StartProfiler.php isn’t a core file, it is created by the sysadmin if it is needed. A StartProfiler.sample is included, which can be copied to StartProfiler.php. Due to changes in 1.18, a StartProfiler.php from a previous version will be incompatible. StartProfiler.sample was updated, but StartProfiler.php couldn’t be updated because it doesn’t exist in the distribution.

StartProfiler.php is the core problem. Deleting it gets rid of that problem.

In other words just delete the StartProfiler.php file or rename the file as StartProfiler_old.php:
rm /var/www/html/wiki/includes/StartProfiler.php
OR
mv /var/www/html/wiki/includes/StartProfiler.php /var/www/html/wiki/includes/StartProfiler_OLD.php

Posted in php | Tagged , | Comments Off

Yum Command: Blacklist Packages [ Disable Certain Packages ]

Posted on January 1, 2012 by admin

How do I force yum command to disable certain packages from being installed using certain repos such as EPEL under RHEL or CentOS Linux 6.x server?

The exclude option can be set in any .repo configuration file. The syntax is as follows:

 
exclude=package1 package2
exclude=package1* package?

Package1 Package2 is a list of packages to exclude from updates or installs. This should be a space separated list. Shell globs using wildcards (eg. * and ?) are allowed. In this example, blakclist nginx package from epel repo. Edit /etc/yum.repos.d/epel.repo, enter:
# vi /etc/yum.repos.d/epel.repo
Update the file as follows using the exclude keyword:

 
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
### Blacklist nginx package ###
exclude=nginx*

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

Save and close the file. You can search the repo:
# yum search nginx
Sample outputs:

Loaded plugins: product-id, rhnplugin, subscription-manager
Updating certificate-based repositories.
============================== N/S Matched: nginx ==============================
collectd-nginx.x86_64 : Nginx plugin for collectd
nginx.x86_64 : Robust, small and high performance HTTP and reverse proxy server
  Name and summary matches only, use "search all" for everything.

But, you can not install the same:
# yum install nginx
Sample outputs:

Loaded plugins: product-id, rhnplugin, subscription-manager
Updating certificate-based repositories.
Setting up Install Process
Nothing to do

You can also use the yum command line option as follows without editing the repo file:
# yum --exclude=nginx* update
You can list the packages as follows:
# yum --exclude=nginx\* --exclude=lighttpd\* update
OR
# yum -x nginx -x lighttpd update
OR
# yum -x 'nginx*' -x 'lighttpd*' update

Posted in yum | Tagged | Comments Off

CentOS / RHEL: Change / Copy File SELinux Security Context Command

Posted on January 1, 2012 by admin

I’ve created a file as follows:

ls -l -Z /etc/cron.d/vnstat
-rw-r–r–. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/vnstat

I’ve created a new file /etc/cron.d/vnstat.custom.interface:

ls -l -Z /etc/cron.d/vnstat.custom.interface
-rw-r–r–. root root unconfined_u:object_r:system_cron_spool_t:s0 /etc/cron.d/vnstat.custom.interface

The /etc/cron.d/vnstat is part of default vnstat package. I’ve installed my own version of the same. But, due to SELinux security cron job is not running. How do I change file SELinux security contex under RHEL / CentOS 6 Linux server to system_u:object_r:system_cron_spool_t:s0 from unconfined_u:object_r:system_cron_spool_t:s0 for /etc/cron.d/vnstat.custom.interface file?

You need to use the chcon command to change the SELinux security context of FILE. The syntax is as follows:

chcon --reference=/path/to/existingfile /path/to/a/newfile

OR

chcon CONTEXT /path/to/a/newfile

Syntax #1 Example

The first syntax is easy to use and recommend for all users:
# cd /etc/cron.d/
# chcon --reference=vnstat vnstat.custom.interface
Verify new context, type:
# ls -Z vnstat*
Sample outputs:

-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 vnstat
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 vnstat.custom.interface

Syntax #2 Example

First, see existing context, enter:
# cd /etc/cron.d/
# ls -Z vnstat
Sample outputs:

-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 vnstat

Use the following syntax to copy system_u:object_r:system_cron_spool_t:s0 context:
# chcon system_u:object_r:system_cron_spool_t:s0 vnstat.custom.interface
Verify the same, enter:
# ls -Z vnstat*
Sample outputs:

-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 vnstat
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 vnstat.custom.interface
Posted in Linux, Security | Tagged , | Comments Off

CentOS / RHEL: yum Command Reinstall Package

Posted on January 1, 2012 by admin

I accidental deleted the configuration file stored in /etc/ directory and the latest backup were made yesterday. How do I resinstall the package using the yum command under RHEL / CentOS Linux server?

You can use the yum command with reinstall option. This will reinstall the identically versioned package as is currently installed. The syntax is as follows:

 
yum reinstall packageName
yum reinstall packageName1 packageName2

In this example reinstall a package called keepalived, type:
# yum reinstall keepalived
Sample outputs:

Loaded plugins: product-id, rhnplugin, subscription-manager
Updating certificate-based repositories.
Setting up Reinstall Process
Resolving Dependencies
--> Running transaction check
---> Package keepalived.x86_64 0:1.2.2-2.el6 will be reinstalled
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================================================
 Package                             Arch                            Version                                 Repository                     Size
=================================================================================================================================================
Reinstalling:
 keepalived                          x86_64                          1.2.2-2.el6                             epel                          147 k
Transaction Summary
=================================================================================================================================================
Reinstall     1 Package(s)
Total download size: 147 k
Installed size: 380 k
Is this ok [y/N]: y
Downloading Packages:
keepalived-1.2.2-2.el6.x86_64.rpm                                                                                         | 147 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : keepalived-1.2.2-2.el6.x86_64                                                                                                 1/1
Installed products updated.
Installed:
  keepalived.x86_64 0:1.2.2-2.el6

Note: This does not work for “installonly” packages such as RHEL kernels packages.

Posted in Linux, yum | Tagged , | Comments Off