Yet Another Linux Blog

This worked on MySQL 4.1.20 from RH

1. /etc/init.d/mysqld stop
2. mysqld_safe –skip-grant-tables –skip-networking &
3. mysql -u root
4. update mysql.user set password = password(’newpassword’) where user=’root’;
5. restart mysqld

Using mysqladmin -u root flush-privileges password “newpassword” didn’t work! … because it loads the grant tables first!

The problem is simple: you want to log the packets that your firewall drops, so you add a simple “iptables -A whatever -i eth0 -j LOG –log-prefix “INPUT DENIED “” just before the DROP/REJECT to your firewall script. Then netfilter logs all the packets to syslog with the kern facility. But then if you try to use the system console, it gets littered with all the logs about dropped packets.

So then you can comment out the line about /dev/console in /etc/syslog.conf but that stops ALL kernel messages from going to the console, which is also not desirable. You’re stuck.

One alternative is ulogd. Install that, configure it to log to syslog, but a different facility (like local5) and change the iptables line from “LOG” to “ULOG” and tell syslog where to log the local5 lines and you’re set.

That’s fine for the short term, but ulogd is arguably abandoned because the author is too busy. There is also a newer, unstable version (ulogd v2.x) that doesn’t work yet. And the project’s mailing list has people recommending other implementations because of limitations in ulogd.

Another option is syslog-ng, the so-called “Next Generation” syslog. However, it’s maintained by a company that doesn’t spend any effort packaging the “open source edition”. Neither ulogd or syslog-ng is easy to obtain from standard repositories.

And then there’s the plans for RHEL6 to move to rsyslog. So I guess we should be using rsyslog?

I think I’ll stick with ulogd for EL4/5 since that requires the fewest changes from stock configuration.

Are you using RHEL or CentOS? Then you should probably add these repositories to your sources.

• yum install yum-protectbase yum-fastestmirror yum-updatesd
• Install the appropriate rpmforge-release RPM: http://dag.wieers.com/rpm/packages/rpmforge-release/
• Install the appropriate EPEL RPM:
  http://download.fedora.redhat.com/pub/epel/5/i386/repoview/epel-release.html
• maybe also install Karan’s repo (I’m not sure why this is different from Centos-Extras): http://centos.karan.org/
• maybe also install the Razor’s Edge repo: http://rpm.razorsedge.org/

I wanted to install ulogd on EL5 and the RE-test repo from Razor’s Edge was the only one that had it. This is certainly a little bit risky for production machines. It’s too bad RH doesn’t maintain one GIANT repo like the Debian project. Oh well, perhaps in a few more years.

Also, I like to use yum-updatesd to automatically run “yum -y upgrade” nightly. This is a bit risky if you have some testing repos enabled, so make use of the protectbase plugin and the “enable=0″ option in your yum confs.

for “over-subscription”.

Thanks to my subscription to “Storage” magazine, I’ve been getting a lot of propaganda about storage virtualization and storage consolidation and “thin provisioning”. The marketing literature always makes it sound like a panacea that will save you money and time, and oh, it’ll bring you breakfast in bed. In reality, what you’re doing is telling your OS that it has 100GB storage but only allocating it 50GB worth of disks.

This is akin to a cable operator telling their 100 subscribers that everyone has a 5MB/s link when in reality the total link is 50MB/s and things slow to a crawl if everyone tries to do things at once. We already know how that works out.

We can only hope that adding disks to your storage management system and then allocating the promised storage space is cheap and easy. But if it was cheap and easy, why not just buy it to begin with?

After a bit of trial and error, I learned that if you’re using NetworkManager to manage your network connectivity in Ubuntu 7.04 (Feisty Fawn), your /etc/network/interfaces file should have only the lo interface in it, like so:
auto lo
iface lo inet loopback

The symptoms include not having a network connection on boot, or getting unusual errors when you /etc/init.d/networking restart

You may also see something like this in /var/log/syslog:
Aug 3 11:25:41 iafg01 NetworkManager: ^IDevice ‘eth0′ DHCP transac
tion took too long (>99s), stopping it.
Aug 3 11:25:42 iafg01 NetworkManager: ^IActivation (eth0) Stage 4
of 5 (IP Configure Timeout) scheduled…
Aug 3 11:25:42 iafg01 NetworkManager: ^IActivation (eth0) Stage 4
of 5 (IP Configure Timeout) started…
Aug 3 11:25:42 iafg01 NetworkManager: ^INo DHCP reply received. A
utomatically obtaining IP via Zeroconf.
Aug 3 11:25:42 iafg01 NetworkManager: ^IActivation (eth0) failure
scheduled…
Aug 3 11:25:42 iafg01 NetworkManager: ^IActivation (eth0) Stage 4
of 5 (IP Configure Timeout) complete.
Aug 3 11:25:42 iafg01 NetworkManager: ^IActivation (eth0) failed.
Aug 3 11:25:42 iafg01 NetworkManager: ^IDeactivating device eth0.
Aug 3 11:25:43 iafg01 NetworkManager: ^ISWITCH: no current connect
ion, found better connection ‘eth0′