Enterprise Linux Log

October 10, 2007  9:11 AM

Linux 2.6.23


Usually I put on a little party hat and blow up some balloons for days like these, but I missed my alarm this morning and things got a little hectic in the ol’ apartment, or Linux Launch Pad, as I like ot call it.

Onwards and upwards to the news: Linux kernel version 2.6.23 is live and ready for your perusing pleasure.



Yeah, it got delayed, not because of any huge issues, but because of various bugfixes trickling in and causing me to reset my “release clock” all the time. But it’s out there now, and hopefully better for the wait. Not a whole lot of changes since -rc9, although there’s a few updates to mips, sparc64 and blackfin in there. Ignoring those arch updates, there’s basically a number of mostly one-liners (mostly in drivers, but there’s some networking fixes and soem VFS/VM fixes there too).

Shortlog and diffstat appended (both relative to -rc9, of course – the full log from 2.6.22 is on kernel.org as usual).

I want this to be what people look at for a few days, but expect the x86 merge to go ahead after that. So far, all indications are still that it’s going to be all smooth sailing, but hey, those indicators seem to always say that, and only after the fact do people notice any problems.

My my, seems like Linus is a little peeved this morning too. I wonder if he missed his alarm? I bet it’s a penguin. No, a real one.

Linux kernel newbies has a nice summary up today about what’s new in this release (note, it’s been Dugg, so this is a Google cache link):

2.6.23 includes the new, better, fairer CFS process scheduler, a simpler read-ahead mechanism, the lguest ‘Linux-on-Linux’ paravirtualization hypervisor, XEN guest support, KVM smp guest support, variable process argument length, make SLUB the default slab allocator, SELinux protection for exploiting null dereferences using mmap, XFS and ext4 improvements, PPP over L2TP support, the ‘lumpy’ reclaim algorithm, a userspace driver framework, the O_CLOEXEC file descriptor flag, splice improvements, new fallocate() syscall, lock statistics, support for multiqueue network devices, various new drivers and many other minor features and fixes.

October 9, 2007  1:03 PM

ZedCon: Zend Core 2.5, Eclipse, and Microsoft–oh my!


Today at ZendCon, Zend shared details about some new integration initiatives with products from IBM, Microsoft and Oracle, as well as some enhancements to the Zend version of PHP. Topping the list of announcements was an offering for developers who want to create PHP applications using Eclipse.

First, some background: ZendCon is the largest gathering of its kind for the PHP community and for companies using PHP to build and deploy business-critical web applications.

But now to the meaty bits, the announcements:

  • Zend Studio for Eclipse – The all-new commercial PHP IDE for Eclipse with immediate availability of a downloadable beta version
  • Zend Core 2.5 – Immediate availability of the new version of Zend’s production grade PHP
  • IBM releases the IBM Mashup Starter Kit, based on Zend Core, Zend Framework and DB2
  • Single source support from Zend for DB2 and Zend Core
  • Delivery by Microsoft of a new FastCGI module to improve PHP performance on Windows
  • Microsoft announces a new SQL Server 2005 Driver for PHP
  • Zend announces support for the Server Core option in Microsoft Windows Server 2008
  • Collaboration between Zend and Microsoft to deliver support for the identity management (Information Card) in Zend Framework
  • Oracle Announces PHP support for Connection Pooling in Oracle Database 11g

For a break down of each of these new PHP points, check out the PHP company’s web site (that’s Zend) for more details.

UPDATE: Oracle details its contribution:

The enhanced OCI8 database driver for PHP provides new, improved integration between PHP and Oracle Database 11g, to allow a server-side connection pool shareable across web servers and languages, significantly enhancing the scalability of web-based systems. Highlights include:

Breakthrough Scalability – leveraging Oracle Database 11g’s Database Resident Connection Pool (DRCP) feature, a large number of users can be supported with significantly reduced memory consumption. Multiple web servers running on different systems can share a single database connection pool, helping to further reduce consumption of system resources;

High Availability – supports advanced Oracle Database features such as fast application notification with Oracle Real Application Clusters and Oracle Data Guard. PHP applications can benefit from reduced downtime and higher levels of availability with this feature;

Extended Compatibility – existing PHP applications can take advantage of DRCP and fast application notification without changes in application code, resulting in an immediate boost in scalability, enabling more efficient hardware utilization and lower TCO.

October 9, 2007  11:53 AM

Novell Workgroup layoffs imminent


It was but a rumor last week, but today it looks like it’s all true: Novell is set to layoff a large chunk of its Workgroup division.

The number last week was an estimated 50-60%, but that’s still unconfirmed right now. What we do know is that an inside source at Novell said the layoffs are happening now, and specific departments are not yet known.

Regardless of your personal feelings about Novell the business, there’s nothing good to be gleaned from this news today.

Blogger and Alfresco guru Matt Asay tries anyway:

I’m no fan of Novell, but I hate layoffs. I’m sincerely sorry to see this happening. The good news, however, is that there are much better companies to work for out there. Like all of them. 🙂 Just ask Greg Collier. He left Novell a year or two ago to join Mozy/Berkley Data Systems, which was bought by EMC recently. Or Chris Stone, now CEO of Streamserve. Or John Vigeant who left Novell and joined XenSource (you know what happened next). Or Charlie Martin who is now sitting at MuleSource. Chris Cooper (my old boss) left to be a VC with UV Partners. Bill Mason went to Red Hat and is now at Zmanda. Etc.

Over at Linux news aggregation site LinuxToday, comments (always starting with the standard “I don;t like layoffs either, BUT…”) have already started to compare Novell to Enron.

October 9, 2007  10:15 AM

Top Linux applications, anyone?


Is your IT shop desperate to get off the Windows IV and into the free-wheelin’, foot loose and fancy free world of open source applications? No? Are you sure you’re on the right blog?

I only ask because I got an email today from reader Rich I. that contained a link to the top 50 applications to get your office on open source and I thought it was pretty interesting. A lot of the stuff I had heard of before, but it was nice to see all those apps compiled into a handy dandy list. Even I, in my infinite Linux wisdom*, found a new one here and there. Zabbix anyone?

I’d like to see more though. Throughout 2007 I’ve made it a point to ask which applications people are running on their Linux servers, and why. We’ve covered Samba and Apache a lot already, so anything and everything else is fair game. What works? What doesn’t? Let me know in the comments or at my email address.

* This is exaggerated because I work on the Internet.

October 8, 2007  10:10 AM

“Is a cursory look at the CentOS LIVE CD worth every penny?”


First, a disclaimer: I’m citing an anonymous comment from “Tech Source from Bohol” with that blog post headline. It is not a Jack Loftus original and I would never attempt to pass off another’s snazzy Internet snark as my own.

The comment may be a bit snotty, but it serves as a good lesson for other blogs or media outlets that are trying to review Linux distros and post their results into the ether of the Internet. The review in question in this case is one for CentOS 5. Or, I should say, it is a review for the CentOS 5 LiveCD that proclaims to be a review for the enterprise release of CentOS. It’s an important distinction to make and, if you’re trying to catch a break as a Linux review site, you should probably know the difference before your fingers hit the keys to type out a headline.

First, the juicy bit, or “controversy” regarding CentOS 5 Live CD, for reference:

Conclusion: So is CentOS 5.0 worth every penny? Not really. A live CD of its size should have been a little more complete. Even the smaller-sized Zenwalk can do much better than CentOS live. If its main purpose is merely for testing or for rescuing a broken system, lots of Mini distributions can do the job just the same. CentOS 5.0 live CD edition shouldn’t have been released in the first place because it is not ready yet. For now, I wouldn’t recommend downloading it because it’s just a waste of time. But to those who are really eager to try CentOS, perhaps the DVD installer version will do just fine based on the good things I’ve heard about it in some reviews. Maybe I will download that version also, that is after I have fully recovered from my disappointment with the Live CD.

Now, back to what I said about knowing the difference. The CentOS 5 DVD is something we’ve touched upon here at SearchEnterpriseLinux.com a number of times in the past, more recently for a series of Linux support articles where CentOS was featured thanks to its update sans subscription support model (which we compared to Red Hat Enterprise Linux 5). We spoke with enterprise level customers doing enterprise level things in their enterprise level data centers, and they provided us with real world examples of how this OS was helping keep their businesses running. The LiveCD, on the other hand, is a recovery tool usually found right at home on a workstation. If comparing it to the DVD seems like a venture in comparing spherically shaped orange and red types of fruit, you are not alone in your thoughts.

A Live CD definition via Wikipedia:

LiveDistro or Live CD is a generic term for an operating system distribution that is executed upon boot, without installation on a hard drive. Typically, it is stored on a bootable medium, such as a CD-ROM (Live CD), DVD (Live DVD), Floppy (Live floppy), USB flash drive (Live USB), among others. The term “live” derives from the fact that these distributions are a complete, runnable—i.e., “live”—instance of the operating system residing on the distribution medium, rather than the typical case of a collection of packages that must first be permanently installed to a hard drive on the target machine before using the OS. A LiveDistro does not alter the current operating system or files unless the user specifically requests it.

Used incorrectly, I would assume any piece of technology, no matter how masterfully designed, would yield less than stellar results (well, except maybe Mac OS x ;-P). That said, if we’re talking about CentOS as an enterprise distribution, the facts we’ve assembled here at SEL would appear to show this OS has the chops to run a business as long as the user is willing and able to independently handle support. There are handful of other OS’s out there too that we’ve covered with similar results (Debian and Ubuntu come to mind).

But as far as CentOS goes, it is “the” clone right now, says Beranger.org (who laced into Bohol’s post on CentOS, naturally):

Being the most popular of the rebuilds of RHEL, you have a very good chance to benefit enormously from their mailing lists. Also, if some blunder occurs upstream, you might find a workaround in the CentOS community even before the upstream comes with a fix!

Installing CentOS 5.0 right now has a slightly annoying downside: you’ll have to pull tons of updates right away. Note that CentOS 5.0 issued “already obsoleted” media, for they understood the binary compatibility ad litteram: they have included the exact same versions of the packages as per the upstream RHEL 5.0 install media. It’s just they released several months later, and updates were quite a lot…

CentOS also has some extra repos you might benefit of. However, they were much more consistent with version 4 than with version 5. Last but not least, Karanbir Singh does a great job with his extra packages too.

CentOS is simply a different approach to the whole Linux support puzzle. Some people pay a subscription because it fits their needs, and others use IRC and mailing lists to fill in the holes. My highly unscientific opinion says that there are more people happy with CentOS in their environments than not,so any budding reviewer should probably get in contact with a few of them before writing any articles. I know we did at SEL.com.

Of course, we mustn’t be completely negative with this post, and as I write it I realized there could be an issue out there worth looking into that stems directly from this little parlay into the world of OS reviews. Do a majority of users understand the difference? Instead of attacking the review, which gets its CDs and DVDs crossed up, could we instead ask if there’s an issue in how the two are defined? I find that, unfortunately, in cases like this, the Linux community attacks the messenger, instead of addressing the overall problem: Not everyone on the planet Earth understands, uses or even likes Linux. Instead of labeling them an idiot, or a noob or whatever, maybe some hand holding is in order. Who knows, you could ultimately be adding another member to your ranks.

Regardless, this whole exercise is a lesson in headline writing; when you post a headline that promises a review of an operating system, make sure it’s the right one!

October 4, 2007  11:28 AM

Handy script protects Linux against traffic spikes


We received another user-submitted Linux script for our “Share scripts… win Starbucks” series. This one comes from David Witham, who writes:

I administer a consumer VoIP switch for a VSP. The switch acts as a SIP registrar and proxy. Many thousands of devices register and re-register with the registrar every few minutes so there’s a pretty constant stream of traffic hitting it. Some SIP devices have flakey firmware and misbehave in such a way that they flood the registrar with registration requests to the point that performance is compromised, so I needed a way to protect the registrar from those devices.

I wrote a script that takes a sample of network traffic using Ethereal, checks for IP addresses transmitting excessive packets and blocks them by adding them to a list of addresses to drop in the INPUT chain of iptables.

David suggests running the script every 15 minutes to allow new IP addresses to be added to the list, then flushing the addresses and re-adding them so IP addresses that have stopped flooding can re-register.

Give it a try. This script was optimized for RHEL4 but should run on other Linux and Unix systems that have Ethereal or iptables. Feel free to modify it any way you like, or maybe you have one of your own to share? Share a script with us and, if we use it, we’ll treat you to Starbucks.

Keep the scripts coming!

# Run from cron on a frequent basis, including on the hour, to block IP addresses flooding with SIP requests
# Use -f to force a flush of the INPUT chain
# First 3 octets of destination IP address of the flooding packets


# Whole destination IP address of the flooding packets


# Interface on which the flooding is occurring


# Flush iptables INPUT filter chain each hour in case some IPs have stopped flooding and are genuinely trying to use the service
if [ $(date +%M) = “00” -o “$1” = “-f” ]; then
        /sbin/iptables -F INPUT
        # Wait 5 seconds for IPs to start flooding again (most flooding IPs send REGISTER every 4 seconds if not getting a response)
        sleep 5
        # Add IP address to drop to iptables INPUT filter chain. Repeat a couple of times to catch all IPs
        /usr/sbin/tethereal -i $INTERFACE-a duration:10 2>/dev/null | awk ‘{print $2;print $4}’ | grep -v $BASE | sort | uniq -c | sort -rn | awk ‘$1 > 30 {print $2}’ | while read ip; do /sbin/iptables -A INPUT -s $ip -d $HOSTIP -j DROP ; done
        sleep 5
        /usr/sbin/tethereal -i $INTERFACE-a duration:10 2>/dev/null | awk ‘{print $2;print $4}’ | grep -v $BASE | sort | uniq -c | sort -rn | awk ‘$1 > 30 {print $2}’ | while read ip; do /sbin/iptables -A INPUT -s $ip -d $HOSTIP -j DROP ; done
        sleep 5
        /usr/sbin/tethereal -i $INTERFACE-a duration:10 2>/dev/null | awk ‘{print $2;print $4}’ | grep -v $BASE | sort | uniq -c | sort -rn | awk ‘$1 > 30 {print $2}’ | while read ip; do /sbin/iptables -A INPUT -s $ip -d $HOSTIP -j DROP ; done
        # Add more IP addresses to drop to iptables INPUT filter chain
        /usr/sbin/tethereal -i $INTERFACE-a duration:10 2>/dev/null | awk ‘{print $2;print $4}’ | grep -v $BASE | sort | uniq -c | sort -rn | awk ‘$1 > 30 {print $2}’ | while read ip; do /sbin/iptables -A INPUT -s $ip -d $HOSTIP -j DROP ; done


October 4, 2007  8:48 AM

openSUSE 10.3 now available


Novell today announced the availability of openSUSE 10.3.

Some of the enhancements were detailed by Novell in a press release today:

  • OpenOffice.org 2.3;
  • The latest versions of the GNOME and KDE desktop environments;
  • The latest version of AppArmor protects the Linux operating system and applications from attacks, viruses and malicious applications;
  • MP3 support out of the box for Banshee and Amarok; and,
  • The latest open source applications for developing applications, setting up a home network and running a Web server, as well as the latest virtualization software such as Xen 3.1 and VirtualBox 1.5.

In the release, Andreas Jaeger, director of the openSUSE project, said version 10.3 makes openSUSE the first Linux distribution to take full advantage of the “1-Click Install” option, which gives openSUSE 10.3 users access to more software packages residing on the openSUSE Build Service.

In a hat tip to the power of open source software development, the one-click install was contributed by a single openSUSE community member.

Availability and Pricing

OpenSUSE 10.3 is now available for free download at www.opensuse.org . The retail edition of openSUSE 10.3 is available on www.shopnovell.com as well as in select retail locations. It delivers the same packages as the downloadable version on an installable DVD for 32- and 64-bit architectures, and it is accompanied by a second DVD containing a large selection of additional software available at the release date.

Also included are a comprehensive user manual and 90 days of installation support, all for a suggested $59.95.

October 3, 2007  7:49 AM

Ubuntu Gustsy Gibbon and Firefox update


Some commentary on Ubuntu Gutsy Gibbon and Firefox from SearchEnterpriseLinux.com reader C.K.:

I have an update to the FF3 in Ubuntu item; I was reading http://tech.tolero.org/blog/en/linux/review-ubuntu-710-gutsy-features-changes
and they mention that:

A third (currently alpha) version of the Firefox browser named ‘Gran Paradiso’ is included into the ‘universe’ repository. If installed, it will settle aside of the stable application, even using own settings directory at the home folder.

So I had a look in the copy of Gutsy I’m running in VirtualBox (http://www.virtualbox.org/) and indeed, its there: “firefox-granparadiso”. As per http://packages.ubuntu.com/firefox-granparadiso its currently version 3.0~alpha7-0ubuntu6, but it will be likely to get security updates to bump it up to a current version after its released.

This is a really neat way of doing things; they don’t have to backport anything and by putting it in universe they don’t have to fully support it, but at the same time, its easily available to early adopters (e.g. me ;).

Color me impressed! 🙂

Thanks for the update, CK!

October 2, 2007  12:59 PM

Linux Done Right (personals edition): Linux shop seeks Linux vendor


Consider this the second in an occasional, meandering series of articles on Linux done right. These aren’t meant to boost the sales of any particular vendor, but instead are meant to show other end users, IT managers and decision makers what to look for when vetting applications and operating system migrations. It can be support, migrations strategies, execution or anything and everything in between. If it’s Linux done right, then you’ll find it here.

Matthew Porter, the CEO of Contegix, is an anomaly as far as I’m concerned–and I don’t mean that in a negative way whatsoever.You see, Contegix, a managed hosting provider based in St. Louis, Mo., is a 100% Linux shop. Every server they run internally has Red Hat Enterprise Linux 3, 4 or 5 installed (although they’re not using Xen just yet), and all their applications, save a financial/payroll application that just has to run on Windows as a virtual instance in VMware, runs on Linux.OK, so that makes them a 99% Linux shop with a vestigial Microsoft Windows appendix, and I apologize. In an industry that holds sacred the “five nine’s,” I think you can give me some slack on this one.

Anyway, outside of European universities and some HPC instances, 100% Linux shops are a rare breed in this heterogeneous operating system mishmash of a world we live in today. But that still hasn’t stopped Contegix. In a call last week, Porter told me that business is going well and growing fast. So fast, in fact, that Porter called what’s happened over the past few months “explosive.””We’ve grown 10% every month over the past couple of years,” he said. “Today it’s more like 14%.”

I called Contegix an anomaly, but their story isn’t all the surprising when you look at Linux growth over the same period of time. Everyone from Gartner to IDC to our friends at Saugatuck have pegged 2009-2011 or thereabouts as the magic year where Linux takes an approximate 50% share of all mission critical operations in the enterprise. That’s not edge of enterprise stuff in addition to mission critical, either–it’s bare bones “if this messes up then our business suffers” stuff.

But that’s all in the amorphous soup of the far future. Contegix was an all Linux shop now, and with all of that growth over the past few quarters, it was starting to experience what can only be described as growing pains. Legacy software and a surging pile of user data that grew every month were taxing the system and tying up resources for days at a time, Porter said.

Their old backup solution, Arkeia, worked well for about a year, Porter said, but couldn’t scale and Contegix was spending 40+ hours per week managing backups and recoveries.

“The problem we were dealing with was that we were working around the limitations of our previous software,” Porter said. “It often took 24 hours to backup the index that the software was using.” Sometimes that 24-hour estimate was being generous, and the backup took longer (some recovery or file system-related efforts were eating up 42 or more hours a clip). “When a customer needed some stored, even if it was just a 65 meg file or a database or whatever, it may have taken and hour just to restore that. And we were storing about 50 terabytes a month,” he said.

As Contegix continued to grow, speeding up the backup and recovery time would become a top priority going forward.

Looking for options, thinking of Linux

A Linux shop should expect a certain degree of Linux respect and understanding, right? Contegix’s case was no exception. From the onset, Porter and his team sought out vendors who could provide recovery and back up peace of mind with a Linux twist, no questions asked. They had to, because Porter wasn’t about to spend even more money to retrain his staff on Windows or SQL Server.

“We have a lot of Postgres and MySQL, so it was critical to have hot backup plug-ins for those databases … [and] we had literally no technical staff that used Windows as a desktop. We didn’t want to learn SQL Server,” he said.

Those strict specifications hurt the first candidate, Oceanport, N.J.-based CommVault, right out of the gate. With CommVault’s offering, called Simpana, Porter said his staff was asked to learn SQL Server. “Given the ownership costs, CommVault had higher costs of ownership,” Porter said.

Nor did CommVault offer support for MySQL or PostgreSQL. Contegix was also unable to test the application because CommVault wanted a signed PO first. No deal.

The next solution came from Symantec, which Porter and some of the Contegix team had had some experience with at a previous company. From what Porter told me, things didn’t go well even with the prior encounter serving as a foot in the door. Again, the hangup arrived because of how Contegix viewed the vendor’s approach to Linux, Linux support and testing.

“[Symantec weren’t as nimble in evaluation process as they could have been. It took two months to get a quote, but there was still no demo unit. The installation process was too costly. The there was the Linux dynamic. The reseller we went through basically said ‘we only sell for Windows, but we can do Linux after we get approval for Linux.’,” Porter said. “It kind of felt like they fully supported [Linux], but not fully at all.”

Symantec’s application, NetBackup, was also out of Contegix’s price range, and they were worried about the potential management hours they would have to spend on NetBackup.

Cue the Price is Right “you lose” gong sound.

Finding some Linux spine

Rounding out a trio of back up and recovery options was BakBone Software, a backup and recovery vendor based in San Diego. Interestingly enough, the trait that immediately stuck out in Porter’s mind about his experiences with BakBone wasn’t technical, it was support and sales-related.

“The same sales rep we dealt with in the beginning was there a year later. Sometimes when you see a lot of turnover the reps don’t really believe in the product, or it’s not selling, but that obviously wasn’t the case,” he said.

The came the point on which many Linux and open source software relationships are made or broken: support. How does it fare? Is it what you’ve become accustomed to over the years? Is it better? Is it completely different? Is it professional?

In Porter’s case, he asks similar questions, but he also has a test of his own that’s been generated from Contegix’s own support practices. “[As a managed hosting provider] we always have support staff on hand at all times 24/7/365, and we answer every ticket in five minutes. We assign an engineer to that ticket, not some sales rep or whatever. When an organization like ours is built around support as the number one feature, then vendors must have that same mentality,” he said.

Long story short, BakBone did support MySQL and Postgres, and the handful of other applications on hand like Ruby on Rails and Java, and it allowed testing and the price point was right, so Porter bought into NetVault: Backup 8.0.

The server implementation took less than a day, and today Contegix has migrated about 98% of its Arkeia servers over to NetVault. In twenty more days, Porter expects the migration to be complete.

“The consolidation was was a huge benefit for us. They can do full consolidation or a synthetic one. The second big draw for us is the not just the consolidation is that there, it is the fact that we have great independent restore time, that’s fast and a great way to back up our catalogue and index,” Porter said. “We do a lot of back up to a fiber channel SAN. With NetVault, we could mount our SAN in drivesafe just like Oracle does, so that the load can be shared among back end servers and multiple backups and clients. Literally, we have three or four servers that just perform backup.”

For Contegix, the ability to share media and have those multiple backup servers is “ubelieveably smart,” Porter said. “We were spending so much time writing custom scripts to work with the ODL system before and many of those were already features in BakBone,” Porter said.

Indeed, before the third party backup and recovery app was introduced to the Contegix back end environment, the IT staff was wasting a good 100-150 hours per month on those customer scripts. But not anymore.

Like I wrote earlier, the migration off legacy is about 98% done. Something could still go wrong, I suppose, but that’s not the feeling I got when talking with Porter. From the sounds of things this shop will remain a Linux-only club for the indefinite future.

Have a Linux Done Right success story you’d like to share? Send it to me at Jack Loftus, News Writer and I guarantee I’ll get you the 15 minutes of IT fame you so richly deserve.

October 2, 2007  12:57 PM

Call for Entries – SearchEnterpriseLinux.com Products of the Year Awards


SearchEnterpriseLinux.com wants to help our readers discover the best of the best in Linux products for the enterprise in our 2007 Products of the Year awards. Nominate a favorite product youve used, or nominate your companys new product. Our editorial teams will be accepting submissions online until 5 pm PST on Nov. 9, 2007 in a wide range of categories, including: Server Linux platform product (either a distribution release or a new, integrated server Linux offering) Security applications/tools for Linux on the server, Virtualization product for Linux on the server and Linux administration tool.

To qualify, new or significantly upgraded products must have been shipped after October 31, 2006, and before November 1, 2007. Submit your entry today and let us know what you think are the top data center products on the market.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: