Installing Yum on CE 5.4 x64 Fails Multiple Dependencies

[KrazyBob]

I am using Virtuozzo 3 and have been upgrading all servers to x86_64 and have noticed that many common libraries and what not are not installed on Centos 5.4 using the Parallels ez-template. This is especially troublesome because I cannot even install yum using

Code: Select all

wget -q -O - http://www.atomicorp.com/installers/atomic |sh

Yum is not even installed, I suppose to keep users from over-writing rpm's installed by the Plesk installer.

Code: Select all

Installing the Atomic GPG key: OK
Yum was not detected. Attempting to resolve.. 

warning: m2crypto-0.16-6.el5.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
warning: package rpm-python = 4.4.2-37.el5 was already added, replacing with rpm-python >= 4.4.2-47.el5
error: Failed dependencies:
        libbeecrypt.so.6()(64bit) is needed by rpm-python-4.4.2-47.el5.x86_64
        rpm = 4.4.2-47.el5 is needed by rpm-python-4.4.2-47.el5.x86_64
Downloading atomic-release-1.0-11.el5.art.noarch.rpm: OK

I am now going one by one and pulling the rpm's off of the Centos OS 5.4 distro but this is time consuming. Honestly, I am at a loss as to why Parallels works the way that they do. Thier ez-template doesn't even set resolv.conf. OK. I did it manually but you get the frustration.

Is there an easier way to get yum installed so that I can get modsecurity installed on Plesk 9.3? Three new servers are already being attacked using Apache exploits.

Thanks in advance.

[scott]

We do what we can to fix that kind of damage, but ultimately this is really the responsibility of whomever chose to remove yum from the system in the first place.

[KrazyBob]

Thank you for the reply. But yum is not installed to begin with and is not an option when creating the container. That's the problem. Your installer works fine on the 32-bit ez-template for CentOS but there are missing dependencies on the 64-bit.

My questions had nothing to do with your installer, but rather, sought to find a solution.

[KrazyBob]

I am feeling defeated. I guess I should just subscribe to ASL?

Code: Select all

[root@test apache2]# apxs -cia mod_security.c
/usr/lib64/apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fno-strict-aliasing  -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/httpd  -I/usr/include/apr-1   -I/usr/include/apr-1   -c -o mod_security.lo mod_security.c && touch mod_security.slo
gcc: mod_security.c: No such file or directory
gcc: no input files
apxs:Error: Command failed with rc=65536

But the Buy Now page shows an error.

[faris]

When you say upgrading all servers to x86_64, do you mean the hardware nodes, or the containers?

On the hardware nodes it is recommended that you install 32-bit compatibility libraries alongside the 64-bit ones. I'm probably not using the right technical terms here but exactly what you need to do is in the installation manual for Virtuozzo.

We've never had any problems with yum on 32-bit or 64-bit containers under Virtuozzo. There is a Python dependancy. On the hardware node, you'd do something like vzpkg install -p 101 yum (where 101 is the container id) to install yum and any dependancies (like I say, python is one).

Alternatively, you can edit the OS template config file to include yum (and nano in our case), then update the cache. This will cause yum to be installed by default.

I'm sorry for not being terribly specific with my answer here but I can't remember the exact details off-hand.

Faris.

[KrazyBob]

Thank you for the reply, Faris.

Yes, we've switched all of the HN's to 64-bit. They've always been but Virtuozzo had issues with x86_64 in the beginning. Of 25 servers I've migrated a whopping three! WOW! In three weeks. A miserable task. Plesk also does nicely in 64 bit and it's like the dual Opteron 248's with RAID 1 and 4GB are brand new

The atomic script that has always worked so well on 32-bit fails on 64-bit and I don't think that it's the script. The Centos 5.4 64 ez-template is missing a lot of modules and rpms. The Plesk installer acts like Yum and installs what it needs. As I said, it doesn't even setup resolv.conf and that drove me crazy trying to figure out how a NIC could go bad just buy putting new hard drives in.

You are correct that vzpkg intall -p CTID yum will install yum inside the container -- we've always used the atomic script

I was able to install Mod_security by downloading the source and it was loads of fun. None of the dependencies were there.

# yum install libxml2 libxml2-devel httpd-devel pcre-devel
# ./configure
# make
# service httpd stop
# make install
# vi /etc/httpd/conf/httpd.conf

Add one line to your configuration to load ModSecurity: LoadModule security2_module modules/mod_security2.so

LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so

THEN I found a repo that had it already compiled.

rpm -Uvh http://download.fedora.redhat.com/pub/e ... noarch.rpm

I'm not too sure about it because it installs differently than the distro version.

It is installed on two servers of 4 and instantly began defending the castle!!! I haven't gotten into the rule set yet. I had a couple of IRC bombs planted already, so at least I should be able to get some sleep right about now.

All is well at the moment. I'd consider purchasing ASL but the hosting business is getting hit pretty hard and I have a lot of servers.

[mikeshinn]

It is installed on two servers of 4 and instantly began defending the castle!!! I haven't gotten into the rule set yet. I had a couple of IRC bombs planted already, so at least I should be able to get some sleep right about now.

Remember that without rules, mod_security does nothing. So make sure you have a good set of rules installed with modsecurity.

[scott]

I suspect you'll find that VPS is missing a lot of updates as well.

What error did you run into with the purchase system?

[KrazyBob]

Yum is installed.

[scott]

But is it installed correctly, its a complicated package so there is a lot that can go wrong. Frankly this is a terribly situation to thrust upon you the user, since in essence the provider is putting you in a position where you need to become an expert on package management systems. First thing I would do in your position would be to push this back on the provider that removed yum from your system in the first place.

That being said, and I realize that this is a lot to ask from anyone not intimately familiar with the integration side.... did you manage to duplicate the centos configuration? (I call this the path-of-least-resistance)

[KrazyBob]

Yum is installed in the container using vzpkg install -p CTID yum. Once completed all dependencies are resolved.

The overall issue is that mod_security is still not available after doing so. I did find a repo but it is an older version.

[scott]

Not all of those are equal, honestly they're doing there own thing there. So wither it works or not has nothing to do with the repo. We absolutely have that in both atomic and ASL, so if you're not pulling it its entirely possible that the yum config is out of date and/or conflicting. My recommendation would always be to use what the vendor (CentOS) recommends. Go with their config and you cant go wrong.

[KrazyBob]

It was a pain but I installed mod_sec's newest version from the CLI. It is substantially different from the repo version.

[mikeshinn]

But the Buy Now page shows an error.

What error are you getting? Can you send us a screenshot?

[KrazyBob]

It's a blank page and the javascript error icon appears at the bottom-left of IE 8 -- which may be your problem to begin with