Re: [CentOS] (?) Mailman VERY slow with IPv6 (with work-around)

[Fabian Arrotin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 17/09/15 04:16, Jay Leafey wrote:
> I recently stood up an EL7 box with Mailman for a few lists I run
> for some friends.  My old install, on an EL6 system, ran with no
> issues for several years but I was induced to upgrade by a
> "hardware casualty" on the old system.  I was going to have to
> rebuild anyway, so why not take it as an opportunity to try EL7?
> 
> The build went fine and I was able to migrate the lists over with
> no issues, but once I got there just about everything to do with
> Mailman operations were painfully slow.  For example, "list_lists"
> took 5 seconds of "real" time.  I was used to it taking _much_ less
> as I only have about 6 lists.  This affected both the command-line
> Mailman tools and the web interface.  My first inclination was to
> blame Python, but other code executed just fine with it.
> 
> While testing I tried an strace of list_lists and found that it
> was timing out on a read operation to a socket to the Avahi daemon 
> (/var/run/avahi-daemon/socket) while trying to resolve the
> link-local IPv6 address.  Having flashbacks to Sendmail stalling on
> DNS issues I decided to try fixing resolution first.
> 
> As a test I put the link-local address into my /etc/hosts file with
> a localized name.  Running list_lists then took about 0.19 seconds
> "real" time!  The web interface also changed from painfully slow to
> it's previous behaviour on EL6.
> 
> I imagine just turning off IPv6 would work as well, but I have an
> actual use case that is a lot easier with it turned on.  I don't
> know if anybody else has seen this, but thought it might be handy
> for someone else.
> 

Thanks a lot for having shared this. I haven't tried (yet) to test
mailman on CentOS 7 and the only one we have is on CentOS 6, and
(unfortunately) no ipv6 addr, but I do remember having had to do this
for ipv4 addr too (in /etc/hosts) to bypass the high number of dns
requests (in the past)

- -- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlX6ZHwACgkQnVkHo1a+xU4GyQCdFCkLZQNqV37iISS4Ejn1kqbg
xMAAoIrdK0Hmyx2uEk5vSSkWOdglH6xF
=+p+d
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] poor performance with dom0 on centos7

[Pasi Kärkkäinen]

On Wed, Sep 16, 2015 at 09:46:52PM +0200, Christoph wrote:
> Hi
>

Hi,
 
> Im now pretty sure the problem is the DomU with NFS Server.
> 
> If I write on a NFS share from other Host (bare metal or other vm)
> then I see on my NFS server nearly the whole time 100% io at
> [jbd2/dm-5-8] process...
> If I write on a SMB share (same partition as nfs share) from other
> Host then it is a little bit better but still ever and ever again
> 100% io load
> 

Are you using nfs over UDP or TCP ? 

> If I write a 1GB file on the same partition (with nfs/samba share)
> with dd, I dont see the high io load...
> 
> Is there a known problem with nfs/smb shares and/or dm in xen domU's
> on centos 7 as dom0? With centos 6 as dom0 I didnt had the
> problem...
> (the partition with the shares is a raid5 software partition, soft
> raid is build in dom0 and as a xvd device passed through to the domU
> with the shares)
> 
> could selinux be the problem? I have it in permissive mode on all
> hosts here (dom0 and domU) not disabled...
> 

I don't think.

> Any hints for me?
> 

If you used NFS over UDP, try running it over TCP.

What does 'top' and/or 'iostat -x 1' say during the 'benchmark'  ?


-- Pasi

> Am 2015-09-01 06:47, schrieb Christoph:
> >Hi All
> >
> >it is possible to tune dom0/domU for better IO/network performance?
> >Since I have changed to Cenots7 dom0, I have a really poor IO
> >performance inside a PV VM.
> >
> >I have already done what is described on
> >http://wiki.xenproject.org/wiki/Tuning_Xen_for_Performance
> >It is better now but still significantly worse than with centos6 dom0
> >
> >my settings:
> >
> >xen parameter: dom0_mem=1024M cpufreq=xen dom0_max_vcpus=2
> >dom0_vcpus_pin
> >
> >xl sched-credit
> >Cpupool Pool-0: tslice=30ms ratelimit=1000us
> >NameID Weight  Cap
> >Domain-0 0   10240
> >samael   12560
> >satan25120
> >amon 32560
> >leviathan45120
> >
> >echo 1048576 > /proc/sys/net/ipv4/tcp_limit_output_bytes on dom0
> >
> >the both domU's satan and leviathan are very IO performance oriented
> >(NFS server and downloading vm)
> >
> >Is there something more what I can do or try?
> >
> >could it be a selinux issue? I have it in permissive mode there, not
> >disabled. But permissive means only to collect the info not enforcing
> >the rules...
> >
> >(I use the xen45 pkgs)
> 
> -- 
> --
> Greetz
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] Periodic speed test

[Fabian Arrotin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 17/09/15 13:05, Timothy Murphy wrote:
> I run the speedtest from
>  quite often, and find
> it very reliable.
> 
> I'm wondering if anyone has developed a version to run the speed
> test at regular intervals, say every 6 hours, and record the
> results in a simple database or just a file?
> 
> I imagine it would be a fairly easy task to modify the Python code 
> to do this, but it would be even easier if someone has already done
> it!
> 

I like speedtest-cli, and use it (through crontab) with speedtest-cli
- --simple then parse the output.
- From that point you can put it everywhere you want (file, db,
zabbix-sender, etc)

Cheers,

- -- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlX6po4ACgkQnVkHo1a+xU66TACeMwD5mi2gC/EtOUC82SfLKryd
MI8AnRzlva3bT+hqUQlMJqY1WdSI05Q5
=xvOz
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 127, Issue 6

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CEBA-2015:1789  CentOS 7 corosync BugFix Update (Johnny Hughes)
   2. CEBA-2015:1779 CentOS 7 selinux-policy BugFix Update
  (Johnny Hughes)
   3. CEBA-2015:1790 CentOS 7 fence-agents BugFix Update (Johnny Hughes)
   4. CESA-2015:1793 Moderate CentOS 7 qemu-kvm Security Update
  (Johnny Hughes)
   5. CEBA-2015:1784  CentOS 7 grub2 BugFix Update (Johnny Hughes)
   6. CEBA-2015:1774 CentOS 7 coreutils BugFix Update (Johnny Hughes)
   7. CEBA-2015:1775  CentOS 7 systemd BugFix Update (Johnny Hughes)
   8. CEEA-2015:1795 CentOS 7 rasdaemon Enhancement Update
  (Johnny Hughes)
   9. CEBA-2015:1773  CentOS 7 krb5 BugFix Update (Johnny Hughes)
  10. CEEA-2015:1796 CentOS 7 java-1.8.0-openjdkEnhancement Update
  (Johnny Hughes)
  11. CEBA-2015:1785  CentOS 7 sssd BugFix Update (Johnny Hughes)
  12. CEBA-2015:1792  CentOS 7 libvirt BugFix Update (Johnny Hughes)
  13. CEBA-2015:1777 CentOS 7 device-mapper-multipath   BugFix Update
  (Johnny Hughes)
  14. CEBA-2015:1794  CentOS 7 sos BugFix Update (Johnny Hughes)
  15. CESA-2015:1778 Important CentOS 7 kernel Security Update
  (Johnny Hughes)


--

Message: 1
Date: Wed, 16 Sep 2015 12:49:15 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEBA-2015:1789  CentOS 7 corosync BugFix
Update
Message-ID: <20150916124915.ga13...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2015:1789 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1789.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
bfc940a01ef2b7de2b3d9e698c90aa7e2d1bef3fa0fc4a6ec0b1e6ffe6d70a50  
corosync-2.3.4-4.el7_1.3.x86_64.rpm
cf0a51b020f0a757733499bffc8c39061cc622dbbc8259be7728e4177f13787f  
corosynclib-2.3.4-4.el7_1.3.i686.rpm
31d09a8cdda23e737fae53dc3d287181b7c2b48343e31352b584f289efc4eadd  
corosynclib-2.3.4-4.el7_1.3.x86_64.rpm
2ed5d72ae45c6c969e9a418755cf3741bb0ca6f7588ada6aad4fe9569a7b  
corosynclib-devel-2.3.4-4.el7_1.3.i686.rpm
87ecd97597fbfe2a2c6e5282cd8eda0f39fed9b43569c98db371770a4506057f  
corosynclib-devel-2.3.4-4.el7_1.3.x86_64.rpm

Source:
85db957440bfe84d84e8f9c3978245863c12bbd2cf0aa28920d02b9ad1401182  
corosync-2.3.4-4.el7_1.3.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net



--

Message: 2
Date: Wed, 16 Sep 2015 12:49:33 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEBA-2015:1779 CentOS 7 selinux-policy
BugFix  Update
Message-ID: <20150916124933.ga13...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2015:1779 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1779.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
fd48636bc24a9303826e1c57008d7da21a8dc5a72cae72ccaa88e3cdf8406e61  
selinux-policy-3.13.1-23.el7_1.18.noarch.rpm
7ed18f9a42ea5cbadf0ed1304273577c8a92220dc24bbb11277ce5b8ecc0cb45  
selinux-policy-devel-3.13.1-23.el7_1.18.noarch.rpm
614c5f412cd5be0f2f3cc509ceeddfeb34ffbb30b847edcf0eccb6ecf4ec77f5  
selinux-policy-doc-3.13.1-23.el7_1.18.noarch.rpm
ac28e2d9c0b002342e63f2ff042f1fc19ec1ec18d8d2bfc7e0ada23af65fca14  
selinux-policy-minimum-3.13.1-23.el7_1.18.noarch.rpm
35267737fc44312feeae5a956b2538e94a31247bdea76d5e4fa4d918f84997fe  
selinux-policy-mls-3.13.1-23.el7_1.18.noarch.rpm
77e51ef161d5894dca0bdb5153025a6cc29b771b44b3c093f51ec477bf2804d1  
selinux-policy-sandbox-3.13.1-23.el7_1.18.noarch.rpm
9cf3ad902a64688cbd340912bd73312160941b4f12ff8818b9097910f687c0a4  
selinux-policy-targeted-3.13.1-23.el7_1.18.noarch.rpm

Source:
17b01fe0f78ed5268329d5ee378bf9c23a4afcc34d3ae525cff9ec309e0d12b0  
selinux-policy-3.13.1-23.el7_1.18.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net



--

Message: 3
Date: Wed, 16 Sep 2015 12:49:54 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEBA-2015:1790 CentOS 7 fence-agents BugFix
Update
Message-ID: <20150916124954.ga13...@n04.lon1.karan.org>
Content-Type: 

Re: [CentOS-virt] poor performance with dom0 on centos7

[Alvin Starr]

run mount -v on your old system and on the new system.
Look for differences in the NFS mounts.


On 09/17/2015 05:06 AM, Christoph wrote:

Am 2015-09-17 09:29, schrieb Pasi Kärkkäinen:


Are you using nfs over UDP or TCP ?



TCP, but Network cant be the bottleneck, have tested it with iperf 
between bare metal/domU's and the nfs domU and it was perfectly fast...




I don't think.


If you used NFS over UDP, try running it over TCP.


no I use it over TCP...



What does 'top' and/or 'iostat -x 1' say during the 'benchmark' ?


top:

top - 09:01:12 up 22:45,  1 user,  load average: 1,97, 2,01, 1,99
Tasks: 210 total,   1 running, 209 sleeping,   0 stopped,   0 zombie
%Cpu0  :  0,3 us,  1,0 sy,  0,0 ni, 91,4 id,  7,3 wa,  0,0 hi, 0,0 
si,  0,0 st
%Cpu1  :  0,0 us,  0,0 sy,  0,0 ni,100,0 id,  0,0 wa,  0,0 hi, 0,0 
si,  0,0 st
%Cpu2  :  0,0 us,  0,0 sy,  0,0 ni,100,0 id,  0,0 wa,  0,0 hi, 0,0 
si,  0,0 st
%Cpu3  :  0,0 us,  0,3 sy,  0,0 ni, 13,0 id, 86,7 wa,  0,0 hi, 0,0 
si,  0,0 st
KiB Mem :  1013016 total,19548 free,   591456 used,   402012 
buff/cache
KiB Swap:  1048572 total,   990776 free,57796 used.   353468 avail 
Mem


iostat:

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
   0,000,000,00   50,000,00   50,00

Device: rrqm/s   wrqm/s r/s w/srkB/swkB/s 
avgrq-sz avgqu-sz   await r_await w_await  svctm  %util
xvda  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdb  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdc  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdd  0,00 0,000,00   26,00 0,00 2336,00   
179,6969,31 1060,620,00 1060,62  38,46 100,00
xvde  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdf  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdg  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdh  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdi  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdj  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
dm-0  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
dm-1  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
dm-2  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
dm-3  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
dm-4  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
dm-5  0,00 0,000,000,00 0,00 0,00 
0,0069,310,000,000,00   0,00 100,00
dm-6  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00


so not really a problem...




--
Alvin Starr   ||   voice: (905)513-7688
Netvel Inc.   ||   Cell:  (416)806-0133
al...@netvel.net  ||

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] Centos 7, systemd, and nvidia drivers

[mark]

On 09/16/15 19:50, Jonathan Billings wrote:

On Sep 16, 2015, at 5:21 PM, m.r...@5-cent.us wrote:

I tried systemctl start multi-user.target. I tried systemctl stop
graphical.target. I finally had to set the multi-user.target as the
default, and reboot, to get rid of the nouveau drivers.

Note that I tried to modprobe -r, and rmmod with all the modules using
nouveau, and couldn't - I kept getting "in use" - it seemed like a
circular reference.

As I said, I rebooted. Then I ran the proprietary build, ran fine. I try
starting the graphical target, no joy. I changed the default target back
to graphical, and rebooted. Still no xorg. Googling (yahooing?), I added
rdblacklist=nouveau in grub.conf, *then* had to rebuild the grub2 (grub2
must *die*).

Still wouldn't see the nvidia drivers on reboot. Finally, I rebuild the
initramfs, which got the now-built and installed nvidia drivers (and I'd
yum uninstalled nouveau), and finally, it came up.

Oh, and for some reason, without the reboot, the Xorg.0.log wasn't
renewed, as though it hadn't actually restarted X. Plus, it appears that
 is disabled




Of course, none of this had anything to do with systemd, other than the
commands you had to change runlevels.  It’d be the same problem with
Upstart in CentOS6, just different commands.  The kernel modesetting stuff
is at fault here.  But who needs facts to get in the way of a good rant?


Really? In Centos 6, if I do an init 3, it shuts down X; none of the above did 
that,


I suggest looking at http://elrepo.org/tiki/kmod-nvidia


I'm familiar with elrepo.

mark
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7, systemd, and nvidia drivers

[John Hodrien]

On Thu, 17 Sep 2015, mark wrote:


I'm familiar with elrepo.


Then why didn't you use them for the nvidia driver?

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Periodic speed test

[Timothy Murphy]

I run the speedtest from 
quite often, and find it very reliable.

I'm wondering if anyone has developed a version
to run the speed test at regular intervals, say every 6 hours,
and record the results in a simple database or just a file?

I imagine it would be a fairly easy task to modify the Python code
to do this, but it would be even easier if someone has already done it!

-- 
Timothy Murphy  
gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] poor performance with dom0 on centos7

[Keith Roberts]

On 2 Sep 2015, at 09:22, Pasi Kärkkäinen  wrote:

> On Tue, Sep 01, 2015 at 06:47:18AM +0200, Christoph wrote:
>> Hi All
>> 
> 
> Hello,
> 
>> it is possible to tune dom0/domU for better IO/network performance?
>> Since I have changed to Cenots7 dom0, I have a really poor IO
>> performance inside a PV VM.
>> 
>> I have already done what is described on
>> http://wiki.xenproject.org/wiki/Tuning_Xen_for_Performance
>> It is better now but still significantly worse than with centos6 dom0
>> 
>> my settings:
>> 
>> xen parameter: dom0_mem=1024M cpufreq=xen dom0_max_vcpus=2
>> dom0_vcpus_pin
>> 
>> xl sched-credit
>> Cpupool Pool-0: tslice=30ms ratelimit=1000us
>> NameID Weight  Cap
>> Domain-0 0   10240
>> samael   12560
>> satan25120
>> amon 32560
>> leviathan45120
>> 
>> echo 1048576 > /proc/sys/net/ipv4/tcp_limit_output_bytes on dom0
>> 
>> the both domU's satan and leviathan are very IO performance oriented
>> (NFS server and downloading vm)
>> 
>> Is there something more what I can do or try?
>> 
>> could it be a selinux issue? I have it in permissive mode there, not
>> disabled. But permissive means only to collect the info not enforcing
>> the rules...
>> 
>> (I use the xen45 pkgs)
>> 
> 
> You forgot to mention the most important thing.. what kind of performance 
> numbers are you seeing? What are you expecting? 
> 
> 
> Thanks,
> 
> —
> Pasi


Here’s a useful disk i/o stress test program that I got good results with on 
openSUSE 13.1, by running it on several VM’s overnight:

Using Bonnie++ for filesystem performance benchmarking
http://archive09.linux.com/feature/139742

HTH

Keith Roberts
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-docs] CentOS wiki permission

[Жељко Миловановић]

Hi, i've added link for Korean to my Serbian FP.


чет, 17. сеп 2015. у 06.04 Inyong Hwang  је
написао/ла:

> Hi again.
>
> I've finished translating front-page,
> https://wiki.centos.org/kr/FrontPage
> Download , other pages are under progress.
>
> Thank you.
>
> best regards.
>
>
> On Fri, Aug 7, 2015 at 3:27 PM, Akemi Yagi  wrote:
>
>> On Thu, Aug 6, 2015 at 7:01 PM, Inyong Hwang 
>> wrote:
>> > Thanks.
>> >
>> > I changed translation block in
>> > http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7 .
>> >
>> > And,  Is there any method to view wiki raw source of
>> > http://wiki.centos.org/FrontPage  for translation ? Maybe i don't have
>> > enough permission.
>> > I'm planning to translate FrontPage and sub menus (Download , Search,
>> > Contribute)
>>
>> You can see raw text by adding a '?action=raw' to the URL like so,
>>
>> http://wiki.centos.org/FrontPage?action=raw
>>
>> Akemi
>> ___
>> CentOS-docs mailing list
>> CentOS-docs@centos.org
>> http://lists.centos.org/mailman/listinfo/centos-docs
>>
>
> ___
> CentOS-docs mailing list
> CentOS-docs@centos.org
> https://lists.centos.org/mailman/listinfo/centos-docs
>
___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS-virt] poor performance with dom0 on centos7

[Christoph]

Am 2015-09-17 09:29, schrieb Pasi Kärkkäinen:


Are you using nfs over UDP or TCP ?



TCP, but Network cant be the bottleneck, have tested it with iperf 
between bare metal/domU's and the nfs domU and it was perfectly fast...




I don't think.


If you used NFS over UDP, try running it over TCP.


no I use it over TCP...



What does 'top' and/or 'iostat -x 1' say during the 'benchmark'  ?


top:

top - 09:01:12 up 22:45,  1 user,  load average: 1,97, 2,01, 1,99
Tasks: 210 total,   1 running, 209 sleeping,   0 stopped,   0 zombie
%Cpu0  :  0,3 us,  1,0 sy,  0,0 ni, 91,4 id,  7,3 wa,  0,0 hi,  0,0 si,  
0,0 st
%Cpu1  :  0,0 us,  0,0 sy,  0,0 ni,100,0 id,  0,0 wa,  0,0 hi,  0,0 si,  
0,0 st
%Cpu2  :  0,0 us,  0,0 sy,  0,0 ni,100,0 id,  0,0 wa,  0,0 hi,  0,0 si,  
0,0 st
%Cpu3  :  0,0 us,  0,3 sy,  0,0 ni, 13,0 id, 86,7 wa,  0,0 hi,  0,0 si,  
0,0 st
KiB Mem :  1013016 total,19548 free,   591456 used,   402012 
buff/cache
KiB Swap:  1048572 total,   990776 free,57796 used.   353468 avail 
Mem


iostat:

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
   0,000,000,00   50,000,00   50,00

Device: rrqm/s   wrqm/s r/s w/srkB/swkB/s 
avgrq-sz avgqu-sz   await r_await w_await  svctm  %util
xvda  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdb  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdc  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdd  0,00 0,000,00   26,00 0,00  2336,00   
179,6969,31 1060,620,00 1060,62  38,46 100,00
xvde  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdf  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdg  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdh  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdi  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
xvdj  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
dm-0  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
dm-1  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
dm-2  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
dm-3  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
dm-4  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00
dm-5  0,00 0,000,000,00 0,00 0,00 
0,0069,310,000,000,00   0,00 100,00
dm-6  0,00 0,000,000,00 0,00 0,00 
0,00 0,000,000,000,00   0,00   0,00


so not really a problem...

--
--
Greetz
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] Periodic speed test

[Timothy Murphy]

Fabian Arrotin wrote:

>> I'm wondering if anyone has developed a version to run the speed
>> test at regular intervals, say every 6 hours, and record the
>> results in a simple database or just a file?

> I like speedtest-cli, and use it (through crontab) with speedtest-cli
> - --simple then parse the output.
> - From that point you can put it everywhere you want (file, db,
> zabbix-sender, etc)

Thanks for your response.
I'm sure that is the simplest thing to do.
I hadn't noticed that /usr/bin/speedtest
calls speedtest-cli to do the work.


-- 
Timothy Murphy  
gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] (?) Mailman VERY slow with IPv6 (with work-around)

[Gordon Messmer]

While testing I tried an strace of list_lists and found that it
>was timing out on a read operation to a socket to the Avahi daemon
>(/var/run/avahi-daemon/socket) while trying to resolve the
>link-local IPv6 address.


Is avahi even installed by default on CentOS 7?  I don't see it 
installed on my lab's desktop systems, let alone servers.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-6 - LogWatch Cyrus-IMAPD script was CentOS-6 - LogWatch

[James B. Byrne]

On Mon, September 14, 2015 14:51, James B. Byrne wrote:
> The Logwatch imapd service script distributed with CentOS-6 does not
> generate anything when I run logwatch --service all on a cyrus-imapd
> host.  Is this expected behaviour?  Is there a separate script for
> cyrus-imapd or are their configuration options required to get the
> existing script to work.
>
> I have found an ancient (2004) logwatch service script for cyrus-imapd
> but I was sort of hoping that there was a more up-to-date and
> officially supported version available somewhere.
>
> Is there?
>
>

There was not, and so I wrote this.  Given I know little or nothing of
Perl beyond the bare fact of its existence no doubt there are better
ways to get the results I obtained.  But this is tested on CentOS-6
with
cyrus-imapd.2.3.16-13.el6_6,

It only handles IMAP logins so anyone using POP3 or Sieve needs to add
there own code for those.  And, because this is e-mail,
linewraps/breaks in the code below may not be exactly as required and
do need to be hand checked and corrected.


#!/usr/bin/perl
###
# logwatch script for cyrus-imapd-2.3.16
# looks for imaps and lmtpunix services in /var/log/maillog
###

###
# script: /etc/logwatch/scripts/services/cyrus-imapd
# author: James B. Byrne 
#   date: 2015-09-16
#   revision: v1.0.1 - 2015-09-17
#
#   requires: /etc/logwatch/conf/services/cyrus-imapd.conf
# containing>
#
# > Title = "CYRUS IMAPD"
# > LogFile = maillog
# > *OnlyService = (imaps|lmtpunix)
# > *RemoveHeaders =
#
#  based on Sebastian Hagedorn  2004
###

$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};

#
#  Process log file on stdin
#

while ( defined( $ThisLine =  ) ) {
  chomp( $ThisLine );

use feature "switch";

  given( $ThisLine ) {

when ( /accepted connection/ ) {
  # Ignore
}

when ( /^badlogin: (.+) \[(.+)\] (\w+) (.+) (SASL.*authentication
failure:.+)/ ) {
  #print( "Bad Login: " . $ThisLine . "\n" );
  #$ThisLine =~ /^badlogin: (.+) \[(.+)\] (\w+) (.+)
(SASL.*authentication failure:.+)/;
  #print( "BAD LOGIN PARSE: " . $1 . " : " . $2 . " : " . $3 . " :
" . $4 . " : " . $5 . "\n");
  $IMAPbadlogin++;
  $IMAPbadmech{$3}++;
  $IMAPbadip{$2}++;
  $IMAPbaduser{$4}++
}

when ( /DBMSG:/ ) {
  # Ignore
}

when ( /Delivered:/ ) {
  # Ignore
}

when ( /dupelim:/ ) {
  # Ignore
}

when ( /duplicate_check:/ ) {
  # Ignore
}

when ( /duplicate_mark:/ ) {
  # Ignore
}

when ( /executed/ ) {
  # Ignore
}

when ( /Expunged/ ) {
  # Ignore
}

when ( /imapd:Loading hard-coded DH parameters/ ) {
  # Ignore
}

when ( /lmtp connection preauth/ ) {
  # Ignore
}

when ( /^login: (.+) \[(.+)\] (\w+) (.+) User logged in/ ) {
#  print( "LOGIN PARSE: " . $1 . " : " . $2 . " : " . $3 . " : " .
$4 . "\n");
  $IMAPlogin++;
  $IMAPmech{$4}++;
  $IMAPuser{$3}++;
  $IMAPip{$2}++;
}

when ( /IOERROR: fstating sieve script/ ) {
  # Ignore
}

when ( /mystore: committing txn/ ) {
  $LMTPStore++;
}

when ( /mystore: starting/ ) {
  # Ignore
}

when ( /open: / ) {
  # Ignore
}

when ( /seen_db: / ) {
  # Ignore
}

when ( /skiplist: checkpointed/ ) {
  # Ignore
}

when ( /SQUAT/ ) {
  # ignore
}

when ( /SSL_accept/ ) {
  # ignore
}

when ( /starttls/ ) {
$IMAPTLS++;
}

# Save this till the end
when ( /ERROR/ ) {
  push @ErrorList, "$ThisLine\n";
}

default {
  # Report any unmatched entries...
  push @OtherList, "$ThisLine\n";
}
  }

  # Process next stdin
  next;
}


# Report


if ( $LMTPStore ) {
print "   Mails stored: " . $LMTPStore . "\n";
}


if ( $IMAPlogin ) {
print "\n   IMAP:\n";
print " Number of logins: " . $IMAPlogin . "\n";
  if ( %IMAPmech ) {
print( "\n   By mechanism\n" );
  }
foreach $mech ( sort ( keys %IMAPmech ) ) {
  print( "   . . . using " . $mech . ": " . "$IMAPmech{$mech}\n" );
  }
  if ( %IMAPuser ) {
print( "\n   By user\n" );
  }
  foreach $user ( sort ( keys %IMAPuser ) ) {
print( "   . . . from " . $user . ": " . $IMAPuser{$user} .
"\n" );
  }
  if ( %IMAPip ) {
print( "\n   By origin\n" );
  }
  foreach $addr ( sort ( keys %IMAPip ) ) {
print( "   . . . from " . $addr . ": " . $IMAPip{$addr} . "\n" );
  }

  if ( $IMAPbadlogin ) {
  print "\n Number of failed logins: " . $IMAPbadlogin . "\n";
  if ( %IMAPbaduser ) {
print( "\n   By user\n" );
  }
foreach $user ( sort ( keys %IMAPbaduser ) ) {
   

Re: [CentOS-virt] Official openvswitch package for CentOS7

[George Dunlap]

On Thu, Sep 17, 2015 at 3:19 PM, C. L. Martinez  wrote:
> Hi all,
>
>  Exists an official openvswitch package for CentoS7?? If I am not wrong, this:
>
> http://mirror.centos.org/centos/7/cloud/x86_64/openstack-kilo/openstack-neutron-openvswitch-2015.1.0-1.el7.noarch.rpm
>
> it can be used with openstack only.
>
> Do I need to recompile from source like is is explained here:
> https://n40lab.wordpress.com/2015/06/28/centos-7-installing-openvswitch-2-3-2-lts/
> or exists another rpm package for CentOS7??

Since you're sending this to centos-virt, I assume you want to use
openvswitch for virtualization?

If you think it would be particularly helpful to have an openvswitch
package in the Virt SIG, then we could consider adding it.

 -George
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] Centos 7, systemd, and nvidia drivers

[Gordon Messmer]

On 09/17/2015 03:53 AM, mark wrote:
Really? In Centos 6, if I do an init 3, it shuts down X; none of the 
above did that, 


You ran "systemctl start multi-user" when you meant to "systemctl 
isolate multi-user".


The man page describes isolate: "This is similar to changing the 
runlevel in a traditional init system."


Aside from the fact that you use the same command, systemctl, to "start" 
a service and "isolate" a runlevel, none of the problems you described 
had anything to do with systemd.


In fact, even switching runlevels/targets is unrelated to the video 
modules.  You always have to blacklist the video driver, or boot with 
"nomodeset" to remove the video card's kernel module (Actually, you 
might be able to "echo :" > /sys/bus/pci/devices/:ID>/driver/unbind" sometimes. Some drivers might cause a kernel panic, 
though.) because even in multi-user mode with no X.org, the kernel is 
still using the module for its console.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] Official openvswitch package for CentOS7

[C. L. Martinez]

On Thu, Sep 17, 2015 at 6:06 PM, George Dunlap  wrote:
> On Thu, Sep 17, 2015 at 3:19 PM, C. L. Martinez  wrote:
>> Hi all,
>>
>>  Exists an official openvswitch package for CentoS7?? If I am not wrong, 
>> this:
>>
>> http://mirror.centos.org/centos/7/cloud/x86_64/openstack-kilo/openstack-neutron-openvswitch-2015.1.0-1.el7.noarch.rpm
>>
>> it can be used with openstack only.
>>
>> Do I need to recompile from source like is is explained here:
>> https://n40lab.wordpress.com/2015/06/28/centos-7-installing-openvswitch-2-3-2-lts/
>> or exists another rpm package for CentOS7??
>
> Since you're sending this to centos-virt, I assume you want to use
> openvswitch for virtualization?

Correct, I will need to use for virtualization. In my case, only for
KVM. I don't use LXC or Docker.

And in my opinion, I think it could be a great idea.

Thanks.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Official openvswitch package for CentOS7

[C. L. Martinez]

Hi all,

 Exists an official openvswitch package for CentoS7?? If I am not wrong, this:

http://mirror.centos.org/centos/7/cloud/x86_64/openstack-kilo/openstack-neutron-openvswitch-2015.1.0-1.el7.noarch.rpm

it can be used with openstack only.

Do I need to recompile from source like is is explained here:
https://n40lab.wordpress.com/2015/06/28/centos-7-installing-openvswitch-2-3-2-lts/
or exists another rpm package for CentOS7??

Thanks.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-docs] CentOS wiki permission

[Ilyas Arinov]

Thanks, I will add your link in Russian page as soon as I'll be free (this
weekend).

2015-09-17 14:49 GMT+06:00 Жељко Миловановић <
zeljko.milovanovic@gmail.com>:

> Hi, i've added link for Korean to my Serbian FP.
>
>
> чет, 17. сеп 2015. у 06.04 Inyong Hwang  је
> написао/ла:
>
>> Hi again.
>>
>> I've finished translating front-page,
>> https://wiki.centos.org/kr/FrontPage
>> Download , other pages are under progress.
>>
>> Thank you.
>>
>> best regards.
>>
>>
>> On Fri, Aug 7, 2015 at 3:27 PM, Akemi Yagi  wrote:
>>
>>> On Thu, Aug 6, 2015 at 7:01 PM, Inyong Hwang 
>>> wrote:
>>> > Thanks.
>>> >
>>> > I changed translation block in
>>> > http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7 .
>>> >
>>> > And,  Is there any method to view wiki raw source of
>>> > http://wiki.centos.org/FrontPage  for translation ? Maybe i don't have
>>> > enough permission.
>>> > I'm planning to translate FrontPage and sub menus (Download , Search,
>>> > Contribute)
>>>
>>> You can see raw text by adding a '?action=raw' to the URL like so,
>>>
>>> http://wiki.centos.org/FrontPage?action=raw
>>>
>>> Akemi
>>> ___
>>> CentOS-docs mailing list
>>> CentOS-docs@centos.org
>>> http://lists.centos.org/mailman/listinfo/centos-docs
>>>
>>
>> ___
>> CentOS-docs mailing list
>> CentOS-docs@centos.org
>> https://lists.centos.org/mailman/listinfo/centos-docs
>>
>
> ___
> CentOS-docs mailing list
> CentOS-docs@centos.org
> https://lists.centos.org/mailman/listinfo/centos-docs
>
>
___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS] Centos 7, systemd, and nvidia drivers

[m . roth]

Matthew Miller wrote:
> On Thu, Sep 17, 2015 at 08:52:57AM -0700, Gordon Messmer wrote:
>> You ran "systemctl start multi-user" when you meant to "systemctl
>> isolate multi-user".
>> The man page describes isolate: "This is similar to changing the
>> runlevel in a traditional init system."
>
> Note that you can actually do 'telinit 3' and telinit 5' with systemd.
> I do, even though the documentation is a little complainy about it.
> This maps to `systemctl isolate runlevel3.target` or `systemctl isolate
> runlevel2.target` (which in turn are symlinks to multi-user.target and
> graphical.target), and is a lot less typing. :)

Ok, and thanks. I want to keep this info.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] (?) Mailman VERY slow with IPv6 (with work-around)

[m . roth]

Gordon Messmer wrote:
>
>> While testing I tried an strace of list_lists and found that it
>> >was timing out on a read operation to a socket to the Avahi daemon
>> >(/var/run/avahi-daemon/socket) while trying to resolve the
>> >link-local IPv6 address.
>
> Is avahi even installed by default on CentOS 7?  I don't see it
> installed on my lab's desktop systems, let alone servers.

It certainly was in 6, which really annoyed me. I make it a point to
chkconfig it off, service stop it, and close the firewall hole for it.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Secure boot

[Akemi Yagi]

On Wed, Sep 16, 2015 at 4:09 PM, Gordon Messmer
 wrote:
> After updates to grub2 and kernel in CentOS 7, today, systems will no longer
> boot in Secure Boot mode.  I'm not positive, but I think grub2 is the
> culprit.

I also suspect this is a grub2 issue. Perhaps, you may want to file a
bug report [against grub2] at http://bugs.centos.org so that this can
be followed properly.

Akemi
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Secure boot

[Gordon Messmer]

On 09/17/2015 12:46 PM, Akemi Yagi wrote:


I also suspect this is a grub2 issue. Perhaps, you may want to file a
bug report [against grub2] at http://bugs.centos.org so that this can
be followed properly.


Yeah, I just figured out how to query the signature of the new and 
previous grub image.  The new one is signed with "Red Hat Test Certificate"




[root@vagrant ~]# pesign --show-signature --in 
/var/tmp/grub2-16/boot/efi/EFI/centos/grubx64.efi

-
certificate address is 0x7fb81b3cb808
Content was not encrypted.
Content is detached; signature cannot be verified.
The signer's common name is Red Hat Inc.
No signer email address.
Signing time: Thu Mar 26, 2015
There were certs or crls included.
-
[root@vagrant ~]# pesign --show-signature --in 
/var/tmp/grub2-17/boot/efi/EFI/centos/grubx64.efi

-
certificate address is 0x7fde869bd808
Content was not encrypted.
Content is detached; signature cannot be verified.
The signer's common name is Red Hat Test Certificate
No signer email address.
Signing time: Tue Sep 15, 2015
There were certs or crls included.
-

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] gpg decryption error from only 1 user

[Dustin Kempter]

Hi all,
I am having an issue. We have a vm that has encrypted data 
with gpg. The vm is centos 6.5 and it has multiple users. user1=bob 
user2=kevin user3= postgres user4=root. Only postgres has access to the 
file in which we keep the encrypted data. I as root will su - postgres, 
cd that data dir, and use this command "gpg -d (file_name)" and it works 
just fine. However the user1 "bob" will sudo su - postgres (have an 
entry in sudoers file to allow) and become postgres, cd to the dir with 
the data, run this same command "gpg -d (file_name) however it gives 
this error


gpg: CAST5 encrypted data
can't connect to `/home/postgres/.gnupg/S.gpg-agent': No such file or 
directory

gpg-agent[6153]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key

I really do not understand whats going on here. I have tried deleting 
the user bob, and re creating it in case of some sort of corruption but 
still the same issue. We also see an issue where I installed screen. as 
any user but bob I can create or join. But as bob I get this error 
"Cannot open your terminal '/dev/pts/2' - please check."Also I, as 
superuser did this

su - bob
sudo su - postgres
cd data dir
gpg -d (file_name)

works with no issues, please help me debug this I am out of ideas.

thanks in advance
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Secure boot

[Gordon Messmer]

I've filed bugs on the CentOS and Red Hat bug trackers.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BackupPC is not easy to setup

[Bowie Bailey]

On 9/13/2015 10:58 AM, Timothy Murphy wrote:


I take it then that there is no CLI method
of setting up and running BackupPC ?


Sure there is.  All of the configuration is stored in text config 
files.  There is a main config file for global options and each host has 
a config file in it's own directory.


Running BackupPC is simply a matter of starting the process.  There are 
various scripts available for manually starting backups and getting stats.


That said, the GUI is by far the easiest way to add new clients and look 
for failing backups or other issues.


--
Bowie
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 using cups with cups-lpd loaded getting print jobs from an Sco Unix lpd system

[Shawn Parks - CMAC]

Centos users,
  I new to Centos 7 and my problem is the following:
I am using my Centos 7 system as a print server in a warehouse.
Using cups for the print queue's.  Which I can print to the printers
find from the Centos 7 machine.

The hosting system is Sco Unix using lpd printing.  This machine is
in Illinois and the warehouse / Centos 7 machine is in Arizona.

I have loaded "cups-lpd" using yum and it seems fine.  I have
also setup "/etc/xinetd.d/cups-lpd"

Following is a "netstat -tanp |grep -i listen"

tcp0  0 0.0.0.0:22  0.0.0.0:*   
LISTEN  1090/sshd
tcp0  0 0.0.0.0:631 0.0.0.0:*   
LISTEN  1096/cupsd
tcp0  0 127.0.0.1:250.0.0.0:*   
LISTEN  1671/master
tcp6   0  0 :::515  :::*
LISTEN  1095/xinetd
tcp6   0  0 :::22   :::*
LISTEN  1090/sshd
tcp6   0  0 :::631  :::*
LISTEN  1096/cupsd
tcp6   0  0 ::1:25  :::*
LISTEN  1671/master


I notice that "port 515" is only listening on tcp6 not tcp.

Question:  could this be my problem?  and how can I get "port 515" to be 
listened to on tcp?


my Sco Unix print queue "status" file says "waiting for gate to come 
up".


I have had the local hardware person verify that the router is "port 
forwarding" port 515

to my Centos 7 system.

Help in this matter would be greatly appreciated.

Thanks,
Shawn
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7, systemd, and nvidia drivers

[Matthew Miller]

On Thu, Sep 17, 2015 at 08:52:57AM -0700, Gordon Messmer wrote:
> You ran "systemctl start multi-user" when you meant to "systemctl
> isolate multi-user".
> The man page describes isolate: "This is similar to changing the
> runlevel in a traditional init system."

Note that you can actually do 'telinit 3' and telinit 5' with systemd.
I do, even though the documentation is a little complainy about it.
This maps to `systemctl isolate runlevel3.target` or `systemctl isolate
runlevel2.target` (which in turn are symlinks to multi-user.target and
graphical.target), and is a lot less typing. :)


-- 
Matthew Miller

Fedora Project Leader
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] I want to connect to a l2tp server from centos.

[Eliezer Croitoru]

Hey John,

I do not require encryption at all, it's a secure and internal channel 
but it requires me to connect via either pptp or l2tp.

This is the reason I am asking.
I had the chance of finding the SoftEther Project which gives a lot in 
terms of VPN Client and Server.

At:
http://www.softether-download.com/en.aspx

But yet to try it.
Also they have all sorts of beta versions but not something they call 
stable in their downloads.


I think I will try to use their product if I will not find an example on 
how to use l2tp without ipsec encryption.


Thanks,
Eliezer

On 18/09/2015 03:00, John R Pierce wrote:

On 9/17/2015 4:47 PM, Eliezer Croitoru wrote:

I have a server currently connecting to a pptp remote server.
This server(lns\lac) has the option for pptp connections and l2tp
connections.
The l2tp connections are not using ipsec encryption at all.


PPTP doesn't use ipsec either, it uses its own MPPE encryption based on
RC4, which is considered insecure as of years ago.

L2TP is normally used within another encrypted transport.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] I want to connect to a l2tp server from centos.

[Gordon Messmer]

On 09/17/2015 04:47 PM, Eliezer Croitoru wrote:
If someone used l2tp the same way I want to use on CentOS 7 please 
give me some advice. 


l2tp, by itself, offers no encryption.  Notably, that means that your 
password is going to cross the network in clear text.  Bare l2tp is the 
VPN equivalent of telnet.  I really strongly recommend that you reconsider.


ipsec, by itself, is a much better and easier way to achieve your goal.  
It will require less setup, and offer better security. There's no down 
side; ipsec is clearly a better choice for connecting two systems over 
an unsecured network.


l2tp is typically used in conjunction with ipsec, for mobile clients.  
The reason is that l2tp integrates with external authentication (RADIUS, 
LDAP, Active Directory, etc) better than ipsec alone does.  That's great 
when you have a group of users that you want to have individual 
authentication keys, but it's not a good fit for connecting one server 
to another.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 using cups with cups-lpd loaded getting print jobs from an Sco Unix lpd system

[Nicolas Thierry-Mieg]

On 09/17/2015 11:52 PM, Shawn Parks - CMAC wrote:

Centos users,
   I new to Centos 7 and my problem is the following:
I am using my Centos 7 system as a print server in a warehouse.
Using cups for the print queue's.  Which I can print to the printers
find from the Centos 7 machine.

The hosting system is Sco Unix using lpd printing.  This machine is
in Illinois and the warehouse / Centos 7 machine is in Arizona.

I have loaded "cups-lpd" using yum and it seems fine.  I have
also setup "/etc/xinetd.d/cups-lpd"

Following is a "netstat -tanp |grep -i listen"

tcp0  0 0.0.0.0:22  0.0.0.0:* LISTEN  1090/sshd
tcp0  0 0.0.0.0:631 0.0.0.0:* LISTEN
1096/cupsd
tcp0  0 127.0.0.1:250.0.0.0:* LISTEN
1671/master
tcp6   0  0 :::515  :::* LISTEN  1095/xinetd
tcp6   0  0 :::22   :::* LISTEN  1090/sshd
tcp6   0  0 :::631  :::* LISTEN  1096/cupsd
tcp6   0  0 ::1:25  :::* LISTEN  1671/master

I notice that "port 515" is only listening on tcp6 not tcp.

Question:  could this be my problem?  and how can I get "port 515" to be
listened to on tcp?

my Sco Unix print queue "status" file says "waiting for gate to come up".

I have had the local hardware person verify that the router is "port
forwarding" port 515
to my Centos 7 system.

Help in this matter would be greatly appreciated.


tcp6 is just TCP over IPv6.
I suspect your /etc/xinetd.d/cups-lpd has a setting specifying IPv6 
rather than IPv4?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] I want to connect to a l2tp server from centos.

[Eliezer Croitoru]

I have a server currently connecting to a pptp remote server.
This server(lns\lac) has the option for pptp connections and l2tp 
connections.

The l2tp connections are not using ipsec encryption at all.
I have seen couple guides\tutorials on the internet:
- 
https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_on_CentOS_-_Red_Hat_Enterprise_Linux_or_Scientific_-_Linux_6.html

- https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup

But all the guides that I have found are using ipsec with "secret".
On ubuntu there is a gui applet that helps setting these kind of 
connections up but I am working with a CentOS server and not Ubuntu desktop.


If someone used l2tp the same way I want to use on CentOS 7 please give 
me some advice.


If you have a guide which might help me I will be more then happy to see 
this one.


Thanks,
Eliezer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] I want to connect to a l2tp server from centos.

[John R Pierce]

On 9/17/2015 4:47 PM, Eliezer Croitoru wrote:

I have a server currently connecting to a pptp remote server.
This server(lns\lac) has the option for pptp connections and l2tp 
connections.
The l2tp connections are not using ipsec encryption at all. 


PPTP doesn't use ipsec either, it uses its own MPPE encryption based on 
RC4, which is considered insecure as of years ago.


L2TP is normally used within another encrypted transport.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos