Re: [CentOS] Disabling Firewall/iptables on CentOS 7??

[Jonathan Billings]

On Mar 22, 2017, at 7:56 PM, James Pifer  wrote:
> In a nutshell I've tried the following commands, in many different ways and 
> orders, but when the system restarts it still seems to end up with some form 
> of default rules. It even has a couple rules specifying 192.168.122.0 and I 
> can't figure out where it's coming from.

libvirtd?  That network is the range it tends to use for routing private 
networking.

Also, you should look into using ‘systemctl mask unitname’ to make it not run, 
rather than just deleting a symlink.

--
Jonathan Billings 


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Disabling Firewall/iptables on CentOS 7??

[James Pifer]

I apologize if this has been asked and answered, but I googled and 
attempted things for several hours today without success.


I have a freshly installed CentOS 7 system that I'd like to disable the 
firewall and all iptables rules. Basically the equivalent of doing 
iptables -F


In a nutshell I've tried the following commands, in many different ways 
and orders, but when the system restarts it still seems to end up with 
some form of default rules. It even has a couple rules specifying 
192.168.122.0 and I can't figure out where it's coming from.


#Disable Firewall
systemctl stop firewalld
systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
systemctl disable firewalld
systemctl stop firewalld
iptables --flush
iptables --list
iptables -L
yum install iptables-services
service iptables save
systemctl enable iptables
service iptables save

Any help is appreciated.

Thanks
James
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kerberized-nfs - any experts out there?

[John Jasen]

On 03/22/2017 03:26 PM, Matt Garman wrote:
> Is anyone on the list using kerberized-nfs on any kind of scale?

Not for a good many years.

Are you using v3 or v4 NFS?

Also, you can probably stuff the rpc.gss* and idmapd services into
verbose mode, which may give you a better ideas as to whats going on.

And yes, the kernel does some kerberos caching. I think 10 to 15 minutes.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHEL 6.9 is out

[Digimer]

On 22/03/17 05:31 PM, Johnny Hughes wrote:
> On 03/22/2017 08:27 AM, Phelps, Matthew wrote:
>> On Wed, Mar 22, 2017 at 9:16 AM, Valeri Galtsev 
>> wrote:
>>
>>>
>>> On Wed, March 22, 2017 7:46 am, Phelps, Matthew wrote:
 Red Hat released RHEL 6.9 yesterday.

 Why isn't CentOS 6.9 out yet? :)

>>> Somebody has to do a hard work, I'm sure. Thanks, guys for the great work
>>> you are doing!
>>>
>>> Or you as sysadmin know that and just being ironic?
>>>
>>> Valeri
>>>
>>
>> To be clear, I was being ironic. Hence the smiley face.
>>
>> I just wanted to start a thread for future updates to appear in.
>>
> 
> There are 270 SRPMs that need to be built .. of those 18 require
> modification for branding.  All the mods have been applied and a build
> consisting of those 270 SRPMs has been queued.
> 
> As of right now (time of writing this mail), we are still building in
> pass 1 .. so far 236 of the 270 SRPMs have tried to build, 15 have had
> some sort of failure and the rest have built fine.
> 
> Working right now to figure out the failures and will resubmit those
> once the first pass of all 270 completes.
> 
> Thanks,
> Johnny Hughes

Sending a digital $drink... :)

-- 
Digimer
Papers and Projects: https://alteeve.com/w/
"I am, somehow, less interested in the weight and convolutions of
Einstein’s brain than in the near certainty that people of equal talent
have lived and died in cotton fields and sweatshops." - Stephen Jay Gould
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHEL 6.9 is out

[Johnny Hughes]

On 03/22/2017 08:27 AM, Phelps, Matthew wrote:
> On Wed, Mar 22, 2017 at 9:16 AM, Valeri Galtsev 
> wrote:
> 
>>
>> On Wed, March 22, 2017 7:46 am, Phelps, Matthew wrote:
>>> Red Hat released RHEL 6.9 yesterday.
>>>
>>> Why isn't CentOS 6.9 out yet? :)
>>>
>> Somebody has to do a hard work, I'm sure. Thanks, guys for the great work
>> you are doing!
>>
>> Or you as sysadmin know that and just being ironic?
>>
>> Valeri
>>
> 
> To be clear, I was being ironic. Hence the smiley face.
> 
> I just wanted to start a thread for future updates to appear in.
> 

There are 270 SRPMs that need to be built .. of those 18 require
modification for branding.  All the mods have been applied and a build
consisting of those 270 SRPMs has been queued.

As of right now (time of writing this mail), we are still building in
pass 1 .. so far 236 of the 270 SRPMs have tried to build, 15 have had
some sort of failure and the rest have built fine.

Working right now to figure out the failures and will resubmit those
once the first pass of all 270 completes.

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kerberized-nfs - any experts out there?

[James A. Peltier]

Feel free to contact me offline if you wish.  I'll just go on record as saying 
that it's a bear

- On 22 Mar, 2017, at 12:26, Matt Garman matthew.gar...@gmail.com wrote:

| Is anyone on the list using kerberized-nfs on any kind of scale?
| 
| I've been fighting with this for years.  In general, when we have
| issues with this system, they are random and/or not repeatable.  I've
| had very little luck with community support.  I hope I don't offend by
| saying that!  Rather, my belief is that these problems are very
| niche/esoteric, and so beyond the scope of typical community support.
| But I'd be delighted to be proven wrong!
| 
| So this is more of a "meta" question: anyone out there have any
| general recommendations for how to get support on what I presume are
| niche problems specific to our environment?  How is paid upstream
| support?
| 
| Just to give a little insight into our issues: we have an
| in-house-developed compute job dispatching system.  Say a user has
| 100s of analysis jobs he wants to run, he submits them to a central
| master process, which in turn dispatches them to a "farm" of >100
| compute nodes.  All these nodes have two different krb5p NFS mounts,
| to which the jobs will read and write.  So while the users can
| technically log in directly to the compute nodes, in practice they
| never do.  The logins are only "implicit" when the job dispatching
| system does a behind-the-scenes ssh to kick off these processes.
| 
| Just to give some "flavor" to the kinds of issues we're facing, what
| tends to crop up are one of three things:
| 
|(1) Random crashes.  These are full-on kernel trace dumps followed
| by an automatic reboot.  This was really bad under CentOS 5.  A random
| kernel upgrade magically fixed it.  It happens almost never under
| CentOS 6.  But happens fairly frequently under CentOS 7.  (We're
| completely off CentOS 5 now, BTW.)
| 
|(2) Permission denied issues.  I have user Kerberos tickets
| configured for 70 days.  But there is clearly some kind of
| undocumented kernel caching going on.  Looking at the Kerberos server
| logs, it looks like it "could" be a performance issue, as I see 100s
| of ticket requests within the same second when someone tries to launch
| a lot of jobs.  Many of these will fail with "permission denied" but
| if they immediately re-try, it works.  Related to this, I have been
| unable to figure out what creates and deletes the
| /tmp/krb5cc_uid_random files.
| 
|(3) Kerberized NFS shares getting "stuck" for one or more users.
| We have another monitoring app (in-house developed) that, among other
| things, makes periodic checks of these NFS mounts.  It does so by
| forking and doing a simple "ls" command.  This is to ensure that these
| mounts are alive and well.  Sometimes, the "ls" command gets stuck to
| the point where it can't even be killed via "kill -9".  Only a reboot
| fixes it.  But the mount is only stuck for the user running the
| monitoring app.  Or sometimes the monitoring app is fine, but an
| actual user's processes will get stuck in "D" state (in top, means
| waiting on IO), but everyone else's jobs (and access to the kerberizes
| nfs shares) are OK.
| 
| This is actually blocking us from upgrading to CentOS 7.  But my
| colleagues and I are at a loss how to solve this.  So this post is
| really more of a semi-desperate plea for any kind of advice.  What
| other resources might we consider?  Paid support is not out of the
| question (within reason).  Are there any "super specialist"
| consultants out there who deal in Kerberized NFS?
| 
| Thanks!
| Matt
| ___
| CentOS mailing list
| CentOS@centos.org
| https://lists.centos.org/mailman/listinfo/centos

-- 
James A. Peltier
IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone   : 604-365-6432
Fax : 778-782-3045
E-Mail  : jpelt...@sfu.ca
Website : http://www.sfu.ca/itservices
Twitter : @sfu_rcg
Powering Engagement Through Technology
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-es] Postfix o Exim ?

[David González Romero]

Y cuando tuve uno problema de seguridad fue por permitir el RALAY al
localhost. Una vez eliminado esto se resolvieron muchos problemas.

Saludos,
David

El día 22 de marzo de 2017, 17:49, David González Romero
 escribió:
>> Uno de los dolores de cabeza mas grandes en mi proceso como Sysadmin de
>> Postfix es que no existe la forma de limitar el numero de relays permitidos
>> por usuario, vaya, que por ejemplo "micue...@micorreo.com" solo pueda sacar
>> un maximo de 1,000 (un mil) correos diarios, de esta forma prevengo ataques
>> de spam desde dentro de mi servidor hacia fuera. *si existe la mera,
>> diganme porque jamas la encontre :S*
>
> Si existe y puedes limitar la cantidad de correos por envío... al día
> es más complejo... el tema principal de evitar SPAM tiene dos
> variantes:
> 1- Una buena configuración donde lo primero es SACAR del relay al
> localhost... si al localhost.
> 2- Hay que afinar muy bien las configuraciones con amavis-new si es
> que usas u otro analaizador que trabaje con SPAMASSASIN.
>
>> Por otro lado, tambien he tenido detalles con la parte del maillog, tuve
>> que hacer una interface peque~a web para tener una mejor referencia del uso
>> del MTA, ams que nada para detectar posibles ataques a las cuentas de mis
>> usuarios y tambien detectar alza de usos indebidos del SMTP por cuentas de
>> correo internas.
>
> En este aspecto hay dos formas también una la seguridad del server (ya
> te dije anteriormente) y otra seguridad en el cliente en este caso un
> software que valga la pena (Thunderbir por ejemplo) y con Antivirus
> actualizado.
>
>> Leyendo el manual oficial de Exim encuentro que este MTA si contiene mas
>> directrices de seguridad que permiten a un sysadmin un mejor control del
>> servidor de correo y uso del mismo, pero hasta aqui he llegado (simple
>> lectura).
> Te puedo asegurar que no... Ya yo viví esto pues EXIM es el MTA por
> defecto que se instala con CPANEL y tengo dos o tres clientes con
> problemas de seguridad con EXIM y ojo es EXIM no es el CPanel... Con
> Postfix no he tenido NUNCA estos problemas de envío a cuentas
> inexistentes.
>
>
>> Me gustaria saber su opinion ya que el par de servidores que tengo usan
>> postfix, uno como SMTP y el otro como Relay.
>
> Consejo 1 metele más seguridad a tu configuración TLS/SSL, DKIM,
> Maildir antes de Mbox, usuario NO REALES del sistema. Y como última
> variante un buen fail2ban que te pueda ayudar.
>
> Ahora si deseas migrar a EXIM y te encuentras con los mismos problemas
> que harás... pasar a Sendmail o Qmail??
>
> Yo uso Postfix + Dovecot hace AÑOS tengo servidores instalados desde
> 2009 que funcionan con esta combinación y NUNCA he tenido un problema
> de seguridad.
>
> Saludos,
> David
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS-es] Postfix o Exim ?

[David González Romero]

> Uno de los dolores de cabeza mas grandes en mi proceso como Sysadmin de
> Postfix es que no existe la forma de limitar el numero de relays permitidos
> por usuario, vaya, que por ejemplo "micue...@micorreo.com" solo pueda sacar
> un maximo de 1,000 (un mil) correos diarios, de esta forma prevengo ataques
> de spam desde dentro de mi servidor hacia fuera. *si existe la mera,
> diganme porque jamas la encontre :S*

Si existe y puedes limitar la cantidad de correos por envío... al día
es más complejo... el tema principal de evitar SPAM tiene dos
variantes:
1- Una buena configuración donde lo primero es SACAR del relay al
localhost... si al localhost.
2- Hay que afinar muy bien las configuraciones con amavis-new si es
que usas u otro analaizador que trabaje con SPAMASSASIN.

> Por otro lado, tambien he tenido detalles con la parte del maillog, tuve
> que hacer una interface peque~a web para tener una mejor referencia del uso
> del MTA, ams que nada para detectar posibles ataques a las cuentas de mis
> usuarios y tambien detectar alza de usos indebidos del SMTP por cuentas de
> correo internas.

En este aspecto hay dos formas también una la seguridad del server (ya
te dije anteriormente) y otra seguridad en el cliente en este caso un
software que valga la pena (Thunderbir por ejemplo) y con Antivirus
actualizado.

> Leyendo el manual oficial de Exim encuentro que este MTA si contiene mas
> directrices de seguridad que permiten a un sysadmin un mejor control del
> servidor de correo y uso del mismo, pero hasta aqui he llegado (simple
> lectura).
Te puedo asegurar que no... Ya yo viví esto pues EXIM es el MTA por
defecto que se instala con CPANEL y tengo dos o tres clientes con
problemas de seguridad con EXIM y ojo es EXIM no es el CPanel... Con
Postfix no he tenido NUNCA estos problemas de envío a cuentas
inexistentes.


> Me gustaria saber su opinion ya que el par de servidores que tengo usan
> postfix, uno como SMTP y el otro como Relay.

Consejo 1 metele más seguridad a tu configuración TLS/SSL, DKIM,
Maildir antes de Mbox, usuario NO REALES del sistema. Y como última
variante un buen fail2ban que te pueda ayudar.

Ahora si deseas migrar a EXIM y te encuentras con los mismos problemas
que harás... pasar a Sendmail o Qmail??

Yo uso Postfix + Dovecot hace AÑOS tengo servidores instalados desde
2009 que funcionan con esta combinación y NUNCA he tenido un problema
de seguridad.

Saludos,
David
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS] kerberized-nfs - any experts out there?

[m . roth]

Matt Garman wrote:
> Is anyone on the list using kerberized-nfs on any kind of scale?
>
We use it here. I don't think I'm an expert - my manager is - but let me
think about your issues.

> Just to give a little insight into our issues: we have an
> in-house-developed compute job dispatching system.  Say a user has
> 100s of analysis jobs he wants to run, he submits them to a central
> master process, which in turn dispatches them to a "farm" of >100
> compute nodes.  All these nodes have two different krb5p NFS mounts,
> to which the jobs will read and write.  So while the users can
> technically log in directly to the compute nodes, in practice they
> never do.  The logins are only "implicit" when the job dispatching
> system does a behind-the-scenes ssh to kick off these processes.

I would strongly recommend that you look into slurm. It's being used here
in both large and small scale, and is explicitly for that purpose.
>
> Just to give some "flavor" to the kinds of issues we're facing, what
> tends to crop up are one of three things:
>
> (1) Random crashes.  These are full-on kernel trace dumps followed
> by an automatic reboot.  This was really bad under CentOS 5.  A random
> kernel upgrade magically fixed it.  It happens almost never under
> CentOS 6.  But happens fairly frequently under CentOS 7.  (We're
> completely off CentOS 5 now, BTW.)

This may possibly be another issue.
>
> (2) Permission denied issues.  I have user Kerberos tickets
> configured for 70 days.  But there is clearly some kind of
> undocumented kernel caching going on.  Looking at the Kerberos server
> logs, it looks like it "could" be a performance issue, as I see 100s
> of ticket requests within the same second when someone tries to launch
> a lot of jobs.  Many of these will fail with "permission denied" but
> if they immediately re-try, it works.  Related to this, I have been
> unable to figure out what creates and deletes the
> /tmp/krb5cc_uid_random files.

Are they asking for *new* credentials each time? They should only be doing
one kinit.
>
> (3) Kerberized NFS shares getting "stuck" for one or more users.
> We have another monitoring app (in-house developed) that, among other
> things, makes periodic checks of these NFS mounts.  It does so by
> forking and doing a simple "ls" command.  This is to ensure that these
> mounts are alive and well.  Sometimes, the "ls" command gets stuck to
> the point where it can't even be killed via "kill -9".  Only a reboot
> fixes it.  But the mount is only stuck for the user running the
> monitoring app.  Or sometimes the monitoring app is fine, but an
> actual user's processes will get stuck in "D" state (in top, means
> waiting on IO), but everyone else's jobs (and access to the kerberizes
> nfs shares) are OK.

And there's nothing in the logs, correct? Have you tried attaching strace
to one of those, and see if you can get a clue as to what's happening?


mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] kerberized-nfs - any experts out there?

[Matt Garman]

Is anyone on the list using kerberized-nfs on any kind of scale?

I've been fighting with this for years.  In general, when we have
issues with this system, they are random and/or not repeatable.  I've
had very little luck with community support.  I hope I don't offend by
saying that!  Rather, my belief is that these problems are very
niche/esoteric, and so beyond the scope of typical community support.
But I'd be delighted to be proven wrong!

So this is more of a "meta" question: anyone out there have any
general recommendations for how to get support on what I presume are
niche problems specific to our environment?  How is paid upstream
support?

Just to give a little insight into our issues: we have an
in-house-developed compute job dispatching system.  Say a user has
100s of analysis jobs he wants to run, he submits them to a central
master process, which in turn dispatches them to a "farm" of >100
compute nodes.  All these nodes have two different krb5p NFS mounts,
to which the jobs will read and write.  So while the users can
technically log in directly to the compute nodes, in practice they
never do.  The logins are only "implicit" when the job dispatching
system does a behind-the-scenes ssh to kick off these processes.

Just to give some "flavor" to the kinds of issues we're facing, what
tends to crop up are one of three things:

(1) Random crashes.  These are full-on kernel trace dumps followed
by an automatic reboot.  This was really bad under CentOS 5.  A random
kernel upgrade magically fixed it.  It happens almost never under
CentOS 6.  But happens fairly frequently under CentOS 7.  (We're
completely off CentOS 5 now, BTW.)

(2) Permission denied issues.  I have user Kerberos tickets
configured for 70 days.  But there is clearly some kind of
undocumented kernel caching going on.  Looking at the Kerberos server
logs, it looks like it "could" be a performance issue, as I see 100s
of ticket requests within the same second when someone tries to launch
a lot of jobs.  Many of these will fail with "permission denied" but
if they immediately re-try, it works.  Related to this, I have been
unable to figure out what creates and deletes the
/tmp/krb5cc_uid_random files.

(3) Kerberized NFS shares getting "stuck" for one or more users.
We have another monitoring app (in-house developed) that, among other
things, makes periodic checks of these NFS mounts.  It does so by
forking and doing a simple "ls" command.  This is to ensure that these
mounts are alive and well.  Sometimes, the "ls" command gets stuck to
the point where it can't even be killed via "kill -9".  Only a reboot
fixes it.  But the mount is only stuck for the user running the
monitoring app.  Or sometimes the monitoring app is fine, but an
actual user's processes will get stuck in "D" state (in top, means
waiting on IO), but everyone else's jobs (and access to the kerberizes
nfs shares) are OK.

This is actually blocking us from upgrading to CentOS 7.  But my
colleagues and I are at a loss how to solve this.  So this post is
really more of a semi-desperate plea for any kind of advice.  What
other resources might we consider?  Paid support is not out of the
question (within reason).  Are there any "super specialist"
consultants out there who deal in Kerberized NFS?

Thanks!
Matt
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] KVM guest fails to boot cleanly

[m . roth]

James B. Byrne wrote:

> Looking at transaction 367 more closely we see that the kernel was
> updated to 2.6.32-642.15.1.el6.x86_64 on March 10 but that a number or
> errors, whose nature I do not comprehend, were also reported.
>
> # yum history info 367
> Loaded plugins: etckeeper, fastestmirror, priorities,
> refresh-packagekit, security
> Transaction ID : 367
> Begin time : Fri Mar 10 16:42:32 2017
> Begin rpmdb: 1489:fd0eb9a01b1667f826b8fead9bc0a05e5bc43efd
> End time   :16:43:59 2017 (87 seconds)
> End rpmdb  : 1461:cac690d6280fa97910ccb59d0d1f6d43990dfd0a
> User   : root 
> Return-Code: Success
> Transaction performed with:
> Installed rpm-4.8.0-55.el6.x86_64   @base
> Installed yum-3.2.29-75.el6.centos.noarch   @updates
> Installed yum-metadata-parser-1.1.2-16.el6.x86_64
> @anaconda-CentOS-201207061011.x86_64/6.3
> Installed yum-plugin-fastestmirror-1.1.30-37.el6.noarch @base
> Installed yum-utils-1.1.30-37.el6.noarch@base
> Packages Altered:
> Updated firefox-45.7.0-1.el6.centos.x86_64@updates
> Update  45.7.0-2.el6.centos.x86_64@updates
> Updated gnome-settings-daemon-2.28.2-35.el6.x86_64@base
> Update2.28.2-35.el6_8.2.x86_64@updates
> Erase   initscripts-9.03.53-1.el6.centos.1.x86_64 @updates
> Erase   kernel-2.6.32-642.4.2.el6.x86_64  @updates
> Erase   kernel-firmware-2.6.32-642.13.1.el6.noarch@updates
> Updated kernel-headers-2.6.32-642.13.1.el6.x86_64 @updates
> Update 2.6.32-642.15.1.el6.x86_64 @updates
> Updated kexec-tools-2.0.0-300.el6_8.1.x86_64  @updates
> Update  2.0.0-300.el6_8.2.x86_64  @updates
> Erase   libbasicobjects-0.1.1-11.el6.x86_64   @base
> Erase   libblkid-2.17.2-12.24.el6_8.1.x86_64  @updates
> Erase   libcollection-0.6.2-11.el6.x86_64 @base
> Erase   libdhash-0.4.3-11.el6.x86_64  @base
> Erase   libini_config-1.1.0-11.el6.x86_64 @base
> Erase   libipa_hbac-1.13.3-22.el6_8.4.x86_64  @updates
> Erase   libpath_utils-0.2.1-11.el6.x86_64 @base
> Erase   libref_array-0.1.4-11.el6.x86_64  @base
> Erase   libsss_idmap-1.13.3-22.el6_8.4.x86_64 @updates
> Erase   libuuid-2.17.2-12.24.el6_8.1.x86_64   @updates
> Updated openssl-1.0.1e-48.el6_8.3.i686@updates
> Erase   openssl-1.0.1e-48.el6_8.3.x86_64  @updates
> Update  openssl-1.0.1e-48.el6_8.4.i686@updates
> Updated openssl-devel-1.0.1e-48.el6_8.3.x86_64@updates
> Update1.0.1e-48.el6_8.4.x86_64@updates
> Updated python-libipa_hbac-1.13.3-22.el6_8.4.x86_64   @updates
> Update 1.13.3-22.el6_8.6.x86_64   @updates
> Erase   python-sssdconfig-1.13.3-22.el6_8.4.noarch@updates
> Erase   selinux-policy-3.7.19-292.el6_8.2.noarch  @updates
> Erase   selinux-policy-targeted-3.7.19-292.el6_8.2.noarch @updates
> Erase   sssd-1.13.3-22.el6_8.4.x86_64 @updates
> Erase   sssd-ad-1.13.3-22.el6_8.4.x86_64  @updates
> Erase   sssd-client-1.13.3-22.el6_8.4.x86_64  @updates
> Erase   sssd-common-1.13.3-22.el6_8.4.x86_64  @updates
> Erase   sssd-common-pac-1.13.3-22.el6_8.4.x86_64  @updates
> Erase   sssd-ipa-1.13.3-22.el6_8.4.x86_64 @updates
> Erase   sssd-krb5-1.13.3-22.el6_8.4.x86_64@updates
> Erase   sssd-krb5-common-1.13.3-22.el6_8.4.x86_64 @updates
> Erase   sssd-ldap-1.13.3-22.el6_8.4.x86_64@updates
> Erase   sssd-proxy-1.13.3-22.el6_8.4.x86_64   @updates
> Erase   util-linux-ng-2.17.2-12.24.el6_8.1.x86_64 @updates
> Scriptlet output:
>1 warning:erase unlink of
> /lib/modules/2.6.32-642.4.2.el6.x86_64/weak-updates failed: No such
> file or directory
>2 warning:erase unlink of
> /lib/modules/2.6.32-642.4.2.el6.x86_64/modules.order failed: No
> such file or directory
>3 warning:erase unlink of
> /lib/modules/2.6.32-642.4.2.el6.x86_64/modules.networking failed:
> No such file or directory
>4 warning:erase unlink of
> /lib/modules/2.6.32-642.4.2.el6.x86_64/modules.modesetting failed:
> No such file or directory
>5 warning:erase unlink of
> /lib/modules/2.6.32-642.4.2.el6.x86_64/modules.drm failed: No such
> file or directory
>6 warning:erase unlink of
> /lib/modules/2.6.32-642.4.2.el6.x86_64/modules.block failed: No
> such file or directory
>
> Reviewing grub.conf I note that the initrd entry is missing from the
> 

Re: [CentOS] Centos 7.3.1611 - NetworkManager + dhcp + ipv6

[Diaulas Castro]

Hi Patrick,

I did not disabled on grub or module because of Centos 7 FAQ tips
"Upstream employee Daniel Walsh recommends not  disabling the ipv6 module, as 
that can cause issues with SELinux and other components, but adding the 
following to /etc/sysctl.conf"

So I used only sysctl, but the dhcp client or NM or systemd overwrite sysctl 
settings.

About using NM I can't because the VM it's deployed from OVA template, can't 
connect to disable ipv6 until I get the ipv4 address.

If there's on NM conf to disable ipv6 on all NEW interfaces/connections will 
help me, so I can edit the OVA file.
  
De: CentOS  em nome de Patrick Laimbock 

Enviado: quarta-feira, 22 de março de 2017 08:01:49
Para: centos@centos.org
Assunto: Re: [CentOS] Centos 7.3.1611 - NetworkManager + dhcp + ipv6
    
On 21-03-17 20:51, Diaulas Castro wrote:
> Used steps on sysctl from Centos7 FAQ (https://wiki.centos.org/FAQ/CentOS7) 
> and some gathered on internet
>
> # cat /etc/sysctl.d/90-disable_ipv6.conf
> net.ipv6.conf.all.disable_ipv6=1
> net.ipv6.conf.default.disable_ipv6=1
> net.ipv6.conf.eth0.disable_ipv6=1
> net.ipv6.conf.eth1.disable_ipv6=1
> net.ipv6.conf.all.use_tempaddr=0
> net.ipv6.conf.all.autoconf=0
> net.ipv6.conf.all.accept_ra=0
> net.ipv6.conf.default.autoconf=0
> net.ipv6.conf.default.accept_ra=0
> net.ipv6.conf.eth0.autoconf=0
> net.ipv6.conf.eth1.autoconf=0
>
>
> But with dhcp, NetworkManager (or something) reenables ipv6 on interfaces.
>
> #sysctl -a | grep ipv6 | grep disable
> net.ipv6.conf.all.disable_ipv6 = 1
> net.ipv6.conf.default.disable_ipv6 = 1
> net.ipv6.conf.eth0.disable_ipv6 = 0
> net.ipv6.conf.eth1.disable_ipv6 = 1
> net.ipv6.conf.lo.disable_ipv6 = 1
>
> And the interface gets the ipv4 but still have temporary ipv6 on it (our dhcp 
> doesnt support ipv6)
>
> # ip a s eth0
> 2: eth0:  mtu 1500 qdisc mq state UP qlen 
> 1000
> link/ether 00:0c:29:31:5a:9d brd ff:ff:ff:ff:ff:ff
> inet 10.10.216.247/24 brd 10.10.216.255 scope global dynamic eth0
>    valid_lft 451sec preferred_lft 451sec
> inet6 fe80::20c:29ff:fe31:5a9d/64 scope link
>    valid_lft forever preferred_lft forever
>
> And this bugs  my use for ovftool with the option "--X:waitForIp" because 
> it's returns (mostly of times) the ipv6 addr
>
> It's a bug, missing documentation or my

IIRC you can disable IPv6 in NetworkManager with:

# nmcli connection modify eth0 ipv6.method ignore
# systemctl restart NetworkManager

or you can disable IPv6 entirely with:

# vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 "

# grub-mkconfig -o /boot/grub2/grub.cfg
# reboot

HTH,
Patrick
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] I want to connect to a l2tp server from centos.

[Eliezer Croitoru]

Thanks!

Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il



-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf
Of Gordon Messmer
Sent: Monday, September 21, 2015 9:46 PM
To: CentOS mailing list 
Subject: Re: [CentOS] I want to connect to a l2tp server from centos.

On 09/20/2015 05:50 PM, Eliezer Croitoru wrote:
> I do not have any security issue in this network.
> I need to connect to a remote network on a secure network.
> The options are pptp or l2tp(no ipsec encryption) so I do want to use 
> l2tp like in (lac\lns) and I am looking for a client for CentOS.

The client is "xl2tpd", and you can find it in EPEL.

Client setup is described here:
http://www.xinotes.net/notes/note/1524/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] KVM guest fails to boot cleanly

[James B. Byrne]

I have a KVM vm running CentOS-6.8 on a host also running CentOS-6.8. 
This instance is used for occasional development projects which
require segregation.  Thus it is seldom accessed.

At some point in the recent past this guest developed an issue with
starting.  Specifically these messages were found in the system log
files:

/var/log/messages-20170312:Mar 10 16:31:06 vhost04 kernel: dracut:
inactive '/dev/vg_vhost04/lv_cm_xnet245.harte-lyne.ca_00' [31.25 GiB]
inherit
/var/log/messages-20170312:Mar 10 16:31:06 vhost04 kernel: dracut:
inactive '/dev/vg_vhost04/lv_vm_xnet241.harte-lyne.ca_00' [32.00 GiB]
inherit
/var/log/messages-20170312:Mar 10 16:31:06 vhost04 kernel: dracut:
inactive '/dev/vg_vhost04/lv_vm_xnet241.harte-lyne.ca_01' [32.00 GiB]
inherit
/var/log/messages-20170312:Mar 10 16:31:06 vhost04 kernel: dracut:
inactive '/dev/vg_vhost04/lv_vm_xnet241.harte-lyne.ca_02' [32.00 GiB]
inherit
/var/log/messages-20170312:Mar 10 16:31:06 vhost04 kernel: dracut:
inactive '/dev/vg_vhost04/lv_vm_xnet242.harte-lyne.ca_00' [31.25 GiB]
inherit
/var/log/messages-20170312:Mar 10 16:31:06 vhost04 kernel: dracut:
inactive '/dev/vg_vhost04/lv_vm_xnet243.harte-lyne.ca_00' [31.25 GiB]
inherit
/var/log/messages-20170312:Mar 10 16:31:06 vhost04 kernel: dracut:
inactive '/dev/vg_vhost04/lv_vm_xnet244.harte-lyne.ca_00' [31.25 GiB]
inherit
/var/log/messages-20170312:Mar 10 16:31:06 vhost04 kernel: dracut:
inactive '/dev/vg_vhost04/lv_vm_xnet245.harte-lyne.ca_00' [31.25 GiB]
inherit
/var/log/messages:Mar 20 08:52:10 vhost04 kernel: dracut: inactive
'/dev/vg_vhost04/lv_cm_xnet245.harte-lyne.ca_00' [31.25 GiB] inherit
/var/log/messages:Mar 20 08:52:10 vhost04 kernel: dracut: inactive
'/dev/vg_vhost04/lv_vm_xnet241.harte-lyne.ca_00' [32.00 GiB] inherit
/var/log/messages:Mar 20 08:52:10 vhost04 kernel: dracut: inactive
'/dev/vg_vhost04/lv_vm_xnet241.harte-lyne.ca_01' [32.00 GiB] inherit
/var/log/messages:Mar 20 08:52:10 vhost04 kernel: dracut: inactive
'/dev/vg_vhost04/lv_vm_xnet241.harte-lyne.ca_02' [32.00 GiB] inherit
/var/log/messages:Mar 20 08:52:10 vhost04 kernel: dracut: inactive
'/dev/vg_vhost04/lv_vm_xnet242.harte-lyne.ca_00' [31.25 GiB] inherit
/var/log/messages:Mar 20 08:52:10 vhost04 kernel: dracut: inactive
'/dev/vg_vhost04/lv_vm_xnet243.harte-lyne.ca_00' [31.25 GiB] inherit
/var/log/messages:Mar 20 08:52:10 vhost04 kernel: dracut: inactive
'/dev/vg_vhost04/lv_vm_xnet244.harte-lyne.ca_00' [31.25 GiB] inherit
/var/log/messages:Mar 20 08:52:10 vhost04 kernel: dracut: inactive
'/dev/vg_vhost04/lv_vm_xnet245.harte-lyne.ca_00' [31.25 GiB] inherit


It appears that this issue was first encountered on March 10 as our
log files go back much further than that and have no earlier record.

The symptom presented on the guest console during boot is:

  Error 13: Invalid or unsupported executable format

  Press any key to continue...

Pressing enter brings up the following text display

  GNU GRUB version 0.97 (615K lower / 3668980K upper memory)

CentOS (2.6.32-641.15.1.el6.x86_64)
CentOS (2.6.32-641.13.1.el6.x86_64)
CentOS (2.6.32-641.11.1.el6.x86_64)
CentOS (2.6.32-641.2.1.el6.x86_64)

  Use the  and  keys to select which entry is
highlighted
  Press enter to boot the selected OS, 'e' to edit . . .

The first choice repeats the Error.  The second choice boots cleanly.


Looking at yum history I see this:

yum history
Loaded plugins: etckeeper, fastestmirror, priorities,
refresh-packagekit, security
ID | Login user | Date and time| Action(s)  | Altered
-
. . .
   368 | root | 2017-03-10 16:46 | Update |4
   367 | root | 2017-03-10 16:42 | E, U   |   35 EE
. . .

Looking at transaction 367 more closely we see that the kernel was
updated to 2.6.32-642.15.1.el6.x86_64 on March 10 but that a number or
errors, whose nature I do not comprehend, were also reported.

# yum history info 367
Loaded plugins: etckeeper, fastestmirror, priorities,
refresh-packagekit, security
Transaction ID : 367
Begin time : Fri Mar 10 16:42:32 2017
Begin rpmdb: 1489:fd0eb9a01b1667f826b8fead9bc0a05e5bc43efd
End time   :16:43:59 2017 (87 seconds)
End rpmdb  : 1461:cac690d6280fa97910ccb59d0d1f6d43990dfd0a
User   : root 
Return-Code: Success
Transaction performed with:
Installed rpm-4.8.0-55.el6.x86_64   @base
Installed yum-3.2.29-75.el6.centos.noarch   @updates
Installed yum-metadata-parser-1.1.2-16.el6.x86_64  
@anaconda-CentOS-201207061011.x86_64/6.3
Installed yum-plugin-fastestmirror-1.1.30-37.el6.noarch @base
Installed yum-utils-1.1.30-37.el6.noarch@base
Packages Altered:
Updated firefox-45.7.0-1.el6.centos.x86_64@updates
Update  45.7.0-2.el6.centos.x86_64@updates
Updated gnome-settings-daemon-2.28.2-35.el6.x86_64

Re: [CentOS-es] Problema Puertos Firewalld e Iptables.

[Wilmer Arambula]

Listo el programa que escuchaba por el puerto no estaba activo,

Slds,

El 22 de marzo de 2017, 10:09, Wilmer Arambula  escribió:

> Gracias por tu respuesta si efectivamente ya habia hecho lo que me
> comentastes, de hech he podido abrir puertos sin problemas usando
> servicios, y funcionan correctamente, el problema es cuando intento hacerlo
> por rango de puertos:
>
> $ sudo firewall-cmd --zone=external --list-all
> external (active)
>   target: default
>   icmp-block-inversion: no
>   interfaces: venet0:0
>   sources:
>   services: dhcpv6-client http https imaps smtp smtps ssh webmin
>   ports: 35500-36000/tcp 35500-36000/udp
>   protocols:
>   masquerade: yes
>   forward-ports:
>   sourceports:
>   icmp-blocks: echo-reply echo-request
>   rich rules:
> rule family="ipv4" source address="200.20.245.102/32" port
> port="3306" protocol="tcp" accept
>
>
>
> Como puedes ver esta correctamente pero no me funcioan y no lo entiendo,
>
> Saludos,
>
>
>
>
> El 22 de marzo de 2017, 9:03, Arturo Diaz D. 
> escribió:
>
>> Wilmer
>>
>> Tienes una confusion, firewalld e iptables son servicios de seguridad
>> diferentes y es mas, no deben convivir juntos.
>>
>> Debes parar y hacer un mask del servicio iptables para que firewalld
>> funcione correctamente.
>>
>> Este link puede orientarte
>>
>> https://www.unixmen.com/iptables-vs-firewalld/
>>
>>
>>
>> Saludos cordiales
>>
>>
>> -
>> *Arturo Diaz D.*
>> *RHCE /RHCSA*
>> *Skype arturodiaz.d*
>> *Linkedin *https://cl.linkedin.com/in/arturodiazdiaz
>>
>> 
>>
>> El 22 de marzo de 2017, 9:53, Wilmer Arambula <
>> tecnologiaterab...@gmail.com>
>> escribió:
>>
>> > Buenos dias estoy tratando de abrir un rango de puertos por Firewalld
>> > (Iptables) pero no logro abrirlos:
>> >
>> > Comando:
>> >
>> > sudo firewall-cmd --permanent --zone=external --add-port=35500-36000/tcp
>> > sudo firewall-cmd --permanent --zone=external --add-port=35500-36000/udp
>> > sudo firewall-cmd -reload
>> > Sudo ipatables -L
>> >
>> > Chain IN_external_allow (1 references)
>> > target prot opt source   destination
>> > ACCEPT tcp  --  anywhere anywhere tcp
>> > dpts:35500:36000 ctstate NEW
>> > ACCEPT udp  --  anywhere anywhere udp
>> > dpts:35500:36000 ctstate NEW
>> >
>> > pero cuando chequeo los puertos estan cerrados, alguna idea, incluzo los
>> > coloque en zona dms y nada.
>> >
>> >
>> > --
>> > *Wilmer Arambula. *
>> > ___
>> > CentOS-es mailing list
>> > CentOS-es@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos-es
>> >
>> ___
>> CentOS-es mailing list
>> CentOS-es@centos.org
>> https://lists.centos.org/mailman/listinfo/centos-es
>>
>
>
>
>
>
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS-virt] grub-bootxen.sh

[Alvin Starr]

I actually move the default *.repo files and replace them with "".

The thing is that Katello turns all the downloaded yum content into a 
single redhat.repo file and I don't have to install any more *-release-* 
rpms any more.


I would argue that I should not need to install any *-release-* rpms at 
all to get all the required software.



On 03/22/2017 09:34 AM, -=X.L.O.R.D=- wrote:

Maybe you just don't need to remove anything at all but just move them to
another folder that does the same goal.
For *-release-*.rpm, again it is explained itself.

Xlord

-Original Message-
From: CentOS-virt [mailto:centos-virt-boun...@centos.org] On Behalf Of Alvin
Starr
Sent: Tuesday, March 21, 2017 1:45 AM
To: centos-virt@centos.org
Subject: [CentOS-virt] grub-bootxen.sh

This is not abit issue just a minor annoyance.

I use Foreman to provision my systems and to keep control I remove all the
default *.repo files andkeep away from installing more *.repo files so I can
control the content via the foreman(katello) provided redhat.repo.

I would argue that the *-release-*.rpm should not contain any setup code
but just the stuff in /etc/yum.repos.d.




--
Alvin Starr   ||   voice: (905)513-7688
Netvel Inc.   ||   Cell:  (416)806-0133
al...@netvel.net  ||

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] RHEL 6.9 is out

[Phelps, Matthew]

On Wed, Mar 22, 2017 at 9:16 AM, Valeri Galtsev 
wrote:

>
> On Wed, March 22, 2017 7:46 am, Phelps, Matthew wrote:
> > Red Hat released RHEL 6.9 yesterday.
> >
> > Why isn't CentOS 6.9 out yet? :)
> >
> Somebody has to do a hard work, I'm sure. Thanks, guys for the great work
> you are doing!
>
> Or you as sysadmin know that and just being ironic?
>
> Valeri
>

To be clear, I was being ironic. Hence the smiley face.

I just wanted to start a thread for future updates to appear in.

-- 
Matt Phelps
System Administrator, Computation Facility
Harvard - Smithsonian Center for Astrophysics
mphe...@cfa.harvard.edu, http://www.cfa.harvard.edu
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHEL 6.9 is out

[Valeri Galtsev]

On Wed, March 22, 2017 7:46 am, Phelps, Matthew wrote:
> Red Hat released RHEL 6.9 yesterday.
>
> Why isn't CentOS 6.9 out yet? :)
>
Somebody has to do a hard work, I'm sure. Thanks, guys for the great work
you are doing!

Or you as sysadmin know that and just being ironic?

Valeri

>
>
> --
> Matt Phelps
> System Administrator, Computation Facility
> Harvard - Smithsonian Center for Astrophysics
> mphe...@cfa.harvard.edu, http://www.cfa.harvard.edu
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-es] Problema Puertos Firewalld e Iptables.

[Pablo Flores Aravena]

Y tu selinux esta activo?
Estoy seguro que selinux esta bloqueando lo que quieres hacer.

PD: firewalld e iptables son distintos. pero puedes deshabilitar firewalld
he instalar iptables

Saludos


*Pablo Flores AravenaIngeniero Informátic*o
Sysadmin, Centro de Tecnología de la Información CTI-FAVET
Facultad de Cs. Veterinarias y Pecuarias - Universidad de Chile
Tel: +56 (02) 2978 56 31 - +56 (02) 2978 55 46

El 22 de marzo de 2017, 10:03, Arturo Diaz D. 
escribió:

> Wilmer
>
> Tienes una confusion, firewalld e iptables son servicios de seguridad
> diferentes y es mas, no deben convivir juntos.
>
> Debes parar y hacer un mask del servicio iptables para que firewalld
> funcione correctamente.
>
> Este link puede orientarte
>
> https://www.unixmen.com/iptables-vs-firewalld/
>
>
>
> Saludos cordiales
>
>
> -
> *Arturo Diaz D.*
> *RHCE /RHCSA*
> *Skype arturodiaz.d*
> *Linkedin *https://cl.linkedin.com/in/arturodiazdiaz
>
> 
>
> El 22 de marzo de 2017, 9:53, Wilmer Arambula <
> tecnologiaterab...@gmail.com>
> escribió:
>
> > Buenos dias estoy tratando de abrir un rango de puertos por Firewalld
> > (Iptables) pero no logro abrirlos:
> >
> > Comando:
> >
> > sudo firewall-cmd --permanent --zone=external --add-port=35500-36000/tcp
> > sudo firewall-cmd --permanent --zone=external --add-port=35500-36000/udp
> > sudo firewall-cmd -reload
> > Sudo ipatables -L
> >
> > Chain IN_external_allow (1 references)
> > target prot opt source   destination
> > ACCEPT tcp  --  anywhere anywhere tcp
> > dpts:35500:36000 ctstate NEW
> > ACCEPT udp  --  anywhere anywhere udp
> > dpts:35500:36000 ctstate NEW
> >
> > pero cuando chequeo los puertos estan cerrados, alguna idea, incluzo los
> > coloque en zona dms y nada.
> >
> >
> > --
> > *Wilmer Arambula. *
> > ___
> > CentOS-es mailing list
> > CentOS-es@centos.org
> > https://lists.centos.org/mailman/listinfo/centos-es
> >
> ___
> CentOS-es mailing list
> CentOS-es@centos.org
> https://lists.centos.org/mailman/listinfo/centos-es
>
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS-es] Problema Puertos Firewalld e Iptables.

[Arturo Diaz D.]

Wilmer

Tienes una confusion, firewalld e iptables son servicios de seguridad
diferentes y es mas, no deben convivir juntos.

Debes parar y hacer un mask del servicio iptables para que firewalld
funcione correctamente.

Este link puede orientarte

https://www.unixmen.com/iptables-vs-firewalld/



Saludos cordiales


-
*Arturo Diaz D.*
*RHCE /RHCSA*
*Skype arturodiaz.d*
*Linkedin *https://cl.linkedin.com/in/arturodiazdiaz



El 22 de marzo de 2017, 9:53, Wilmer Arambula 
escribió:

> Buenos dias estoy tratando de abrir un rango de puertos por Firewalld
> (Iptables) pero no logro abrirlos:
>
> Comando:
>
> sudo firewall-cmd --permanent --zone=external --add-port=35500-36000/tcp
> sudo firewall-cmd --permanent --zone=external --add-port=35500-36000/udp
> sudo firewall-cmd -reload
> Sudo ipatables -L
>
> Chain IN_external_allow (1 references)
> target prot opt source   destination
> ACCEPT tcp  --  anywhere anywhere tcp
> dpts:35500:36000 ctstate NEW
> ACCEPT udp  --  anywhere anywhere udp
> dpts:35500:36000 ctstate NEW
>
> pero cuando chequeo los puertos estan cerrados, alguna idea, incluzo los
> coloque en zona dms y nada.
>
>
> --
> *Wilmer Arambula. *
> ___
> CentOS-es mailing list
> CentOS-es@centos.org
> https://lists.centos.org/mailman/listinfo/centos-es
>
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS-es] Problema Puertos Firewalld e Iptables.

[Wilmer Arambula]

Buenos dias estoy tratando de abrir un rango de puertos por Firewalld
(Iptables) pero no logro abrirlos:

Comando:

sudo firewall-cmd --permanent --zone=external --add-port=35500-36000/tcp
sudo firewall-cmd --permanent --zone=external --add-port=35500-36000/udp
sudo firewall-cmd -reload
Sudo ipatables -L

Chain IN_external_allow (1 references)
target prot opt source   destination
ACCEPT tcp  --  anywhere anywhere tcp
dpts:35500:36000 ctstate NEW
ACCEPT udp  --  anywhere anywhere udp
dpts:35500:36000 ctstate NEW

pero cuando chequeo los puertos estan cerrados, alguna idea, incluzo los
coloque en zona dms y nada.


-- 
*Wilmer Arambula. *
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS] RHEL 6.9 is out

[Phelps, Matthew]

Red Hat released RHEL 6.9 yesterday.

Why isn't CentOS 6.9 out yet? :)



-- 
Matt Phelps
System Administrator, Computation Facility
Harvard - Smithsonian Center for Astrophysics
mphe...@cfa.harvard.edu, http://www.cfa.harvard.edu
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] Xen C6 kernel 4.9.13 and testing 4.9.15 only reboots.

[PJ Welsh]

The last few lines are
NMI watchdog: disabled CPU0 hardware events not enabled
NMI watchdog: shutting down hard lockup detector on all CPUS
installing Xen timer for CPU1
installing Xen timer for CPU2
installing Xen timer for CPU3
installing Xen timer for CPU4
installing Xen timer for CPU5
installing Xen timer for CPU6

Here is the screen shot:
https://goo.gl/photos/yNQqaQY9bJBWQ84X8
It stops at CPU6. This is a dual socket server with 2x 6core L5639 CPUs (HT
disabled). I'm surprised to see it stop at 6.

Thanks
PJ




On Tue, Mar 21, 2017 at 1:39 PM, Kevin Stange  wrote:

> On 03/21/2017 07:48 AM, PJ Welsh wrote:
> > On Mon, Mar 20, 2017 at 5:21 PM, Ricardo J. Barberis
> > > wrote:
> >
> > El Lunes 20/03/2017, PJ Welsh escribió:
> > > Still just starts the kernel and wihtin 4 seconds reboots with
> 4.9.16-24.
> > > Thanks
> > > PJ
> >
> > Edit grub's entry and add "noreboot" to your xen parameters, maybe
> > when the
> > kernel panicks xen detects it and automatically reboots it.
> >
> >
> >
> > "noreboot" grub.conf option still produced nothing other than a flashing
> > cursor on the top left. Also, neither num-lock nor caps-lock respond at
> > this time... I seem no closer with helpful information other than, "it's
> > broken" :(
> > Here is the grub.conf stanza for the kernel:
> > title CentOS (4.9.16-24.el6.centos.plus.x86_64)
> > root (hd0,1)
> > kernel /boot/xen.gz dom0_mem=3G,max:3G cpuinfo com1=115200,8n1
> > console=com1,tty loglvl=all gue
> > st_loglvl=all noreboot
> > module /boot/vmlinuz-4.9.16-24.el6.centos.plus.x86_64 ro
> > root=UUID=bc0727e1-882c-4fbc-a4d9-e4c
> > f754d72b7 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD
> > SYSFONT=latarcyrheb-sun16 crashkernel=auto  K
> > EYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet reboot=pci max_loop=64
> > module /boot/initramfs-4.9.16-24.el6.centos.plus.x86_64.img
>
> Try removing "rhgb" and "quiet" from your boot options as well.
>
> --
> Kevin Stange
> Chief Technology Officer
> Steadfast | Managed Infrastructure, Datacenter and Cloud Services
> 800 S Wells, Suite 190 | Chicago, IL 60607
> 312.602.2689 X203 | Fax: 312.602.2688
> ke...@steadfast.net | www.steadfast.net
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
>
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] Centos 7.3.1611 - NetworkManager + dhcp + ipv6

[Patrick Laimbock]

On 21-03-17 20:51, Diaulas Castro wrote:

Used steps on sysctl from Centos7 FAQ (https://wiki.centos.org/FAQ/CentOS7) and 
some gathered on internet

# cat /etc/sysctl.d/90-disable_ipv6.conf
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.eth0.disable_ipv6=1
net.ipv6.conf.eth1.disable_ipv6=1
net.ipv6.conf.all.use_tempaddr=0
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.default.autoconf=0
net.ipv6.conf.default.accept_ra=0
net.ipv6.conf.eth0.autoconf=0
net.ipv6.conf.eth1.autoconf=0


But with dhcp, NetworkManager (or something) reenables ipv6 on interfaces.

#sysctl -a | grep ipv6 | grep disable
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 0
net.ipv6.conf.eth1.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

And the interface gets the ipv4 but still have temporary ipv6 on it (our dhcp 
doesnt support ipv6)

# ip a s eth0
2: eth0:  mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:31:5a:9d brd ff:ff:ff:ff:ff:ff
inet 10.10.216.247/24 brd 10.10.216.255 scope global dynamic eth0
   valid_lft 451sec preferred_lft 451sec
inet6 fe80::20c:29ff:fe31:5a9d/64 scope link
   valid_lft forever preferred_lft forever

And this bugs  my use for ovftool with the option "--X:waitForIp" because it's 
returns (mostly of times) the ipv6 addr

It's a bug, missing documentation or my


IIRC you can disable IPv6 in NetworkManager with:

# nmcli connection modify eth0 ipv6.method ignore
# systemctl restart NetworkManager

or you can disable IPv6 entirely with:

# vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 "

# grub-mkconfig -o /boot/grub2/grub.cfg
# reboot

HTH,
Patrick
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos