Re: [CentOS] NUMA split mode?

[John R Pierce]

On 10/1/2017 9:10 PM, hw wrote:

I´m trying to download the PDF you pointed me to, but the download is
stalled.  I´m running Centos 7.4, but perhaps there´s an explanation
in the PDF that might tell me what NUMA split mode is supposed to be.



it loaded fine here again tonight.  huh.

the gist of the article is that they got at best 2-4% improvements with 
RHEL 6/SLES 6 on dual nehalem/westmere  Xeon's when NUMA was enabled.  I 
see no mention of NUMA Split mode




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NUMA split mode?

[hw]

John R Pierce  writes:

> On 10/1/2017 8:38 AM, hw wrote:
>> HP says that what they call "NUMA split mode" should be disabled in the
>> BIOS of the Z800 workstation when running Linux.  They are reasoning
>> that Linux kernels do not support this feature and even might not boot
>> if it´s enabled.
>
> hmm, that workstation is a dual Xeon 56xx (Westmere-EP, derived from
> Nehalem), new in 2010
>
>> Since it apparently was years ago since they made this statement, I´m
>> wondering if I should still leave this feature disabled or not.  More
>> recent kernels might support it, and it´s supposed to improve
>> performance.
>>
>> Could someone explain what this feature actually is or does, and if
>> Centos kernels support it?
>
>
> On these sorts of dual socket hardware architectures, half of the
> memory is directly attached to each CPU, and the two CPUs are linked
> with a QPI bus.  All the memory appears in one unified address space,
> but the memory belonging to the 'other' CPU has a little higher
> latency to access since it has to go across the QPI.   In non-NUMA
> mode, this is ignored, and all memory is treated as equal from the OS
> perspective.  in NUMA mode, an attempt is made to keep process memory
> on one CPU's memory, and to prefer scheduling those processes on the
> cores of that CPU. This can get messy, say you have a process running
> on core 0 (in cpu0) which allocates a big block of shared memory, then
> spawns 8 worker threads which all run concurrently and use this same
> shared working memory space.   there's only 4 or 6 cores on each of
> the two CPUs, so either these worker threads have to wait for an
> available core on the same CPU as the memory allocation, or some of
> them end up running across the QPI bus anyways.
>
> I believe Linux, even RHEL 6, does support NUMA configurations, but
> its very questionable if a random typical workload would actually gain
> much from it, and it adds significant overhead in keeping track of all
> this.

Is it possible that you are confusing enabling/disabling NUMA with NUMA
split mode?

It is possible to disable/enable NUMA, and when NUMA is enabled, you can
also enable the mysterious NUMA split mode.

I´m trying to download the PDF you pointed me to, but the download is
stalled.  I´m running Centos 7.4, but perhaps there´s an explanation
in the PDF that might tell me what NUMA split mode is supposed to be.


So far, I found out that KSM is disabled by default and would probably
be a disadvantage here, so I´m using numad and probably gain something
from most, if not all, things using local memory instead of going across
nodes.  This will need some further investigation, though.

-- 
"Didn't work" is an error.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] MP4/H.264 codec for Firefox?

[Mark LaPierre]

On 10/01/17 20:47, Frank Cox wrote:
> On Sun, 1 Oct 2017 20:02:08 -0400
> Mark LaPierre wrote:
> 
>> What repo did you find ffmpeg-libs in?
> 
> Version : 2.6.8
> Release : 3.el7.nux
> Architecture: x86_64
> Install Date: Wed 27 Apr 2016 06:23:09 PM CST
> Group   : Unspecified
> Size: 13562904
> License : GPLv2+
> Signature   : RSA/SHA1, Wed 27 Apr 2016 06:35:00 AM CST, Key ID 
> e98bfbe785c6cd8a
> Source RPM  : ffmpeg-2.6.8-3.el7.nux.src.rpm
> Build Date  : Wed 27 Apr 2016 06:33:00 AM CST
> Build Host  : rpmbuilder
> Relocations : (not relocatable)
> Packager: http://li.nux.ro/
> Vendor  : Nux!
> URL : http://ffmpeg.org/
> Summary : Libraries for ffmpeg
> Description :
> FFmpeg is a complete and free Internet live audio and video
> broadcasting solution for Linux/Unix. It also includes a digital
> VCR. It can encode in real time in many formats including MPEG1 audio
> and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.
> This package contains the libraries for ffmpeg
> 
> 

Thank you.  I can now view all three of the video types on the
referenced page.

-- 
_
   °v°
  /(_)\
   ^ ^  Mark LaPierre
Registered Linux user No #267004
https://linuxcounter.net/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] MP4/H.264 codec for Firefox?

[Frank Cox]

On Sun, 1 Oct 2017 20:02:08 -0400
Mark LaPierre wrote:

> What repo did you find ffmpeg-libs in?

Version : 2.6.8
Release : 3.el7.nux
Architecture: x86_64
Install Date: Wed 27 Apr 2016 06:23:09 PM CST
Group   : Unspecified
Size: 13562904
License : GPLv2+
Signature   : RSA/SHA1, Wed 27 Apr 2016 06:35:00 AM CST, Key ID e98bfbe785c6cd8a
Source RPM  : ffmpeg-2.6.8-3.el7.nux.src.rpm
Build Date  : Wed 27 Apr 2016 06:33:00 AM CST
Build Host  : rpmbuilder
Relocations : (not relocatable)
Packager: http://li.nux.ro/
Vendor  : Nux!
URL : http://ffmpeg.org/
Summary : Libraries for ffmpeg
Description :
FFmpeg is a complete and free Internet live audio and video
broadcasting solution for Linux/Unix. It also includes a digital
VCR. It can encode in real time in many formats including MPEG1 audio
and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.
This package contains the libraries for ffmpeg


-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] compile webkit

[ken]

On 09/30/2017 10:33 AM, Jerry Geis wrote:

I am trying to compile webkitgtk
I downloaded the webkit source, extracted

CMake Error at Source/cmake/OptionsGTK.cmake:12 (message):
   GCC 4.9.0 is required to build WebKitGTK+, use a newer GCC version or
clang

I downloaded 2.14.7 - just like CentOS 7.4 has, how can I be getting a GCC
error  ?


Jerry, it looks to me like cmake wants gcc v.4.9.0, but you've got 
v.2.14.7.  You could find and download gcc v.4.9.0 and install it, say, 
to /usr/local/bin/ and adjust the makefile or args to cmake 
accordingly... or maybe it wouldn't even need any of that.




My goal is to get the MediaSource package in webkit working. It seems to
not be enabled.
Is there a better way ?


There might be, but I have no idea even what webkit does... and I've 
even got webkitgtk3 installed and didn't know it was there... looking 
around in the "Applications" menu and in the files included in the 
package, I couldn't find a way to launch it or any documentation about 
it.  Unless somebody argues really good with me, I'll probably think I 
don't need it.  :)  So better way for what?





Thanks,




No charge, it's open source.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] MP4/H.264 codec for Firefox?

[Mark LaPierre]

On 10/01/17 12:13, Roman Kennke wrote:
> Am 01.10.2017 um 12:28 schrieb hw:
>> Roman Kennke  writes:
>>
>>> Hello,
>>>
>>> I am trying to get MP4/H.264 playback in Firefox to work on my CentOS
>>> laptop (for vimeo).
>>>
>>> I installed the gstreamer plugins as described here:
>>>
>>> https://wiki.centos.org/TipsAndTricks/MultimediaOnCentOS7
>>>
>>> (No, I did not install Flash, VLC and all the other stuff. I only want
>>> HTML5 MP4 playback..)
>>>
>>> I enabled the nux repos. I did install all available gstreamer
>>> plugins, i.e. -good -bad -ugly -ffmpeg etc. No success.
>>>
>>> Has anybody got mp4 playback working?
>>>
>>> Here's a test page:
>>>
>>> https://www.quirksmode.org/html5/tests/video.html
>> All movies on that page play without having taken any particular
>> precautions in Seamonkey (I dislike Firefox).
>>
>> However, I have ffmpeg and mplayer installed (compiled from source
>> because there aren´t packages for those).  I don´t know if any of them
>> are being used by Seamonkey.
>>
>>
>> yum list installed | grep gstream
>> gstreamer.x86_64   0.10.36-7.el7  
>> @base
>> gstreamer-plugins-base.x86_64  0.10.36-10.el7 
>> @base
>> gstreamer-tools.x86_64 0.10.36-7.el7  
>> @base
>> gstreamer1.x86_64  1.10.4-2.el7   
>> @base
>> gstreamer1-plugins-base.x86_64 1.10.4-1.el7   
>> @base
>>
>>
>> Those must have been installed for dependencies; I didn´t install them
>> explicitly.
> 
> Installing ffmpeg-libs solved it for me. I suspect that FF links against
> ffmpeg-libs or via gstreamer-ffmpeg or some such.
> 
> Thanks, Roman

What repo did you find ffmpeg-libs in?


-- 
_
   °v°
  /(_)\
   ^ ^  Mark LaPierre
Registered Linux user No #267004
https://linuxcounter.net/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] prevent users from fiddling with network?

[Eriksson, Thomas]

From: CentOS  on behalf of Valeri Galtsev 

Sent: Thursday, September 21, 2017 9:10 AM
To: centos@centos.org
Subject: [CentOS] prevent users from fiddling with network?

Dear Experts,

"this is system from the hell!"

Than was my first reaction when I realized that logged in with GUI (X11)
user can turn off (and on) network interfaces. Without being in sudoers
file. Wow, this is scary to see on workstations I manage centrally. Even
though I did consider local user to be able to execute the command
"shutdown" (which distinguished RedHat and CentOS from other Linux
flavors: after all local user can yank power cord off the wall).

Sorry about my little rant above. Could someone point me into right
direction as to how do I disable the ability of (local, logged in through
X11) users to fiddle with network interfaces. Even worse, they can create
new profile and define for interfaces to behave differently... In the past
I could just add

USERCTL="no"

into interface ifcfg-... file inside /etc/sysconfig/network-scripts which
doesn't seen to have any effect on latest CentOS 7. What is my pilot error
here? (Ignorant in new shiny extremely MS Windows like for _ignorant_
person - me - system).


Thanks a lot for all your help!

Valeri


Didn't see any more ideas in this thread.

The way I solved this was to use policykit.

Created the file  /etc/polkit-1/rules.d/20-networkmanager.rules with the 
following content

/* require authentication to modify network settings */
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.freedesktop.NetworkManager." ) == 0 ) {
return polkit.Result.AUTH_ADMIN;
}
});

That will require someone with admin privileges to authenticate for 
NetworkManager 
actions to succeed.


regards,

Thomas 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NUMA split mode?

[John R Pierce]

On 10/1/2017 9:39 AM, John R Pierce wrote:
I believe Linux, even RHEL 6, does support NUMA configurations, but 
its very questionable if a random typical workload would actually gain 
much from it, and it adds significant overhead in keeping track of all 
this. 



a technical paper examining exactly this, on exactly the sort of 
architecture you have, using RHEL 6.


http://iopscience.iop.org/article/10.1088/1742-6596/664/9/092010/pdf


--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NUMA split mode?

[John R Pierce]

On 10/1/2017 8:38 AM, hw wrote:

HP says that what they call "NUMA split mode" should be disabled in the
BIOS of the Z800 workstation when running Linux.  They are reasoning
that Linux kernels do not support this feature and even might not boot
if it´s enabled.


hmm, that workstation is a dual Xeon 56xx (Westmere-EP, derived from 
Nehalem), new in 2010



Since it apparently was years ago since they made this statement, I´m
wondering if I should still leave this feature disabled or not.  More
recent kernels might support it, and it´s supposed to improve
performance.

Could someone explain what this feature actually is or does, and if
Centos kernels support it?



On these sorts of dual socket hardware architectures, half of the memory 
is directly attached to each CPU, and the two CPUs are linked with a QPI 
bus.  All the memory appears in one unified address space, but the 
memory belonging to the 'other' CPU has a little higher latency to 
access since it has to go across the QPI.   In non-NUMA mode, this is 
ignored, and all memory is treated as equal from the OS perspective.  in 
NUMA mode, an attempt is made to keep process memory on one CPU's 
memory, and to prefer scheduling those processes on the cores of that 
CPU. This can get messy, say you have a process running on core 0 (in 
cpu0) which allocates a big block of shared memory, then spawns 8 worker 
threads which all run concurrently and use this same shared working 
memory space.   there's only 4 or 6 cores on each of the two CPUs, so 
either these worker threads have to wait for an available core on the 
same CPU as the memory allocation, or some of them end up running across 
the QPI bus anyways.


I believe Linux, even RHEL 6, does support NUMA configurations, but its 
very questionable if a random typical workload would actually gain much 
from it, and it adds significant overhead in keeping track of all this.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] MP4/H.264 codec for Firefox?

[Roman Kennke]

Am 01.10.2017 um 12:28 schrieb hw:

Roman Kennke  writes:


Hello,

I am trying to get MP4/H.264 playback in Firefox to work on my CentOS
laptop (for vimeo).

I installed the gstreamer plugins as described here:

https://wiki.centos.org/TipsAndTricks/MultimediaOnCentOS7

(No, I did not install Flash, VLC and all the other stuff. I only want
HTML5 MP4 playback..)

I enabled the nux repos. I did install all available gstreamer
plugins, i.e. -good -bad -ugly -ffmpeg etc. No success.

Has anybody got mp4 playback working?

Here's a test page:

https://www.quirksmode.org/html5/tests/video.html

All movies on that page play without having taken any particular
precautions in Seamonkey (I dislike Firefox).

However, I have ffmpeg and mplayer installed (compiled from source
because there aren´t packages for those).  I don´t know if any of them
are being used by Seamonkey.


yum list installed | grep gstream
gstreamer.x86_64   0.10.36-7.el7   @base
gstreamer-plugins-base.x86_64  0.10.36-10.el7  @base
gstreamer-tools.x86_64 0.10.36-7.el7   @base
gstreamer1.x86_64  1.10.4-2.el7@base
gstreamer1-plugins-base.x86_64 1.10.4-1.el7@base


Those must have been installed for dependencies; I didn´t install them
explicitly.


Installing ffmpeg-libs solved it for me. I suspect that FF links against 
ffmpeg-libs or via gstreamer-ffmpeg or some such.


Thanks, Roman
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] NUMA split mode?

[hw]

Hi,

HP says that what they call "NUMA split mode" should be disabled in the
BIOS of the Z800 workstation when running Linux.  They are reasoning
that Linux kernels do not support this feature and even might not boot
if it´s enabled.

Since it apparently was years ago since they made this statement, I´m
wondering if I should still leave this feature disabled or not.  More
recent kernels might support it, and it´s supposed to improve
performance.

Could someone explain what this feature actually is or does, and if
Centos kernels support it?


-- 
"Didn't work" is an error.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Intel turbo mode

[hw]

Hi,

is there a way in Centos to find out if the Intel turbo mode will be
used?

Using the 'stress' utility and checking the frequency with cpupower
tells me that a CPU is running at it´s maximum frequency as reported by
cpupower --- and this frequency is less than the frequency it would run
at if it used the turbo mode.  All the other CPUs are at their minimum
frequency.  I have verified that turbo mode is enabled in the BIOS.

Is cpupower unable to report frequencies used in turbo mode despite it
always says it gets its information from the hardware?


-- 
"Didn't work" is an error.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to prevent files and directories from being deleted?

[Alexander Dalloz]

Am 01.10.2017 um 17:21 schrieb hw:

Hi,

how can I prevent files/directories like /var/run/mariadb from being
deleted on reboot?  Lighttpd has the same problem.

This breaks services and makes servers non-restartable by anyone else
but the administrator who needs to re-create the needed files and
directories every time and has to figure out what selinux labels they
need.  This causes unnecessary downtimes.

This is entirely inacceptable.  This totally sucks.


See

https://developers.redhat.com/blog/2016/09/20/managing-temporary-files-with-systemd-tmpfiles-on-rhel7/

how to manage tmpfiles.

Curious, how did you install MariaDB that you have such a problem? The 
package shipping with CentOS does not create such issue.


Alexander


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] how to prevent files and directories from being deleted?

[hw]

Hi,

how can I prevent files/directories like /var/run/mariadb from being
deleted on reboot?  Lighttpd has the same problem.

This breaks services and makes servers non-restartable by anyone else
but the administrator who needs to re-create the needed files and
directories every time and has to figure out what selinux labels they
need.  This causes unnecessary downtimes.

This is entirely inacceptable.  This totally sucks.


-- 
"Didn't work" is an error.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [Fwd: Re: [HEADS UP] Default value of SELinux boolean httpd_graceful_shutdown will changed.]

[hw]

m.r...@5-cent.us writes:

>  Original Message 
> Subject: Re: [HEADS UP] Default value of SELinux boolean
> httpd_graceful_shutdown will changed.
> From:"Lukas Vrabec" 
> Date:Fri, September 29, 2017 10:26
> To:  de...@lists.fedoraproject.org
>  "Selinux List at Fedora Project" 
> --
>
> On 09/29/2017 03:57 PM, Alexander Bokovoy wrote:
>> On pe, 29 syys 2017, Lukas Vrabec wrote:
>>> I'm planning change the default value of httpd_graceful_shutdown
>>> boolean in Fedora Rawhide because of improving SELinux configuration.
>>> Rawhide builds with this change will be available in ~5 days.
>>>
>>> Together with Dan Walsh, we agreed on that httpd_graceful_shutdown
>>> boolean should be by default turned off. This boolean allows HTTPD to
>>> connect to port 80 for graceful shutdown, but it's breaking the
>>> functionality of another boolean called: httpd_can_network_connect.
>>> This boolean allows HTTPD scripts and modules to connect to the
>>> network using TCP and it's turned off by default.
>>>
>>> Turning this boolean off can cause some troubles, on web-servers where
>>> processes with httpd_t SELinux domain connecting to tcp ports: 80, 81,
>>> 443, 488, 8008, 8009, 8443, 9000
>>>
>>> If you would like to turn in on again, use semanage command:
>>> # semanage boolean -m --on httpd_graceful_shutdown
>> In FreeIPA we have httpd_can_network_connect enabled. I just checked a F26
>> system and I have both booleans enabled.
>>
>> # getsebool -a|egrep 'httpd_graceful_shutdown|httpd_can_network_connect '
>> httpd_can_network_connect --> on
>> httpd_graceful_shutdown --> on
>>
>> So I'm a bit confused: disabling httpd_graceful_shutdown will have or
>> wouldn't have an effect on httpd_can_network_connect being enabled?
>>
>
> httpd_graceful_shutdown is subset of httpd_can_network_connect.
>
> Turning on httpd_graceful_shutdown you allow httpd_t domain connecting
> just to ports labeled as httpd_port_t.
> Turning on httpd_can_network_connect you allow httpd_t domain connecting
> to all ports from SELinux POV.
>
> Right now, we ship selinux-policy with httpd_graceful_shutdown turned on
> and httpd_can_network_connect turned off. But it's confusing for users
> because they have httpd_can_connect turned off but httpd_t domain can
> still connect co http_port_t ports becuase of httpd_gracefull_shudown.

I would think it´s confusing because the names of these booleans do not
indicate their purpose very well.

I didn´t question what httpd_can_network_connect is supposed to mean,
and I wasn´t aware that there is a distinction between ports.  I also
didn´t know that an httpd would require to connect to ports it genuinely
connects to to serve its purpose just to shut down itself.  How does
that make sense, and who would want to prevent their httpd from shutting
down gracefully?  Since httpd usually connects to the network to be
useful, I wouldn´t expect that httpd_graceful_shutdown has anything to
do with allowing it to connect to some ports.

So unless you do not want to use any of the standard ports for http,
httpd_graceful_shutdown would be enabled unless this boolean
particularly refers to connecting to the standard ports *only* during
shutdown while httpd_can_network_connect does *not* apply during
shutdown.  I somehow doubt that this is so.

Perhaps it would better to rename these booleans like

httpd_can_connect_default_ports
httpd_can_connect_all_ports

and have a third one like

httpd_can_connect_sql_ports.

That last one would have to somehow take encrypted connections into
account.


You´d still have to make a general design decision whether a permission
that is broader than another one overrides the narrower permission.  I
would vote for broader permissions to always override narrower ones and
to issue a warning when someone sets a permission which overrides any
that are narrower.  In case you want to do it the other way round,
always give a warning when a narrower permission is enabled but remains
defeated by a broader one.

Not doing that requires users to figure out the effects of permissions
by themselves.  How are they supposed to do that?

That must already have been thought about.  What is the general decision
here, and the reasoning behind it?


Is there some query program that tells us in more detail what a
particular boolean means?

How would a user --- and probably most of them are having a hard time
already to get around selinux when it gets into their way yet again ---
ever figure out what these booleans mean other than by making
assumptions based on how they are called, and by experimenting?


I´m always tempted to turn selinux off because it´s ridiculously
difficult to figure out what you need to do to be able to do what you
need.  I might have to turn it off even because I can´t have a samba
share that 

Re: [CentOS] MP4/H.264 codec for Firefox?

[hw]

Roman Kennke  writes:

> Hello,
>
> I am trying to get MP4/H.264 playback in Firefox to work on my CentOS
> laptop (for vimeo).
>
> I installed the gstreamer plugins as described here:
>
> https://wiki.centos.org/TipsAndTricks/MultimediaOnCentOS7
>
> (No, I did not install Flash, VLC and all the other stuff. I only want
> HTML5 MP4 playback..)
>
> I enabled the nux repos. I did install all available gstreamer
> plugins, i.e. -good -bad -ugly -ffmpeg etc. No success.
>
> Has anybody got mp4 playback working?
>
> Here's a test page:
>
> https://www.quirksmode.org/html5/tests/video.html

All movies on that page play without having taken any particular
precautions in Seamonkey (I dislike Firefox).

However, I have ffmpeg and mplayer installed (compiled from source
because there aren´t packages for those).  I don´t know if any of them
are being used by Seamonkey.


yum list installed | grep gstream
gstreamer.x86_64   0.10.36-7.el7   @base
gstreamer-plugins-base.x86_64  0.10.36-10.el7  @base
gstreamer-tools.x86_64 0.10.36-7.el7   @base
gstreamer1.x86_64  1.10.4-2.el7@base
gstreamer1-plugins-base.x86_64 1.10.4-1.el7@base


Those must have been installed for dependencies; I didn´t install them
explicitly.


-- 
"Didn't work" is an error.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos