Re: [CentOS] CentOS Stream suitability as a production webserver

[Gordon Messmer]

On 1/6/21 8:01 PM, Strahil Nikolov via CentOS wrote:

- No chance to "yum history undo last" as there are no older packages



I've seen that mentioned as a change pretty frequently, but I don't 
think it is in any meaningful sense.


In CentOS Stream, package versions may be rebased periodically, and the 
public repos will no longer have older packages to install when using 
"undo" or "rollback".


In CentOS, package versions may be rebased at minor releases, and the 
public repos will no longer have older packages to install when using 
"undo" or "rollback".


It's true that you might be able to roll back a simple patch in CentOS 
in between minor releases, but those are the updates that everyone seems 
to regard as being the safest, and least likely to cause problems, and 
therefore the least likely to need undo/rollback.  The only rational 
conclusion I can come to is that it doesn't matter if you're talking 
about CentOS today or Stream in the future: If you want to be able to 
roll back, you need a private mirror that keeps the package versions 
that you use.  If you don't want a mirror, then you need to build, test, 
and deploy complete images rather than making incremental changes to 
mutable systems.  None of this is new, it's always been this way and 
people have just accepted it.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rare but repeating system crash in C7

[Simon Matter]

Hi Fred, no I was asking about the auto mount and umount issue you had.
Did you get it to work correctly?

Simon

> Simon, if you're talking about the occasional crash, I don't know, since
> it
> happens only occasionally. If I can make it thru six months without seeing
> it, then I'll declare it fixed.
>
> Thanks!
>
> On Wed, Jan 6, 2021 at 1:23 PM Simon Matter 
> wrote:
>
>> Have you been able to fix the issue?
>>
>> Regards,
>> Simon
>>
>> > OK, here's where I stand now:
>> > 1. I stopped and disabled autofs. (I have 2 SMB filesystems out on the
>> LAN
>> > that have also been automounting with autofs, do I need to do similar
>> > changes in fstab for them?)
>> > 2. yes it has.
>> > 3. none I can see.
>> > 4. nothing that leaps out at me. there are a couple about /mnt/backup
>> not
>> > existing but they appear to be old ones, aren't happening anymore.
>> >
>> > So, I've made a minor tweak to /etc/fstab, nothing that should matter.
>> > rebooted, and when it comes up /mnt/backup is mounted. TWICE,
>> according
>> to
>> > the output of mount:
>> >
>> >  $ mount | grep backup
>> > systemd-1 on /mnt/backup type autofs
>> >
>> (rw,relatime,fd=25,pgrp=1,timeout=900,minproto=5,maxproto=5,direct,pipe_ino=9840)
>> > /dev/sdc1 on /mnt/backup type ext4
>> > (rw,relatime,seclabel,stripe=8191,data=ordered)
>> >
>> > is this really a double mount, or is this what I'm supposed to be
>> seeing?
>> >
>> > doesn't seem to timeout and auto umount.
>> >
>> > Thanks again for your assistance!
>> >
>> > Fred
>> >
>> > On Mon, Jan 4, 2021 at 7:48 AM Strahil Nikolov via CentOS
>> > 
>> > wrote:
>> >
>> >> Verify that:
>> >> 1. Autofs is not running
>> >> 2. Systemd has created '.mount' and '.automount' units
>> >> systemctl status mnt-backup.mount mnt-backup.automount
>> >> systemctl cat mnt-backup.mount mnt-backup.automount
>> >>
>> >> 3. Verify that there are no errors in local-fs.target
>> >> systemctl status local-fs.target
>> >>
>> >> 4. Check for errors via:
>> >> mount -a
>> >> journalctl -e
>> >>
>> >> Best Regards
>> >> Strahil Nikolov
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> В понеделник, 4 януари 2021 г., 01:29:25 Гринуич+2, Fred <
>> >> fred.fre...@gmail.com> написа:
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> OK, I think I've got it set up as described here, while fixing the
>> >> misplaced fields in /etc/fstab:
>> >>
>> >> UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf  /mnt/backupext4
>> >> x-systemd.automount,x-systemd.idle-timeout=15min,noauto 0  2
>> >>
>> >> now when I do, e.g., "ls /mnt/backup"
>> >>
>> >> I get:
>> >>
>> >> $ sudo !!
>> >> sudo ls /mnt/backup
>> >> ls: cannot open directory /mnt/backup: No such file or directory
>> >>
>> >> if I do:
>> >>
>> >> ls /mnt
>> >>
>> >> I see:
>> >>
>> >> backup
>> >>
>> >> use su to become root, then:
>> >> ls -l /mnt shows:
>> >>
>> >> # ls -al
>> >> total 4
>> >> drwxr-xr-x.  3 root root0 Jan  2 13:24 .
>> >> dr-xr-xr-x. 21 root root 4096 Jan  2 09:22 ..
>> >> dr-xr-xr-x.  2 root root0 Jan  2 13:24 backup
>> >>
>> >> ls backup shows:
>> >>
>> >> # ls -al backup
>> >> ls: cannot open directory backup: No such file or directory
>> >>
>> >> why? it clearly appears to exist 
>> >>
>> >> the FS isn't mounted, but /mnt/backup exists, so it should be visible
>> as
>> >> an
>> >> entry directory. also, I can mount it manually:
>> >>
>> >> mount UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf  /mnt/backup
>> >>
>> >> and then access it. but it doesn't automount with, e.g. "ls
>> /mnt/backup"
>> >> or
>> >> "ls /mnt/backup/backups".
>> >>
>> >> I must still be doing something wrong but maybe I'm too stupid to see
>> >> it.
>> >> (Please don't agree with me publicly...! :=) )
>> >>
>> >> Fred
>> >>
>> >> On Sun, Jan 3, 2021 at 4:36 PM Pete Biggs  wrote:
>> >>
>> >> > >
>> >> > > I commented out those entries in /etc/auto.master before
>> modifying
>> >> the
>> >> > > fstab entry:
>> >> > >
>> >> > > UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf  /mnt/backup
>> >> > > ext4,x-systemd.automount,x-systemd.idle-timeout=15min  noauto  0
>> >>  2
>> >> >
>> >> > That's not correct.  See 'man fstab'. It should be
>> >> >
>> >> >device  mount-point  filesystem-type  options  dump  fsck
>> >> >
>> >> > So you should have:
>> >> >
>> >> > UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf  /mnt/backup  ext4
>> >> >  x-systemd.automount,x-systemd.idle-timeout=15min,noauto 0 2
>> >> >
>> >> >
>> >> > >
>> >> > > which is exactly as it was before except for the x-systemd
>> entries
>> >> as
>> >> you
>> >> > > described.
>> >> >
>> >> > Yeah, you put them in the wrong place.
>> >> >
>> >> >
>> >> > P.
>> >> >
>> >> >
>> >> > ___
>> >> > CentOS mailing list
>> >> > CentOS@centos.org
>> >> > https://lists.centos.org/mailman/listinfo/centos
>> >>
>> >> >
>> >> ___
>> >> CentOS mailing list
>> >> CentOS@centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos
>> >> 

Re: [CentOS] CentOS Stream suitability as a production webserver

[Strahil Nikolov via CentOS]

>At the moment my question possibly would have been better phrased "Why >isn't 
>Streama suitable platform for a production web server".

It is , but expect rough edges.
The differences will be :
- Shorter lifetime .If you skip the first 2 minor releases -it will be shorter
- No chance to "yum history undo last" as there are no older packages . You 
have to use Boom boot manager to rollback OS updates
- More testing is needed as the chance that someone broke something is bigger

Best Regards,
Strahil Nikolov
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rare but repeating system crash in C7

[Fred]

Simon, if you're talking about the occasional crash, I don't know, since it
happens only occasionally. If I can make it thru six months without seeing
it, then I'll declare it fixed.

Thanks!

On Wed, Jan 6, 2021 at 1:23 PM Simon Matter  wrote:

> Have you been able to fix the issue?
>
> Regards,
> Simon
>
> > OK, here's where I stand now:
> > 1. I stopped and disabled autofs. (I have 2 SMB filesystems out on the
> LAN
> > that have also been automounting with autofs, do I need to do similar
> > changes in fstab for them?)
> > 2. yes it has.
> > 3. none I can see.
> > 4. nothing that leaps out at me. there are a couple about /mnt/backup not
> > existing but they appear to be old ones, aren't happening anymore.
> >
> > So, I've made a minor tweak to /etc/fstab, nothing that should matter.
> > rebooted, and when it comes up /mnt/backup is mounted. TWICE, according
> to
> > the output of mount:
> >
> >  $ mount | grep backup
> > systemd-1 on /mnt/backup type autofs
> >
> (rw,relatime,fd=25,pgrp=1,timeout=900,minproto=5,maxproto=5,direct,pipe_ino=9840)
> > /dev/sdc1 on /mnt/backup type ext4
> > (rw,relatime,seclabel,stripe=8191,data=ordered)
> >
> > is this really a double mount, or is this what I'm supposed to be seeing?
> >
> > doesn't seem to timeout and auto umount.
> >
> > Thanks again for your assistance!
> >
> > Fred
> >
> > On Mon, Jan 4, 2021 at 7:48 AM Strahil Nikolov via CentOS
> > 
> > wrote:
> >
> >> Verify that:
> >> 1. Autofs is not running
> >> 2. Systemd has created '.mount' and '.automount' units
> >> systemctl status mnt-backup.mount mnt-backup.automount
> >> systemctl cat mnt-backup.mount mnt-backup.automount
> >>
> >> 3. Verify that there are no errors in local-fs.target
> >> systemctl status local-fs.target
> >>
> >> 4. Check for errors via:
> >> mount -a
> >> journalctl -e
> >>
> >> Best Regards
> >> Strahil Nikolov
> >>
> >>
> >>
> >>
> >>
> >> В понеделник, 4 януари 2021 г., 01:29:25 Гринуич+2, Fred <
> >> fred.fre...@gmail.com> написа:
> >>
> >>
> >>
> >>
> >>
> >> OK, I think I've got it set up as described here, while fixing the
> >> misplaced fields in /etc/fstab:
> >>
> >> UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf  /mnt/backupext4
> >> x-systemd.automount,x-systemd.idle-timeout=15min,noauto 0  2
> >>
> >> now when I do, e.g., "ls /mnt/backup"
> >>
> >> I get:
> >>
> >> $ sudo !!
> >> sudo ls /mnt/backup
> >> ls: cannot open directory /mnt/backup: No such file or directory
> >>
> >> if I do:
> >>
> >> ls /mnt
> >>
> >> I see:
> >>
> >> backup
> >>
> >> use su to become root, then:
> >> ls -l /mnt shows:
> >>
> >> # ls -al
> >> total 4
> >> drwxr-xr-x.  3 root root0 Jan  2 13:24 .
> >> dr-xr-xr-x. 21 root root 4096 Jan  2 09:22 ..
> >> dr-xr-xr-x.  2 root root0 Jan  2 13:24 backup
> >>
> >> ls backup shows:
> >>
> >> # ls -al backup
> >> ls: cannot open directory backup: No such file or directory
> >>
> >> why? it clearly appears to exist 
> >>
> >> the FS isn't mounted, but /mnt/backup exists, so it should be visible as
> >> an
> >> entry directory. also, I can mount it manually:
> >>
> >> mount UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf  /mnt/backup
> >>
> >> and then access it. but it doesn't automount with, e.g. "ls /mnt/backup"
> >> or
> >> "ls /mnt/backup/backups".
> >>
> >> I must still be doing something wrong but maybe I'm too stupid to see
> >> it.
> >> (Please don't agree with me publicly...! :=) )
> >>
> >> Fred
> >>
> >> On Sun, Jan 3, 2021 at 4:36 PM Pete Biggs  wrote:
> >>
> >> > >
> >> > > I commented out those entries in /etc/auto.master before modifying
> >> the
> >> > > fstab entry:
> >> > >
> >> > > UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf  /mnt/backup
> >> > > ext4,x-systemd.automount,x-systemd.idle-timeout=15min  noauto  0
> >>  2
> >> >
> >> > That's not correct.  See 'man fstab'. It should be
> >> >
> >> >device  mount-point  filesystem-type  options  dump  fsck
> >> >
> >> > So you should have:
> >> >
> >> > UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf  /mnt/backup  ext4
> >> >  x-systemd.automount,x-systemd.idle-timeout=15min,noauto 0 2
> >> >
> >> >
> >> > >
> >> > > which is exactly as it was before except for the x-systemd entries
> >> as
> >> you
> >> > > described.
> >> >
> >> > Yeah, you put them in the wrong place.
> >> >
> >> >
> >> > P.
> >> >
> >> >
> >> > ___
> >> > CentOS mailing list
> >> > CentOS@centos.org
> >> > https://lists.centos.org/mailman/listinfo/centos
> >>
> >> >
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> 

Re: [CentOS] dovecot option PROFILE=SYSTEM

[Kenneth Porter]

--On Wednesday, January 06, 2021 7:08 AM -0800 david  wrote:


If only there had been a comment in the file
/etc/dovecot/conf.d/10-ssl.conf


I suggest opening an enhancement request on Bugzilla.





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Running script before reboot or shutdown

[centos2]

Hi Carlos,

Don't know if you ever found a solution to the problem you described below but 
I think I came across the concept for this that might work. I'm more of a 
systemd dilettante than a systemd  expert but I found confirmation that this 
approach isn't totally hare-brained. While trying to figure out your problem, I 
had the idea to try to create a target, instead of a service, that runs on top 
of multi-user or whatever your target is, then to attach the service you want 
to shutdown, to the shutdown sequence of that target. If your target shuts down 
before the target it runs on top of, then it should take your service down 
first. I didn't know if the shutdown sequence would be in the correct series 
but according to a posting I found on on "askubuntu.com" , it should work 
correctly. I've tried this, and I didn't see exactly the results I wanted but 
I'm not confident I was doing things correctly to observe it. I've included the 
link to what I found on askubuntu:

https://askubuntu.com/questions/1024197/how-to-have-a-process-come-first-during-shutdown-sequence

I'm interested if you were able to find a solution, particularly if it's a 
different approach than what I found.

On Tue, Dec 22, 2020, at 11:08, cent...@foxengines.net wrote:
> 
> 
> On Tue, Dec 22, 2020, at 10:50, Carlos Lopez wrote:
> > Thanks centos2  but regarding your example, I cannot see where you 
> > configure that this services needs to be stopped before anyone else
> 
> I conveniently overlooked that requirement. I'll have to get back to 
> you on that...
> 
> 
> > On 22/12/20, 15:22, "CentOS on behalf of cent...@foxengines.net" 
> >  wrote:
> > 
> > Hi,
> > 
> > On Tue, Dec 22, 2020, at 06:51, Carlos Lopez wrote:
> > > I am trying to configure a script as a systemd service to run first 
> > when a shutdown or reboot is called. This script execute some scp commands 
> > to copy some files to other machines. My actual defined systemd’s file is:
> > > 
> > > [Unit]
> > > Description=Remote copy some files before reboot/shutdown
> > > Before=poweroff.target halt.target shutdown.target reboot.target
> > > DefaultDependencies=no
> > > 
> > > [Service]
> > > Type=simple
> > > ExecStart=/bin/true
> > > ExecStop=/usr/local/bin/remote_copy
> > > RemainAfterExit=yes
> > > 
> > > [Install]
> > > WantedBy=multi-user.target
> > > 
> > > But it doesn’t work. “remote_copy” is working when it is executed 
> > from root shell. I am using CentOS-8 fully patched release.
> > > 
> > > Any idea what am I doing wrong?
> > 
> > I don't have a CentOS 8 machine to test on but on a CentOS 7.9, this 
> > works for me:
> > 
> > /etc/systemd/system/shutdown-test.service
> > 
> > --
> > [Unit]
> > Description=Remote copy some files before reboot/shutdown
> > 
> > [Service]
> > Type=oneshot
> > ExecStart=/bin/true
> > ExecStop=/usr/local/bin/remote_copy
> > RemainAfterExit=true
> > 
> > [Install]
> > WantedBy=multi-user.target
> > --
> > 
> > the mode and contents of remote_copy:
> > 
> > -rwxr-xr-x 1 root root 44 Dec 22 08:23 /usr/local/bin/remote_copy
> > 
> > --
> > #!/bin/bash
> > 
> > date >> /tmp/remote_copy_result
> > --
> > 
> > After enabling the service and rebooting, I get a file in 
> > /tmp/remote_copy_result that contains the date.
> > 
> > My success is attributable not to me but to this post:
> > 
> > https://unix.stackexchange.com/questions/39226/how-to-run-a-script-with-systemd-right-before-shutdown
> > Your unit file seems similar but when I used it, it didn't work on my 
> > CentOS 7.9 system either.
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> > 
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> > 
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Gianluca Cecchi]

On Wed, Jan 6, 2021 at 7:59 PM Stephen John Smoogen 
wrote:

>
> OK it looks like whatever I say is going to be taken to extremes so this
> will be my last email on this.
>
> I am not saying Tomcat is a dead technology. It is a technology which has
> certain use cases and deployments which the people I knew who used it are
> replacing with a different technology/service.
>
> EOF
>
>
>
My considerations were only to balance the phrase "The various places that
I worked previously or have contacts with have killed it off" and to
enforce that Tomcat could still have its place nowadays; no intention to
contrast you personally.
Sorry if they gave this impression.
And in fact you correctly wrote down "I honestly have no idea how much
Tomcat is used anymore." and "That is just an anecdata".

Gianluca
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Tom Bishop]

On Wed, Jan 6, 2021, 2:44 PM Jamie Burchell  wrote:

> I'll be the first to admit I don't like change and arguably I'm in the
> wrong industry for that, but that's another matter. However I don't want to
> throw away years of experience with CentOS/Fedora and time invested (mine
> personally and my company's) learning and perfecting setups of which I have
> now around 50. A fair few of my Ansible setup are EL only, both from Galaxy
> and custom. I'm used to the layout, the packages, and what you'd expect
> after ~10 years of working with it.
>
> At the moment my question possibly would have been better phrased "Why
> isn't Streama suitable platform for a production web server".
>
> I get that everyone including myself is frustrated by the situation and so
> I'm trying to filter out the doomsayers and those who want to annoy RH by
> saying they are jumping to another distro like Debian. To me, I'm thinking
> at least for my situation and has already been said, Stream might actually
> be a positive but I shall wait and see what happens. And as for the 5 years
> LTS, that will be the same for every distro anyway.
>
> Cheers
> Jamie
>
>

Or you could move today to Springdale linux or Oracle or one of the new
RHEL clones that will still be based on  RHEL and have the same 10 year
release cycle. Springdale and Oracle are options today and there are a
couple more that are supposedly going to come online 1st or 2nd quarter,
there are options.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Jamie Burchell]

I'll be the first to admit I don't like change and arguably I'm in the wrong 
industry for that, but that's another matter. However I don't want to throw 
away years of experience with CentOS/Fedora and time invested (mine personally 
and my company's) learning and perfecting setups of which I have now around 50. 
A fair few of my Ansible setup are EL only, both from Galaxy and custom. I'm 
used to the layout, the packages, and what you'd expect after ~10 years of 
working with it.

At the moment my question possibly would have been better phrased "Why isn't 
Streama suitable platform for a production web server".

I get that everyone including myself is frustrated by the situation and so I'm 
trying to filter out the doomsayers and those who want to annoy RH by saying 
they are jumping to another distro like Debian. To me, I'm thinking at least 
for my situation and has already been said, Stream might actually be a positive 
but I shall wait and see what happens. And as for the 5 years LTS, that will be 
the same for every distro anyway.

Cheers
Jamie

> On 6 Jan 2021, at 17:56, Mauricio Tavares  wrote:
> 
> On Wed, Jan 6, 2021 at 8:30 AM Jamie Burchell  wrote:
>> 
>> We use Ansible "to a point" in that it sets up what we consider to be our 
>> preferred server (Droplet) for a specific purpose, then we deploy projects 
>> on them and tweak non-Ansible managed project configs. It's not old-school 
>> scripts and it's not quite a one-liner to deploy everything. It's somewhere 
>> in the middle. So in reality, providing we have control over a customer's 
>> DNS or we use floating IPs, migrating to another major release isn't as time 
>> consuming as doing everything from scratch.
>> 
>  Good to hear. I myself have been using ansible to deploy basic
> systems -- DNS, mail, my hardware test environment -- so I can then do
> the clever -- decide how I want to run my experiments for instance --
> stuff. Without going over my opinions -- I am very opinionated --
> about the centos thingie, I think you having your playbooks will allow
> you to wait and see how this unfolds. If it goes horribly wrong you
> can still switch.
> 
> With that said, I think your real concern is you can't afford centos
> stream going boink on you. Your customers may not be as understanding
> as Darth Vader if that happens.
> 
> Here is my opinion: Redhat said you have normal centos 8 until the end
> of the year. I would stick to it until, say, October, while keeping an
> eye on how centos stream unfolds. Maybe even running a test centos
> stream to replicate production (or have it in production where it is
> ok if it goes boink). If by then your confidence on stream is high,
> switch to it (*should* be easy). If not, plan to move your customers.
> In the meantime, slowly ensure your ansible playbooks can handle the
> other usual suspects (at least debian and one of the other RH-derived
> distros). And plan the order you will move your customers if you have
> to.
> 
 On 6 Jan 2021, at 13:17, Mauricio Tavares  wrote:
>>> 
>>> On Tue, Jan 5, 2021 at 6:32 PM Jamie Burchell  
>>> wrote:
 
 Off topic for sure, but it's a shame this has to be a manual process of
 destroying and rebuilding every X years. Even Microsoft has gone the Apple
 way and just perpetually updates Windows 10 now.
 
>>> Do you use tools like ansible/chef? If you can put the time in,
>>> you can make your webservers rather distro agnostic. I would even put
>>> terraform on the table. It is not like your customers will know the
>>> difference.
>>> 
> On Tue, 5 Jan 2021 at 23:20, Gordon Messmer 
> wrote:
> 
> On 1/5/21 3:02 PM, Jamie Burchell wrote:
>> We will need to (manually) migrate to Stream 9.x after 5 years instead of
>> 10 though?
> 
> 
> Yes.  CentOS Stream has a lifecycle comparable with other LTS
> distributions.
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 
 ___
 CentOS mailing list
 CentOS@centos.org
 https://lists.centos.org/mailman/listinfo/centos
>>> ___
>>> CentOS mailing list
>>> CentOS@centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Stephen John Smoogen]

On Wed, 6 Jan 2021 at 13:48, Gianluca Cecchi 
wrote:

> On Wed, Jan 6, 2021 at 7:43 PM Stephen John Smoogen 
> wrote:
>
> >
> > I honestly have no idea how much Tomcat is used anymore. The various
> places
> > that I worked previously or have contacts with have killed it off by
> moving
> > whatever used it to external cloud services versus JBOSS or anything
> else.
> > That is just an anecdata but it is all I have on the subject.
> >
> >
> Red Hat still has one of its offering based on Apache and Tomcat, named
> JBoss Web Server:
> https://www.redhat.com/en/technologies/jboss-middleware/web-server
>
> and the latest update available (5.4, based on upstream Tomcat 9) in
> November 2020, had the bits for RH EL 6, 7 and 8.
> See also docs entry page here:
> https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.4/
>
> So it is non considered a dead technology, even for business use cases
>
>
OK it looks like whatever I say is going to be taken to extremes so this
will be my last email on this.

I am not saying Tomcat is a dead technology. It is a technology which has
certain use cases and deployments which the people I knew who used it are
replacing with a different technology/service.

EOF




> Gianluca
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Gianluca Cecchi]

On Wed, Jan 6, 2021 at 7:43 PM Stephen John Smoogen 
wrote:

>
> I honestly have no idea how much Tomcat is used anymore. The various places
> that I worked previously or have contacts with have killed it off by moving
> whatever used it to external cloud services versus JBOSS or anything else.
> That is just an anecdata but it is all I have on the subject.
>
>
Red Hat still has one of its offering based on Apache and Tomcat, named
JBoss Web Server:
https://www.redhat.com/en/technologies/jboss-middleware/web-server

and the latest update available (5.4, based on upstream Tomcat 9) in
November 2020, had the bits for RH EL 6, 7 and 8.
See also docs entry page here:
https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.4/

So it is non considered a dead technology, even for business use cases

Gianluca
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Stephen John Smoogen]

On Wed, 6 Jan 2021 at 12:42, Simon Matter  wrote:

> > On Wed, 6 Jan 2021 at 11:17, Simon Matter 
> wrote:
> >
> >> > On Wed, 6 Jan 2021 at 07:50, Simon Matter 
> >> wrote:
>
> > I didn't say or mean that. My answer is that it is complicated and more
> > meant that the software you expect requires more than the industry in
> > general is willing to pay to keep going. 10-20 years ago they were and so
> > the software was able to be 'mainstream'. As less people use it, and less
> > people are willing to pay for its maintenance the harder it is to keep
> > 'running safely'. Tomcat and Imagemagick have had a LOT of severe
> security
>
> I'd like to correct myself, ImageMagick was not simply removed but
> replaced by GraphicsMagick. From what I read it should be a usable
> solution as it's a fork from IM.
>
> For the Tomcat thing, I don't agree. Tomcat is widely used and I think the
> security concerns are not the real reason to remove it. It more likely
> that RedHat simply likes to sell more JBoss EAP. It's their right to do so
> but it's a removal of important functionality of the base RHEL package.
>
>
I honestly have no idea how much Tomcat is used anymore. The various places
that I worked previously or have contacts with have killed it off by moving
whatever used it to external cloud services versus JBOSS or anything else.
That is just an anecdata but it is all I have on the subject.



> Regards,
> Simon
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache shows PHP code instead of executing it

[Kaushal Shriyan]

On Wed, Jan 6, 2021 at 11:49 PM Alexander Dalloz  wrote:

> Am 06.01.2021 um 19:10 schrieb Kaushal Shriyan:
> > On Wed, Jan 6, 2021 at 9:48 PM Christopher Wensink <
> > cwens...@five-star-plastics.com> wrote:
> >
> >> Does the file have execute permissions, what is the file's permissions
> >> and is it owned by the user running apache?
> >>
> >> Chris
> >>
> > Hi Chris,
> >
> > I have added the below in /etc/httpd/conf/httpd.conf. The issue still
> > persists.
> >
> > 
> > SetHandler application/x-httpd-php
> > 
> >
> > #apachectl -M | grep -i PHP does not return anything
>
> Configure php-fpm.
>
> https://www.stephenrlang.com/2018/02/centos-7-apache-2-4-with-php-fpm/
>
> might help to find the right path to do so.
>
> Alexander
>

Hi Alexander,

Thanks for sharing the link
https://www.stephenrlang.com/2018/02/centos-7-apache-2-4-with-php-fpm/ I
followed and it worked like a charm. Thanks a lot and much appreciated.

Best Regards,
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rare but repeating system crash in C7

[Simon Matter]

Have you been able to fix the issue?

Regards,
Simon

> OK, here's where I stand now:
> 1. I stopped and disabled autofs. (I have 2 SMB filesystems out on the LAN
> that have also been automounting with autofs, do I need to do similar
> changes in fstab for them?)
> 2. yes it has.
> 3. none I can see.
> 4. nothing that leaps out at me. there are a couple about /mnt/backup not
> existing but they appear to be old ones, aren't happening anymore.
>
> So, I've made a minor tweak to /etc/fstab, nothing that should matter.
> rebooted, and when it comes up /mnt/backup is mounted. TWICE, according to
> the output of mount:
>
>  $ mount | grep backup
> systemd-1 on /mnt/backup type autofs
> (rw,relatime,fd=25,pgrp=1,timeout=900,minproto=5,maxproto=5,direct,pipe_ino=9840)
> /dev/sdc1 on /mnt/backup type ext4
> (rw,relatime,seclabel,stripe=8191,data=ordered)
>
> is this really a double mount, or is this what I'm supposed to be seeing?
>
> doesn't seem to timeout and auto umount.
>
> Thanks again for your assistance!
>
> Fred
>
> On Mon, Jan 4, 2021 at 7:48 AM Strahil Nikolov via CentOS
> 
> wrote:
>
>> Verify that:
>> 1. Autofs is not running
>> 2. Systemd has created '.mount' and '.automount' units
>> systemctl status mnt-backup.mount mnt-backup.automount
>> systemctl cat mnt-backup.mount mnt-backup.automount
>>
>> 3. Verify that there are no errors in local-fs.target
>> systemctl status local-fs.target
>>
>> 4. Check for errors via:
>> mount -a
>> journalctl -e
>>
>> Best Regards
>> Strahil Nikolov
>>
>>
>>
>>
>>
>> В понеделник, 4 януари 2021 г., 01:29:25 Гринуич+2, Fred <
>> fred.fre...@gmail.com> написа:
>>
>>
>>
>>
>>
>> OK, I think I've got it set up as described here, while fixing the
>> misplaced fields in /etc/fstab:
>>
>> UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf  /mnt/backupext4
>> x-systemd.automount,x-systemd.idle-timeout=15min,noauto 0  2
>>
>> now when I do, e.g., "ls /mnt/backup"
>>
>> I get:
>>
>> $ sudo !!
>> sudo ls /mnt/backup
>> ls: cannot open directory /mnt/backup: No such file or directory
>>
>> if I do:
>>
>> ls /mnt
>>
>> I see:
>>
>> backup
>>
>> use su to become root, then:
>> ls -l /mnt shows:
>>
>> # ls -al
>> total 4
>> drwxr-xr-x.  3 root root0 Jan  2 13:24 .
>> dr-xr-xr-x. 21 root root 4096 Jan  2 09:22 ..
>> dr-xr-xr-x.  2 root root0 Jan  2 13:24 backup
>>
>> ls backup shows:
>>
>> # ls -al backup
>> ls: cannot open directory backup: No such file or directory
>>
>> why? it clearly appears to exist 
>>
>> the FS isn't mounted, but /mnt/backup exists, so it should be visible as
>> an
>> entry directory. also, I can mount it manually:
>>
>> mount UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf  /mnt/backup
>>
>> and then access it. but it doesn't automount with, e.g. "ls /mnt/backup"
>> or
>> "ls /mnt/backup/backups".
>>
>> I must still be doing something wrong but maybe I'm too stupid to see
>> it.
>> (Please don't agree with me publicly...! :=) )
>>
>> Fred
>>
>> On Sun, Jan 3, 2021 at 4:36 PM Pete Biggs  wrote:
>>
>> > >
>> > > I commented out those entries in /etc/auto.master before modifying
>> the
>> > > fstab entry:
>> > >
>> > > UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf  /mnt/backup
>> > > ext4,x-systemd.automount,x-systemd.idle-timeout=15min  noauto  0
>>  2
>> >
>> > That's not correct.  See 'man fstab'. It should be
>> >
>> >device  mount-point  filesystem-type  options  dump  fsck
>> >
>> > So you should have:
>> >
>> > UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf  /mnt/backup  ext4
>> >  x-systemd.automount,x-systemd.idle-timeout=15min,noauto 0 2
>> >
>> >
>> > >
>> > > which is exactly as it was before except for the x-systemd entries
>> as
>> you
>> > > described.
>> >
>> > Yeah, you put them in the wrong place.
>> >
>> >
>> > P.
>> >
>> >
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>>
>> >
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache shows PHP code instead of executing it

[Alexander Dalloz]

Am 06.01.2021 um 19:10 schrieb Kaushal Shriyan:

On Wed, Jan 6, 2021 at 9:48 PM Christopher Wensink <
cwens...@five-star-plastics.com> wrote:


Does the file have execute permissions, what is the file's permissions
and is it owned by the user running apache?

Chris


Hi Chris,

I have added the below in /etc/httpd/conf/httpd.conf. The issue still
persists.


SetHandler application/x-httpd-php


#apachectl -M | grep -i PHP does not return anything


Configure php-fpm.

https://www.stephenrlang.com/2018/02/centos-7-apache-2-4-with-php-fpm/

might help to find the right path to do so.

Alexander

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache shows PHP code instead of executing it

[Kaushal Shriyan]

On Wed, Jan 6, 2021 at 9:48 PM Christopher Wensink <
cwens...@five-star-plastics.com> wrote:

> Does the file have execute permissions, what is the file's permissions
> and is it owned by the user running apache?
>
> Chris
>

Hi Chris,

I have added the below in /etc/httpd/conf/httpd.conf. The issue still
persists.


SetHandler application/x-httpd-php


#apachectl -M | grep -i PHP does not return anything.

# ll /var/www/html/info.php
-rw-r--r-- 1 apache apache 23 Jan  6 21:12 /var/www/html/info.php
# cat /var/www/html/info.php

[root@hsbcnonproddeveloperportal www]#

==> /var/log/httpd/access_log <==
192.168.0.95 - - [06/Jan/2021:23:38:03 +0530] "GET /info.php HTTP/1.1" 304
- "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1_0) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"

Best Regards,

Kaushal
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Mauricio Tavares]

On Wed, Jan 6, 2021 at 8:30 AM Jamie Burchell  wrote:
>
> We use Ansible "to a point" in that it sets up what we consider to be our 
> preferred server (Droplet) for a specific purpose, then we deploy projects on 
> them and tweak non-Ansible managed project configs. It's not old-school 
> scripts and it's not quite a one-liner to deploy everything. It's somewhere 
> in the middle. So in reality, providing we have control over a customer's DNS 
> or we use floating IPs, migrating to another major release isn't as time 
> consuming as doing everything from scratch.
>
  Good to hear. I myself have been using ansible to deploy basic
systems -- DNS, mail, my hardware test environment -- so I can then do
the clever -- decide how I want to run my experiments for instance --
stuff. Without going over my opinions -- I am very opinionated --
about the centos thingie, I think you having your playbooks will allow
you to wait and see how this unfolds. If it goes horribly wrong you
can still switch.

With that said, I think your real concern is you can't afford centos
stream going boink on you. Your customers may not be as understanding
as Darth Vader if that happens.

Here is my opinion: Redhat said you have normal centos 8 until the end
of the year. I would stick to it until, say, October, while keeping an
eye on how centos stream unfolds. Maybe even running a test centos
stream to replicate production (or have it in production where it is
ok if it goes boink). If by then your confidence on stream is high,
switch to it (*should* be easy). If not, plan to move your customers.
In the meantime, slowly ensure your ansible playbooks can handle the
other usual suspects (at least debian and one of the other RH-derived
distros). And plan the order you will move your customers if you have
to.

> > On 6 Jan 2021, at 13:17, Mauricio Tavares  wrote:
> >
> > On Tue, Jan 5, 2021 at 6:32 PM Jamie Burchell  
> > wrote:
> >>
> >> Off topic for sure, but it's a shame this has to be a manual process of
> >> destroying and rebuilding every X years. Even Microsoft has gone the Apple
> >> way and just perpetually updates Windows 10 now.
> >>
> >  Do you use tools like ansible/chef? If you can put the time in,
> > you can make your webservers rather distro agnostic. I would even put
> > terraform on the table. It is not like your customers will know the
> > difference.
> >
> >>> On Tue, 5 Jan 2021 at 23:20, Gordon Messmer 
> >>> wrote:
> >>>
> >>> On 1/5/21 3:02 PM, Jamie Burchell wrote:
>  We will need to (manually) migrate to Stream 9.x after 5 years instead of
>  10 though?
> >>>
> >>>
> >>> Yes.  CentOS Stream has a lifecycle comparable with other LTS
> >>> distributions.
> >>>
> >>>
> >>> ___
> >>> CentOS mailing list
> >>> CentOS@centos.org
> >>> https://lists.centos.org/mailman/listinfo/centos
> >>>
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Simon Matter]

> On Wed, 6 Jan 2021 at 11:17, Simon Matter  wrote:
>
>> > On Wed, 6 Jan 2021 at 07:50, Simon Matter 
>> wrote:
>> >
>> >> > Am 06.01.21 um 03:01 schrieb Scott Robbins:
>> >> >> On Tue, Jan 05, 2021 at 11:31:34PM +, Jamie Burchell wrote:
>> >> >>> Off topic for sure, but it's a shame this has to be a manual
>> process
>> >> of
>> >> >>> destroying and rebuilding every X years. Even Microsoft has gone
>> the
>> >> >>> Apple
>> >> >>> way and just perpetually updates Windows 10 now.
>> >> >>
>> >> >> I'm not sure how it will go. Fedora now has a very good upgrade
>> tool
>> >> >> that
>> >> >> has worked for me through a few versions.  So, hopefully, RH, and
>> >> CentOS
>> >> >> will have one too, who knows, maybe in time to migrate to
>> Stream-9.
>> >> >>
>> >> >
>> >> > Fedora's package set is quite "stable". You can expect that a
>> package
>> >> is
>> >> > in the next release. This is not so valid for EL. Deprecated
>> packages
>> >> > (ImageMagick in EL7 but not in EL8) make such upgrade path
>> difficult
>> >> ...
>> >>
>> >> It's anyway hard to understand how an enterprise grade Linux can be
>> >> shipped without things like ImageMagick or Tomcat. For quite some
>> time
>> >> now
>> >> it gives me the impression that we're not the targeted audience
>> anymore.
>> >>
>> >>
>> > The issue is that 'Enterprise' is an overloaded term without the
>> nuance
>> it
>> > needs. In the 'small' enterprise you have a lot of use of ImageMagick
>> and
>> > TomCat. In the large enterprise of 100,000+ servers.. it isn't. As
>> more
>> of
>> > the large enterprises moved into RHEL, the amount of usage for a lot
>> of
>> > 'leaf' programs became rounding errors without enough usage to justify
>> the
>> > bug-fixing needed when compared to the load of
>> bugfixing/enhancements/etc
>> > in the 100k customers.
>>
>> Thanks for confirming that RHEL is the wrong OS for SME businesses these
>> days. It's not really good for SME servers and not really good for SME
>> clients. Something between Fedora and RHEL could be it but it doesn't
>> exist.
>>
>>
> I didn't say or mean that. My answer is that it is complicated and more
> meant that the software you expect requires more than the industry in
> general is willing to pay to keep going. 10-20 years ago they were and so
> the software was able to be 'mainstream'. As less people use it, and less
> people are willing to pay for its maintenance the harder it is to keep
> 'running safely'. Tomcat and Imagemagick have had a LOT of severe security

I'd like to correct myself, ImageMagick was not simply removed but
replaced by GraphicsMagick. From what I read it should be a usable
solution as it's a fork from IM.

For the Tomcat thing, I don't agree. Tomcat is widely used and I think the
security concerns are not the real reason to remove it. It more likely
that RedHat simply likes to sell more JBoss EAP. It's their right to do so
but it's a removal of important functionality of the base RHEL package.

Regards,
Simon

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Gordon Messmer]

On 1/6/21 9:20 AM, Nicolas Kovacs wrote:

Broken packages explained away are still broken packages.



I'm not sure how your system got in to a broken state, though. If you 
have a working system, and one repo updates a package to remove a 
dependency of a currently working package, those packages will normally 
continue working.  rpm typically knows (as it did in the warning that 
you posted) when applying updates would break a system, and it won't 
apply them.  Working systems will continue working, even in the rare 
case that one of the unsupported ABIs changes.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] fail2ban problems - not banning

[Gordon Messmer]

On 1/6/21 2:57 AM, Gary Stainburn wrote:
2020-12-22 19:38:27,619 fail2ban.utils  [1836]: ERROR 
7f119e95f7f0 -- exec: ports="0:65535"; for p in $(echo $ports | tr ", 
" " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source 
address='113.110.47.81' port port='$p' protocol='tcp' reject 
type='icmp-port-unreachable'"; done
2020-12-22 19:38:27,619 fail2ban.utils  [1836]: ERROR 
7f119e95f7f0 -- stderr: 'Error: INVALID_PORT: 0:65535' 



See firewalld.richlanguage(5)

   The port port value can either be a single port number portid or 
a port

   range portid-portid.

You'll need to also transform your ports with:    tr : -

ports="0:65535"; for p in $(echo $ports | tr : - | tr ", " " "); do 
firewall-cmd --add-rich-rule="rule family='ipv4' source 
address='113.110.47.81' port port='$p' protocol='tcp' reject 
type='icmp-port-unreachable'"; done



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Nicolas Kovacs]

Le 06/01/2021 à 18:08, Gordon Messmer a écrit :
> What I do see is that the sclo-php72-php-pecl-imagick has a dependency on
> libMagickCore.so.5()(64bit), which is recorded in the rpm package.  If you 
> have
> a package from a third party repository (either EPEL or SCLO, or others), and
> it depends on one of the few packages in CentOS Stream (or CentOS, or RHEL)
> that aren't guaranteed to be stable, and which Red Hat changes, then yum will
> warn you that the update would result in unresolvable dependencies, and it
> won't upgrade the package.  Your system will keep the old imagemagick package
> and the old php-imagick package until the dependencies are resolved in the two
> repositories, and it'll update them after that.
> 
> Stream doesn't change that.

On the contrary. Stream will ensure that your systems are perpetual moving
targets so that situations like the one described will keep your blood pressure
high.

Broken packages explained away are still broken packages.



-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-docs] wiki edit request

[Alan Bartlett]

On Wed, 6 Jan 2021 at 17:13, Davide Cavalca  wrote:
>
> On Wed, 2021-01-06 at 16:42 +, Alan Bartlett wrote:
> > You should now be able to edit the wiki Hyperscale SIG page and your
> > home page.
> >
> > Please let me (or Akemi) know if you have any problems.
>
> Yup it's working now, thanks!
>
> Cheers
> Davide
>
You are welcome.

Alan.
___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS] CentOS Stream suitability as a production webserver

[Stephen John Smoogen]

On Wed, 6 Jan 2021 at 11:17, Simon Matter  wrote:

> > On Wed, 6 Jan 2021 at 07:50, Simon Matter 
> wrote:
> >
> >> > Am 06.01.21 um 03:01 schrieb Scott Robbins:
> >> >> On Tue, Jan 05, 2021 at 11:31:34PM +, Jamie Burchell wrote:
> >> >>> Off topic for sure, but it's a shame this has to be a manual process
> >> of
> >> >>> destroying and rebuilding every X years. Even Microsoft has gone the
> >> >>> Apple
> >> >>> way and just perpetually updates Windows 10 now.
> >> >>
> >> >> I'm not sure how it will go. Fedora now has a very good upgrade tool
> >> >> that
> >> >> has worked for me through a few versions.  So, hopefully, RH, and
> >> CentOS
> >> >> will have one too, who knows, maybe in time to migrate to Stream-9.
> >> >>
> >> >
> >> > Fedora's package set is quite "stable". You can expect that a package
> >> is
> >> > in the next release. This is not so valid for EL. Deprecated packages
> >> > (ImageMagick in EL7 but not in EL8) make such upgrade path difficult
> >> ...
> >>
> >> It's anyway hard to understand how an enterprise grade Linux can be
> >> shipped without things like ImageMagick or Tomcat. For quite some time
> >> now
> >> it gives me the impression that we're not the targeted audience anymore.
> >>
> >>
> > The issue is that 'Enterprise' is an overloaded term without the nuance
> it
> > needs. In the 'small' enterprise you have a lot of use of ImageMagick and
> > TomCat. In the large enterprise of 100,000+ servers.. it isn't. As more
> of
> > the large enterprises moved into RHEL, the amount of usage for a lot of
> > 'leaf' programs became rounding errors without enough usage to justify
> the
> > bug-fixing needed when compared to the load of bugfixing/enhancements/etc
> > in the 100k customers.
>
> Thanks for confirming that RHEL is the wrong OS for SME businesses these
> days. It's not really good for SME servers and not really good for SME
> clients. Something between Fedora and RHEL could be it but it doesn't
> exist.
>
>
I didn't say or mean that. My answer is that it is complicated and more
meant that the software you expect requires more than the industry in
general is willing to pay to keep going. 10-20 years ago they were and so
the software was able to be 'mainstream'. As less people use it, and less
people are willing to pay for its maintenance the harder it is to keep
'running safely'. Tomcat and Imagemagick have had a LOT of severe security
problems over the years and the general way the software is written makes
anyone who does work on them say it will have it for years in the future.
As less of the industry uses that software, the cost to keep the software
running is going to cost more.

So please don't take my statement to confirm your preconceived notion.


> BTW, servers? Who needs servers in the days of clouds and serverless
> computing :-)
>
>
Simon
>
> >
> >
> >> That's really sad because the competitors still include such important
> >> software as first class citizens. Maybe our requirements are just too
> >> old
> >> school?
> >>
> >>
> > An additional problem is a generational one. We have a lot of programs
> > which do various things 'well' enough written 10-30 years ago, and we of
> a
> > certain age use them for the hammers to every nail problem. However, the
> > problems fleets of 100k systems have are more welding versus hammering.
> So
> > we are in a situation where we do need to retrain some of our hammers to
> > be
> > rivet guns. There is also a similar industry problem that anything older
> > than 2 years ago is not sexy anymore because VC and investors aren't
> going
> > to dump money into it. [You see a similar issue in the various 'popular
> > mechanics' press that all homes in the next generation will only be built
> > with metal and hammers and wood are a thing of the past. What you see
> > instead is a wave of it and then a realization that you end up needing to
> > do a little of each.]
> >
> >
> >
> >> Simon
> >>
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> >
> >
> > --
> > Stephen J Smoogen.
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Gordon Messmer]

On 1/5/21 11:31 PM, Nicolas Kovacs wrote:

No, this was an actual problem I had back in April 2020. Upgrading from CR
broke imagemagick



At the time, you described that problem as:


I got an alert from Yum-Cron this morning:
Failed to check for updates with the following error message:
Failed to build transaction: sclo-php72-php-pecl-imagick-3.4.4-1.el7.x86_64
requires libMagickCore.so.5()(64bit)



I don't have enough information to say why imagemagick or php would be 
broken, as you said it was.


What I do see is that the sclo-php72-php-pecl-imagick has a dependency 
on libMagickCore.so.5()(64bit), which is recorded in the rpm package.  
If you have a package from a third party repository (either EPEL or 
SCLO, or others), and it depends on one of the few packages in CentOS 
Stream (or CentOS, or RHEL) that aren't guaranteed to be stable, and 
which Red Hat changes, then yum will warn you that the update would 
result in unresolvable dependencies, and it won't upgrade the package.  
Your system will keep the old imagemagick package and the old 
php-imagick package until the dependencies are resolved in the two 
repositories, and it'll update them after that.


Stream doesn't change that.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-docs] wiki edit request

[Alan Bartlett]

On 1/4/21 4:36 PM, Davide Cavalca wrote:
> Hi,
>
> I'd like to request edit access on wiki.centos.org for my account
> (DavideCavalca) on /SpecialInterestGroup/Hyperscale which will be used
> for an upcoming SIG proposal. I'd also like edit access to my user page
> at /DavideCavalca if possible. Thanks!
>
> Cheers
> Davide
>
> ___
> CentOS-docs mailing list
> CentOS-docs@centos.org
> https://lists.centos.org/mailman/listinfo/centos-docs

You should now be able to edit the wiki Hyperscale SIG page and your home page.

Please let me (or Akemi) know if you have any problems.

Alan.
___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS] CentOS Stream suitability as a production webserver

[Matthew Miller]

On Tue, Jan 05, 2021 at 11:31:34PM +, Jamie Burchell wrote:
> Off topic for sure, but it's a shame this has to be a manual process of
> destroying and rebuilding every X years. Even Microsoft has gone the Apple
> way and just perpetually updates Windows 10 now.

Red Hat is working on this with a tool called "Leapp" for RHEL 7 to 8
upgrades. I have no idea if this or something similar is going to be
available for the Stream 8 to 9 transition, but it'd definitely be useful
and I think in everyone's interest (because Red Hat wants as many Stream
users as possible on the latest release).


https://www.redhat.com/en/blog/upgrading-rhel-7-rhel-8-leapp-and-boom

-- 
Matthew Miller

Fedora Project Leader
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-docs] wiki edit request

[Alan Bartlett]

On Wed, 6 Jan 2021 at 15:39, Rich Bowen  wrote:
>
> Is someone able to handle this?
>
Yes.

Please do not top post.

Alan.
___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS] CentOS Stream suitability as a production webserver

[Valeri Galtsev]

> On Jan 6, 2021, at 12:53 AM, Gordon Messmer  wrote:
> 
> On 1/5/21 6:30 PM, Valeri Galtsev wrote:
>> I was not comparing CentOS Stream with CentOS (former 10 year life cycle 
>> system), I was comparing CentOS Stream with Debian (and clones) LTS.
> 
> 
> The original message came from a CentOS user who asked "is the change a 
> non-issue for my use-case?"
> 
> So, I'd have to ask you how Debian is relevant to that question.
> 
> As I said, in terms of upgrade from one major version to another, CentOS 
> Stream and CentOS are identical.

Yes, my apologies, I did miss the word “Stream” in my phrase (no excuse even 
though I obviously spoke about NEW type of CentOS system).

>  If CentOS was suitable, then the change to CentOS Stream is a non-issue in 
> the context of major version upgrades, because the change to CentOS Stream 
> has no material impact on that concern.
> 

Yes, indeed, if CentOS Stream is identical to CentOS as far as “in place 
upgrade” is concerned, which is not possible in case of both CentOS 
incarnations, then the comparison to other systems with comparable 5 year life 
cycle insists to be mentioned.

This only comes as I do care about CentOS at least recognizing benefits we had 
(I for one for about decade and a half). So, caring about CentOS, one 
imminently has to mention:

1. 5 year life cycle (of Stream): unique 10 year life cycle (not mentioning MS 
Windows which is commercial) is gone

2. same life cycle Debian and clones (LTS): have easy in place upgrade. Not 
Stream (as far as I know). If it will be, then only 2 releases down the road 
people will trust in place upgrade (pure psychology)

3. [continuing comparison with similar LTS alternatives]: Debian and clones 
have much larger package collections than CentOS + EPEL (and so do FreeBSD and 
clones: meaning their ports)

4. By the moment people will know CentOS Stream exists for decently long time, 
so can be trusted, quite some userbase will be lost. But looking at the 
comparisons above, there also is no obvious advantage over alternatives, who 
beat CentOS Stream in several respects.


This is not to annoy anyone, just to express sadness of the loss, and though 
for me it was like stating obvious, it still looks like not everyone considers 
it that obvious. If I didn’t care [what I run on my machines], then I wouldn’t 
care to write this. But as I do… there it is.

> The question being asked is not "what operating system should I use", to 
> which discussion of Debian or FreeBSD might be relevant, it's "will the 
> change to CentOS Stream impact my current processes?"  Comparisons to Debian 
> or FreeBSD are non-sequiturs in the context of this conversation.
> 

Well, in my book whenever one is trying to access future usability of something 
newly changed, it is always advantageous to step up above it, look at a wider 
picture and other possibilities. Not locking oneself into what one used (but 
changed forcing you to re-evaluate). I know, the existence of alternatives 
annoys, and it really hurts when they have advantages, especially once the 
advantage CentOS had (10 year life cycle) is gone…


And again, GREAT THANKS to brilliant CentOS team for great work you did for 
last couple of decades. With sadness of the loss (even if CentOS team does not 
perceive it as loss),

Valeri

> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache shows PHP code instead of executing it

[Christopher Wensink]

Does the file have execute permissions, what is the file's permissions 
and is it owned by the user running apache?


Chris

On 1/6/2021 10:13 AM, Kaushal Shriyan wrote:

Hi,

I am running the below php, httpd and CentOS Linux version.

# rpm -qa | grep php
php73-mbstring-7.3.25-1.el7.ius.x86_64
php73-json-7.3.25-1.el7.ius.x86_64
php73-fpm-7.3.25-1.el7.ius.x86_64
php73-pdo-7.3.25-1.el7.ius.x86_64
php73-gd-7.3.25-1.el7.ius.x86_64
php73-mysqlnd-7.3.25-1.el7.ius.x86_64
php73-xml-7.3.25-1.el7.ius.x86_64
php73-opcache-7.3.25-1.el7.ius.x86_64
php73-fpm-httpd-7.3.25-1.el7.ius.noarch
php73-common-7.3.25-1.el7.ius.x86_64
php73-fpm-nginx-7.3.25-1.el7.ius.noarch
php73-cli-7.3.25-1.el7.ius.x86_64
php73-bcmath-7.3.25-1.el7.ius.x86_64

# rpm -qa | grep httpd
httpd24u-2.4.46-1.el7.ius.x86_64
httpd24u-tools-2.4.46-1.el7.ius.x86_64
httpd24u-filesystem-2.4.46-1.el7.ius.noarch
php73-fpm-httpd-7.3.25-1.el7.ius.noarch

# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

I have placed the below file in /var/www/html directory.

#cat info.php

#

I am seeing this in the logs

==> access_log <==
192.168.0.95 - - [06/Jan/2021:21:42:21 +0530] "GET /info.php HTTP/1.1" 304
- "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1_0) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"

When I invoke it from the browser Apache shows PHP code instead of
executing it. Please let me know if you need any additional information.
Thanks in Advance.

Best Regards,

Kaushal
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


--
Christopher Wensink
IS Administrator
Five Star Plastics, Inc
1339 Continental Drive
Eau Claire, WI 54701
Office:  715-831-1682
Mobile:  715-563-3112
Fax:  715-831-6075
cwens...@five-star-plastics.com
www.five-star-plastics.com

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache shows PHP code instead of executing it

[Leon Fauster via CentOS]

Am 06.01.21 um 17:13 schrieb Kaushal Shriyan:

Hi,

I am running the below php, httpd and CentOS Linux version.

# rpm -qa | grep php
php73-mbstring-7.3.25-1.el7.ius.x86_64
php73-json-7.3.25-1.el7.ius.x86_64
php73-fpm-7.3.25-1.el7.ius.x86_64
php73-pdo-7.3.25-1.el7.ius.x86_64
php73-gd-7.3.25-1.el7.ius.x86_64
php73-mysqlnd-7.3.25-1.el7.ius.x86_64
php73-xml-7.3.25-1.el7.ius.x86_64
php73-opcache-7.3.25-1.el7.ius.x86_64
php73-fpm-httpd-7.3.25-1.el7.ius.noarch
php73-common-7.3.25-1.el7.ius.x86_64
php73-fpm-nginx-7.3.25-1.el7.ius.noarch
php73-cli-7.3.25-1.el7.ius.x86_64
php73-bcmath-7.3.25-1.el7.ius.x86_64

# rpm -qa | grep httpd
httpd24u-2.4.46-1.el7.ius.x86_64
httpd24u-tools-2.4.46-1.el7.ius.x86_64
httpd24u-filesystem-2.4.46-1.el7.ius.noarch
php73-fpm-httpd-7.3.25-1.el7.ius.noarch

# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)



The above packages are not from CentOS repositories.

Maybe its more effective to use the mailing list of
the corresponding repo?

--
Leon




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Simon Matter]

> On Wed, 6 Jan 2021 at 07:50, Simon Matter  wrote:
>
>> > Am 06.01.21 um 03:01 schrieb Scott Robbins:
>> >> On Tue, Jan 05, 2021 at 11:31:34PM +, Jamie Burchell wrote:
>> >>> Off topic for sure, but it's a shame this has to be a manual process
>> of
>> >>> destroying and rebuilding every X years. Even Microsoft has gone the
>> >>> Apple
>> >>> way and just perpetually updates Windows 10 now.
>> >>
>> >> I'm not sure how it will go. Fedora now has a very good upgrade tool
>> >> that
>> >> has worked for me through a few versions.  So, hopefully, RH, and
>> CentOS
>> >> will have one too, who knows, maybe in time to migrate to Stream-9.
>> >>
>> >
>> > Fedora's package set is quite "stable". You can expect that a package
>> is
>> > in the next release. This is not so valid for EL. Deprecated packages
>> > (ImageMagick in EL7 but not in EL8) make such upgrade path difficult
>> ...
>>
>> It's anyway hard to understand how an enterprise grade Linux can be
>> shipped without things like ImageMagick or Tomcat. For quite some time
>> now
>> it gives me the impression that we're not the targeted audience anymore.
>>
>>
> The issue is that 'Enterprise' is an overloaded term without the nuance it
> needs. In the 'small' enterprise you have a lot of use of ImageMagick and
> TomCat. In the large enterprise of 100,000+ servers.. it isn't. As more of
> the large enterprises moved into RHEL, the amount of usage for a lot of
> 'leaf' programs became rounding errors without enough usage to justify the
> bug-fixing needed when compared to the load of bugfixing/enhancements/etc
> in the 100k customers.

Thanks for confirming that RHEL is the wrong OS for SME businesses these
days. It's not really good for SME servers and not really good for SME
clients. Something between Fedora and RHEL could be it but it doesn't
exist.

BTW, servers? Who needs servers in the days of clouds and serverless
computing :-)

Simon

>
>
>> That's really sad because the competitors still include such important
>> software as first class citizens. Maybe our requirements are just too
>> old
>> school?
>>
>>
> An additional problem is a generational one. We have a lot of programs
> which do various things 'well' enough written 10-30 years ago, and we of a
> certain age use them for the hammers to every nail problem. However, the
> problems fleets of 100k systems have are more welding versus hammering. So
> we are in a situation where we do need to retrain some of our hammers to
> be
> rivet guns. There is also a similar industry problem that anything older
> than 2 years ago is not sexy anymore because VC and investors aren't going
> to dump money into it. [You see a similar issue in the various 'popular
> mechanics' press that all homes in the next generation will only be built
> with metal and hammers and wood are a thing of the past. What you see
> instead is a wave of it and then a realization that you end up needing to
> do a little of each.]
>
>
>
>> Simon
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
>
>
> --
> Stephen J Smoogen.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Apache shows PHP code instead of executing it

[Kaushal Shriyan]

Hi,

I am running the below php, httpd and CentOS Linux version.

# rpm -qa | grep php
php73-mbstring-7.3.25-1.el7.ius.x86_64
php73-json-7.3.25-1.el7.ius.x86_64
php73-fpm-7.3.25-1.el7.ius.x86_64
php73-pdo-7.3.25-1.el7.ius.x86_64
php73-gd-7.3.25-1.el7.ius.x86_64
php73-mysqlnd-7.3.25-1.el7.ius.x86_64
php73-xml-7.3.25-1.el7.ius.x86_64
php73-opcache-7.3.25-1.el7.ius.x86_64
php73-fpm-httpd-7.3.25-1.el7.ius.noarch
php73-common-7.3.25-1.el7.ius.x86_64
php73-fpm-nginx-7.3.25-1.el7.ius.noarch
php73-cli-7.3.25-1.el7.ius.x86_64
php73-bcmath-7.3.25-1.el7.ius.x86_64

# rpm -qa | grep httpd
httpd24u-2.4.46-1.el7.ius.x86_64
httpd24u-tools-2.4.46-1.el7.ius.x86_64
httpd24u-filesystem-2.4.46-1.el7.ius.noarch
php73-fpm-httpd-7.3.25-1.el7.ius.noarch

# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

I have placed the below file in /var/www/html directory.

#cat info.php

#

I am seeing this in the logs

==> access_log <==
192.168.0.95 - - [06/Jan/2021:21:42:21 +0530] "GET /info.php HTTP/1.1" 304
- "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1_0) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"

When I invoke it from the browser Apache shows PHP code instead of
executing it. Please let me know if you need any additional information.
Thanks in Advance.

Best Regards,

Kaushal
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Stephen John Smoogen]

On Wed, 6 Jan 2021 at 07:50, Simon Matter  wrote:

> > Am 06.01.21 um 03:01 schrieb Scott Robbins:
> >> On Tue, Jan 05, 2021 at 11:31:34PM +, Jamie Burchell wrote:
> >>> Off topic for sure, but it's a shame this has to be a manual process of
> >>> destroying and rebuilding every X years. Even Microsoft has gone the
> >>> Apple
> >>> way and just perpetually updates Windows 10 now.
> >>
> >> I'm not sure how it will go. Fedora now has a very good upgrade tool
> >> that
> >> has worked for me through a few versions.  So, hopefully, RH, and CentOS
> >> will have one too, who knows, maybe in time to migrate to Stream-9.
> >>
> >
> > Fedora's package set is quite "stable". You can expect that a package is
> > in the next release. This is not so valid for EL. Deprecated packages
> > (ImageMagick in EL7 but not in EL8) make such upgrade path difficult ...
>
> It's anyway hard to understand how an enterprise grade Linux can be
> shipped without things like ImageMagick or Tomcat. For quite some time now
> it gives me the impression that we're not the targeted audience anymore.
>
>
The issue is that 'Enterprise' is an overloaded term without the nuance it
needs. In the 'small' enterprise you have a lot of use of ImageMagick and
TomCat. In the large enterprise of 100,000+ servers.. it isn't. As more of
the large enterprises moved into RHEL, the amount of usage for a lot of
'leaf' programs became rounding errors without enough usage to justify the
bug-fixing needed when compared to the load of bugfixing/enhancements/etc
in the 100k customers.


> That's really sad because the competitors still include such important
> software as first class citizens. Maybe our requirements are just too old
> school?
>
>
An additional problem is a generational one. We have a lot of programs
which do various things 'well' enough written 10-30 years ago, and we of a
certain age use them for the hammers to every nail problem. However, the
problems fleets of 100k systems have are more welding versus hammering. So
we are in a situation where we do need to retrain some of our hammers to be
rivet guns. There is also a similar industry problem that anything older
than 2 years ago is not sexy anymore because VC and investors aren't going
to dump money into it. [You see a similar issue in the various 'popular
mechanics' press that all homes in the next generation will only be built
with metal and hammers and wood are a thing of the past. What you see
instead is a wave of it and then a realization that you end up needing to
do a little of each.]



> Simon
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-docs] wiki edit request

[Rich Bowen]

Is someone able to handle this?

On 1/4/21 4:36 PM, Davide Cavalca wrote:

Hi,

I'd like to request edit access on wiki.centos.org for my account
(DavideCavalca) on /SpecialInterestGroup/Hyperscale which will be used
for an upcoming SIG proposal. I'd also like edit access to my user page
at /DavideCavalca if possible. Thanks!

Cheers
Davide



___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS] centos-release-stream VS centos-stream-release

[Johnny Hughes]

On 1/6/21 8:53 AM, lejeczek via CentOS wrote:
> hi guys,
> 
> do you know what to make of that? Why these tho packages?
> 
> many thanks, L.

One is designed to live in centos linux 8 extras and allow you to
install upgrade from centos linux 8 to centos stream 8 .. the other is
the actual release file from stream that gets installed if you install
stream from the iso or after you upgrade.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dovecot option PROFILE=SYSTEM

[david]

At 07:04 AM 1/6/2021, Paul Heinlein wrote:

On Wed, 6 Jan 2021, Kenneth Porter wrote:


--On Tuesday, January 05, 2021 7:40 PM -0800 david  wrote:


In examining the file
  /etc/dovecot/conf.d/10-ssl.conf
I see the text line:
  ssl_cipher_list = PROFILE=SYSTEM
Yet, I cannot find any documentation that explains what that causes,
where the values are stored.  I ask because I don't see that text line in
other installations of Dovecot 2.3 on other distros.  Can anyone point me
to an explanation?


The value of ssl_cipher_list is passed directly to OpenSSL's 
SSL_CTX_set_cipher_list():




See here for the meaning of PROFILE=SYSTEM:




Additionally, on your local system, look at

* the crypto-policies(7) man page
* the update-crypto-policies(8) man page
* the contents of the /etc/crypto-policies directory tree

Several applications use these policies, so it's worthwhile to take 
a look around.


--




If only there had been a comment in the file /etc/dovecot/conf.d/10-ssl.conf



Thanks for the guidance

David

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dovecot option PROFILE=SYSTEM

[Paul Heinlein]

On Wed, 6 Jan 2021, Kenneth Porter wrote:


--On Tuesday, January 05, 2021 7:40 PM -0800 david  wrote:


In examining the file
  /etc/dovecot/conf.d/10-ssl.conf
I see the text line:
  ssl_cipher_list = PROFILE=SYSTEM

Yet, I cannot find any documentation that explains what that causes,
where the values are stored.  I ask because I don't see that text line in
other installations of Dovecot 2.3 on other distros.  Can anyone point me
to an explanation?


The value of ssl_cipher_list is passed directly to OpenSSL's 
SSL_CTX_set_cipher_list():




See here for the meaning of PROFILE=SYSTEM:




Additionally, on your local system, look at

* the crypto-policies(7) man page
* the update-crypto-policies(8) man page
* the contents of the /etc/crypto-policies directory tree

Several applications use these policies, so it's worthwhile to take a 
look around.


--
Paul Heinlein
heinl...@madboa.com
45°38' N, 122°6' W
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] centos-release-stream VS centos-stream-release

[lejeczek via CentOS]

hi guys,

do you know what to make of that? Why these tho packages?

many thanks, L.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Jamie Burchell]

We use Ansible "to a point" in that it sets up what we consider to be our 
preferred server (Droplet) for a specific purpose, then we deploy projects on 
them and tweak non-Ansible managed project configs. It's not old-school scripts 
and it's not quite a one-liner to deploy everything. It's somewhere in the 
middle. So in reality, providing we have control over a customer's DNS or we 
use floating IPs, migrating to another major release isn't as time consuming as 
doing everything from scratch.

> On 6 Jan 2021, at 13:17, Mauricio Tavares  wrote:
> 
> On Tue, Jan 5, 2021 at 6:32 PM Jamie Burchell  wrote:
>> 
>> Off topic for sure, but it's a shame this has to be a manual process of
>> destroying and rebuilding every X years. Even Microsoft has gone the Apple
>> way and just perpetually updates Windows 10 now.
>> 
>  Do you use tools like ansible/chef? If you can put the time in,
> you can make your webservers rather distro agnostic. I would even put
> terraform on the table. It is not like your customers will know the
> difference.
> 
>>> On Tue, 5 Jan 2021 at 23:20, Gordon Messmer 
>>> wrote:
>>> 
>>> On 1/5/21 3:02 PM, Jamie Burchell wrote:
 We will need to (manually) migrate to Stream 9.x after 5 years instead of
 10 though?
>>> 
>>> 
>>> Yes.  CentOS Stream has a lifecycle comparable with other LTS
>>> distributions.
>>> 
>>> 
>>> ___
>>> CentOS mailing list
>>> CentOS@centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>>> 
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Mauricio Tavares]

On Tue, Jan 5, 2021 at 6:32 PM Jamie Burchell  wrote:
>
> Off topic for sure, but it's a shame this has to be a manual process of
> destroying and rebuilding every X years. Even Microsoft has gone the Apple
> way and just perpetually updates Windows 10 now.
>
  Do you use tools like ansible/chef? If you can put the time in,
you can make your webservers rather distro agnostic. I would even put
terraform on the table. It is not like your customers will know the
difference.

> On Tue, 5 Jan 2021 at 23:20, Gordon Messmer 
> wrote:
>
> > On 1/5/21 3:02 PM, Jamie Burchell wrote:
> > > We will need to (manually) migrate to Stream 9.x after 5 years instead of
> > > 10 though?
> >
> >
> > Yes.  CentOS Stream has a lifecycle comparable with other LTS
> > distributions.
> >
> >
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dovecot option PROFILE=SYSTEM

[Kenneth Porter]

--On Tuesday, January 05, 2021 7:40 PM -0800 david  wrote:


In examining the file
  /etc/dovecot/conf.d/10-ssl.conf
I see the text line:
  ssl_cipher_list = PROFILE=SYSTEM

Yet, I cannot find any documentation that explains what that causes,
where the values are stored.  I ask because I don't see that text line in
other installations of Dovecot 2.3 on other distros.  Can anyone point me
to an explanation?


The value of ssl_cipher_list is passed directly to OpenSSL's 
SSL_CTX_set_cipher_list():




See here for the meaning of PROFILE=SYSTEM:




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Ruslanas Gžibovskis]

Hmm, I see a relation here.

C7Linux - 2024
C8Linux - 2021

So I assume:
C6Linux - 2027
C5Linux - 2030
C4Linux - 2033
...

Interesting.

On Tue, 5 Jan 2021, 21:44 Phil Perry,  wrote:

> On 05/01/2021 19:32, Jamie Burchell wrote:
> > Hello
> >
> > I've recently discovered the announcement regarding the change in
> direction
> > for the CentOS project and I imagine like many others, I'm confused and
> > concerned about what this means moving forward.
> >
> > I work for a small web development agency and we offer hosting as part of
> > our package to clients who need it. We have many CentOS 7 web servers
> > (DigitalOcean droplets) (LAMP/LEMP) that I look after and today I'm
> > thankful I have only migrated one of those to CentOS 8, given the recent
> > announcement about its curtailed EOL. I literally just went to the Wiki
> > today to confirm the EOL date for EL7 and boy am I glad I spotted it.
> >
> > Given we are not developing drivers or applications (other than websites
> > and web applications), is the change a non-issue for my use-case? I've
> seen
> > it written that CentOS Stream is the "development version" of RHEL but
> also
> > that we shouldn't have considered RHEL to be the beta for CentOS. Others
> > have said to think of CentOS more like RHEL RC-1. I just don't know how
> the
> > stability will compare and we have historically always chosen CentOS for
> > its stability (and of course price).
> >
> > Sure, I could migrate to Ubuntu (I use this locally in WSL), but I've
> > become somewhat "comfy slippers" with CentOS and have built our setup
> > around it (including custom ansible scripts etc) and don't want to change
> > everything unncessarily.
> >
> > Of course, a lot of this is somewhat dependent on what DigitalOcean will
> > decide to provide image wise moving forward.
> >
> > I'm sorry if this has already been answered, I spent a good few hours
> > reading through the respective threads in the devel list and ended up
> more
> > confused than I started.
> >
> > Cheers,
> > Jamie
>
> Hi Jamie,
>
> Unfortunately no one can advise you as to what may be a suitable
> operating system for your business needs.
>
> One thing is clear, the operating system you are currently running
> (CentOS Linux) is being brought to end of life, version 7 in 2024 and
> version 8 in 2021.
>
> That gives you at least a year (for 8) if not longer to consider and
> evaluate alternatives. As your current OS will no longer exist, I would
> start with a blank sheet, look at the OSes that do exist and evaluate
> each based on it's merits and suitability for your business needs and
> requirements.
>
> Cheers,
> Phil
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Simon Matter]

> Am 06.01.21 um 03:01 schrieb Scott Robbins:
>> On Tue, Jan 05, 2021 at 11:31:34PM +, Jamie Burchell wrote:
>>> Off topic for sure, but it's a shame this has to be a manual process of
>>> destroying and rebuilding every X years. Even Microsoft has gone the
>>> Apple
>>> way and just perpetually updates Windows 10 now.
>>
>> I'm not sure how it will go. Fedora now has a very good upgrade tool
>> that
>> has worked for me through a few versions.  So, hopefully, RH, and CentOS
>> will have one too, who knows, maybe in time to migrate to Stream-9.
>>
>
> Fedora's package set is quite "stable". You can expect that a package is
> in the next release. This is not so valid for EL. Deprecated packages
> (ImageMagick in EL7 but not in EL8) make such upgrade path difficult ...

It's anyway hard to understand how an enterprise grade Linux can be
shipped without things like ImageMagick or Tomcat. For quite some time now
it gives me the impression that we're not the targeted audience anymore.

That's really sad because the competitors still include such important
software as first class citizens. Maybe our requirements are just too old
school?

Simon

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Leon Fauster via CentOS]

Am 06.01.21 um 03:01 schrieb Scott Robbins:

On Tue, Jan 05, 2021 at 11:31:34PM +, Jamie Burchell wrote:

Off topic for sure, but it's a shame this has to be a manual process of
destroying and rebuilding every X years. Even Microsoft has gone the Apple
way and just perpetually updates Windows 10 now.


I'm not sure how it will go. Fedora now has a very good upgrade tool that
has worked for me through a few versions.  So, hopefully, RH, and CentOS
will have one too, who knows, maybe in time to migrate to Stream-9.



Fedora's package set is quite "stable". You can expect that a package is
in the next release. This is not so valid for EL. Deprecated packages
(ImageMagick in EL7 but not in EL8) make such upgrade path difficult ...


--
Leon


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Leon Fauster via CentOS]

Am 05.01.21 um 23:51 schrieb Gordon Messmer:

On 1/5/21 11:32 AM, Jamie Burchell wrote:

is the change a non-issue for my use-case?



Probably.  For a lot of users, Stream is a drop-in replacement that's 
better than CentOS was, because it gets updates consistently and doesn't 
suffer from periods in which no updates are available, including 
security updates.



I often read this statement here that it "is better" because of not 
having "periods of missing updates" like in CentOS Linux.


Is it maybe more worsed? Some one said that security updates will be
ASAP in Stream because the rolling process is build on top of such 
fixes. But what about leaf packages?


C8S: firefox-78.3.0-1.el8_2.x86_64.rpm
C8: firefox-78.5.0-1.el8_3.x86_64.rpm
RHEL8: firefox-78.6.0-1.el8_3.x86_64

The divergence exits because the C8->C8S migration process is not
completed and we have still C8 as the base for the distrosync to C8S
(and the compose process uses both repos).

The time after EOL of C8 will show that priorities will be on 
development - as it was stated. I would expect that Stream will

diverged in two directions ...


If security was a priority for you, as it was for me, then CentOS wasn't 
really suitable for public-facing services, but CentOS Stream might be.


If you're building software that you intend to deploy on RHEL, Stream 
might not be a suitable build root for you.  Compiling software in a 
Stream build root may result in a binary that has dependencies which 
aren't yet available in RHEL.  And if you're building kernel modules 
(like Phil @elrepo), then there is the issue that the kernel isn't 
subject to RHEL's ABI policy, but Red Hat developers have expressed 
interest in making the kernel interfaces more stable and using external 
kernel module builds as a test to flag interfaces that have changed.  So 
that situation may improve...


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] fail2ban problems - not banning

[Gary Stainburn]

Hi everyone,

I've got fail2ban and firewalld set up on a C7 box, in theory protecting 
dovecot, exim and ssh but I'm not convinced it's doing anything.


in /var/log/fail2ban.log I'm getting loads of entries such as:

2020-12-22 19:08:08,100 fail2ban.actions    [1836]: WARNING 
[dovecot] 78.128.113.67 already banned


I think this is because the actual ban is not working.  I have entries 
such as:


2020-12-22 19:38:27,619 fail2ban.utils  [1836]: ERROR 
7f119e95f7f0 -- exec: ports="0:65535"; for p in $(echo $ports | tr ", " 
" "); do firewall-cmd --add-rich-rule="rule family='ipv4' source 
address='113.110.47.81' port port='$p' protocol='tcp' reject 
type='icmp-port-unreachable'"; done
2020-12-22 19:38:27,619 fail2ban.utils  [1836]: ERROR 
7f119e95f7f0 -- stderr: 'Error: INVALID_PORT: 0:65535'
2020-12-22 19:38:27,619 fail2ban.utils  [1836]: ERROR 
7f119e95f7f0 -- returned 102
2020-12-22 19:38:27,620 fail2ban.actions    [1836]: ERROR Failed to 
execute ban jail 'dovecot' action 'firewallcmd-rich-rules' info 
'ActionInfo({'ip': '113.110.47.81', 'fid':  at 
0x7f119f084050>, 'family': 'inet4', 'raw-ticket':  at 
0x7f119f0845f0>})': Error banning 113.110.47.81


I've done some Googling and received lots of responses about fail2ban 
failures but I can't find anything relating to this.


Anyone got any ideas?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Thomas Bendler]

On Wed, Jan 6, 2021 at 1:22 AM Gordon Messmer 
wrote:

> On 1/5/21 3:39 PM, Valeri Galtsev wrote:
> > And as someone mentioned, these other distributions have long great
> > record of system upgrade from one release to another. CentOS has no
> > record (and probably no upgrade engineered yet). In that respect
> > CentOS Stream is way behind...
> In that respect, CentOS Stream is identical to CentOS.
> [...]


No, definitely not. With CentOS you need to perform this exercise every ten
years. With Stream every five years. This is a 100% effort/ costs
difference which becomes a significant factor when you run more than a
static web server.

Kind regards Thomas
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Nicolas Kovacs]

Le 06/01/2021 à 08:48, John R. Dennison a écrit :
> To be fair it was only broken because you kept it broken; you could have
> backed out the CR updates and waited for the point release to go GA and
> be on ABI parity with EPEL.

I used the CR updates because back then the official repositories were lagging
far behind with security updates. But that's a different story.

Trying to roll back from this update resulted in a complete disaster.

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos