date:20210705

Re: [CentOS] Centos 8 crypto-policy to get SSL Labs A rating

2021-07-05 Thread Paul Heinlein


On Mon, 5 Jul 2021, Adrian Jenzer wrote:


Hi Paul

Thanks, but how do you "skip the crypto-policy for Apache"?
It seems like crypto-policies configuration is overwriting my values in 
httpd-configuration.
How I enforce the values in httpd.conf ?


I haven't taken the time necessary to figure out where exactly the 
'PROFILE=SYSTEM' string gets parsed and replaced, so I can't answer 
your specific question.


In my case, I don't use any Include or IncludeOptional statements in 
the main httpd.conf; it's all there in one file. Obviously, my 
solution won't work for everyone.


--
Paul Heinlein
heinl...@madboa.com
45.38° N, 122.59° W
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BTRFS to ext4

2021-07-05 Thread Jon Pruente

On Sat, Jul 3, 2021 at 5:48 AM Gionatan Danti  wrote:

> Both options seems reasonable to me.
> If choosing to use the same machine, I would not expand the existing
> disk; rather I suggest adding a *new* disk to VM (formatting it with
> EXT4).
>

IMO, creating a new disk also leaves you the safety of not modifying the
originals so that you can fail back over if something doesn't go well. Of
course take backups as well, but being able to simply switch between drive
images will make for quicker troubleshooting.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 8 crypto-policy to get SSL Labs A rating

2021-07-05 Thread Adrian Jenzer

Hi Paul

Thanks, but how do you "skip the crypto-policy for Apache"?
It seems like crypto-policies configuration is overwriting my values in 
httpd-configuration.
How I enforce the values in httpd.conf ? 

Gregards
Adrian

-Original Message-
From: CentOS  On Behalf Of Paul Heinlein
Sent: Mittwoch, 30. Juni 2021 16:09
To: CentOS mailing list 
Subject: Re: [CentOS] Centos 8 crypto-policy to get SSL Labs A rating

On Wed, 30 Jun 2021, Adrian Jenzer wrote:

> Dear Community
>
> I try to get an SSL Labs A rating for my CentOS8 Apache-server.
> I'am sure it has to do with my lack of understanding the crypto-policies 
> configuration, can anybody give me an advice where i am wrong?
> My understanding is that the configuration in the pmod-file will override the 
> ssl.conf values if PROFILE=SYSTEM is active.

I personally skip the crypto-policy for Apache, relying on a traditional 
httpd.conf stanza instead:

   # ...
   SSLCipherSuite "EECDH+AESGCM:EDH+AESGCM"
   SSLProtocol -all +TLSv1.3 +TLSv1.2

In conjunction with other TLS best practices, these settings seem to do the 
trick (read: Qualys likes them), albeit while excluding some older browsers.

--
Paul Heinlein
heinl...@madboa.com
45.38° N, 122.59° W
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with CentOS 8 kickstart

2021-07-05 Thread Hooton, Gerard

The computer is Lenovo Thinkstation p620
From df command I see:
Filesystem   Size  Used Avail Use% Mounted on
devtmpfs  16G 0   16G   0% /dev
tmpfs 16G 0   16G   0% /dev/shm
tmpfs 16G   26M   16G   1% /run
tmpfs 16G 0   16G   0% /sys/fs/cgroup
/dev/mapper/cs_uews027-root   70G  7.1G   63G  11% /
/dev/nvme0n1p2  1014M  386M  629M  39% /boot
/dev/nvme0n1p1   599M  7.3M  592M   2% /boot/efi
/dev/mapper/cs_uews027-home  390G  2.8G  387G   1% /home
tmpfs3.2G  8.0K  3.2G   1% /run/user/42
tmpfs3.2G 0  3.2G   0% /run/user/0

See attached files for more info.
-Original Message-
From: Stephen John Smoogen 
mailto:stephen%20john%20smoogen%20%3csmo...@gmail.com%3e>>
Reply-To: CentOS mailing list 
mailto:centos%20mailing%20list%20%3ccen...@centos.org%3e>>
To: CentOS mailing list 
mailto:centos%20mailing%20list%20%3ccen...@centos.org%3e>>
Subject: Re: [CentOS] Problems with CentOS 8 kickstart
Date: Mon, 05 Jul 2021 07:28:05 -0400


[EXTERNAL] This email was sent from outside of UCC.


On Mon, 5 Jul 2021 at 07:15, Hooton, Gerard <



g.hoo...@ucc.ie

> wrote:


Hi All,

I am having problems with a kickstart install of CentOS 8

When I try to do a completely automated install  using PXE/UEFI  it get to the 
point where it reads the kickstart config file.

Then I see the following message

"kickstart install Started cancel waiting for multipath siblings for nvme0n1"



The above says that the system thinks your box is multipath but the

other drives are not showing up correctly. You will need to provide a

lot more information for anyone to be able to help diagnosis this for

you:


1. What is the build system

2. What kind of drives/drive controller is it

3. What is the rest of the kickstart that might tell it that it is multipath?

4. What are the pxe/uefi boot options in case that is telling it to

try and probe for multipath that doesn't exist.



This is what I have in the kickstart file


# Clear the Master Boot Record

zerombr

# Partition clearing information

clearpart --all --initlabel

autopart --nohome --type=lvm --fstype=xfs

 


When I install from a USB drive it works OK and I have the following in  
/dev/disk/by-id


lrwxrwxrwx. 1 root root  13 Jul  5 10:28 
nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810 -> ../../nvme0n1

lrwxrwxrwx. 1 root root  13 Jul  5 10:28 nvme-eui.002538b11102f46d -> 
../../nvme0n1

lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part3 -> 
../../nvme0n1p3

lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part3 -> ../../nvme0n1p3

lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part3 -> 
../../nvme0n1p3

lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
lvm-pv-uuid-5Dg4mg-saHa-hJJ6-n5a8-MxBS-gdFi-5jPoNn -> ../../nvme0n1p3

lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part2 
UNG_MZVL2512HCJQ-0-> ../../nvme0n1p2

lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part2 -> ../../nvme0n1p2

lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part2 -> 
../../nvme0n1p2

drwxr-xr-x. 2 root root 400 Jul  5 10:28 .

lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part1 -> 
../../nvme0n1p1

lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part1 -> ../../nvme0n1p1

lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part1 -> 
../../nvme0n1p1

lrwxrwxrwx. 1 root root  10 Jul  5 11:07 
dm-uuid-LVM-qQok4M7AOo1TxZZ42GwZcbuVNBs0hnkKtEdtLjwJQyIdxJcSvPv8TEAjwYGMv6yU -> 
../../dm-0

lrwxrwxrwx. 1 root root  10 Jul  5 11:07 
dm-uuid-LVM-qQok4M7AOo1TxZZ42GwZcbuVNBs0hnkKAooqrczySYJyiHvUAUji9oScPN2cVi7J -> 
../../dm-1

lrwxrwxrwx. 1 root root  10 Jul  5 11:07 dm-name-cs_uews027-swap -> ../../dm-1

lrwxrwxrwx. 1 root root  10 Jul  5 11:07 dm-name-cs_uews027-root -> ../../dm-0

lrwxrwxrwx. 1 root root  10 Jul  5 11:07 
dm-uuid-LVM-qQok4M7AOo1TxZZ42GwZcbuVNBs0hnkK5HZXbR2ow5xKGuD7jVe4UPzZm2qRLLXI -> 
../../dm-2

lrwxrwxrwx. 1 root root  10 Jul  5 11:07 dm-name-cs_uews027-home -> ../../dm-2



It's looks like that I am not doing the disk drive stuff in the config file 
correctly.



--


Gerard Hooton.

Senior Technical Officer

School of Engineering.

University College Cork.

College Road.

Cork.

Ireland.

Loc8: WDR-04-60G

Tel: +353 21 4902296

Mobile: +353 852813491

___

CentOS mailing list



CentOS@centos.org




https://lists.centos.org/mailman/listinfo/centos





--

Stephen J Smoogen.

I've seen things you people wouldn't believe. Flame wars in

sci.astro.orion. I have seen SPAM filters overload because of Godwin's

Law. All

Re: [CentOS] Problems with CentOS 8 kickstart

2021-07-05 Thread Stephen John Smoogen

On Mon, 5 Jul 2021 at 07:15, Hooton, Gerard  wrote:
>
> Hi All,
> I am having problems with a kickstart install of CentOS 8
> When I try to do a completely automated install  using PXE/UEFI  it get to 
> the point where it reads the kickstart config file.
> Then I see the following message
> "kickstart install Started cancel waiting for multipath siblings for nvme0n1"
>

The above says that the system thinks your box is multipath but the
other drives are not showing up correctly. You will need to provide a
lot more information for anyone to be able to help diagnosis this for
you:

1. What is the build system
2. What kind of drives/drive controller is it
3. What is the rest of the kickstart that might tell it that it is multipath?
4. What are the pxe/uefi boot options in case that is telling it to
try and probe for multipath that doesn't exist.


> This is what I have in the kickstart file
>
> # Clear the Master Boot Record
> zerombr
> # Partition clearing information
> clearpart --all --initlabel
> autopart --nohome --type=lvm --fstype=xfs
>  
>
> When I install from a USB drive it works OK and I have the following in  
> /dev/disk/by-id
>
> lrwxrwxrwx. 1 root root  13 Jul  5 10:28 
> nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810 -> ../../nvme0n1
> lrwxrwxrwx. 1 root root  13 Jul  5 10:28 nvme-eui.002538b11102f46d -> 
> ../../nvme0n1
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part3 -> 
> ../../nvme0n1p3
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
> nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part3 -> ../../nvme0n1p3
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part3 -> 
> ../../nvme0n1p3
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
> lvm-pv-uuid-5Dg4mg-saHa-hJJ6-n5a8-MxBS-gdFi-5jPoNn -> ../../nvme0n1p3
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part2 
> UNG_MZVL2512HCJQ-0-> ../../nvme0n1p2
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
> nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part2 -> ../../nvme0n1p2
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part2 -> 
> ../../nvme0n1p2
> drwxr-xr-x. 2 root root 400 Jul  5 10:28 .
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part1 -> 
> ../../nvme0n1p1
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
> nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part1 -> ../../nvme0n1p1
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part1 -> 
> ../../nvme0n1p1
> lrwxrwxrwx. 1 root root  10 Jul  5 11:07 
> dm-uuid-LVM-qQok4M7AOo1TxZZ42GwZcbuVNBs0hnkKtEdtLjwJQyIdxJcSvPv8TEAjwYGMv6yU 
> -> ../../dm-0
> lrwxrwxrwx. 1 root root  10 Jul  5 11:07 
> dm-uuid-LVM-qQok4M7AOo1TxZZ42GwZcbuVNBs0hnkKAooqrczySYJyiHvUAUji9oScPN2cVi7J 
> -> ../../dm-1
> lrwxrwxrwx. 1 root root  10 Jul  5 11:07 dm-name-cs_uews027-swap -> ../../dm-1
> lrwxrwxrwx. 1 root root  10 Jul  5 11:07 dm-name-cs_uews027-root -> ../../dm-0
> lrwxrwxrwx. 1 root root  10 Jul  5 11:07 
> dm-uuid-LVM-qQok4M7AOo1TxZZ42GwZcbuVNBs0hnkK5HZXbR2ow5xKGuD7jVe4UPzZm2qRLLXI 
> -> ../../dm-2
> lrwxrwxrwx. 1 root root  10 Jul  5 11:07 dm-name-cs_uews027-home -> ../../dm-2
>
>
> It's looks like that I am not doing the disk drive stuff in the config file 
> correctly.
>
>
> --
>
> Gerard Hooton.
> Senior Technical Officer
> School of Engineering.
> University College Cork.
> College Road.
> Cork.
> Ireland.
> Loc8: WDR-04-60G
> Tel: +353 21 4902296
> Mobile: +353 852813491
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on  BBS...
time to reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Problems with CentOS 8 kickstart

2021-07-05 Thread Hooton, Gerard

Hi All,
I am having problems with a kickstart install of CentOS 8
When I try to do a completely automated install  using PXE/UEFI  it get to the 
point where it reads the kickstart config file.
Then I see the following message
"kickstart install Started cancel waiting for multipath siblings for nvme0n1"

This is what I have in the kickstart file

# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
autopart --nohome --type=lvm --fstype=xfs
 

When I install from a USB drive it works OK and I have the following in  
/dev/disk/by-id

lrwxrwxrwx. 1 root root  13 Jul  5 10:28 
nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810 -> ../../nvme0n1
lrwxrwxrwx. 1 root root  13 Jul  5 10:28 nvme-eui.002538b11102f46d -> 
../../nvme0n1
lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part3 -> 
../../nvme0n1p3
lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part3 -> ../../nvme0n1p3
lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part3 -> 
../../nvme0n1p3
lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
lvm-pv-uuid-5Dg4mg-saHa-hJJ6-n5a8-MxBS-gdFi-5jPoNn -> ../../nvme0n1p3
lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part2 
UNG_MZVL2512HCJQ-0-> ../../nvme0n1p2
lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part2 -> ../../nvme0n1p2
lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part2 -> 
../../nvme0n1p2
drwxr-xr-x. 2 root root 400 Jul  5 10:28 .
lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part1 -> 
../../nvme0n1p1
lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part1 -> ../../nvme0n1p1
lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part1 -> 
../../nvme0n1p1
lrwxrwxrwx. 1 root root  10 Jul  5 11:07 
dm-uuid-LVM-qQok4M7AOo1TxZZ42GwZcbuVNBs0hnkKtEdtLjwJQyIdxJcSvPv8TEAjwYGMv6yU -> 
../../dm-0
lrwxrwxrwx. 1 root root  10 Jul  5 11:07 
dm-uuid-LVM-qQok4M7AOo1TxZZ42GwZcbuVNBs0hnkKAooqrczySYJyiHvUAUji9oScPN2cVi7J -> 
../../dm-1
lrwxrwxrwx. 1 root root  10 Jul  5 11:07 dm-name-cs_uews027-swap -> ../../dm-1
lrwxrwxrwx. 1 root root  10 Jul  5 11:07 dm-name-cs_uews027-root -> ../../dm-0
lrwxrwxrwx. 1 root root  10 Jul  5 11:07 
dm-uuid-LVM-qQok4M7AOo1TxZZ42GwZcbuVNBs0hnkK5HZXbR2ow5xKGuD7jVe4UPzZm2qRLLXI -> 
../../dm-2
lrwxrwxrwx. 1 root root  10 Jul  5 11:07 dm-name-cs_uews027-home -> ../../dm-2


It's looks like that I am not doing the disk drive stuff in the config file 
correctly.


--

Gerard Hooton.
Senior Technical Officer
School of Engineering.
University College Cork.
College Road.
Cork.
Ireland.
Loc8: WDR-04-60G
Tel: +353 21 4902296
Mobile: +353 852813491
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Two directories for 8.4.2105 and 8-stream in the centos mirrors

2021-07-05 Thread Burn Alting

Recently, it appears that two directories for 8.4 and 8-stream are being
distributed in the Centos mirrors.

You can't see it if you view the mirrors, but if one downloads the
filelist.gz file and grep for '^\.\/\.' one will see the directories, with
content, .8.4.2105 and .8-stream.

Can this be explained? An error or a new distribution concept??

Rgds
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 8 crypto-policy to get SSL Labs A rating

Re: [CentOS] BTRFS to ext4

Re: [CentOS] Centos 8 crypto-policy to get SSL Labs A rating

Re: [CentOS] Problems with CentOS 8 kickstart

Re: [CentOS] Problems with CentOS 8 kickstart

[CentOS] Problems with CentOS 8 kickstart

[CentOS] Two directories for 8.4.2105 and 8-stream in the centos mirrors

7 matches

Site Navigation

Mail list logo

Footer information